[16:30] <jdstrand> hi!
[16:30] <jjohansen> hey
[16:30] <mdeslaur> \o
[16:31] <tyhicks> hello
[16:31] <jdstrand> #startmeeting
[16:31] <meetingology> Meeting started Mon Apr 15 16:31:25 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:31] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:31] <jdstrand> The meeting agenda can be found at:
[16:31] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <jdstrand> [TOPIC] Announcements
[16:32] <jdstrand> (none this week)
[16:32] <jdstrand> [TOPIC] Weekly stand-up report
[16:32] <jdstrand> I'll go first
[16:32] <jdstrand> I'm on community this week
[16:33] <jdstrand> I have more requirements gathering, planning and communications of our plans to do
[16:33] <jdstrand> I also have to finish up performance reviews
[16:33] <jdstrand> there are a couple audits to finish
[16:33] <jdstrand> and I will be working on two embargoed updates
[16:34] <jdstrand> that's it for me
[16:34] <jdstrand> mdeslaur: you're up
[16:35] <mdeslaur> I'm in the happy place this week
[16:35] <jdstrand> you bet you are! :P
[16:35] <sbeattie> hehe
[16:35] <mdeslaur> and I only have two days...wednesday I'm on vacation
[16:35] <mdeslaur> jdstrand: hehe :)
[16:35] <mdeslaur> (on vac until the 29th
[16:35] <mdeslaur> I'm currently writing a test script for haproxy, which I'll likely release this afternoon or tomorrow
[16:36] <mdeslaur> and am working on an embargoed issue to hand off to one of the non-vacationing suckers
[16:36] <mdeslaur> and, that's it from me.
[16:36] <mdeslaur> sbeattie: you're up
[16:36] <jdstrand> fyi, I forgot one-- hope to do install audits this week too
[16:36] <sbeattie> ah cool
[16:36] <sbeattie> I'm working on apparmor work items again this week.
[16:37] <sbeattie> I'm continuing to write some example clients for confinement, wrote a couple of qml demos last week.
[16:37] <sbeattie> will need to put some automation around them as well.
[16:37] <mdeslaur> sbeattie: could you stick those in a bzr tree somewhere?
[16:38] <jdstrand> sbeattie: re automation, what are you thinking, for automatic testing?
[16:38] <sbeattie> jdstrand: yeah, for automatic testing, as much as possible.
[16:38] <sbeattie> drag-n-drop stuff may be harder to automate.
[16:39] <sbeattie> mdeslaur: https://code.launchpad.net/~sbeattie/+junk/apparmor-examples
[16:39] <jdstrand> sbeattie: cool-- though aiui, having automatic testing is not in scope for this month per se.
[16:39] <mdeslaur> sbeattie: ah! cool
[16:39] <jdstrand> sbeattie: obviously we want it-- what are you thinking about in terms of scheduling that work?
[16:40] <sbeattie> jdstrand: uhh, hadn't really decided on anything concrete for schedule.
[16:40] <jdstrand> ok
[16:40] <sbeattie> jdstrand: was expecting to coordinate that with you/the team
[16:41] <jdstrand> sbeattie: basically my questons are coming from the palce of 'let's focus on what we said we would focus on, but if we have to adjust, let's talk about it'
[16:41] <sbeattie> okay
[16:41] <jdstrand> so yeah, talking later is fine
[16:41] <sbeattie> anyway, that's pretty much it for me.
[16:41] <sbeattie> tyhicks: you're up
[16:42] <tyhicks> I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-dbus this week
[16:42] <tyhicks> Still wrapping up the dbus parser tests item
[16:42] <tyhicks> Last week while writing parser tests, I ran across some parser bugs
[16:42] <tyhicks> Those are fixed now and I'm back to improving the tests
[16:43] <tyhicks> then I'll move on to "dbus daemon - regression tests" and then to "dbus daemon, pass labeling info on messages so security context can be queried by recipient"
[16:43] <tyhicks> eCryptfs prep work for the kernel merge window stole some time from me last week but that is now all done
[16:44] <tyhicks> so my sole focus will be on aa work items this week
[16:44] <sbeattie> tyhicks: did you push your tests anywhere?
[16:44]  * jdstrand is happy to hear that we are finding and fixing bugs when writing our tests :)
[16:44] <sbeattie> indeed!
[16:44] <tyhicks> sbeattie: not yet, when I fully complete that work item the tests will live in the apparmor package of the dbus-dev ppa
[16:45] <sbeattie> tyhicks: okay, just wondered if you wanted any feedback/review of them...
[16:45] <tyhicks> I also did a lot of work (still pending upload) on fixing up the patches in the dbus-dev apparmor package so that the patches will be easier to send upstream
[16:45] <tyhicks> sbeattie: I will want some feedback for sure. I'll send them to the list.
