16:33 <jdstrand> #startmeeting 16:33 <meetingology> Meeting started Mon Jun 10 16:33:03 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:33 <meetingology> 16:33 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:33 <jdstrand> The meeting agenda can be found at: 16:33 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:33 <jdstrand> [TOPIC] Announcements 16:33 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for lucid-precise for xml-light (LP: #1186860). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:33 <ubottu> Launchpad bug 1186860 in xml-light (Ubuntu Precise) "Hash collision vulnerability in xml-light" [Undecided,Fix released] https://launchpad.net/bugs/1186860 16:33 <chrisccoulson> hi! 16:34 <jdstrand> [TOPIC] Weekly stand-up report 16:34 <jdstrand> I'll go first 16:34 <jdstrand> apparently I am in the happy place this week, which I am grateful for :) 16:34 <mdeslaur> :) 16:34 <jdstrand> I'm catching up from being off last week 16:34 <jdstrand> I've got patch piloting to do 16:35 <jdstrand> an embargoed update 16:35 <jdstrand> various reviews and coordination surrounding application isolation, scopes and click packages 16:35 <jdstrand> and I plan to do a preliminary install audit of the phablet image 16:35 <jdstrand> mdeslaur: you're up 16:35 <mdeslaur> I have an openchrome update I'll be releasing this afternoon 16:36 <mdeslaur> and after that, I've got a bunch of stuff ready for testing in the secppa 16:36 <mdeslaur> I'm also on triage duty this week 16:36 <mdeslaur> that's pretty much it...updates as usual :) 16:36 <mdeslaur> sbeattie: you're up 16:36 <sbeattie> I'm again on apparmor this week 16:37 <sbeattie> I'm currently working on the apparmor/sdk work in the https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-sdk 16:38 <jdstrand> sbeattie: how is that going? 16:38 <sbeattie> I've uploaded some of the easyprof policy group stuff to the dbus-dev ppa, along with versions of the calculator and calendar app that make use of them 16:38 <jdstrand> ah, cool 16:38 <mdeslaur> oh, cool 16:38 * jdstrand makes note to play with that this week 16:38 <sbeattie> I'm still working on getting json input to easyprof going and am continuing to look at what the click package emits 16:39 <sbeattie> I think there's an apparmor upstream meeting this week that I need to prep for 16:39 <sbeattie> oh, I should note that after this week, I'm off for two weeks 16:39 <sbeattie> That's it for me. 16:40 <jdstrand> sbeattie: wrt click> maybe ask beuno/cjwatson? 16:40 <sbeattie> jdstrand: sure, I've been playing around with the source a bit 16:40 <sbeattie> tyhicks: you're up 16:41 <jdstrand> sbeattie: also, for clarity (since I've been off a week and still catching up), you're still going to work with debhelper correct? 16:41 <tyhicks> I'm (finally) finishing my email to the apparmor list to compare the various dbus syntax proposals 16:41 <sbeattie> jdstrand: yes. I didn't do that in the bits I uploaded. 16:41 <tyhicks> I got sidetracked last week while chasing down some odd things I came across while preparing a profile for that email 16:42 <jdstrand> sbeattie: ok, thanks. I think that shouldn't be too bad. we (you, me, mdeslaur) can talk more if anything is unclear 16:42 <jdstrand> tyhicks: please continue (sorry to interrupt) 16:42 <mdeslaur> oh! forgot to mention I also plan on installing ubuntu on my nexus 4 this week 16:42 <tyhicks> later today, I'll start prepping for my work items in https://blueprints.launchpad.net/ubuntu/+spec/client-1305-content-mgmt-picking 16:43 <tyhicks> I'll begin work on that blueprint this week 16:43 <tyhicks> and will continue working on the parser changes in the background 16:43 <tyhicks> that's it for me 16:43 <tyhicks> jjohansen: you're up 16:44 <mdeslaur> tyhicks: fyi, tvoss mentioned possibly having a command line first draft of that api this week 16:44 <tyhicks> mdeslaur: ok, that would be good 16:44 <jdstrand> tyhicks: also note, that the meeting is early tomorrow 16:44 <jdstrand> tyhicks: did anything happen with rescheduling that 16:44 <mdeslaur> I guess we'll find out more at tomorrow's meeting 16:44 <tyhicks> jdstrand: no, I'm going to give it a shot for a week or two 16:45 <tyhicks> if it kills me, I'll push for a reschedule 16:45 <tyhicks> I think I'll be fine 16:45 <jdstrand> tyhicks: sorry about that, but I appreciate it 16:45 <tyhicks> no problem 16:45 <jdstrand> I think jjohansen is afk atm 16:45 <tyhicks> oh, yes 16:45 <mdeslaur> tyhicks: please don't die 16:45 <jdstrand> sarnold: you're up 16:45 <tyhicks> :) 16:46 <sarnold> I'm on community this week; I'll also be reviewing some patches I expect from jjohansen soon. I'd like jdstrand or mdeslaur's help in pushing the openssl zlib environment variable to a -proposed for wider testing before pushing to the archive 16:46 <mdeslaur> sarnold: ah! yes, cool 16:46 <mdeslaur> sarnold: can I try and push what's in the ppa now? 16:46 <sarnold> my bouncycastle test suite is starting to feel like there's something to it :) I've got symmetric ciphers and their modes of operations working; I can see adding assymetric ciphers and then finally some high level TLS servers/clients 16:46 <jdstrand> sarnold: just put it in the ubuntu-security-proposed ppa and ping me to push it to -proposed when ready 16:46 <sarnold> mdeslaur: yes 16:47 <sarnold> jdstrand: it's already in the security ppa; would it need to be rebuilt in ubuntu-security-proposed before it could be pushed? 16:47 <mdeslaur> sarnold: nope 16:47 <jdstrand> sarnold: no, I can do it from there too 16:48 <mdeslaur> jdstrand: let me try first 16:48 <sarnold> ah, cool :) 16:48 * jdstrand defers to mdeslaur 16:48 <sarnold> okay, I think that's me, chrisccoulson, you're up :) 16:49 <chrisccoulson> thanks sarnold 16:50 <chrisccoulson> so, last week, i pretty much finished off fleshing out the architecture for our chromium embedding api (tentatively named "oxide", thanks to mdeslaur) ;) 16:50 <chrisccoulson> i have a pretty good idea of how much work is involved now 16:50 <jdstrand> tyhicks: (fyi, please feel free to poke me if I don't respond to your apparmor policy email-- I'd like to get those discussions moving and completed) 16:50 <tyhicks> jdstrand: ack - same here 16:50 <chrisccoulson> and i've actually created a project branch locally to start some hacking on it :) 16:50 <jdstrand> chrisccoulson: nice! 16:50 <mdeslaur> chrisccoulson: oh, cool...looking forward to discussion that with you 16:51 <chrisccoulson> this week, i've got an embargoed update to do 16:52 <chrisccoulson> i think that's me (other than that update, i'll be continuing work on https://blueprints.launchpad.net/ubuntu/+spec/client-1303-webkit-maintenance/) 16:52 <jdstrand> [TOPIC] Highlighted packages 16:52 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/boinc.html 16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/iscsitarget.html 16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-openid.html 16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html 16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/bcron.html 16:53 <jdstrand> [TOPIC] Miscellaneous and Questions 16:53 <jdstrand> Does anyone have any other questions or items to discuss? 16:57 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! 16:57 <jdstrand> #endmeeting