/srv/irclogs.ubuntu.com/2011/07/25/#ubuntu-meeting.txt

=== freeflyi1g is now known as freeflying
=== noy_ is now known as noy
=== lag` is now known as lag
=== bdmurray_ is now known as bdmurray
kees	\o	17:22
jdstrand	o/	17:22
mdeslaur	hellow!	17:22
jjohansen	\o	17:22
* sbeattie waves		17:22
jdstrand	sorry I was a little late. let's get started	17:22
jdstrand	#startmeeting	17:22
MootBot	Meeting started at 12:22. The chair is jdstrand.	17:22
MootBot	Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]	17:22
jdstrand	The meeting agenda can be found at:	17:23
jdstrand	[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting	17:23
MootBot	LINK received: https://wiki.ubuntu.com/SecurityTeam/Meeting	17:23
jdstrand	[TOPIC] Review of any previous action items	17:23
MootBot	New Topic: Review of any previous action items	17:23
jdstrand	we don't have any formal ones from last week. jjohansen said he'd talk to me about dbus/apparmor, and did :)	17:23
jdstrand	[TOPIC] Weekly stand-up report	17:23
MootBot	New Topic: Weekly stand-up report	17:23
jdstrand	I'll go first	17:23
jdstrand	I'm an triage this week	17:24
jdstrand	I have several updates I am working on	17:24
jdstrand	I am going to attempt to get a dbus/apparmor uploaded with just the stubs for the apparmor hooks, as after talking with skaet this should make things either	17:24
jdstrand	s/either/easier/	17:24
jdstrand	I've also got a couple of apparmor profiles I'd like to get uploaded (related to work items)	17:25
jdstrand	I have more training	17:25
jdstrand	and apparently am the only active archive admin on duty for the week, due to debconf	17:25
jdstrand	it looks to be a busy week	17:25
jdstrand	kees: you're next	17:25
* Daviey hides RE: libvirt.		17:25
kees	alright, I'm on community	17:26
jdstrand	Daviey: I may have to just upload :( we'll talk later	17:26
kees	I'm trying to catch up on kernel CVEs -- it looks like mitre is very far behind, so I've got to go through oss-security to find stuff	17:26
jdstrand	bleck	17:26
bliss	mitre is always behind	17:26
kees	bliss: this is much worse than usual	17:26
kees	but regardless, yeah, they are, so I'm moving "review oss-security" up my priority list for each day :)	17:27
jdstrand	they really have been for quite a few months	17:27
kees	at the same time, i'm working on getting a bug sync tool written to help the kernel team with bug statuses	17:27
kees	that's it from me	17:27
bliss	proc commander out	17:28
mdeslaur	lol	17:28
* kees threatens bliss ;)		17:28
bliss	sorry, don't mean to be disruptive :-)	17:28
jdstrand	hehe	17:29
kees	nah, that was for 'proc commander' :) anyway, mdeslaur is up	17:29
* jdstrand loves 'proc commander', fwiw :)		17:29
mdeslaur	this week, I'm in the happy place	17:29
mdeslaur	I've just published freetype updates, and am currently working on libpng	17:29
mdeslaur	am also working on an embargoed issue	17:29
mdeslaur	and will further go down the list	17:30
mdeslaur	friday, I'm on patch piloting	17:30
mdeslaur	(different than being the proc commander)	17:30
mdeslaur	that's it from me	17:30
mdeslaur	sbeattie: you're up	17:30
sbeattie	I'm also in the happy place this week, after being on community last week.	17:30
sbeattie	I've got an icedtea-web/openjdk update I'm working on.	17:31
sbeattie	After that, I'm going to try to catch up on my apparmor work items.	17:32
sbeattie	that's it for me; micahg?	17:32
micahg	I'm working on webkit in various forms and associated CVE cleanup, chromium is a little late on their 6 week release train, so I expect a release relatively soon, but have no real idea about when, so if it comes, I'll take care of that, that's it for me	17:33
jdstrand	thanks guys	17:33
jdstrand	[TOPIC] Highlighted packages	17:34
MootBot	New Topic: Highlighted packages	17:34
jdstrand	The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security on Freenode. The highlighted packages for this week are:	17:34
