16:32 <jdstrand> #startmeeting
16:32 <meetingology> Meeting started Mon Jan  6 16:32:59 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:32 <meetingology> 
16:32 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:33 <jdstrand> The meeting agenda can be found at:
16:33 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:33 <jdstrand> [TOPIC] Announcements
16:33 <jdstrand> Happy new year! Welcome back and I hope everyone had a nice break :)
16:33 <mdeslaur> happy new year!
16:33 <jdstrand> thanks to Jonathan Riddell (Riddell) provided debdiffs for precise-saucy for qt4-x11 (LP: #1259577)
16:33 <ubottu> Launchpad bug 1259577 in qtbase-opensource-src (Ubuntu Trusty) "Security: XML Entity Expansion Denial of Service" [Undecided,Fix released] https://launchpad.net/bugs/1259577
16:34 <jdstrand> thanks to Jonathan Riddell (Riddell) provided debdiffs for raring-saucy for qtbase-opensource-src (LP: #1259577)
16:34 <jdstrand> thanks to Stefan Bader (smb) provided debdiffs for precise-saucy for xen
16:34 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)"
16:35 * Riddell bows
16:35 <jdstrand> heh :)
16:35 <jdstrand> [TOPIC] Weekly stand-up report
16:35 <jdstrand> I'll go first
16:36 <jdstrand> I'm apparently in the happy place this week. not sure how I got here, but I'll take it :)
16:36 <mdeslaur> jdstrand: you won the dice roll :)
16:36 <chrisccoulson> congratulations!
16:36 <jdstrand> I have pending updates and work items, though most of the beginning of this week will be working on going through my holiday backlog
16:36 <jdstrand> \o/
16:36 <jdstrand> mdeslaur: you're next
16:36 <mdeslaur> I'm on triage this week
16:37 <mdeslaur> I have a couple of pending updates I'm testing which should get released this week
16:37 <mdeslaur> like puppet this afternoon probably
16:37 <mdeslaur> I also have some catching up to do
16:37 <mdeslaur> and I think I'm on patch piloting on friday
16:37 <mdeslaur> that's about it
16:37 <mdeslaur> sbeattie: you're up
16:37 <sbeattie> I'm on apparmor again this week
16:38 <sbeattie> I need to sync up with jjohansen on IPC stuff
16:38 <sbeattie> I also need to review his dfa minimization patch (and the bug fix for the issue it exposed) as it gives a pretty big policy compilation win.
16:39 <mdeslaur> oh cool...do we know how big?
16:39 <jjohansen> it varies with the dfa
16:39 <jjohansen> but there are several examples
16:40 <sbeattie> another 20%-ish gain, though for certain things like the evince profile with likewise-open variables added, it shaves 50-60% off of compilation time.
16:40 <jdstrand> that is the one that doesn't do much for the click apps, correct?
16:40 <mdeslaur> oh, nice!
16:40 <sbeattie> (23 seconds down to 9 seconds or so)
16:40 <jdstrand> or was that something else?
16:40 <sbeattie> (on my laptop)
16:40 <jdstrand> btw, these compilation speedups are truly awesome :)
16:40 <sbeattie> jdstrand: yeah, I didn't see much gain for the click profiles you posted to the list.
16:40 <jdstrand> ok
16:41 <jjohansen> jdstrand: no, that is a different one, this one does a little more for the click apps
16:41 <jdstrand> we got big gains on them in the previously patches though
16:41 <jdstrand> ah
16:41 <jjohansen> weather applet profile from ubuntu touch    0.618s   105673 bytes  to    0.432s   89300 bytes
16:41 <sbeattie> jjohansen: oh? Maybe I'm confused.
16:41 <jdstrand> well, good :)
16:41 * sbeattie kicks monday
16:41 <sbeattie> anyway, I have some other stuff to catch up on as well.
16:41 <jjohansen> not a huge improvement but better than the diff-encode which did almost nothin
16:41 <tyhicks> that improvement should be pretty nice on ARM :)
16:42 <jdstrand> yeah
16:42 <jdstrand> and the emulator
16:42 <tyhicks> good point
16:42 <sbeattie> Anyway, that's all I have. tyhicks, you're up.
