[14:58] <smartboyhw> balloons: http://sdrv.ms/ROS6Cz
[17:54] <s9iper1> beuno: hello
[18:13] <mdeslaur> \o
[18:13] <jjohansen> o/
[18:13] <jdstrand> hi!
[18:13] <jdstrand> #startmeeting
[18:13] <meetingology> Meeting started Mon Aug  6 18:13:28 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[18:13] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[18:13] <jdstrand> The meeting agenda can be found at:
[18:13] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[18:13] <jdstrand> [TOPIC] Announcements
[18:14] <jdstrand> Thanks to the following individuals:
[18:14] <jdstrand> Felix Geyer (debfx) provided debdiffs for oneiric-precise for ruby-actionpack-2.3 (LP: #1030984)
[18:14] <jdstrand> Mike !McClurg (mike-mcclurg) provided a debdiff for precise for xen-api (LP: #1031375)
[18:14] <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[18:14] <jdstrand> [TOPIC] Weekly stand-up report
[18:14] <jdstrand> I'll go first
[18:15] <jdstrand> so, I spent a *lot* of time on webkit and kde/archive admin stuff last week
[18:15] <jdstrand> the former is mostly done, but I need to follow up with some discussions, etc
[18:16] <jdstrand> the latter is done for now. There is more that can be done, but I don't have the stamina to do it atm
[18:16] <ScottK> :-)
[18:16] <jdstrand> I'm in the happy place
[18:17] <jdstrand> I have a couple of MIR audits left, then after that, recruiting and back to pending updates
[18:17] <jdstrand> mdeslaur: you're up
[18:17] <mdeslaur> I'm on community this week
[18:17] <mdeslaur> just published the nvidia driver updates
[18:17] <mdeslaur> and now I'm looking at koffice and uhm...
[18:18] <mdeslaur> what's it called
[18:18] <mdeslaur> calligra?
[18:18] <mdeslaur> tomorrow, I'll be working on openoffice and libreoffice
[18:18] <mdeslaur> and will try and get to libxml too
[18:18] <mdeslaur> that's it for me
[18:18] <mdeslaur> tyhicks: you're up
[18:18] <jdstrand> mdeslaur: thanks again for working on that mvidia issue
[18:18] <jdstrand> nvidia
[18:19]  * micahg wonders where he went
[18:19] <mdeslaur> np
[18:19] <tyhicks> micahg: go ahead
[18:19] <mdeslaur> hehe, I wasn't sure who was usually after steve
[18:19] <mdeslaur> sorry for aggravating your OCD :)
[18:19]  * jdstrand allows goes with longevity on team
[18:19] <micahg> I'm still working on webkit, hopefully will see the light at the end of the tunnel soon, I'm also SRUing a regression fix from the icedtea-web in natty/oneiric for sbeattie
[18:19] <jdstrand> that is the only way I can keep it straight :)
[18:20] <micahg> as well as the standard mozilla pretesting of the week
[18:20] <micahg> I think that's it for me
[18:20] <tyhicks> I'm covering triage this week for steve
[18:21] <tyhicks> My focus will be on updates and working a new eCryptfs data corruption bug
[18:22] <jdstrand> :\ how widespread is that?
[18:22] <tyhicks> It is intermittent and only happens when downloading really large files, so it will be a fun one :/
[18:22] <ScottK> How large is really large?
[18:22] <tyhicks> ScottK: I've only reproduced it with > 3G files
[18:22] <ScottK> OK.
[18:22] <tyhicks> jdstrand: Not too widespread. I've only seen one report on it.
[18:23] <ScottK> The concerned eCryptfs user sits back down.
[18:23] <tyhicks> It is very subtle, too. Only one or two bytes changed in the corrupted file.
[18:23] <tyhicks> (at least in the couple times that I was able to reproduce it)
[18:23] <kirkland> tyhicks: what bug # is that?
