=== maclin1 is now known as maclin [16:39] #startmeeting [16:39] Meeting started Mon May 23 16:39:44 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [16:39] Available commands: action commands idea info link nick [16:39] The meeting agenda can be found at: [16:39] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:39] [TOPIC] Weekly stand-up report === meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report [16:39] jdstrand: you're up [16:40] hello [16:40] I'm focused on snappy this week [16:40] specifically, I'm working on more sdoc policy updates, policy recompiles for apparmor upgrades on snappy and sprint outcomes [16:41] tyhicks: I have a question on seccomp arg filtering. do you plan to review that this week? if not, I need to do an SRU for the ecryptfs denial in the launcher and will work on that. if so, I'll bundle together and work on that [16:42] in addition, I need to followup on the click-apparmor SRU [16:43] jdstrand: I do plan to review it this week [16:43] ok, thanks [16:43] then I'll also be doing the second part of that :) [16:44] mdes laur is out, so, sbeattie, you're up [16:44] I'm in the happy place this week [16:45] I'm working on getting the glibc updates out this week [16:45] I need to get back at looking at some of the build failures in yakkety caused by enabling pie [16:46] I'll probably try to pick up another update in the background this week, since our backlog is long [16:47] I also need to see where we're at with upstream apparmor on some things, whether we can release 2.11 and pull that into yakkety. [16:47] That's probably it for me. tyhicks? [16:47] I'm doing CVE triage this week [16:47] otherwise, I'm mostly focused on snappy [16:48] I'm fixing and SRUing bug #1584069 in support of bug #1583259 [16:48] bug 1584069 in AppArmor "change_profile rules need a modifier to allow non-secureexec transitions" [High,In progress] https://launchpad.net/bugs/1584069 [16:48] bug 1583259 in Snappy Launcher "Snappy needs to influence environment variables in applications " [Undecided,New] https://launchpad.net/bugs/1583259 [16:48] then I'll do some ubuntu-core-launcher MP reviews (including seccomp arg filtering) [16:49] and then I'll be making the ubuntu-core-launcher changes for bug #1582781 [16:49] bug 1582781 in Snappy "snapd needs a way to control mount points " [Undecided,In progress] https://launchpad.net/bugs/1582781 [16:49] that's it for me [16:49] I don't see jj so you're up, sarnold [16:49] * jjohansen is here [16:49] ah [16:49] jjohansen: go ahead [16:50] I am working on apparmor this week [16:51] I have a user who has volunteered to run a test kernel for bug 1581990 which I think is the same as 1579135 [16:51] bug 1581990 in apparmor (Ubuntu) "Profile reload leads to kernel NULL pointer dereference" [Undecided,New] https://launchpad.net/bugs/1581990 [16:51] so hopefully I can make some progress on it [16:51] tyhicks: note that zyga is updating the launcher for 'snap-run' and the project is moving and possibly renamed [16:51] * jdstrand gets link [16:52] bug 1579135 [16:52] bug 1579135 in apparmor (Ubuntu) "kernel BUG on snap disconnect from within a snap" [Undecided,Incomplete] https://launchpad.net/bugs/1579135 [16:53] tyhicks: https://github.com/ubuntu-core/snap-run/pull/1/files [16:53] I found a couple more bugs while auditing the code looking a fix for that and I need to clean those up a bit [16:54] I need to finish reviewing the gsettings stuff and discuss that this week [16:54] jdstrand: thanks [16:54] tyhicks: I'm discussing how thi simpacts us in #snappy [16:55] I expect to be reviewing some patches from tyhicks, and I'll be working on fixing up more stacking issues [16:56] jjohansen: can you start putting together a list of bug links for stacking issues that need to be fixed by 16.04.1 so that we can allow unpriv policy loads? [16:56] tyhicks: sure [16:56] thanks [16:57] thats it for me sarnold [16:57] I'm on bug triage this week; I'm working on getting the imagemagick updates out the door; I may also do some smallsih apparmor work for distraction, some wiki editing or patch reviews [16:57] that's it for me, chrisccoulson? [16:58] No updates planned for me this week, although I'll probably be spending some time preparing the next oxide release (1.15) [16:59] I also need to figure out what we're going