16:42 <tyhicks> I'm playing catch up this morning
16:43 <tyhicks> I was disconnected nearly the entire break
16:43 <tyhicks> I've gotten through most email - the big thread that is coming up next is the kdbus thread
16:43 <tyhicks> I've got to tie up some loose ends from before the holiday
16:44 <tyhicks> benchmarking ext4 and ecryptfs on ARM is done - I need to figure out how best to do a LUKS-based partition
16:44 <jdstrand> nice
16:44 <mdeslaur> tyhicks: good luck with the kdbus thread
16:45 <jdstrand> so, since kdbus lit up over the holidays, it occurred to me that it might be wise to send up our apparmor patches to the dbus mailing list
16:45 <tyhicks> jdstrand: that would be good
16:45 <jdstrand> that said, I am a few days our of date on said thread
16:46 <tyhicks> I've kept them in an upstreamable form in our dbus package, so it shouldn't be much work for me to get them organized and sent out
16:46 <jdstrand> while not completely unsurprised, the tenor of the mailing list discussion is considerably different than what I thought we had with kdbus upstream at plumbers
16:47 <tyhicks> we only spoke with gregkh at plumbers and I don't think he's been involved in the thread
16:47 <jdstrand> again, I am out of date, but it seems clear we need to continue having these discussions
16:47 <tyhicks> agreed
16:47 <jdstrand> (and thanks to mdeslaur for responding over the holidays)
16:47 <tyhicks> I'm a little blocked on sending out the yama and config patches for Touch because I don't have a device to run the autopilot tests on (and the emulator doesn't seem to work, either)
16:48 <jdstrand> tyhicks: what devices do you need?
16:49 <tyhicks> jdstrand: umm... any of the better supported devices
16:49 <jdstrand> tyhicks: so, you have grouper? it tests ok there?
16:49 <tyhicks> jdstrand: I have grouper but that's the old kernel that requires a complete yama backport, which I didn't do
16:49 <jdstrand> ah
16:50 <jdstrand> so you need manta and mako, correct?
16:50 <tyhicks> yes, those would be best
16:50 <jdstrand> perhaps you could provide test instructions to jjohansen and chrisccoulson, and they can each do one?
16:50 <tyhicks> ok
16:51 <tyhicks> I can do that
16:51 <jdstrand> I have a mako and am running trusty, but it is my dogfood device so I'd rather not break it :) that said, if it is helpful, you can give me the instructions too
16:51 <tyhicks> it will also probably be a bit of an issue for user data encryption
16:52 <tyhicks> I'll follow up with the team when I have debs and instructions
16:52 <tyhicks> that'll probably keep me busy for this week
16:52 <tyhicks> that's it for me
16:52 <tyhicks> jjohansen: you're up
16:52 <jjohansen> well it looks like I'll be testing for tyhicks this week ;)
16:53 <tyhicks> jjohansen: you're the lucky guy with all the hardware :)
16:53 <jdstrand> hopefully it will be nearly automatable
16:53 <jjohansen> there is some catch up to do from vacation and then its back to apparmor
16:53 <mdeslaur> \m/ AppArmor rocks! \m/
16:53 <jdstrand> \m/ *rock* \m/
16:54 <jjohansen> I've got the rest of the dfa stuff I need to push out so that we can start build some new tests
16:54 <ogra_> that gives metal as a service a totally new meaning
16:54 <mdeslaur> hehe
16:54 <sarnold> good idea!
16:54 <jjohansen> haha
16:55 <jjohansen> and there is of course the outstanding ipc work
16:56 <jjohansen> and coordination with sbeattie on tests there
16:56 <jjohansen> and probably more bludgeoning of ones self against a certain thread
16:58 <mdeslaur> hehe
16:58 <jjohansen> I think thats it from /me sarnold your up
16:58 <jdstrand> jjohansen: oh, thank you for also responding to the thread over the holiday
16:59 <jdstrand> like I said, I am behind and didn't see that part of the thread
16:59 * jjohansen is only sorry he didn't get to it earlier, but then again Amanda would have made /me even sorrier to have responded earlier
16:59 <jdstrand> heh
17:00 <jdstrand> we got some responses out-- I think we are ok :)
17:00 <sarnold> I'm on community this week, it's been a while since I've checked in on email, so I'll have a fair amount of digging-out to be done this week. but don't let that deter anyone from sending in patches :) I know there's some MIR audits needing attention, some old and some new, and iirc some apparmor patches needing review
17:01 <sarnold> I suspect that'll be the week, but it's getting around time to dust off the old objectives and see how those are going.
17:02 <sarnold> I think that's it for me, chrisccoulson?
17:02 <chrisccoulson> hi :)
17:02 <chrisccoulson> so, i left for vacation with a saucy build of oxide on arm which didn't work, and an attempted build for trusty which didn't succeed ;)
17:02 <chrisccoulson> i'm fixing those this week
17:03 <chrisccoulson> i started work over the holiday to remove the run-time dependency on X, which I need to do to make it work on ubuntu touch in any case
17:04 <chrisccoulson> i don't think there's anything else from me
17:04 <jdstrand> [TOPIC] Highlighted packages
17:05 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:05 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pyfribidi.html
17:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/graphite2.html
17:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libjgroups-java.html
17:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/sleuthkit.html
17:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html
17:05 <jdstrand> [TOPIC] Miscellaneous and Questions
17:05 <jdstrand> Does anyone have any other questions or items to discuss?
17:08 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
17:08 <jdstrand> #endmeeting