#ubuntu-meeting log

16:37 <jdstrand> #startmeeting
16:37 <meetingology> Meeting started Mon Feb 10 16:37:20 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:37 <meetingology> 
16:37 <meetingology> Available commands: action commands idea info link nick
16:37 * sbeattie waves
16:37 <jdstrand> The meeting agenda can be found at:
16:37 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:37 <jdstrand> [TOPIC] Announcements
16:37 <jdstrand> Thanks to Felix Geyer (debfx) provided debdiffs for Precise, Raring, Saucy for libotr, libotr2 (LP: #1266016). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:37 <ubottu> Launchpad bug 1266016 in libotr2 (Ubuntu Saucy) "Disable insecure OTRv1 protocol" [Undecided,Fix released] https://launchpad.net/bugs/1266016
16:38 <jdstrand> [TOPIC] Review of any previous action items
16:38 <jdstrand> [ACTION] chrisccoulson to benchmark oxide and qtwebkit
16:38 * meetingology chrisccoulson to benchmark oxide and qtwebkit
16:38 <jdstrand> chrisccoulson: I think we are in a position now where that can happen this week?
16:39 <jdstrand> chrisccoulson: all I'm looking for is on mako, opening the few testsuites in both oxide and qtwebkit and putting the results somewhere
16:40 <jdstrand> chrisccoulson: I think we would wnat a non-debug build
16:42 <mdeslaur> chrisccoulson: WAKE UP ^G^G^G^G^G
16:42 <jdstrand> ok, I'll swing back
16:43 <jdstrand> [TOPIC] Weekly stand-up report
16:43 <jdstrand> I'll go first
16:43 <jdstrand> I'm on triage this week
16:43 <jdstrand> I have some pending updates I am working on
16:43 <chrisccoulson> oh, sorry, i'm here now ;)
16:44 <jdstrand> I have an incredible amount of followups from the sprint and other things that accumulated during the sprint
16:44 <jdstrand> I hope to tie up several work items too
16:45 <jdstrand> that's it for me
16:45 <jdstrand> mdeslaur: you're up
16:45 <mdeslaur> I'm on community this week
16:45 <mdeslaur> I'm currently testing some libgadu updates I should be pushing out in a few miutes
16:46 <mdeslaur> and will continue going down the CVE list, as usual
16:46 <mdeslaur> that's about it from me
16:46 <mdeslaur> sbeattie: you're up
16:46 <sbeattie> I'm focused on apparmor work again this week.
16:46 <sbeattie> I'll be concentrating on the apparmor testing work items in support of jjohansen's work on IPC.
16:47 <sbeattie> I also accumulated a couple of other tasks from the sprint around apparmor and will take care of those.
16:47 <sbeattie> That's pretty much it for me. tyhicks?
16:47 <tyhicks> I was able to wrap up several nagging work items during the sprint last week
16:48 <tyhicks> so now my priorities for this week are:
16:48 <tyhicks> Submitting some kdbus patches upstream
16:48 <tyhicks> Submitting our dbus-daemon mediation patches upstream
16:48 <mdeslaur> cool
16:49 <tyhicks> and, to a much lesser extent, testing a bug fix to precise's audit package and getting a test-audit.py in place
16:49 <tyhicks> that's it for me
16:49 <tyhicks> jjohansen: you're up
16:49 <tyhicks> (the bug fix is for LP: #1158500)
16:49 <ubottu> Launchpad bug 1158500 in audit (Ubuntu) "auditd fails to add rules when used in precise with -lts-quantal kernel" [High,Triaged] https://launchpad.net/bugs/1158500
16:50 <jjohansen> I'm working on apparmor this week. I've got a ppa upload to get out, and then some more ipc and stacking bugs to fix
16:50 <jjohansen> oh and I should try drowning the list in patches too, I suppose
16:51 <jjohansen> that is it for me, sarnold your up
16:53 <sarnold> I'm in happy place this week, I've got an nginx mir to finish, a security update to prepare, test, and release, and finish testing the patches from the ubuntu apparmor packaging when pushed into the upstream apparmor trunk
16:54 <mdeslaur> \o/ nginx in main
16:54 <mdeslaur> sarnold: any blockers so far?
16:54 <sarnold> mdeslaur: no, it's depressingly good code :) there's nearly nothing to complain about. I did find one funny cute little bug, but it is in code that we don't build and wouldn't have any real security impact anyway
16:55 <mdeslaur> sarnold: awesome!
16:55 <jdstrand> sarnold: in the past, the blocker was their release process. can you spend a few minutes looking at that and commenting in the bug. it may be all fine now (this was years ago)
16:55 <sarnold> mdeslaur: they wrote their own printf-style family of printing routines, which is pretty awesome, it's good stuff, but they missed a parameter in a printf -- and since they never caught it, I figure they need to use some gcc attributes to try to catch those -- if they can
16:56 <jdstrand> sarnold: (well, we never looked at it in depth cause of the release process)
16:56 <jdstrand> sarnold: I think someone already commented in the bug on that, but it would be nice for us to verify the claim
16:56 <sarnold> the one I found is nothing impressive, but there might be some I haven't spotted that might be more trouble.
16:57 <sarnold> jdstrand: yeah, I can spend some time working on that. I'm so far liking that they've got a branch for stable updates and a branch for development testing. I -hope- that they intend to support their stable branch for a while, it'd be nice if it isn't replaced immediately..
17:00 <sarnold> Oh yes, the administrivia from the sprint trip :) I knew I forgot somethng.
17:00 <sarnold> anyway, that's me covered, chrisccoulson you're up if you're here :)
17:00 <chrisccoulson> i am
17:01 <chrisccoulson> this week, i'll be getting firefox and thunderbird out
17:01 <chrisccoulson> and then working on the last couple of things to make oxide actually usable on the device (touch events and pinch to zoom)
17:01 <chrisccoulson> oxide works on maguro btw ;)
17:02 <chrisccoulson> that's me done :)
17:02 <jdstrand> chrisccoulson: did you see my questions above?
17:02 <chrisccoulson> jdstrand, yeah, i think we'll be able to do that
17:03 <jdstrand> chrisccoulson: should that be done via a non-debug ppa build?
17:03 <sarnold> chrisccoulson: nice :D
17:03 <chrisccoulson> yeah, i think so
17:03 <jdstrand> chrisccoulson: or would you just do that locally?
17:04 <chrisccoulson> i'll do another PPA build
17:04 <jdstrand> chrisccoulson: the urls are in the index.html page of that click pacakge I gave you. I can give them to you again if you want (and you can decide which are appropriate)
17:04 <jdstrand> chrisccoulson: cool, thanks
17:06 <jdstrand> chrisccoulson: as for the email-- maybe just upload the results to people.c.c and then give the link and a brief summary> "oxide rocks and can do more than qtwebkit" or similar. ie, don't spend a lot of time analyzing and formatting a great benchmarks email
17:06 <jdstrand> chrisccoulson: (obviously, if there are problems, we should file bugs, etc)
17:06 <jdstrand> anyhoo
17:06 <jdstrand> cool
17:06 <jdstrand> I guess its back to me then
17:06 <jdstrand> [TOPIC] Highlighted packages
17:06 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:06 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html
17:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/restlet.html
17:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html
17:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html
17:07 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mpop.html
17:07 <jdstrand> [TOPIC] Miscellaneous and Questions
17:07 <jdstrand> Does anyone have any other questions or items to discuss?
17:22 <jdstrand> #endmeeting