| === starcraft is now known as starcraftman | ||
| === asac_ is now known as asac | ||
| === swoody_ is now known as swoody | ||
| === ogra_ is now known as ogra | ||
| === ogra_ is now known as ogra | ||
| === highvolt1ge is now known as highvoltage | ||
| === fader|away is now known as fader_ | ||
| === yofel_ is now known as yofel | ||
| === Yos_ is now known as Yos | ||
| === KatieKitty is now known as KatieOffline | ||
| === KatieOffline is now known as KatieKitty | ||
| jdstrand | kees, robbiew: meeting? | 18:04 |
|---|---|---|
| * robbiew is here ;) | 18:04 | |
| kees | \o | 18:04 |
| kees | is mdeslaur back? | 18:04 |
| * jjohansen waves | 18:05 | |
| jdstrand | kees: I don't think so | 18:05 |
| jdstrand | he said he expected to have to miss today | 18:05 |
| kees | ah, ok. let's go ahead with the meeting anyway and we can catch him up tomorrow? | 18:06 |
| jdstrand | sounds good | 18:06 |
| kees | alrighty | 18:07 |
| kees | I'm playing a bit with "dieharder" for testing RNGs, and will probably create a q-r-t script for it. | 18:07 |
| kees | it's a long-running test, but it's pretty exhaustive. | 18:07 |
| robbiew | RNGs? | 18:07 |
| kees | Random Number Generator | 18:08 |
| jdstrand | kees: perhaps add it to test-rng.py? | 18:08 |
| kees | I'd done limited RNG testing with the "rngtest" tool but that only covers FIPS-140-2 | 18:08 |
| kees | jdstrand: yeah | 18:08 |
| jdstrand | test-rng.py allows you to run specific tests if you want, or all, of which dieharder could be one | 18:09 |
| jdstrand | kees: that is cool-- I hadn't heard of dieharder :) | 18:09 |
| jdstrand | kees: is rngtest part of test-rng.py now too? or did you not bother cause of dieharder? | 18:09 |
| kees | I may not bother given how robust dieharder is. | 18:10 |
| kees | on the other hand, it's super-fast. | 18:10 |
| jdstrand | might be fun-- you've already learned the tool | 18:10 |
| * kees nods | 18:11 | |
| kees | going to try to hit some more low-hanging fruit on the updates tree, and if I have any time left, I'm going to start working on the fscaps implementation for dpkg. | 18:11 |
| kees | that's it from me. | 18:12 |
| jdstrand | I am triager and I am continuing the transmission update this week. | 18:12 |
| jdstrand | it looks like I won't get to the getent/passwd apparmor stuff before alpha-2 | 18:13 |
| kees | s'okay, the infrastructure to support it is done, which is great | 18:13 |
| jdstrand | I plan to work on apparmor dev work for lucid, which includes alias support and the libvirt 0.7.5 merge from Debian | 18:13 |
| jdstrand | beyond that, I will probably pick up an update | 18:14 |
| jdstrand | kees: yeah-- we are looking very good wrt to tunables these days | 18:14 |
| jdstrand | there is a debconf question, apparmor now uses tunables/home.d and likewise-open drops a file in tunables/home.d | 18:15 |
| jdstrand | already that is a good improvement over previous releases | 18:15 |
| jdstrand | I have the method I am going to use for the passwd stuff, just need to think about whether to break it out into a separate tool, etc | 18:15 |
| jdstrand | that will be discussed when I get back to it | 18:16 |
| jdstrand | that is it from me for this week, but I have a separate item to discuss regarding our blueprints | 18:16 |
| jdstrand | we can come back to it later, or discuss now) | 18:17 |
| jdstrand | s/)// | 18:17 |
| kees | let's do it now. :) | 18:17 |
| jdstrand | ok, so an essential item (catchall-essential iirc) has "switch apparmor Firefox profile on for Lucid dev cycle" | 18:17 |
| jdstrand | (fine) | 18:17 |
| jdstrand | (well, maybe not, but anyhoo...) | 18:18 |
| jjohansen | whats not fine? | 18:18 |
| * kees is confused too | 18:18 | |
