[16:42] <jdstrand> hi!
[16:42] <mdeslaur> o/
[16:42] <tyhicks> hello
[16:42] <jdstrand> #startmeeting
[16:42] <meetingology> Meeting started Mon Dec  9 16:42:55 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:42] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:42] <jdstrand> The meeting agenda can be found at:
[16:42] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:42] <jdstrand> [TOPIC] Announcements
[16:43] <jdstrand> Thanks to Ritesh Khadgaray (ritz) for providing preliminary patches for pixman for precise-saucy (LP: #1197921). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[16:43] <jdstrand> [TOPIC] Weekly stand-up report
[16:43] <jdstrand> I'll go first
[16:43] <jdstrand> I'm in the happy place this week
[16:43] <jdstrand> I've got another short week
[16:44] <jdstrand> I'm working on some pending updates
[16:44] <jdstrand> I've also got some apparmor-easyprof-ubuntu work items to do to unblock mardy
[16:44] <jdstrand> and more 14.04 planning
[16:44] <jdstrand> mdeslaur: you're up
[16:44] <mdeslaur> I'm on triage this week
[16:44] <mdeslaur> and have just published gimp updates
[16:45] <mdeslaur> I have a few more updates I'm working on
[16:45] <mdeslaur> and am still going down the list, etc.
[16:45] <mdeslaur> that's it from me, sbeattie, you're up
[16:46] <tyhicks> I don't think he's here so I'll go ahead
[16:46] <tyhicks> I'm still hardening the goldfish kernel config
[16:47] <tyhicks> I need to investigate one test failure when running test-click-apparmor.py on goldfish with apparmor enabled
[16:47] <tyhicks> After that, I'll prepare apparmor and dbus uploads to add support for an 'eavesdrop' permission (all of the code is already written)
[16:47] <tyhicks> Then I'll start on the user data encryption work items
[16:47] <tyhicks> that's it for me
[16:47] <tyhicks> jjohansen: you're up
[16:48] <tyhicks> oh, I know he's not here today
[16:48] <tyhicks> sarnold: you're up
[16:49] <sarnold> I'm on community this week
[16:49] <sarnold> I'll be going through some apparmor patches, I know there's still a few left on the list that I haven't reviewed yet
[16:49] <sarnold> and I'll be handling some MIR audits
[16:50] <tyhicks> there's not many patches left - thanks for reviewing so many last week :)
[16:50] <sarnold> I think that's it for me, chrisccoulson, you're up :)
[16:50] <sarnold> woo :)
[16:50] <chrisccoulson> hi :)
[16:50] <chrisccoulson> this week, i've got firefox and thunderbird updates
[16:50] <chrisccoulson> and going to get chromium out too
[16:51] <chrisccoulson> also, trying to get oxide to build successfully on arm, which is proving to be less fun than i imagine ;)
[16:51] <chrisccoulson> **imagined
[16:51] <jdstrand> chrisccoulson: is is more gyp-finagling?
[16:51] <jdstrand> s/is is/is it/
[16:51] <chrisccoulson> jdstrand, out of memory when linking
[16:51] <sarnold> owwwww
[16:51] <chrisccoulson> i'm currently trying a build with gold
[16:51] <chrisccoulson> i have another option if that fails
[16:51] <jdstrand> classic
[16:51] <chrisccoulson> heh
[16:52] <chrisccoulson> so it's going to be a busy last few days for me before i finish for christmas
[16:52] <jdstrand> curious that we can get chromium to build but not oxide
[16:53] <chrisccoulson> jdstrand, we do a component build of chromium, which carves up all of the modules in to lots of small libraries
[16:53] <jdstrand> is chromium-browser doing anything special to work around that?
[16:53] <chrisccoulson> it's really only a developer option
[16:53] <jdstrand> I see
[16:53] <chrisccoulson> and also, the blink debug symbols are disabled
[16:53] <chrisccoulson> we need cross builds ;)
[16:53] <chrisccoulson> anyway, i think that's me done
[16:54] <jdstrand> if your remainging to options don't work, perhaps talk to slangasek (or infinity) on options?
[16:54] <jdstrand> s/remainging to/remaining two/
[16:55] <chrisccoulson> jdstrand, the component build option would work, although i'd need to make some changes to oxide to support that
[16:55] <jdstrand> that sounds like it would be quite a bit more work
[16:55] <jdstrand> I thought all this was supposed to be fixed with the new armhf boxes...
