16:36 <jdstrand> #startmeeting 16:36 <meetingology> Meeting started Mon Aug 5 16:36:34 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 <meetingology> 16:36 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:36 <jdstrand> The meeting agenda can be found at: 16:36 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 <jdstrand> [TOPIC] Announcements 16:36 <jdstrand> Benjamin Drung (bdrung) provided updates for precise-raring for vlc (LP: 1186780) Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:36 <ubottu> Launchpad bug 1186780 in vlc (Ubuntu Raring) "Please update VLC (for security issues)" [Undecided,Fix released] https://launchpad.net/bugs/1186780 16:37 <jdstrand> [TOPIC] Weekly stand-up report 16:37 <jdstrand> I'll go first 16:37 <jdstrand> I'm on community this week 16:37 <jdstrand> I have some embargoed updates 16:38 <jdstrand> patch piloting for august 16:38 <jdstrand> and various audits 16:38 <jdstrand> tyhicks: you're up 16:39 <tyhicks> I'll have a little sync up with jj, when he returns, and then I'll upload apparmor and dbus with DBus mediation support 16:39 <tyhicks> there's one known bug in dbus mediation and eavesdropping 16:39 <tyhicks> I'll fix that this week 16:39 <tyhicks> (but it isn't a blocker for uploading) 16:40 <tyhicks> I'll focus on my content hub work items this week 16:40 <tyhicks> I think that's it 16:40 <tyhicks> sarnold: you're up 16:41 <sarnold> I'm in the happy place this week, so it'll be more MIR audits and apparmor patch reviews (thanks tyhicks :) 16:41 <tyhicks> Oh yeah, I think there's a couple remaining (small) patches that need to be forwarded to the list 16:41 <tyhicks> I'll dig those out 16:42 <sarnold> I'm also likely to spend more time on the dnsmasq-resolvconf-confetti bomb, that hting makes such a mess over all my VMs. 16:43 <sarnold> currently, hard-coded IPs in /etc/hosts are mostly serving, but after the -27 kernel ate some of my VM images, I had to bring up some of the VMs again multiple times to get different IPs for them. what a pain. 16:43 <jdstrand> sarnold: I think some of that may be a one time sorta thing 16:43 <sarnold> jdstrand: yeah, I'm hopeful to keep it that way. :) 16:44 <sarnold> I think that's me, chrisccoulson, your turn :) 16:44 <chrisccoulson> hi 16:44 <jdstrand> sarnold: eg, maybe just start over-- clean our /etc/hosts of the static ones, then start each vm, one at a time, and ssh-keygen -R as needed until at the end you have all of them with new ip addresses 16:44 <jdstrand> sarnold: we can talk more elasewhere if you want 16:44 <jdstrand> s/elasewhere/elsewhere/ 16:44 <chrisccoulson> so, this week is going to be a fun week. it's firefox and thunderbird release day tomorrow, so i'm currently working on that 16:44 <sarnold> \o/ 16:45 <chrisccoulson> i've also been working on adding greasemonkey style user script support to oxide, which i plan to use for the unit tests (and which will probably form the basis of webapps) 16:45 <jdstrand> chrisccoulson: was there anything for them coming out of blackhat/defcon? 16:45 <chrisccoulson> jdstrand, not that i'm aware of 16:45 <jdstrand> good for them :) 16:46 <chrisccoulson> i shall get chromium out this week as well 16:47 <chrisccoulson> and i've got a meeting about the UA string for the mobile browser 16:47 <chrisccoulson> i think that's me done 16:47 <sarnold> jdstrand: the only thing I saw come out of blackhat for the browsers was "hey javascript lets you do a lot of amazing things, and advertising networks make it easy to rent time in a few million browsers..." 16:48 <jdstrand> chrisccoulson: there may be some more oxide discussions too-- I plan on poking at the thread 16:48 <jdstrand> sarnold: neat. I look forward to hearing from mdeslaur and sbeattie when they get back :) 16:48 <sarnold> jdstrand: me too :) 16:48 <jdstrand> [TOPIC] Highlighted packages 16:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html 16:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html 16:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/unbound.html 16:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/squidclamav.html 16:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html 16:49 <jdstrand> The highlighted packages for this week are ^ 16:49 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/Securi 16:49 <jdstrand> [TOPIC] Miscellaneous and Questions 16:49 <jdstrand> Does anyone have any other questions or items to discuss? 16:55 <jdstrand> tyhicks, sarnold, chrisccoulson: thanks! 16:55 <jdstrand> #endmeeting