16:46 <jdstrand> #startmeeting 16:46 <meetingology> Meeting started Mon Dec 16 16:46:00 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:46 <meetingology> 16:46 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:46 <jdstrand> The meeting agenda can be found at: 16:46 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:46 <jdstrand> [TOPIC] Announcements 16:46 <jdstrand> Due to the EOY leave, the next security team meeting will be 2014/01/06 16:47 <jdstrand> [TOPIC] Weekly stand-up report 16:47 <jdstrand> I'll go first 16:47 <jdstrand> I'm on triage this week 16:47 <jdstrand> I'll be here all week this week! 16:47 <jdstrand> (try the veal) 16:47 <mdeslaur> \o/ 16:47 <jdstrand> but, I'm off the next two weeks 16:48 <mdeslaur> slacker 16:48 <mdeslaur> :) 16:48 <jdstrand> hehe 16:48 <jdstrand> I've got some pending updates 16:48 <jdstrand> and a few work items around apparmor-easyprof-ubuntu that I am working on 16:49 <jdstrand> I dug into oxide testing last week and started developing policy for apparmor policy version 1.1 for it 16:49 <jdstrand> chris is off til the end of the year, so I'll mention that the packaging is all together for it, and it builds for all archs 16:50 <mdeslaur> oh, that's awesome :) 16:50 <jdstrand> it fails at runtime on armhf which we think is due to a compile-time option surrounding neon 16:50 <jdstrand> the navigation api is reviewed and I think will be committed soon 16:51 <jdstrand> so it is really coming along. I've got a todo this week to communicate this to other stakeholders (and an oxide meeting too) 16:51 <jdstrand> I think that's it for me 16:51 <jdstrand> mdeslaur: you're up 16:51 <mdeslaur> I'm on community this week 16:51 <mdeslaur> I have a couple of updates pending, I'm in the final stages of testing 16:52 <mdeslaur> and I'll continue going down the list, as usual. 16:52 <mdeslaur> that's about it from me 16:52 <mdeslaur> hrm, sbeattie isn't here 16:52 <mdeslaur> tyhicks: you're up 16:52 <tyhicks> I've got some carry over from last week 16:53 <tyhicks> I got hung up for a little too long on an issue where the emulator fails the executable stack test of test-kernel-security.py 16:53 <tyhicks> I spent quite a bit of time on it and I've convinced myself that it is an emulator bug because everything works fine on maguro 16:54 <jjohansen1> ickky 16:54 <jdstrand> tyhicks: interesting-- can you file it if you haven't already? it would be good to get the emulator fixed so that other teams don't get tripped up 16:54 <tyhicks> I've built final goldfish, manta, and mako kernels and need to do some quick testing and then send off the patches 16:54 <tyhicks> jdstrand: sure, that's a good idea 16:54 <jdstrand> tyhicks: oh, maguro, interesting-- do we have access to that device on the team? 16:55 <jjohansen1> jdstrand: ? I've got one 16:55 <tyhicks> oh no 16:55 <tyhicks> I was wrong about the code name 16:55 <tyhicks> I meant grouper 16:55 <jdstrand> jjohansen1: ah right, you have nearly everything :) 16:55 <jdstrand> ok 16:55 * tyhicks has another shot of coffee 16:55 <jdstrand> heh 16:56 <tyhicks> after that, I'll be on user data encryption 16:56 <jjohansen1> jdstrand: no no, please forget I ever mentioned uh, never mind ;) 16:56 <tyhicks> well, there is one problem 16:56 <tyhicks> I can't test the manta and mako kernels 16:57 <tyhicks> but I also don't want to bog down jj 16:57 <tyhicks> I think testing in the emulator is sufficient, though 16:57 <jdstrand> I have a mako. chris has a manta 16:57 <jdstrand> (though chris is off this week) 16:57 <jdstrand> tyhicks: if you need me, holler 16:57 <tyhicks> all mako and manta get are some backported yama patches since their kernel configs were already hardened correctly 16:57 <tyhicks> ok 16:57 <tyhicks> I'll think about it some more 16:57 <tyhicks> that's it for me 16:57 <tyhicks> jjohansen1: you're up 16:59 <jjohansen1> I'm working on apparmor again this week, I've got some testing work to coordinate with sbeattie around dfa and permission changes, and yes ipc work. 17:00 <jjohansen1> And I'm fixing another invalidation bug that keeps taking down anything using a compound label 17:00 <jjohansen1> so files, sockets, ..., stacking pretty much everything 17:00 * jjohansen1 sighs 17:01 <sarnold> :( 17:02 <jjohansen1> well I think thats it from me, sarnold your up 17:04 <sarnold> I'm in the happy place this week 17:05 <sarnold> I'm all caught up on the apparmor patches (I think) so I'm moving on to the MIR audits, it's amazing how quicklyu they pile up when I'm not looking.. 17:05 <jdstrand> yes... 17:05 <tyhicks> sounds like it is about time to write some more apparmor patches 17:05 <tyhicks> ;) 17:06 <jdstrand> hah 17:06 <sarnold> haha :) 17:07 <sarnold> I started reading the developer.ubuntu.com docs last night and found a handful of problems that I'll file some bugreports for.. it's amazing how much is done already :) woo. 17:07 <sarnold> I think that's me covered, jdstrand back to you 17:08 <jdstrand> sarnold: are these security bugs or just regular bugs? 17:08 <sarnold> jdstrand: regular bugs :) woot 17:08 <jdstrand> ok, good :) 17:08 <jdstrand> [TOPIC] Highlighted packages 17:08 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:08 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/rawstudio.html 17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nagstamon.html 17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/slim.html 17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-passenger.html 17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/autotrace.html 17:09 <jdstrand> [TOPIC] Miscellaneous and Questions 17:09 <jdstrand> Does anyone have any other questions or items to discuss? 17:09 <mdeslaur> jdstrand: we need to talk about who is doing watch during the holidays 17:10 <jdstrand> mdeslaur: yeah, I added that to my todo this morning 17:10 <mdeslaur> cool 17:10 <jdstrand> mdeslaur: thanks for reminding me 17:14 <jdstrand> mdeslaur, tyhicks, jjohansen1, sarnold: thanks! 17:14 <jdstrand> #endmeeting