[16:55] <sarnold> armhf isn't 64 bit :/
[16:55] <mdeslaur> chrisccoulson: are we getting a chromium-browser release this week?
[16:55] <chrisccoulson> yeah, that's the main problem
[16:55] <chrisccoulson> mdeslaur, yeah
[16:56] <mdeslaur> chrisccoulson: oh, sorry, didn't see that comment above
[16:56] <jdstrand> well, neither is the i386 buildd
[16:57] <jdstrand> or am I missing something?
[16:58] <jdstrand> chrisccoulson: ^
[16:58] <chrisccoulson> jdstrand, not sure. perhaps the linker on arm just uses more memory?
[16:59] <mdeslaur> perhaps the builders have less ram?
[16:59] <jdstrand> ok, well, I think it might make sense to talk to some arm buildd experts before going the component build route (if we are facing that)
[16:59] <chrisccoulson> sure
[16:59] <jdstrand> mdeslaur: that is what I thought, which is why I thought this was all fixed with the new armhf boxes
[16:59] <mdeslaur> they doubled from "almost none" to "slightly more" I believe :)
[16:59] <jdstrand> maybe the buildd that is getting assigned isn't a new one. infinity could definitely answer those questions
[17:00] <jdstrand> anyhoo
[17:00] <jdstrand> let's move on
[17:00] <jdstrand> TOPIC] Highlighted packages
[17:00] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:00] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html
[17:00] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:00] <jdstrand> Does anyone have any other questions or items to discuss?
[17:02] <tyhicks> It looks like bug #1158500 is something that we'll need to address
[17:03] <tyhicks> especially now that audit is in main
[17:04] <slangasek> chrisccoulson: "we need cross-builds" - cross-building chromium-browser should work, it's just not a complete analogue to what you get with a native build (so won't let you debug all native build failures)
[17:04] <tyhicks> I'm not going to have the cycles to look into it this week, but it is something that will need to be thought out in time for trusty
[17:04] <sarnold> tyhicks: oww :/
[17:04] <mdeslaur> tyhicks: I think that would be a kernel team issue, no?
[17:04] <tyhicks> mdeslaur: possibly
[17:05] <mdeslaur> tyhicks: I'd attempt tricking them into taking it first :P
[17:05] <mdeslaur> oh wait, universe, it's community supported
[17:06] <tyhicks> mdeslaur: it was universe for precise
[17:06] <mdeslaur> yep
[17:06] <tyhicks> mdeslaur: it will be in main for trusty, which will have the same problem
[17:06] <mdeslaur> how so?
[17:07] <tyhicks> lts kernel updates will cause the syscall table to be updated
[17:07] <mdeslaur> oooh, yeah, point the kernel team at it then
[17:07] <mdeslaur> it just needs a rebuild?
[17:07] <tyhicks> I don't know
[17:08] <tyhicks> I'm not sure where it gets the syscall table from
[17:08] <mdeslaur> ok
[17:08] <jdstrand> if it gets a rebuild, would that break the release kernel?
[17:09] <tyhicks> I'd think so
[17:09] <jdstrand> yikes
[17:09] <jdstrand> tyhicks: can I add a work item for you to followup with the kernel team on the bug?
[17:09] <tyhicks> jdstrand: sure
[17:09] <jdstrand> tyhicks: then we can go from there on who does what
[17:11] <jdstrand> I imagine we would handle it similarly to the xorg stack
[17:11] <jdstrand> (ie different packages to go with that kernel)
[17:11] <jdstrand> but I don't know what that would look like
[17:11] <mdeslaur> yeah, I think they already have a list of packages they need to update/repackage, so that would need to be added
[17:12] <tyhicks> ah, I didn't realize that was a possibility
[17:13] <jdstrand> mdeslaur, tyhicks, sarnold, chrisccoulson: thanks!
[17:13] <jdstrand> #endmeeting
[17:13] <meetingology> Meeting ended Mon Dec  9 17:13:57 2013 UTC.
[17:13] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-12-09-16.42.moin.txt
[17:13] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-12-09-16.42.html
[17:13] <sarnold> thanks jdstrand :)
[17:14] <tyhicks> thanks!
[17:15] <mdeslaur> thanks jdstrand!