[18:23]  * tyhicks looks
[18:23] <jdstrand> tyhicks: let's talk outside of the meeting on how you are reproducing
[18:24] <tyhicks> bug 1027450
[18:24] <tyhicks> jdstrand: ack
[18:24] <tyhicks> That's it for me
[18:25] <jdstrand> jjohansen: you're up
[18:25] <jjohansen> I guess I'm up
[18:25] <jjohansen> I've got a couple of apparmor bugs to look into, cboltz's profile cache failing reported on the ml, and a no new privs issue from hallyn,
[18:25] <jjohansen> While I am at the no new privs issue, I'll also look into how to deal with that in stacking, it may require us to carry some information in the stack
[18:25] <jjohansen> I've got a qrt kernel security failure to finishing looking into
[18:25] <jjohansen> beyond that I'll be pushing out the 3rd iteration of the current patchset with the locking rework, and might include some of the perm remapping, profile hashing and stacking patches with it
[18:26] <jjohansen> jdstrand: back to you
[18:27] <jdstrand> [TOPIC] Highlighted packages
[18:27] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/syscp.html
[18:27] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libhtml-template-pro-perl.html
[18:27] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html
[18:27] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html
[18:27] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ncpfs.html
[18:27] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[18:28] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[18:28] <jdstrand> I pasted the highlighted packages above
[18:28] <jdstrand> [TOPIC] Miscellaneous and Questions
[18:28] <jdstrand> There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.
[18:28] <jdstrand> Does anyone have any other questions or items to discuss?
[18:28] <ScottK> \o
[18:28] <jdstrand> ScottK: go ahead
[18:29] <ScottK> The Calligra/KOffice issue is in an embedded copy of wv2.
[18:29] <ScottK> We also have a packaged wv2 that's significantly older.
[18:29] <ScottK> The code in the area of the fix is superficially similar, but the package doesn't build with the patch.
[18:30] <ScottK> I was wondering if when you're looking at Calligra/KOffice you might have a glance at wv2 and see if you think it's also relevant to it.
[18:30] <ScottK> ..
[18:30] <mdeslaur> it did look relevant at first glance
[18:30] <ScottK> (I was in a rush on saturday and heaved an updated wv2 at quantal.
[18:31] <ScottK> It FTBFS.
[18:31] <micahg> scottK: that looks like a gcc-4.7 failure
[18:31] <ScottK> OK.
[18:31] <ScottK> Thanks.
[18:31] <ScottK> I'll see if I can find someone to help me with it.
[18:32] <ScottK> (that or remove the package, there aren't any users for the lib and it's dead upstream other than the embedded on in Calligra.
[18:33] <jdstrand> ScottK: thanks
[18:34] <jdstrand> any other questions or items to discuss?
[18:38] <jdstrand> mdeslaur, micahg, tyhicks, jjohansen, ScottK: thanks!
[18:38] <jdstrand> #endmeeting
[18:38] <meetingology> Meeting ended Mon Aug  6 18:38:06 2012 UTC.
[18:38] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-08-06-18.13.moin.txt
[18:38] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-08-06-18.13.html
[18:38] <jjohansen> thanks jdstrand
[18:38] <mdeslaur> thanks jdstrand!
[18:39] <micahg> thanks jdstrand
[20:55] <kees> \o
[20:58]  * stgraber waves
[20:59] <soren> o/
[21:00] <soren> #startmeeting
[21:00] <meetingology> Meeting started Mon Aug  6 21:00:27 2012 UTC.  The chair is soren. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[21:00] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[21:00] <soren> Short agenda today:
[21:00] <soren> #link https://wiki.ubuntu.com/TechnicalBoardAgenda
[21:01] <soren> pitti seems to be on holiday
[21:01] <cjwatson> here
[21:01] <cjwatson> boring agenda
[21:01] <soren> I haven't seen apologies from anyone else.
[21:01] <soren> #topic Action review
[21:02] <soren> Soren: Brainstorm review
[21:02] <soren> No progress. Vacation and conferences and whatnot. :(
[21:02] <soren> #action Soren to finish brainstorm review
[21:02] <meetingology> ACTION: Soren to finish brainstorm review
[21:02] <soren> Anything else? Meetbot isn't very helpful from last meeting.
[21:03] <soren> Guess not.
[21:03] <soren> Gah, laggy connection. Crappy timing.
[21:03] <cjwatson> anything in IRC logs?
[21:03] <soren> Sorry guys.
