[00:49] <rdarw> major
[16:32] <jdstrand> hi!
[16:32] <mdeslaur> \o
[16:32] <tyhicks> #startmeeting
[16:33] <tyhicks> The meeting agenda can be found at:
[16:33] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:33] <tyhicks> [TOPIC] Announcements
[16:33]  * tyhicks kicks the meeting bot
[16:34] <teward> tyhicks: possible it's down with all the other bots?
[16:35] <teward> if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting.
[16:35] <teward> or pull it from my raw logs here on my client
[16:35] <tyhicks> teward: possibly - I'm not aware of any others being down
[16:35] <tyhicks> teward: thanks but I've got a logger going
[16:35] <teward> ack
[16:36] <tyhicks> I guess I'll just proceed
[16:36]  * teward lurks
[16:36] <tyhicks> [TOPIC] Announcements
[16:36] <tyhicks> Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677)
[16:36] <jdstrand> fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else
[16:36] <tyhicks> ok
[16:36] <jdstrand> (at the end of the meeting)
[16:36] <tyhicks> [TOPIC] Weekly stand-up report
[16:36] <tyhicks> jdstrand: you're up
[16:37] <jdstrand> today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello
[16:37] <jdstrand> I need to continue going over the IoM summaries and takeaways
[16:37] <jdstrand> I've got an embargoed item I am working on
[16:38] <jdstrand> I'd like to finish up the ubuntu-personal-security policy bits
[16:38] <jdstrand> then pick up a card as have time
[16:38] <jdstrand> mdeslaur: you're up
[16:39] <mdeslaur> I'm on bug triage this week
[16:39] <mdeslaur> it's a short week for me as I'm on holiday friday and monday
[16:39] <mdeslaur> I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon
[16:39] <mdeslaur> and I'm going down the CVE list
[16:40] <mdeslaur> I'll probably be stealing the in-progress nbd updates from sbeattie
[16:40] <mdeslaur> that's about it, sbeattie, you're up
[16:40] <sbeattie> I'm on cve triage this week
[16:40] <sbeattie> I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily
[16:41] <sbeattie> I need to look at doko's gcc-5 plans
[16:41] <sbeattie> and that will probably consume my week
[16:41] <sbeattie> tyhicks: you're up
[16:42] <tyhicks> I'm in the happy place this week
[16:42] <tyhicks> I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0)
[16:42] <tyhicks> I will review the kdbus LSM hook patch set this week
[16:43] <tyhicks> I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels)
[16:43] <tyhicks> I want to get back to my UCT-to-trello bridge
[16:43] <tyhicks> and I have several embargoed issues
[16:44] <tyhicks> I think that's it for me
[16:44] <tyhicks> sarnold: skipping to you as I don't see jj
[16:45] <sarnold> I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough.
[16:45] <sarnold> that's it for me, chrisccoulson?
[16:46] <chrisccoulson> After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9
[16:46] <chrisccoulson> But Firefox has something to say about that
[16:47] <tyhicks> :/
[16:47] <chrisccoulson> I've got 1 embargoed update to do, and I also need to do the thunderbird update
[16:47] <chrisccoulson> that's me done
[16:47] <sarnold> would it make sense at some point to revert precise back to a firefox ESR release?
[16:47] <jdstrand> chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox?
[16:48] <chrisccoulson> I'm not sure atm. I'd like to be able to reproduce this crash, but I can't
[16:48] <tyhicks> the 14.04 crash?
[16:48] <chrisccoulson> Yeah
[16:49] <tyhicks> I can try in a VM
[16:49] <chrisccoulson> That's what I'm doing at the moment too
[16:49] <doko> sbeattie, please delay any config changes until the GCC 5 transition is done
[16:49] <doko> it's already ugly enough
[16:49] <sbeattie> doko: okay
[16:50] <tyhicks> chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens
[16:50] <chrisccoulson> thanks
[16:50] <tyhicks> sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week
[16:51] <tyhicks> sbeattie: if that goes quickly, picking up a MIR would be a good idea
[16:52] <sbeattie> tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64
[16:52] <tyhicks> ah, ok
[16:52] <tyhicks> sbeattie: those are seccomp test failures, right?
[16:53] <tyhicks> (due to symbol craziness)
[16:54] <tyhicks> you can tell me later
[16:54] <sbeattie> no, this is the test-kernel-security.py stuff, dealing with and testing for different configs
[16:54] <tyhicks> oh
[16:54] <tyhicks> ok
[16:54] <tyhicks> moving on
[16:54] <tyhicks> [TOPIC] Highlighted packages
[16:54] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:54] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:54] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html
[16:54] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html
[16:54] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html
[16:54] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html
[16:54] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html
[16:54] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:54] <tyhicks> Does anyone have any other questions or items to discuss?
[16:56] <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks!
[16:56] <mdeslaur> thanks tyhicks!
[16:56] <tyhicks> #endmeeting
[16:57] <sbeattie> tyhicks: thanks
[16:58] <sarnold> thanks tyhicks!