#ubuntu-meeting log

16:43 <jdstrand> #startmeeting
16:43 <meetingology> Meeting started Mon Aug 20 16:43:49 2018 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:43 <meetingology> 
16:43 <meetingology> Available commands: action commands idea info link nick
16:43 <mdeslaur> \o
16:44 <jdstrand> The meeting agenda can be found at:
16:44 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:44 <jdstrand> [TOPIC] Announcements
16:44 <jdstrand> The generalist role rotation for this week as follows: CVE Triage: ebarretto, Bug Triage: msalvatore, Community: sarnold, Happy Place: amurray, mdeslaur, sbeattie, leosilva
16:44 <jdstrand> Thanks to Unit193 for help on security updates for the community supported cgit last week. This work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:45 <jdstrand> The Ubuntu Security Team is hiring!
16:45 <jdstrand> * Ubuntu Security engineer: https://boards.greenhouse.io/canonical/jobs/1158266?t=8c0a6c1f1
16:46 <jdstrand> * Ubuntu Security manager: https://boards.greenhouse.io/canonical/jobs/1278287?t=8c0a6c1f1
16:46 <jdstrand> [TOPIC] Weekly stand-up report
16:47 <jdstrand> I'll go first
16:47 <jdstrand> This week I plan to work on:
16:47 <jdstrand> * brand store snap declarations
16:47 <jdstrand> * big anbox-support review
16:47 <jdstrand> * kubernetes-support interfaces
16:47 <jdstrand> * various snapd PR reviews
16:47 <jdstrand> * various internal tasks
16:47 <jdstrand> * embargoed item
16:47 <jdstrand> I'll also proxy for amurray
16:48 <jdstrand> He says:
16:48 <jdstrand> "I'm in the happy place this week.
16:48 <jdstrand> This week I'm focusing on some internal work
16:48 <jdstrand> Will also be looking at updating ceph and then moving on to other reactive package updates"
16:48 <jdstrand> mdeslaur: you're up
16:48 <mdeslaur> I'm in the happy place this week
16:48 <mdeslaur> I am working on two embargoed issues
16:49 <mdeslaur> and have a few things to finish before going on vacation
16:49 <mdeslaur> that's about it, sbeattie, you're up
16:49 <sbeattie> I'm also in the happy place this week.
16:49 <sbeattie> I've got the usual bit of kernel cve triage and signoffs to do.
16:49 <sbeattie> I'm still working on a bind9 update
16:50 <sbeattie> Oh, and I have an openjdk for bionic update to publish
16:50 <sbeattie> I'll try to pick up another update off the list
16:50 <sbeattie> There's also some apparmor upstream merge requests I need to review.
16:50 <sbeattie> That's probably it for me. jjohansen?
16:51 <jjohansen> I have to finish up with my LSS presentation, and spends time with LSM stacking this week.
16:51 <jjohansen> I'll sqeeze in some apparmor patch review, and maybe even some apparmor 3 patch revision.
16:51 <jjohansen> That should pretty much consume the week
16:51 <jjohansen> sarnold: you are up
16:53 <jdstrand> sarnold: stepped away for a moment. let's go to chrisccoulson
16:53 <jdstrand> s/://
16:53 <chrisccoulson> I plan to update spidermonkey in bionic this week
16:53 <chrisccoulson> I also want to get thunderbird 60 in the security PPA and tested, ready for the next release
16:53 <chrisccoulson> I need to fix an upgrade issue with the rust update I did last week
16:54 <jdstrand> chrisccoulson: regression? something else?
16:54 <chrisccoulson> I should have enough time to take on some other stuff this week
16:54 <chrisccoulson> jdstrand, I think I just need to fix a Breaks / Replaces somewhere to make the update from the previous version work properly
16:55 <chrisccoulson> that's me done
16:55 <jdstrand> leosilva: you're up (note, Mike is out today so Eduardo after you)
16:55 <leosilva> ok
16:55 <leosilva> I'm in the happy place this week
16:56 <leosilva> I just finished wpa USN and I'm working on spice. Other than that I'll keep looking for other updates to do.
16:56 <leosilva> ebarretto: it's up to you
16:56 <ebarretto> I'm in the CVE triage this week:
16:56 <ebarretto> - I've done already some CVE triage for today and will continue on it for this week
16:56 <ebarretto> - I'm re-triaging some CVEs for ffmpeg
16:56 <ebarretto> - I will update other packages ... still to be decided.
16:57 <ebarretto> jdstrand, back to you
16:57 <jdstrand> thanks
16:57 <jdstrand> sarnold: chime in when you are back
16:57 <jdstrand> [TOPIC] Highlighted packages
16:58 <jdstrand> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security
16:58 <jdstrand> updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:58 <jdstrand> [TOPIC] Miscellaneous and Questions
16:58 <jdstrand> Does anyone have any other questions or items to discuss?
16:58 <tsimonq2> Found this on Twitter: https://ubuntusecuritypodcast.org/
16:59 <tsimonq2> It seems amurray is doing/did a podcast. :)
16:59 <jdstrand> tsimonq2: yes, that is from our esteemed Tech Lead, amurray :)
16:59 <tsimonq2> :D
16:59 * jdstrand hugs amurray for doing the podcast
16:59 <tsimonq2> Just thought I'd mention it on the record.
17:00 <jdstrand> tsimonq2: yes, thank you. we definitely want that noted :)
17:00 * sarnold returns
17:00 <tsimonq2> #link https://ubuntusecuritypodcast.org
17:00 <tsimonq2> Does that work?
17:00 <tsimonq2> hmm
17:00 <tsimonq2> [LINK] https://ubuntusecuritypodcast.org
17:00 <tsimonq2> ¯\_(ツ)_/¯
17:00 <tsimonq2> Whatever. :)
17:01 <sarnold> I'm on community this week, working down the MIRs, still reading the gtk portal backend
17:02 <sarnold> jdstrand: /me chimes
17:02 <jdstrand> sarnold: hehe, thanks :)
17:02 <jdstrand> mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson, leosilva, ebarretto, tsimonq2: thanks!
17:02 <jdstrand> #endmeeting