=== kickinz1|afk is now known as kickinz1
=== greyback_ is now known as greyback
=== chrisccoulson_ is now known as chrisccoulson
[17:12] <jdstrand> hi!
[17:12] <mdeslaur> \o
[17:12] <sarnold> hello
[17:12] <tyhicks> hello
[17:12] <jdstrand> #startmeeting
[17:12] <meetingology> Meeting started Mon Jan 12 17:12:45 2015 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[17:12] <meetingology> Available commands: action commands idea info link nick
[17:12] <jdstrand> The meeting agenda can be found at:
[17:12] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[17:12] <jdstrand> [TOPIC] Announcements
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
[17:13] <jdstrand> Lev Lazinskiy (levlaz) provided a debdiff for precise for nginx (LP: #1370478). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[17:13] <ubottu> Launchpad bug 1370478 in nginx (Ubuntu Utopic) "[CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated contexts"" [Undecided,Fix released] https://launchpad.net/bugs/1370478
[17:13] <jdstrand> [TOPIC] Weekly stand-up report
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
[17:13] <jdstrand> I'll go first
[17:13] <jdstrand> I'm on triage this week
[17:13] <chrisccoulson> hi
[17:13] <jdstrand> I have some stuff to look at regarding snappy for this week
[17:13] <jdstrand> and need to get to my pending updates
[17:14] <jdstrand> mdeslaur: you're up
[17:14] <mdeslaur> I'm on community this week
[17:14] <mdeslaur> I'm currently testing openssl which should go out in a few minutes
[17:14] <mdeslaur> I also have an embargoed issue to look at
[17:14] <mdeslaur> and have a bunch of other pending CVE updates I'm working on
[17:14] <mdeslaur> that's it for me, sbeattie
[17:15]  * mdeslaur pokes sbeattie with stick
[17:16] <jdstrand> perhaps go to tyhicks and circle back around to sbeattie?
[17:17] <tyhicks> I'm currently working on git updates
[17:17] <tyhicks> the precise backport was failing the in-tree tests but I think I've just identified the problem so they should be going out today or tomorrow
[17:17] <tyhicks> then I plan on helping out wherever possible with bug #1408106
[17:17] <ubottu> bug 1408106 in AppArmor "attach_disconnected not sufficient for overlayfs" [Critical,In progress] https://launchpad.net/bugs/1408106
[17:18] <jdstrand> tyhicks: where are we on that dbus apparmor bug?
[17:18] <tyhicks> jdstrand: that's next on my list :)
[17:18] <jdstrand> ah ok
[17:19] <tyhicks> jdstrand: I haven't been able to look at it in some time
[17:19] <tyhicks> but I expect to spend most of my time this week on bug #1362469
[17:19] <ubottu> bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469
[17:19] <tyhicks> that's it for me
[17:19]  * sbeattie is here
[17:19] <jdstrand> not meaning to rush or reprioritize it. it came up in a meeting today that we'll likely be looking at moving rtm branch to vivid in the coming couple/few months
[17:20] <jdstrand> tyhicks: ^
[17:20] <tyhicks> jdstrand: yep, I need to get it fixed and then post the latest set of revisions to the upstream dbus bug
[17:20] <jdstrand> cool, thanks
[17:20] <tyhicks> so there are two good reasons to get it fixed asap
[17:20] <tyhicks> go ahead, sbeattie
[17:20] <jdstrand> (that's it from me-- sbeattie and then jjohansen?)
[17:20] <sbeattie> I have a set of yaml updates to go out later today.
[17:21] <sbeattie> I have some upstream apparmor patches to review
[17:21] <sbeattie> I need to get the pie stuff back on the front burner
[17:21] <sbeattie> I'll also probably pick up the binutils update to work on in the background
[17:22] <sbeattie> Sorry, I'm also expecting to work on bug 1408106 as needed as well.
[17:22] <ubottu> bug 1408106 in AppArmor "attach_disconnected not sufficient for overlayfs" [Critical,In progress] https://launchpad.net/bugs/1408106
[17:22] <sbeattie> that's it for me, jjohansen?
