17:08 <jdstrand> #startmeeting 17:08 <meetingology> Meeting started Mon Sep 16 17:08:07 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 17:08 <meetingology> 17:08 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 17:08 <jdstrand> The meeting agenda can be found at: 17:08 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 17:08 <jdstrand> [TOPIC] Weekly stand-up report 17:08 <jdstrand> I'll go first 17:08 <jdstrand> I'm on triage this week 17:09 <jdstrand> I've got planning to do related to getting something together 14.04 and until release, but for the most part, stuff that is hitting saucy is not feature work at this point 17:09 <jdstrand> so I've put that on the backburner for the moment 17:10 <jdstrand> (ie, we are finishing up things we've started and fixing bugs in 13.10-- but I know we are already starting some 14.04 stuff, which is fine) 17:10 <jdstrand> (and by 14.04, I mean 13.10 stuff that was postponed :) 17:10 <jdstrand> ok 17:11 <jdstrand> I've been working a lot on trying to get all our policy in order 17:11 <sbeattie> jdstrand: thanks for that 17:11 <jdstrand> and its coming along, but has been difficult in spots because the APIs haven't all landed in their full form yet 17:11 <jdstrand> sbeattie: np 17:11 <jdstrand> sbeattie: thanks for being flexible in what you're working on :) 17:12 <sbeattie> heh, sure. 17:12 <jdstrand> I'm also following up with various teams to get bugs fixed and policy workarounds removed 17:12 <jdstrand> (eg, all the bugs surrounding non-app-specific paths) 17:13 <jdstrand> also working with appstore reviews and how to automate them where we can 17:13 <jdstrand> and discussing webapps confinement a bit 17:13 <jdstrand> all that will continue this week and I hope to check of related work items 17:14 <jdstrand> I also have MIR reviews that I am working on 17:14 <jdstrand> and will pick up an update if I can 17:14 <jdstrand> I think that's it for me 17:14 <jdstrand> mdeslaur: you're up 17:14 <mdeslaur> I'm on community this week 17:14 <mdeslaur> and am working on a bunch of embargoed issues 17:14 <mdeslaur> hopefully they'll all get published this week 17:14 <mdeslaur> that's it from me 17:15 <mdeslaur> sbeattie: you're up 17:15 <sbeattie> I'm on apparmor this week 17:15 <sbeattie> I'm again working on testing stuff, particularly IPC, in support of the development work jjohansen is doing. 17:16 <sbeattie> I've also been picking up other odds and ends on the apparmor front 17:16 <sbeattie> Oh, I'm trying to fix the daily build ppa breakage (my fault, mostly) 17:16 <sbeattie> that's pretty much it for me. tyhicks? 17:16 <tyhicks> I'm working on an embargoed issue 17:17 <tyhicks> I need to help jjohansen prep for the AppArmor sessions at LSS (Linux Security Summit) 17:17 <tyhicks> I'll be attending Plumbers (and probably some of LSS) this week 17:17 <tyhicks> I also need to scrape through the apparmor list and get patches committed 17:17 <tyhicks> (mainly the C++ patches that have been acked) 17:18 <tyhicks> that's it for me 17:18 <tyhicks> jjohansen: you're up 17:19 <jjohansen> I am prepping for and attending Linux Security Summit (LSS) this week. We have 2 presentations and a status update around apparmor and the security work for ubuntu touch 17:21 <jdstrand> nice 17:21 <jjohansen> I will also try to get up a test kernel for some of the ipc and stacking but that will depend on how the prep goes 17:22 <jjohansen> that's it for me sarnold your up 17:23 <sarnold> I'm in my happy place this week; this week and next week are short weeks, friday and monday off. I'm doing mostly MIR audits, only Mir, unity-system-compositor, gunicorn, and open-vm-tools remain :) but only two, maybe three, likely this week. 17:24 <sarnold> sorry I've been neglecting the apparmor patches, if there's anything that's not yet received a review from someone else, you guys can ping me on it specific and I'll give it a look 17:24 <sarnold> but "all 78 mails" would be a while :) hehe 17:25 <sarnold> chrisccoulson: your turn 17:25 <chrisccoulson> i had a short week last week, and it feels like it's been ages since my last meeting ;) 17:25 * jjohansen notes to do a push just for sarnold 17:26 <chrisccoulson> i got flash updated last week. this week, it's firefox and thunderbird (and a big one for thunderbird, 17 -> 24) 17:26 <jdstrand> chrisccoulson: welcome! :) 17:26 <chrisccoulson> hi :) 17:26 <chrisccoulson> i worked on automated testing for oxide. will hopefully finish that this week 17:27 <chrisccoulson> i think that's me done 17:27 <jdstrand> chrisccoulson: sorry if I'm dense-- you've been working on and planning to work on oxide automated testing/ 17:27 <jdstrand> ? 17:28 * jdstrand couldn't fully parse chrisccoulson's stand-up 17:29 <chrisccoulson> jdstrand, i've been working on adding automated tests since last week 17:30 <jdstrand> chrisccoulson: ok, for some reason that is not listed on https://blueprints.launchpad.net/ubuntu/+spec/client-1308-oxide. can you add a work item for that and mark it INPROGRESS? 17:32 <chrisccoulson> jdstrand, ah, sure. in future, all features will come with tests. the work i'm doing now is adding tests retrospectively, as it depended on adding support for exchanging messages with content scripts, which was quite a bit of work :) 17:32 <jdstrand> yeah, I bet 17:32 <jdstrand> chrisccoulson: cool, thanks for that :) 17:32 <jdstrand> [TOPIC] Highlighted packages 17:32 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:32 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xymon.html 17:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsdp.html 17:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/kronolith2.html 17:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/citadel.html 17:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xml-light.html 17:33 <jdstrand> [TOPIC] Miscellaneous and Questions 17:34 <jdstrand> mdeslaur: so, the only thing I was going to ask about was seeing if sarnold could help out with updates, but with his short week and the number of audits, that seems like 'no' 17:34 <mdeslaur> jdstrand: yeah, that's fine...the mirs are more pressing for now 17:35 <jdstrand> well, soon there will be help 17:35 <jdstrand> it is hard to beleive that 13.10 will be released in like 5 weeks 17:35 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks 17:35 <jdstrand> #endmeeting