[16:36] <tyhicks> hello
[16:36] <jjohansen> \o
[16:36]  * sbeattie waves
[16:37] <mdeslaur> \o
[16:37] <tyhicks> #startmeeting
[16:37] <meetingology> Meeting started Mon Mar  2 16:37:20 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:37] <meetingology> Available commands: action commands idea info link nick
[16:37] <tyhicks> The meeting agenda can be found at:
[16:37] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:37] <tyhicks> [TOPIC] Weekly stand-up report
[16:37] <tyhicks> jdstrand: you're up
[16:38] <jdstrand> I'm working on the store review tools wrt snappy
[16:38] <jdstrand> I'm also helping with the oxide FFe and helping coordinate some oxide work
[16:39] <jdstrand> I also have performance reviews to do
[16:40] <jdstrand> I hope to work on snappy hw access some more. phase 1 landed, but need to be thinking longer term now
[16:40] <jdstrand> I'd like to sync up with tyhicks and/or jjohansen on overlayfs/apparmor at some point this week too
[16:40] <jdstrand> that's it from me
[16:41] <mdeslaur> I'm on community this week
[16:41] <mdeslaur> and tomorrow, I have patch piloting
[16:41] <mdeslaur> I'm still banging my head on the icu updates
[16:42] <mdeslaur> that's probably going to take up a couple of days still
[16:42] <mdeslaur> after that, I'll continue down the CVE list
[16:42] <mdeslaur> that's it for me
[16:42] <mdeslaur> sbeattie: you're up
[16:42] <sbeattie> I'm on security bug triage this week
[16:43] <sbeattie> I also need to correct the mir abstraction library paths for bug 1422521
[16:43] <sbeattie> I'm continuing to test gcc-5 with pie enabled by default.
[16:44] <sbeattie> I have some apparmor patches to review and am hoping to release 2.9.2 soon.
[16:44] <sbeattie> That's pretty much it for me.
[16:44] <sbeattie> tyhicks: tag.
[16:44] <jdstrand> sbeattie: will 2.9.2 contain the mir abstraction?
[16:44] <jdstrand> or we still want it to mature?
[16:45] <sbeattie> Maybe. I'd kind of like it to mature a bit, perhaps move the unpriv mir client socket there as well.
[16:46] <sbeattie> But I can also see the desire to get it in place upstream and fleshed out there instead.
[16:47] <tyhicks> sbeattie: have you wrapped up the work to look at how well the apparmor init script is working with systemd?
[16:48] <sbeattie> tyhicks: mostly, I want to poke at it a little more, but things are looking okay so far.
[16:48] <tyhicks> sbeattie: good to hear - thanks for looking at that :)
[16:48] <tyhicks> I'm on CVE triage this week
[16:48] <tyhicks> it is the first time in a long time so it'll take me a while to get back in the swing of things
[16:49] <tyhicks> I still need to land fixes upstream, retest and publish ecryptfs-utils security updates
[16:49] <tyhicks> I'm going to add the ability to check subfeatures and then send out v2 of the libapparmor API changes
[16:49] <tyhicks> by subfeatures, I mean the permissions typically found in the "mask" files of apparmorfs (such as apparmorfs/dbus/mask)
[16:50] <tyhicks> then I'll restart my work on AppArmor kernel keyring mediation for user data encryption
[16:50] <tyhicks> that's it for me
[16:50] <tyhicks> jjohansen: you're up
[16:50] <jjohansen> I need to finish testing the fix for the fd_inheritance Bug 1423810 (it is backport kernels only),
[16:50] <jjohansen> I still need to finish looking into Bug 1425398, a first glance lead me to believe its actually a bug fix against the trusty version of apparmor that is causing the issue.
[16:50] <jjohansen> push the current stack of bug fixes up to the kt
[16:50] <jjohansen> Finish my review of the latest revision of the LSM stacking patches
[16:50] <jjohansen> sync up discuss the libapparmor policy load api
[16:50] <jjohansen> sync up with jdstrand on overlayfs
[16:50] <jjohansen> and of course get back to upstreaming cleanup
[16:51] <jdstrand> sbeattie: re systemd> I just noticed on a snappy system:
[16:51] <jdstrand> 1 processes are unconfined but have a profile defined.