[16:46] <tyhicks> that's it for me
[16:46] <tyhicks> jjohansen: you're up
[16:46] <sbeattie> tyhicks: thanks
[16:46] <jjohansen> I'll be continuing to work on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-signals-ipc-ptrace
[16:46] <jjohansen> Mostly it should be work around sockets (labeling, passing them, etc)
[16:46] <jjohansen> I will also need to spend some time pushing some patches to the upstream security tree so they are there for when the merge window opens
[16:46] <jdstrand> tyhicks: regarding upstreamifying-- is that DBus upstreaming, apparmor, kernel, or some combination?
[16:47] <jjohansen> jdstrand: kernel - ecryptfs work
[16:47] <tyhicks> jdstrand: apparmor
[16:47] <jjohansen> tyhicks: oh?
[16:48] <tyhicks> the patches against the apparmor package were piling up and it was going to be a pain to get them all in order and broken down for upstreaming
[16:48] <jdstrand> tyhicks: as in, making them easily digestible for the list?
[16:48] <tyhicks> jdstrand: exactly
[16:48] <tyhicks> just a little tidying up before things got too ugly
[16:48] <jjohansen> ah
[16:49] <jdstrand> jjohansen: curious-- what are you snding to the upstream security tree?
[16:50] <jjohansen> jdstrand: about the first 20 patches from the queue that have been reviewed. Its all the base code cleanups and bug fixes
[16:50] <jdstrand> neat
[16:51] <jjohansen> sarnold: your up
[16:51] <sarnold> I'm on triage this week
[16:51] <sarnold> I'm finishing up curl publication today, and I'm liable to ask jdstrand if I can take one of his MIR audits
[16:52] <sarnold> I'd like to get around to fixing up my juju charms, but that might take a back burner again to doing another update
[16:52] <mdeslaur> sarnold: if you're up to a challenge, you can try and take the bouncycastle update
[16:52] <jdstrand> sarnold: actually one is a MIR audit (ie, not security audit) and the other I'm putting in that category-- it is about the scopes privacy
[16:52] <mdeslaur> sarnold: java backporting fun
[16:52] <sarnold> mdeslaur: that -is- a challenge :)
[16:53] <jdstrand> sarnold: actually, it might not be a bad idea to get some help there
[16:53] <sarnold> .. with all the goodness of inexplicable crypto goo :)
[16:53] <jdstrand> sarnold: but we'll talk later
[16:53] <sarnold> cool :)
[16:54] <sarnold> chrisccoulson: your turn :)
[16:54] <chrisccoulson> yoyoyo
[16:54] <chrisccoulson> i got a flash update out last week
[16:54] <chrisccoulson> also fixed an arm crash in chromium (waiting on testing feedback from the ufa guys, but it works here)
[16:55] <chrisccoulson> fixed https://bugzilla.mozilla.org/show_bug.cgi?id=858670, which appeared in the ff20 update
[16:55] <chrisccoulson> https://bugzilla.mozilla.org/show_bug.cgi?id=858782 also appeared, but i've no idea what is happening there. if any of you use google docs and can recreate it, please let me know ;)
[16:56] <chrisccoulson> did a bit more with chromium automated testing. discovered that gtest can already  produce junit formatted test results, which is a great help
[16:57] <chrisccoulson> i'll hopefully be done with updates / chromium etc this week, so i can start on other things i'm meant to be looking at :)
[16:57] <jdstrand> nice
[16:57] <jdstrand> (junit)
[16:57] <jdstrand> well all of it, but you know, that goes for everyone :)
[16:58] <chrisccoulson> yeah, unfortunately, i discovered it created junit results after i started writing code to parse the results and convert them ;)
[16:58] <chrisccoulson> (like we're doing for firefox already)
[16:59] <jdstrand> heh
[16:59] <jdstrand> chrisccoulson: did you have more?
[16:59] <chrisccoulson> no, that's me done i think
[16:59] <jdstrand> chrisccoulson: (fyi, since you're last, you can say 'back to you jdstrand or something :)
[17:00] <chrisccoulson> sure, no problem
[17:00] <jdstrand> [TOPIC] Highlighted packages
[17:00] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:00] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/jenkins-winstone.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/spice-gtk.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html
[17:00] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:01] <jdstrand> I have one for several of you
[17:01] <jdstrand> based on what was said in this meeting, I have a good feeling about progress for the month
[17:01] <jdstrand> however, if I look at http://status.ubuntu.com/ubuntu-raring/canonical-security-ubuntu-13.04-month-6.html I have a less good feeling
[17:02] <jdstrand> so, I guess, now that we are 2 weeks in to this month, how are the work items going? Are we 50% done? are there problems?
[17:02] <jdstrand> jjohansen: ^ we talked about this a bit last week, so afaik, we are slightly behind but aren't worried on our timeline for this month. is that accurate?
[17:03] <jjohansen> yes
[17:03] <jdstrand> jjohansen: (talking about your work items specifically)
[17:03] <tyhicks> I'm not 50% done, but I also haven't been able to spend 100% of my time on the work items
[17:03] <tyhicks> I will be able to for the remainder of the month
[17:03] <tyhicks> and I'm confident that I can knock off all of my work items by then
[17:03] <jdstrand> tyhicks: right..
