16:38 #startmeeting 16:38 Meeting started Mon May 4 16:38:56 2015 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:38 16:38 Available commands: action commands idea info link nick 16:39 The meeting agenda can be found at: 16:39 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:39 [TOPIC] Announcements 16:39 Andreas Cadhalpun (andreas-cadhalpun) provided a debdiff for vivid for ffmpeg (LP: #1436296) 16:39 Launchpad bug 1436296 in ffmpeg (Ubuntu) "FFmpeg security fixes March 2015" [Undecided,Fix released] https://launchpad.net/bugs/1436296 16:39 Unit 193 (unit193) provided a debdiff for trusty and utopic for icecast2 (LP: #1449771) 16:39 Launchpad bug 1449771 in icecast2 (Ubuntu Vivid) "Multiple CVEs in 2.3.3-2ubuntu1 found in trusty" [Undecided,Confirmed] https://launchpad.net/bugs/1449771 16:39 Felix Geyer (debfx) provided debdiffs for trusty-vivid for pdns (LP: #1450037) 16:39 Launchpad bug 1450037 in pdns (Ubuntu Vivid) "CVE-2015-1868" [Undecided,Fix released] https://launchpad.net/bugs/1450037 16:40 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:40 [TOPIC] Weekly stand-up report 16:40 I'll go first 16:40 I plan to attend UOS, particularly for the core and convergence tracks 16:41 then I'm working on the seccomp SRU 16:41 (which is in progress) 16:41 I've also got an ubuntu-core-security SRU I am preparing 16:42 and then need to implement something for seccomp policy regeneration on policy updates for ubuntu core 16:42 and review tools updates for snaps 16:42 mdeslaur: you're up 16:42 I'm in the happy place this week 16:42 I have a short week as I'm off on thursday 16:42 I'm working on updates, and have a bunch more that are in various stages of testing 16:43 that's about it, sbeattie... 16:43 I'm on community this week. 16:43 I'll be keeping an eye on UOS as well 16:43 hi :) 16:43 I need to harangue mdeslaur or jdstrand to sponsor my rsyslog and apparmor SRUs for trusty. 16:44 I also have a pending apparmor upload for wily when it opens 16:44 And I need to get on with gcc-pie testing. 16:45 That's pretty much my week. tyhicks is out, so jjohansen? 16:45 I have next cycle of kernel sign-offs to do this week 16:46 sbeattie: are the bugs all ready and you are satisfied with apparmor and rsyslog? I'd be happy to do the pocket copy for you 16:46 For apparmor I am still cleaning up the domain transition bits and hunting bugs, improving, extending or writing new regression tests around that 16:46 sbeattie: is the apparmor upload a merge of what went to Debian? 16:46 jdstrand: infinity will probably do the pocket copy 16:47 jdstrand: oops sorry, ignore that 16:47 sorry, I'm asking sbeattie questions during your report 16:47 I was slow to ask 16:47 * jjohansen missed the sbeattie bit and thought that was a kernel question 16:47 * sbeattie waits for jjohansen to finish 16:47 heh, well if I had read who you were poking 16:47 ... 16:48 sbeattie: go 16:48 jdstrand: I do need to finish up the paperwork on the SRU bugs. 16:48 sbeattie: just ping me when you want me to copy to trusty-proposed 16:48 jdstrand: and I haven't looked at the debian upload, I'll do that as well. 16:48 sbeattie: what is left on the gcc pie work? 16:49 sbeattie: are you ready for me to stop firing questions at you? 16:49 jdstrand: I need to do a few more test rebuilds 16:49 jdstrand: heh. :) 16:49 sbeattie: ah good, so then after that, you can hand to doko? 16:49 sbeattie: or is there more? 16:50 ah, sorry, one of us needs to do some benchmarking as well. 16:51 ok 16:51 seems this week your plate is full for benchmarking. we can circle back around to that when tyler is back 16:52 okay 16:52 * jdstrand is done firing questions at sbeattie 16:52 sbeattie: thanks :) 16:53 jjohansen: ok, feel free to proceed. that said, I have a question for you already 16:54 jdstrand: fire 16:54 is the 'cleaning up the domain transition bits' part of the upstreaming work? 16:54 I think so 16:55 ok, good. we'll (and this is for all of the team, not just you/the upstreaming work) need to come up with a plan after tyler gets back for what to focus on 16:55 for the cycle 16:56 ack 16:56 obviously, the upstreaming work is important-- I'd just like to map everything all out 16:56 pull people in, etc 16:56 anyhoo-- that isn't a question-- just me commenting 16:56 jjohansen: please proceed :) 16:57 well thats it for me :), sarnold you are up 16:57 I'm on CVE triage this week; I'll also be checking in on UOS; I'll also be working on testing openstack updates 16:58 sarnold: how are the openstack updates going? I saw the question to beisner. are you unblocked? 16:59 jdstrand: no, his answer is helpful but it doesn't really provide an immediate "do this" kind of answer; the mysql charm bug is https://bugs.launchpad.net/charms/+source/mysql/+bug/1423153 and I didn't see any discussion how to retrieve the password via the juju relations, and I don't know why a five or six week old fix isn't working.. 17:00 Launchpad bug 1423153 in percona-cluster (Juju Charms Collection) "/var/lib/mysql/mysql.passwd no longer exist" [High,Fix released] 17:00 sarnold: ok, can you follow up with them on irc outside of the meeting? 17:01 jdstrand: I've asked for information on the bug to find out what the right answer is for finding the password.. if they report back that the answer is to use the relatin-get mechanism, then I think I'm going to file a ahndful of bugs on documentations and go annoy jcastro's stackoverflow answers.. 17:01 and let me know how I can help unblock you 17:01 jdstrand: thanks 17:01 I think that's it for me, chrisccoulson ? 17:01 that all sounds fine, but let's also make sure we are moving forward 17:02 so, it's a short week for me this week. I shall be hoping that I don't have to deal with any more issues on arale, so I can get planned work done :) 17:02 (which, you are doing the right thing, just want to make sure we don't stall out on email/bug reports/etc) 17:02 I'm going to be working through code reviews (doing the camera branch right now) 17:02 and I want to get https://code.launchpad.net/~chrisccoulson/oxide/media-permissions in to a state where it can land too 17:03 those kinda go hand in hand, right? 17:03 Sort of - camera works on the desktop already (with the permissions branch) 17:04 * jdstrand nods 17:04 is arale looking ok now? 17:04 It is. Nobody has pinged me today anyway :) 17:05 well, that's a start :) 17:05 are there any browser/oxide UOS meetings? 17:05 s/meetings/sessions/ 17:05 I also got Firefox 38 building on precise last week with the updated compiler (see gcc-mozilla and hardening-wrapper in https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa and firefox in https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa). 17:05 That seems to be working ok :) 17:05 UOS - I'm not sure about that. I haven't checked the schedule 17:05 I've not scheduled anything 17:06 Firefox 38 is next week btw 17:06 I think that's me done 17:06 if you could keep an eye out for meetings wrt that, that would be great. if you need one of us to attend in your absence, let us know 17:07 chrisccoulson: ^ 17:07 [TOPIC] Highlighted packages 17:07 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:07 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/k4dirstat.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-python.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/novnc.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-arm-none-eabi.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/python-restkit.html 17:08 [TOPIC] Miscellaneous and Questions 17:08 Does anyone have any other questions or items to discuss? 17:09 mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson: thanks! 17:09 #endmeeting