to do with 32-bit builds, given that launchpad has no support for cross-compiling packages (confirmed by infinity last week) [16:59] Other than that, I'll be working through bugs as usual [16:59] that's me done [17:01] chrisccoulson: is the GN transition done? [17:02] tyhicks, no, as usual things seem to have slipped a bit upstream, taking the pressure off. So I used that to get some other stuff done last week [17:02] (I'm still working on it) [17:02] ok, thanks [17:02] glad you got some breathing room there [17:03] [TOPIC] Highlighted packages === meetingology changed the topic of #ubuntu-meeting to: Highlighted packages [17:03] The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. [17:03] See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/virtualbox.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/php-sabredav.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/libiptables-parse-perl.html [17:03] [TOPIC] Miscellaneous and Questions === meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions [17:03] Does anyone have any other questions or items to discuss? [17:05] jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! [17:05] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [17:05] Meeting ended Mon May 23 17:05:38 2016 UTC. [17:05] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-05-23-16.39.moin.txt [17:05] thanks tyhicks [17:05] tyhicks: thanks! :) [17:06] tyhicks: thanks! [17:09] thanks tyhicks :) [19:00] sil2100: I think infinity and cyphermox are out today... [19:01] o/ [19:01] o/ [19:01] hm, let's see if we'll have a quorum [19:02] If the only application is GunnarHj's PPU extension, I'm not sure if we even need a quorum. [19:02] * rbasak checks [19:03] Oh, we don't? I though any vote-related decision would require a quorum - but I'm new to all this [19:04] I can't find a reference, still looking. [19:05] I thought that some items needed a +1 only from one DMB member, such as expanding an existing packageset. Not sure about PPU. [19:06] Well, I can't find a reference to say that we don't, so let's assume that we need quorum. [19:06] Is anyone else here? [19:06] I am [19:07] Ok, so still 3 people [19:07] GunnarHj: are you here? [19:07] Yes. [19:07] OK, let's see if we can find enough DMB people. [19:07] What was that command to ping all DMB members? [19:07] Ah, you did that just now [19:07] :) [19:08] We could continue and if unanimous then ask for one more vote by email. [19:09] Ok, let me start the meeting then [19:09] #startmeeting DMB meeting [19:09] Meeting started Mon May 23 19:09:24 2016 UTC. The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [19:09] Available commands: action commands idea info link nick === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: [19:09] o/ I"m kinda here, but otp [19:09] o/ [19:09] #topic Review of previous action items === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: Review of previous action items [19:09] o/ [19:09] Appologies for the tardiness [19:09] We have a quorum then [19:10] Ok, so action items: [19:10] cyphremox Update Mate packages per Iain Laney's suggestions [19:10] Not sure if that happened ^ ? [19:10] cyphermox is not around but anyone else knows maybe? [19:10] I could try asking Launchpad but no point holding the meeting up for that. [19:11] Ok, let's continue then, we can follow up on that later indeed [19:11] #topic Package Set/Per Package Uploader Applications === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: Package Set/Per Package Uploader Applications [19:11] #subtopic GunnarHj [19:12] I thought there was a question about whether or not he needed new endorsements. [19:12] So the topic in mention is GunnarHj's request to extend his PPU rights to more packages [19:12] Without a new batch of endorsements [19:13] As regards endorsements, dholbach entered one on my old applications. [19:13] bdmurray: you think we should have a separate vote for that, or just treat it as part of the vote for PPU extension? [19:13] https://wiki.ubuntu.com/GunnarHj/PerPackageUploaderApplication [19:16] Any opinions regarding our current situation ^ ? [19:16] sil2100: I guess voting, I don't think we have a policy for extending PPU uploads. [19:16] sil2100: IMHO it's fine without a separate vote. If somebody isn't happy because of a desire to see endorsements, then