16:38 <tyhicks> #startmeeting 16:38 <meetingology> Meeting started Mon Apr 25 16:38:42 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:38 <meetingology> 16:38 <meetingology> Available commands: action commands idea info link nick 16:38 <tyhicks> The meeting agenda can be found at: 16:38 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:38 <tyhicks> [TOPIC] Weekly stand-up report 16:38 <tyhicks> mdeslaur: you're up 16:39 <mdeslaur> I'm on triage this week 16:39 <mdeslaur> I just released mysql updates 16:39 <mdeslaur> and will be going down the list 16:39 <mdeslaur> I may be also fixing bug 1574670 since people still seem to be using that 16:39 <ubottu> bug 1574670 in update-manager (Ubuntu Yakkety) "ubuntu-support-status returns inaccurate information" [Undecided,Confirmed] https://launchpad.net/bugs/1574670 16:39 <mdeslaur> and that's pretty much it, sbeattie, you're up 16:39 <tyhicks> that'd be nice 16:40 <sbeattie> that's broken again? argh. 16:40 <sbeattie> I'm in the happy place this week. 16:41 <sbeattie> I have openjdk updates to work on, openjdk-8 are built and need testing, I think tdaitx might have openjdk-7 to the point where he'll hand off to me. not sure where openjdk-6 is at 16:42 <sbeattie> I need to poke infinity about copying the libc6 updates I have ready to the -proposed pockets, as I'd like for them to go through that process before publishing to -security 16:42 <tyhicks> sbeattie: is that so you can get some extra testing? 16:43 <sbeattie> tyhicks: yes, I'd like to confirm that the buildds won't break before publishing. 16:43 <sbeattie> seems ... kinda important. 16:43 <tyhicks> agreed :) 16:43 <sbeattie> I need to coalesce some of the stuff I've written about pie into a wiki page for packagers. 16:44 <sbeattie> as well as sort out some of the failures being seen, and get some of my fixes sponsored. 16:44 <sbeattie> that will probably consume my week. 16:44 <sbeattie> tyhicks: you're up. 16:44 <tyhicks> I'm on community this week 16:45 <mdeslaur> sbeattie: it's been broken since after 10.04 16:45 <mdeslaur> sbeattie: at least, the source data is inaccurate 16:45 <sbeattie> mdeslaur: well, it doesn't backtrace anymore like it did in 14.04 for a while. 16:45 <mdeslaur> right, yeah 16:45 <tyhicks> I have 16.10 work planning to do 16:46 <tyhicks> I'll be helping sbeattie with the PIE by default build failure uploads (mostly sponsoring but may need to help out more as he's juggling two big updates) 16:47 <tyhicks> I have a number of code reviews to do (not MIRs) 16:48 <tyhicks> and I need to come up to speed more on some snappy related things like interfaces 16:48 <tyhicks> sarnold: you're up 16:48 <sarnold> I'm on bug triage this week 16:48 <sarnold> and I'd like to review john's apparmor patches that he posted last week 16:49 <sarnold> It might also be nice to engage in some serious yak shaving 16:49 <sarnold> that's it for me, chrisccoulson? 16:49 <chrisccoulson> I've got Firefox and Oxide updates to get out this week 16:50 <chrisccoulson> In addition to that, I need to spend some time on bug 1326697 16:50 <ubottu> bug 1326697 in Oxide "GN (Generate Ninja) is coming" [High,Triaged] https://launchpad.net/bugs/1326697 16:51 <chrisccoulson> Other than that, I'll be working on bugs that are targetted for the 1.16 release (I need to make that list this week) 16:51 <chrisccoulson> That's me done 16:52 <tyhicks> thanks! 16:52 <tyhicks> [TOPIC] Highlighted packages 16:52 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:52 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/python-requests-kerberos.html 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/w3af.html 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-marked.html 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/percona-xtrabackup.html 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libxml-security-java.html 16:53 <tyhicks> [TOPIC] Miscellaneous and Questions 16:53 <tyhicks> Does anyone have any other questions or items to discuss? 16:55 <doko> pie ... are any toolchain updates needed? 16:55 <doko> we fixed ocaml and ghc, anything else? 16:55 <tyhicks> sbeattie: do you know of anything? 16:57 <doko> sbeattie, could you give me a list of packages with static libs, which need no-change rebuilds? 16:57 <sbeattie> doko: yeah, I can do that. 16:57 <sbeattie> toolchain wise: bintuils, glibc will want rebuilds for sure. 16:58 <doko> ohh, didn't do glibc yet 16:58 <sbeattie> the 'check' package is another one that trips quite a few packages. 16:59 <sbeattie> well a few. 17:00 <sbeattie> I think the other toolchain issue I hit was go, but that should be addressed with the patch mwhudson sent upstream and has already been incorporated. 17:00 <tyhicks> mdeslaur, sbeattie, sarnold, ChrisCoulson, doko: Thanks! 17:00 <tyhicks> #endmeeting