[16:34] <jdstrand> hi!
[16:34]  * sbeattie waves
[16:34] <jdstrand> #startmeeting
[16:34] <meetingology> Meeting started Mon Aug 19 16:34:32 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:34] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:34] <jdstrand> The meeting agenda can be found at:
[16:34] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:34] <jdstrand> [TOPIC] Weekly stand-up report
[16:34] <jdstrand> I'll go first
[16:34] <jdstrand> I'm on community this week
[16:35] <jdstrand> I have some bug triage to finish up
[16:35] <jdstrand> I have pending updates I'm working on
[16:35] <jdstrand> I've also been bootstrapping appstore review scripts
[16:35] <jdstrand> I also hope to test/sponsor tyhick's pending apparmor/dbus upload
[16:35] <jdstrand> mdeslaur: you're up
[16:36] <mdeslaur> I'm in the happy place this week
[16:36] <mdeslaur> I start my holiday on wednesday, until the 3rd
[16:36] <mdeslaur> so I'll basically be upgrading my laptop to saucy today, and that's pretty much it
[16:36] <mdeslaur> and will possibly do some triage/research
[16:36] <mdeslaur> that's it for me, sbeattie
[16:37] <sbeattie> mdeslaur: enjoy your holiday
[16:37] <sbeattie> I'm on apparmor this week
[16:37] <sbeattie> I'm focused on writing additional testcases for the regression tests, in particular IPC.
[16:38] <sbeattie> ... which is pretty much it for me.
[16:38] <sbeattie> tyhicks: you're up
[16:40] <sbeattie> oh wait, tyhicks is off today.
[16:40] <sbeattie> sarnold: I think you're up.
[16:41] <sarnold> I'm on triage this week, working on an embargoed update, and doing MIR audits
[16:42] <sarnold> I'm also playing with different published kernels to try to find one that does kvm / qemu / libvirt without any problems. some kernels run VMs fine but I'm having trouble creating VMs, which is a big necssary for the update I'm working on..
[16:43] <jdstrand> erf
[16:43] <sarnold> yeah. I kinda wish I had a precise machine around for this kind of stuff. :)
[16:44] <sarnold> oh well :) chrisccoulson, you're up :)
[16:44] <jdstrand> I don't see why a kernel would fail on creating a vm vs running it
[16:44] <chrisccoulson> hi :)
[16:44] <jdstrand> (well, unless running it causes problems, like 3.10 with vmvga)
[16:44] <sarnold> jdstrand: no, me neither, it might also be libvirt's fault.. :)
[16:44] <chrisccoulson> this week, i'm mostly working on a messaging API for oxide (to allow content scripts to pass messages to the application), so that i can finally start adding some proper tests
[16:45] <chrisccoulson> last week was quite a productive week :)
[16:46] <chrisccoulson> there's also a firefox 23.0.1 (which is already released actually). it's not a security driven update and from looking at the bug list, i'm not convinced it's worth spending time on to update
[16:47] <chrisccoulson> i think that's me done
[16:48] <jdstrand> [TOPIC] Highlighted packages
[16:48] <jdstrand> he Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:48] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/open-vm-tools.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/hawtjni.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/elinks.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gollem.html
[16:49] <jdstrand> [TOPIC] Miscellaneous and Questions
[16:49] <jdstrand> Does anyone have any other questions or items to discuss?
[16:51] <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson: thanks!
[16:51] <jdstrand> #endmeeting
[16:51] <meetingology> Meeting ended Mon Aug 19 16:51:24 2013 UTC.
[16:51] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-19-16.34.moin.txt
[16:51] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-08-19-16.34.html
[16:51] <sarnold> thanks jdstrand :)
[16:51] <sbeattie> jdstrand: thanks!
[16:51] <mdeslaur> thanks jdstrand!
