[16:35] <mdeslaur> \o
[16:36] <tyhicks> hello
[16:36] <jdstrand> hi!
[16:36] <jdstrand> #startmeeting
[16:36] <meetingology> Meeting started Mon Mar 31 16:36:54 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:36] <meetingology> Available commands: action commands idea info link nick
[16:36] <jdstrand> The meeting agenda can be found at:
[16:36] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:37] <jdstrand> [TOPIC] Weekly stand-up report
[16:37] <jdstrand> I'll go first
[16:37] <jdstrand> last week was pretty busy helping get oxide in the archive (it is), it's MIR done (it is accepted) and landed on touch/desktop (in progress (others are handling this)).
[16:37] <jdstrand> Also did a lot of testing surrounding !AppArmor signals and ptrace FFe. Testing shows it is in really good shape.
[16:37] <jdstrand> Took a hard look at golang and commented in MIR to help remove potential impasse
[16:38] <jdstrand> for this week, I plan to help jjohansen and tyhicks land !AppArmor signals and ptrace FFe
[16:38] <jdstrand> the kernel bits are all in flight and I don't expect any issues there
[16:38]  * mdeslaur chuckles at wiki "!AppArmor" syntax :)
[16:38] <jdstrand> heh
[16:38] <jdstrand> sorry
[16:39] <jdstrand> there is also an openjdk-6 upstream regression that is prepared and gotten extensive community testing that I will be pushing out
[16:39] <cprofitt> no, problem I was able to follow it
[16:39] <jdstrand> I still have embargoed issues I am working on
[16:40] <jdstrand> and updates as I have time
[16:40] <jdstrand> mdeslaur: you're up
[16:40] <mdeslaur> I'm in the happy place this week
[16:41] <mdeslaur> I am patch piloting on friday
[16:41] <mdeslaur> I am currently working on curl updates
[16:41] <mdeslaur> and am continuing going down the list
[16:41] <mdeslaur> that's pretty much it from me
[16:41] <mdeslaur> sbeattie: you're up
[16:41]  * sbeattie is on apparmor again this week
[16:42] <sbeattie> Pretty much focused on testing & reviewing in support of landing the ptrace/signal mediation FFe for apparmor
[16:42] <jdstrand> sbeattie: what is left with the testing beyond what jjohansen implemented?
[16:42] <sbeattie> signal tests need expansion
[16:43] <jjohansen> ptrace tests could also use a pass through to make sure a combination wasn't missed
[16:43] <sbeattie> Yeah, was just going to say I wanted to review the ptrace tests for completeness
[16:44] <jdstrand> since the kernel seems to be under control for landing, I wondered if perhaps sbeattie would have time to help tyhicks with the distro policy verification/changes
[16:44] <jjohansen> and testing on the parser language side needs to be worked on as well
[16:44] <jdstrand> but I don't know what is left with the testing improvements, so I'll just put that out there and leave it at that
[16:45] <tyhicks> FWIW, I think there is quite a bit of value in expanding the signals testing and reviewing the ptrace test
[16:45] <sbeattie> jdstrand: eh, I can probably put some time into it as well.
[16:46] <sbeattie> tyhicks: okay
[16:46] <sbeattie> anyway, that's the plan for me this week
[16:46] <sbeattie> tyhicks: you're up
[16:46] <jdstrand> again, I tossed it out there as a conversation point-- feel free to prioritize on whateve makes sense to land this in a well-tested manner
[16:47] <tyhicks> my focus will be on landing the apparmor userspace ffe
[16:47] <mdeslaur> ok, well, sbeattie and tyhicks please determine amongst yourselves the best course of action
[16:47]  * tyhicks nods
[16:47] <tyhicks> I'll be testing our existing, shipped profiles
[16:47] <tyhicks> and making adjustments, as needed
[16:48] <tyhicks> then I'll look into adding support to aa.py for file, pivot_root, signal, and ptrace rules
[16:48] <tyhicks> and that'll be followed up with the upload
[16:48] <tyhicks> that's it for me
[16:48] <tyhicks> jjohansen: you're up
[16:50] <jjohansen> I'm working on landing the apparmor FFe this week too. Mostly working with testing and what ever is needed to support tyhicks, sbeattie, and jdstrand.