[21:04]  * cjwatson has a quick look
[21:04] <soren> There's the thing abut gut 252368
[21:04] <soren> gut? bug!
[21:04] <soren> bug 252368
[21:04] <soren> It seems mdz was to follow up to the mailing list.
[21:05] <cjwatson> IMO this is low priority and we should stop caring
[21:05] <mdz> I didn't
[21:05] <mdz> OK with me
[21:05] <cjwatson> I can't understand why we're continuing to worry about it; there are many other more important things to do on LP
[21:05] <soren> Alright. Officially intentionally not going to carry this over.
[21:06] <cjwatson> I know we've been asked about it and there is some social importance to it
[21:06] <cjwatson> But there are lots of other things in a similar position
[21:06]  * cjwatson skim-reading last fortnight's logs
[21:06] <soren> I see no other action items
[21:07] <soren> Moving on
[21:07] <cjwatson> I don't see anything else carried over either
[21:07] <soren> #topic MRE for point release mythtv in LTS
[21:07] <soren> https://lists.ubuntu.com/archives/technical-board/2012-August/001357.html
[21:07] <soren> It wasn't added to the agenda, but I guess we can still discuss it.
[21:08] <soren> Is anyone here to represent this topic?
[21:08] <kees> I've been pretty happy with the process (I use MythTV myself).
[21:08] <stgraber> yeah, would be good to have this approved or rejected soon as they want to update mythtv for the 12.04.1 point release which is getting really close
[21:08] <kees> I've found upstream to be good about doing fixes only.
[21:09] <kees> I would be happy to approve a provisional MRE; though it would be nice if they had some kind of test suite.
[21:09] <soren> superm1: Just in time :)
[21:09] <stgraber> hey superm1
[21:09] <superm1> hi folks
[21:09] <stgraber> superm1: we're discussing your MRE request at the moment
[21:10] <stgraber> do you know what kind of testing is done upstream for their stable release? do they have any kind of automated testing or strong manual testing prior to release?
[21:10] <soren> (/msg'ed relevant scrollback)
[21:10] <superm1> stgraber: yeah soren just shared with the scrollback, thanks soren
[21:10] <soren> np
[21:10] <superm1> stgraber: they have automated build testing, but other than that it's strong manual testing prior to point releases
[21:11] <superm1> they heavily push the community to use their stable branch at all times when a problem comes up
[21:11] <soren> Do they have multiple branches, so this is a maintenance branch while there's another one where the dev focus is?
[21:12] <superm1> yes
[21:12] <superm1> they have a fixes branch for every major release
[21:12] <superm1> and a master branch for development
[21:12] <superm1> no new features come to the fixes branch for any of the releases for any reason, it's solely bug fixes
[21:13] <soren> How long are these branches usually maintained?
[21:13] <superm1> up until the next major release
[21:13] <soren> Is that time-based?
[21:13] <superm1> they're moving to time based now i believe
[21:13] <superm1> they were previously feature based (it'll be done when it's done)
[21:14] <superm1> but they're pushing features out for later releases if they're not going to be ready in time, and doing development in topic branches to merge
[21:14] <soren> Cool.
[21:15] <soren> I don't have any other questions.
[21:15] <soren> Anyone else?
[21:15] <superm1> and to be clear, this is just for asking for the micro releases of the 0.25 release (which only one is expected), i don't think it will be appropriate to push to 0.26 ever to -updates, only maybe -backports
[21:16] <soren> Oh, one more thing:
[21:17] <soren> Is this just a single source package or do we need a list somewhere?
[21:17] <cjwatson> It sounds reasonable enough to me
[21:17] <superm1> single source package
[21:17] <superm1> it used to be multiple source packages, but was a mess to sync up with archive skew
[21:18] <soren> Cool.
[21:18] <soren> Alright.
[21:18] <soren> #vote Approve MRE for MythTV
[21:18] <meetingology> Please vote on: Approve MRE for MythTV
[21:18] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)
[21:18] <soren> +1
[21:18] <meetingology> +1 received from soren
[21:18] <stgraber> +1
[21:18] <meetingology> +1 received from stgraber
[21:19] <soren> mdz, kees:
[21:19] <mdz> +1
[21:19] <meetingology> +1 received from mdz
[21:19] <soren> Going once..
