[18:04] <jdstrand> hi!
[18:04] <tyhicks> Hello
[18:04] <sarnold> hello
[18:04] <jdstrand> #startmeeting
[18:04] <meetingology> Meeting started Mon Nov 26 18:04:33 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[18:04] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[18:04] <jdstrand> The meeting agenda can be found at:
[18:04] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[18:04] <jdstrand> [TOPIC] Weekly stand-up report
[18:04] <jdstrand> I'll go first
[18:05] <jdstrand> I'm on community this week. thanks mdeslaur for covering for my at the end of last week
[18:05] <mdeslaur> np, yw
[18:05] <jdstrand> I have a lynx-cur update I hope to push out this week and an embargoed issue
[18:06] <jdstrand> I also should be finishing my secure boot db/dbx updates package and work items for secure boot this week
[18:06] <jdstrand> I have patch piloting duties as well
[18:06] <jdstrand> there are also some MIR audits to attend to. I'll probably pull in sarnold to help with some of those as well
[18:06] <jdstrand> mdeslaur: you're up
[18:07] <mdeslaur> I'm in the happy place this week
[18:07] <mdeslaur> I'm currently publishing libssh updates
[18:07] <mdeslaur> and will continue going down the never-ending CVE list
[18:07] <mdeslaur> that's about it from me
[18:07] <mdeslaur> sbeattie: you're up
[18:07] <jdstrand> we're like the postoffice
[18:07] <mdeslaur> yes, hopefully with less automatic weapons
[18:07] <jdstrand> that said, we are in really good shape lately
[18:08] <sbeattie> I'm once again an apparmor monkey boy this week
[18:08] <jdstrand> better than we've been in a long time
[18:08] <sbeattie> heh
[18:09] <sbeattie> I'm still working on getting the prototype display manager patch into a state where we can start to play with it, and see what mediation abstractions fall out of it.
[18:09] <sbeattie> I'm also still trying to review jjohansen's patch bombs as well as clear out other miscellaneous apparmor stuff.
[18:09] <sbeattie> that's it for me.
[18:09] <sbeattie> micahg: you're up.
[18:10] <micahg> trying to drive the webkit stable update to completion and trying to get some fresh chromium updates as well
[18:11] <micahg> will also be keeping an eye out for mozilla point releases if they come along
[18:11] <micahg> tyhicks: you're up
[18:12] <tyhicks> I'm wrapping up my work for the ecryptfs-utils SRU this morning
[18:12] <tyhicks> Then I'll be looking at the dbus patches for apparmor to determine why I'm not able to mediate messages
[18:13] <tyhicks> Then, I'll be working more on the dbus prototype
[18:13] <tyhicks> That's it
[18:13] <tyhicks> jjohansen: you're up
[18:13] <jjohansen> I will be fixing a couple known bugs in last weeks apparmor patch bomb, and finishing up the changes to the base labeling patches so I can drop another patch bomb this week
[18:14] <jjohansen> I think that is it from /me sarnold your up
[18:14] <sarnold> I'm still working on the perl updates; the old packaging system and I didn't get along very well, but I think we've come to an understanding.
[18:15] <sarnold> I've written tests for three of the CVEs in qrt; I want to take another look at them today and make sure they look reasonable before pushing
[18:15] <mdeslaur> sarnold: have you agreed to disagree?
[18:15] <sarnold> mdeslaur: yes.
[18:15] <mdeslaur> hehe
[18:15] <sarnold> mdeslaur: and we're hoping that hardy and lucid go EOL before another perl update. :)
[18:16] <mdeslaur> hehe :)
[18:16] <sarnold> .. but since that never quite happens, I'll try to write up some notes on what I found, so the next time I need it, they'll be there.
[18:17] <sarnold> I've also got to take a closer look at some qemu patches hallyn asked for our review of...
[18:17] <sarnold> .. and doko asked us to investigate some issues, I'll find out their status
[18:17] <sarnold> s/issues/gcc issues/
[18:17] <mdeslaur> sarnold: ok, you can put your notes in $qrt/build_testing
[18:18] <sarnold> mdeslaur: hrm, I thought there was a different path for the patching-and-building notes...
[18:18] <jdstrand> (or notes_testing/ - the distinction has grown extremely blurry-- we might consider merging them)
[18:19] <mdeslaur> yeah, I'm always confused which is which
[18:19] <jdstrand> traditionally build_testing/ has been notes on how to get you results/
[18:19] <jdstrand> whereas notes_testing/ is the catch-all. I've probably not followed that myself-- it is a very fine hair
[18:19] <sarnold> uhoh, we lost the meeting bot.
[18:20] <jdstrand> anyhoo
[18:20] <sarnold> I think that's it for me, jdstrand?
