/srv/irclogs.ubuntu.com/2013/11/04/#ubuntu-meeting.txt

=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
=== Ursinha_ is now known as Ursinha
=== fader_ is now known as fader
=== freeflying is now known as freeflying_away
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
jdstrandhi!16:33
tyhickshello16:33
jdstrand#startmeeting16:33
meetingologyMeeting started Mon Nov  4 16:34:17 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:33
meetingologyAvailable commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired16:33
jdstrandThe meeting agenda can be found at:16:33
jdstrand[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:33
jdstrand[TOPIC] Announcements16:33
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
jdstrandThanks to the following individuals:16:34
jdstrandChristian Biamont (christianbiamont) provided a debdiff for precise for xml-security-c (LP: #1192874)16:34
ubottuLaunchpad bug 1192874 in xml-security-c (Ubuntu Saucy) "heap overflow while processing InclusiveNamespace PrefixList" [Undecided,Fix released] https://launchpad.net/bugs/119287416:34
jdstrandFelix Geyer (debfx) provided debdiffs for precise-raring for libapache2-mod-fcgid (LP: #1238242)16:34
ubottuLaunchpad bug 1238242 in libapache2-mod-fcgid (Ubuntu Lucid) "CVE-2013-4365: possible heap buffer overwrite" [Undecided,New] https://launchpad.net/bugs/123824216:34
jdstrandFelix Geyer (debfx) provided debdiffs for precise-raring for ejabberd (LP: #1239307)16:34
ubottuLaunchpad bug 1239307 in ejabberd (Ubuntu Lucid) "Allows SSLv2 and weak ciphers" [Undecided,New] https://launchpad.net/bugs/123930716:34
jdstrandchristianbiamont, debfx: Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)16:34
jdstrand[TOPIC] Weekly stand-up report16:34
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
chrisccoulsonhi!16:34
jdstrandI'll go first16:34
jdstrandI'm on triage this week16:35
jdstrandI've got quite a few things to catch up on from being at the sprint last week16:35
jdstrandalso I need to process/communicate outcomes from sprint next week16:35
jdstrandin general, there shouldn't be any surprises for our team16:36
jdstrandnothing major was added to our plans for 14.04 and 14.1016:36
jdstrandI will be doing a click-apaprmor upload to sponsor a fix for cjwatson. I'm getting some CI testing going around click-apparmor which is why I haven't updated it yet16:37
jdstrandI hope to have that today or tomorrow at the latest16:37
jdstrandI know tyhicks wants me to sponsor an apparmor upload16:38
jdstrandI think that's it for me16:38
jdstrandmdeslaur: you're up16:38
mdeslaurhi! I'm on community this week16:38
mdeslaurI'm currently pushing out libav updates16:38
mdeslaurFYI, the libav and ffmpeg codebases have diverged to the point of it being unreasonable to track both using the same set of CVEs16:38
mdeslauras such, I've updated the CVEs in the tracker16:39
jdstrandoh, interesting16:39
jdstrandmdeslaur: updated as in, updated the boilerplate?16:39
mdeslaurjdstrand: as in added README.libav, killing the boilerplate, and marking existing cves as ignored or not-affected for libav16:39
jdstrandcool16:40
mdeslaurwe shouldn't track ffmpeg CVEs as affecting libav16:40
jdstrandI noticed libav is now in universe in trusty16:40
sarnolddoes kurt agree?16:40
mdeslaurtomorrow I'm off, and further down this week, I plan on finishing my merges and picking up some more updates16:41
mdeslaursarnold: no idea16:41
mdeslaursarnold: but the CVE descriptions never had "libav" in them16:41
mdeslaurand I can't track vulnerabilities/commits across them16:42
mdeslaurand libav is commiting a whole slew of independant security fixes now without asking for CVEs16:42
mdeslauranyway, that's it from me16:43
mdeslaursbeattie: you're up16:43
mdeslaurhrm, sbeattie seems to be MIA16:44
tyhicksI'll go16:45
tyhicksI'll wrap up a pending apparmor upload today and hand it off to jdstrand (thanks!)16:45
tyhicksThen I need to look into an ecryptfs/apparmor kernel bug that I hit last week16:45
tyhicksI also have some merges that I need to do16:45
tyhicksoh, and I need to look at enabling yama on the mobile kernels16:46
tyhicksthat's it for me16:46
tyhicksjjohansen: you're up16:46
tyhickssarnold: lets go to you16:47
sarnoldhehe16:48
sarnoldit appears I'm in my happy place again this week \o/16:48
sarnoldI've been getting the hang of both canonistack and smo ser's virtual maas deployment scripts with an eye towards being able to do some maas update testing16:49
sarnoldI've prepared new versions of the maas updates for release hopefully this week -- it depends if the -proposed updates have moved into the -updates queue yet or not.16:49
