16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Oct 23 16:31:03 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 <mdeslaur> \o 16:31 <tyhicks> [TOPIC] Weekly stand-up report 16:31 <leosilva> o/ 16:31 <tyhicks> jdstrand: you're up 16:31 <jdstrand> hey 16:31 <jdstrand> This week I plan to: 16:31 <jdstrand> * finish some snappy-debug work based on sprint feedback 16:31 <jdstrand> * do a ton of snapd PR reviews. Some for layouts, which I expect to take a lot of time since they are attempting to use overlayfs 16:32 <jdstrand> * miscellaneous interface policy updates 16:32 <jdstrand> * get back to uid/gid seccomp arg filtering work as have time 16:32 <jdstrand> that's it from me. mdeslaur, you're up 16:32 <mdeslaur> I'm in the happy place this week 16:32 <mdeslaur> I have a short week as I'm off on friday 16:32 <mdeslaur> I just published a few updates 16:32 <mdeslaur> and I have a couple of others to test 16:32 <mdeslaur> I'll probably pick something new off the list after that 16:33 <mdeslaur> that's it, sbeattie, you're up 16:33 <sbeattie> I'm also in the happy place this week 16:34 <sbeattie> I'm doing some investigating on notifying snaps that they have security issues in embedded packaging 16:34 <sbeattie> I'm also going to be focusing on apparmor this week, in concert with some of the work debian is doing 16:35 <sbeattie> I also have an update to finish up, and the usual set of kernel triage to do 16:35 <sbeattie> that'll take up my week. tyhicks? 16:35 <tyhicks> happy_place++ 16:36 <tyhicks> I need to finalize the upstream libseccomp-golang changes and update the PR 16:36 <tyhicks> update the seccomp(2) man page for the kernel logging changes 16:36 <tyhicks> eCryptfs patch review 16:36 <tyhicks> AppArmor work to support Debian's !AppArmor-in-Debian sprint 16:36 <tyhicks> that's it for me 16:36 <tyhicks> I don't think jjohansen is back yet 16:36 <tyhicks> sarnold: go ahead and we'll circle back to jjohansen 16:37 <sarnold> I'm on bug triage this week 16:37 <sarnold> I'll also be helping out the debian apparmor sprint as I can 16:37 <sarnold> and doing MIRs, I expect to finish spice-vdagent early in the week 16:37 <sarnold> with what time may be left I'll look at the pcp changes in response the last cycle's MIR 16:37 <sarnold> that's it for me, chrisccoulson? 16:37 <jbicha> yay, MIRs 16:38 <chrisccoulson> I've got a chromium update to test and publish 16:38 <chrisccoulson> Then I need to finish off the rust 1.20 update - artful is done, I just need to backport it. Fingers crossed there are no new problems and this is the end of it for a few weeks 16:38 <chrisccoulson> then hopefully fun stuff 16:39 * tyhicks crosses fingers 16:39 <chrisccoulson> that's me done 16:39 <tyhicks> ratliff: you're up 16:39 <ratliff> I'm on community this week 16:40 <ratliff> After that I have quite a bit of internally focused work which will consume my week. 16:40 <ratliff> on to you, leosilva 16:40 <leosilva> I'm in CVE triage this week 16:40 <leosilva> I have a couple of UNS to publish for precise 16:41 <leosilva> besides that I'll do my hunting for pkgs to update and watch some git for triage in pkgs I'm waiting patches 16:41 <leosilva> that's for me 16:41 <leosilva> tyhicks: it's back to yu! 16:41 <tyhicks> jjohansen: any chance you're back yet? 16:42 <tyhicks> lets move on 16:42 <tyhicks> [TOPIC] Highlighted packages 16:42 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:43 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/swift-plugin-s3.html 16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sniffit.html 16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/ruby-rack.html 16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/digikam.html 16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html 16:43 <tyhicks> [TOPIC] Miscellaneous and Questions 16:43 <tyhicks> Does anyone have any other questions or items to discuss? 16:43 <jbicha> https://lists.debian.org/debian-devel/2017/10/msg00405.html 16:43 <jbicha> I think Debian GNOME would be ok with a totem apparmor profile in the totem packaging, except that I don't think the Debian GNOME has apparmor expertise to maintain it 16:44 <jbicha> (mentioned since y'all were talking about apparmor in Debian) 16:44 <tyhicks> jbicha: we're working closely with intrigeri all week on this sort of stuff 16:45 <tyhicks> jbicha: thanks for mentioning it 16:45 <jbicha> thanks, that's all from me :) 16:45 <tyhicks> cool :) 16:45 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:45 <tyhicks> #endmeeting