[16:30] <tyhicks> hello
[16:30] <jjohansen> \o
[16:30] <chrisccoulson_> hi
[16:30] <jdstrand> hi!
[16:30] <mdeslaur> hi
[16:30] <jdstrand> #startmeeting
[16:30] <meetingology> Meeting started Mon Jul 15 16:30:50 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:30] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:30] <jdstrand> The meeting agenda can be found at:
[16:30] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <jdstrand> [TOPIC] Weekly stand-up report
[16:31] <jdstrand> I'll go first
[16:31] <jdstrand> last week was more work on apparmor (application lifecycle, click and application confinement)
[16:31] <jdstrand> I had hoped to get openjdk-7 out, but testing took longer than expected. that should go out today
[16:32] <jdstrand> I am preparing openjdk-6 uploads now
[16:32] <jdstrand> cause of the above, I postponed patch piloting again, so I'll give it another shot this week
[16:33] <jdstrand> I have some july work items, particularly getting the evil app together for the IoM demo, and trying to drive the conversations that affect us related to that demo to conclusion
[16:33] <jdstrand> I upgraded to saucy on my main system over the weekend, and have a number of bugs to file/investigate
[16:33] <jdstrand> mdeslaur: you're up
[16:34] <mdeslaur> I'm in the happy place this week
[16:34] <mdeslaur> I just published a couple of USNs
[16:34] <mdeslaur> and am currently working on php5 updates
[16:34] <mdeslaur> I have a couple of other things to test and will probably release them this week
[16:34] <mdeslaur> after that, I'll continue picking stuff from the CVE list
[16:34] <mdeslaur> that's it for me
[16:34] <mdeslaur> sbeattie: you're up
[16:35] <sbeattie> I'm working on apparmor stuff this week
[16:35] <sbeattie> I'm currently working on getting the click hook prototype implementation far enough along to help drive the hook discussion to completion.
[16:36] <sbeattie> I also upgraded to saucy over the weekend, and have a couple of bugs of my own to file.
[16:36] <sbeattie> I think that's it for me.
[16:37] <sbeattie> tyhicks: you're up
[16:37] <tyhicks> I'll be updating the apparmor parser according to the DBus/IPC syntax that we decided on last week
[16:38] <tyhicks> I upgraded to saucy and need to take a look at some new AA dbus denials
[16:38] <tyhicks> Then content-hub should be at a good place for me to start on the Content Handler work items
[16:39] <tyhicks> I also need to find a little time for ecryptfs patch reviews
[16:39] <tyhicks> that's it for me
[16:39] <tyhicks> jjohansen: you're up
[16:39] <jjohansen> I am working on apparmor WIs this week, I am going to try and get some parser cleanups (and fixes collisions with tyhicks work) and changes for ipc out this week, before my long weekend (I'm off M,T next week).
[16:41] <jjohansen> I also need to start pushing the apparmorfs changes upstream (for 3.12) now that the merge window for 3.11 has closed
[16:42] <jjohansen> I think thats it for me chrisccoulson your up
[16:42] <chrisccoulson> hi :)
[16:43] <chrisccoulson> note, i've just had a couple of short weeks (was away last monday, and the last 2 days of the week previous)
[16:43] <chrisccoulson> i got another flash update out last week
[16:44] <chrisccoulson> also attended a call to talk about the UA string for the mobile browser. we're going to have a further call with someone from mozilla soon
[16:44] <chrisccoulson> did some more work on oxide (what i've got is actually buildable now!)
[16:44] <chrisccoulson> i'm hoping to have it sort-of working sometime next week
[16:45] <chrisccoulson> i'm going to arrange a meeting for all stakeholders of that this week
[16:45] <mdeslaur> \o/
[16:45] <jdstrand> re oxide building> woo!
[16:45] <chrisccoulson> i think that's me done
[16:45] <jdstrand> [TOPIC] Highlighted packages
[16:46] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:46] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:46] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libuser.html
[16:46] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnucash.html
[16:46] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/salt.html
[16:46] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/alien-arena.html
[16:46] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/php-letodms-core.html
[16:46] <jdstrand> [TOPIC] Miscellaneous and Questions
[16:46] <jdstrand> Does anyone have any other questions or items to discuss?
[16:56] <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, chrisccoulson: thanks!
[16:56] <jdstrand> #endmeeting
[16:56] <meetingology> Meeting ended Mon Jul 15 16:56:21 2013 UTC.
[16:56] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-15-16.30.moin.txt
[16:56] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-15-16.30.html
[16:56] <mdeslaur> thanks jdstrand!
