16:38 <jdstrand> #startmeeting 16:38 <meetingology> Meeting started Mon Jan 27 16:38:51 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:38 <meetingology> 16:38 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:38 <jdstrand> The meeting agenda can be found at: 16:38 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:39 <jdstrand> [TOPIC] Announcements 16:39 <jdstrand> Thanks to the following people thanks for help on security updates since the last meeting: Johan Van de Wauw (tamrat) provided debdiffs for precise-saucy for mapserver (LP: #1267616), Thomas Ward (TheLordOfTime) provided debdiffs for raring for znc (LP: #1268658), Felix Geyer (debfx) provided debdiffs for Precise, Quantal, Saucy for quassel (LP: #1255362). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:39 <ubottu> Launchpad bug 1267616 in mapserver (Ubuntu Saucy) "Possible SQL Injections with postgis TIME filters" [Medium,Fix released] https://launchpad.net/bugs/1267616 16:39 <ubottu> Launchpad bug 1268658 in znc (Ubuntu Trusty) "Null pointer dereference in webadmin module [CVE-2013-2130]" [Undecided,Fix released] https://launchpad.net/bugs/1268658 16:39 <ubottu> Launchpad bug 1255362 in quassel (Ubuntu Trusty) "Clients may be able to access buffers belonging to other users" [High,Fix released] https://launchpad.net/bugs/1255362 16:40 <jdstrand> [TOPIC] Review of any previous action items 16:40 <jdstrand> [ACTION] chrisccoulson to benchmark oxide and qtwebkit once armhf builds work 16:40 * meetingology chrisccoulson to benchmark oxide and qtwebkit once armhf builds work 16:40 <jdstrand> [ACTION] chrisccoulson to send results of benchmarks to list 16:40 * meetingology chrisccoulson to send results of benchmarks to list 16:40 <jdstrand> aiui, these are both blocked on usable IM in oxide, which is blocked on qt5.2 which is blocked on the frameworks discussions 16:41 <jdstrand> however, we just determined that we may be able to use https://launchpad.net/~canonical-qt5-edgers/+archive/qt5-beta2 for this 16:41 <jdstrand> chrisccoulson: that pretty much captures that discussion, right? 16:41 <chrisccoulson> it does 16:42 <jdstrand> chrisccoulson: would it be too optimistic to hope for working IM usiong that ppa this week? 16:42 <chrisccoulson> it should be possible, especially now I can build much faster 16:43 <jdstrand> chrisccoulson: ok, I'd like to keep those as actions then. the benchmarking itself should go quickly I would think once IM is there 16:43 <jdstrand> chrisccoulson: if there is a problem with benchmark performance, we may be able to get phonedations to help 16:43 <jdstrand> I am going to take an action to update people on this 16:43 <chrisccoulson> cool :) 16:44 <jdstrand> [ACTION] follow-up on list regarding status of oxide benchmarks and why they are blocked 16:44 * meetingology follow-up on list regarding status of oxide benchmarks and why they are blocked 16:44 <jdstrand> [ACTION] jdstrand to follow-up on list regarding status of oxide benchmarks and why they are blocked 16:44 * meetingology jdstrand to follow-up on list regarding status of oxide benchmarks and why they are blocked 16:45 <jdstrand> [TOPIC] Weekly stand-up report 16:45 <jdstrand> I'll go first 16:45 <jdstrand> I'm in the happy place this week 16:46 <jdstrand> I've got some pending openstack updates to work on-- but I'm having to more or less write the patches myself for earlier releases, so it has been slow going 16:46 <jdstrand> I have quite a bit of sprint preparation to do for next week 16:47 <jdstrand> if time allows, I'll try to get to some work items, but am guessing that will have to wait for next week 16:47 <jdstrand> mdeslaur: you're up 16:47 <mdeslaur> I'm on triage this week 16:47 <mdeslaur> I'll be publishing some USNs, and will be once again going down the list 16:47 <mdeslaur> I'm off on Wednesday 16:47 <mdeslaur> and that's about it from me 16:47 <mdeslaur> sbeattie: you're up 16:49 <jdstrand> tyhicks: why don't you go next and sbeattie can give status later 16:50 <tyhicks> ok 16:50 <jdstrand> (also, jj is out for the meeting) 16:50 <tyhicks> I'm looking into an ecryptfs bug at the moment (LP: #1265841) 16:50 <ubottu> Launchpad bug 1265841 in linux (Ubuntu) "kernel BUG at /build/buildd/linux-3.11.0/fs/buffer.c:1268!; RIP: 