[16:57] <jjohansen> \o
[16:57] <mdeslaur> \o
[16:57] <tyhicks> hello
[16:58] <jdstrand> hi!
[16:58] <jdstrand> #startmeeting
[16:58] <meetingology> Meeting started Mon Aug 12 16:58:40 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:58] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:58] <jdstrand> The meeting agenda can be found at:
[16:58] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:58] <jdstrand> [TOPIC] Announcements
[16:58] <jdstrand> Colin Watson (cjwatson) provided debdiffs for precise-raring for putty. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[16:58] <jdstrand> [TOPIC] Weekly stand-up report
[16:58] <jdstrand> I'll go first
[16:59] <jdstrand> I'm on triage this week
[16:59] <jdstrand> I've got openstack updates to do
[16:59] <jdstrand> I need to test the latest upstart-app-launch
[16:59] <jdstrand> I want to implement the xdg user dir support in apparmor
[17:00] <jdstrand> I need to sync up with sarnold on code audits and give some to him since he is actually pretty good at completing them :)
[17:01] <jdstrand> I have a number of follow-ups on application confinement discussions
[17:01] <jdstrand> and patch piloting
[17:01] <jdstrand> mdeslaur: you're up
[17:01] <mdeslaur> I'm on community this week
[17:01] <mdeslaur> I have a couple of updates that need testing
[17:01] <mdeslaur> so I'll be doing that to try and get them released
[17:01] <mdeslaur> I'll also try and get the list down a bit since I go on vacation next week
[17:01] <mdeslaur> that's it for me
[17:01] <mdeslaur> sbeattie: you're up
[17:01] <sbeattie> I'm on apparmor again this week
[17:02] <sbeattie> I'm currently trying to sort out what's going on after being gone on holiday and at black hat
[17:02] <sbeattie> I have a bug or two in click-apparmor to fix
[17:02] <jdstrand> sbeattie: we should sync up
[17:03] <sbeattie> I also have a couple of black hat related items (expenses, trip report) to do
[17:03] <sbeattie> jdstrand: yeah
[17:03] <sbeattie> so that's pretty much it for me.
[17:03] <sbeattie> tyhicks: you're up
[17:03] <jdstrand> sbeattie: I took the liberty of making a few small changes to click-apparmor in support of the MIR request that I filed last week
[17:03] <sbeattie> jdstrand: kewl
[17:04] <tyhicks> This morning, I'll be preparing debdiffs against apparmor and dbus for AppArmor D-Bus mediation
[17:04] <jdstrand> sbeattie: you might want to pull 0.1.0 from the archive into your branch and review (btw, is there an official home for it?)
[17:04]  * tyhicks pauses
[17:04] <sbeattie> jdstrand: not really outside of the +junk tree I have
[17:04] <sbeattie> we can move it to a more formal location under the security team
[17:05] <jdstrand> I think we may want to have it live somewhere, but we can talk somewhere else
[17:05] <jdstrand> yeah
[17:05] <sbeattie> yeah, sounds good
[17:05] <jdstrand> tyhicks: please proceed
[17:05] <mdeslaur> help the homeless
[17:05]  * sbeattie presses play on tyhicks
[17:05] <tyhicks> :)
[17:05] <tyhicks> This morning, I'll be preparing debdiffs against apparmor and dbus for AppArmor D-Bus mediation
[17:05] <tyhicks> (yeah, yeah, you've heard that before but it is for real this time :)
[17:05] <mdeslaur> hehe
[17:05] <tyhicks> jjohansen will be pushing a kernel patch out that enables it for all Saucy users - until then, the dbus-dev PPA kernel will still be needed for mediation to be enabled
[17:05] <jdstrand> tyhicks: you mean fr saucy upload?
[17:06] <tyhicks> jdstrand: yep
[17:06] <jdstrand> \o/
[17:06] <mdeslaur> jdstrand: don't celebrate yet, it's a trap :P
[17:06] <tyhicks> hehe
[17:06] <mdeslaur> :)
[17:06] <tyhicks> Then I'll be working on my content-hub work items
[17:06] <jdstrand> you'll want to be prepared for everyone saying you broke everything :P
[17:07] <tyhicks> yeah, I'll probably need to plan in some support response time
[17:07] <jdstrand> probably a good idea
[17:07] <tyhicks> I imagine there will be questions
[17:07] <tyhicks> hopefully not too many bugs
[17:07] <tyhicks> After that, I'll work with jjohansen to add necessary APIs to libapparmor that allow trusted helpers to operate on AppArmor label sets
[17:07] <jdstrand> well, there may be no bugs-- doesn't mean you won't get blamed :P
[17:07] <tyhicks> true :)
[17:08] <tyhicks> Finally, I need to revise the dbus regression tests in the apparmor source tree for upstream approval and I also need to add tests for proper apparmor delegation when passing fds over dbus
[17:08]  * jdstrand was referring to that scenario in his initial comment :)
[17:08] <tyhicks> I think that's it for me
[17:08] <tyhicks> jjohansen: you're up
[17:08] <jjohansen> I'm on apparmor again as well,
[17:08] <jjohansen> I've got to finish fixing a bug in the replacedby logic that is causing crashes when we enable compound labels,
[17:08] <jjohansen> I need to: look into the 3.11 flink/linkat changes http://lwn.net/Articles/562488/, push the kernel patch for the label query that dbus needs, deal with bug 1202161, prepare for tuesdays apparmor meeting, and then perhaps get back to the current apparmor work items
[17:09] <tyhicks> jjohansen: Good! I've been meaning to make sure you're aware of flink/linkat
[17:10] <tyhicks> I couldn't think of any potential problems for apparmor, but I'm sure that you can :)
[17:10] <jjohansen> tyhicks: well I remember seeing it, and making my self a note that got lost in all the other notes
[17:10] <jjohansen> yes it is going to rework some work around our link rules
[17:11] <jjohansen> but, I need to trace the security hooks because I don't think they are sufficient to mediate it
[17:12] <jjohansen> or more correctly currently only the inode hook is, mediating it
[17:12] <tyhicks> ah
[17:13] <jjohansen> anyways that it from me sarnold your up
[17:13] <jdstrand> sarnold: hold on a sec
[17:14] <jdstrand> jjohansen: I didn't recognize the IPC work items in your list this week-- would it be helpful/possible to shuffle some work around to free up some time?