[16:51] <jjohansen> If there is time the backport patches need to be updated so that the kernel sync that is part of the FFe can be done for touch. So that post FFe the work need to update touch can begin
[16:52] <jjohansen> that is it for me sarnold your up
[16:53] <sarnold> i'm on triage this week
[16:54] <sarnold> I'm finishing the juju-core MIR today if it goes as expected
[16:54] <sarnold> that leaves the glusterfs MIR this week
[16:54] <sarnold> I suspect this week I'll also upgrade my laptop to trusty to add my own dogfooding before release
[16:55] <sarnold> thanks to those who went before me and already filed a bunch of bugs :)
[16:55] <sarnold> I think that's it for me, chrisccoulson?
[16:56] <chrisccoulson> this week, i'm finishing off https://code.launchpad.net/~chrisccoulson/oxide/window-opening, which adds support for creating new webviews with window.open()
[16:56] <chrisccoulson> i'm also going to fix up the remaining issues on https://code.launchpad.net/~zaspire/oxide/lp_1259219/+merge/212330 (needed for webapps), as maxim is away this week and there's still some work to do on that
[16:57] <chrisccoulson> and then more code reviews (i got some of those done last week)
[16:57] <chrisccoulson> i think that's me done
[16:59] <jdstrand> [TOPIC] Highlighted packages
[16:59] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:59] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/lxsession.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/davfs2.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/claws-mail.html
[17:00] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-will-paginate.html
[17:00] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:00] <jdstrand> Does anyone have any other questions or items to discuss?
[17:03] <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
[17:03] <jdstrand> #endmeeting
[17:03] <meetingology> Meeting ended Mon Mar 31 17:03:33 2014 UTC.
[17:03] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-31-16.36.moin.txt
[17:03] <mdeslaur> thanks jdstrand!
[17:03] <sbeattie> jdstrand: thanks!
[17:03] <jjohansen> thanks jdstrand
[17:03] <sarnold> thanks jdstrand!
[17:04] <tyhicks> thanks!
[20:00] <infinity> o/
[20:02] <infinity> *crickets*
[20:02]  * stgraber waves
[20:03] <stgraber> pitti was supposed to chair but isn't around, next in line is slangasek
[20:03] <stgraber> (who may also be missing, not sure)
[20:03] <infinity> slangasek: Stop being missing.
[20:03] <stgraber> not that we appear to have anything to discuss anyway
[20:04] <infinity> If we literally have nothing to discuss, we could just defer the meeting and keep pitti on the hook. :P
[20:04] <stgraber> yeah, since he promised to be there for the next meeting, I'd be fine with that ;)
[20:04] <infinity> Shall we do an informal sweep of the state of things and see if we come to that conclusion?
[20:05] <stgraber> wiki page is empty, bug page is empty, looking at ML now
[20:05] <infinity> A mailing list sweep really just brings up Mark's "Matters approaching" email, which I think we need to discuss *in depth*, which means on the ML, or when all of us are present (or both).
[20:05] <stgraber> right, the rest we dealt with I believe (LTS status and MRE)
[20:06] <kees> o/
[20:06] <infinity> kees: Your little man is 6 minutes late; fire him.
[20:06]  * kees fires o
[20:08] <infinity> kees: Do you have anything to discuss today (like your eternally outstanding MRE review?), or are you cool with deferring, since we seem to be short on both people and topics?
[20:08] <kees> nope, happy to have someone else take the MRE thing, though
[20:09] <infinity> I'm not sure anyone else is quite sure exactly what it was you were doing and planning to get out of it. ;)
[20:09] <kees> mostly it was "should these pMREs go away or get upgraded to MRE?"
[20:09] <infinity> If you want to send something to the list detailing the sorts of things you planned to audit as criteria, and the end results you were hoping to get out of it, maybe someone (1, 2, 3, not it!) could find some time to help out.
[20:10] <kees> heh, ok
[20:11] <infinity> Maybe we could even squeeze a bit of automation out of this (bug filed on SRU versions, etc) to try to establish baselines for crap pMREs.
[20:11] <infinity> s/bug/bugs/
[20:11] <infinity> Bugs, crash reports, etc.
[20:11] <infinity> Anyhow.
