[16:39] <tyhicks> #startmeeting
[16:39] <meetingology> Meeting started Mon May 23 16:39:44 2016 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:39] <meetingology> Available commands: action commands idea info link nick
[16:39] <tyhicks> The meeting agenda can be found at:
[16:39] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:39] <tyhicks> [TOPIC] Weekly stand-up report
[16:39] <tyhicks> jdstrand: you're up
[16:40] <jdstrand> hello
[16:40] <jdstrand> I'm focused on snappy this week
[16:40] <jdstrand> specifically, I'm working on more sdoc policy updates, policy recompiles for apparmor upgrades on snappy and sprint outcomes
[16:41] <jdstrand> tyhicks: I have a question on seccomp arg filtering. do you plan to review that this week? if not, I need to do an SRU for the ecryptfs denial in the launcher and will work on that. if so, I'll bundle together and work on that
[16:42] <jdstrand> in addition, I need to followup on the click-apparmor SRU
[16:43] <tyhicks> jdstrand: I do plan to review it this week
[16:43] <jdstrand> ok, thanks
[16:43] <jdstrand> then I'll also be doing the second part of that :)
[16:44] <jdstrand> mdes laur is out, so, sbeattie, you're up
[16:44] <sbeattie> I'm in the happy place this week
[16:45] <sbeattie> I'm working on getting the glibc updates out this week
[16:45] <sbeattie> I need to get back at looking at some of the build failures in yakkety caused by enabling pie
[16:46] <sbeattie> I'll probably try to pick up another update in the background this week, since our backlog is long
[16:47] <sbeattie> I also need to see where we're at with upstream apparmor on some things, whether we can release 2.11 and pull that into yakkety.
[16:47] <sbeattie> That's probably it for me. tyhicks?
[16:47] <tyhicks> I'm doing CVE triage this week
[16:47] <tyhicks> otherwise, I'm mostly focused on snappy
[16:48] <tyhicks> I'm fixing and SRUing bug #1584069 in support of bug #1583259
[16:48] <tyhicks> then I'll do some ubuntu-core-launcher MP reviews (including seccomp arg filtering)
[16:49] <tyhicks> and then I'll be making the ubuntu-core-launcher changes for bug #1582781
[16:49] <tyhicks> that's it for me
[16:49] <tyhicks> I don't see jj so you're up, sarnold
[16:49]  * jjohansen is here
[16:49] <tyhicks> ah
[16:49] <tyhicks> jjohansen: go ahead
[16:50] <jjohansen> I am working on apparmor this week
[16:51] <jjohansen> I have a user who has volunteered to run a test kernel for bug  1581990 which I think is the same as 1579135
[16:51] <jjohansen> so hopefully I can make some progress on it
[16:51] <jdstrand> tyhicks: note that zyga is updating the launcher for 'snap-run' and the project is moving and possibly renamed
[16:51]  * jdstrand gets link
[16:52] <jjohansen> bug 1579135
[16:53] <jdstrand> tyhicks: https://github.com/ubuntu-core/snap-run/pull/1/files
[16:53] <jjohansen> I found a couple more bugs while auditing the code looking a fix for that and I need to clean those up a bit
[16:54] <jjohansen> I need to finish reviewing the gsettings stuff and discuss that this week
[16:54] <tyhicks> jdstrand: thanks
[16:54] <jdstrand> tyhicks: I'm discussing how thi simpacts us in #snappy
[16:55] <jjohansen> I expect to be reviewing some patches from tyhicks, and I'll be working on fixing up more stacking issues
[16:56] <tyhicks> jjohansen: can you start putting together a list of bug links for stacking issues that need to be fixed by 16.04.1 so that we can allow unpriv policy loads?
[16:56] <jjohansen> tyhicks: sure
[16:56] <tyhicks> thanks
[16:57] <jjohansen> thats it for me sarnold
[16:57] <sarnold> I'm on bug triage this week; I'm working on getting the imagemagick updates out the door; I may also do some smallsih apparmor work for distraction, some wiki editing or patch reviews
[16:57] <sarnold> that's it for me, chrisccoulson?
[16:58] <chrisccoulson> No updates planned for me this week, although I'll probably be spending some time preparing the next oxide release (1.15)
[16:59] <chrisccoulson> I also need to figure out what we're going to do with 32-bit builds, given that launchpad has no support for cross-compiling packages (confirmed by infinity last week)
[16:59] <chrisccoulson> Other than that, I'll be working through bugs as usual
[16:59] <chrisccoulson> that's me done
[17:01] <tyhicks> chrisccoulson: is the GN transition done?