[21:19] <soren> Going twice
[21:20] <soren> #endvote
[21:20] <meetingology> Voting ended on: Approve MRE for MythTV
[21:20] <meetingology> Votes for:3 Votes against:0 Abstentions:0
[21:20] <meetingology> Motion carried
[21:20] <superm1> great, thanks guys
[21:20] <stgraber> superm1: FWIW I'm also granting you a 12.04.1 exception, so if you want it in the point release, please make sure it's uploaded ASAP
[21:20] <superm1> stgraber: it's in the queue, just needs accepting
[21:20] <soren> Lovely.
[21:20] <soren> Moving on.
[21:21] <soren> #topic check up on community bugs
[21:21] <soren> So, given our discussion earlier, I'm going to go ahead an unassing us from https://bugs.launchpad.net/ubuntu-community/+bug/252368
[21:22] <soren> As for https://bugs.launchpad.net/ubuntu-community/+bug/174375
[21:22] <mdz> I'm having network issues right now
[21:22] <mdz> lagging a lot
[21:23] <soren> I'm not sure what we need to discuss here still.
[21:24] <soren> I guess I'm not the only one.
[21:24] <cjwatson> We still need to get ubuntu-release-nominators out of ubuntu-release somehow; that team is a hack
[21:25] <cjwatson> To some extent we've just moved the problem (albeit to somewhere less damaging)
[21:26] <soren> I guess I'm not actually clear on what *we* are meant to do here.
[21:26] <cjwatson> Specify what should be done on behalf of Ubuntu
[21:26] <cjwatson> I think I might be able to take an action to progress this
[21:27] <cjwatson> Since I think I understand both the security model we want and the relevant bits of LP code
[21:27] <soren> Perfect!
[21:28] <soren> Given that the individual stakeholders are who they are, it seems a bit awkward for us to have to drive it.
[21:28] <cjwatson> But I currently have a toddler sitting on my lap so not so much right now
[21:28] <soren> Well, this too has been sitting in LP for years.
[21:29] <soren> Another day won't matter much.
[21:29] <soren> Great.
[21:29] <soren> #action cjwatson to look into https://bugs.launchpad.net/ubuntu-community/+bug/174375
[21:29] <meetingology> ACTION: cjwatson to look into https://bugs.launchpad.net/ubuntu-community/+bug/174375
[21:29] <cjwatson> We can't in general assume that the LP team understands what Ubuntu wants to get out of their security model - we have to tell them
[21:30] <cjwatson> And the TB is the owner of the Ubuntu object in LP
[21:30] <soren> cjwatson: Understood. I was rather thinking it would be delegated to the stakeholders on the Ubuntu side.
[21:30] <cjwatson> Please no
[21:30] <soren> ..but if you're doing it, we're covered for sure.
[21:30] <cjwatson> We understand it better :)
[21:31] <soren> Very well.
[21:31] <cjwatson> The stakeholders are liaisons, not necessarily decision-makers
[21:31] <cjwatson> (With that hat on, anyway)
[21:31] <cjwatson> (Or at least that's how I understand it)
[21:32] <soren> Well, we'd certainly have final say in it, but it's hard for us as a group to actually drive this issue forward.
[21:32] <soren> But this is all academic since you've accepted the action item :)
[21:32] <cjwatson> Yes; but nobody else really can either :)
[21:32] <cjwatson> Yeah
[21:32] <soren> #topic Any other business?
[21:32] <cjwatson> We made excellent progress on it a while back in an in-person TB meeting, actually - we just haven't finished the job
[21:33] <cjwatson> Nothing else from me
[21:33] <mdz> none here
[21:33] <soren> Who's the next chair? stgraber?
[21:33] <stgraber> sounds right
[21:33] <soren> #info Next meeting is set for Aug 20th, 2100 UTC. Chair is stgraber
[21:34] <soren> #endmeeting
[21:34] <meetingology> Meeting ended Mon Aug  6 21:34:04 2012 UTC.
[21:34] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-08-06-21.00.moin.txt
[21:34] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-08-06-21.00.html
[21:34] <soren> Thanks everyone.