16:38 <jdstrand> #startmeeting 16:38 <meetingology> Meeting started Mon May 4 16:38:56 2015 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:38 <meetingology> 16:38 <meetingology> Available commands: action commands idea info link nick 16:39 <jdstrand> The meeting agenda can be found at: 16:39 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:39 <jdstrand> [TOPIC] Announcements 16:39 <jdstrand> Andreas Cadhalpun (andreas-cadhalpun) provided a debdiff for vivid for ffmpeg (LP: #1436296) 16:39 <ubottu> Launchpad bug 1436296 in ffmpeg (Ubuntu) "FFmpeg security fixes March 2015" [Undecided,Fix released] https://launchpad.net/bugs/1436296 16:39 <jdstrand> Unit 193 (unit193) provided a debdiff for trusty and utopic for icecast2 (LP: #1449771) 16:39 <ubottu> Launchpad bug 1449771 in icecast2 (Ubuntu Vivid) "Multiple CVEs in 2.3.3-2ubuntu1 found in trusty" [Undecided,Confirmed] https://launchpad.net/bugs/1449771 16:39 <jdstrand> Felix Geyer (debfx) provided debdiffs for trusty-vivid for pdns (LP: #1450037) 16:39 <ubottu> Launchpad bug 1450037 in pdns (Ubuntu Vivid) "CVE-2015-1868" [Undecided,Fix released] https://launchpad.net/bugs/1450037 16:40 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:40 <jdstrand> [TOPIC] Weekly stand-up report 16:40 <jdstrand> I'll go first 16:40 <jdstrand> I plan to attend UOS, particularly for the core and convergence tracks 16:41 <jdstrand> then I'm working on the seccomp SRU 16:41 <jdstrand> (which is in progress) 16:41 <jdstrand> I've also got an ubuntu-core-security SRU I am preparing 16:42 <jdstrand> and then need to implement something for seccomp policy regeneration on policy updates for ubuntu core 16:42 <jdstrand> and review tools updates for snaps 16:42 <jdstrand> mdeslaur: you're up 16:42 <mdeslaur> I'm in the happy place this week 16:42 <mdeslaur> I have a short week as I'm off on thursday 16:42 <mdeslaur> I'm working on updates, and have a bunch more that are in various stages of testing 16:43 <mdeslaur> that's about it, sbeattie... 16:43 <sbeattie> I'm on community this week. 16:43 <sbeattie> I'll be keeping an eye on UOS as well 16:43 <chrisccoulson> hi :) 16:43 <sbeattie> I need to harangue mdeslaur or jdstrand to sponsor my rsyslog and apparmor SRUs for trusty. 16:44 <sbeattie> I also have a pending apparmor upload for wily when it opens 16:44 <sbeattie> And I need to get on with gcc-pie testing. 16:45 <sbeattie> That's pretty much my week. tyhicks is out, so jjohansen? 16:45 <jjohansen> I have next cycle of kernel sign-offs to do this week 16:46 <jdstrand> sbeattie: are the bugs all ready and you are satisfied with apparmor and rsyslog? I'd be happy to do the pocket copy for you 16:46 <jjohansen> For apparmor I am still cleaning up the domain transition bits and hunting bugs, improving, extending or writing new regression tests around that 16:46 <jdstrand> sbeattie: is the apparmor upload a merge of what went to Debian? 16:46 <jjohansen> jdstrand: infinity will probably do the pocket copy 16:47 <jjohansen> jdstrand: oops sorry, ignore that 16:47 <jdstrand> sorry, I'm asking sbeattie questions during your report 16:47 <jdstrand> I was slow to ask 16:47 * jjohansen missed the sbeattie bit and thought that was a kernel question 16:47 * sbeattie waits for jjohansen to finish 16:47 <jjohansen> heh, well if I had read who you were poking 16:47 <jjohansen> ... 16:48 <jjohansen> sbeattie: go 16:48 <sbeattie> jdstrand: I do need to finish up the paperwork on the SRU bugs. 16:48 <jdstrand> sbeattie: just ping me when you want me to copy to trusty-proposed 16:48 <sbeattie> jdstrand: and I haven't looked at the debian upload, I'll do that as well. 16:48 <jdstrand> sbeattie: what is left on the gcc pie work? 16:49 <jdstrand> sbeattie: are you ready for me to stop firing questions at you? 16:49 <sbeattie> jdstrand: I need to do a few more test rebuilds 16:49 <sbeattie> jdstrand: heh. :) 16:49 <jdstrand> sbeattie: ah good, so then after that, you can hand to doko? 16:49 <jdstrand> sbeattie: or is there more? 16:50 <sbeattie> ah, sorry, one of us needs to do some benchmarking as well. 16:51 <jdstrand> ok 16:51 <jdstrand> seems this week your plate is full for benchmarking. we can circle back around to that when tyler is back 16:52 <sbeattie> okay 16:52 * jdstrand is done firing questions at sbeattie 16:52 <jdstrand> sbeattie: thanks :) 16:53 <jdstrand> jjohansen: ok, feel free to proceed. that said, I have a question for you already 16:54 <jjohansen> jdstrand: fire 16:54 <jdstrand> is the 'cleaning up the domain transition bits' part of the upstreaming work? 16:54 <jjohansen> I think so 16:55 <jdstrand> ok, good. we'll (and this is for all of the team, not just you/the upstreaming work) need to come up with a plan after tyler gets back for what to focus on 16:55 <jdstrand> for the cycle 16:56 <jjohansen> ack 16:56 <jdstrand> obviously, the upstreaming work is important-- I'd just like to map everything all out 16:56 <jdstrand> pull people in, etc 16:56 <jdstrand> anyhoo-- that isn't a question-- just me commenting 16:56 <jdstrand> jjohansen: please proceed :) 16:57 <jjohansen> well thats it for me :), sarnold you are up 16:57 <sarnold> I'm on CVE triage this week; I'll also be checking in on UOS; I'll also be working on testing openstack updates 16:58 <jdstrand> sarnold: how are the openstack updates going? I saw the question to beisner. are you unblocked? 16:59 <sarnold> jdstrand: no, his answer is helpful but it doesn't really provide an immediate "do this" kind of answer; the mysql charm bug is https://bugs.launchpad.net/charms/+source/mysql/+bug/1423153 and I didn't see any discussion how to retrieve the password via the juju relations, and I don't know why a five or six week old fix isn't working.. 17:00 <ubottu> Launchpad bug 1423153 in percona-cluster (Juju Charms Collection) "/var/lib/mysql/mysql.passwd no longer exist" [High,Fix released] 17:00 <jdstrand> sarnold: ok, can you follow up with them on irc outside of the meeting? 17:01 <sarnold> jdstrand: I've asked for information on the bug to find out what the right answer is for finding the password.. if they report back that the answer is to use the relatin-get mechanism, then I think I'm going to file a ahndful of bugs on documentations and go annoy jcastro's stackoverflow answers.. 17:01 <jdstrand> and let me know how I can help unblock you 17:01 <sarnold> jdstrand: thanks 17:01 <sarnold> I think that's it for me, chrisccoulson ? 17:01 <jdstrand> that all sounds fine, but let's also make sure we are moving forward 17:02 <chrisccoulson> so, it's a short week for me this week. I shall be hoping that I don't have to deal with any more issues on arale, so I can get planned work done :) 17:02 <jdstrand> (which, you are doing the right thing, just want to make sure we don't stall out on email/bug reports/etc) 17:02 <chrisccoulson> I'm going to be working through code reviews (doing the camera branch right now) 17:02 <chrisccoulson> and I want to get https://code.launchpad.net/~chrisccoulson/oxide/media-permissions in to a state where it can land too 17:03 <jdstrand> those kinda go hand in hand, right? 17:03 <chrisccoulson> Sort of - camera works on the desktop already (with the permissions branch) 17:04 * jdstrand nods 17:04 <jdstrand> is arale looking ok now? 17:04 <chrisccoulson> It is. Nobody has pinged me today anyway :) 17:05 <jdstrand> well, that's a start :) 17:05 <jdstrand> are there any browser/oxide UOS meetings? 17:05 <jdstrand> s/meetings/sessions/ 17:05 <chrisccoulson> I also got Firefox 38 building on precise last week with the updated compiler (see gcc-mozilla and hardening-wrapper in https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa and firefox in https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa). 17:05 <chrisccoulson> That seems to be working ok :) 17:05 <chrisccoulson> UOS - I'm not sure about that. I haven't checked the schedule 17:05 <chrisccoulson> I've not scheduled anything 17:06 <chrisccoulson> Firefox 38 is next week btw 17:06 <chrisccoulson> I think that's me done 17:06 <jdstrand> if you could keep an eye out for meetings wrt that, that would be great. if you need one of us to attend in your absence, let us know 17:07 <jdstrand> chrisccoulson: ^ 17:07 <jdstrand> [TOPIC] Highlighted packages 17:07 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:07 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:07 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/k4dirstat.html 17:07 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-python.html 17:07 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/novnc.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-arm-none-eabi.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/python-restkit.html 17:08 <jdstrand> [TOPIC] Miscellaneous and Questions 17:08 <jdstrand> Does anyone have any other questions or items to discuss? 17:09 <jdstrand> mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson: thanks! 17:09 <jdstrand> #endmeeting