[20:11] <infinity> I think we've got pretty much nothing else on our plate, so maybe we should just start and end the meeting and call it done. :P
[20:13] <stgraber> #startmeeting Technical board meeting
[20:13] <meetingology> Meeting started Mon Mar 31 20:13:11 2014 UTC.  The chair is stgraber. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[20:13] <meetingology> Available commands: action commands idea info link nick
[20:13] <stgraber> Nothing to discuss, see you in two weeks. Next chair, pitti.
[20:13] <stgraber> #endmetting
[20:13] <stgraber> #endmeeting
[20:13] <meetingology> Meeting ended Mon Mar 31 20:13:30 2014 UTC.
[20:13] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-31-20.13.moin.txt
[20:13] <infinity> METTING.
[20:13] <stgraber> yeah, typing is hard...
[20:13] <doko> s/M/P/ ? what are you up for?
[20:14] <infinity> I... Don't have a response to that.
[20:14] <infinity> And, so, I shall leave the channel.
[20:16] <doko> heh, I assume post-meeting business ;p
[20:16] <slangasek> hum, sorry I'm late
[20:17] <slangasek> it would have been good to have a discussion about the system-image topic, given that no one has taken it up on the mailing list
[20:17] <mdeslaur> argh!
[20:17] <mdeslaur> sorry I'm late
[20:19] <slangasek> mdeslaur, stgraber, kees: given that we now have more people here than when infinity decided to cut'n'run on us, maybe we should reopen the meeting? ;)
[20:20] <mdeslaur> I don't mind
[20:20] <mdeslaur> although I'm not sure I have anything useful to contribute to the system-image topic at this stage
[20:21] <mdeslaur> do we have any details or a plan on how we would achieve it?
[20:22] <stgraber> slangasek: I don't mind, though I'm not sure how much I'd be able to contribute about this in a live meeting. Seems like the kind of thing where I'd need a few hours just to think things through and that e-mails are better suited for that.
[20:22] <slangasek> that's certainly the biggest unknown
[20:23] <slangasek> at this stage, we have no approach to system-image that doesn't involve being incompatible with apt-based installation of non-default packages
[20:23] <slangasek> and "system-image+app store" is a major deviation for our desktop or server story
[20:23] <stgraber> current state of things are that system-image is entirely unsuitable for desktop use, there are a few options we discussed a year or so ago but nobody did any work on exploring those so far
[20:23] <slangasek> stgraber: well, as noted people don't seem to have actually made the time to do that few hours of thinking on the list ;)
[20:24] <slangasek> fwiw I expect foundations will spend some time on this system-image-on-desktop question in the coming months
[20:24] <slangasek> since we'll have the resources to cover package management in depth shortly :)
[20:24] <stgraber> slangasek: sure and I'm feeling slightly bad about this because I meant to reply to this e-mail before this meeting and failed. I'm just not sure discussing it live is the way to go. It seems like we just need the TB members to find some time to think about it and reply on the list.
[20:25] <slangasek> ok, then my suggestion is that people use the rest of the time blocked for this meeting to do so ;-)
[20:25] <mdeslaur> is the ultimate goal to have two different desktop types, to replace apt-based installation of non-default packages, or to be able to support both images and apt-based packages?
[20:26] <stgraber> I think the ultimate goal is part of what we need to discuss and define :)
[20:26] <mdeslaur> ok :)
[20:27] <slangasek> mdeslaur: I would say (and this is a bit of guesswork on my part, but I think it's a reasonable starting point for discussion) that the high-level goal is to bring the robustness of system-image updates to our desktop users
[20:27] <slangasek> my personal position is that we shouldn't to sacrifice support for the wealth of packages in universe to get there
[20:29] <stgraber> I'm also not convinced our users would appreciate having to reboot their system for every single update, technology evolves in the direction of longer uptime (checkpoint/restart, live patching, ...), requiring a full system reboot for even the smallest package update doesn't feel right...
[20:29] <mdeslaur> and of course the most desirable outcome is also the most technically challenging one :)
[20:32] <stgraber> anyway, there are quite a lot of things which seem fine currently with s-i for the phones that likely won't be for the desktop, so we may as well document those in the ML discussion then try and see what can be done about them (and which we really care about)