16:34 <tyhicks> #startmeeting 16:34 <meetingology> Meeting started Mon Apr 18 16:34:00 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34 <meetingology> 16:34 <meetingology> Available commands: action commands idea info link nick 16:34 <tyhicks> The meeting agenda can be found at: 16:34 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:34 <tyhicks> [TOPIC] Weekly stand-up report 16:34 <tyhicks> jdstrand: you're up 16:34 <mdeslaur> \o 16:39 <tyhicks> mdeslaur: go ahead and we'll circle back to Jamie 16:39 <mdeslaur> I'm in the happy place this week 16:40 <mdeslaur> I just published the samba and optipng updates 16:40 <mdeslaur> and am working on php5 updates 16:40 <mdeslaur> that's it, sbeattie you're it 16:40 <sbeattie> I'm on community this week. 16:40 <sbeattie> I'm currently (still) testing glibc updates 16:41 <sbeattie> I have some apparmor things to do as well, plus the usual kernel cve triage bits 16:41 <sbeattie> I may try to pick up another update or two, as we have a bit of a backlog. 16:41 <sbeattie> that's it for me, tyhicks? 16:42 <tyhicks> sbeattie: x+1 will open next week so we need to be ready for PIE by default 16:42 <sbeattie> right 16:43 <tyhicks> sbeattie: as much as I agree that picking up an update is needed, it may be higher prio to focus on the various debdiffs 16:43 <sbeattie> okay 16:43 <jdstrand> sorry, got pulled aside 16:43 <tyhicks> jdstrand: go ahead 16:44 <jdstrand> most of my week is going to be dealing with documentation updates for snappy on 16.04, helping the sdoc guys on policy/interfaces, testing snappy interfaces myself and an embargoed issue 16:44 <jdstrand> oh, and this is a short week for me 16:44 <jdstrand> I'll be off tomorrow 16:44 <jdstrand> (but back wed) 16:45 <tyhicks> thanks 16:45 <tyhicks> I'm on bug triage this week 16:46 <tyhicks> I'm currently making progress on the ecryptfs maintenance todos that I've been mentioning the last few weeks 16:46 <tyhicks> I've built up quite an email backlog and need to get through some of that before release 16:47 <tyhicks> if I have time, I'd like to help out with code reviews or maybe pick up an update 16:47 <tyhicks> jjohansen: you're up 16:47 <jjohansen> I'm working on squashing more apparmor bugs this week 16:48 <jjohansen> it seems I need to revisit the loading bug that I thought to have finally tracked down as cboltz reports the fix isn't working for him 16:49 <jjohansen> hrmmm, I think that is it for me, unless I am given different direction 16:50 <tyhicks> sounds about right to me 16:50 <tyhicks> sarnold: go ahead 16:51 <sarnold> I'm on cve triage this week, but I think I may neglect it today and maybe tomorrow to focus on MIRs instead -- it'd be nice to get through as many as we can before release, I think, and it's not like we have a shortage of issues to work n 16:51 <tyhicks> I think that's a good idea 16:51 <sarnold> the apparmor community has also been on fire with patches the last few weeks, it'd be fun if that continues, so i'll try to work in some smaller/obvious reviews if I can 16:52 <sarnold> that's it for me, chrisccoulson? 16:52 <chrisccoulson> I've got an Oxide update to get out this week. I'm also expecting Chromium at some point too 16:52 <chrisccoulson> And a Firefox update 16:53 <chrisccoulson> I also need to update the Firefox packaging for https://bugzilla.mozilla.org/show_bug.cgi?id=1256955 so that we can produce builds for the next release (next week) 16:53 <ubottu> Mozilla bug 1256955 in Release Automation "provide ability to correlate release promotion releases with their respective l10n changeset" [Normal,Resolved: fixed] 16:54 <chrisccoulson> I plan to spend some time adding a test shell to Oxide this week (see the last sentence of the commit message for http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/1447) 16:54 <chrisccoulson> But that does require some other re-architecting first 16:55 <tyhicks> oof 16:55 <tyhicks> chrisccoulson: expect to get to any oxide development items? 16:56 <chrisccoulson> I also plan to have a look at bug 1570996, to try to figure out if we can make shutdown a bit more reliable (it's not the only shutdown issue we have) 16:56 <ubottu> bug 1570996 in Oxide "g_all_contexts.Get().size() == static_cast<size_t>(0) (1 vs. 0)" [Undecided,New] https://launchpad.net/bugs/1570996 16:56 <chrisccoulson> tyhicks, I hope so 16:56 <chrisccoulson> I think that's me done 16:57 <tyhicks> thanks 16:57 <tyhicks> [TOPIC] Highlighted packages 16:57 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:57 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/archmage.html 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/cabextract.html 16:57 <tyhicks> [TOPIC] Miscellaneous and Questions 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/filezilla.html 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-python.html 16:57 <tyhicks> Does anyone have any other questions or items to discuss? 16:59 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 16:59 <tyhicks> #endmeeting