0010:[<ffffffff816e3efd>] [<ffffffff816e3efd>] check_irqs_on.part.11+0x4/0x6" [Medium,Triaged] https://launchpad.net/bugs/1265841 16:51 <tyhicks> I'll be mainly working on that and hacking on kdbus again this week 16:51 <tyhicks> probably a little prep for the sprint, as welll 16:51 <tyhicks> that's it for me 16:51 <jdstrand> question 16:51 <tyhicks> ok 16:52 <jdstrand> sorry I keep asking about this-- what is going on with yama? 16:52 <jdstrand> (on touch) 16:52 <tyhicks> jdstrand: I've wasted way too much time trying to test it on the emulator 16:52 <tyhicks> jdstrand: as of Friday, the emulator segfaults when running unity8 autopilot tests 16:52 <jdstrand> hrmm, sorry about that 16:52 <tyhicks> jdstrand: I was hoping to talk jjohansen into letting me use one of his devices next week at the sprint to test it 16:53 <jdstrand> so, are you able to run it on hardware? 16:53 <jdstrand> ok, that seems reasonable 16:53 <tyhicks> all of the dev work is done and has been for a long time 16:53 <tyhicks> I just don't have a way to run the autopilot tests 16:53 <jdstrand> yeah 16:54 * jdstrand nods 16:54 <tyhicks> I thought getting a cheap maguro would help me test this (along with other touch landings) 16:54 <jdstrand> I think testing on real hardware and then coordinating with ogasawara for a pull request then landing will hopefully be fine at this point 16:55 <jdstrand> if the emulator is busted for doing our tests, we can't be expected to use it 16:55 <tyhicks> but it runs the old kernel version that we're not backporting to :/ 16:55 <tyhicks> I tried running with ubuntu-emulator and with the older emulator set up using xnox's test scripts 16:56 <tyhicks> ubuntu-emulator segfaults and the test scripts eventually hang because the emulator dies at some point 16:56 <tyhicks> oh, and that's without the yama backport patches... so they're not at fault 16:56 <tyhicks> I was just trying to get a baseline 16:56 <tyhicks> ok, that's it for me 16:56 * jdstrand nods 16:57 <tyhicks> sarnold: you're up 16:57 <sarnold> I'm on community this week 16:57 <jdstrand> we'll test on real hardware and try to get you unblocked 16:57 <tyhicks> thanks :) 16:58 <sarnold> I've got some libotr patches from debfx to test and release this week, several MIRs, reviewing serge's new cgmanager (nearly done, one file left!), and then sprint preparation (looking into the profile loading more deeply) 16:58 <sarnold> I suspect it isn't all going to get done before the end of the week 16:59 <sarnold> I think that's me, are we going back to chrisccoulson or on to jdstrand again? (I missed the start..) 16:59 <chrisccoulson> hi :) 17:00 <chrisccoulson> this week i'll be looking at some of the oxide bugs that are blocking having a usable browser on the device 17:00 <jdstrand> tyhicks: oh, chrisccoulson has a manta that I'm sure he's bringing next week 17:00 <chrisccoulson> last week i switched oxide to cmake, and made cross-compiling work :) 17:00 <jdstrand> tyhicks: so maybe quick popping a kernel in there and testing on it would be ok 17:00 <tyhicks> chrisccoulson: I'd really appreciate it if I could (ab)use it for a day 17:01 <tyhicks> yep 17:01 <chrisccoulson> the bad news is that next week is firefox release week. perfect timing ;) 17:01 <tyhicks> ah 17:01 <chrisccoulson> so i'll probably be trying to get that out of the way at the end of this week 17:01 <tyhicks> well I can ask jj later 17:01 <jdstrand> chrisccoulson: argh :\ 17:01 <mdeslaur> chrisccoulson: ugh :( 17:01 <chrisccoulson> yeah, it's pretty annoying 17:02 <chrisccoulson> i wish they could have done the release this week :) 17:02 <chrisccoulson> but, oh well :/ 17:02 <chrisccoulson> i think that's me done 17:03 <jdstrand> re cmake: \o/ 17:03 <jdstrand> [TOPIC] Highlighted packages 17:04 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:04 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/dropbear.html 17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libmodplug.html 17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html 17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html 17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html 17:04 <jdstrand> [TOPIC] Miscellaneous and Questions 17:12 <jdstrand> mdeslaur, tyhicks, sarnold, chrisccoulson: thanks! 17:12 <jdstrand> #endmeeting