[17:03] <jdstrand> ah, ok
[17:04] <jdstrand> sbeattie: how about you? ^
[17:04] <sbeattie> sorry, I'm notorious for not updating my workitem entries.
[17:04] <jdstrand> well, I was going to end with 'Please update your work items' :)
[17:04] <sbeattie> heh
[17:05] <sbeattie> but yeah, feeling pretty confident about where things are at.
[17:05] <jdstrand> sbeattie: but in a less burndown chart way: are you on track for your work items for the month?
[17:05] <tyhicks> forgetting to update the entries is better than not having any updates to make ;)
[17:05] <jdstrand> tyhicks: yes!! :)
[17:05] <jdstrand> sbeattie: awesome
[17:05] <mdeslaur> hehe
[17:06] <jdstrand> jjohansen, tyhicks, sbeattie: if you could update this month work items sometime today, that would be great
[17:06] <sbeattie> okay
[17:06]  * tyhicks nods
[17:06] <jdstrand> Does anyone have any other questions or items to discuss?
[17:17] <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
[17:17] <jdstrand> #endmeeting
[17:17] <meetingology> Meeting ended Mon Apr 15 17:17:49 2013 UTC.
[17:17] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-15-16.31.moin.txt
[17:17] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-15-16.31.html
[17:17] <sarnold> thanks jdstrand :)
[17:17] <mdeslaur> thanks jdstrand!
[17:17] <jjohansen> thanks jdstrand
[17:18] <sbeattie> jdstrand: thanks
[19:56] <pitti> bonsoir
[19:57] <stgraber> bonsoir pitti
[19:59] <cjwatson> hi
[20:00] <stgraber> #startmeeting Technical Board meeting
[20:00] <meetingology> Meeting started Mon Apr 15 20:00:27 2013 UTC.  The chair is stgraber. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[20:00] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[20:00] <stgraber> hey everyone, so from what I'm seeing on the ML, it's just the three of us tonight
[20:01] <stgraber> we also appear to have an empty agenda
[20:01]  * pitti hasn't caught up with the over-weekend mail flood yet, sorry
[20:01] <pitti> oh, good
[20:01] <stgraber> anyway, let's quickly go through the usual points, but I expect this to be a very short meeting
[20:01] <stgraber> #topic Action review
[20:02] <cjwatson> TBH I didn't properly catch up on the last meeting to see if we got through all the outstanding business then
[20:02] <cjwatson> I didn't see minutes on -devel-announce
[20:02] <stgraber> unfortunately it doesn't look like soren got around to doing the post-meeting paperwork, so I'm assuming we didn't have any action
[20:02] <cjwatson> If we did I guess we'll find out in two weeks? :)
[20:02] <stgraber> IIRC we granted a MRE for xorg and discussed Mark's proposal some more
[20:03] <stgraber> mdz was supposed to process the MRE and update the wiki, but IIRC he was waiting for the meeting minutes to link to them
[20:04] <stgraber> so hopefully this is enough highlights for both of them to have this sorted out ;)
[20:04] <stgraber> #topic Scan the mailing list archive for anything we missed (standing item)
[20:05] <stgraber> I just did a quick scan, we had a few things but they were resolved by e-mail or were just notifications
[20:05] <pitti> I can't see anything in my ML for TB
[20:05] <stgraber> #topic Check up on community bugs
[20:05] <stgraber> "
[20:05] <stgraber> There are currently no open bugs.
[20:05] <stgraber> "
[20:05] <stgraber> #topic Select a chair for the next meeting
[20:06] <stgraber> I think the next chair is cjwatson. However this will be during the client sprint, so we should probably make sure we don't have conflicting meetings
[20:06] <pitti> stgraber: well, hopefully the sprint won't be tightly packed with meetings
[20:07] <cjwatson> I think we can make a point of carving out time
[20:07] <cjwatson> It's on our calendars so we should notice, right?
[20:07] <stgraber> I don't think I have the TB meeting on my Canonical calendar, but I can fix that ;)
[20:07] <cjwatson> I do, at least
[20:08] <stgraber>  12.30-13.30 - Lunch
[20:08] <stgraber> so the meeting will be during lunch
[20:08] <stgraber> no risk of conflicts then ;)
[20:08]  * cjwatson will pack military rations
[20:09] <pitti> one hand typing, the other munching on a sandwich
[20:09] <stgraber> sounds like a plan
[20:09] <stgraber> #topic AOB
[20:10] <stgraber> #endmeeting
[20:10] <meetingology> Meeting ended Mon Apr 15 20:10:20 2013 UTC.
[20:10] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-15-20.00.moin.txt
[20:10] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-15-20.00.html
[20:10] <pitti> thanks; good night everyone!
[20:10] <stgraber> pitti: good night!