#ubuntu-meeting log

16:38 <tyhicks> #startmeeting
16:38 <meetingology> Meeting started Mon Mar 19 16:38:18 2018 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:38 <meetingology> 
16:38 <meetingology> Available commands: action commands idea info link nick
16:38 <tyhicks> The meeting agenda can be found at:
16:38 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:38 <tyhicks> [TOPIC] Announcements
16:38 <tyhicks> The generalist role rotation for this week as follows:
16:38 <tyhicks> CVE Triage: sarnold, Bug Triage: ratliff, Community: sbeattie, Happy Place: mdeslaur, leosilva
16:38 <tyhicks> We've had several contributions since the last meeting:
16:38 <tyhicks> Simon Deziel provided debdiffs for xenial-artful for tor (LP: #1731698)
16:38 <ubottu> Launchpad bug 1731698 in tor (Ubuntu Artful) "[SRU] Tor 0.2.9.14 and 0.3.0.13" [Undecided,Fix released] https://launchpad.net/bugs/1731698
16:38 <tyhicks> Philip Rinn provided a debdiff for artful for qtpass (LP: #1747954)
16:38 <ubottu> Launchpad bug 1747954 in qtpass (Ubuntu) "qtpass generates possibly predictable and enumerable passwords" [Undecided,Fix released] https://launchpad.net/bugs/1747954
16:38 <tyhicks> Emmet Hikory (persia) provided debdiffs for xenial-artful for mosquitto (LP: #1752591)
16:38 <ubottu> Launchpad bug 1752591 in mosquitto (Ubuntu Bionic) "CVE-2017-7651 and CVE-2017-7652" [Undecided,Fix released] https://launchpad.net/bugs/1752591
16:39 <tyhicks> Thanks to the three of you for your assistance in keeping Ubuntu users secure! :)
16:39 <tyhicks> Finally, a personal announcement:
16:39 <tyhicks> This is my last day on the Ubuntu Security Team :/
16:39 <tyhicks> I'll be moving over to the kernel team but will still have a large focus on security
16:39 <tyhicks> The security team is a group of talented and wonderful people and I'll miss working so closely with all of them on a day to day basis
16:39 <tyhicks> [TOPIC] Weekly stand-up report
16:39 <tyhicks> jdstrand: you're up
16:39 * jdstrand hugs tyhicks
16:39 * tyhicks hugs jdstrand
16:40 * mdeslaur hugs tyhicks
16:40 * tyhicks hugs mdeslaur
16:40 <jdstrand> tyhicks: thanks for all you've done for the team over the years. I look forward to continuing to work closely with you :)
16:40 * mdeslaur throws coffee at kernel team
16:40 <tyhicks> :)
16:41 <leosilva> tyhicks:  tks for all the fishes and shared knowledged dude
16:41 <jdstrand> ok, I'll go now
16:41 <tyhicks> thanks leosilva :)
16:41 <jdstrand> - short week this week (off Friday)
16:41 <jdstrand> - email catchup from last week (tons of email)
16:41 <jdstrand> - I'm hesitant to say what I plan to work on this week since I haven't read the snap forum email yet, but can say I plan to be responsive to urgent PR reviews, particularly surrounding 18.04 desktop priorities. I expect reviews for portals, layouts and steam
16:41 <jdstrand> - process/prioritize sprint outcomes
16:41 <jdstrand> - go down the trello backlog as have time
16:42 <jdstrand> that's it from me
16:42 <jdstrand> mdeslaur: you're up
16:42 <mdeslaur> I'm in the happy place this week
16:42 <mdeslaur> I just published some php updates
16:42 <mdeslaur> and I'm working on bunch of other stuff, see ppa for goodies
16:42 <mdeslaur> that's about it
16:42 <mdeslaur> sbeattie: you're up
16:42 <sbeattie> I'm in the community role this week
16:43 <sbeattie> I have paramiko and openjdk updates to publish
16:43 <sbeattie> I am still working on retpoline backports for gcc-4.6
16:43 <sbeattie> I also have some kernel cve triage tasks to catch up on.
16:43 <sbeattie> and that will probably consume my week
16:44 <sbeattie> tyhicks (for the last time :( ):
16:44 <tyhicks> I'm cleaning out my desk and trying to wrap up things
16:45 <tyhicks> I just merged apparmor 2.12-4 from Debian
16:45 <tyhicks> I'll be looking at a busted autopkgtest in the docker.io package that's preventing apparmor uploads from migrating
16:45 <tyhicks> I need to leave one last internal documentation trail
16:46 <tyhicks> I think that's about it
16:46 <tyhicks> jjohansen: you're up
16:46 <jjohansen> I have a short week, I am off tuesday
16:47 <jjohansen> I am poking at an LXD issue with apparmor https://github.com/lxc/lxd/issues/4340
16:47 <jjohansen> and following up on https://bugs.launchpad.net/bugs/1755563
16:47 <ubottu> Launchpad bug 1755563 in linux (Ubuntu Bionic) "dangling symlinks to loaded apparmor policy" [Medium,Confirmed]
16:48 <jjohansen> and I am still working my way through the newest iteration of the LSM stacking patches that dropped last week
16:48 <jjohansen> I expect that will take the rest of my week
16:48 <jjohansen> sarnold: you're up
16:49 <sarnold> I'm on cve triage this week; I'm still working down the list of MIRs, uvloop is up first
16:50 <sarnold> it's a short week for me, I'm off friday
16:50 <sarnold> that's it for me, chrisccoulson?
16:51 <chrisccoulson> I'm just finishing off rust / cargo updates. I'm also expecting thunderbird updates this week
16:51 <chrisccoulson> Fingers crossed for no other updates
16:51 <chrisccoulson> I also need to start looking at gcc6.4 and node for firefox :(
16:52 <mdeslaur> :(
16:52 <chrisccoulson> other than that, I've got 2 embargoed issues and one internal thing to work on
16:52 <chrisccoulson> that's me don
16:52 <chrisccoulson> *e
16:52 <tyhicks> Emily is out today
16:52 <tyhicks> leosilva: you're up
16:53 <leosilva> I'm the happy place
16:53 <leosilva> I'm doing my pkg hunting as usual, that's it from me.
16:53 <leosilva> tyhicks: last time it's back to you :P
16:54 <tyhicks> thanks!
16:54 <tyhicks> [TOPIC] Highlighted packages
16:54 <tyhicks> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security
16:54 <tyhicks> updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:55 <tyhicks> [TOPIC] Miscellaneous and Questions
16:55 <tyhicks> Does anyone have any other questions or items to discuss?
16:56 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, leosilva: Thanks and don't have too much fun without me!
16:56 <tyhicks> #endmeeting