16:38 <tyhicks> #startmeeting
16:38 <meetingology> Meeting started Mon May 18 16:38:31 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:38 <meetingology> 
16:38 <meetingology> Available commands: action commands idea info link nick
16:38 <tyhicks> The meeting agenda can be found at:
16:38 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:38 <tyhicks> [TOPIC] Weekly stand-up report
16:38 <tyhicks> jdstrand: you're up
16:45 <jdstrand> hi!
16:45 <jdstrand> sorry
16:45 <jdstrand> so, this week I am working on planning out our work
16:45 <jdstrand> I finished up the libseccomp SRU and it is just waiting for the week to pass
16:46 <jdstrand> I need to get back to seccomp policy updates on snappy and review tools work
16:47 <jdstrand> I'm also working on getting core and touch security support nailed down, so then we can define our processes, update tools, etc
16:47 <jdstrand> that's it from me
16:48 <tyhicks> sbeattie: you're up
16:48 <sbeattie> I'm on cve triage this week.
16:48 <sbeattie> The rsyslog trusty SRU I did was released to trusty-updates.
16:48 <sbeattie> My wily apparmor upload is still waiting to migrate from wily-proposed but is blocked on bogus test failures in other packages. I made
16:48 <sbeattie> a query in #ubuntu-release but got no response.
16:48 <sbeattie> I've finished the paperwork for the trusty apparmor SRU, I just need to bug someone to copy it over from the security-proposed ppa to the trusty-proposed queue.
16:48 <sbeattie> someone == jdstrand :)
16:49 <sbeattie> I have some upstream apparmor patches to review for an impending 2.10 release, which is needed for the planned systemd apparmor integration.
16:49 <sbeattie> I think I can finally get back the gcc-pie work this week
16:49 <sbeattie> That's pretty much it for me. tyhicks: you're up.
16:50 <tyhicks> I'm in the happy place this week
16:50 <tyhicks> I have more to do around team work planning
16:51 <tyhicks> add kernel keyring mediation support to AppArmor parser
16:51 <tyhicks> revive patch security updates
16:51 <tyhicks> Send proposed fix for bug #1427264 to upstream schroot
16:51 <ubottu> bug 1427264 in schroot (Ubuntu) "using ecryptfs, creating frameworks fail to bind mount issues" [High,In progress] https://launchpad.net/bugs/1427264
16:51 <tyhicks> Come up with a fix for bug #1438942
16:51 <ubottu> bug 1438942 in schroot (Ubuntu) "Host's /dev/shm is mounted over when entering 14.10 and older sbuild schroots" [High,In progress] https://launchpad.net/bugs/1438942
16:51 <jdstrand> sbeattie: 2.8.95~2430-0ubuntu5.2 to trusty-proposed?
16:51 <tyhicks> embargoed issue
16:51 <sbeattie> jdstrand: yes, indeed.
16:52 <jdstrand> sbeattie: done
16:52 <sbeattie> jdstrand: thanks!
16:52 <tyhicks> that's it for me
16:52 <tyhicks> jjohansen: you're up
16:52 <jjohansen> well I have the next round of kernel security sign-offs to finish up this morning
16:53 <jjohansen> I have my patchset for upstream that I didn't quite finish up with last week to finish off with
16:54 <jjohansen> and then its back to rest of the cleanup, for upstreaming
16:55 <jjohansen> oh and I will be synching up on the dconf work, I'm not sure what is there but there will be some time on that
16:56 <jjohansen> thats it for me sarnold you're up
16:56 <sarnold> I'm on community this week; there's still some outstanding sync matches in d2u. I don't think I'll try tackling any of the merge matches this week though.
16:57 <sarnold> I'll also be working on tracking down our current status with openstack CVEs, some are silently fixed by server-team updates along the way, some are still outstanding.
16:57 <sarnold> I may also sneak in an apparmor patch review or two for variety.
16:57 <sarnold> that's it for me, chrisccoulson?
16:58 <chrisccoulson> I'm just doing the thunderbird publication, which is my only planned update for this week \o/
16:58 <tyhicks> nice :)
16:59 <chrisccoulson> I got through some reviews last week. I plan to get https://code.launchpad.net/~osomon/oxide/context-menu/+merge/257351 done and also look at the branches that have been updated since I commented on them
16:59 <chrisccoulson> Other than that, I'll be working through whatever I can get done on https://launchpad.net/oxide/+milestone/branch-1.8
17:00 <chrisccoulson> I think that's me done
17:01 <tyhicks> thanks
17:01 <tyhicks> [TOPIC] Highlighted packages
17:01 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:01 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:02 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/autojump.html
17:02 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ganeti.html
17:02 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/davfs2.html
17:02 <tyhicks> [TOPIC] Miscellaneous and Questions
17:02 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libtar.html
17:02 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/rawtherapee.html
17:02 <tyhicks> Does anyone have any other questions or items to discuss?
17:03 <tyhicks> jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
17:03 <tyhicks> #endmeeting