16:30 <tyhicks> #startmeeting 16:30 <meetingology> Meeting started Mon May 15 16:30:29 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 <meetingology> 16:30 <meetingology> Available commands: action commands idea info link nick 16:30 <tyhicks> The meeting agenda can be found at: 16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 <tyhicks> [TOPIC] Weekly stand-up report 16:30 <tyhicks> jdstrand: you're up 16:31 <jdstrand> last week I participated in tons of snappy discussions and a couple unplanned high priority items which took away from my ability to get to everything I planned 16:31 <jdstrand> I did get to various PR reviews, fixed an ARM regression related to the recent netlink arg filtering PR and made changes to the classic snap (to ease working on the netlink regression) 16:31 <jdstrand> I also spent quite a bit of time investigating at the current state of overlayfs usage in and outside of snaps on 4.4 and 4.10 kernel. Very nearly done with investigation and will report back in the bug 16:31 <jdstrand> This week is a short week for me (off friday and out next week). I plan to: 16:31 <jdstrand> - finish the overlayfs investigation 16:31 <jdstrand> - fix snappy-debug to work with journald, update for snapd 2.25 and 2.26 16:31 <jdstrand> - work on an embargoed issue 16:31 <jdstrand> - snappy forum discussions and PR reviews 16:31 <jdstrand> - does a miscellaneous policy updates PR 16:31 <jdstrand> - get back to wayland/gnome/plasma interfaces as have time 16:31 <jdstrand> that's it from me. mdeslaur you're up 16:32 <mdeslaur> I'm in the happy place this week 16:32 <mdeslaur> I just pushed out a couple of updates (git and kde4libs) 16:32 <mdeslaur> I have libytnef to publish this afternoon 16:32 <mdeslaur> (just finished testing it) 16:33 <mdeslaur> I am still awaiting qemu test results 16:33 <mdeslaur> and will work on other updates after that 16:33 <mdeslaur> that's it from me, sbeattie 16:33 <sbeattie> I'm on community this week 16:33 <cpaelzer> mdeslaur: fyi - tests already running 16:33 <mdeslaur> cpaelzer: sweet, thanks! 16:33 <sbeattie> I have openjdk-7 updates from tdaitx to test and publish 16:34 <sbeattie> I'll likely have kernel USNs to publish today or tomorrow 16:34 <sbeattie> ... which likely means figuring out the precise/E publishing issues 16:34 <sbeattie> after that, I'll be going down the list 16:35 <sbeattie> I also need to check in on some apparmor issues 16:35 <sbeattie> that's probably it for me. 16:35 <sbeattie> tyhicks: over to you 16:35 <tyhicks> I'm on bug triage this week 16:35 <tyhicks> CVE triage and precise/esm UCT work consumed the majority of my week last week 16:36 <tyhicks> still need to get back to my seccomp work 16:36 <tyhicks> fscrypto userspace isn't yet public so I'm still waiting to review and poke at that 16:36 <tyhicks> there are still some roadmap sprint followups that I need to do 16:37 <tyhicks> and I have an internal issue that I'm working on 16:37 <tyhicks> that's it for me 16:37 <tyhicks> jjohansen: you're up 16:38 <jjohansen> I have to finish up the 4.11 apparmor port, there are memory corruption crashing issues to track down, currently mostly likely triggered by fput, in code that hasn't changed 16:38 <jjohansen> poke some people to review upstream securityfs patch 16:38 <jjohansen> there is a virt-aa helper upstreaming thread to check on 16:39 <jjohansen> I have some LSM backlog to catch up on (eg. IMA posted out some ns support that makes changes to fs/namespace.c), for now just to make sure there is nothing to be aware of for upstreaming 16:39 <jjohansen> possibly coordinating with sbeattie on afore mentioned apparmor issues 16:39 <jjohansen> and then hopefully back to the upstreaming work 16:40 <jjohansen> probably working on fixing the typesplitting, which without the unix rules mediation won't be going up 16:42 <jjohansen> I think that is it for me, I don't think sarnold is around yet, so tyhicksback to you 16:43 <tyhicks> chrisccoulson: you're up 16:44 <chrisccoulson> I spent some time last week debugging a thunderbird issue, which meant I didn't finish my firefox symbol upload script. I plan to do that this week 16:44 <sarnold> (here now) 16:44 <chrisccoulson> Also plan to publish thunderbird (I'm just waiting for upstream to actually release it) 16:46 <tyhicks> chrisccoulson: sounds good - is that it for you? 16:46 <chrisccoulson> I've got an internal issue to resolve too 16:46 <chrisccoulson> Other than that, I'll be spending some time figuring out what to work on next, so I'll probably be pinging various people this week 16:46 <chrisccoulson> That's me done 16:47 <tyhicks> thanks 16:47 <tyhicks> sarnold: go ahead 16:47 <sarnold> i'm on cve triage this week; i'll start the 'free time' with xdelta3 mir and move on down the mir list; perhaps apparmor patch reviews if john's looking for another set of eyes 16:47 <sarnold> that's it for me, ratliff? 16:47 <ratliff> I'm in the happy place this week 16:47 <mdeslaur> sarnold: you have a shadow regression, fyi 16:47 <mdeslaur> sarnold: congrats 16:48 <sarnold> mdeslaur: argh those were too simple to have regressions :( 16:48 <mdeslaur> yeah :( 16:49 <ratliff> I will largely be focused on internal tasks this week. 16:49 <chrisccoulson> oh, I forgot - I'm hoping will has some design guidelines for the startpage for me this week, so I can start the work to move away from http://start.ubuntu.com/ in firefox 16:49 <chrisccoulson> (sorry for interrupting) 16:50 <ratliff> There are some technical content item, including the webinar. 16:50 <ratliff> *items 16:50 <ratliff> that is it for me this week. back to you tyhicks 16:51 <tyhicks> thanks 16:51 <tyhicks> [TOPIC] Highlighted packages 16:51 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:52 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libfpdi-php.html 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/suckless-tools.html 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jgit.html 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html 16:52 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/plasma-workspace.html 16:52 <tyhicks> [TOPIC] Miscellaneous and Questions 16:52 <tyhicks> Does anyone have any other questions or items to discuss? 16:52 <mdeslaur> please help make the suckless-tools suck even less. 16:52 <ratliff> The team has reactived their twitter account @ubuntu_sec and are reachable there now as well. 16:53 <JamieBennett> ratliff: look forward to the stream of tweets :) 16:54 <ratliff> thanks, JamieBennett! 16:54 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, JamieBennett: Thanks! 16:54 <tyhicks> #endmeeting