mdeslaursarnold: \o/16:50
sarnold(bigjools had finished the last verification-needed test last week, so I hope the automated framework moved them through by now)16:50
sarnoldmdeslaur: yeah, it'll be nice to finally cross these two off the list :)16:50
jdstrandwhich two?16:51
sarnoldunfortunately smo ser's older script isn't his preferred testing method, and I had trouble getting the newer script to work, but I think his older script will work well enough for a starting point for documenting how the whole thing works..16:52
sarnoldjdstrand: CVE-2013-1057 and CVE-2013-105816:52
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1057)16:52
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1058)16:52
jdstrandah, two CVEs, yes (I thought you were talking about source packages)16:52
sarnoldah :)16:52
sarnoldonce this is done I may do another MIR or pick up an update, depending upon mdeslaur's preference :)16:53
* mdeslaur consults magic 8 ball16:53
sarnoldchrisccoulson: your turn :)16:53
chrisccoulsonchromium is up to date now (had mozilla updates last week as well)16:54
sarnold\o/16:54
jdstrand\o/16:54
mdeslaurchrisccoulson: woot!16:54
chrisccoulsonthis week i shall be helping get people up and running with oxide16:54
mdeslaur\o/16:56
chrisccoulsoni'm currently trying to improve the workflow for maintaining the chromium patches in oxide. there were various issues at the end of last week16:56
jdstrandinteresting16:56
chrisccoulsonother than that, i'll be back on to the usual again :)16:56
jdstrandchrisccoulson: so, oxide made a big splash last week-- you should be getting the help now16:56
chrisccoulsonjdstrand, excellent, thanks16:56
chrisccoulsonjdstrand, you did a presentation didn't you?16:57
jdstrandI did16:57
chrisccoulsonjdstrand,  how did that go?16:58
jdstrandchrisccoulson: well-- most everyone realized it was the plan of record16:59
jdstrandchrisccoulson: phonedations had a number of questions cause we hadn't brought them into the loop before that (though they were in the meeting in april and saw the emails on it stating it was the plan)16:59
jdstrandchrisccoulson: they've done quite a bit of work on qtwebkit to make sure it works well on armhf17:00
chrisccoulsonah, ok. although i can't imagine it working that well, with no jit ;)17:00
jdstrandchrisccoulson: and I imagine they will also start helping out soon (eg rsalveti). but like I said elsewhere-- getting you the armhf hardware and you can do some benchmarks marks to give to them17:01
jdstrandyeah, I don't have the details. you and rsalveti should definitely talk at some point though17:01
chrisccoulsonyeah, that's cool17:01
jdstrandI want to update/form a new bp for oxide for this cycle17:01
jdstrandwe can talk more about that this week17:02
jdstrandoh, yes, that is another thing I have to do-- work with mdeslaur and all of you on bps for vUDS17:02
jdstrandI don't know that we'll have an oxide session-- I think the work is known. we'll discuss later17:03
jdstrandchrisccoulson: did you have any other questions or anything else to report?17:03
chrisccoulsonjdstrand, no, i think that's me done17:03
jdstrand[TOPIC] Highlighted packages17:04
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
jdstrandThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.17:04
jdstrandSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.17:04
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/openjpa.html17:04
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html17:04
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/sanlock.html17:04
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/rawstudio.html17:04
jdstrandhttp://people.canonical.com/~ubuntu-security/cve/pkg/lighttpd.html17:04
jdstrand[TOPIC] Miscellaneous and Questions17:04
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
jdstrandDoes anyone have any other questions or items to discuss?17:04
jdstrandmdeslaur, tyhicks, sarnold, chrisccoulson: thanks!17:05
jdstrand#endmeeting17:05
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Nov  4 17:06:23 2013 UTC.17:05
meetingologyMinutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-11-04-16.34.moin.txt17:05
meetingologyMinutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-11-04-16.34.html17:05
mdeslaurthanks jdstrand!17:06
tyhicksthanks!17:06
sarnoldthanks jdstrand :)17:07
tumbleweed!dmb-ping19:02
ubottubdrung, ScottK, Laney, micahg, barry, tumbleweed, stgraber: DMB ping19:02
* stgraber waves19:02
