16:36 <tyhicks> #startmeeting 16:36 <meetingology> Meeting started Mon Nov 13 16:36:01 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 <meetingology> 16:36 <meetingology> Available commands: action commands idea info link nick 16:36 <tyhicks> The meeting agenda can be found at: 16:36 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 <tyhicks> [TOPIC] Weekly stand-up report 16:36 <tyhicks> jdstrand: you're up 16:36 <leosilva> o/ 16:39 <tyhicks> mdeslaur: go ahead and we'll circle back to jdstrand 16:39 <mdeslaur> I'm on community this week 16:40 <mdeslaur> I have a bunch of security fake syncs to do from debian 16:40 <mdeslaur> and I need to release some postgresql updates 16:40 <mdeslaur> I'll pick something up from the list after that 16:40 * jdstrand is here now 16:40 <mdeslaur> I also have to see why none of my bionic packages are migrating 16:40 <mdeslaur> autopkgdos 16:40 <mdeslaur> that's about it, jdstrand, you're up 16:40 <jdstrand> hi! 16:41 <jdstrand> This week I plan to: 16:41 <jdstrand> * perform snapd reviews. A lot came in last week and I suspect this will take most of my time. This includes, but is not limited to, reviews pertaining to layouts 16:41 <jdstrand> * pickup the ssh/gpg interfaces PR since I recently got feedback on it 16:41 <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue) 16:41 <jdstrand> * pickup uid/gid work as have time (though I don't expect to get to it) 16:41 <jdstrand> that's it from me. sbeattie, you're up 16:41 <sbeattie> I'm on bug triage this week 16:42 <sbeattie> I'm researching doing cve triage and notifications for snaps 16:42 <sbeattie> I have some upstream apparmor work to do 16:43 <sbeattie> I'll also have the usual kernel cve triage bits, as well as a potential openjdk-7 update to publish 16:43 <sbeattie> that's probably it for me. tyhicks? 16:43 <jdstrand> mdeslaur: re dd> that is what I thought, but ps didn't show that, so, weird (maybe I did it too late and after dd was done) 16:43 <jdstrand> also, why did I bring that up in this channel? 16:43 <jdstrand> I expect answers :P 16:44 <tyhicks> I'm on CVE triage this week 16:44 <tyhicks> I have an embargoed issue 16:44 <tyhicks> I need to get final clarification on AppArmor audit even ID numbers so that chrisccoulson can begin work on that 16:45 <mdeslaur> jdstrand: oh, actually, it doesn't use dd, I reimplemented the same thing dd basically does in the dbus service 16:45 <mdeslaur> jdstrand: sorry, it was a while ago 16:45 <tyhicks> and I'll be working on squashfs reproduceability 16:45 <tyhicks> that's it for me 16:45 <tyhicks> jjohansen: you're up 16:45 <jdstrand> mdeslaur: I totally forgot you did anything with usb creator :) 16:45 <jjohansen> I am working on getting together the 4.15 apparmor pull 16:45 <mdeslaur> jdstrand: me too :) 16:45 <jdstrand> hehe 16:46 <tyhicks> ah, I have to send the 4.15 ecryptfs pull request but the hard work is already done 16:46 * jdstrand has a question for jjohansen when he's done 16:46 <jjohansen> I have a couple of bugs, I am looking at that I would like to get in 16:47 <jjohansen> I have to get out the policy versioning proposal 16:47 <jjohansen> I have some more LSM stacking work/replies to do 16:47 <jjohansen> and I really need to get a pass done on the mount rework, that I promised to look at more than a month ago 16:48 <jjohansen> thats is more than enough for the week 16:48 <jjohansen> jdstrand: your Q? 16:48 <jdstrand> jjohansen: I just wanted to make sure you saw https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813. upstream 4.13 in Debian is denying something that 4.13 Ubuntu does not seem to be 16:49 <jdstrand> so, perhaps add that to your list of bugs to investigate? if you need me to help with it, let me know (we don't have to discuss here) 16:50 <jjohansen> jdstrand: ack, I haven't looked at that so it can go on the list 16:50 <jjohansen> tyhicks: back to you 16:51 <tyhicks> sarnold: go ahead 16:51 <sarnold> niemeyer's conclusions about what should and should not require ptrace isn't really a bug -- the kernel will call resources by whatever names it pleases. 16:51 <jdstrand> sure 16:51 <sarnold> I'm in the happy place this week, working on an embargoed code review; it's large enough project that it could realistically grow to consume the whole week unless there's other priorities 16:52 <sarnold> I'll alsotry to be responsive to apparmor patches 16:52 <jdstrand> my point is that there is a difference between 4.13/upstream and 4.13/ubuntu 16:52 <sarnold> and that's a fine point to make :) hehe 16:52 <jdstrand> :) 16:53 <sarnold> I think that's it for me, chrisccoulson? 16:53 <leosilva> I think he's on the dentist, no? 16:53 <ratliff> chrisccoulson is away for now, so I'll go ahead 16:54 <ratliff> I'm in the happy place this week. 16:54 <ratliff> I will be entirely consumed by internally focused work. 16:54 <ratliff> on to you, leosilva 16:54 <leosilva> I'm the happy place this week :) 16:54 <leosilva> I have perl update to finish for esm. 16:54 <leosilva> After that I will hunting again. 16:54 <leosilva> that's it for me, 16:55 <tyhicks> thanks 16:55 <leosilva> tyhicks: it's back to you 16:55 <tyhicks> [TOPIC] Highlighted packages 16:55 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:55 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sanlock.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/zope2.13.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/flatnuke.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html 16:55 <tyhicks> [TOPIC] Miscellaneous and Questions 16:55 <tyhicks> Does anyone have any other questions or items to discuss? 16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:57 <tyhicks> #endmeeting