16:41 <mdeslaur> #startmeeting 16:41 <meetingology> Meeting started Mon Mar 10 16:41:23 2014 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:41 <meetingology> 16:41 <meetingology> Available commands: action commands idea info link nick 16:41 <mdeslaur> The meeting agenda can be found at: 16:41 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:41 <mdeslaur> [TOPIC] Announcements 16:42 <mdeslaur> This week is UDS! Please take a look at the schedule and subscribe yourselves to anything that looks security relevant 16:42 <mdeslaur> [TOPIC] Review of any previous action items 16:42 <mdeslaur> hrm 16:42 <mdeslaur> chrisccoulson: did you send oxide and qtwebkit benchmark results to mailing list? 16:43 <mdeslaur> ok, let's get back to him later 16:43 <mdeslaur> [TOPIC] Weekly stand-up report 16:43 <mdeslaur> I'll go first 16:43 <chrisccoulson> just need to hit the send button ;) 16:43 <mdeslaur> chrisccoulson: oh, cool, so I won't add it as an action then, thanks 16:43 <chrisccoulson> ok, i'm done with my other meeting now 16:43 <mdeslaur> I'm in the happy place this week 16:44 <mdeslaur> and, as usual, am going down the CVE list 16:44 <mdeslaur> it's UDS, so i'll be spending some time attending sessions 16:44 <mdeslaur> that's it from me 16:44 <mdeslaur> sbeattie: you're up 16:44 <sbeattie> I'm focused on apparmor again this week 16:45 <sbeattie> I think the packaging bits on my end are mostly resolved, waiting for sarnold's testing results 16:45 <sbeattie> I'll be focusing on jjohansen1's ipc patchset this week 16:46 <sbeattie> and keeping an eye on UDS as well. 16:46 <sbeattie> That's pretty much it for me. 16:46 <sbeattie> tyhicks: tag, you're it. 16:46 <tyhicks> I'm still trying to wrap up dbus and move to apparmor 16:47 <tyhicks> my dbus-daemon v2 patches are done (along with 3 new patches for a bug fix and a missing feature) 16:47 <tyhicks> I'm testing them now and will have them submitted this afternoon 16:48 <tyhicks> then the rest of the week is kdbus and helping out with apparmor work items 16:48 <tyhicks> that's it for me 16:48 <tyhicks> jjohansen1: you're up 16:49 <jjohansen1> so I am working on apparmor again this week, there is some more revision to the ipc work to be done, and also work on stacking for lxc 16:49 <jjohansen1> there are also some open bugs that need tracked down, that I am hoping to get to or delegate this week 16:50 <jjohansen1> And of course following UDS as well, coordinating with sbeattie, and tyhicks 16:50 * sbeattie senses a target on his back 16:50 <mdeslaur> hehe 16:50 <jjohansen1> oh and sarnold on the 2.95 snapshot he is prepping 16:52 <jjohansen1> sbeattie: you mean I have to actually hit, I was hoping this was more like hand grenades and could just lob stuff in your general direction, and get sarnold and tyhicks at the same time 16:52 * sarnold falls over 16:53 <mdeslaur> lol 16:53 * mdeslaur loads paintball gun with apparmor bugs 16:53 <jjohansen1> I think that is it from me, sarnold you are up 16:53 <sarnold> I'm on triage this week 16:55 <sarnold> sbeattie, jjohansen1, and i have finally gotten an apparmor package that passes QRT! I haven't done much use-testing with it yet, just simple "oh hey look is does kinda work" runs 16:55 <sarnold> big thanks to john and steve for fixing the worst of the problems 16:55 <tyhicks> nice! 16:56 <tyhicks> sarnold: just to make sure that I didn't miss a memo, this will be versioned as 2.8.95, correct? (jj said 2.95 above) 16:56 <sarnold> yeah, it's definitely nice to say "it passes our test suite", which feels like a nice minimum to stick with before uploading to trusty. :) 16:56 <sarnold> tyhicks: right 2.8.95. 16:56 <tyhicks> thanks 16:57 <sarnold> so, jjohansen1 sent out another huge patchset that I suspect we'll need for trusty; we should see how the packages do against the tests with those patches integrated 16:57 <sarnold> there were enough of them that I don't think I can give a realistic review of them all in the time we have available to us, certainly not while still doing triage and MIR audits 16:58 <sarnold> I skimmed the first patch and it looked familiar and it looked fine, so I hope that trend continues through the other patches 16:58 <mdeslaur> sarnold: are you making any progress in the MIRs? 16:58 <sarnold> but there is the chance that one or another of them would introduce something that'd break QRT again 16:59 <sarnold> mdeslaur: I ACKed thermald last week and filed a CVE request for a minor issue in the codebase.. 16:59 <mdeslaur> cool 16:59 <sarnold> mdeslaur: so one down N to go :) heh 16:59 <mdeslaur> (literallty) 16:59 <sarnold> lol 17:00 <mdeslaur> sarnold: are you done? 17:01 <sarnold> mdeslaur: not yet.. 17:01 <sarnold> so, I think I'll give the patches from john a very fast read, probably too fast, but I' really like all those checked into trunk, so we can keep moving forward with the 2.8.95 release 17:01 <sarnold> I could handle them all as individual patches in debian/patches/series but it'd triple the patches i the package, and I'd really like to avoid that.. 17:02 <sarnold> anyway, I guess that's me done. 17:02 <mdeslaur> chrisccoulson: you're up 17:03 <chrisccoulson> this week, i'm finishing off my network delegate work for oxide (which is what will enable the browser to override the user-agent string for each HTTP request). i was hoping to finish that last week, but hit an issue with my original plan 17:04 <chrisccoulson> (this is complicated by the fact that it all happens on chrome's IO thread, and code execution in qml can only happen on a single thread) 17:05 <chrisccoulson> once that's done, I've got another bug i need to get done to unblock olivier with some geolocation work 17:05 <chrisccoulson> and then I'm going to spend time reviewing merge proposals, which have been neglected a bit for the last couple of weeks 17:05 <chrisccoulson> i think that's me done 17:06 <mdeslaur> chrisccoulson: you had "reimplemented the script messaging API on the renderer side" last week 17:06 <mdeslaur> chrisccoulson: is that done, or is it still to do? 17:07 <chrisccoulson> mdeslaur, oh, that's done: http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/395 17:07 <mdeslaur> chrisccoulson: cool 17:07 <mdeslaur> [TOPIC] Highlighted packages 17:07 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:07 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html 17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gnucash.html 17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/filezilla.html 17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/xmonad-contrib.html 17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer.html 17:08 <mdeslaur> [TOPIC] Miscellaneous and Questions 17:08 <mdeslaur> Does anyone have any other questions or items to discuss? 17:09 <mdeslaur> Thanks everyone! 17:09 <mdeslaur> #endmeeting