=== bladernr_30kFeet is now known as bladernr_ | ||
=== Guest13468 is now known as balloons_ | ||
jdstrand | hi! | 16:47 |
---|---|---|
jjohansen | \o | 16:47 |
mdeslaur | \o | 16:47 |
tyhicks | hello | 16:47 |
jdstrand | #startmeeting | 16:47 |
meetingology | Meeting started Mon Sep 29 16:47:44 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. | 16:47 |
meetingology | Available commands: action commands idea info link nick | 16:47 |
jdstrand | The meeting agenda can be found at: | 16:47 |
jdstrand | [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting | 16:47 |
jdstrand | [TOPIC] Announcements | 16:48 |
=== meetingology changed the topic of #ubuntu-meeting to: Announcements | ||
jdstrand | Thanks to Jonathan Riddell (jr) who provided a debdiff for trusty for krfb (LP: #1374043). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) | 16:48 |
ubottu | Launchpad bug 1374043 in krfb (Ubuntu Utopic) "vulnerabilities in libvncserver" [Undecided,Fix released] https://launchpad.net/bugs/1374043 | 16:48 |
jdstrand | [TOPIC] Review of any previous action items | 16:48 |
=== meetingology changed the topic of #ubuntu-meeting to: Review of any previous action items | ||
jdstrand | I'll go first | 16:48 |
jdstrand | last week I did quite a bit with apparmor and didn't do much else of what I planned. the good news is that utopic and rtm should be good to go with our current caching plans | 16:49 |
jdstrand | this week I'm on triage | 16:50 |
jdstrand | I plan to sponsor apparmor updates as I get them, and fix bugs as they come in | 16:50 |
jdstrand | I need to write policy for the ubuntu-downloader-manager uncompress helper | 16:51 |
jdstrand | and finetune the docker.io policy (I finished lxc and libvirt-lxc last week) | 16:51 |
jdstrand | I plan to adjust UCT for derivative branches | 16:51 |
jdstrand | have some click-reviewers-tools updates | 16:51 |
jdstrand | and patch piloting | 16:51 |
jdstrand | mdeslaur: you're up :) | 16:52 |
mdeslaur | I'm currently pushing out some libvncserver updates | 16:52 |
mdeslaur | and have a couple more in the list to work on | 16:52 |
mdeslaur | we may be getting more bash updates and possibly a regression fix this week, but the latest update should mitigate further parser issues | 16:53 |
mdeslaur | so the other updates aren't critical | 16:53 |
mdeslaur | friday I'm off | 16:53 |
mdeslaur | and...I'm on community this week | 16:53 |
mdeslaur | that's it for me, sbeattie? | 16:53 |
sbeattie | I'm currently poking at QRT, fixing up the kernel security checking script to compensate for a change in the reporting behavior around capabilities. | 16:54 |
sbeattie | I'm on apparmor this week; I need to review one last patch from tyhicks on the regression tests and a parser patch from jjohansen. | 16:55 |
tyhicks | thanks for all the patch review you did last week | 16:55 |
sbeattie | I'll also work on pulling an updated snapshot into utopic, as its only been bug fixes since our last snapshot. | 16:55 |
sbeattie | that's pretty much it for me. tyhicks? | 16:56 |
tyhicks | I'm just about done getting caught up from vacation last week | 16:56 |
tyhicks | I'm in the process of committing the apparmor AF_UNIX regression test patches that sbeattie reviewed for me | 16:57 |
tyhicks | I'll also send out an additional patch or two today to add a few more tests that he suggested | 16:57 |
tyhicks | after that, I'd like to get to a few things that I've had to ignore lately | 16:57 |
tyhicks | there are lots of comments that I need to respond to and/or address in the upstream dbus bug for apparmor mediation | 16:58 |
tyhicks | I need to prepare for the upcoming kernel merge window to get a few ecryptfs kernel fixes in | 16:58 |
tyhicks | other general ecryptfs maint duties that I've ignored recently | 16:59 |
tyhicks | and then it'd be nice to get back to the apparmor caching patches I was working on | 16:59 |
tyhicks | that's it for me | 16:59 |
tyhicks | jjohansen: you're up | 16:59 |
jjohansen | I am working on apparmor bugs this week. We will see if we can't get the last few kernel/parser bugs finally squashed. | 17:00 |
jjohansen | I need some time on upstream apparmor to prepare for the next opportunity for upstreaming | 17:01 |
jjohansen | And I expect I will also do a little poking around to make sure my bits are in place for an upstream 2.9 release, which should happen real soon now | 17:02 |
jdstrand | jjohansen: if you need help with kernel testing, let me know | 17:03 |
jjohansen | jdstrand: yep, I will | 17:03 |
jjohansen | I think that is it for me, sarnold you're up | 17:04 |
sarnold | I'm in the happy place this week; I'm working on several MIR audits, chances are good those will take the entire week. I may do some quick apparmor patch reviews as refreshers depending upon how things go. | 17:05 |
sarnold | that's it for me, chrisccoulson? | 17:06 |
chrisccoulson | sorry, I'm a bit unprepared because I've been talking in another channel :) | 17:07 |
chrisccoulson | hold on 1 sec | 17:07 |