[16:51] <jdstrand>    /sbin/dhclient (723)
[16:52] <jdstrand> sbeattie: that may be known-- dhclient is a system profile and not a snap profile, but seems we need to do something special there *if* we weren't going to land cache loading
[16:52] <jjohansen> that isn't surprising
[16:52] <jdstrand> no, it isn'
[16:52] <jdstrand> t
[16:52] <sbeattie> jdstrand: hunh, okay. I didn't see that in a vm, but I'll try and play around with snappy this week
[16:52] <jdstrand> also, I'm not sure how tradition server software is doing
[16:53] <jdstrand> traditional*
[16:53] <jdstrand> sbeattie: thanks
[16:53] <jdstrand> sbeattie: it might be a race. ping me if you need help with snappy kvm
[16:54] <jjohansen> that is it for me sarnold you're up
[16:55] <sarnold> I'm in happy place this week; I'm working on several MIR requests and back-burnered the horizon updates; those are blocked on the server team's work on preparing their servrestack testing environment to handle precise with distro-supplied openstack
[16:55] <sarnold> when they have something far enough along to test, I'll head over to that
[16:56] <sarnold> and I'll try to review some of the apparmor patches coming this week or already outstanding, but it's also not going to be a top priority
[16:56] <sarnold> that's it for me, chrisccoulson?
[16:56] <tyhicks> sarnold: lets continue to wait on the precise-essex serverstack enablement this week
[16:57] <tyhicks> sarnold: if it doesn't happen this week, we need to go back to the wiki page for precise testing next week
[16:57] <sarnold> tyhicks: makes sense
[16:57] <tyhicks> thanks
[16:57] <chrisccoulson> This week, I'll be getting thunderbird out. I also expect a chromium update, which means there'll be a corresponding oxide update
[16:58] <chrisccoulson> Other than that, I'll be working on oxide bugs
[16:58] <chrisccoulson> That's me done
[16:59] <tyhicks> [TOPIC] Highlighted packages
[16:59] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:59] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:59] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html
[16:59] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-adodb.html
[16:59] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:59] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/maildrop.html
[16:59] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/xlockmore.html
[16:59] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/python-soappy.html
[16:59] <tyhicks> Does anyone have any other questions or items to discuss?
[17:01] <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
[17:01] <tyhicks> #endmeeting
[17:01] <meetingology> Meeting ended Mon Mar  2 17:01:15 2015 UTC.
[17:01] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-03-02-16.37.moin.txt
[17:01] <mdeslaur> thanks tyhicks!
[17:01] <jdstrand> tyhicks: thanks!
[17:01] <jjohansen> thanks tyhicks
[17:01] <sarnold> thanks tyhicks
[17:01] <sbeattie> tyhicks: thanks!
[19:04] <micahg-work> !dmb-ping
[19:04]  * bdmurray waves
[19:10]  * stgraber waves
[19:10] <stgraber> we need one more to be useful
[19:12]  * bdrung waves (a last time)
[19:15] <bdrung> !dmb-ping
[19:15]  * bdmurray waves some more
[19:17] <bdrung> we are now four people
[19:18] <micahg-work> oh, haha, right
[19:18] <micahg-work> stgraber, your turn?
[19:20] <stgraber> ah, maybe
[19:20] <stgraber> #startmeeting DMB
[19:20] <meetingology> Meeting started Mon Mar  2 19:20:06 2015 UTC.  The chair is stgraber. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:20] <meetingology> Available commands: action commands idea info link nick
[19:20] <stgraber> #topic past actions
[19:21] <stgraber> so for Noskcaj only bdrung hasn't voted yet, though it won't actually make any difference at this point
[19:22] <stgraber> which means the application isn't succesful at this time. I'll reply saying as much.
