== Meeting information ==
 * #ubuntu-meeting Meeting, 11 May at 16:38 — 17:05 UTC
 * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-05-11-16.38.log.html]]



== Meeting summary ==

''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting 
=== Announcements ===
The discussion about "Announcements" started at 16:38.


=== Weekly stand-up report ===
The discussion about "Weekly stand-up report" started at 16:38.


=== Highlighted packages ===
The discussion about "Highlighted packages" started at 17:03.

  * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/pyrad.html 
  * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ircd-hybrid.html 
  * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html 
  * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/hostapd.html 
  * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.8-powerpc-cross.html 

=== Miscellaneous and Questions ===
The discussion about "Miscellaneous and Questions" started at 17:03.




== Vote results ==




== Done items ==

 * (none)



== People present (lines said) ==

 * tyhicks (39)
 * mdeslaur (16)
 * sarnold (12)
 * sbeattie (8)
 * chrisccoulson (6)
 * jdstrand (6)
 * jjohansen (6)
 * ubottu (3)
 * meetingology (3)



== Full Log ==


 16:38 <tyhicks> #startmeeting

 16:38 <meetingology> Meeting started Mon May 11 16:38:08 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.

 16:38 <meetingology> 

 16:38 <meetingology> Available commands: action commands idea info link nick

 16:38 <tyhicks> The meeting agenda can be found at:

 16:38 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting

 16:38 <tyhicks> [TOPIC] Announcements

 16:38 <tyhicks> Thanks to Jonathan Riddell (Riddell) and Felix Geyer (debfx) for help on security updates for the community supported quassel (LP: #1448911) last week. Another thanks to Felix for unrar-nonfree (LP: 1451260). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)

 16:38 <ubottu> Launchpad bug 1448911 in quassel (Ubuntu Wily) "Execute initDbSession() on DB reconnects" [Undecided,Fix released] https://launchpad.net/bugs/1448911

 16:38 <ubottu> Launchpad bug 1451260 in unrar-nonfree (Ubuntu Utopic) "Directory traversal vulnerability" [Undecided,Fix released] https://launchpad.net/bugs/1451260

 16:38 <tyhicks> [TOPIC] Weekly stand-up report

 16:38 <tyhicks> jdstrand: you're up

 16:39 <jdstrand> this week I'm going to work with tyhicks on identifying and prioritizing our work backlog

 16:39 <chrisccoulson> hi

 16:39 <jdstrand> I'm also continuing to work on the review tools wrt snappy

 16:40 <jdstrand> and prodding the seccomp SRU along. related to that, will be discussing snappy stable updates with other teams

 16:40 <jdstrand> if I have time, I'll pick up the seccomp policy updates and mechanism for applying them on upgrades

 16:41 <jdstrand> that's it from me

 16:41 <jdstrand> mdeslaur: you're up

 16:41 <mdeslaur> I'm on triage this week

 16:41 <mdeslaur> and I'm working on some updates

 16:41 <mdeslaur> I just released libtasn1 and icu updates

 16:41 <mdeslaur> I also have an embargoed issue to work on

 16:41 <mdeslaur> that's it from me, sbeattie?

 16:42 <sbeattie> I'm in the happy place this week.

 16:42 <sbeattie> I need to finish my wily apparmor upload after syncing up some changes from the debian packaging.

 16:42 <sbeattie> I also need to push my trusty apparmor SRU

 16:43 <sbeattie> (just need to do the SRU paperwork there)

 16:43 <tyhicks> great!

 16:43 <sbeattie> still need to push on gcc-pie stuff

 16:44 <sbeattie> that's pretty much it for this week

 16:45 <tyhicks> sbeattie: you mentioned an rsyslog SRU in last week's meeting - is that still needed?

 16:45 <mdeslaur> the rsyslog SRU is done

 16:45 <sbeattie> It's been accepted, just needs verification. If one of the reporters doesn't do it, I'll knock it out.

 16:46 <mdeslaur> it's verified

 16:46 <sbeattie> oh, I missed that email.

