[16:41] <mdeslaur> \o
[16:41] <jjohansen> o/
[16:41] <jdstrand> hi!
[16:41] <tyhicks> hello
[16:41] <jdstrand> #startmeeting
[16:41] <meetingology> Meeting started Mon Mar 17 16:41:34 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:41] <meetingology> Available commands: action commands idea info link nick
[16:41] <jdstrand> #startmeeting
[16:41] <jdstrand> The meeting agenda can be found at:
[16:41] <meetingology> jdstrand: Error: Can't start another meeting, one is in progress.
[16:41] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:41] <jdstrand> erf
[16:42] <jdstrand> #endmeeting
[16:42] <meetingology> Meeting ended Mon Mar 17 16:42:06 2014 UTC.
[16:42] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-17-16.41.moin.txt
[16:42] <jdstrand> #startmeeting
[16:42] <meetingology> Meeting started Mon Mar 17 16:42:12 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:42] <meetingology> Available commands: action commands idea info link nick
[16:42] <jdstrand> The meeting agenda can be found at:
[16:42] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:42] <jdstrand> [TOPIC] Review of any previous action items
[16:42] <jdstrand> [ACTION] chrisccoulson send oxide and qtwebkit benchmark results to mailing list
[16:42] <meetingology> ACTION: chrisccoulson send oxide and qtwebkit benchmark results to mailing list
[16:43] <chrisccoulson> that's done
[16:43] <jdstrand> chrisccoulson: cool. where did that go? I haven't gone through all of my email yet from being off friday
[16:44] <chrisccoulson> jdstrand, https://lists.launchpad.net/oxide/msg00003.html
[16:44] <jdstrand> awesome!
[16:44]  * jdstrand hugs chrisccoulson :)
[16:45] <jdstrand> [TOPIC] Weekly stand-up report
[16:45] <jdstrand> I'll go first
[16:45] <jdstrand> I have pending updates
[16:45] <jdstrand> and an embargoed issue
[16:46] <jdstrand> mdeslaur: you're up
[16:46] <mdeslaur> I'm on triage this week
[16:46] <mdeslaur> I just published a couple of usns, and I have a few more that are at the testing stage
[16:47] <jdstrand> mdeslaur: (fyi, sb eattie is off today)
[16:47] <mdeslaur> that's about it, I'll be going down the list after that
[16:47] <mdeslaur> tyhicks: you're up
[16:47] <tyhicks> I submitted v2 of the dbus-daemon patches upstream last friday
[16:48] <jjohansen> \o/
[16:48] <tyhicks> so now I'm looking at kdbus and helping out with apparmor work items this week
[16:48] <tyhicks> if I can get to it, taking another look at the test-kernel-security.py failures on powerpc would be good, too
[16:48] <tyhicks> that's it for me
[16:49] <tyhicks> jjohansen: you're up
[16:49] <jjohansen> I'm pulling my hair out, err working on apparmor again this week.
[16:49] <chrisccoulson> heh :)
[16:50] <jjohansen> There where some qrt test failures that sarnold reported at the end of the week that we need to finish looking in to.
[16:50] <jdstrand> jjohansen: that is 2.8.95 related?
[16:50] <jjohansen> and there are still issues around ipc, with sockets
[16:50] <jjohansen> jdstrand: yes
[16:50] <jdstrand> hrm
[16:51] <jdstrand> do we expect 2.8.95 to land this week?
[16:51] <jdstrand> (that is for sarnold and jjohansen)
[16:52] <jjohansen> jdstrand: I think so
[16:52] <sarnold> jdstrand: I think so, there were more QRT failures on the nexus 4 than I expected, but it was rough even getting it to run there, so perhaps itshouldn't be a surprise
[16:53] <jdstrand> hmm
[16:53] <jjohansen> jdstrand: 2 of the failures are due to things not being supported in the test environment/platform and not being properly detected as such. The others I haven't looked into yet
[16:53] <jdstrand> tyhicks: didn't you do qrt on the nexus 4?