[19:22] <stgraber> #topic DMB election
[19:22] <stgraber> results are here: http://civs.cs.cornell.edu/cgi-bin/results.pl?id=E_7ce24ee3e589e440
[19:22] <bdrung> if it makes no difference, then I won't process my backlog of emails to vote.
[19:23] <stgraber> bdrung: yeah, rule is +4, he's currently at a score of 0 with only two +1s so your vote wouldn't make a difference one way or the other
[19:23] <stgraber> so the result of the election is that ScottK, Laney and I get another 2 years and cyphermox replaces bdrung on the board.
[19:24]  * stgraber tries to find the process notes for the DMB election stuff
[19:25] <stgraber> not being very succesful
[19:25] <stgraber> anyway, I think the standard process is to vote to confirm the result, then send that to the TB (in this case, me) who takes care of doing the actual changes
[19:25] <bdrung> I didn't nominate myself to for another two year term, because my job and real life kept me too busy. I wanted to give room for some fresh blood who can spend more time on the board.
[19:26] <stgraber> #vote Approve the result of the DMB election (http://civs.cs.cornell.edu/cgi-bin/results.pl?id=E_7ce24ee3e589e440)
[19:26] <meetingology> Please vote on: Approve the result of the DMB election (http://civs.cs.cornell.edu/cgi-bin/results.pl?id=E_7ce24ee3e589e440)
[19:26] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[19:26] <bdrung> +1
[19:26] <meetingology> +1 received from bdrung
[19:26] <stgraber> bdrung: thank you for serving for all these years!
[19:26] <stgraber> +1
[19:26] <meetingology> +1 received from stgraber
[19:26] <micahg-work> +1
[19:26] <meetingology> +1 received from micahg-work
[19:26] <bdmurray> +1
[19:26] <meetingology> +1 received from bdmurray
[19:26] <stgraber> #endvote
[19:26] <meetingology> Voting ended on: Approve the result of the DMB election (http://civs.cs.cornell.edu/cgi-bin/results.pl?id=E_7ce24ee3e589e440)
[19:26] <meetingology> Votes for:4 Votes against:0 Abstentions:0
[19:26] <meetingology> Motion carried
[19:26] <micahg-work> bdrung, thanks for your many years of service!
[19:26] <bdrung> Thanks. It was a pleasure to work with all of you.
[19:27] <stgraber> alright, so that's all good. I'll send the e-mail to the TB list and will update the LP team, ML and IRC ACLs accordingly.
[19:27] <stgraber> #action stgraber to forward the DMB election results to the TB and implement the needed changes
[19:27] <meetingology> ACTION: stgraber to forward the DMB election results to the TB and implement the needed changes
[19:27] <stgraber> and again, thanks bdrung for serving for all these years and congratulations to cyphermox!
[19:27] <stgraber> #topic AOB
[19:28] <stgraber> Next chair according to wiki will be ScottK (skipping bdrung since he's leaving and it wouldn't be very fair to have cyphermox chair on his first meeting)
[19:28] <stgraber> next meeting is March 16th at 15:00 UTC
[19:28] <stgraber> anything else we should cover?
[19:28] <bdrung> So Long, and Thanks for All the Fish ;)
[19:29] <bdrung> but I won't leave earth. :)
[19:29] <stgraber> :)
[19:30] <stgraber> well, sounds like we're done. Thanks everyone for attending!
[19:30] <stgraber> #endmeeting
[19:30] <meetingology> Meeting ended Mon Mar  2 19:30:08 2015 UTC.
[19:30] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-03-02-19.20.moin.txt
[19:31] <bdrung> i will stay around contributing to Debian and Ubuntu as normal developer.
[19:40]  * cyphermox hugs bdrung
[19:42]  * bdrung hugs cyphermox and invites all DMB members to a beer (in case you visit Berlin)
[19:42] <elfy> stgraber: on the other hand - who said meetings should be fair, I'd come along with popcorn if cyphermox runs the next one :D
[19:42] <cyphermox> sounds good
[19:43] <cyphermox> (the beer)
[19:43] <stgraber> elfy: :)
[19:43] <bdrung> German beer. It must be good! :D