| rdarw | major | 00:49 |
|---|---|---|
| === ubott2 is now known as ubottu | ||
| jdstrand | hi! | 16:32 |
| mdeslaur | \o | 16:32 |
| tyhicks | #startmeeting | 16:32 |
| tyhicks | The meeting agenda can be found at: | 16:33 |
| tyhicks | [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting | 16:33 |
| tyhicks | [TOPIC] Announcements | 16:33 |
| * tyhicks kicks the meeting bot | 16:33 | |
| teward | tyhicks: possible it's down with all the other bots? | 16:34 |
| teward | if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting. | 16:35 |
| teward | or pull it from my raw logs here on my client | 16:35 |
| tyhicks | teward: possibly - I'm not aware of any others being down | 16:35 |
| tyhicks | teward: thanks but I've got a logger going | 16:35 |
| teward | ack | 16:35 |
| tyhicks | I guess I'll just proceed | 16:36 |
| * teward lurks | 16:36 | |
| tyhicks | [TOPIC] Announcements | 16:36 |
| tyhicks | Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677) | 16:36 |
| ubottu | Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677 | 16:36 |
| jdstrand | fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else | 16:36 |
| tyhicks | ok | 16:36 |
| jdstrand | (at the end of the meeting) | 16:36 |
| tyhicks | [TOPIC] Weekly stand-up report | 16:36 |
| tyhicks | jdstrand: you're up | 16:36 |
| jdstrand | today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello | 16:37 |
| jdstrand | I need to continue going over the IoM summaries and takeaways | 16:37 |
| jdstrand | I've got an embargoed item I am working on | 16:37 |
| jdstrand | I'd like to finish up the ubuntu-personal-security policy bits | 16:38 |
| jdstrand | then pick up a card as have time | 16:38 |
| jdstrand | mdeslaur: you're up | 16:38 |
| mdeslaur | I'm on bug triage this week | 16:39 |
| mdeslaur | it's a short week for me as I'm on holiday friday and monday | 16:39 |
| mdeslaur | I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon | 16:39 |
| mdeslaur | and I'm going down the CVE list | 16:39 |
| mdeslaur | I'll probably be stealing the in-progress nbd updates from sbeattie | 16:40 |
| mdeslaur | that's about it, sbeattie, you're up | 16:40 |
| sbeattie | I'm on cve triage this week | 16:40 |
| sbeattie | I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily | 16:40 |
| sbeattie | I need to look at doko's gcc-5 plans | 16:41 |
| sbeattie | and that will probably consume my week | 16:41 |
| sbeattie | tyhicks: you're up | 16:41 |
| tyhicks | I'm in the happy place this week | 16:42 |
| tyhicks | I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0) | 16:42 |
| tyhicks | I will review the kdbus LSM hook patch set this week | 16:42 |
| tyhicks | I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels) | 16:43 |
| tyhicks | I want to get back to my UCT-to-trello bridge | 16:43 |
| tyhicks | and I have several embargoed issues | 16:43 |
| tyhicks | I think that's it for me | 16:44 |
| tyhicks | sarnold: skipping to you as I don't see jj | 16:44 |
| sarnold | I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough. | 16:45 |
| sarnold | that's it for me, chrisccoulson? | 16:45 |
| chrisccoulson | After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9 | 16:46 |
| chrisccoulson | But Firefox has something to say about that | 16:46 |
| tyhicks | :/ | 16:47 |
| chrisccoulson | I've got 1 embargoed update to do, and I also need to do the thunderbird update | 16:47 |
| chrisccoulson | that's me done | 16:47 |
| sarnold | would it make sense at some point to revert precise back to a firefox ESR release? | 16:47 |
| jdstrand | chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox? | 16:47 |
| chrisccoulson | I'm not sure atm. I'd like to be able to reproduce this crash, but I can't | 16:48 |
| tyhicks | the 14.04 crash? | 16:48 |
| chrisccoulson | Yeah | 16:48 |
| tyhicks | I can try in a VM | 16:49 |
| chrisccoulson | That's what I'm doing at the moment too | 16:49 |
| doko | sbeattie, please delay any config changes until the GCC 5 transition is done | 16:49 |
| doko | it's already ugly enough | 16:49 |
| sbeattie | doko: okay | 16:49 |
| tyhicks | chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens | 16:50 |
| chrisccoulson | thanks | 16:50 |
| tyhicks | sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week | 16:50 |
| tyhicks | sbeattie: if that goes quickly, picking up a MIR would be a good idea | 16:51 |
| sbeattie | tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64 | 16:52 |
| tyhicks | ah, ok | 16:52 |
| tyhicks | sbeattie: those are seccomp test failures, right? | 16:52 |
| tyhicks | (due to symbol craziness) | 16:53 |
| tyhicks | you can tell me later | 16:54 |
| sbeattie | no, this is the test-kernel-security.py stuff, dealing with and testing for different configs | 16:54 |
| tyhicks | oh | 16:54 |
| tyhicks | ok | 16:54 |
| tyhicks | moving on | 16:54 |
| tyhicks | [TOPIC] Highlighted packages | 16:54 |
| tyhicks | The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. | 16:54 |
| tyhicks | See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. | 16:54 |
| tyhicks | http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html | 16:54 |
| tyhicks | http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html | 16:54 |
| tyhicks | http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html | 16:54 |
| tyhicks | http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html | 16:54 |
| tyhicks | http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html | 16:54 |
| tyhicks | [TOPIC] Miscellaneous and Questions | 16:54 |
| tyhicks | Does anyone have any other questions or items to discuss? | 16:54 |
| tyhicks | jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks! | 16:56 |
| mdeslaur | thanks tyhicks! | 16:56 |
| tyhicks | #endmeeting | 16:56 |
| sbeattie | tyhicks: thanks | 16:57 |
| sarnold | thanks tyhicks! | 16:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!