[17:02] <chrisccoulson> tyhicks, no, as usual things seem to have slipped a bit upstream, taking the pressure off. So I used that to get some other stuff done last week
[17:02] <chrisccoulson> (I'm still working on it)
[17:02] <tyhicks> ok, thanks
[17:02] <tyhicks> glad you got some breathing room there
[17:03] <tyhicks> [TOPIC] Highlighted packages
[17:03] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[17:03] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[17:03] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html
[17:03] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/virtualbox.html
[17:03] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html
[17:03] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-sabredav.html
[17:03] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libiptables-parse-perl.html
[17:03] <tyhicks> [TOPIC] Miscellaneous and Questions
[17:03] <tyhicks> Does anyone have any other questions or items to discuss?
[17:05] <tyhicks> jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
[17:05] <tyhicks> #endmeeting
[17:05] <meetingology> Meeting ended Mon May 23 17:05:38 2016 UTC.
[17:05] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-05-23-16.39.moin.txt
[17:05] <jjohansen> thanks tyhicks
[17:05] <jdstrand> tyhicks: thanks! :)
[17:06] <sbeattie> tyhicks: thanks!
[17:09] <sarnold> thanks tyhicks :)
[19:00] <bdmurray> sil2100: I think infinity and cyphermox are out today...
[19:01] <sil2100> o/
[19:01] <rbasak> o/
[19:01] <sil2100> hm, let's see if we'll have a quorum
[19:02] <rbasak> If the only application is GunnarHj's PPU extension, I'm not sure if we even need a quorum.
[19:02]  * rbasak checks
[19:03] <sil2100> Oh, we don't? I though any vote-related decision would require a quorum - but I'm new to all this
[19:04] <rbasak> I can't find a reference, still looking.
[19:05] <rbasak> I thought that some items needed a +1 only from one DMB member, such as expanding an existing packageset. Not sure about PPU.
[19:06] <rbasak> Well, I can't find a reference to say that we don't, so let's assume that we need quorum.
[19:06] <rbasak> Is anyone else here?
[19:06] <bdmurray> I am
[19:07] <sil2100> Ok, so still 3 people
[19:07] <rbasak> GunnarHj: are you here?
[19:07] <GunnarHj> Yes.
[19:07] <rbasak> OK, let's see if we can find enough DMB people.
[19:07] <sil2100> What was that command to ping all DMB members?
[19:07] <sil2100> Ah, you did that just now
[19:07] <sil2100> :)
[19:08] <rbasak> We could continue and if unanimous then ask for one more vote by email.
[19:09] <sil2100> Ok, let me start the meeting then
[19:09] <sil2100> #startmeeting DMB meeting
[19:09] <meetingology> Meeting started Mon May 23 19:09:24 2016 UTC.  The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:09] <meetingology> Available commands: action commands idea info link nick
[19:09] <micahg> o/ I"m kinda here, but otp
[19:09] <BenC> o/
[19:09] <sil2100> #topic Review of previous action items
[19:09] <sil2100> o/
[19:09] <BenC> Appologies for the tardiness
[19:09] <sil2100> We have a quorum then
[19:10] <sil2100> Ok, so action items:
[19:10] <sil2100> cyphremox Update Mate packages per Iain Laney's suggestions
[19:10] <sil2100> Not sure if that happened ^ ?
[19:10] <sil2100> cyphermox is not around but anyone else knows maybe?
[19:10] <rbasak> I could try asking Launchpad but no point holding the meeting up for that.
[19:11] <sil2100> Ok, let's continue then, we can follow up on that later indeed
[19:11] <sil2100> #topic Package Set/Per Package Uploader Applications
[19:11] <sil2100> #subtopic GunnarHj
[19:12] <bdmurray> I thought there was a question about whether or not he needed new endorsements.
[19:12] <sil2100> So the topic in mention is GunnarHj's request to extend his PPU rights to more packages
[19:12] <sil2100> Without a new batch of endorsements
[19:13] <GunnarHj> As regards endorsements, dholbach entered one on my old applications.
[19:13] <sil2100> bdmurray: you think we should have a separate vote for that, or just treat it as part of the vote for PPU extension?
[19:13] <GunnarHj> https://wiki.ubuntu.com/GunnarHj/PerPackageUploaderApplication
[19:16] <sil2100> Any opinions regarding our current situation ^ ?
[19:16] <bdmurray> sil2100: I guess voting, I don't think we have a policy for extending PPU uploads.
[19:16] <rbasak> sil2100: IMHO it's fine without a separate vote. If somebody isn't happy because of a desire to see endorsements, then that can be made clear in a single vote.
[19:16] <sil2100> Right, I agree with rbasak's view here as well
[19:16] <bdmurray> if it were someone applying for core dev we would want to see endorsements.
[19:17] <sil2100> Right
[19:17] <bdmurray> not just reuse their motu ones.
[19:17] <sil2100> Any members have questions to GunnarHj before we start the vote?
