#ubuntu-meeting log

16:30 <tyhicks> #startmeeting
16:30 <meetingology> Meeting started Mon Aug 14 16:30:24 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology> 
16:30 <meetingology> Available commands: action commands idea info link nick
16:30 <meetingology`> Meeting started Mon Aug 14 16:30:24 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology`> Available commands: action commands idea info link nick
16:30 <tyhicks> The meeting agenda can be found at:
16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:30 <tyhicks> [TOPIC] Announcements
16:30 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for vlc (LP: #1709420)
16:30 <ubottu> Launchpad bug 1709420 in vlc (Ubuntu) "[CVE] flac: Fix heap write overflow on frame format change" [Medium,Fix released] https://launchpad.net/bugs/1709420
16:30 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for menu-cache (LP: #1703564)
16:30 <ubottu> Launchpad bug 1703564 in menu-cache (Ubuntu Zesty) "[CVE] Socket may be blocked by another user" [Medium,Fix released] https://launchpad.net/bugs/1703564
16:30 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:30 <tyhicks> [TOPIC] Weekly stand-up report
16:30 <tyhicks> jdstrand: you're up
16:31 <tsimonq2> :D
16:31 <jdstrand> Last week's work is now being captured in the https://wiki.ubuntu.com/SecurityTeam/WeeklyReports so I'll typically not report on that here any more.
16:31 <jdstrand> This week I plan to focus on:
16:31 <jdstrand> - finishing my part of the wayland work. This is close to done and the wayland interface is already committed to master, but I'd like to add a spread test, finish my sway investigation, incorporate some snappy xdg-open changes and verify the new wayland-cursor in artful
16:31 <jdstrand> - finish desktop and accessibility PRs (respond to feedback, finalize services to expose, etc)
16:31 <jdstrand> - when investigating wayland-cursor for snapd, update apparmor to fix evince crash on startup in 17.10
16:31 <jdstrand> - be responsive to snappy PRs (in particular, Solus distro support, 'Using udev tagging for snap interfaces' and related refactoring PRs, portals PR if it comes in, layouts PRs, race-free profile generation next steps, dbus session services, etc)
16:31 <jdstrand> - add an execstack check (with advice on how to fix) to the review tools (this has come up 3 times in the last month)
16:31 <jdstrand> - try to push forward the open questions regarding snappy users/groups (including privilege dropping) with nie meyer as have time
16:31 <jdstrand> - add systemd-notify interface as have time (request from Chipaca)
16:31 <jdstrand> that's it from me. mdeslaur, you're up
16:31 <mdeslaur> I'm on bug triage this week
16:31 <mdeslaur> and I'm currently working on postgresql updates
16:32 <mdeslaur> I have a couple of updates in the ppa that I've been putting off testing for a while, I should probably get to them
16:32 <mdeslaur> after that, I'll go down the list, as usual
16:32 <mdeslaur> that's about it
16:32 <mdeslaur> sbeattie: you're up
16:34 <tyhicks> I'll hop in and we'll come back to sbeattie
16:35 <tyhicks> now that the seccomp kernel patches look like they're on the path to landing, I will finish my libseccomp patch set and submit the PR
16:35 <tyhicks> still need to get to review pam_fscrypt
16:36 <tyhicks> upload fscrypt to the archive once the 32 bit architecture FTBFS issue is sorted out upstream
16:36 <tyhicks> that's probably all I'm goign to get to this week as I have a short week (off Thurs and Fri)
16:36 <tyhicks> jjohansen: you're up
16:37 * sbeattie can jump in
16:37 <tyhicks> go ahea
16:37 <sbeattie> I'm on cve triage this week
16:38 <sbeattie> I'll likely have an openjdk-7 update from td aitx to test and publish
16:38 <sbeattie> I'll pick up more updates from the list
16:38 <sbeattie> I also have some backlogged apparmor and qrt stuff to look at.
16:39 <sbeattie> that's it for me.
16:39 <tyhicks> jjohansen: go ahead if you're around
16:39 <jjohansen> I am working on upstreaming apparmor, I have a few more minor patches/cleanups to finish before sending out the next pull request
16:39 <jjohansen> and then I need to get back to finishing up the typesplitting work
16:40 <jjohansen> I suppose I also need to finish booking my travel for the ralley and uh need to give some feedback to Casey on the LSM stacking patches
16:40 <jjohansen> that is it for me sarnold you're up
16:41 <sarnold> I'm in the happy place this week; I'll be reviewing apparmor patches if john wants it, working on MIRs (pcp at the moment), and booking travel
16:41 <sarnold> that's it for me, ratliff?
16:41 <chrisccoulson> I'm here
16:41 <ratliff> go ahead chrisccoulson
16:42 <chrisccoulson> Short week for me - I'm off on holiday at the end of the week. I need to get Firefox 55.0.1 published (later today), and then I'll be spending time on the rust 1.19 updates
16:42 <chrisccoulson> although it looks like I'll be doing another firefox update
16:42 <chrisccoulson> that's me done
16:43 <ratliff> I'm in the happy place this week
16:44 <ratliff> I made good progress on kpis last week. I have a few more charts to create with the data that we already have on hand.
16:44 <ratliff> Then I need to document everything and check the scripts into UCT. After that, we need a couple more kpis but will be blocked awaiting access to data.
16:45 <ratliff> so kpis will be my main focus again this week
16:45 <ratliff> leosilva: you are up
16:45 <leosilva> This week I'm community
16:45 <leosilva> I want to finish libgd2 *stucking in tests on zesty*
16:46 <leosilva> Also want to pick more pkgs to up in the list.
16:46 <leosilva> that is for me.
16:46 <leosilva> tyhicks: it's up to you
16:46 <tyhicks> thanks
16:46 <tyhicks> [TOPIC] Highlighted packages
16:46 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:46 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html
16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libcsoap.html
16:46 <tyhicks> [TOPIC] Miscellaneous and Questions
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/slim.html
16:47 <tyhicks> Does anyone have any other questions or items to discuss?
16:47 * tsimonq2 smiles
16:47 <tyhicks> tsimonq2: hey - you've got something to discuss?
16:48 <tsimonq2> tyhicks: Nope, I just really enjoy the previous meeting item :P
16:48 * tsimonq2 hides
16:49 <tyhicks> the highlighted packages part? that list is randomly generated without much thought put into it
16:49 <tyhicks> involved contributors have a better idea of updates that would be useful
16:49 <tsimonq2> Thanks for noting that :)
16:50 <ratliff> tyhicks: probably more the part where we thanked him for contributing :-)
16:50 <ratliff> thanks again tsimonq2 :-)
16:50 <tyhicks> yes, thank you! :)
16:50 <sarnold> \o/
16:50 <tsimonq2> You're welcome :)
16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
16:50 <tyhicks> #endmeeting