16:42 <tyhicks> #startmeeting 16:42 <meetingology> Meeting started Mon Dec 4 16:42:35 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:42 <meetingology> 16:42 <meetingology> Available commands: action commands idea info link nick 16:42 <mdeslaur> \o 16:42 <tyhicks> The meeting agenda can be found at: 16:42 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:42 <tyhicks> [TOPIC] Weekly stand-up report 16:42 <tyhicks> jdstrand: you're up 16:44 <jdstrand> hey 16:44 <jdstrand> This week I'm primarily focusing on things for 2.30: 16:44 <jdstrand> * finish review-tools resquashfs tests 16:44 <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue) 16:45 <jdstrand> * policy updates PR for 2.30 16:45 <jdstrand> * pickup the ssh/gpg interfaces PR 16:45 <jdstrand> * snapd 2.30 PR reviews 16:45 <jdstrand> * investigate biometrics observe interface 16:45 <jdstrand> * implement screen-lock interface 16:45 <jdstrand> * non-2.30 PR reviews as have time (eg, layouts, xdg-settings) 16:45 <jdstrand> that's it from me 16:45 <jdstrand> mdeslaur: you're up 16:45 <mdeslaur> I'm in the happy place this week 16:45 <mdeslaur> I just published an evince update 16:45 <mdeslaur> and I have a couple more to test 16:45 <mdeslaur> I also want to work on ubuntu-support-status this week 16:45 <mdeslaur> and I'm off on friday 16:45 <mdeslaur> that's it for me, sbeattie? 16:46 <sbeattie> I'm in the happy place 16:46 <sbeattie> I'm still researching cve triage process for snaps 16:46 <sbeattie> I have some upstream apparmor tasks I need to get to 16:47 <sbeattie> I am also monitoring kernel cves/respins 16:47 <sbeattie> and I have a couple of other random issues on my plate 16:47 <sbeattie> that's it for me; tyhicks, over to you. 16:47 <tyhicks> * weekly role: happy place 16:47 <tyhicks> * embargoed issues 16:47 <tyhicks> * squashfs reproduceability 16:47 <tyhicks> * nudge a number of things along: 16:47 <tyhicks> * snapd seccomp logging PR 16:48 <tyhicks> * libseccomp Xenial SRU 16:48 <tyhicks> * audit SRUs 16:48 <tyhicks> * libseccomp-golang upstream PR 16:48 <tyhicks> jjohansen: you're up 16:48 <jjohansen> I am working on making apparmor mount mediation work with the mount code rework 16:49 <jjohansen> I will also being doing a 4.14 kernel for the kernel team 16:49 <jjohansen> and maybe I can get some work done on updating the backport kernels 16:50 <jjohansen> and I suppose there are several bugs to look at but I don't have any bug numbers of particular ones 16:50 <jjohansen> sarnold: you are up 16:51 <sarnold> I'm on bug triage this week 16:51 <sarnold> and doing some embargoed work 16:51 <sarnold> with libteam MIR after that, if there's time 16:52 <sarnold> that's it for me, chrisccoulson? 16:52 <chrisccoulson> I need to finish up rust 1.22 updates this week. There are currently 3 separate failures I need to investigate, and one of these looks like it might be the "rust builds fail randomly in launchpad" issue I had last time 16:53 <chrisccoulson> which I worked around by continually hitting retry until it built 16:53 <chrisccoulson> I've got an embargoed update to prepare 16:54 <chrisccoulson> I should be able to look at this apparmor / audit work this week 16:54 <chrisccoulson> that's me done 16:54 <ratliff> I'm on community this week 16:54 <ratliff> Other than that I am still working on two internal assignments and an embargoed issue. 16:54 <ratliff> on to you, leosilva 16:54 <leosilva> I'm on CVE-triage this week. 16:55 <leosilva> I just published curl for precise 16:55 <leosilva> I'll do my normal hunting too and some research. 16:55 <leosilva> that's it for me. tyhicks it's back to you! 16:56 <tyhicks> [TOPIC] Highlighted packages 16:56 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:56 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:56 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sun-javadb.html 16:56 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp.html 16:56 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/most.html 16:56 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/git-hub.html 16:56 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/libuser.html 16:56 <tyhicks> [TOPIC] Miscellaneous and Questions 16:56 <tyhicks> Does anyone have any other questions or items to discuss? 16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:57 <tyhicks> #endmeeting