[16:53] <jdstrand> I thought it was working
[16:53] <jdstrand> but might be misremembering
[16:53] <sarnold> jdstrand: .. and I think the 2.8.0 apparmor packaging on the nexus 4 fails your test plan in the same ways as the new 2.8.95 apparmor fails it, so I'm hopeful there :)
[16:53] <tyhicks> jdstrand: I'm pretty sure that I did
[16:54] <tyhicks> but I'd guess that sarnold is talking about testing 2.8.95 on the nexus 4
[16:54] <jdstrand> sarnold: I'm interested in hearing more specifics about that
[16:54] <jdstrand> tyhicks: yes, but just said that 2.8.0 fails similarly
[16:54] <tyhicks> oh
[16:54] <jdstrand> sarnold: we can discuss outside of the meeting
[16:54] <jjohansen> yep
[16:55] <jjohansen> I think that is it from me, sarnold your up
[16:56] <sarnold> I'm on community this week
[16:56] <sarnold> also landing apparmor this week
[16:56] <sarnold> and I still have juju, schroot, strongswan, glusterfs, and cgmanager MIRs to start and finish.
[16:57] <sarnold> so I'm really hoping we can land apparmor today :)
[16:58] <sarnold> I think that's it for me, chrisccoulson you're up :)
[16:58] <chrisccoulson> this week, i've got mozilla updates
[16:58] <chrisccoulson> also planning to land oxide in the archive
[16:59] <chrisccoulson> and finish my ever growing list of oxide code reviews :)
[16:59] <chrisccoulson> and hopefully get https://code.launchpad.net/~chrisccoulson/oxide/network-callbacks merged, which has turned in to quite a significant chunk of work now
[16:59] <chrisccoulson> i think that's me done :)
[17:01] <jdstrand> chrisccoulson: network-callbacks is the lion's share of the UA overrides work you mentioned in the oxide meeting?
[17:03] <chrisccoulson> jdstrand,  it is. but it also contains hooks for storage access permissions (well, currently only cookies, but this is going to be extended to local storage, appcache, indexeddb and webdb as well) too
[17:03] <chrisccoulson> and it has support for third party cookie blocking
[17:03] <jdstrand> ack
[17:03] <jdstrand> [TOPIC] Highlighted packages
[17:03] <jdstrand> he Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:03] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:03] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/slurm-llnl.html
[17:03] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gksu-polkit.html
[17:04] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/lib3ds.html
[17:04] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/google-authenticator.html
[17:04] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libdigidoc.html
[17:04] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:04] <jdstrand> I have some questions related to our major deliverables for 14.04
[17:06] <jdstrand> based on the oxide standup today, oxide should be landing in the archive this week. webbrowser-app will follow after that and there is still quite a bit to do, but it is still believed that we will deliver oxide (and other teams webbrowser-app, UbuntuWebView and webapp-container)
[17:06] <jdstrand> that is awesome
[17:06] <jdstrand> apparmor 2.8.95 seems like it is close and sounds like it should land this week. We really need to make sure it does to pave the way for the next update
[17:07] <jdstrand> jjohansen: you mentioned that there is a bug related to ipc, with sockets. is that the remaining known bug?
[17:07] <jjohansen> the as in singular? no
[17:08] <jjohansen> its one of the remaining problems
[17:08] <jjohansen> v5 behavior (old kernel should be fine)
[17:08] <jdstrand> jjohansen: assuming 2.8.95 was fixed and landed in the archive, what is left for landing ipc?
[17:08] <jjohansen> new kernel has issues
[17:09] <jjohansen> jdstrand: there needs to be some revisions around ptrace, signals, and other policy
[17:10] <jjohansen> there needs to be some fixes to the network code
[17:10] <jjohansen> I think its doable this week
[17:10] <jdstrand> jjohansen: the network code is doable this week?
[17:10] <jjohansen> I think so
[17:11] <jdstrand> is the sockets ipc bug for this week?
[17:11] <jjohansen> yes I plan to fix that this week
[17:12] <jdstrand> jjohansen: 'new kernel has issues' - is that the network code, v5 behavior, or something else?
[17:14]  * jdstrand meant to add to his items this week to comment on the ipc policy
[17:14] <jjohansen> jdstrand: there are a few things, network code, there is a replacement issue around compound labels, there needs to be a versioning behavior change around the xtrans table in the parser that is fed into the kernel
[17:15] <jdstrand> ok. so, I'm just trying to create a list so I better understand where we are
[17:15] <jjohansen> jdstrand: lets put it this way, its good enough to pass the current regression tests, but issues are known (which just means we need to add more tests)
[17:16] <jdstrand> cause I'm starting to get nervous about ipc landing
[17:16]  * jjohansen too
[17:16] <jjohansen> oh and I need to do testing of it as a backport on precise and make sure its working right there
[17:17] <jdstrand> jjohansen: is the versioning change for this week?