tumbleweed(not that it looks like we need a meeting)19:02
* barry waves19:02
barryno utlemming again this time afaict19:02
ScottKo/19:03
tumbleweedhe does appear to be on freenode, just not in here19:03
utlemminghi, I'm here19:04
barryawesome!19:04
barrybdrung: you're chairing today, if you're around19:05
* bdrung comes around19:10
bdrung#startmeeting19:10
meetingologyMeeting started Mon Nov  4 19:10:55 2013 UTC.  The chair is bdrung. Information about MeetBot at http://wiki.ubuntu.com/meetingology.19:10
meetingologyAvailable commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired19:10
bdrungno previous action items. let's begin with our applications.19:11
bdrung#topic Per Package Uploader Applications19:12
=== meetingology changed the topic of #ubuntu-meeting to: Per Package Uploader Applications
bdrung#subtopic Ben Howard applying for PPU for walinuxagent  and hv-kvp-daemon-init19:13
bdrung#link https://wiki.ubuntu.com/utlemming/PPUApplication19:13
bdrungutlemming: welcome. can you introduce yourself?19:13
utlemminghi, I'19:13
utlemmingI'm Ben Howard and I spend my days in the cloud19:13
utlemmingI rather enjoy working on Ubuntu and maintain those two packages, working with sponsors19:14
utlemmingand I build the Cloud Images for Ubuntu19:14
stgraberso just a few random questions to get started ;)19:15
stgraberare you subscribed to ubuntu-devel-announce?19:15
utlemminger, I am not...but will be shortly :)19:16
stgrabergood :)19:16
utlemmingand done19:16
stgraber(sorry, trying to think about some clever questions, and failing at the moment ;))19:19
stgraberso those two packages are Azure specific, right? are there equivalents for other cloud platforms that you'll end up maintaining? or is Azure special in that regard?19:21
utlemmingindeed, they are specific to Azure. The other package that I do a lot of work on is cloud-init. However, I lean on Scott Moser for that.19:22
utlemmingthere are no other packages at this time that I maintain as part of cloud work....and I would like to keep it that way. The goal is to put all that stuff into Cloud-init.19:22
tumbleweedutlemming: is walinuxagent something that we want to get into Debian too?19:24
utlemmingtumbleweed: yes, and there is a version in Debian called waagent. However, I have been unssuccesful in working with the debian maintainer.19:25
tumbleweedoh, it's the same thing19:26
utlemmingtumbleweed: our version, however, is much cleaner as we've made cloud-init to handle the majority of the work. So we do carry a delta.19:26
tumbleweedyeah, that's unfortunate19:26
utlemmingtumbleweed: that said, I have worked with MS to get some our changes upstreamed, including carrying our init scripts and packaging to make maintance easier.19:27
tumbleweeddoes it make sense for ubuntu to have both walinuxagent and waagent? shouldn't we be dropping one or rebasing onto debian's package?19:28
bdrungat least the package name should be the same19:29
utlemmingbdrung: if you look at the debian logs, they used our early version of the package to create waagent19:29
barryutlemming: can you go into any detail about the debian maintainer issues?19:30
utlemmingbarry: we introduced the intial version of the walinuxagent ~ 12.04 time frame, while walinuxagent was still having a lot of issues. I worked with MS to get those straigtened out. The Debian guys decided to package it, and introduced waagent based on our packaging. In the 12.10 and then 13.04 I reached out asking about merging the packages and removing the differences, which fell on deaf ears.19:31
barryutlemming: did they just not respond?  are the orig maintainers still interested in maintaining the package in debian?19:33
tumbleweedon a related topic, are you aware of the (fairly low traffic) debian-cloud list?19:33
utlemmingbarry: no response. I haven't followed up in while -- I intend on following up on that latter19:33
utlemmingtumbleweed: yes, I am and I am on it19:34
utlemmingtumbleweed: I even hang out on their IRC channel19:34
barryutlemming: cool19:34
tumbleweedok. hopefully we can solve this some day19:34
tumbleweedbut in the meantime, shouldn't we rename our walinuxagent source package? or remove waagent in Ubuntu?19:34
utlemmingtumbleweed: that is a great question. waagent today exists as MS's originally saw it, while walinuxagent now requires cloud-init and uses cloud-init to behave like a cloud instance.19:36
barrytumbleweed: maybe schedule that for later in trusty if the issue can't be resolved in debian?19:36
utlemmingtumbleweed: for cloud-images, we want them to behave like cloud-images and so we use walinuxagent + cloud-init.19:36
