#ubuntu-meeting log

16:37 <tyhicks> #startmeeting
16:37 <meetingology> Meeting started Mon Apr 13 16:37:03 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:37 <meetingology> 
16:37 <meetingology> Available commands: action commands idea info link nick
16:37 <tyhicks> The meeting agenda can be found at:
16:37 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:37 <chrisccoulson> hi
16:37 <tyhicks> [TOPIC] Announcements
16:38 <tyhicks> Johan Van de Wauw (johanvdw) provided debdiffs for trusty-vivid for freexl (LP: #1437087)
16:38 <ubottu> Launchpad bug 1437087 in freexl (Ubuntu) "Multiple vulnerabilities in freexl 1.0.0" [Undecided,Fix released] https://launchpad.net/bugs/1437087
16:38 <tyhicks> Thomas Ward (teward) provided a debdiff for utopic for wireshark (LP: #1440202)
16:38 <ubottu> Launchpad bug 1440202 in wireshark (Ubuntu Trusty) "[Security] April 3 2015 - 6 New CVEs affect Wireshark" [Medium,Confirmed] https://launchpad.net/bugs/1440202
16:38 <tyhicks> Stefan Bader (smb) provided debdiffs for trusty and utopic for xen
16:38 <tyhicks> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:38 <tyhicks> [TOPIC] Weekly stand-up report
16:39 <tyhicks> jdstrand: I think you're busy right now so we're going to skip ahead to mdeslaur
16:39 <mdeslaur> \o
16:39 <mdeslaur> I'm on triage this week
16:39 <mdeslaur> and I have a half-day off on wednesay
16:39 <mdeslaur> I just published some tasty and delicious ntp updates
16:39 <mdeslaur> and I'm currently testing a bunch of libx11-related updates
16:40 <mdeslaur> I have an embargoed issue to release tomorrow also
16:40 <mdeslaur> and a few more things to work on after that
16:40 <mdeslaur> that's about it, sbeattie, you're up
16:40 <sbeattie> I'm in the happy place this week
16:41 <sbeattie> I'm trying to review apparmor patches and pull things together for a trusty SRU and 2.9.2 release (to base the python utils in the SRU off of)
16:42 <tyhicks> very nice
16:42 <sbeattie> I've also again got gcc pie on my plate
16:42 <sbeattie> that's the plan for this week. tyhicks?
16:43 <tyhicks> sbeattie: all that is left for the gcc pie work is to benchmark a number of programs before the next dev release archive opens?
16:44 <sbeattie> I still want to do a bit more test builds against it to look for build breakages.
16:44 <sbeattie> (as well as the benchmarking, that is)
16:45 <tyhicks> sbeattie: ok - those are two pretty important items so let me know if anything unexpected pops up this week
16:45 <sbeattie> okay
16:46 <tyhicks> sbeattie: we'll try to find someone else to handle any distractions :)
16:46 <tyhicks> I'm handling the community role this week
16:47 <tyhicks> my planned work looks quite a bit like last week
16:47 <tyhicks> Vivid systemd/sbuild/schroot bugs (LP: #1427264) (LP: #1438942)
16:47 <ubottu> Launchpad bug 1427264 in click (Ubuntu) "using ecryptfs, creating frameworks fail to bind mount issues" [High,Triaged] https://launchpad.net/bugs/1427264
16:47 <ubottu> Launchpad bug 1438942 in schroot (Ubuntu) "Host's /dev/shm is mounted over when entering 14.10 and older sbuild schroots" [High,Confirmed] https://launchpad.net/bugs/1438942
16:47 <tyhicks> Restart work on AppArmor kernel keyring mediation for user data encryption
16:47 <tyhicks> Send out the patches to fix bug #1430532
16:47 <ubottu> bug 1430532 in AppArmor "libapparmor needs a public function to break a context into a label and mode" [Medium,In progress] https://launchpad.net/bugs/1430532
16:47 <tyhicks> I worked on those ^ patches yesterday and I hope to send them out shortly
16:48 <tyhicks> that's it for me
16:48 <tyhicks> jjohansen: you're up
16:48 <jdstrand> tyhicks: fyi, I can give an update
16:48 <tyhicks> ok
16:48 <tyhicks> jjohansen: hang on a sec
16:49 <tyhicks> jdstrand: go ahead :)
16:49 <jdstrand> I'm sprinting with the ubuntu core team this week
16:49 <jdstrand> focusing on snappy, specifically seccomp and review tools
16:49 <jdstrand> I think that is it from me
16:50 <tyhicks> jdstrand: thanks! no need to stick around here - get back to the sprint :)
16:50 <tyhicks> jjohansen: go ahead
16:50 <jdstrand> hehe, thanks! :)
16:51 <jjohansen> I'll be getting back to apparmor upstream cleanup again this week. I also have some stuff to do to get ready for the monthly apparmor meeting tomorrow, and an embargoed issue
16:53 <jjohansen> that is it from me sarnold you're up
16:53 <sarnold> I'm on bug triage this week; I'm working on the python-cryptography MIR; perhaps the conntrac MIR, perhaps the outstanding openstack update tests. I may also do some smallish apparmor patch reviews as focus/attention span permits
16:54 <sarnold> that's it for me, chrisccoulson?
16:54 <chrisccoulson> I've got Oxide updates to do this week. I'll also be handling an embargoed issue
16:55 <chrisccoulson> I'm going to spend some time getting Firefox on precise in shape, ready for the next release in a few weeks
16:55 <chrisccoulson> other than that, I'll be working though Oxide bugs as usual
16:56 <tyhicks> chrisccoulson: have you had a chance to get FF building in precise yet? (I don't think you've had much time to work on it)
16:56 <chrisccoulson> tyhicks, I've got it building fine, but without the hardening flags (hardening-wrapper doesn't work, as the new compiler is installed in /usr/lib/gcc-mozilla/bin/g++)
16:57 <tyhicks> ah
16:57 <tyhicks> sounds like nice progress :)
16:57 <tyhicks> [TOPIC] Highlighted packages
16:57 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:58 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libnids.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/sanlock.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/krb5.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pdns.html
16:58 <tyhicks> [TOPIC] Miscellaneous and Questions
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/getmail4.html
16:58 <tyhicks> Does anyone have any other questions or items to discuss?
17:00 <tyhicks> mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
17:00 <tyhicks> #endmeeting