[17:17] <jjohansen> some that should be working but I haven't tested yet with the latest kernel
[17:17] <jjohansen> jdstrand: yes it is needed
[17:17] <jdstrand> jjohansen: is the replacement issue around compound labels the socket issue or something else?
[17:18] <jjohansen> jdstrand: it is something else
[17:18] <jdstrand> is the replacement issue for this week?
[17:18] <jjohansen> jdstrand: I have a patch to fix it, but applying that patch causes the kernel to die for a different but related reason so I need to fix that
[17:19] <jdstrand> ok
[17:19] <jjohansen> jdstrand: the replacement issue can be put off, as things can work with out it.
[17:19] <jdstrand> jjohansen: were you able to upload test packages to the ppa based of sarnold's 2.8.95 from last week?
[17:19] <jjohansen> compound labels just don't get updated correctly after replacement
[17:19] <jjohansen> jdstrand: I have not, yet. I can do that today
[17:20] <jdstrand> jjohansen: re ppa> well, only if it helps people. perhaps wait until you have the final packages we plan to upload since they may land tomorrow
[17:20] <jdstrand> personally, I won't be able to install them today
[17:21] <jdstrand> but could tomorrow
[17:21] <jjohansen> okay
[17:21] <jdstrand> sb eattie is off today, so delaying to at least tomorrow makes sense to me
[17:22] <jdstrand> jjohansen: 'there needs to be some revisions around ptrace, signals, and other policy' - are you talking about policy language?
[17:23] <jjohansen> yes, its minor
[17:23] <jjohansen> the actual work won't take long
[17:24] <jdstrand> ok, so known issues. iirc, no one really responded to the policy language changes in the thread
[17:24] <jdstrand> of course, we worked through a lot of that before
[17:24] <jdstrand> do we feel like the policy language is in good shape (other than this minor issue)?
[17:25] <jdstrand> jjohansen: ^
[17:26] <jjohansen> I don't even know that I'd call it an issue, as looking for clarification, so we are happy with a final syntax
[17:26] <jdstrand> I see-- so, "yes, the final syntax is very close"
[17:26] <jjohansen> something that needs input from more than just me
[17:27] <jjohansen> yes we are close
[17:27] <jjohansen> we are talking about sugar, not functionality
[17:27] <jdstrand> right. perhaps respond to the list saying the lack of response is blocking it landing?
[17:27] <jjohansen> can do
[17:28] <jdstrand> jjohansen: does this look about right> http://paste.ubuntu.com/7109323/
[17:28] <jdstrand> oh, I forgot to ask about testing
[17:28] <jdstrand> jjohansen: do you know where we stand on coverage for these new features?
[17:29] <jjohansen> ptrace is pretty good, signal less so
[17:29] <jdstrand> jjohansen: I know that is a lot in sb eattie's domain, but curious if you knew
[17:30] <jdstrand> ok'
[17:31] <jdstrand> ok
[17:31] <jjohansen> that said, signal is not as bad as it may seem. It is actually getting tested in several of the other regression tests
[17:31] <jdstrand> so, I think I captured all that. I'd like outside of this meeting to discuss a plan to land this, with assigning people to do different things
[17:32] <jdstrand> tyhicks: should we push the v2 dbus patches once upstream ACKs them?
[17:32] <jdstrand> tyhicks: push to trusty that is
[17:32] <tyhicks> jdstrand: that's something I've been wondering
[17:32] <tyhicks> jdstrand: I think it would be a good idea
[17:32] <jdstrand> trusty is 5 years LTS
[17:33] <jdstrand> it seems like it would be
[17:33] <tyhicks> jdstrand: I feel confident in them and have tested them a considerable amount
[17:33] <tyhicks> I think so
[17:33] <jdstrand> ok, we need to come up with a plan for all this stuff
[17:33] <jdstrand> Does anyone have any other questions or items to discuss?
[17:33] <jjohansen> yeah I think that its a good idea, to push them in
[17:34] <tyhicks> all except for the last 2 patches in the series are a drop-in replacement
[17:34] <tyhicks> we wouldn't push those last 2 patches, becaues they depend on a dbus-daemon method that isn't in trusty's dbus-daemon
[17:34] <mdeslaur> tyhicks: what's special about the last to?
