[18:03] <kees> security team meeting is a go?
[18:04] <jdstrand> sure
[18:05] <kees> mdeslaur: you ready too?
[18:05] <mdeslaur> kees: yep!
[18:05] <ari-tczew> close meeting?
[18:05] <kees> okay, so, last was UDS.  I'll be re-checking the specs and trying to hammer out workitems.  after that, publishing xorg-server update, and checking kernel builds
[18:06] <kees> jdstrand: you're up.  my list is short.  :)
[18:06] <jdstrand> I too plan to do the spec/workitems thing
[18:06] <jdstrand> I plan to get back to koffice
[18:06] <jdstrand> I am triager
[18:07] <jdstrand> and will start poking at the (new) chromium apparmor profile I started on over the weekend
[18:07] <jdstrand> that's it from me
[18:07] <jdstrand> mdeslaur: you're up
[18:07] <mdeslaur> I published some community security updates
[18:07] <mdeslaur> and will be doing the spec_workitems stuff
[18:08] <mdeslaur> and will go down the CVE list
[18:08] <mdeslaur> there's a lot of security bugs to research, if you want to pass some of those to me, jdstrand, feel free
[18:09] <mdeslaur> I didn't do any of it last week, so this morning I got rid of the low hanging fruit
[18:09] <jdstrand> well, we'll see
[18:09] <mdeslaur> oh, and I'll be looking at nxvl's openssl merge
[18:09] <mdeslaur> that's it from me
[18:10] <kees> cool.  jjohansen, sbeattie, other folks got anything to bring up?
[18:10] <nxvl> i will be giving mdeslaur a lot of work :D
[18:11] <kees> nxvl: oh? in what form?
[18:11] <nxvl> kees: he is community :D
[18:11] <jjohansen> kees: hrmm, not atm
[18:11] <mdeslaur> oh, and I'll also be preparing my packaging training session for next week
[18:11] <nxvl> i've going trough d2u list and doing some merges
[18:11] <kees> ah-ha, excellent.
[18:12] <nxvl> plus i found a 'bug' that i already reported to stefanlsd yesterday, will trying to look at the source of that
[18:12] <nxvl> bug in d2u
[18:13] <kees> okay, thanks everyone!
[18:13] <ari-tczew> I'm thinking about own work on chromium-browser CVEs
[18:15] <mdeslaur> ari-tczew: cool!
[18:15] <mdeslaur> ari-tczew, nxvl: thanks for your universe security update contributions this week
[18:15] <ari-tczew> mdeslaur: kadu hardy waiting for sponsorship ;p
[18:16] <mdeslaur> ari-tczew: I published it this morning
[18:16] <mdeslaur> ari-tczew: read your bug mail :)
[18:17]  * ari-tczew looking.. maybe in spam?
[18:19] <ari-tczew> mdeslaur: that's right! your mail was published in my spambox ;p
[18:19] <ari-tczew> and right now I got a mail from Ubuntu Installer
[18:20] <ari-tczew> security team: what do you think about expand Ubuntu CVE Tracker by option to choice a release version? e.g. get CVEs for karmic (only)
[18:20] <mdeslaur> ari-tczew: hmm...so I guess I'm considered spam :)
[18:21] <ari-tczew> if not, would be nice to got an option to get open CVEs on current development cycle (like merges and syncs - active during dev cycle)
[18:24] <kees> ari-tczew: the tracker already tracks per-release.  what specifically did you feel was missing?
[18:41] <ari-tczew> kees: I love looking on clear situation. I'd like to see CVEs only open on devel release
[18:42] <ari-tczew> current cve tracker's homepage have an option: (and without devel release)
[18:42] <ari-tczew> I'd like to got (only devel release)
[18:42] <kees> ari-tczew: you can use "scripts/ubuntu-table" from the tracker to do that -- just display the last column
[18:42] <ari-tczew> explanation: we should give users a good, very safety linux system