16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Feb 13 16:31:57 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:32 <slashd> thanks rbasak for leading the discussion about the sru-upload, we appreciated it 16:32 <tyhicks> The meeting agenda can be found at: 16:32 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Announcements 16:32 <tyhicks> James Page (jamespage) provided a debdiff for xenial for nova-lxd (LP: #1656847) 16:32 <ubottu> Launchpad bug 1656847 in nova-lxd (Ubuntu Zesty) "neutron security group rules not applied to nova-lxd containers" [High,Fix released] https://launchpad.net/bugs/1656847 16:32 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for yakkety for bubblewrap and flatpak (LP: #1657357) 16:32 <ubottu> Launchpad bug 1657357 in flatpak (Ubuntu) "bubblewrap escape via TIOCSTI ioctl" [Medium,Fix released] https://launchpad.net/bugs/1657357 16:32 <tyhicks> Jeremy Bicha (jbicha) worked to remove jasper from zesty (LP: #1612835) 16:32 <ubottu> Launchpad bug 1612835 in kopete (Ubuntu) "Please remove jasper from Zesty" [High,Fix released] https://launchpad.net/bugs/1612835 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:33 <jdstrand> hi! 16:33 <jdstrand> last week my dev work got preempted by lots and lots of reviews (store, documentation, Personal and other snapd PRs, snap-confine PRs) and helping with the snap-confine system vs core snap out-of-syncness issue on classic 16:33 <jdstrand> today, I'm catching up on store reviews, various mailing list and bug discussions from friday/weekend 16:33 <jdstrand> this week, I plan to continue with various PR and design reviews/discussions as I'm assigned to them. I know I already need to look at the gsettings patches, console access, 'notion of trust' in snappy, misc snap-confine PRs and lots of Personal PRs (unity8 policy, thumbnailer, media-hub, et al) 16:33 <jdstrand> assuming I can get to my non-review assigned dev work after, I plan to work on the next batch of miscellaneous policy updates and continue with more seccomp arg filtering policy 16:34 <jdstrand> (quite a bit of the seccomp arg filtering policy I pushed up landed already) 16:34 <jdstrand> that's it from me 16:34 <jdstrand> mdeslaur: you're up 16:35 <mdeslaur> I'm on triage this week 16:35 <mdeslaur> I was about to publish a webkit2gtk update, but the new version has a regression 16:35 <mdeslaur> I'm still working on php5 updates, should be publishing that this week 16:35 <mdeslaur> after that, I'll be going down the list, as usual 16:35 <mdeslaur> sbeattie: you're up 16:39 <tyhicks> I'll go and we can circle back 16:39 <tyhicks> I'm in the happy place this week 16:39 <tyhicks> finish testing and submit seccomp logging kernel patchset v3 16:39 <tyhicks> check on AppArmor Zesty upload (blocked by a perl upload) 16:39 <tyhicks> assist in landing the dconf/gsettings mediation 16:40 <tyhicks> tcpdump updates (bug #1662177) 16:40 <ubottu> bug 1662177 in tcpdump (Ubuntu) "tcpdump multiple CVEs" [Undecided,New] https://launchpad.net/bugs/1662177 16:40 <tyhicks> that's it for me 16:40 <tyhicks> jjohansen: you're up 16:40 <tyhicks> oh, short week for me 16:40 <tyhicks> I'm out tomorrow 16:41 <jjohansen> I'm finishing up the apparmor policy notification interface, and making any other revisions to the dconf work that might pop up 16:41 <jjohansen> once that is done I'll be back to upstreaming work, the next merge window is coming all too fast 16:42 <jjohansen> oh hrmm and it goes with out saying that revising the dconf/gsettings work is part of landing it 16:42 <jjohansen> which I'll be helping with 16:43 <tyhicks> I think that'll be a full week 16:43 <jjohansen> yep 16:43 <tyhicks> I haven't seen sarnold yet 16:43 <tyhicks> he's working on MIRs 16:43 <tyhicks> chrisccoulson: you're up 16:43 <jjohansen> yeah, I was just checking 16:43 <sarnold> (here) 16:43 <tyhicks> oh, go ahead 16:44 <chrisccoulson> This week, I'll be spending some more time getting rustc working everywhere 16:44 <sarnold> I'm community this week 16:44 <sarnold> whatever's not spent on community tasks will be MIRs :) 16:44 <chrisccoulson> Mozilla just bumped the minimum rustc version required to build firefox to 1.15.1, which is newer than we have in zesty, which is totally awesome 16:44 <chrisccoulson> oh 16:44 <sarnold> ow 16:44 <tyhicks> :( 16:44 <chrisccoulson> sarnold, carry on :) 16:45 <sarnold> I'm done :/ 16:45 <chrisccoulson> ah, cool 16:45 <sarnold> because waiting a dozen hours for a toolchain before starting work on the browser sounds like such fun :( 16:45 <chrisccoulson> so, other than that, I'll be finishing off bug 1638852, and then a few other cleanups required to make the new UITK webview stable 16:45 <ubottu> bug 1638852 in Oxide "Add touch selection handles and quick menu to UbuntuWebView" [High,In progress] https://launchpad.net/bugs/1638852 16:45 <chrisccoulson> That's me done 16:45 <ratliff> I'm on bug triage this week. 16:46 <ratliff> I am working on updates for core and touch otherwise 16:46 <ratliff> sbeattie: around? if not, back to you tyhicks 16:47 <tyhicks> lets move on 16:47 <tyhicks> [TOPIC] Highlighted packages 16:47 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pinpoint.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libcsoap.html 16:47 <tyhicks> [TOPIC] Miscellaneous and Questions 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html 16:47 <tyhicks> Does anyone have any other questions or items to discuss? 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libxml-security-java.html 16:49 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks! 16:49 <tyhicks> #endmeeting