[17:34] <mdeslaur> oh
[17:34] <tyhicks> mdeslaur: it is a new method to get a peer's security credentials
[17:35] <mdeslaur> ok
[17:35] <tyhicks> we would live with our current distro-patched org.freedesktop.DBus.GetConnectionAppArmorSecurityContext() method
[17:35] <tyhicks> that's no big deal
[17:38] <jdstrand> mdeslaur, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
[17:38] <jdstrand> #endmeeting
[17:38] <tyhicks> thanks!
[17:38] <meetingology> Meeting ended Mon Mar 17 17:38:41 2014 UTC.
[17:38] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-17-16.42.moin.txt
[17:38] <mdeslaur> thanks jdstrand!
[17:38] <sarnold> thanks jdstrand!
[17:38] <jjohansen> thanks jdstrand
[21:00] <mdeslaur> \o
[21:00] <infinity> o/
[21:00] <mdeslaur> infinity: having a fun monday? :P
[21:01] <stgraber> hello
[21:01] <infinity> mdeslaur: Nope!
[21:01] <mdeslaur> stgraber: hi!
[21:01] <mdeslaur> hehe
[21:01] <infinity> It's a miracle if I get any actual work done on Mondays, with all the meetings.
[21:02] <infinity> So, I think we have apologies from slangasek and pitti today?
[21:02] <mdeslaur> yep
[21:02] <mdeslaur> how many do we need to be to have quorum?
[21:02] <slangasek> in fact I may unapologize
[21:02] <infinity> kees: You around?
[21:02] <mdeslaur> slangasek: hi!
[21:03] <infinity> I'm not actually sure what quorum is for the TB.  4?  Is this documented somewhere?
[21:04] <slangasek> well, I suppose quorum only matters if we need to vote on something :)
[21:04] <mdeslaur> true, but it was also to satisfy my curiosity :P
[21:04] <stgraber> 4 sounds right
[21:05] <mdeslaur> #startmeeting Technical Board meeting
[21:05] <meetingology> Meeting started Mon Mar 17 21:05:06 2014 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[21:05] <meetingology> Available commands: action commands idea info link nick
[21:05] <mdeslaur> #topic Action review
[21:05] <stgraber> any besides the LTS stuff which we said we'd do by e-mail (I really need to reply to some of those...) I'm not sure that we have anything to vote on anyway
[21:05] <stgraber> s/^any //
[21:05] <mdeslaur> so, we still have kees' "MRE" item
[21:05] <mdeslaur> but he's not here, so let's defer that for now
[21:06] <infinity> I guess that carries, since he seems to not be around to speak to it. :P
[21:06] <mdeslaur> does anyone have any other action items that aren't on the wiki page?
[21:07] <mdeslaur> #topic Scan the mailing list archive for anything we missed
[21:07] <infinity> We could take the LTS stuff from email to meeting, if we feel we're in a position to JFDI on some voting there.
[21:07] <slangasek> did the Ubuntu GNOME people make it today?
[21:07] <infinity> slangasek: FWIW, I agree with your "nothing shorter than 3y for an LTS commitment".
[21:07] <slangasek> darkxst said he was interested in discussing
[21:07] <darkxst> slangasek, hey, I am here
[21:07] <mdeslaur> I'd prefer waiting for a reply to slangasek's email
[21:07] <slangasek> darkxst: hello
[21:07] <mdeslaur> oh, cool. hi darkxst
[21:08] <slangasek> darkxst: hi - have you seen my mail today regarding the need for an overlap between LTSes to give users a chance to upgrade?
[21:08] <darkxst> yes, I just replied now
[21:08] <darkxst> only just woke up ;)
[21:09] <darkxst> "Was simply not aware that upgrades aren't enabled until 16.04.1. Certainly our intention is to provide some overlap for upgrades."
[21:09] <slangasek> ok
[21:10] <slangasek> and yes, we generally hold off on flipping the switch on the server regarding upgrades until the .1 point release
[21:10] <infinity> If you're okay with providing 3y, I think we should just go with that and approve it, unless there are objections?
[21:10] <darkxst> and if 3 years support is the minimum we will support that time frame,
[21:10] <slangasek> and that's a common switch that affects all flavors, not something we could make a per-flavor exception for
[21:10] <slangasek> I think "3 years minimum" is the consensus, at least among the TB members here
[21:11] <infinity> Is anyone gathering up all the LTS statuses somewhere handily central, so we can do the LP changes required to mark all the packagesets?
[21:11] <slangasek> if we have the 3-year committment, are we happy to approve Ubuntu GNOME for LTS?
