/srv/irclogs.ubuntu.com/2010/04/26/#ubuntu-meeting.txt

LinkinX64_hello!03:58
=== wet-chan is now known as wet
=== MosquitoOo is now known as MaWaLe
=== yofel_ is now known as yofel
=== joaopinto_ is now known as joaopinto
BlackZshoward, huats ping16:01
showardhey i'm here16:01
BlackZRoAkSoAx is absent16:02
BlackZwait again a while16:02
BlackZotherwise, if he will be again absent, we will start16:02
huatsI am here too16:03
huatsbut not really available16:03
huatswell a bit :)16:03
BlackZOK, can we start?16:06
showardYes, you can start the mootbot thing if you'd like16:07
huatssure16:07
BlackZ#startmeeting16:07
MootBotMeeting started at 10:07. The chair is BlackZ.16:07
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]16:07
BlackZ[LINK] https://wiki.ubuntu.com/MOTU/Mentoring/Reception/Meeting16:07
MootBotLINK received:  https://wiki.ubuntu.com/MOTU/Mentoring/Reception/Meeting16:08
BlackZ[TOPIC] Review ACTION points from previous sessions.16:08
MootBotNew Topic:  Review ACTION points from previous sessions.16:08
showardI think our only action points were to type up the notes fromlast time16:08
huatsshoward, Ithink so16:09
showard[LINK] https://wiki.ubuntu.com/MOTU/Mentoring/Reception/Meeting/Minutes16:09
MootBotLINK received:  https://wiki.ubuntu.com/MOTU/Mentoring/Reception/Meeting/Minutes16:09
BlackZOK16:09
BlackZso, do you want to start, showard ?16:10
showardIf the notes are ok, we canmove to thenext topic16:10
showardOk, at the end of the previous meeting, we were discussing about possible having a system where mentors pick their mentees16:11
showardthis way the number and quality of mentees would be visible. However, hauts pointed out that it was not allowed in the past16:12
showardto avoid creating "pockets" of knowledge where mentors and mentees would possible communicate outside of public channels and not in english16:12
BlackZshoward: yes16:13
huatsI am strongly against the idea of letting the mentee choose the mentor16:13
huats:)16:13
showardOk, I'll defer to hauts experience on that one! I can see benefits in both, but don't feel strongly eitherway16:14
BlackZagree with huats, for clear reasons16:14
showardOk, so mentee selection will go through reception16:15
showard[AGREED]  mentee selection will go through reception, self selection not allowed16:16
showardeh, i think only the chair could do that16:16
BlackZ+1 from me16:16
showardContinuing on. hauts: how do you recruit mentors?16:17
huatsshoward, sorry16:18
huatsI am a bit away16:18
showard(np, you told us you were busy before - whenever you get to it, we can talk about something else)16:19
huats1 way to recruit16:19
huatsto ask16:19
huats:)16:19
huatson many channels16:20
huatsmainly ubuntu-devel16:20
huatsbut I also think it might be wise to contact every new developer (after they have been granted) to explain them the process16:20
huatsshoward, BlackZ any other idea ?16:22
showardThat pretty much is the standard way of doing things. Hopefully it'll get some buzz on it's own (if it's successful).16:23
BlackZhuats: yes, it can be a way to recruit16:24
showardWe also can point people to the mentee bugs, even if someone isn't interested in becoming a mentor, it might be easy to just look through the applicants - maybe someone would do it even if they weren't interested at first16:24
showardbecause they see someone they sponsored or someone interested in a similar area16:24
BlackZshoward: yes, that's a way too16:25
BlackZother idea?16:26
showardHopefully that will be sustainable. How about "packaging training" people? We could introduce that as a way for new MOTUs and devels to take some higher level responsibility in the ubuntu project16:27
BlackZshoward: yes, agree with it16:28
huatsYES16:29
huatsit is something I'd like to raise16:29
showardThis way we aren't always leaning on the same people every month. New MOTUs and devels tend to have a good amount of "energy"and not a lot of responsibility, usually16:29
huatssince I've talked about it with dholbach16:29
huatswe should contact https://edge.launchpad.net/~packaging-training-coordinators16:30