| jdstrand | that is a problem atm because a) I know that java is busted and audit doesn't show it as being broke because of profiling) and b) we can't do it until some lower priority blueprints are implemented | 18:19 |
| kees | kick it down to "high", I'd say. | 18:19 |
| jjohansen | which blueprints? | 18:19 |
| jdstrand | specifically: it requires parts of security-lucid-apparmor-usability and security-lucid-apparmor-abstractions, both 'high' | 18:20 |
| jdstrand | jjohansen: it's all my stuff | 18:20 |
| jdstrand | jjohansen: though I look forward to the ptrace fix ;) | 18:20 |
| jjohansen | just curious | 18:20 |
| jjohansen | right, that won't hit alpha2 | 18:20 |
| jdstrand | (that isn't blueprinted-- I'm just teasing) | 18:20 |
| jdstrand | well, maybe you bp'd it-- I didn't | 18:20 |
| jjohansen | erm, I think its a kernel work item | 18:21 |
| jdstrand | kees: so, yeah, marking it to high would be an option, but it is essential based on the person who suggested it | 18:21 |
| jdstrand | so I feel kinda stuck | 18:22 |
| jdstrand | (Mark said turn it on during UDS) | 18:22 |
| jdstrand | that came out wrong | 18:22 |
| jdstrand | during UDS, Mark suggested we turn the profile to enforcing | 18:23 |
| jjohansen | well it would be nice to have it on during alpha2 | 18:24 |
| jdstrand | so I wasn't sure to shuffle stuff around to essential, or to bump it down to high. the java bug is a problem though | 18:24 |
| jdstrand | jjohansen: I haven't had time to look at the java bug at all, but I confirmed java breaks with the profile on, but there are no denials | 18:24 |
| jjohansen | right, we need to look at that, is it serious enough that its not worth doing for alpha2 | 18:24 |
| jdstrand | jjohansen: have you seen that bug? | 18:25 |
| ScottK | Anything that takes a Java upload is clearly too late for Alpha 2. | 18:25 |
| jdstrand | ScottK: no, not a java upload | 18:25 |
| jjohansen | just profile | 18:25 |
| jdstrand | the java plugin breaks and hangs firefox when the firefox profile is in enforcing mode | 18:25 |
| * robbiew is confused...why must we bump it down to high? is it b/c it won't make alpha2? | 18:26 | |
| kees | jdstrand: hrm | 18:26 |
| kees | robbiew: I think the issue is that non-essential bps are blocking an essential bp | 18:26 |
| jdstrand | robbiew: an essential item depends on two items that are only high to be feasible | 18:26 |
| robbiew | ah | 18:26 |
| robbiew | ack | 18:26 |
| robbiew | makes sense to lower to high then | 18:27 |
| robbiew | regardless of who requested it ;) | 18:27 |
| robbiew | the only other option is get the blocking bps raised | 18:27 |
| jjohansen | agreeded I think its to late to figure out the Java bug and get a fix in | 18:27 |
| jjohansen | it probably has a kernel component | 18:27 |
| jdstrand | I mean, I can turn it on right now, but it breaks the java plugin, and regular people won't know what is happening with other profile bugs cause there isn't good gui reporting | 18:28 |
| jdstrand | jjohansen: fyi, java bug is bug #484148 | 18:28 |
| ubottu | Launchpad bug 484148 in firefox-3.5 "apparmor-profiles freezes Firefox when using Java applets (Sun JRE)" [Undecided,Confirmed] https://launchpad.net/bugs/484148 | 18:28 |
| jdstrand | I confirned it with openjdk | 18:28 |
| jjohansen | thanks | 18:29 |
| jjohansen | I'll take a look at it tomorrow | 18:29 |
| jdstrand | robbiew: the problem with rasing others to essential is that the the profile (excepting java) works well with Ubuntu | 18:29 |
| robbiew | jdstrand: right...then I guess we have our answer ;) | 18:29 |
| robbiew | lower it | 18:29 |
| robbiew | lol | 18:30 |
| jdstrand | robbiew: but, it is known to have problem in Kubuntu, and is untested in Xubuntu | 18:30 |
| jdstrand | alright | 18:30 |
| jjohansen | can we get the QA team to do some testing? | 18:30 |