 16:46 <mdeslaur> it's just waiting the required waiting period

 16:46 <tyhicks> good

 16:46 <tyhicks> I'm in the community role this week

 16:47 <tyhicks> I'm still catching up on email and IRC from my vacation last week

 16:47 <sarnold> good luck :)

 16:47 <tyhicks> :)

 16:47 <mdeslaur> ctrl-a, del

 16:47 <tyhicks> I'll be working with jdstrand to get our backlog in order for the W cycle

 16:48 <mdeslaur> heck, that's what I do, and I didn't go on vacation

 16:48 <tyhicks> I want to revive my patch updates

 16:48 <tyhicks> I'll be adding support to apparmor_parser for kernel keyring mediation

 16:49 <tyhicks> I think that's it for me

 16:49 <tyhicks> jjohansen: your turn

 16:50 <jjohansen> I have to spend a few minutes preparing for the apparmor meeting tomorrow

 16:50 <jjohansen> and I have to sit down with the kt and verify the 4.1-RC3 port and make sure we are ready for that new kernel to drop in W

 16:51 <jjohansen> other than that its planning and back to apparmor cleanups for upstreaming

 16:51 <tyhicks> jjohansen: I see that we're are 4.1-rc3 - will you be able to push any patches up for 4.2?

 16:51 <tyhicks> s/are/at/

 16:52 <jjohansen> tyhicks: yes, sorry that is the other thing todo. /me will make it top priority this week to get a pull request together and get it out

 16:52 <tyhicks> jjohansen: that's great to hear :)

 16:52 <jjohansen> its not going to be huge but 8 or 10 patches can go up

 16:53 <tyhicks> that's a start

 16:53 <jjohansen> that is it for me sarnold you are up

 16:53 <sarnold> I'm on bug triage this week; I have a reproducer working for horizon's cve, at least on trusty, so I am feeling much closer to releasing an update; the quick way to do the update is just for trusty and probably newer, since that's what's charmed up and working.. precise might still require the testingopenstack VM image.

 16:54 <mdeslaur> sarnold: trusty and higher just got brand spanking new horizon packages

 16:54 <mdeslaur> sarnold: are you sure they still need the CVE fix?

 16:55 <sarnold> mdeslaur: dunno if that's encouragement to drink or sob or ...

 16:55 <mdeslaur> oh maybe not trusty

 16:55 <sarnold> mdeslaur: they may; how recent? friday afternoon I reproduced the problem

 16:55 <mdeslaur> utopic and vivid have a new package in -proposed that got uploaded last week. Sorry, trusty still has an old package

 16:56 <sarnold> aha

 16:56 <mdeslaur> might be worth checking to make sure it's not getting an update soon though

 16:56 <sarnold> thanks mdeslaur

 16:56 <tyhicks> sarnold: please be sure to document the serverstack deployment and testing process

 16:56 <tyhicks> (otherwise, you'll become the openstack testing guy :)

 16:57 <sarnold> tyhicks: heh, did you bring along "how to motivate employees" on your vacation? :)

 16:57 <tyhicks> hehe

 16:57 <mdeslaur> lol

 16:58 <sarnold> tyhicks: just a note for the backlog review, it may not show up easily, but there's some omre work oustanding for the ppc64-diag MIR, there's some more dependant packages that we ignored in favor of other packages in the last cycle...

 16:58 <tyhicks> sarnold: thanks for the headsup - I noticed the comment in the MIR bug while reading email this morning

 16:58 <sarnold> tyhicks: 1417608

 16:59 <sarnold> oh cool! an update for ppc64-diag :) nice.

 17:00 <sarnold> anyway, I suppose that doesn't have to happenh right away, but they'll want it SRUd to 14.04 LTS

 17:00 <sarnold> that's it for me, chrisccoulson?

 17:00 <chrisccoulson> It's Mozilla update this week, so I'll be handling that

 17:00 <chrisccoulson> I've also got an embargoed update

 17:01 <chrisccoulson> other than that, I'm just about to merge https://code.launchpad.net/~chrisccoulson/oxide/media-permissions and then I'll be working on bug 1428754 again

 17:01 <ubottu> bug 1428754 in Oxide "Persist permission request decisions for a session" [High,In progress] https://launchpad.net/bugs/1428754

 17:02 <chrisccoulson> I'll also be continuing to work through code reviews. I got some done last week, but the list is still growing

 17:02 <chrisccoulson> I think that's me done

 17:02 <tyhicks> thanks

 17:03 <tyhicks> [TOPIC] Highlighted packages

 17:03 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.

 17:03 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.

 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pyrad.html

 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ircd-hybrid.html

 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html

 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/hostapd.html

 17:03 <tyhicks> Does anyone have any other questions or items to discuss?

 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.8-powerpc-cross.html

 17:03 <tyhicks> [TOPIC] Miscellaneous and Questions

 17:05 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!

 17:05 <tyhicks> #endmeeting



Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)