dholbachhttps://wiki.ubuntu.com/Packaging/Training16:30
huats:)16:30
huatsthanks daniel16:30
dholbachif you want to join the coordinators or give a session, any kind of help is appreciated16:30
showardwe were thinking of leveraging those packaging training sessions and also trying to increase the number of people giving sessions. That would be the first place we'd point mentees to16:31
huatsThere is also the Ubuntu Beginners Development Focus group who have contacted me16:32
=== unimix_ is now known as unimix|work
huatsif would be good to act with them16:32
BlackZhuats: yes, it would16:32
showardYes, I think we shouldn't reinvent the wheel but to give support to and improve infrastructure that already exists16:33
BlackZshoward: indeed ^16:34
showardOk, I think we have a structure for what we see the mentoring program to be like within the designated development team structure. I think we should write up a proposal of what we've discussed16:35
BlackZsure showard16:35
BlackZwhat's the next item?16:36
showardI think we're done with the "continued from last meeting"16:36
BlackZOK, then we can go ahead16:36
showardwe're up to discussion of implementation, namely that we should go ahead an write up that proposal16:36
showardonce we all agree on it, we can get feedback from potential mentors, the development teams, packaging training people, beginner's focus group, and eventually the DMB16:37
=== vish is now known as Vish
showardI think we should split up the writing of the proposal - blackz, hauts, would you have time this week?16:38
=== Vish is now known as vish
huatsshoward, honnestly I wont16:39
=== vish is now known as Vish
BlackZshoward: sure - in the evening, except wednesday16:39
huatsI have 2 very very busy weeks16:39
BlackZs/evening/morning16:40
huatsI would be able to read them/react16:40
showardSure, np hauts.  BlackZ: we can do iton ourown,don't need to schedule16:40
huatsbut not to write that formally sorry16:40
huatsshoward, it is huats btw not hauts :)16:40
showard(my spacebar is weak today, sorry!)16:40
BlackZOK showard16:40
showardThe outline being: (1) motivation and general overview, (2) process for mentees, (3) process for mentors, (4) relationships with other teams16:41
showardWhat do you think? (I kind of just made that up, might not be optimal)16:42
BlackZshoward: it's a good idea, eventually we can add any other16:43
showardSure, would you want to start (1) and (2), I'll take (3) and (4)? Since i've been doing most of the writing, I think it is best if we can see the "general overview" without filtering it through my head again (make sure we all are on the same page)16:45
BlackZshoward: yes, I will, also, we can discuss of them on the next meeting16:46
showardgood plan, we can write it up this week and next week's agenda could be to approve it, internally, and make the plan on how to approach people to get feedback16:46
showardI think we've covered the agenda for the day16:47
showardthe action items: make a wiki page for the proposal, showard and blackz will start filling it in, other team members review it throughout the week so we can approve it next monday16:48
showardany other things to cover?16:49
BlackZsorry, crashed16:50
showardno problem. If there isn't any new news or topics, I think blackz can bring the hammerdown16:51
showard(as in closing the meeting with a gavel)16:51
showardok, I think we can #endmeeting16:52
BlackZ#endmeeting16:53
MootBotMeeting finished at 10:53.16:53
BlackZthanks all16:53
showardgreat! ok, we'll coordinate on email. BlackZ, could you start the wiki page in our /MOTU/Mentoring/Reception/[newpage]space? I'll do the minutes again unless someone else wants to16:54
BlackZshoward: I will16:55
=== cypher_ is now known as czajkowski
keesjdstrand, mdeslaur: meetin' time?18:04
jjohansen\o18:05
keesheya jjohansen18:06
mdeslaurkees: I'm back18:07
keesmdeslaur: cool.  robbiew, you joining us too?18:07
robbiewkees: only in spirit...;)18:08
keeshehe18:08
* robbiew is reminded to work on the job posting18:08
robbiewbah!18:08
jdstrando/18:11
