#ubuntu-meeting log

16:36 <tyhicks> #startmeeting
16:36 <meetingology> Meeting started Mon Mar 23 16:36:17 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:36 <meetingology> 
16:36 <meetingology> Available commands: action commands idea info link nick
16:36 <tyhicks> The meeting agenda can be found at:
16:36 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:36 <tyhicks> [TOPIC] Announcements
16:36 <tyhicks> Artur Rona (ari-tczew) provided a debdiff for jakarta-taglibs-standard in vivid (LP: #1433365)
16:36 <ubottu> Launchpad bug 1433365 in jakarta-taglibs-standard (Ubuntu) "Merge jakarta-taglibs-standard 1.1.2-3 (main) from Debian unstable (main)" [Medium,Fix released] https://launchpad.net/bugs/1433365
16:36 <tyhicks> Artur's work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:36 <tyhicks> [TOPIC] Weekly stand-up report
16:36 <tyhicks> jdstrand: You're up
16:37 <jdstrand> I was happy last week to finally get the frameworks rfc to the snappy list
16:37 <jdstrand> I'll be nailing that down this week
16:37 <jdstrand> also working with mvo, et al on seccomp in the snappy launcher
16:38 <jdstrand> we also defined the snappy security yamllast week, so updating docs/trello cards for that
16:38 <jdstrand> beyond snappy I have one embargoed item
16:38 <jdstrand> mdeslaur: you're up
16:39 <mdeslaur> hey!
16:39 <mdeslaur> I'm on bug triage this week
16:39 <mdeslaur> and I have a few updates that I'm currently testing
16:39 <mdeslaur> I should be publishing them this afternoon or tomorrow morning
16:39 <mdeslaur> after that, I've got more in the pipeline
16:39 <mdeslaur> that's about it
16:39 <mdeslaur> sbeattie: you're up!
16:39 <sbeattie> I'm on cve triage this week
16:40 <sbeattie> I've got some apparmor patch review to do as well as pulling in fixes to the apparmor package
16:40 <sbeattie> I need to continue testing my gcc-5 pie-on-amd64 packages
16:41 <sbeattie> that's pretty much it for me
16:41 <sbeattie> tyhicks: you're up
16:41 <tyhicks> I'm in the happy place this week
16:42 <tyhicks> Wrap up security review of the python-bcrypt MIR (LP: #1427861)
16:42 <ubottu> Launchpad bug 1427861 in python-bcrypt (Ubuntu) "[MIR] python-bcrypt (b-d of python-django)" [Undecided,New] https://launchpad.net/bugs/1427861
16:42 <tyhicks> Review the initial snappy launcher code
16:42 <tyhicks> Land the libapparmor policy cache API changes
16:42 <tyhicks> (a few more patches need to be reviewed but I think they're all from jjohansen and are ones that I can review/ack)
16:43 <tyhicks> Restart work on AppArmor kernel keyring mediation for user data encryption
16:43 <tyhicks> Finish up the patches to fix bug #1430532 and send them out for review
16:43 <ubottu> bug 1430532 in AppArmor "libapparmor needs a public function to break a context into a label and mode" [Medium,In progress] https://launchpad.net/bugs/1430532
16:43 <tyhicks> Embargoed item
16:44 <tyhicks> that's it for me
16:44 <tyhicks> jj is out
16:44 <tyhicks> sarnold: you're up
16:45 <sarnold> I'm on community this week
16:46 <sarnold> I'm working on the backlog of openstack security fixes, I've made less progress than I had hoped with the serverstack testing framework, but wow is it nice to run a few commands and ahve two dozen machines come into existence and do my bidding
16:46 <tyhicks> nice
16:46 <sarnold> my first plan for specifying per-service package sources didn't work out, the updated packages weren't being installed, but beis ner suggested a small change that seems likely to succeed
16:47 <sarnold> I'm also repsonding to some last-minute MIR questions, it'd be nice to get all the needed ones moved forward for everyone, but that would probably require openstack to behave a bit more friendly for me.
16:48 <sarnold> that's it for me, chrisccoulson?
16:48 <chrisccoulson> Hi :)
16:49 <chrisccoulson> This week, I plan to finish https://code.launchpad.net/~chrisccoulson/oxide/arale-fixes and get it merged in to trunk. It's running ok at the moment, and appears to fix the crashing. I've also found some future opportunities for optimising the new compositing path too
16:49 <chrisccoulson> I also plan to make a start on bug 1428754
16:49 <ubottu> bug 1428754 in Oxide "Persist permission request decisions for a session" [High,Triaged] https://launchpad.net/bugs/1428754
16:50 <chrisccoulson> Which will mean no more popup every single time you go to Google on the phone
16:50 <chrisccoulson> And it's also needed to unblock https://code.launchpad.net/~zaspire/oxide/web-notifications/+merge/251598
16:52 <chrisccoulson> I think that's me done
16:54 <tyhicks> chrisccoulson: Thanks for taking time out of your weekend to prepare, test, and publish the firefox updates
16:54 <chrisccoulson> sure, no problem :)
16:54 <tyhicks> :)
16:55 <tyhicks> [TOPIC] Highlighted packages
16:55 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:55 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:55 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pam-pgsql.html
16:55 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libextlib-ruby.html
16:55 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/spice-gtk.html
16:55 <tyhicks> Does anyone have any other questions or items to discuss?
16:55 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/smb4k.html
16:55 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/nsd3.html
16:55 <tyhicks> [TOPIC] Miscellaneous and Questions
16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, chriscoulson: Thanks!
16:57 <tyhicks> #endmeeting