[16:30] <tyhicks> hello
[16:30] <tyhicks> #startmeeting
[16:30] <mdeslaur> \o
[16:30] <meetingology> Meeting started Mon Oct  3 16:30:51 2016 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:30] <meetingology> Available commands: action commands idea info link nick
[16:30] <tyhicks> The meeting agenda can be found at:
[16:31] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <tyhicks> [TOPIC] Announcements
[16:31] <tyhicks> Simon Quigley provided a debdiff for xenial for kde-cli-tools (LP: #1629145)
[16:31] <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
[16:31] <tyhicks> [TOPIC] Weekly stand-up report
[16:31] <tyhicks> jdstrand: you're up
[16:31] <jdstrand> hi
[16:31] <jdstrand> last week was mostly about snappy PR reviews, particularly around snap declarations (but there were others). Various updates to the review tools in preparation for snap declarations
[16:31] <jdstrand> this week I plan to work on:
[16:31] <jdstrand> snap declarations PR reviews
[16:31] <jdstrand> defining the base declaration in support of snap declarations
[16:31] <jdstrand> updating the review tools for snap declarations
[16:31] <jdstrand> fixing click-apparmor/apparmor-easyprof-ubuntu autopkgtests now that click is fixed in yakkety
[16:31] <jdstrand> im-config upload to xenial-proposed
[16:32] <jdstrand> (snap declarations are critically important for snapd atm)
[16:32] <jdstrand> that's it for me. mdeslaur you're up
[16:32] <mdeslaur> I'm on bug triage this week
[16:32] <mdeslaur> I'm currently working on php updates
[16:32] <mdeslaur> and I have short weeks this week and next week
[16:33] <mdeslaur> haven't decided yet what update I'll do after php
[16:33] <mdeslaur> that's it from me, sbeattie
[16:33] <sbeattie> I'm on cve triage this week
[16:34] <sbeattie> I need to do a followup systemd update
[16:34] <sbeattie> I have some apparmor tasks to do (some bug triage etc)
[16:34] <sbeattie> I'll try to pick up another update this week as well.
[16:34] <sbeattie> that's probably it for me. tyhicks?
[16:35] <tyhicks> I'm in the happy place again this week
[16:35] <tyhicks> I need to do some SRU verification (LP: #1580463) (LP: #1614215)
[16:36] <tyhicks> I pitched in some work to help with snaps in lxd last week so now I'm back to testing my apparmor 14.04 SRU for snaps on 14.04
[16:36] <tyhicks> I'll need to do some sprint prep
[16:36] <tyhicks> that's all that I'll plan on this week
[16:36] <tyhicks> jjohansen: you're up
[16:37] <jjohansen> I have a apparmor stacking bug or two to look into this week, I need to finish up the gsettings work, and I need to work on upstreaming the apparmor kernel delta
[16:38] <jjohansen> if we get to a point where we can do the 2.11 release I may help out with that as well
[16:38] <tyhicks> jjohansen: we also need to backport the stacking work to xenial
[16:39] <tyhicks> jjohansen: nice job on landing all the stacking work in yakkety \o/
[16:39] <jjohansen> oh, okay I thought we were holding off on that for a couple weeks, to see how yakkety was
[16:39] <jjohansen> but yes, could definitely work on the backport
[16:39] <jjohansen> to xenial
[16:39] <jjohansen> thanks
[16:39] <tyhicks> jjohansen: we can hold off for a short bit but it might be easier to prepare the backport while all the code is fresh in your mind
[16:40] <jjohansen> ack
[16:40] <tyhicks> sarnold: go ahead
[16:42] <sarnold> hey, I'm i nthe happy plkace this week, I'm resuming the ubuntu-terminal-app review today and hopefully can use standard review tools for zmqpp later on, but if it still can't be built with our tools, I'll just have to go without I guess..
[16:42] <sarnold> (foundations team told me it'll all be sorted out by release day, but that sounds like no fun :)
[16:43] <sarnold> after that some direction for next review would be nice, but there's no rush on it
[16:43] <sarnold> that's it for me, chrisccoulson?
[16:44] <chrisccoulson> This week I've got a Chromium update to test and publish. I was going to do Oxide last week, but there was another Chromium update so I'll include that in the release and do that this week too
[16:44] <chrisccoulson> I'm currently investigating a firefox/trunk build failure
[16:44] <chrisccoulson> I also plan to do bug 1628496 (I'm most of the way through this already)
[16:45] <chrisccoulson> At some point this week, I want to find something to snap as well
[16:45] <chrisccoulson> Other than that, it's oxide bugs as usual
[16:45] <chrisccoulson> That's me done
[16:45] <tyhicks> ratliff: you're up
[16:45] <ratliff> I am on community this week
[16:46] <ratliff> I have some design review work and some marketing work lined up for this week as well
[16:46] <ratliff> I am off on Friday.
[16:46] <ratliff> back to you tyhicks
[16:47] <tyhicks> thanks
[16:48] <tyhicks> [TOPIC] Highlighted packages
[16:48] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:48] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:48] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gnash.html
[16:48] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/collabtive.html
[16:48] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/atheme-services.html
[16:48] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/lshell.html
[16:48] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:48] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-pecl-http.html
[16:48] <tyhicks> Does anyone have any other questions or items to discuss?
[16:50] <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks!
[16:50] <tyhicks> #endmeeting
[16:50] <meetingology> Meeting ended Mon Oct  3 16:50:05 2016 UTC.
[16:50] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-10-03-16.30.moin.txt
[16:50] <jjohansen> thanks tyhicks
[16:50] <mdeslaur> thanks tyhicks
[16:50] <sarnold> thanks tyhicks
[16:50] <sbeattie> tyhicks: thanks1
[16:51] <ratliff> thank you tyhicks
[17:57] <tsimonq2> tyhicks: you're welcome ;)
[17:58] <tsimonq2> tyhicks: thanks for having a fast turnaround time and for helping me learn the process :)
[18:11] <tyhicks> tsimonq2: that was all thanks to sarnold :)
[18:12] <tyhicks> tsimonq2: we look forward to getting more contributions from you :)
[20:14] <tsimonq2> tyhicks: so how would I contribute besides fixing CVEs then?
[20:14] <tyhicks> tsimonq2: I was speaking for the security team so I was mostly talking about CVE fixes
[20:15] <tyhicks> tsimonq2: however, there are a number of other ways that you can contribute to Ubuntu, whether it be bug triage, providing bug fixes, feature development, etc.
[20:16] <tyhicks> tsimonq2: there is helpful information available here: https://community.ubuntu.com/contribute/
[20:20] <tsimonq2> tyhicks: I'm already a very active contributor to Ubuntu as a whole, been an Ubuntu Member since February, thanks though ;)
[20:21] <tsimonq2> tyhicks: I was talking about the security team ;l
[20:21] <tsimonq2> ;)
[20:21] <tyhicks> tsimonq2: oh, nice! I misunderstood your question.
[20:42] <tsimonq2> tyhicks: so what else is there to the security team besides fixing CVEs?
[20:46] <tyhicks> tsimonq2: there's hardening of the OS, proactive security feature development, and application confinement, to name a few
[20:46] <tsimonq2> tyhicks: what's the IRC channel?
[20:46] <tyhicks> tsimonq2: join us in #ubuntu-hardened
[20:46] <tsimonq2> ok