16:34 <ratliff> #startmeeting
16:34 <meetingology> Meeting started Mon Apr  9 16:34:25 2018 UTC.  The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:34 <meetingology> 
16:34 <meetingology> Available commands: action commands idea info link nick
16:34 <ratliff> The meeting agenda can be found at:
16:34 <ratliff> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:34 <ratliff> [TOPIC] Announcements
16:35 <ratliff> We have no announcements this week.
16:35 <ratliff> [TOPIC] Weekly stand-up report
16:35 <ratliff> jdstrand: you're up
16:36 <mdeslaur> \o
16:37 <ratliff> mdeslaur: why don't you go ahead. it looks like jdstrand is still wrapping up from a previous discussion
16:37 <mdeslaur> I'm on bug triage this week
16:37 <mdeslaur> I'm working on publishing some updates
16:37 <mdeslaur> at the moment
16:37 <jdstrand> sorry, I'm here. I'll go after mdeslaur
16:37 <mdeslaur> and I have a couple of embargoed issues to look at
16:37 <mdeslaur> if I have time, I'll pick something else off the list
16:37 <mdeslaur> that's about it, jdstrand, you're up
16:37 <jdstrand> https://github.com/ubuntu
16:38 <jdstrand> let me try that again
16:38 <jdstrand> This week I plan to work on:
16:38 <jdstrand> - finish up miscellaneous updates branches for snapd (should be done this morning)
16:38 <jdstrand> - enabling resquashfs enforcement in the review tools
16:38 <jdstrand> - snap/usn notification (will start today)
16:38 <jdstrand> - attend to high priority snapd reviews
16:38 <jdstrand> - address conntrack deprecation issues in ufw for 18.04 SRU as have time
16:38 <jdstrand> ratliff: note on the last point, I'm going to fix in SRU rather than release
16:39 <ratliff> jdstrand: ack
16:39 <jdstrand> ratliff: it requires a bit of work to do correctly and I got pulled aside in different ways last week
16:39 <jdstrand> I worked on it, but not enough to have it ready for release
16:39 <jdstrand> sbeattie: you're up
16:39 <sbeattie> I'm on cve triage this week
16:40 <sbeattie> I also have a bunch of kernel cve triage and signoffs to look at
16:40 <sbeattie> I'm still working on the gcc-4.6 retpoline backport.
16:40 <sbeattie> I also have a kernel qrt issue for bionic's kernel to sort out.
16:41 <sbeattie> if I have time, I'll pick up an update.
16:41 <sbeattie> that's it for me. sarnold, I think you're next?
16:42 <sarnold> I'm in the happy place this week, running down the MIRs
16:42 <sarnold> pv at the moment, I think socat up next
16:42 <sarnold> that's it for me, chrisccoulson I think?
16:43 <chrisccoulson> I'm expecting to have to do another thunderbird update this week
16:43 <chrisccoulson> I've also got a couple of embargoed issues
16:44 <chrisccoulson> I also plan to go through and triage all of the spidermonkey CVEs
16:44 <chrisccoulson> I need to get python3.5 backported to trusty, as well as work on rust 1.25 updates, so I'm not too hopeful about being able to do anything fun this week
16:45 <chrisccoulson> I think that's me done
16:45 <ratliff> I'm in the happy place this week.
16:45 <ratliff> I need to load the CVE triage data since January into Influx for the kpis.
16:45 <ratliff> I have some internal work to do.
16:46 <ratliff> I have sprint prep work.
16:46 <ratliff> leosilva: you are up
16:46 <leosilva> I'm community this week.
16:46 <leosilva> I have a patch update to work
16:46 <leosilva> Also a ruby cve triage/research before follow with ruby`s rounds 2 update
16:46 <leosilva> other than that I'll hunting and grab new pkgs to udpate
16:47 <leosilva> ratliff: it's back to you
16:47 <jjohansen> I guess I'll squeeze in last
16:47 <jjohansen> this week I am working on
16:47 <jjohansen> - finishing up with LSM stacking work for bionic
16:47 <jjohansen> - backporting all existing apparmor bug fixes for bionic
16:47 <jjohansen> - the 4.17 apparmor pull request
16:47 <jjohansen> - working on bug 1679704
16:47 <jjohansen> - finishing up with the 2.13 changes for suse
16:47 <jjohansen> - once that is done maybe I can start poking at the prompt mode work
16:47 <ubottu> bug 1679704 in apparmor (Ubuntu) "libvirt profile is blocking global setrlimit despite having no rlimit rule" [Critical,In progress] https://launchpad.net/bugs/1679704
16:47 <jjohansen> ratliff: back to you
16:47 <ratliff> thanks, jjohansen!
16:47 <ratliff> [TOPIC] Highlighted packages
16:48 <ratliff> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so.
16:48 <ratliff> See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:48 <ratliff> [TOPIC] Miscellaneous and Questions
16:48 <ratliff> Does anyone have any other questions or items to discuss?
16:51 <jbicha> y'all decided against doing a bionic archive-rebuild for spectre mitigation, right?
16:51 <ratliff> jbicha: yes
16:51 <ratliff> the performance regression was too high for a questionable security return
16:52 <jbicha> performance regression? are only certain whitelisted packages using repotline?
16:52 <jbicha> anyway, I don't want to hold up your meeting
16:53 <ratliff> jbicha: we can discuss in #ubuntu-hardened
16:53 <ratliff> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson, leosilva: Thanks!
16:53 <jbicha> sure, thanks
16:53 <ratliff> #endmeeting