/srv/irclogs.ubuntu.com/2013/08/12/#ubuntu-meeting.txt

=== IdleOne is now known as frenocha
=== frenocha is now known as IdleOne
=== cody-somerville_ is now known as cody-somerville
=== Logan_ is now known as log
=== medberry is now known as med_
jjohansen\o16:57
mdeslaur\o16:57
tyhickshello16:57
jdstrandhi!16:58
jdstrand#startmeeting16:58
meetingologyMeeting started Mon Aug 12 16:58:40 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:58
meetingologyAvailable commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired16:58
jdstrandThe meeting agenda can be found at:16:58
jdstrand[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:58
jdstrand[TOPIC] Announcements16:58
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
jdstrandColin Watson (cjwatson) provided debdiffs for precise-raring for putty. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)16:58
jdstrand[TOPIC] Weekly stand-up report16:58
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
jdstrandI'll go first16:58
jdstrandI'm on triage this week16:59
jdstrandI've got openstack updates to do16:59
jdstrandI need to test the latest upstart-app-launch16:59
jdstrandI want to implement the xdg user dir support in apparmor16:59
jdstrandI need to sync up with sarnold on code audits and give some to him since he is actually pretty good at completing them :)17:00
jdstrandI have a number of follow-ups on application confinement discussions17:01
jdstrandand patch piloting17:01
jdstrandmdeslaur: you're up17:01
mdeslaurI'm on community this week17:01
mdeslaurI have a couple of updates that need testing17:01
mdeslaurso I'll be doing that to try and get them released17:01
mdeslaurI'll also try and get the list down a bit since I go on vacation next week17:01
mdeslaurthat's it for me17:01
mdeslaursbeattie: you're up17:01
sbeattieI'm on apparmor again this week17:01
sbeattieI'm currently trying to sort out what's going on after being gone on holiday and at black hat17:02
sbeattieI have a bug or two in click-apparmor to fix17:02
jdstrandsbeattie: we should sync up17:02
sbeattieI also have a couple of black hat related items (expenses, trip report) to do17:03
sbeattiejdstrand: yeah17:03
sbeattieso that's pretty much it for me.17:03
sbeattietyhicks: you're up17:03
jdstrandsbeattie: I took the liberty of making a few small changes to click-apparmor in support of the MIR request that I filed last week17:03
sbeattiejdstrand: kewl17:03
tyhicksThis morning, I'll be preparing debdiffs against apparmor and dbus for AppArmor D-Bus mediation17:04
jdstrandsbeattie: you might want to pull 0.1.0 from the archive into your branch and review (btw, is there an official home for it?)17:04
* tyhicks pauses17:04
sbeattiejdstrand: not really outside of the +junk tree I have17:04
sbeattiewe can move it to a more formal location under the security team17:04
jdstrandI think we may want to have it live somewhere, but we can talk somewhere else17:05
jdstrandyeah17:05
sbeattieyeah, sounds good17:05
jdstrandtyhicks: please proceed17:05
mdeslaurhelp the homeless17:05
* sbeattie presses play on tyhicks17:05
tyhicks:)17:05
tyhicksThis morning, I'll be preparing debdiffs against apparmor and dbus for AppArmor D-Bus mediation17:05
tyhicks(yeah, yeah, you've heard that before but it is for real this time :)17:05
mdeslaurhehe17:05
tyhicksjjohansen will be pushing a kernel patch out that enables it for all Saucy users - until then, the dbus-dev PPA kernel will still be needed for mediation to be enabled17:05
jdstrandtyhicks: you mean fr saucy upload?17:05
tyhicksjdstrand: yep17:06
jdstrand\o/17:06
mdeslaurjdstrand: don't celebrate yet, it's a trap :P17:06
tyhickshehe17:06
mdeslaur:)17:06
tyhicksThen I'll be working on my content-hub work items17:06
jdstrandyou'll want to be prepared for everyone saying you broke everything :P17:06
tyhicksyeah, I'll probably need to plan in some support response time17:07
jdstrandprobably a good idea17:07
tyhicksI imagine there will be questions17:07
tyhickshopefully not too many bugs17:07
tyhicksAfter that, I'll work with jjohansen to add necessary APIs to libapparmor that allow trusted helpers to operate on AppArmor label sets17:07
jdstrandwell, there may be no bugs-- doesn't mean you won't get blamed :P17:07
tyhickstrue :)17:07
tyhicksFinally, I need to revise the dbus regression tests in the apparmor source tree for upstream approval and I also need to add tests for proper apparmor delegation when passing fds over dbus17:08
* jdstrand was referring to that scenario in his initial comment :)17:08
tyhicksI think that's it for me17:08
tyhicksjjohansen: you're up17:08
jjohansenI'm on apparmor again as well,17:08
jjohansenI've got to finish fixing a bug in the replacedby logic that is causing crashes when we enable compound labels,17:08
jjohansenI need to: look into the 3.11 flink/linkat changes http://lwn.net/Articles/562488/, push the kernel patch for the label query that dbus needs, deal with bug 1202161, prepare for tuesdays apparmor meeting, and then perhaps get back to the current apparmor work items17:08
ubottubug 1202161 in linux (Ubuntu) "seccomp filter: execve(): Operation not permitted" [Medium,Incomplete] https://launchpad.net/bugs/120216117:08
tyhicksjjohansen: Good! I've been meaning to make sure you're aware of flink/linkat17:09
tyhicksI couldn't think of any potential problems for apparmor, but I'm sure that you can :)17:10