[19:59] <kees> \o
[19:59]  * pitti waves hello
[19:59] <kees> heya
[20:00] <pitti> cjwatson is on holidays
[20:00] <pitti> soren sent apols
[20:00] <pitti> hm, no mdz either
[20:00] <pitti> stgraber: est-ce que tu es ici ?
[20:03]  * stgraber waves
[20:03] <stgraber> pitti: oui
[20:06]  * pitti currently reads the openvswitch SRU request
[20:06] <pitti> that seems to be the only agenda item today?
[20:07] <stgraber> yeah, there's also kees who gave an updated list of MRE but I think I'd want more time to look at those or have the number of bugs and number of uploads that caused regressions before I can decide whether to turn some of those into full MREs
[20:08] <pitti> yeah, me too; the preliminary report doesn't yet have the information about how well these went
[20:09] <stgraber> for openvswitch, I think I'm happy with a provisional MRE for now, in line with what openstack has already
[20:09] <kees> stgraber: I've almost got the error report counts...
[20:10] <kees> although since they're all zero, I don't trust it.
[20:11] <stgraber> openvswitch has been SRUed multiple times in the past but never to get a full upstream version (that I can see), so a provisional MRE seems appropriate
[20:11] <stgraber> if all goes well and the next few uploads based on an upstream point release look good, I'd be happy to turn it into a full MRE
[20:11] <pitti> the upstream test suite looks quite fine, but the autopkgtest is timing out
[20:12] <pitti> but in general I agree
[20:12] <stgraber> well, autopkgtest isn't terribly useful for an LTS anyway
[20:12] <pitti> well, for the next one it will be :)
[20:12] <stgraber> (I was meaning to point that out as a reply to the original e-mail but didn't get to it)
[20:12] <stgraber> only if someone looks at the results
[20:13] <stgraber> publishing from -proposed to -updates is manual for stable releases so autopkgtest won't prevent the package from reaching the users
[20:13] <pitti> well, I assume we'll keep the britney gatewaying for SRUs?
[20:13] <stgraber> not that I know of. britney is meant to gateway the dev release, not stable releases
[20:14] <pitti> ah, ok; so I guess that should become part of the SRU report
[20:14] <stgraber> yep, that'd be good
[20:15] <stgraber> we certainly could run britney on stable and have it consider everything as "blocked" so that it needs an hint to get copied over to -updates (that way we'd still benefit from the rest of the checks) but I don't think we have any plan to actually do this, so I wouldn't count on it
[20:16] <pitti> stgraber: I think it's enough if http://people.canonical.com/~ubuntu-archive/pending-sru.html points out test regressions
[20:16] <pitti> no need to make the copying tools more complicated
[20:16] <stgraber> yep, I can certainly agree with that :)
[20:17] <pitti> kees: any reservations against an openvswitch provisional MRE?
[20:17] <kees> pitti: seems fine to me.
[20:17] <kees> so, in doing the error review of the existing pMREs, it seems there are no servers reporting crashes. :)
[20:18] <stgraber> kees: that'd make sense, whoopsie doesn't report anything on those IIRC :)
[20:18] <kees> right :(
[20:18] <pitti> yeah, we don't exactly make it easy to do that
[20:18] <pitti> it's much easier in saucy now, but I doubt that many server admins would want to enable that
[20:18] <kees> because the whole glance, horizon, etc stack shows 0 errors, and libreoffice .... not so much
[20:18] <kees>     libreoffice, quantal updates: 1
[20:18] <kees>         2012-11-19 1:3.6.2~rc2-0ubuntu4
[20:18] <kees>             error report count: 40
[20:19] <kees> I'll have to report both error count and bugs-in-specific-version.
[20:23] <kees> anyway, I'll continue working on the report.
[20:23] <pitti> kees: thanks
[20:23] <pitti> so it seems we are done?
[20:23] <kees> yeah
[20:24]  * pitti responds to MRE request mail
[20:25] <kees> thanks!
[20:27] <stgraber> thanks pitti
[20:29] <pitti> done, and ttps://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions updated
[20:29] <pitti> good night