[18:20] <jdstrand> sarnold: did you have anything else to report?
[18:20] <jdstrand> cool
[18:20] <jdstrand> [TOPIC] Highlighted packages
[18:20] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[18:21] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[18:21] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mahara.html
[18:21] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/osc.html
[18:21] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsmi.html
[18:21] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html
[18:21] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/wv2.html
[18:21] <jdstrand> [TOPIC] Miscellaneous and Questions
[18:21] <jdstrand> Does anyone have any other questions or items to discuss?
[18:29] <jdstrand> #endmeeting
[18:29] <jdstrand> mdeslaur, sbeattie, micahg, tyhicks, jjohansen, sarnold: thanks!
[18:29] <jjohansen> thanks jdstrand
[18:30] <sarnold> thanks jdstrand :)
[18:30] <micahg> jdstrand: thanks
[18:31] <mdeslaur> thanks jdstrand!
[18:31] <sbeattie> jdstrand: thanks!
[21:00] <pitti> hello
[21:01] <pitti> cjwatson, kees, soren, stgraber, mdz: TB meeting?
[21:02] <cjwatson> Here
[21:02] <cjwatson> We had an empty agenda when I looked earlier today, though
[21:02] <pitti> yeah, the only thing that catches my eye is the brainstorm review
[21:03] <pitti> nothing techboard-ish in my mailbox apparently
[21:03]  * stgraber waves
[21:05] <pitti> so for the brainstorm review, do you guys have some opinion whether we should continue this?
[21:05] <pitti> from the last cycles that we actually did do, I found it moderately helpful
[21:05] <mdz> pitti, hi
[21:05] <cjwatson> Well, I still think it's a good thing for us to do, but it's beginning to seem like a lost cause
[21:05] <pitti> but it seems to help less and less, with design being more institutionalized
[21:05] <mdz> I (still) think it is better to discontinue it explicitly than to allow it to be in limbo like this
[21:06] <pitti> I volunteer for doing this round, if we want to try another one
[21:06] <pitti> I think the last one was kind of started, but then just silently died
[21:06] <cjwatson> Mm, I found the non-design bits of the review I did more productive than the design bits
[21:07] <pitti> right, the part that I found useful was the reality check
[21:07] <pitti> in my last round I found that the majority of cases that users voted up were actually being handled already, but there were some gems which warranted a closer look
[21:08] <pitti> so, unless you guys have a strong opinion to close the lid on that one (doesn't seem so), I'll just have a go at it?
[21:08]  * soren wanders in
[21:09] <cjwatson> I don't see why you shouldn't have a go at it if you're keen
[21:09] <pitti> ok, I'll add it as an action item them
[21:09] <cjwatson> But on the principle of setting achievable targets, it doesn't seem that it's a sensible thing for the TB to set itself, given that we generally seem to fail at it
[21:10] <soren> pitti: I found it extremely difficult to figure out who I should assign each of the items to. Perhaps you, being more in touch with things than I, will do a better job.
[21:11] <pitti> soren: I was mostly asking appropriate people and TLs on IRC back then
[21:11] <soren> That's the thing. I hardly even know who the TLs and "appropriate people" are these days.
[21:11] <pitti> of course I know the desktop guys, but e. g. for server and kernel I asked Daviey and ogasawara about "who would be suitable to have a look at this"
[21:12] <cjwatson> Is https://wiki.ubuntu.com/Teams not up to date?
[21:12] <pitti> right, so maybe I'll have more luck; still depends on people actually responding
[21:12] <soren> cjwatson: Gosh. I didn't even know about that page :(
[21:12] <cjwatson> It's the third link in the body text off the front page :)
[21:12] <cjwatson> Mind you OMG horrible colours
[21:12] <cjwatson> (Can anyone actually read the contents of the "Team Name" column?)
[21:13] <pitti> the shape looks quite LCARish, just wrong colors
[21:13] <pitti> yeah, I can read it well, but it doesn't look that good
[21:13] <soren> cjwatson: Yeah, it's not too bad for me.
[21:13] <soren> cjwatson: Could be better for sure, but it's readable.
[21:13] <cjwatson> pitti: LCAR> I had to look that up :)
[21:13] <pitti> anyway, there are 0 community bugs and (from what I can see) zero pending ML issues, so that's it?
[21:13] <pitti> cjwatson: LCARS, sorry
[21:16] <pitti> https://wiki.ubuntu.com/TechnicalBoardAgenda updated for next meeting and that action item
[21:16] <pitti> cjwatson, soren, mdz, stgraber: anything else from you?
[21:17] <cjwatson> I have nothing else
[21:17] <soren> Nope.
[21:17] <pitti> then good night everyone!
[21:18] <stgraber> nope
[21:18] <soren> o/