[17:15] <jjohansen> jdstrand: sorry that is the "current apparmor work items" bit
[17:15] <jdstrand> jjohansen: related: flink/linkat is for 3.11-- are we going to ship 3.11 in 13.10 and if not, is that something we can/should put on the backburner for a bit?
[17:15] <jjohansen> jdstrand: saucy will be 3.11
[17:15] <jdstrand> ok
[17:16] <jjohansen> that isn't to say I won't go only as far as getting the info to file a bug on this item for this week, and deal with it later
[17:16] <jdstrand> oh, why was I thinking we had 3.10 still
[17:17] <tyhicks> I think the switch just happened
[17:17] <jdstrand> oh, hah, cause it happened today :)
[17:18] <jjohansen> jdstrand: no the switch happened last week when tim rebased to -rc4
[17:19] <jjohansen> we had issues in the 3.11 kernel where I couldn't even get the machine to boot in -rc2, and the kt was shaking out a couple issues in -rc3
[17:19] <jdstrand> maybe-- but I see 3.10.0-6.17 was only superceded a little while ago
[17:19] <jdstrand> (in saucy release)
[17:19] <jdstrand> anyhoo, doesn't matter
[17:20] <jdstrand> superseded
[17:21] <jdstrand> jjohansen: so, aiui, you've got the stuff you listed and you don't think it will take an inordinate amount of time (something that will take longer will be planned/done later) and you plan to work on ipc still?
[17:22] <jdstrand> is that accurate?
[17:22] <jjohansen> jdstrand: yes
[17:22] <jdstrand> ok, cool, thanks. sorry if I was being dense :)
[17:22] <jdstrand> sarnold: you're up
[17:24] <sarnold> I'm in the happy place the week; I've got (at least one) MIR audit (click-apparmor), and I've grabbed an update for maas to do. I may steal some of jdstrand's MIR audits as needed.
[17:24] <sarnold> and of course, if there are apparmor patches posted, reviewing them will be my top priority.
[17:24] <sarnold> I believe that's me
[17:25] <sarnold> chrisccoulson: you're up
[17:25] <chrisccoulson> hi
[17:25] <chrisccoulson> last week, i got firefox and thunderbird out. everything's been pretty quiet since then, which I'll assume is a good thing :)
[17:25] <jdstrand> \o/
[17:25] <mdeslaur> chrisccoulson: did you see my critical firefox bug?
[17:26] <sarnold> \o/
[17:26] <chrisccoulson> also, i added support for multiple browser contexts to oxide, which hopefully means that it's possible to have webviews with different profile folders now :)
[17:26] <jdstrand> neat :)
[17:26] <sbeattie> \o/
[17:26] <mdeslaur> \o/
[17:26] <jdstrand> chrisccoulson: that reminds me, I owe you and ubuntu-devel@ an email regarding oxide
[17:26] <sarnold> very cool :)
[17:27] <jdstrand> (that was one of the things I was planning to follow-up on this week)
[17:27] <chrisccoulson> i'm still working on the user script support, which i plan to continue this week. i wanted to get the browser context stuff out of the way first, as i'm making user scripts per-context rather than per-webview, and i didn't want to have to refactor everything later on :)
[17:27] <chrisccoulson> i'm  not sure if anyone has been following https://code.launchpad.net/~chrisccoulson/oxide/oxide.trunk ?
[17:28] <sarnold> sorry, no
[17:28] <chrisccoulson> that's ok ;)
[17:28] <chrisccoulson> i think that's me done
[17:28] <mdeslaur> chrisccoulson: wow, a lot of work in there
[17:28] <chrisccoulson> mdeslaur, yeah, it's slowly getting there :)
[17:30] <jdstrand> [TOPIC] Highlighted packages
[17:30] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:30] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ngircd.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/glusterfs.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/shibboleth-sp2.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-python.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/darktable.html
[17:30] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:30] <jdstrand> sarnold pointed out that the community supported drupal7 packages could use some attention on earlier released (particularly 12.04). See http://people.canonical.com/~ubuntu-security/cve/pkg/drupal7.html for details.
[17:31] <jdstrand> Does anyone have any other questions or items to discuss?
[17:37] <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
[17:37] <jdstrand> #endmeeting
[17:37] <meetingology> Meeting ended Mon Aug 12 17:37:21 2013 UTC.
[17:37] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-12-16.58.moin.txt
[17:37] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-12-16.58.html
[17:37] <tyhicks> thanks
[17:37] <jjohansen> thanks jdstrand
[17:37] <sarnold> thanks jdstrand
[17:37]  * pinky is away: Away
[17:37] <mdeslaur> thanks jdstrand!
[19:21] <barry> !dmb-ping
[19:22] <micahg-work> was any non-DMB member here for the DMB meeting?
[19:26] <ScottK> \0