that can be made clear in a single vote. [19:16] Right, I agree with rbasak's view here as well [19:16] if it were someone applying for core dev we would want to see endorsements. [19:17] Right [19:17] not just reuse their motu ones. [19:17] Any members have questions to GunnarHj before we start the vote? [19:17] The extended package set can be found here: [19:17] https://lists.ubuntu.com/archives/devel-permissions/2016-May/000924.html [19:17] Yes [19:18] GunnarHj: as you're applying without endorsements, I feel I have to ask: do you know of any reason why your sponsors wouldn't want to give you an endorsement? Anything they have been unhappy about? [19:19] rbasak: No, I'm not aware of any such reason. AFAIK they are reasonably happy with my performance. I felt this was in effect similar to extending a packageset, so for convenience reasons... That's all. [19:20] Thanks. That makes me wonder actually. Does this set of packages form a packageset? Should we be creating one instead? [19:21] It seems to me that it generally is "language support". Is this accurate? [19:21] rbasak: I have thought the same. Not easy to define a packageset for l10n/i18n though... [19:21] rbasak: Yes, it's "language support" in a sense. [19:21] Why is "l10n/i18n" not a good description? :) [19:22] rbasak: Sure, ok for me... [19:22] Does accountsservice and/or ubuntu-docs fit into this as well? I imagine the latter does? What about accountsservice? [19:23] rbasak: The part of accountsservice I'm dealing with is closely related to language-selector. (ubuntu-docs does not fit IMO.) [19:24] OK, thanks. [19:25] I'm interested in the DMB elders' views on this. Should we create a i18n packageset? [19:25] * sil2100 is a newbie here [19:25] bdmurray: ^? [19:25] I don't think there is a need at this point in time. [19:25] if we think people might be interested in such a thing, it sounds fine [19:26] Currently I'd proably be the only member. [19:26] In which case I'd wait for another member. [19:26] OK [19:26] Maybe let's think about it next time [19:26] Or look for other devs w/ PPU for some of those packages. [19:27] An action item for this maybe? Could someone check this? [19:28] Does anyone want to pick up checking other devs with the same/similar sets of packages? [19:28] I will [19:29] #action bdmurray to check for other PPU devs with similar packages to the proposed 'language support' packageset [19:29] ACTION: bdmurray to check for other PPU devs with similar packages to the proposed 'language support' packageset [19:29] Ok, any other questions? [19:31] Let's vote in that case [19:32] #vote [19:32] Please vote on: [19:32] Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname) [19:32] Sorry, cat pressed enter too soon... [19:32] #endvote [19:32] No vote in progress [19:32] Interesting. [19:33] Is this Perl "empty string vs. undef"? [19:33] #vote Gunnar Hjalmarsson on extending PPU packages as per request [19:33] Please vote on: Gunnar Hjalmarsson on extending PPU packages as per request [19:33] Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname) [19:34] +1 [19:34] +1 received from bdmurray [19:34] +1 (I suppose his work on the requested packages shows sufficient knowledge and involvement) [19:34] +1 (I suppose his work on the requested packages shows sufficient knowledge and involvement) received from sil2100 [19:35] +1 on the strength and nature of previous endorsements [19:35] +1 on the strength and nature of previous endorsements received from rbasak [19:36] As a new DMB member I found it pretty hard without endorsements though, so I'm not sure about how I feel about this in principle. GunnarHj's previous endorsements were very strong though so I have little doubt about it this time. [19:36] BenC? micahg? [19:36] +1 [19:36] +1 received from BenC [19:37] I guess I've seen a lot of his work as an SRU team member. [19:37] I suppose the packages were similar 'in nature' to the ones previously in his PPU rights so I guess this time it seemed to be natural and ok [19:37] I found enough paper trail to be comfortable. [19:37] +0 I unfortunately didn't have time to review, but have seen good work in the past [19:37] +0 I unfortunately didn't have time to review, but have seen good work in the past received from micahg [19:38] * BenC reviewed it this morning [19:38] #endvote [19:38] Voting ended on: Gunnar Hjalmarsson on extending PPU packages as per request [19:38] Votes for:4 Votes against:0 Abstentions:1 [19:38] Motion carried [19:38] GunnarHj: congratulations! [19:38] Thanks for the showed confidence! :) [19:38] I never did this before, who can actually do the permission changes in this case? [19:38] GunnarHj: thank you for looking after these packages for Ubuntu [19:39] I suppose I could do this as well but I would have to be instructed [19:39] edit-acl from ubuntu-archive-tools [19:39] Ok, let me put that on my list in that case [19:39] I haven't actually used it to change permissions yet but I think I understand it now. [19:39] I'm happy to take the action if you like, so I can learn the ropes. [19:40] rbasak: ok, so you go first, I'll pick it up next time in that case [19:40] rbasak: thanks! [19:40] ack [19:40] Ok, so I guess that's it for this topic, nothing more on the agenda [19:40] #topic AOB === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: AOB [19:41] sil2100: set me an #action please? [19:41] Ah, right! [19:41] sil2100: also a carry over for cyphermox I guess. [19:41] #action rbasak to make permission changes for new PPU packages for GunnarHj [19:41] ACTION: rbasak to make permission changes for new PPU packages for GunnarHj [19:41] I don't see ubuntu-mate here either fwiw https://wiki.ubuntu.com/UbuntuDevelopers#Ubuntu_Developers_.28from_delegated_teams.29 [19:41] #action cyphermox Update Mate packages per Iain Laney's suggestions [19:41] ACTION: cyphermox Update Mate packages per Iain Laney's suggestions [19:42] Ok, any other business? [19:43] I wonder if that wiki page should be updated to include ubuntu-mate-dev [19:43] I assumed that would be for cyphermox to do when he looks at creating the packageset? [19:44] Ah, fair enough. [19:44] btw. I saw "Ubuntu uTouch Uploaders (Launchpad: ~ubuntu-utouch-dev)" which doesn't exist apparently [19:44] Does anyone know why is it listed there? Was that supposed to be for ubuntu-touch or for some utouch packages that we don't have anymore? [19:45] I wonder if there are more items that do not exist anymore right now [19:46] sil2100: You should check ;-) [19:47] Ok, if that's a sensible action item let me add that for myself ;) [19:48] #action sil2100 to check the state of Ubuntu uTouch Uploaders and any other teams that might be non-existent [19:48] ACTION: sil2100 to check the state of Ubuntu uTouch Uploaders and any other teams that might be non-existent [19:48] Right, anything else? [19:48] fonts-* is a really big list [19:48] Is that OK? [19:49] It surprises me, I just wanted to check if it was just me [19:49] http://paste.ubuntu.com/16642048/ [19:50] The other expansions are as I'd expect. [19:51] For fonts-* would it worth creating a packageset called "fonts-*" just to make it a little more manageable? [19:52] hm, indeed a huge list [19:52] If nobody knows I can take it to the list. [19:52] That idea seems worth considerating [19:53] OK I'll take it to the list. [19:53] Ok [19:53] As regards fonts-*: Sure, it's long. And probably there is no reason to touch most of them in Ubuntu (synced from Debian). But it's hard to anticipate when there is a need... [19:54] GunnarHj: sure - looking at your upload history I think it makes little sense to give you PPU to just what you've touched, since next time it's likely to be another and they presumably all work the same way. [19:55] So I support giving you upload rights to it all, just wondering how technically to do it such that it remains manageable for us. [19:55] I'll take it to the list. [19:55] If there are no other items, let's finish today's meeting and discuss the fonts-* packageset on the ML [19:56] Assuming we're good to finish up [19:56] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [19:56] Meeting ended Mon May 23 19:56:43 2016 UTC. [19:56] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-05-23-19.09.moin.txt [19:56] Thanks everyone! [19:56] Thank you sil2100 for chairing. [19:57] I'll update the agenda, next chair: cyphermox I suppose? [19:58] Whoever is next on the list === nacc_ is now known as nacc === \b is now known as Guest49310 === aaron is now known as Guest39757 === Michaela is now known as Mikaela === Guest39757 is now known as ahoneybun === sarnold_ is now known as sarnold