== Meeting information == * #ubuntu-meeting Meeting, 10 Feb at 16:37 — 17:22 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-02-10-16.37.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:37. === Review of any previous action items === The discussion about "Review of any previous action items" started at 16:38. * ''ACTION:'' chrisccoulson to benchmark oxide and qtwebkit === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:43. === Highlighted packages === The discussion about "Highlighted packages" started at 17:06. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/restlet.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mpop.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 17:07. == Vote results == == Action items, by person == * chrisccoulson * chrisccoulson to benchmark oxide and qtwebkit == Done items == * (none) == People present (lines said) == * jdstrand (43) * mdeslaur (10) * chrisccoulson (9) * sarnold (8) * tyhicks (8) * sbeattie (5) * meetingology (4) * jjohansen (3) * ubottu (2) == Full Log == 16:37 #startmeeting 16:37 Meeting started Mon Feb 10 16:37:20 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:37 16:37 Available commands: action commands idea info link nick 16:37 * sbeattie waves 16:37 The meeting agenda can be found at: 16:37 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:37 [TOPIC] Announcements 16:37 Thanks to Felix Geyer (debfx) provided debdiffs for Precise, Raring, Saucy for libotr, libotr2 (LP: #1266016). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:37 Launchpad bug 1266016 in libotr2 (Ubuntu Saucy) "Disable insecure OTRv1 protocol" [Undecided,Fix released] https://launchpad.net/bugs/1266016 16:38 [TOPIC] Review of any previous action items 16:38 [ACTION] chrisccoulson to benchmark oxide and qtwebkit 16:38 * meetingology chrisccoulson to benchmark oxide and qtwebkit 16:38 chrisccoulson: I think we are in a position now where that can happen this week? 16:39 chrisccoulson: all I'm looking for is on mako, opening the few testsuites in both oxide and qtwebkit and putting the results somewhere 16:40 chrisccoulson: I think we would wnat a non-debug build 16:42 chrisccoulson: WAKE UP ^G^G^G^G^G 16:42 ok, I'll swing back 16:43 [TOPIC] Weekly stand-up report 16:43 I'll go first 16:43 I'm on triage this week 16:43 I have some pending updates I am working on 16:43 oh, sorry, i'm here now ;) 16:44 I have an incredible amount of followups from the sprint and other things that accumulated during the sprint 16:44 I hope to tie up several work items too 16:45 that's it for me 16:45 mdeslaur: you're up 16:45 I'm on community this week 16:45 I'm currently testing some libgadu updates I should be pushing out in a few miutes 16:46 and will continue going down the CVE list, as usual 16:46 that's about it from me 16:46 sbeattie: you're up 16:46 I'm focused on apparmor work again this week. 16:46 I'll be concentrating on the apparmor testing work items in support of jjohansen's work on IPC. 16:47 I also accumulated a couple of other tasks from the sprint around apparmor and will take care of those. 16:47 That's pretty much it for me. tyhicks? 16:47 I was able to wrap up several nagging work items during the sprint last week 16:48 so now my priorities for this week are: 16:48 Submitting some kdbus patches upstream 16:48 Submitting our dbus-daemon mediation patches upstream 16:48 cool 16:49 and, to a much lesser extent, testing a bug fix to precise's audit package and getting a test-audit.py in place 16:49 that's it for me 16:49 jjohansen: you're up 16:49 (the bug fix is for LP: #1158500) 16:49 Launchpad bug 1158500 in audit (Ubuntu) "auditd fails to add rules when used in precise with -lts-quantal kernel" [High,Triaged] https://launchpad.net/bugs/1158500 16:50 I'm working on apparmor this week. I've got a ppa upload to get out, and then some more ipc and stacking bugs to fix 16:50 oh and I should try drowning the list in patches too, I suppose 16:51 that is it for me, sarnold your up 16:53 I'm in happy place this week, I've got an nginx mir to finish, a security update to prepare, test, and release, and finish testing the patches from the ubuntu apparmor packaging when pushed into the upstream apparmor trunk 16:54 \o/ nginx in main 16:54 sarnold: any blockers so far? 16:54 mdeslaur: no, it's depressingly good code :) there's nearly nothing to complain about. I did find one funny cute little bug, but it is in code that we don't build and wouldn't have any real security impact anyway 16:55 sarnold: awesome! 16:55 sarnold: in the past, the blocker was their release process. can you spend a few minutes looking at that and commenting in the bug. it may be all fine now (this was years ago) 16:55 mdeslaur: they wrote their own printf-style family of printing routines, which is pretty awesome, it's good stuff, but they missed a parameter in a printf -- and since they never caught it, I figure they need to use some gcc attributes to try to catch those -- if they can 16:56 sarnold: (well, we never looked at it in depth cause of the release process) 16:56 sarnold: I think someone already commented in the bug on that, but it would be nice for us to verify the claim 16:56 the one I found is nothing impressive, but there might be some I haven't spotted that might be more trouble. 16:57 jdstrand: yeah, I can spend some time working on that. I'm so far liking that they've got a branch for stable updates and a branch for development testing. I -hope- that they intend to support their stable branch for a while, it'd be nice if it isn't replaced immediately.. 17:00 Oh yes, the administrivia from the sprint trip :) I knew I forgot somethng. 17:00 anyway, that's me covered, chrisccoulson you're up if you're here :) 17:00 i am 17:01 this week, i'll be getting firefox and thunderbird out 17:01 and then working on the last couple of things to make oxide actually usable on the device (touch events and pinch to zoom) 17:01 oxide works on maguro btw ;) 17:02 that's me done :) 17:02 chrisccoulson: did you see my questions above? 17:02 jdstrand, yeah, i think we'll be able to do that 17:03 chrisccoulson: should that be done via a non-debug ppa build? 17:03 chrisccoulson: nice :D 17:03 yeah, i think so 17:03 chrisccoulson: or would you just do that locally? 17:04 i'll do another PPA build 17:04 chrisccoulson: the urls are in the index.html page of that click pacakge I gave you. I can give them to you again if you want (and you can decide which are appropriate) 17:04 chrisccoulson: cool, thanks 17:06 chrisccoulson: as for the email-- maybe just upload the results to people.c.c and then give the link and a brief summary> "oxide rocks and can do more than qtwebkit" or similar. ie, don't spend a lot of time analyzing and formatting a great benchmarks email 17:06 chrisccoulson: (obviously, if there are problems, we should file bugs, etc) 17:06 anyhoo 17:06 cool 17:06 I guess its back to me then 17:06 [TOPIC] Highlighted packages 17:06 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:06 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:06 http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html 17:06 http://people.canonical.com/~ubuntu-security/cve/pkg/restlet.html 17:06 http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html 17:06 http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/mpop.html 17:07 [TOPIC] Miscellaneous and Questions 17:07 Does anyone have any other questions or items to discuss? 17:22 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)