jdstrand	* http://people.canonical.com/~ubuntu-security/cve/pkg/smilutils.html	17:34
jdstrand	* http://people.canonical.com/~ubuntu-security/cve/pkg/ccid.html	17:34
jdstrand	* http://people.canonical.com/~ubuntu-security/cve/pkg/libglpng.html	17:34
jdstrand	* http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html	17:34
jdstrand	* http://people.canonical.com/~ubuntu-security/cve/pkg/ziproxy.html	17:34
jdstrand	[TOPIC] Miscellaneous and Questions	17:34
MootBot	New Topic: Miscellaneous and Questions	17:34
jdstrand	I will be out of town for two weeks starting next monday (conference/holiday)	17:34
jdstrand	I know kees will also be out at least part of next week (conference)	17:35
jdstrand	Does anyone have any other questions or items to discuss?	17:35
sbeattie	jdstrand: I would like to discuss the openjdk update for a second.	17:35
kees	wheee blackhat/defcon	17:36
bliss	would it be possible to devote time/effort to auditing packages identified by community members or the security team as needing a security overhaul? ideally packages that are widely used or commonly integrated into ubuntu	17:36
bliss	in a more coordinated way, i mean	17:36
bliss	it just strikes me that there are several widely used packages where everyone knows they're broken, but nobody has time or interest in fixing them	17:37
kees	i would certain like to see something like that. do you want to do the coordination?	17:37
bliss	sure, i'd be happy to help in whatever way i can	17:37
bliss	anyone can get involved as well, doesn't need to just be security team	17:38
jdstrand	I think starting with wishlist bugs would be a good start. if there is a lot, it could be a wiki page	17:38
bliss	yeah	17:38
bliss	maybe for starters, a public list of "these packages could use some auditing/hardening"	17:39
jdstrand	I can incorporate into the 'Highlighted package' section, if there is an easy way to incorporate it	17:39
bliss	cool	17:39
bliss	we can brainstorm over the next few days/weeks, no need to draw out the meeting	17:39
bliss	just something that's been on my mind	17:39
kees	google may want to get involved too	17:40
bliss	yeah, i'd imagine	17:40
bliss	examples: libavcodec/libavformat, libpoppler, libfreetype	17:40
jdstrand	bliss: thanks. maybe this could be discussed on the mailing list (<ubuntu-hardened@lists.ubuntu.com>)	17:40
jdstrand	(the process, not necessarily which packages, but it could be	17:40
jdstrand	)	17:40
jdstrand	sbeattie: you wanted to discuss openjdk?	17:41
bliss	alright, i'll flesh out some ideas and send an email	17:41
jdstrand	bliss: awesome, thanks :)	17:41
sbeattie	jdstrand: bascially, the patches that upstream shipped for icedtea 1.8.9 (used for armel/lucid,maverick) don't compile here.	17:41
mdeslaur	sbeattie: awesome	17:42
sbeattie	jdstrand: the packages for the other arches and for icedtea-web built okay, I still need to test them.	17:42
sbeattie	jdstrand: so I thought I would approach upstream with the issue I have while releasing what I have (after testing).	17:42
sbeattie	and then if/when we get a fix for 1.8.9, release those as a -2 update.	17:43
sbeattie	does that sound reasonable?	17:43
jdstrand	yeah, sounds very reasonable. iirc, in the past we have published a -2 for openjdk for other things (building as I recall)	17:44
sbeattie	right.	17:44
sbeattie	okay thanks.	17:44
jdstrand	anything else?	17:45
jdstrand	ok. thanks everyone! :)	17:46
jdstrand	#endmeeting	17:46
MootBot	Meeting finished at 12:46.	17:46
kees	thanks jdstrand!	17:46
mdeslaur	thanks jdstrand!	17:46
micahg	thanks jdstrand	17:47
sbeattie	jdstrand: thanks!	17:47
=== Ursinha is now known as Ursinha-lunch
=== maxforti_ is now known as maxforti
=== yofel_ is now known as yofel
=== Ursinha-lunch is now known as Ursinha
=== ^aL-ITAngel^ is now known as ^Zen-hoOb-bit

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!