[19:17] <sil2100> The extended package set can be found here:
[19:17] <sil2100> https://lists.ubuntu.com/archives/devel-permissions/2016-May/000924.html
[19:17] <rbasak> Yes
[19:18] <rbasak> GunnarHj: as you're applying without endorsements, I feel I have to ask: do you know of any reason why your sponsors wouldn't want to give you an endorsement? Anything they have been unhappy about?
[19:19] <GunnarHj> rbasak: No, I'm not aware of any such reason. AFAIK they are reasonably happy with my performance. I felt this was in effect similar to extending a packageset, so for convenience reasons... That's all.
[19:20] <rbasak> Thanks. That makes me wonder actually. Does this set of packages form a packageset? Should we be creating one instead?
[19:21] <rbasak> It seems to me that it generally is "language support". Is this accurate?
[19:21] <GunnarHj> rbasak: I have thought the same. Not easy to define a packageset for l10n/i18n though...
[19:21] <GunnarHj> rbasak: Yes, it's "language support" in a sense.
[19:21] <rbasak> Why is "l10n/i18n" not a good description? :)
[19:22] <GunnarHj> rbasak: Sure, ok for me...
[19:22] <rbasak> Does accountsservice and/or ubuntu-docs fit into this as well? I imagine the latter does? What about accountsservice?
[19:23] <GunnarHj> rbasak: The part of accountsservice I'm dealing with is closely related to language-selector. (ubuntu-docs does not fit IMO.)
[19:24] <rbasak> OK, thanks.
[19:25] <rbasak> I'm interested in the DMB elders' views on this. Should we create a i18n packageset?
[19:25]  * sil2100 is a newbie here
[19:25] <sil2100> bdmurray: ^?
[19:25] <bdmurray> I don't think there is a need at this point in time.
[19:25] <micahg> if we think people might be interested in such a thing, it sounds fine
[19:26] <GunnarHj> Currently I'd proably be the only member.
[19:26] <bdmurray> In which case I'd wait for another member.
[19:26] <rbasak> OK
[19:26] <sil2100> Maybe let's think about it next time
[19:26] <bdmurray> Or look for other devs w/ PPU for some of those packages.
[19:27] <sil2100> An action item for this maybe? Could someone check this?
[19:28] <sil2100> Does anyone want to pick up checking other devs with the same/similar sets of packages?
[19:28] <bdmurray> I will
[19:29] <sil2100> #action bdmurray to check for other PPU devs with similar packages to the proposed 'language support' packageset
[19:29] <meetingology> ACTION: bdmurray to check for other PPU devs with similar packages to the proposed 'language support' packageset
[19:29] <sil2100> Ok, any other questions?
[19:31] <sil2100> Let's vote in that case
[19:32] <sil2100> #vote
[19:32] <meetingology> Please vote on:
[19:32] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[19:32] <sil2100> Sorry, cat pressed enter too soon...
[19:32] <sil2100> #endvote
[19:32] <meetingology> No vote in progress
[19:32] <rbasak> Interesting.
[19:33] <rbasak> Is this Perl "empty string vs. undef"?
[19:33] <sil2100> #vote Gunnar Hjalmarsson on extending PPU packages as per request
[19:33] <meetingology> Please vote on: Gunnar Hjalmarsson on extending PPU packages as per request
[19:33] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[19:34] <bdmurray> +1
[19:34] <meetingology> +1 received from bdmurray
[19:34] <sil2100> +1 (I suppose his work on the requested packages shows sufficient knowledge and involvement)
[19:34] <meetingology> +1 (I suppose his work on the requested packages shows sufficient knowledge and involvement) received from sil2100
[19:35] <rbasak> +1 on the strength and nature of previous endorsements
[19:35] <meetingology> +1 on the strength and nature of previous endorsements received from rbasak
[19:36] <rbasak> As a new DMB member I found it pretty hard without endorsements though, so I'm not sure about how I feel about this in principle. GunnarHj's previous endorsements were very strong though so I have little doubt about it this time.
[19:36] <rbasak> BenC? micahg?
[19:36] <BenC> +1
[19:36] <meetingology> +1 received from BenC
[19:37] <bdmurray> I guess I've seen a lot of his work as an SRU team member.
[19:37] <sil2100> I suppose the packages were similar 'in nature' to the ones previously in his PPU rights so I guess this time it seemed to be natural and ok
[19:37] <BenC> I found enough paper trail to be comfortable.
[19:37] <micahg> +0 I unfortunately didn't have time to review, but have seen good work in the past
[19:37] <meetingology> +0 I unfortunately didn't have time to review, but have seen good work in the past received from micahg
[19:38]  * BenC reviewed it this morning
[19:38] <sil2100> #endvote
[19:38] <meetingology> Voting ended on: Gunnar Hjalmarsson on extending PPU packages as per request
[19:38] <meetingology> Votes for:4 Votes against:0 Abstentions:1
[19:38] <meetingology> Motion carried
[19:38] <sil2100> GunnarHj: congratulations!