[17:22] <jjohansen> There are a couple of things to prep for the monthly apparmor meeting, some outstanding apparmor patches to finish reviewing, finish up the work on Bug #1408833, some work with tyhicks on the interaction of overlayfs and apparmor (as mentioned already Bug #1408106), and of course continuing the apparmor upstreaming work.
[17:22] <ubottu> bug 1408833 in AppArmor "broken postinst test for uvtool-libvirt on utopic" [Undecided,Confirmed] https://launchpad.net/bugs/1408833
[17:24] <jjohansen> thats it for me, sarnold
[17:25] <sarnold> I'm in the happy place this week; I'm working on an update to coreutils, and there are five packages needing MIR auditing -- I probably can't get to all of them this week unless several of them are smaller than I expect
[17:25] <sarnold> thanks to those filing early MIR requests :) much appreciated
[17:26] <sarnold> that's it for me, chrisccoulson
[17:26] <jdstrand> sarnold: fyi, I assigned one more to you today
[17:26] <chrisccoulson> it's mozilla updates for me this week
[17:26] <jdstrand> oh, I didn't try the new firefox yet
[17:27] <chrisccoulson> I'm fixing a build failure (armhf) at the moment
[17:27] <tyhicks> I thought chrisccoulson wanted us to do that tomorrow
[17:27] <jdstrand> I thought by tomorrow
[17:27] <tyhicks> ah
[17:27] <chrisccoulson> other than mozilla updates, I'm working on bug 1377198 which fixes some weird behaviour in an API that the browser is using
[17:27] <sbeattie> chrisccoulson: I'm running the new firefox, not seeing issues.
[17:28] <ubottu> bug 1377198 in Oxide "CertificateError is not cancelled if you stop the pending navigation" [High,Triaged] https://launchpad.net/bugs/1377198
[17:28] <chrisccoulson> excellent, thanks
[17:28] <chrisccoulson> I think that's me done
[17:29] <jdstrand> [TOPIC] Highlighted packages
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
[17:30] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:30] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9-powerpc-cross.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ldap-account-manager.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/bfgminer.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ganeti.html
[17:30] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/rawstudio.html
[17:30] <jdstrand> [TOPIC] Miscellaneous and Questions
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
[17:30] <jdstrand> Does anyone have any other questions or items to discuss?
[17:31] <tyhicks> I've got one for jjohansen, sarnold, and sbeattie regarding the libapparmor patches waiting for review
[17:31] <tyhicks> how can I help the review process there?
[17:31] <jjohansen> tyhicks: can you please provide 48h to my day
[17:31] <tyhicks> would it help if I wrote up a man page for the new functions?
[17:32] <tyhicks> jjohansen: :)
[17:32] <jjohansen> tyhicks: no, its just spending the time to give them a proper review
[17:32] <tyhicks> I need to write a man page before release, anyways, so it might help show the "bigger picture" during review
[17:33] <tyhicks> jjohansen: ack - I figured that was the bottleneck but wanted to make sure there was nothing else I could do
[17:33] <jjohansen> tyhicks: I would suggest holding off on that, I already have nacks on some of it
[17:33] <tyhicks> ok
[17:33] <sarnold> tyhicks: sorry, I was daunted by just how many patches are still outstanding..
[17:33] <tyhicks> (please send out nacks asap so I can start on new revisions)
[17:34] <tyhicks> jdstrand: that's all that I had
[17:34] <jjohansen> sarnold: he was just trying to make sure you would have your fill over the christmas break
[17:34] <jjohansen> tyhicks: ack
[17:35] <sarnold> jjohansen: no fear there, it was an impressive patch dump :)
[17:36] <jjohansen> sure, now /me has to give sarnold an even bigger patch dump to keep him happy
[17:36] <sarnold> :)
[17:38] <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
[17:38] <jdstrand> #endmeeting
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
[17:38] <meetingology> Meeting ended Mon Jan 12 17:38:54 2015 UTC.
[17:38] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-01-12-17.12.moin.txt
[17:38] <mdeslaur> thanks jdstrand!
[17:38] <jjohansen> thanks jdstrand
[17:39] <sarnold> thanks jdstrand
[17:39] <tyhicks> thanks!
[17:40] <sbeattie> jdstrand: thanks!
=== tumbleweed_ is now known as tumbleweed
=== xnox_ is now known as xnox