16:31 <tyhicks> #startmeeting
16:31 <meetingology> Meeting started Mon Mar  6 16:31:39 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: action commands idea info link nick
16:31 <tyhicks> The meeting agenda can be found at:
16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31 <tyhicks> [TOPIC] Announcements
16:31 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for xenial-yakkety for iio-sensor-proxy (LP: #1666358)
16:32 <ubottu> Launchpad bug 1666358 in iio-sensor-proxy (Ubuntu Yakkety) "iio-sensor-proxy: Insecure configuration of dbus service" [High,Fix released] https://launchpad.net/bugs/1666358
16:32 <tyhicks> Vishnu Naini (visred) provided debdiffs for xenial-yakkety for kde4libs and kio (LP: #1668871)
16:32 <ubottu> Launchpad bug 1668871 in kde4libs (Ubuntu Trusty) "kio: Information Leak when accessing https when using a malicious PAC file" [Undecided,New] https://launchpad.net/bugs/1668871
16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:32 <tyhicks> [TOPIC] Weekly stand-up report
16:32 <tyhicks> jdstrand: you're up
16:35 * mdeslaur poked jdstrand with sharp stick
16:35 <mdeslaur> meh, I'll go
16:35 <mdeslaur> I'm in the happy place this week
16:35 <tyhicks> thanks
16:35 <mdeslaur> I'm currently working on an embargoed issue
16:36 <mdeslaur> and I have imagemagick updates to test and release
16:36 <mdeslaur> if I have time left over, I need to do the gigantic apache2 backport
16:36 <mdeslaur> that's about it
16:36 <mdeslaur> sbeattie: tag
16:36 <sbeattie> I'm on community this week
16:37 <sbeattie> I have one embargoed issue partially on my plate and may have a second, pending discussion
16:37 <jdstrand> sorry, hard crash due to intel driver issue
16:37 <tyhicks> jdstrand: bummer - you can go next after Steve
16:37 <sbeattie> I'm also working on glibc updates
16:38 <sbeattie> after that I'll look at the list of updates needed
16:38 <sbeattie> that's pretty much it for me. jdstrand?
16:38 <jdstrand> short week (off thursday, back friday, off next week)
16:38 <jdstrand> last week I did a bunch of reviews, did some simple policy updates and continued on netlink mediation as part of seccomp arg filtering (phase 1 PR is up for review). Note that all seccomp arg filtering branches are blocked on a PR for something called snap-confine reexec. I'm just allowing them to queue up and following up with the snappy team on that PR
16:38 <jdstrand> This week I plan to:
16:38 <jdstrand> review tools updates for recent issues
16:38 <jdstrand> PR and store reviews
16:38 <jdstrand> more policy updates, especially surrounding mir on dragonboard (some issues were reported on this that I need to look into)
16:38 <jdstrand> continue with seccomp arg filtering (eg, continue 'users and groups' PR and phase 2 netlink mediation) as have time
16:38 <jdstrand> that's it for me
16:40 <tyhicks> I'm on bug triage this week
16:41 <tyhicks> Jamie and I (mostly Jamie) came up with a good design for a technical blocker of the seccomp patches
16:41 <tyhicks> I need to propose that to upstream and start working on a new patch to implement the feature
16:41 <tyhicks> I still have a design review to do
16:41 <tyhicks> and I have 1-2 embargoed issues
16:41 <tyhicks> that's it for me
16:41 <tyhicks> jjohansen: you're up
16:43 <tyhicks> he may not be around
16:43 <tyhicks> sarnold: go ahead
16:43 <sarnold> I'm on cve triage this week
16:43 <sarnold> I'd very much like to finish up the shadow usn and lasso mir
16:44 <sarnold> and probably some patch reviwes
16:44 <sarnold> that's it for me, chrisccoulson?
16:44 <chrisccoulson> I've got a firefox update to do this week
16:45 <chrisccoulson> I also need to get thunderbird ready
16:45 <chrisccoulson> I made a start revewing one of the big oxide merge proposals last week, and I need to finish that
16:46 <chrisccoulson> Also, I need to get cargo bootstrapped everywhere, but that's slightly more difficult than I anticipated
16:46 <chrisccoulson> other than that, I'll be working on oxide stuff as usual
16:46 <chrisccoulson> that's me done
16:47 <ratliff> I'm in the happy place this week
16:47 <ratliff> I'll be looking at the notification task some more
16:47 <ratliff> I have a variety of internal tasks (sizings, etc) to do
16:48 <ratliff> If I have additional time, I'll continue working on updates for vivid based core and touch
16:48 <ratliff> back to you tyhicks
16:48 <tyhicks> thanks!
16:48 <tyhicks> [TOPIC] Highlighted packages
16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:49 <tyhicks> oops
16:49 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:49 <tyhicks> wut
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/midgard2-core.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libquicktime.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/steam.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/revelation.html
16:49 <tyhicks> [TOPIC] Miscellaneous and Questions
16:49 <tyhicks> Does anyone have any other questions or items to discuss?
16:51 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks!
16:51 <tyhicks> #endmeeting