=== bladernr_30kFeet is now known as bladernr_
=== Guest13468 is now known as balloons_
meetingologyMeeting started Mon Sep 29 16:47:44 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:47
meetingologyAvailable commands: action commands idea info link nick16:47
jdstrandThe meeting agenda can be found at:16:47
jdstrand[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:47
jdstrand[TOPIC] Announcements16:48
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
jdstrandThanks to Jonathan Riddell (jr) who provided a debdiff for trusty for krfb (LP: #1374043). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)16:48
ubottuLaunchpad bug 1374043 in krfb (Ubuntu Utopic) "vulnerabilities in libvncserver" [Undecided,Fix released] https://launchpad.net/bugs/137404316:48
jdstrand[TOPIC] Review of any previous action items16:48
=== meetingology changed the topic of #ubuntu-meeting to: Review of any previous action items
jdstrandI'll go first16:48
jdstrandlast week I did quite a bit with apparmor and didn't do much else of what I planned. the good news is that utopic and rtm should be good to go with our current caching plans16:49
jdstrandthis week I'm on triage16:50
jdstrandI plan to sponsor apparmor updates as I get them, and fix bugs as they come in16:50
jdstrandI need to write policy for the ubuntu-downloader-manager uncompress helper16:51
jdstrandand finetune the docker.io policy (I finished lxc and libvirt-lxc last week)16:51
jdstrandI plan to adjust UCT for derivative branches16:51
jdstrandhave some click-reviewers-tools updates16:51
jdstrandand patch piloting16:51
jdstrandmdeslaur: you're up :)16:52
mdeslaurI'm currently pushing out some libvncserver updates16:52
mdeslaurand have a couple more in the list to work on16:52
mdeslaurwe may be getting more bash updates and possibly a regression fix this week, but the latest update should mitigate further parser issues16:53
mdeslaurso the other updates aren't critical16:53
mdeslaurfriday I'm off16:53
mdeslaurand...I'm on community this week16:53
mdeslaurthat's it for me, sbeattie?16:53
sbeattieI'm currently poking at QRT, fixing up the kernel security checking script to compensate for a change in the reporting behavior around capabilities.16:54
sbeattieI'm on apparmor this week; I need to review one last patch from tyhicks on the regression tests and a parser patch from jjohansen.16:55
tyhicksthanks for all the patch review you did last week16:55
sbeattieI'll also work on pulling an updated snapshot into utopic, as its only been bug fixes since our last snapshot.16:55
sbeattiethat's pretty much it for me. tyhicks?16:56
tyhicksI'm just about done getting caught up from vacation last week16:56
tyhicksI'm in the process of committing the apparmor AF_UNIX regression test patches that sbeattie reviewed for me16:57
tyhicksI'll also send out an additional patch or two today to add a few more tests that he suggested16:57
tyhicksafter that, I'd like to get to a few things that I've had to ignore lately16:57
tyhicksthere are lots of comments that I need to respond to and/or address in the upstream dbus bug for apparmor mediation16:58
tyhicksI need to prepare for the upcoming kernel merge window to get a few ecryptfs kernel fixes in16:58
tyhicksother general ecryptfs maint duties that I've ignored recently16:59
tyhicksand then it'd be nice to get back to the apparmor caching patches I was working on16:59
tyhicksthat's it for me16:59
tyhicksjjohansen: you're up16:59
jjohansenI am working on apparmor bugs this week. We will see if we can't get the last few kernel/parser bugs finally squashed.17:00
jjohansenI need some time on upstream apparmor to prepare for the next opportunity for upstreaming17:01
jjohansenAnd I expect I will also do a little poking around to make sure my bits are in place for an upstream 2.9 release, which should happen real soon now17:02
jdstrandjjohansen: if you need help with kernel testing, let me know17:03
jjohansenjdstrand: yep, I will17:03
jjohansenI think that is it for me, sarnold you're up17:04
sarnoldI'm in the happy place this week; I'm working on several MIR audits, chances are good those will take the entire week. I may do some quick apparmor patch reviews as refreshers depending upon how things go.17:05