[16:56] <tyhicks> thanks
[16:56] <jjohansen> thanks jdstrand
[16:57] <sbeattie> thanks jdstrand
[19:01]  * Laney shines the DMB's logo into the sky
[19:01] <Laney> (it's a turtle)
[19:02] <ScottK> \o
[19:03] <ScottK> What's on the agenda for today?
[19:03] <Laney> Only actioning someone who will do it to write up the proposal
[19:04] <Laney> Or we could take the time to do some of it right now
[19:04]  * tumbleweed sees we are due for a CC catch-up this week
[19:04]  * stgraber waves
[19:04] <Laney> since we're all free for an hour, yes?
[19:04] <tumbleweed> right now has my vote (better than never)
[19:04] <Laney> someone set us up the pad
[19:08] <ScottK> Now is good.  I'm on vacation this week, so my IRC will be very intermittent and I'm here now.
[19:08] <Laney> I just sat down outside with $beer and $laptop and now I have to go and find $yubikey
[19:08]  * Laney slaps SSO
[19:10] <Laney> OK, let's just use the existing one then: http://pad.ubuntu.com/dmb-ppu-membership-proposal
[19:33] <Laney> Dinner's beeping
[19:33] <Laney> someone take over what I was writing for 5 minutes?
[19:34]  * ScottK need to take a short break too.
[19:37] <Laney> OK
[19:39] <ScottK> Back
[19:42] <Laney> I'm not sure if this paragraph actually represents the consensus
[19:42] <Laney> please sanity check it
[19:42] <Laney> (the last one I've written)
[19:43] <micahg-work> I think it reflects the vote, I'm not sure it reflects consensus
[19:43] <Laney> haha
[19:43] <Laney> Like, should we enumerate the initial list of sets
[19:43] <Laney> or is it "packages on any media"?
[19:43] <Laney> or ...?
[19:43] <micahg-work> oh, surely
[19:43] <micahg-work> to enumeration
[19:44] <micahg-work> no, I don't think packages on any media should be a requirement
[19:44] <ScottK> Is there such a thing as "non-uploading dev members"?
[19:44] <micahg-work> ScottK, yes, formerly universe contributors
[19:44] <ScottK> Line 42 now.
[19:44] <ScottK> Ah, right.
[19:44] <ScottK> They are members, but not ubuntu-dev.
[19:45] <micahg-work> right
[19:45] <micahg-work> I
[19:45] <Laney> omg
[19:45] <Laney> I don't know what to write
[19:45] <Laney> approve/????
[19:45]  * Laney fails at english
[19:45] <Laney> approve/disapprove sounds weird to me
[19:45]  * ScottK rewords
[19:46] <Laney> thanks
[19:46] <ScottK> Not sure we're on the same thing.
[19:46] <Laney> oh, the thing about asking the TB to do something with it
[19:47] <barry> Laney: "adopted or revised"?
[19:47] <Laney> I reworded it to not make me have to decide :P
[19:48] <barry> :)
[19:48] <ScottK> There.
[19:48]  * ScottK fixed it harder
[19:48] <Laney> ta
[19:49] <Laney> that's me more or less out of steam
[19:49] <Laney> so feel free to improve it from here
[19:49] <micahg-work> ssh laney; sudo apt-get install steam
[19:49] <Laney> heh
[19:50] <Laney> I had to /remove/ that because my SSD ran out of space
[19:50] <Laney> (because I've given over half of it to GameOS for steam... :P)
[19:52] <ScottK> Who's in favor of these proposed amendments?
[19:52] <micahg-work> o/
[19:53] <tumbleweed> vaguely in favour of 1. fairly ambivilant about 2
[19:54] <ScottK> I'm strongly against #1.
[19:54] <stgraber> I'm against both
[19:54] <ScottK> non-developers shouldn't be voting for the DMB/TB.
[19:54] <micahg-work> ScottK, #2 is for developers without upload rights
[19:55] <ScottK> I'm at least slightly ambivalent about that one.
[19:55] <tumbleweed> re #1, these are developers, just not uploaders
[19:55] <ScottK> I'm mostly against though.
[19:55] <barry> i'm against #2
[19:55] <micahg-work> oops, did I get my number wrong
[19:55] <micahg-work> I meant 1
[19:55] <ScottK> If UCD can vote for DMB, then they can also vote for/against the DMB people that will approve their eventual dev application.
[19:56] <barry> it seems like #1 should be in favor though, right?  members even if they're not developers, should get a vote?
[19:56] <ScottK> That's pretty backwards.
[19:56] <tumbleweed> ScottK: s/UCD/PPU/ and does it actually change anything?