jdstrandkees, mdeslaur: here now18:11
kees#startmeeting18:12
MootBotMeeting started at 12:12. The chair is kees.18:12
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]18:12
kees[TOPIC] stand-up report18:12
MootBotNew Topic:  stand-up report18:12
keesI'll be checking in with the kernel team on the next security update18:13
keesand then grinding out blueprints, which I'd like to cover later in this meeting.18:13
keeswe also need to review the job req, it needs to be fine-tuned.18:13
kees(also later)18:13
keesthat's it from me, really.  mdeslaur is up.18:13
mdeslaurokie18:14
mdeslaurI released ffmpeg regression fixes this morning18:14
mdeslauram currently working on texlive-bin18:14
mdeslaurand will do dvipng18:14
mdeslaurlooked at the postgresql updates that weren't build for -security and needs to sort that out with someone called "kees"18:15
mdeslaurand will go down list18:15
* kees noticed that in back-scroll. which CVE was it?18:15
mdeslaurthat's it18:15
mdeslaurkees: CVE-2010-044218:15
ubottuThe bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018:15
jdstrandthat is fairly vague18:16
keesthat really doesn't ring a bell; or if that IS the issue, it wasn't well understood at the time.  :(18:16
mdeslaurit's for sure an authenticated user server DoS18:16
keesyeah18:16
mdeslaurand may be an integer underflow also18:16
mdeslauralthough it's unclear how exploitable it is18:17
keesit should go to security; a simple rebuild should be fine.18:17
mdeslaurso either we rebuild all the postgresql packages for -security, or we don't consider it important enough and can wait until the next batch of postgresql updates18:17
keeslooks like 2010-0733 needs to be published too?18:17
mdeslaur2010-0733 was actually fixed by the _previous_ postgresql release18:18
keesand there are some for -8.3 too18:18
keesoh18:18
mdeslaurwhich did go to security18:18
jdstrandsounds somewhere between a low and a medium18:18
jdstrandI vote fix it18:18
keeshrm, so the state of CVEs for postgresql-* needs to be rechecked.18:18
keesyeah.18:18
mdeslaurkees: I just did them all18:18
mdeslaurkees: update your tree18:18
keesoh, /me refreshes18:18
keessince it's already tested, it should be a quick publication.18:19
mdeslaurkees: so you don't recall your discussion with pitti?18:19
keesmdeslaur: I remember it vaguely.  something about it must not have been well-understood at the time.  as it stands now, it should go to -security18:20
mdeslaurok, sounds good. any volunteers? (or did I just volunteer? :) )18:20
jdstrandI can do it18:20
keesand with that, it's jdstrand's turn...18:21
jdstrandI want to check the qrt tests on lucid anyway-- and it'll give my a chance to look at it18:21
jdstrands/my/me/18:21
mdeslaurok, cool jdstrand18:21
mdeslaurthanks18:21
jdstrandoh sure-- this is a pretty easy one-- lot's of testing already done :)18:21
jdstrandso, this week I plan to do the postgresql update18:21
jdstrand:P18:21
keeshehe18:22
mdeslaurlol18:22
jdstrandalong with that, there is a pending netpbm-free update I need to publish, and also I'm working on koffice (embedded xpdf 2.0 vulns in the kword importer)18:23
jdstrandI am finishing up install audits today18:23
jdstrandthat's it for me18:24
keescool, great18:24
kees[topic] blueprints for UDS18:24
MootBotNew Topic:  blueprints for UDS18:24
keesso, we need to get our blueprints finished by the end of the week18:24
keeswe should at least renew the stuff that can deferred, and then add anything else fun we want to do.18:24
keesrobbiew: do you have any new projects you want us to have as blueprints?18:25
keesjjohansen: can you convert your mental AppArmor TODO list into a blueprint?18:25
mdeslaurkees: do we have a scratch area somewhere to post ideas that we can do through and clean up?18:25
robbiewkees: no way18:25
robbiewlol18:25
jjohansenurgh, I can try18:25
jdstrandmdeslaur: we can do that outside of this meeting18:26
jjohansenit actually largely already exists in the wiki as a list of work items18:26
jdstrandI too, would like to do that18:26
mdeslaurjjohansen: the security team is not going to accept your "get into mainline" blueprint :)18:26
