[17:02] <jdstrand> hi!
[17:02] <mdeslaur> \o
[17:02] <jdstrand> happy new year :)
[17:02] <jdstrand> #startmeeting
[17:02] <jdstrand> The meeting agenda can be found at:
[17:02] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[17:02] <meetingology> Meeting started Mon Jan  5 17:02:24 2015 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[17:02] <meetingology> Available commands: action commands idea info link nick
[17:02] <jdstrand> [TOPIC] Weekly stand-up report
[17:02] <jdstrand> actually, I skipped something
[17:02] <jdstrand> [TOPIC] Announcements
[17:03] <jdstrand> Thomas Ward (teward) provided an update for utopic for wireshark (LP: #1397091)  Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[17:03] <jdstrand> [TOPIC] Weekly stand-up report
[17:03] <jdstrand> I'll go first
[17:03] <jdstrand> I'm in the happy place this week
[17:03] <jdstrand> I'm catching up on a few things
[17:04] <jdstrand> I have several snappy tasks to attend to this week, the first being some seccomp investigations
[17:05] <jdstrand> I'm going to be pulling people in for discussions, reviews, etc over the coming few weeks to make sure everything is sound and make sense
[17:06] <jdstrand> I've got two pending issues I'm working on: mercurial and glance. mercurial is community supported though, but if people had tips for getting the trusty testsuite to pass (a no change rebuild fails in tghave), feel free to contact me in #ubuntu-hardened
[17:06] <jdstrand> I'll figure it out eventually, but it'll go out faster if I get help from the community
[17:07] <jdstrand> mdeslaur: you're up
[17:07] <mdeslaur> I'm on triage this week
[17:07] <mdeslaur> and tomorrow I'm on patch piloting
[17:07] <mdeslaur> We have a backlog of about 50 packages that need security updates, so I'll be working on that
[17:08] <mdeslaur> that's it from me, sbeattie, you're up
[17:08] <sbeattie> I've got a variety of things on my plate this week:
[17:09] <sbeattie> I need to get back to the compiler pie-on-amd64 stuff: I've discovered it breaks dkms compilation for some reason
[17:09] <sbeattie> I'll try to pick up one or two of the outstanding updates
[17:10] <sbeattie> I was also working on updating vivid's apparmor to the upstream 2.9.1 release, and discovered that lp: #1407437 is an upstream issue
[17:11] <sbeattie> That's pretty much it for me.
[17:11] <sbeattie> tyhicks is not here, so sarnold?
[17:11] <sarnold> I'm on community this week
[17:12] <sarnold> I'll be catching up on two weeks of unread email and probably helping out with updates
[17:13] <sarnold> I believe there's also a huge backlog of apparmor patches, but that'll probably only be short-and-easy patches reviewed initially
[17:13] <sarnold> that's it for me, chrisccoulson?
[17:13] <chrisccoulson> This week, I need to fix bug 1398174
[17:14] <chrisccoulson> I'll also be working on bug 1337506, and working through Oxide reviews
[17:14] <chrisccoulson> And I finally managed to land http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/901 at the weekend :)
[17:14] <chrisccoulson> that's me done
[17:15] <jdstrand> chrisccoulson: for 1337506, is that an oxide crasher?
[17:15] <chrisccoulson> It is
[17:15] <jdstrand> chrisccoulson: do you have a feel for how often it happens? I occasionally see webbrowser-app crash and was curious
[17:16] <chrisccoulson> It's only a shutdown crash, but it's a symptom of a bigger issue
[17:16] <jdstrand> re LocationBarController API> cool! :)
[17:16] <jdstrand> chrisccoulson: ack
[17:16] <jdstrand> also, what prompted the fix for 1398174?
[17:17] <chrisccoulson> This is related to the change in default search engine
[17:18] <jdstrand> chrisccoulson: I guess I was really asking: is ubufox going away and if so, why?
[17:18] <chrisccoulson> It's not going away, but it won't define the default search engines anymore
[17:20] <jdstrand> [TOPIC] Highlighted packages
[17:20] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:20] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:20] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/oath-toolkit.html
[17:20] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9-ppc64el-cross.html
[17:20] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/merkaartor.html
[17:20] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libplack-perl.html
[17:20] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html
[17:21] <jdstrand> [TOPIC] Miscellaneous and Questions
[17:21] <jdstrand> Does anyone have any other questions or items to discuss?
[17:21] <teward> *raises hand*
[17:21] <jdstrand> teward: hi, go ahead
[17:21] <teward> jdstrand: thanks for the acknowledge on the wireshark updates - on that note, work has stalled on the other versions, the community is welcome to start picking up on that.
[17:22] <teward> new upload to Vivid for nginx has effectively mitigated POODLE out of the box - this was an issue on my radar for some time and has effectively been mititgated as of last week out of the box thanks to Debian changes.
[17:22] <teward> /done
[17:22] <jdstrand> re nginx> oh, neat :)
[17:23] <teward> jdstrand: yeah, i thought so, it's handled at the nginx.conf (nginx-instance-wide) level instead of at the site config level, which is why i say it effectively mitigates POODLE
[17:23] <teward> definitely a plus :)
[17:24] <teward> since nginx-core is in main, i thought it relevant to mention.  all done here.
[17:30] <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson, teward: thanks
[17:30] <jdstrand> #endmeeting
[17:30] <meetingology> Meeting ended Mon Jan  5 17:30:42 2015 UTC.
[17:30] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-01-05-17.02.moin.txt
[17:31] <mdeslaur> thanks jdstrand!
[17:31] <sbeattie> jdstrand: thanks!
[17:32] <sarnold> thanks jdstrand!