[19:56] <ScottK> barry: membership gets you a vote in the CC election.
[19:56] <ScottK> UCD can't vote to DMB/TB now.
[19:56] <micahg-work> ScottK, why can't you say the same about PPU?  according to that, only core-dev should vote for DMB/TB
[19:58] <ScottK> Someone with PPU + membership has a combination of assessed technical capability and sustained contribution to the project that make it appropriate, IMO, for them to vote for TB/DMB.
[19:58] <ScottK> Neither PPU without member nor UCD have both those.
[19:58] <ScottK> Neither should vote for DMB/TB.
[19:58] <micahg-work> ScottK, why is it any different from a non-uploading DD having a vote in project elections
[19:58] <ScottK> Project elections are more like the CC vote, where they do have a vote.
[19:59] <micahg-work> GRs can be technical though?
[20:00] <ScottK> True.
[20:00] <tumbleweed> UCD aren't equivalent to non-uploading DDs (nwhich is a horrible term)
[20:00] <ScottK> We don't have an equivalent of a GR though.
[20:00] <tumbleweed> they got membership through devolpment, just not upload rights
[20:01] <tumbleweed> non-uploading DDs don't need upload rights because they aren't developers
[20:01] <ScottK> Changing who votes for TB/DMB isn't needed to solve the problem of separating membership from PPU.
[20:02] <tumbleweed> agreed
[20:02] <micahg-work> true
[20:02] <ScottK> Since it is controversial, I propose we drop it for now and focus on only the changes we really need to accomplish this goal.
[20:02] <stgraber> +1
[20:02] <barry> +1
[20:05] <micahg-work> ok, I removed it, I'll mull it over a bit more, if I feel it's worth doing, I'll make a proposal once this is done
[20:05] <ScottK> For the core-packages/membership question, I think it's fair to have a rule that says they generally do, but there may be exceptional cases.
[20:06] <micahg-work> well, I think it should be the exceptional case where membership is required, if we don't trust the person to be uploading, then we don't trust them
[20:07] <ScottK> For individual packages, I can see that.
[20:07] <tumbleweed> on the whole, our actively involved developers should be members
[20:07] <tumbleweed> bleh, let me not start down that road
[20:07] <ScottK> No, I agree with that.
[20:08] <tumbleweed> I don't see the membership thing as a trust thing
[20:08] <micahg-work> right, the goal isn't the build an army of non-member developers here, but rather to let them start helping if they have the skills on the path to membership IMHO
[20:08] <tumbleweed> but I guess some people do
[20:08] <tumbleweed> right
[20:08] <ScottK> micahg-work: One can help without upload rights.
[20:09] <ScottK> Generally core packages won't be the "DD who has a vague interest in making sure his packages work on Ubuntu" case
[20:11] <micahg-work> right, but it could be a DD who also uses Ubuntu and wishes to help keep things running smoothly
[20:12] <ScottK> If that's the case, they'll probably usually qualify for membership.
[20:12] <micahg-work> not necessarily
[20:13] <Laney> I was hoping the vote would mean we didn't have to reopen this question
[20:14] <ScottK> I think we can decide on a case by case basis if it's needed or not.
[20:15] <micahg-work> core has a bunch of stuff that seemingly doesn't belong, but I guess those are bugs
[20:16] <ScottK> Or reasonable cases for exceptions.
[20:16] <Laney> Can we avoid seeming arbitrary and/or confusing if there are exceptions?
[20:20] <ScottK> Either way, I don't think we should block on getting this exactly right.
[20:21] <ScottK> No, but so what.
[20:22] <ScottK> Any time the DMB applies judgment, some will see it as being arbitrary.
[20:22] <ScottK> It's not an avoidable problem.
[20:22] <tumbleweed> yeah
[20:22] <tumbleweed> so, are we done?
[20:23] <ScottK> Can someone who's not me or micahg-work write something in there about discretion about if core package PPU needs membership or not?
[20:23] <ScottK> Then I think we're done.
[20:24] <Laney> I suppose it's not so bad if we're not expecting people to explicitly say they want membership all the time
[20:25] <ScottK> I'd expect to discuss it with the applicant if there was doubt.
[20:30]  * ScottK has to go.
[20:31] <Laney> OK I added a ()sentence about it
[20:32] <Laney> everyone read it over and I'll send it some time this week
[20:32] <barry> Laney: thanks
[20:32] <tumbleweed> yeah
[20:32] <micahg-work> Laney, thanks
[20:33]  * tumbleweed will re-read tomorrow. knackered, going to bed
[20:33] <Laney> nn