jjohansentyhicks: well I remember seeing it, and making my self a note that got lost in all the other notes17:10
jjohansenyes it is going to rework some work around our link rules17:10
jjohansenbut, I need to trace the security hooks because I don't think they are sufficient to mediate it17:11
jjohansenor more correctly currently only the inode hook is, mediating it17:12
tyhicksah17:12
jjohansenanyways that it from me sarnold your up17:13
jdstrandsarnold: hold on a sec17:13
jdstrandjjohansen: I didn't recognize the IPC work items in your list this week-- would it be helpful/possible to shuffle some work around to free up some time?17:14
jjohansenjdstrand: sorry that is the "current apparmor work items" bit17:15
jdstrandjjohansen: related: flink/linkat is for 3.11-- are we going to ship 3.11 in 13.10 and if not, is that something we can/should put on the backburner for a bit?17:15
jjohansenjdstrand: saucy will be 3.1117:15
jdstrandok17:15
jjohansenthat isn't to say I won't go only as far as getting the info to file a bug on this item for this week, and deal with it later17:16
jdstrandoh, why was I thinking we had 3.10 still17:16
tyhicksI think the switch just happened17:17
jdstrandoh, hah, cause it happened today :)17:17
jjohansenjdstrand: no the switch happened last week when tim rebased to -rc417:18
jjohansenwe had issues in the 3.11 kernel where I couldn't even get the machine to boot in -rc2, and the kt was shaking out a couple issues in -rc317:19
jdstrandmaybe-- but I see 3.10.0-6.17 was only superceded a little while ago17:19
jdstrand(in saucy release)17:19
jdstrandanyhoo, doesn't matter17:19
jdstrandsuperseded17:20
jdstrandjjohansen: so, aiui, you've got the stuff you listed and you don't think it will take an inordinate amount of time (something that will take longer will be planned/done later) and you plan to work on ipc still?17:21
jdstrandis that accurate?17:22
jjohansenjdstrand: yes17:22
jdstrandok, cool, thanks. sorry if I was being dense :)17:22
jdstrandsarnold: you're up17:22
sarnoldI'm in the happy place the week; I've got (at least one) MIR audit (click-apparmor), and I've grabbed an update for maas to do. I may steal some of jdstrand's MIR audits as needed.17:24
sarnoldand of course, if there are apparmor patches posted, reviewing them will be my top priority.17:24
sarnoldI believe that's me17:24
sarnoldchrisccoulson: you're up17:25
chrisccoulsonhi17:25
chrisccoulsonlast week, i got firefox and thunderbird out. everything's been pretty quiet since then, which I'll assume is a good thing :)17:25
jdstrand\o/17:25
mdeslaurchrisccoulson: did you see my critical firefox bug?17:25
sarnold\o/17:26
chrisccoulsonalso, i added support for multiple browser contexts to oxide, which hopefully means that it's possible to have webviews with different profile folders now :)17:26
jdstrandneat :)17:26
sbeattie\o/17:26
mdeslaur\o/17:26
jdstrandchrisccoulson: that reminds me, I owe you and ubuntu-devel@ an email regarding oxide17:26
sarnoldvery cool :)17:26
jdstrand(that was one of the things I was planning to follow-up on this week)17:27
chrisccoulsoni'm still working on the user script support, which i plan to continue this week. i wanted to get the browser context stuff out of the way first, as i'm making user scripts per-context rather than per-webview, and i didn't want to have to refactor everything later on :)17:27
chrisccoulsoni'm  not sure if anyone has been following https://code.launchpad.net/~chrisccoulson/oxide/oxide.trunk ?17:27
sarnoldsorry, no17:28
chrisccoulsonthat's ok ;)17:28
chrisccoulsoni think that's me done17:28
mdeslaurchrisccoulson: wow, a lot of work in there17:28
chrisccoulsonmdeslaur, yeah, it's slowly getting there :)17:28
jdstrand[TOPIC] Highlighted packages17:30
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
jdstrandThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.17:30
jdstrandSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.17:30
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/ngircd.html17:30
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/glusterfs.html17:30
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/shibboleth-sp2.html17:30
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/qpid-python.html17:30
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/darktable.html17:30
jdstrand[TOPIC] Miscellaneous and Questions17:30
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
jdstrandsarnold pointed out that the community supported drupal7 packages could use some attention on earlier released (particularly 12.04). See http://people.canonical.com/~ubuntu-security/cve/pkg/drupal7.html for details.17:30
jdstrandDoes anyone have any other questions or items to discuss?17:31
jdstrandmdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!17:37
jdstrand#endmeeting17:37
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Aug 12 17:37:21 2013 UTC.17:37
meetingologyMinutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-12-16.58.moin.txt17:37
meetingologyMinutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-12-16.58.html17:37
tyhicksthanks17:37
jjohansenthanks jdstrand17:37
sarnoldthanks jdstrand17:37
* pinky is away: Away17:37
mdeslaurthanks jdstrand!17:37
barry!dmb-ping19:21
ubottubdrung, ScottK, Laney, micahg, barry, tumbleweed, stgraber: DMB ping19:21
micahg-workwas any non-DMB member here for the DMB meeting?19:22
ScottK\019:26
=== Ursinha-afk is now known as Ursinha

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!