#ubuntu-meeting log

16:31 <tyhicks> #startmeeting
16:31 <meetingology> Meeting started Mon Oct 23 16:31:03 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: action commands idea info link nick
16:31 <tyhicks> The meeting agenda can be found at:
16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31 <mdeslaur> \o
16:31 <tyhicks> [TOPIC] Weekly stand-up report
16:31 <leosilva> o/
16:31 <tyhicks> jdstrand: you're up
16:31 <jdstrand> hey
16:31 <jdstrand> This week I plan to:
16:31 <jdstrand> * finish some snappy-debug work based on sprint feedback
16:31 <jdstrand> * do a ton of snapd PR reviews. Some for layouts, which I expect to take a lot of time since they are attempting to use overlayfs
16:32 <jdstrand> * miscellaneous interface policy updates
16:32 <jdstrand> * get back to uid/gid seccomp arg filtering work as have time
16:32 <jdstrand> that's it from me. mdeslaur, you're up
16:32 <mdeslaur> I'm in the happy place this week
16:32 <mdeslaur> I have a short week as I'm off on friday
16:32 <mdeslaur> I just published a few updates
16:32 <mdeslaur> and I have a couple of others to test
16:32 <mdeslaur> I'll probably pick something new off the list after that
16:33 <mdeslaur> that's it, sbeattie, you're up
16:33 <sbeattie> I'm also in the happy place this week
16:34 <sbeattie> I'm doing some investigating on notifying snaps that they have security issues in embedded packaging
16:34 <sbeattie> I'm also going to be focusing on apparmor this week, in concert with some of the work debian is doing
16:35 <sbeattie> I also have an update to finish up, and the usual set of kernel triage to do
16:35 <sbeattie> that'll take up my week. tyhicks?
16:35 <tyhicks> happy_place++
16:36 <tyhicks> I need to finalize the upstream libseccomp-golang changes and update the PR
16:36 <tyhicks> update the seccomp(2) man page for the kernel logging changes
16:36 <tyhicks> eCryptfs patch review
16:36 <tyhicks> AppArmor work to support Debian's !AppArmor-in-Debian sprint
16:36 <tyhicks> that's it for me
16:36 <tyhicks> I don't think jjohansen is back yet
16:36 <tyhicks> sarnold: go ahead and we'll circle back to jjohansen
16:37 <sarnold> I'm on bug triage this week
16:37 <sarnold> I'll also be helping out the debian apparmor sprint as I can
16:37 <sarnold> and doing MIRs, I expect to finish spice-vdagent early in the week
16:37 <sarnold> with what time may be left I'll look at the pcp changes in response the last cycle's MIR
16:37 <sarnold> that's it for me, chrisccoulson?
16:37 <jbicha> yay, MIRs
16:38 <chrisccoulson> I've got a chromium update to test and publish
16:38 <chrisccoulson> Then I need to finish off the rust 1.20 update - artful is done, I just need to backport it. Fingers crossed there are no new problems and this is the end of it for a few weeks
16:38 <chrisccoulson> then hopefully fun stuff
16:39 * tyhicks crosses fingers
16:39 <chrisccoulson> that's me done
16:39 <tyhicks> ratliff: you're up
16:39 <ratliff> I'm on community this week
16:40 <ratliff> After that I have quite a bit of internally focused work which will consume my week.
16:40 <ratliff> on to you, leosilva
16:40 <leosilva> I'm in CVE triage this week
16:40 <leosilva> I have a couple of UNS to publish for precise
16:41 <leosilva> besides that I'll do my hunting for pkgs to update and watch some git for triage in pkgs I'm waiting patches
16:41 <leosilva> that's for me
16:41 <leosilva> tyhicks: it's back to yu!
16:41 <tyhicks> jjohansen: any chance you're back yet?
16:42 <tyhicks> lets move on
16:42 <tyhicks> [TOPIC] Highlighted packages
16:42 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:43 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/swift-plugin-s3.html
16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sniffit.html
16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/ruby-rack.html
16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/digikam.html
16:43 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html
16:43 <tyhicks> [TOPIC] Miscellaneous and Questions
16:43 <tyhicks> Does anyone have any other questions or items to discuss?
16:43 <jbicha> https://lists.debian.org/debian-devel/2017/10/msg00405.html
16:43 <jbicha> I think Debian GNOME would be ok with a totem apparmor profile in the totem packaging, except that I don't think the Debian GNOME has apparmor expertise to maintain it
16:44 <jbicha> (mentioned since y'all were talking about apparmor in Debian)
16:44 <tyhicks> jbicha: we're working closely with intrigeri all week on this sort of stuff
16:45 <tyhicks> jbicha: thanks for mentioning it
16:45 <jbicha> thanks, that's all from me :)
16:45 <tyhicks> cool :)
16:45 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
16:45 <tyhicks> #endmeeting