| kees | jdstrand: I would like to have the firefox maintainer own this profile. | 18:31 |
| jjohansen | sure that would be nice | 18:32 |
| jdstrand | kees: yeah-- but, tbh, he is gone and there the replacement isn't here yet | 18:32 |
| * kees nods | 18:32 | |
| kees | just wanted to mention it. :) | 18:32 |
| jdstrand | kees: and, if you consider the whole of the distro, it isn't fully baked-- it works for Ubuntu, but untested in other places | 18:32 |
| jdstrand | there is quite a bit more that needs to be done development-wise | 18:33 |
| jdstrand | I mean, if someone said "hey, assign me that bp" I'd be happy to. no on ei is doing that ;) | 18:33 |
| jjohansen | well that is why I asked if we could get QA to do some browser testing | 18:34 |
| jdstrand | that would be excellent | 18:34 |
| ScottK | Unfortunately this doesn't seem to be the sort of thing they do. | 18:35 |
| ScottK | (not endorsing that, just saying) | 18:35 |
| robbiew | yeah...but it won't hurt to ask :) | 18:35 |
| ScottK | Agreed. | 18:36 |
| jjohansen | They might be more willing if we could automate it | 18:36 |
| jdstrand | I'd love an automated test for firefox-- I don't have one though (requires the time to learn the tools) | 18:37 |
| jjohansen | yeah | 18:37 |
| jdstrand | anyway, the rest of the discussion can be done outside of this meeting | 18:38 |
| jdstrand | I just wanted to indicate a problem with the priorities and the problems with that item in general | 18:39 |
| jdstrand | that is it from me | 18:39 |
| jdstrand | kees, robbiew: ^ | 18:39 |
| robbiew | ack | 18:39 |
| kees | anyone have any other questions for the security team? | 18:41 |
| ScottK | Probably ought to think about clamav 0.94 ->0.95 soon | 18:42 |
| kees | yeah | 18:42 |
| ScottK | AFAIK all the packages in backports are in good shap. | 18:42 |
| ScottK | They just need to be rebuilt against -security (clamav first and then the rdepends) | 18:42 |
| jdstrand | ScottK: so are you saying we are good to go with moving forward on that? | 18:43 |
| ScottK | Yes | 18:43 |
| jdstrand | ScottK: ok-- I'll take that on | 18:43 |
| ScottK | Great. | 18:43 |
| jjohansen | not a question, but dfa.minimization won't hit alpha2, its currently buggy | 18:43 |
| jdstrand | ScottK: I'll contact you soonish-- I am thinking within the next week or so I get into it fully | 18:43 |
| ScottK | jdstrand: OK. I'll be around. | 18:44 |
| jdstrand | ScottK: thanks again for all your hard work on it :) | 18:44 |
| jdstrand | jjohansen: ack | 18:44 |
| ScottK | Thanks. | 18:44 |
| kees | jjohansen: that's fine. cool that it's seeing progress. :) | 18:44 |
| jdstrand | yeah, totally | 18:44 |
| ScottK | jdstrand: BTW, cemc (who has been doing most of the testing and some of the rdepends packaging) in planning on going for Ubuntu membership soon. I hope you will endorse him. | 18:45 |
| jjohansen | it should hit this week, just not by tomorrow | 18:45 |
| kees | ScottK: I'd be happy to endorse him too (worked with him on pdns-recursor) | 18:45 |
| ScottK | kees: Great. | 18:45 |
| jdstrand | ScottK: sure, feel free to have him contact me, and I'll be sure to get him involved in this update | 18:45 |
| ScottK | jdstrand: OK. Will do. | 18:46 |
| jdstrand | (visiably involved with me) | 18:46 |
| jdstrand | visibly | 18:46 |
| jdstrand | anything else? | 18:46 |
| ScottK | Not from me. | 18:47 |
| jdstrand | alright then, let's adjourn | 18:47 |
| jdstrand | kees: ^ | 18:47 |
| kees | agreed, thanks everyone | 18:48 |
| jdstrand | o/ | 18:48 |
| jjohansen | bye | 18:49 |
| === fader_ is now known as fader|lunch | ||
| === fader|lunch is now known as fader_ | ||
| === starcraft is now known as starcraftman | ||
| === fader_ is now known as fader|away | ||
| === robbiew is now known as robbiew_ | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!