keesjjohansen: which wiki page?18:26
keesmdeslaur: we don't yet have a scratch area.  let's create that, then double-check it tomorrow?18:26
mdeslaurkees: sounds good18:27
jjohansenhttps://apparmor.wiki.kernel.org/index.php/DevelopmentRoadmap18:27
jjohansenhttps://apparmor.wiki.kernel.org/index.php/WorkItems18:27
keesnotes on blueprints are here: https://wiki.ubuntu.com/UDS-M  names must be "security-m-foo"18:28
keesI figure we can create the blueprints that we know will exist, and the rest of our ideas we can put in the brain-dump wiki18:29
* jdstrand thinks there may be a name collision or two18:29
keeswhere 'foo' is replaced!  :P18:29
jdstrandoh!18:29
jdstrand:P18:29
kees:)18:29
mdeslaurkees: I'd like to discuss all my ideas before we commit to creating them18:29
keeshow about here for brain-dump: https://wiki.ubuntu.com/SecurityTeam/UDS/M18:29
jdstrandwfm18:29
keesmdeslaur: sure, that's fine.  I have at least one (fscaps for dpkg) that I know can be a full blueprint18:30
mdeslaurkees: does that page not exist yet?18:30
jdstrandwe should move https://wiki.ubuntu.com/SecurityTeam/UDS to https://wiki.ubuntu.com/SecurityTeam/UDS/L btw18:30
keesmdeslaur: right, I was proposing a location for it.  wanted it public, since we've traditionally done it in the canonical wiki, which isn't optimal.18:31
keesjdstrand: yes18:31
keesokay, so, anything else on blueprints we can take out-of-meeting.18:32
mdeslaurok18:32
kees[topic] open job req18:32
MootBotNew Topic:  open job req18:32
keesI sent a rough-draft, based on the prior posting.  at least one thing needed to be added: familiarity with web programming, or something to that effect.18:32
keesany other additions/changes?18:33
jdstrandlet me reread it real quick18:33
mdeslaurweb programming and web security issues18:33
keesright, yes.18:33
mdeslaurie: web code auditing18:33
jdstrandkees, mdeslaur: I think the "Analyze, fix, and test vulnerabilities in Ubuntu packages" should be adjusted for this18:34
mdeslaurkees, jdstrand: we should probably add python programming18:35
jdstrandperhaps "requires good skills in web programming languages such as php and python, as well as good skills in C and thorough test planning)18:36
keesmdeslaur: yeah, it only lightly hints at it in the "testing with python-unit" bit18:36
keesjdstrand: yeah18:36
mdeslaurjdstrand: how about: "requires good skills in web programming languages such as php, as well as good skills in C, python, and thorough test planning18:36
jdstrandmdeslaur: seems good18:37
mdeslaur"enjoys working on webkit"18:37
jdstrandhehe18:37
* jdstrand wonders if java should be a part of all that18:37
keesokay, how about we play pastebin-tag with revisions today out-of-meeting and get a final version to robbie by EOD today?18:38
jdstrandsure18:38
mdeslaurok18:38
keesjdstrand: while tempting, I don't think we have enough evidence to suggest we need to specifically call it out yet.18:38
kees[topic] other stuff!18:38
MootBotNew Topic:  other stuff!18:38
keesanyone have anything else for the security team?18:38
jdstrandmaybe, though a *lot* of java was pulled in for euca and the java server stack...18:39
jdstrandthough I would hate to have someone who only really knew java18:39
keesjdstrand: yeah.  I'm suspicious as well, but I don't want to make the position unhirable.  :)18:39
jdstrandheh18:39
mdeslaurthe jre gets a lot of security issues, but java applications aren't that bad18:39
keesthat's my gut too.  I only remember 1 in recent history (the hash test truncation thingy)18:40
mdeslaurwell, tomcat has a lot, but it's a web server18:40
keesright18:40
mdeslaurok, I'm done18:41
mdeslauranyone else?18:41
mdeslaurgoing once...18:41
mdeslaurtwice...18:41
keessold!18:41
kees#endmeeting18:41
MootBotMeeting finished at 12:41.18:41
mdeslaursold to the lady with the blue hat!18:41
keeshehehe18:41
jdstrando/18:41
=== starcraftman is now known as WikiNinja
=== WikiNinja is now known as starcraftman
=== Vantrax|Work is now known as Vantrax

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!