[21:11] <infinity> +1
[21:11] <mdeslaur> +1
[21:11] <slangasek> +1
[21:11] <stgraber> +1
[21:11] <slangasek> darkxst: welcome to the LTS :)
[21:12] <darkxst> thanks ;)
[21:12] <mdeslaur> [AGREED] Ubuntu GNOME is a 3 year LTS
[21:12] <mdeslaur> gah
[21:12] <slangasek> infinity: well, I'm gathering them in the sense that they're all in a suitable mailbox
[21:12] <slangasek> infinity: but if I have access to tweak the packagesets, I don't know how; is that something you could take the action for?
[21:13] <infinity> It, hilariously, take an LP MP to make it happen, IIRC.
[21:13] <slangasek> and if you need me to send you the summary of LTS flavors I can do that
[21:13] <infinity> s/take/takes/
[21:13] <infinity> slangasek: If you want to summarize the flavour/support bits, I can handle the LP side.
[21:13] <slangasek> [ACTION] slangasek to send infinity the summary of flavor LTS support for adjusting in Launchpad
[21:13] <meetingology> ACTION: slangasek to send infinity the summary of flavor LTS support for adjusting in Launchpad
[21:14] <stgraber> Edubuntu, Kubuntu, Kylin => 5 years and GNOME, Xubuntu, Mythbuntu and Studio => 3 years
[21:14] <stgraber> that's what I have in my notes here anyway
[21:14] <slangasek> ok, stgraber steals the action
[21:14] <infinity> Heh.
[21:14] <infinity> stgraber: Triple check and drop me an email (or an MP, if you're feeling adventurous).
[21:15] <slangasek> [ACTION] infinity to mark 14.04 LTS flavor support in Launchpad: Edubuntu, Kubuntu, Kylin => 5 years and GNOME, Xubuntu, Mythbuntu and Studio => 3 years
[21:15] <meetingology> ACTION: infinity to mark 14.04 LTS flavor support in Launchpad: Edubuntu, Kubuntu, Kylin => 5 years and GNOME, Xubuntu, Mythbuntu and Studio => 3 years
[21:15] <slangasek> there, it'll be in the meeting notes too
[21:15] <mdeslaur> I gather we're all in agreement about those?
[21:16] <stgraber> hmm, did I miss an e-mail from Lubuntu or did they not answer wrt LTS status?
[21:16] <infinity> I have no objections, after the back-and-forth that was had about XFCE support seemed to come to a reasonable conclusion.
[21:16] <slangasek> yes, I'm +1 for all of the above
[21:16] <mdeslaur> +1 from me also
[21:17] <gilir> stgraber, Lubuntu answered on tb mailing list :-)
[21:18] <stgraber> gilir: oh yeah, sorry, just found it.
[21:18] <stgraber> so Lubuntu 3 years
[21:18] <infinity> Ahh, indeed.
[21:18] <infinity> +1 to that too.
[21:18] <stgraber> +1
[21:18] <infinity> Does that actually make all the flavours LTS this round?
[21:18] <stgraber> so that's kind of nice, we have all flavours participating in the LTS this time around
[21:18] <mdeslaur> \o/
[21:19] <infinity> Alright, we should probably commit that to LP this week, so the Final Beta is showing the right support lengths.
[21:20] <infinity> Since everything currently says 9m across the board.
[21:21] <mdeslaur> Does anyone have any other items they would like to discuss?
[21:21] <stgraber> nothing here
[21:21] <slangasek> not me
[21:21] <infinity> Nein.
[21:21] <mdeslaur> ok, moving on
[21:21] <mdeslaur> #topic Check up on community bugs
[21:21] <mdeslaur> no open bugs
[21:22] <mdeslaur> #topic Select a chair for the next meeting
[21:22] <mdeslaur> next in the list is sabdfl
[21:22] <infinity> s/sabdfl/pitti/ I'd assume.
[21:22] <mdeslaur> pitti: tag, you're it
[21:23] <mdeslaur> and...we're done!
[21:23] <mdeslaur> #endmeeting
[21:23] <meetingology> Meeting ended Mon Mar 17 21:23:21 2014 UTC.
[21:23] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-17-21.05.moin.txt
[21:23] <mdeslaur> thanks everyone!
[21:23] <infinity> Lovely.  Thanks.
[21:23] <stgraber> productive, short and sweet, I like that! thanks!