chrisccoulson | so, this week I shall be finishing code reviews (I did one this morning) | 17:09 |
chrisccoulson | and, fingers crossed, landing bug 1260016 | 17:10 |
ubottu | bug 1260016 in oxide-qt (Ubuntu RTM) "Add an API to allow defining custom URL scheme delegates" [Critical,In progress] https://launchpad.net/bugs/1260016 | 17:10 |
chrisccoulson | (I made quite a few changes last week in preparation for this) | 17:10 |
chrisccoulson | other than that, fixing bugs as they come in too | 17:10 |
chrisccoulson | I think that's me done | 17:10 |
jdstrand | re 1260016> \o/ | 17:13 |
jdstrand | chrisccoulson: I asked this in another channel, but since I have you here-- was the 2d canvas accel enabled for nexus devices? | 17:14 |
chrisccoulson | jdstrand, not yet. justin only provided the strings for krillin. I'm ok with that for now though (in the interests of avoiding scope creep) | 17:15 |
jdstrand | chrisccoulson: I understand that position. personally, as a dogfooder, I wouldn't mind that extending out since they said it worked there too (aiui) | 17:19 |
jdstrand | but anyhoo | 17:19 |
* jdstrand was looking forward to having it on his phone, and was crushed to see it not there ;) | 17:19 | |
* jdstrand is not asking to change the decision, just providing user feedback | 17:20 | |
jdstrand | ok, moving on | 17:20 |
jdstrand | [TOPIC] Highlighted packages | 17:20 |
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages | ||
jdstrand | The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. | 17:20 |
jdstrand | See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. | 17:20 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/php-xajax.html | 17:20 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html | 17:20 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/snack.html | 17:20 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/libicc.html | 17:21 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/freeipa.html | 17:21 |
jdstrand | [TOPIC] Miscellaneous and Questions | 17:21 |
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions | ||
jdstrand | Does anyone have any other questions or items to discuss? | 17:21 |
jdstrand | mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! | 17:24 |
jdstrand | #endmeeting | 17:24 |
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | ||
meetingology | Meeting ended Mon Sep 29 17:24:07 2014 UTC. | 17:24 |
meetingology | Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-09-29-16.47.moin.txt | 17:24 |
ScottK | re bash: Are we done yet? | 17:24 |
mdeslaur | thanks jdstrand! | 17:24 |
jjohansen | thanks jdstrand | 17:24 |
ScottK | jdstrand: I did have a quick question there. | 17:24 |
jdstrand | mdeslaur: ^ | 17:24 |
mdeslaur | ScottK: hi | 17:24 |
ScottK | Hello. | 17:24 |
mdeslaur | ScottK: the latest update should mitigate any parser issues that are subsequently discovered | 17:24 |
mdeslaur | ScottK: there are a couple of remaining things though | 17:25 |
mdeslaur | ScottK: there is a regression with "at" | 17:25 |
ScottK | OK. | 17:25 |
mdeslaur | ScottK: and redhat's patch doesn't use the same suffix as what upstream chose | 17:25 |
mdeslaur | ScottK: and redhat's patch also broke function names with special chars I believe | 17:25 |
ScottK | Fun. | 17:26 |
mdeslaur | so once everyone agrees on what should ultimately be done, there will probably be an update to get everyone using the same prefix/suffix and other restrictions | 17:26 |
ScottK | I have read that Debian/Ubuntu were lower risk than other distros because we use dash for the system shell. It would be great to see a detailed risk analysis published and what things we had in place in advance turned out to be mitigating factors. | 17:26 |
mdeslaur | perhaps, but it's hard to say as it depends greatly on what kind of scripts people were using for their CGI setups | 17:27 |
mdeslaur | ie: if they had /bin/sh, they were safe, if they had /bin/bash, they were not | 17:27 |
chrisccoulson | jdstrand, sorry, I missed your last message. Do you now have a krillin device? | 17:27 |
chrisccoulson | I don't mind adding the strings for the nexus 4 if it helps | 17:28 |
sbeattie | mdeslaur: well, it's mitigated in that if people are writing CGIs in non-shell languages, but called things like system() or popen(), they'd get dash and not bash. | 17:29 |
mdeslaur | sbeattie: ah, yes, also | 17:29 |
jdstrand | chrisccoulson: I don't have a krillin. I have a mako | 17:33 |
jdstrand | chrisccoulson: it would help me, but I wouldn't spend a lot of time on it if it is distracting you from other stuff | 17:33 |
jdstrand | (though, it would help quite a few people-- I'm not the only mako dogfooder) | 17:33 |
ScottK | mdeslaur: Thanks. | 17:35 |
=== balloons_ is now known as balloons | ||
=== balloons is now known as Guest63150 | ||
=== Guest63150 is now known as balloons_ | ||
=== jhenke_ is now known as jhenke | ||
=== balloons_ is now known as balloons |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!