16:34:03 <jdstrand> #startmeeting 16:34:03 <meetingology> Meeting started Mon Apr 22 16:34:03 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34:03 <meetingology> 16:34:03 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:34:06 <jdstrand> The meeting agenda can be found at: 16:34:06 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:34:10 <jdstrand> [TOPIC] Announcements 16:34:32 <chrisccoulson> yo 16:34:45 <jdstrand> next week we'll be at a sprint and I believe the current meeting time is in conflict with a meeting at the sprint, so we'll skip 16:35:13 <jdstrand> [TOPIC] Weekly stand-up report 16:35:20 <jdstrand> I'll go first 16:35:28 <jdstrand> install audits went well last week, nothing surprising or particularly important 16:35:36 <jdstrand> I'm on triage this week 16:36:02 <jdstrand> I've got openjdk-7 updates for this week 16:36:21 <jdstrand> also monthly planning (april review, may planning) 16:36:37 <jdstrand> and sprint preparation. if there's time, I'll take something off the list 16:36:43 <jdstrand> sbeattie: you're up 16:37:05 <sbeattie> I'm focused on workitems again this week, on the security-1304-appisolation-example blueprint 16:37:28 <sbeattie> I'll specifically be working on the prototype launcher bits 16:37:39 <sbeattie> as well as prepping for the sprint 16:37:47 <sbeattie> and that's pretty much it for me 16:37:51 <sbeattie> tyhicks: you're up 16:38:12 <tyhicks> I'm continuing work on the dbus regression tests from last week 16:39:03 <tyhicks> then I'll move to ' initial work to query confinement labeling of sender' and 'dbus daemon, pass labeling info on messages so security context can be queried by recipient' 16:39:13 <tyhicks> I'll have some sprint prep, too 16:39:16 <tyhicks> that's it for me 16:39:21 <tyhicks> jjohansen: you're up 16:40:38 <jjohansen> I'll be running around in panic, err that is prepping for the sprint too 16:40:39 <jjohansen> I have some bugs to finish chasing down, and then I'll be back to working on signals and other bits of ipc 16:41:36 <jdstrand> jjohansen: what are those bugs in? 16:42:28 <jjohansen> jdstrand: good question, I chased one down to my kernel, one to the library and I think one is in dbus, I need to verify that and if so I'll pull tyhicks in 16:42:52 <jdstrand> heh, ok 16:42:59 <jjohansen> jdstrand: oh! I should have said dev bugs :) 16:43:31 <jjohansen> thats it from me sarnold your up 16:44:04 <sarnold> I'm working on the mysql update today, hoping to finish testing on it late today (those tests are immensely long, sheesh) 16:44:13 <sarnold> probably publishing tomorrow 16:45:28 <sarnold> when I'm done with that, I'll look at bouncy castle, and if there's any time left, I may give a follow-up audit to one of the packages I NAKd for the forums; the company was kind enough to send me another version for review after fixing my previous complaints. (woo) 16:45:48 <sarnold> I'm also on community :) 16:45:56 <sarnold> that's it for me, chrisccoulson, your turn 16:46:07 <chrisccoulson> hi :) 16:47:20 <chrisccoulson> so, i spent a bit of time investigating one of the regressions that appeared in firefox 20. got a good handle on that now, but not sure there's much more we can do with it for now 16:47:51 <jdstrand> chrisccoulson: what is the regression? 16:48:06 <chrisccoulson> jdstrand, https://bugzilla.mozilla.org/show_bug.cgi?id=858782 16:48:08 <ubottu> Mozilla bug 858782 in Extension Compatibility "crash in uGlobalMenuDocListener::DoHandleMutations with GlobalMenu on Ubuntu" [Critical,New] 16:48:31 <chrisccoulson> i'm a bit concerned that if i fix the crash in our addon code, i'll just push the problem elsewhere 16:48:45 <chrisccoulson> (see the last comment) 16:49:24 <jdstrand> huh, interesting 16:49:41 <chrisccoulson> yeah, i wonder if this has the potential to cause other problems 16:50:34 <jdstrand> I guess we'll see what upstream says? 16:50:47 <chrisccoulson> yeah, i'm waiting for them to comment now 16:51:18 <chrisccoulson> also, did some more work with chromium testing. trying to figure out if there's a way to make the installed test suite smaller (each test binary effectively links in a copy of the browser) 16:51:47 <chrisccoulson> we also resolved some confusion regarding qtscript/webkit/v8/JSC :) 16:52:59 <chrisccoulson> and i'm currently trying to figure out why >100 firefox tests started failing over the weekend :( 16:53:36 <chrisccoulson> actually, make that nearly 200 ;) (191 to be exact) 16:53:48 <chrisccoulson> i think that's me done 16:54:08 <jdstrand> [TOPIC] Highlighted packages 16:54:10 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:54:15 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:54:25 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mongodb.html 16:54:28 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html 16:54:31 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html 16:54:45 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/cowbell.html 16:54:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/falconpl.html 16:54:59 <jdstrand> [TOPIC] Miscellaneous and Questions 16:56:39 <jdstrand> I have one, jjohansen, sbeattie and tyhicks> can you comment on http://status.ubuntu.com/ubuntu-raring/canonical-security-ubuntu-13.04-month-6.html? I need to prepare the monthly work items status for tomorrow. are we on track to be done by friday/tuesday? 16:57:23 <jjohansen> for /me friday - no, tuesday maybe 16:57:34 <jdstrand> jjohansen, sbeattie, tyhicks> and it you haven't already, can you update your work items 16:57:42 <sbeattie> jdstrand: sure 16:58:01 <tyhicks> jdstrand: 'dbus - update aa-logparser, including test' is not likely for Friday, but Tuesday is still a possibility 16:58:24 <tyhicks> I think everything else is still on track for me 17:00:28 <jdstrand> I'm not liking how I need to give a status update a week early... I will have to discuss that and/or modify our planning 17:01:01 <jdstrand> sbeattie: are you on track to be done friday/tuesday? 17:01:30 <sbeattie> jdstrand: yeah 17:01:36 <jdstrand> ok cool 17:02:09 <jdstrand> Does anyone have any other questions or items to discuss? 17:05:23 <jdstrand> sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks! 17:05:25 <jdstrand> #endmeeting