sarnoldthat's it for me, chrisccoulson?17:06
chrisccoulsonsorry, I'm a bit unprepared because I've been talking in another channel :)17:07
chrisccoulsonhold on 1 sec17:07
chrisccoulsonso, this week I shall be finishing code reviews (I did one this morning)17:09
chrisccoulsonand, fingers crossed, landing bug 126001617:10
ubottubug 1260016 in oxide-qt (Ubuntu RTM) "Add an API to allow defining custom URL scheme delegates" [Critical,In progress] https://launchpad.net/bugs/126001617:10
chrisccoulson(I made quite a few changes last week in preparation for this)17:10
chrisccoulsonother than that, fixing bugs as they come in too17:10
chrisccoulsonI think that's me done17:10
jdstrandre 1260016> \o/17:13
jdstrandchrisccoulson: I asked this in another channel, but since I have you here-- was the 2d canvas accel enabled for nexus devices?17:14
chrisccoulsonjdstrand, not yet. justin only provided the strings for krillin. I'm ok with that for now though (in the interests of avoiding scope creep)17:15
jdstrandchrisccoulson: I understand that position. personally, as a dogfooder, I wouldn't mind that extending out since they said it worked there too (aiui)17:19
jdstrandbut anyhoo17:19
* jdstrand was looking forward to having it on his phone, and was crushed to see it not there ;)17:19
* jdstrand is not asking to change the decision, just providing user feedback17:20
jdstrandok, moving on17:20
jdstrand[TOPIC] Highlighted packages17:20
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
jdstrandThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.17:20
jdstrandSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.17:20
jdstrand[TOPIC] Miscellaneous and Questions17:21
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
jdstrandDoes anyone have any other questions or items to discuss?17:21
jdstrandmdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!17:24
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Sep 29 17:24:07 2014 UTC.17:24
meetingologyMinutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-09-29-16.47.moin.txt17:24
ScottKre bash: Are we done yet?17:24
mdeslaurthanks jdstrand!17:24
jjohansenthanks jdstrand17:24
ScottKjdstrand: I did have a quick question there.17:24
jdstrandmdeslaur: ^17:24
mdeslaurScottK: hi17:24
mdeslaurScottK: the latest update should mitigate any parser issues that are subsequently discovered17:24
mdeslaurScottK: there are a couple of remaining things though17:25
mdeslaurScottK: there is a regression with "at"17:25
mdeslaurScottK: and redhat's patch doesn't use the same suffix as what upstream chose17:25
mdeslaurScottK: and redhat's patch also broke function names with special chars I believe17:25
mdeslaurso once everyone agrees on what should ultimately be done, there will probably be an update to get everyone using the same prefix/suffix and other restrictions17:26
ScottKI have read that Debian/Ubuntu were lower risk than other distros because we use dash for the system shell.  It would be great to see a detailed risk analysis published and what things we had in place in advance turned out to be mitigating factors.17:26
mdeslaurperhaps, but it's hard to say as it depends greatly on what kind of scripts people were using for their CGI setups17:27
mdeslaurie: if they had /bin/sh, they were safe, if they had /bin/bash, they were not17:27
chrisccoulsonjdstrand, sorry, I missed your last message. Do you now have a krillin device?17:27
chrisccoulsonI don't mind adding the strings for the nexus 4 if it helps17:28
sbeattiemdeslaur: well, it's mitigated in that if people are writing CGIs in non-shell languages, but called things like system() or popen(), they'd get dash and not bash.17:29
mdeslaursbeattie: ah, yes, also17:29
jdstrandchrisccoulson: I don't have a krillin. I have a mako17:33
jdstrandchrisccoulson: it would help me, but I wouldn't spend a lot of time on it if it is distracting you from other stuff17:33
jdstrand(though, it would help quite a few people-- I'm not the only mako dogfooder)17:33
ScottKmdeslaur: Thanks.17:35
=== balloons_ is now known as balloons
=== balloons is now known as Guest63150
=== Guest63150 is now known as balloons_
=== jhenke_ is now known as jhenke
=== balloons_ is now known as balloons

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!