stgraberif our changes are a relatively clean set on top of upstream, then applying those on waagent instead (and killing walinuxagent) would make more sense19:37
stgraberif we've diverged to the point where we heavily change the upstream source tarball, then a separate source name isn't entirely unreasonable19:37
utlemmingI can agree with that position. Mostly our changes are configuration changes.19:37
stgraberbut we should then blacklist and remove waagent from the archive19:37
bdrungit depends what name is preferred. waagent or walinuxagent?19:38
stgraberwell, whatever Debian uses is usually best, if only for dependencies19:38
infinityAm I fashionably late?19:38
stgraberinfinity: no, just late ;)19:38
utlemmingI would probably blacklist waagent, simply because it is a dangerous package. Part of packaging is to prevent it from hosing a system on installation.19:38
infinityScottK asked me to pop in and repeat something I told him in private.19:38
infinity12:19 <ScottK> Is utlemming ready for PPU rights for the Azure stuff?19:38
infinity12:25 <infinity> I don't think I've had to fix any of his uploads for a while now, so probably.  As long as he's saying the right things about being sane and getting reviews.19:38
infinitySo, there.   My work here is done. :)19:38
ScottKThanks.19:39
tumbleweedthanks infinity19:39
bdrungmaybe it would be good to file a bug against waagent in the BTS to ask for an opinion. either we should adopt the Debian name or Debian should adopt Ubuntu's name.19:39
utlemmingI can take that as a work item for this cycle19:39
bdrungdepending on the outcome, one of the two source package should be removed (and all needed changed applied to the remaining source package)19:40
stgraberoh, I guess I should also publicly state this since I've only done so in private to the board. I've been doing a fair amount of SRU review mostly of walinuxagent and haven't seen any problem with those so far. utlemming does a good job of getting all the right bits SRUed where it matters and keeping track of the state of Ubuntu Server on Azure.19:41
bdrung#vote Should Ben Howard get upload rights for walinuxagent and hv-kvp-daemon-init and get Ubuntu membership?19:43
meetingologyPlease vote on: Should Ben Howard get upload rights for walinuxagent and hv-kvp-daemon-init and get Ubuntu membership?19:43
meetingologyPublic votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)19:43
stgraber+119:43
meetingology+1 received from stgraber19:43
tumbleweed+119:43
meetingology+1 received from tumbleweed19:43
barry+119:43
meetingology+1 received from barry19:43
bdrung+119:43
meetingology+1 received from bdrung19:43
infinityutlemming: Congrats.19:44
utlemming:)19:44
ScottK+119:44
meetingology+1 received from ScottK19:44
bdrung#endvote19:44
meetingologyVoting ended on: Should Ben Howard get upload rights for walinuxagent and hv-kvp-daemon-init and get Ubuntu membership?19:44
meetingologyVotes for:5 Votes against:0 Abstentions:019:44
meetingologyMotion carried19:44
bdrungutlemming: congrats.19:45
stgraberutlemming: so normally I'd grant you those rights immediatel,y however since I've expired from the technical board and no new board has been elected since, it'll take a little while.19:45
stgraberutlemming: I'll have to poke the Launchpad folks to figure out whether someone can cowboy the ACL in there for me ;)19:45
utlemmingack, sounds good19:46
bdrungutlemming: I consider having PPU + Ubuntu Membership to be more than Ubuntu Contributing Developer (which just grants recognition and Ubuntu membership). do you still want to become Ubuntu Contributing Developer?19:47
utlemminger, I think that PPU + Ubuntu Membership is fine19:47
utlemmingI'll work towards MOTU next19:48
bdrung#topic Any other business19:49
=== meetingology changed the topic of #ubuntu-meeting to: Any other business
bdrunganything else to discuss?19:49
stgrabernothing here19:50
tumbleweednor here19:50
barrysame19:50
bdrungokay.19:50
bdrungmicahg will be the next chair (following our list)19:51
bdrungthanks for coming.19:51
bdrung#endmeeting19:51
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Nov  4 19:51:40 2013 UTC.19:51
meetingologyMinutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-11-04-19.10.moin.txt19:51
meetingologyMinutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-11-04-19.10.html19:51
barrythanks bdrung19:51
bdrungyou're welcome.19:51
=== Ursinha-afk is now known as Ursinha
=== Ursinha is now known as Ursinha-afk

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!