[19:38] <GunnarHj> Thanks for the showed confidence! :)
[19:38] <sil2100> I never did this before, who can actually do the permission changes in this case?
[19:38] <rbasak> GunnarHj: thank you for looking after these packages for Ubuntu
[19:39] <sil2100> I suppose I could do this as well but I would have to be instructed
[19:39] <rbasak> edit-acl from ubuntu-archive-tools
[19:39] <sil2100> Ok, let me put that on my list in that case
[19:39] <rbasak> I haven't actually used it to change permissions yet but I think I understand it now.
[19:39] <rbasak> I'm happy to take the action if you like, so I can learn the ropes.
[19:40] <sil2100> rbasak: ok, so you go first, I'll pick it up next time in that case
[19:40] <sil2100> rbasak: thanks!
[19:40] <rbasak> ack
[19:40] <sil2100> Ok, so I guess that's it for this topic, nothing more on the agenda
[19:40] <sil2100> #topic AOB
[19:41] <rbasak> sil2100: set me an #action please?
[19:41] <sil2100> Ah, right!
[19:41] <rbasak> sil2100: also a carry over for cyphermox I guess.
[19:41] <sil2100> #action rbasak to make permission changes for new PPU packages for GunnarHj
[19:41] <meetingology> ACTION: rbasak to make permission changes for new PPU packages for GunnarHj
[19:41] <bdmurray> I don't see ubuntu-mate here either fwiw https://wiki.ubuntu.com/UbuntuDevelopers#Ubuntu_Developers_.28from_delegated_teams.29
[19:41] <sil2100> #action cyphermox Update Mate packages per Iain Laney's suggestions
[19:41] <meetingology> ACTION: cyphermox Update Mate packages per Iain Laney's suggestions
[19:42] <sil2100> Ok, any other business?
[19:43] <bdmurray> I wonder if that wiki page should be updated to include ubuntu-mate-dev
[19:43] <rbasak> I assumed that would be for cyphermox to do when he looks at creating the packageset?
[19:44] <bdmurray> Ah, fair enough.
[19:44] <sil2100> btw. I saw "Ubuntu uTouch Uploaders (Launchpad: ~ubuntu-utouch-dev)" which doesn't exist apparently
[19:44] <sil2100> Does anyone know why is it listed there? Was that supposed to be for ubuntu-touch or for some utouch packages that we don't have anymore?
[19:45] <sil2100> I wonder if there are more items that do not exist anymore right now
[19:46] <bdmurray> sil2100: You should check ;-)
[19:47] <sil2100> Ok, if that's a sensible action item let me add that for myself ;)
[19:48] <sil2100> #action sil2100 to check the state of Ubuntu uTouch Uploaders and any other teams that might be non-existent
[19:48] <meetingology> ACTION: sil2100 to check the state of Ubuntu uTouch Uploaders and any other teams that might be non-existent
[19:48] <sil2100> Right, anything else?
[19:48] <rbasak> fonts-* is a really big list
[19:48] <rbasak> Is that OK?
[19:49] <rbasak> It surprises me, I just wanted to check if it was just me
[19:49] <rbasak> http://paste.ubuntu.com/16642048/
[19:50] <rbasak> The other expansions are as I'd expect.
[19:51] <rbasak> For fonts-* would it worth creating a packageset called "fonts-*" just to make it a little more manageable?
[19:52] <sil2100> hm, indeed a huge list
[19:52] <rbasak> If nobody knows I can take it to the list.
[19:52] <sil2100> That idea seems worth considerating
[19:53] <rbasak> OK I'll take it to the list.
[19:53] <sil2100> Ok
[19:53] <GunnarHj> As regards fonts-*: Sure, it's long. And probably there is no reason to touch most of them in Ubuntu (synced from Debian). But it's hard to anticipate when there is a need...
[19:54] <rbasak> GunnarHj: sure - looking at your upload history I think it makes little sense to give you PPU to just what you've touched, since next time it's likely to be another and they presumably all work the same way.
[19:55] <rbasak> So I support giving you upload rights to it all, just wondering how technically to do it such that it remains manageable for us.
[19:55] <rbasak> I'll take it to the list.
[19:55] <sil2100> If there are no other items, let's finish today's meeting and discuss the fonts-* packageset on the ML
[19:56] <sil2100> Assuming we're good to finish up
[19:56] <sil2100> #endmeeting
[19:56] <meetingology> Meeting ended Mon May 23 19:56:43 2016 UTC.
[19:56] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-05-23-19.09.moin.txt
[19:56] <sil2100> Thanks everyone!
[19:56] <rbasak> Thank you sil2100 for chairing.
[19:57] <sil2100> I'll update the agenda, next chair: cyphermox I suppose?
[19:58] <rbasak> Whoever is next on the list