16:35 <tyhicks> #startmeeting
16:35 <meetingology> Meeting started Mon Jan 25 16:35:25 2016 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:35 <meetingology> 
16:35 <meetingology> Available commands: action commands idea info link nick
16:35 <tyhicks> The meeting agenda can be found at:
16:35 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:35 <tyhicks> [TOPIC] Announcements
16:35 <tyhicks> Felix Geyer (debfx) provided debdiffs for trusty, wily for prosody (LP: #1532943)
16:35 <ubottu> Launchpad bug 1532943 in prosody (Ubuntu) "CVE-2016-1231 and CVE-2016-1232" [Medium,Fix released] https://launchpad.net/bugs/1532943
16:35 <tyhicks> Andreas Cadhalpun (andreas-cadhalpun) provided debdiffs for vivid and wily for ffmpeg (LP: #1533367)
16:35 <ubottu> Launchpad bug 1533367 in ffmpeg (Ubuntu Xenial) "ffmpeg allows Server-Side Request Forgery attack" [Medium,Confirmed] https://launchpad.net/bugs/1533367
16:35 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:36 <tyhicks> [TOPIC] Weekly stand-up report
16:36 <tyhicks> jdstrand: you're up
16:39 <tyhicks> mdeslaur: do you want to go ahead and we'll circle back to him?
16:39 <mdeslaur> sure
16:39 <mdeslaur> I'm in the happy place this week
16:39 * mdeslaur does the happy place dance
16:39 <mdeslaur> I'm working on mysql updates at the moment
16:39 <tyhicks> lucky you :)
16:39 <sarnold> choreographed and everything, impressive :)
16:39 <mdeslaur> and I have a couple of embargoed things to look at
16:39 <mdeslaur> and after that, I have to figure out the zillion autopkgtest regressions from my friday merges
16:39 <tyhicks> bleh
16:39 <mdeslaur> so that'll keep me busy for a couple of weeks
16:40 <mdeslaur> that's it from me, sbeattie
16:41 <tyhicks> I don't think he's in yet
16:41 <tyhicks> I'll go ahead
16:41 <tyhicks> I'm on bug triage this week
16:42 <tyhicks> outside of those duties, I'm going to force myself to ignore everything new except for helping out jjohansen with AppArmor stacking
16:42 <tyhicks> that'll include restarting the stacking interface discussion
16:42 <tyhicks> and possibly the namespace creation interfaces
16:44 <tyhicks> that's all I'm going to put on my plate this week
16:44 <tyhicks> jjohansen: are you around yet?
16:44 * jjohansen waits for the emergency to drop
16:44 <jjohansen> yep
16:44 <jjohansen> I am working on apparmor stacking this week, lots of debugging and messing with namespacing issues
16:44 <jjohansen> that is all I am planning on
16:44 <jjohansen> sarnold: you here?
16:45 <jjohansen> doesn't seem so, tyhicks back to you
16:45 <tyhicks> he's here
16:45 <sarnold> I'm on cve triage this week
16:45 <sarnold> I've got a few pennies to throw into the apparmor stacking discussion, maybe a monkey wrench or two too (MONKEYS!)
16:46 <sarnold> whatevers' left will go towards MIRs, I ought to finish up DPDK early this week
16:46 <sarnold> that's it for me, chrisccoulson?
16:46 <tyhicks> good to hear
16:46 <tyhicks> (re DPDK)
16:46 <tyhicks> go ahead, chrisccoulson
16:46 <jdstrand> sorry, I missed the ping
16:46 <jdstrand> I'll go after chrisccoulson
16:46 <chrisccoulson> I've got a Firefox release this week. I'm also currently testing Chromium and need to get Oxide 1.12 out
16:47 <chrisccoulson> Other than that, I'll be working on some reviews and taking a look at bug 1459830
16:47 <ubottu> bug 1459830 in Oxide "Support drag and drop" [Medium,Triaged] https://launchpad.net/bugs/1459830
16:48 <chrisccoulson> I think that's me done
16:48 <jdstrand> I'll go now
16:49 <jdstrand> since 15.04 is eol soon, I did a bit of work to track ppa overlay packages and updated processes for that
16:49 <jdstrand> since touch will remain on 15.04 for a while and core until 16.04 is released
16:50 <jdstrand> it is coming along well. I need to deal with any fallout from that, and also make sure that those overlay ppas are up to date. I think they are, but will verify
16:50 <jdstrand> I have a couple of embargoed issues I am working on
16:51 <jdstrand> and then will attend to snappy work items-- notably, squashfs in the review tools
16:51 <jdstrand> that's it from me
16:53 <tyhicks> ok
16:53 <tyhicks> I'll catch up with sbeattie later
16:53 <tyhicks> [TOPIC] Highlighted packages
16:53 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:53 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/tntnet.html
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/grml-debootstrap.html
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/autojump.html
16:53 <tyhicks> [TOPIC] Miscellaneous and Questions
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/localepurge.html
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/bozohttpd.html
16:53 <tyhicks> Does anyone have any other questions or items to discuss?
16:55 <doko> PIC!
16:55 <doko> is the test rebuild now reviewed, and when will it be enabled?
16:55 <doko> or is it delayed until after the LTS?
16:56 <tyhicks> doko: unfortunately, sbeattie isn't here
16:56 <tyhicks> doko: he's been chipping away at it but I don't know exactly where he's at
16:56 <tyhicks> doko: hopefully it isn't delayed until after the LTS
16:57 <tyhicks> doko: I'll follow up with you in an hour or so
16:57 <doko> sure, but then we should start using it, announcing it to the community. at least we'll have additional ftfbs
16:58 <tyhicks> agreed
16:59 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
16:59 <tyhicks> #endmeeting