[16:32] <mdeslaur> \o
[16:33] <tyhicks> hello
[16:33] <tyhicks> #startmeeting
[16:33] <meetingology> Meeting started Mon Apr 27 16:33:24 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:33] <meetingology> Available commands: action commands idea info link nick
[16:33] <tyhicks> The meeting agenda can be found at:
[16:33] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:33] <tyhicks> [TOPIC] Announcements
[16:34] <tyhicks> Thanks to Rhonda D'Vine (rhonda) for help on security updates for the community supported wesnoth-1.10 last week. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[16:34] <tyhicks> (LP: #1445688)
[16:34] <tyhicks> [TOPIC] Weekly stand-up report
[16:35] <tyhicks> jdstrand is busy atm so we'll skip him for now
[16:35] <tyhicks> he can jump in if he frees up
[16:35] <tyhicks> mdeslaur: go ahead
[16:35] <mdeslaur> I'm on community this week
[16:35] <mdeslaur> Im currently sponsoring ffmpeg
[16:35] <mdeslaur> tomorrow I have patch piloting duties
[16:35] <mdeslaur> I just published a few updates, and I have a couple more to test
[16:36] <mdeslaur> and I completely forgot about the openssl precise update that I started, which I'll look into again
[16:36] <mdeslaur> that's about it form me, sbeattie?
[16:36] <essembe> I'm on bug triage this week
[16:36] <mdeslaur> essembe: INTRUDER!
[16:36] <tyhicks> who's this guy
[16:36] <essembe> oh bah
[16:36] <sarnold> he looks shifty
[16:36] <sbeattie> I'm on bug triage this week
[16:37] <sbeattie> I'm finishing up preparing the trusty apparmor SRU, I just have a couple of snags I hit to smooth out.
[16:38] <sbeattie> And then I'll switch to focusing on the gcc-pie work
[16:38] <sbeattie> I need to look at tyhicks patchset to support systemd, so we can land that work when W opens
[16:38] <sbeattie> that's pretty much it for me. tyhicks?
[16:39] <tyhicks> mdeslaur: back to your openssl precise update - is that to enable tlsv1.2 by default for clients?
[16:41] <tyhicks> I'm on CVE triage this week
[16:41] <tyhicks> I have a short week and will be off Thursday and Friday
[16:41] <tyhicks> I need to circle back to a number of things that were ignored during the ramp up to the Vivid release
[16:42] <tyhicks> and I want to finish the kernel patches for AppArmor kernel keyring mediation
[16:42] <tyhicks> it would be nice if I could get those patches out for review before Thursday but I'm not sure
[16:42] <tyhicks> jjohansen: you're up
[16:42] <mdeslaur> tyhicks: yes, that's it
[16:42] <tyhicks> thanks
[16:42] <jjohansen> I have a short week this week, I will be off Friday
[16:43] <jjohansen> I have a couple backported CVE kernel fixes to look at and discuss with the kernel team
[16:44] <jjohansen> I also have a couple more apparmor patches to get out to the kernel team, so we can get the fixes into the next round of kernels
[16:44] <jjohansen> bug #1430546
[16:45] <jjohansen> being one of them (sorry I seem to have lost my browser tabs)
[16:46] <tyhicks> no problem
[16:46] <jjohansen> and then its back to the apparmor upstream cleanup. I plan to finish up with the domain transition cleanup/fixes this week (not that I didn't plan on finishing that bit last week :/)
[16:47] <jjohansen> I think that is it from me sarnold you're up
[16:47] <tyhicks> jjohansen: I noticed that a new AA kernel bug came in (LP: #1448912)
[16:48] <jjohansen> tyhicks: oh I hadn't noticed that one, yet. I'll poke at that one too, this week
[16:48] <tyhicks> thanks
[16:49] <tyhicks> sarnold: go ahead :)
[16:49] <sarnold> I'm in the happy place this week; I will be working more on openstack updates, and getting the hang of how the different openstack services work, etc.
[16:50] <mdeslaur> sarnold: FYI, I think the updates in the ppa are now out of date, more CVEs came out in the meantime
[16:50] <sarnold> I think I'll poke at the horizon service this week, and try to reproduce one of the issues on serverstack and try to find out if th e issue affects precise or not, and I'd love love love to get an update out the door, but .. thursdays always come so quickly
[16:51] <sarnold> mdeslaur: yes, I think most of those updates are now stale :(
[16:51] <tyhicks> getting an update out this week would be great since you're in the happy place
[16:51] <tyhicks> it is always a little more difficult on cve triage weeks
[16:51] <sarnold> yes
[16:51] <sarnold> so very much yes :)
[16:51] <tyhicks> sarnold: do you plan on updating the packages with the new fixes?
[16:52] <sarnold> tyhicks: I can give it  ashot, I haven't actually looked into the details of any of the fixed packages in the ppa, excepting the one horizon issue
[16:52] <sarnold> .. nor the details of the subsequently discovered CVEs
[16:52] <tyhicks> sarnold: ok, we'll discuss it more in a little bit
[16:53] <sarnold> I may also do some apparmor patch reviews for distraction along the way
[16:53] <sarnold> that's me, chrisccoulson?
[16:53] <chrisccoulson> This week, I need to get chromium out
[16:53] <chrisccoulson> I'll also be working through code reviews (my queue is quite large now)
[16:54] <chrisccoulson> And I'm currently looking at a browser crash on the phone
[16:54] <chrisccoulson> Other than that, it's business as usual (hopefully)
[16:55] <tyhicks> thanks
[16:55] <tyhicks> [TOPIC] Highlighted packages
[16:56] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:56] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:56] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/mednafen.html
[16:56] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html
[16:56] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/rt-authen-externalauth.html
[16:56] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/forked-daapd.html
[16:56] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html
[16:56] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:56] <tyhicks> Does anyone have any other questions or items to discuss?
[16:58] <tyhicks> mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
[16:58] <tyhicks> #endmeeting
[16:58] <meetingology> Meeting ended Mon Apr 27 16:58:17 2015 UTC.
[16:58] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-04-27-16.33.moin.txt
[16:58] <sbeattie> tych0: thanks!
[16:58] <jjohansen> thanks tyhicks
[16:58] <mdeslaur> thanks tyhicks!
[16:58] <sbeattie> double bah.
[16:58] <sbeattie> tyhicks: thanks!
[16:58] <sbeattie> tych0: sorry.
[16:58] <sarnold> thanks tyhicks
[19:01] <micahg> anyone here to discuss anything at the DMB meeting, if not, we'l reconvene in two weeks since there's nothing on the agenda for today
[19:02] <bdmurray> micahg: have the previous action items been taken care of?
[19:03] <micahg> well, the first one is still out there, the second is done, I just need to send a follow-up message, but my E-Mail client wasn't being helpful before the meeting, I'll send that today