[08:40] <xnox> rbalint, slangasek, we can take newer openssl 1.0.2[?] it's just we are not doing the whole 1.1.x transition.
[08:40] <xnox> i will take a look as to what's happening there.
=== JanC_ is now known as JanC
[16:30] <tyhicks> hello
[16:30] <tyhicks> #startmeeting
[16:30] <meetingology> Meeting started Mon Mar 27 16:30:26 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:30] <meetingology> Available commands: action commands idea info link nick
[16:30] <tyhicks> The meeting agenda can be found at:
[16:30] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:30] <tyhicks> [TOPIC] Announcements
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
[16:30] <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for trusty-yakkety for audiofile (LP: #1674005)
[16:30] <ubottu> Launchpad bug 1674005 in audiofile (Ubuntu Yakkety) "audiofile: Multiple security issues from March 2017" [Medium,Fix released] https://launchpad.net/bugs/1674005
[16:30] <tyhicks> James Cowgill (jcowgill) provided debdiffs for xenial and yakkety for mbedtls (LP: #1672686)
[16:30] <ubottu> Launchpad bug 1672686 in polarssl (Debian) "CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve" [Unknown,Confirmed] https://launchpad.net/bugs/1672686
[16:31] <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
[16:31] <tyhicks> [TOPIC] Weekly stand-up report
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
[16:31] <tyhicks> jdstrand: you're up
[16:31] <jdstrand> last week was dominated by store reviews, looking into a snappy regression and working through various snap declarations that exposed various interesting corner cases. I also helped triage several partner and Personal issues. I did get to a few snappy reviews, but more remain
[16:31] <jdstrand> This is a short week (off Friday) and this week I plan to:
[16:31] <jdstrand> - store reviews
[16:31] <jdstrand> - continue reviewing snappy PRs. I suspect this to take most of/if not all of my time
[16:31] <jdstrand> - if have time, move to k8s interface and picking up remaining bits of seccomp arg filtering
[16:31] <jdstrand> that's it for me. mdeslaur, you're up
[16:32] <mdeslaur> I'm on bug triage this week
[16:32] <mdeslaur> and I have some gstreamer updates I'm about to release
[16:32] <mdeslaur> I'm also waiting for samba upstream to take a look at the regression in the current security updates
[16:32] <mdeslaur> and I'll pick something up from the list
[16:32] <mdeslaur> that's it for me, sbeattie?
[16:33] <mdeslaur> err, he's out I think
[16:33] <sarnold> sbeattie's out this week except for wed
[16:33] <mdeslaur> who's next
[16:33] <tyhicks> I'm up
[16:33] <tyhicks> I'm in the happy place though I think I'll need to pick up cve triage this week
[16:34] <tyhicks> I'm testing an embargoed update right now
[16:34] <tyhicks> I'm helping out with another
[16:34] <tyhicks> I'll publish apparmor updates once I get the green light
[16:34] <tyhicks> and I'm still trying to return to my seccomp work
[16:35] <tyhicks> oh, I also need to finish configuring the build infrastructure for 12.04 ESM
[16:35] <tyhicks> sarnold: you're up
[16:36] <sarnold> I'm in happy place this week, I could also pick up some cve triage; also going to do the shadow update. at this point it's been ignored enough that half of it will be re-discovering what 's done and what sitll remains to be done :/
[16:36] <sarnold> then back to mirs
[16:37] <sarnold> that's it for me, is it chrisccoulson? or back to tyhicks?
[16:37] <tyhicks> Chris is out
[16:37] <tyhicks> on to ratliff
[16:38] <ratliff> I'm on community this week. I was planning on backfilling some of the CVE triage as well. We can draw straws for days
[16:38] <ratliff> I also have a review to request of sarnold
[16:39] <ratliff> Some internal items to complete
[16:39] <ratliff> and then back to updates for vivid-based core & touch
[16:39] <ratliff> back to you tyhicks
[16:40] <tyhicks> thanks
[16:40] <tyhicks> [TOPIC] Highlighted packages
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
[16:40] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:40] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:40] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html
[16:40] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html
[16:40] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html
[16:40] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html
[16:40] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html
[16:40] <sarnold> djbdns ^^^ I never thought I'd see the day..
[16:40] <mdeslaur> hehe
[16:40] <tyhicks> I knew you wouldn't be able to resist :)
[16:41] <tyhicks> [TOPIC] Miscellaneous and Questions
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
[16:41] <tyhicks> Does anyone have any other questions or items to discuss?
[16:41] <sarnold> 2008 and 2012. apparently I'm five years behind on my news.
[16:43] <tyhicks> jdstrand, mdeslaur, sarnold, ratliff: Thanks!
[16:43] <tyhicks> #endmeeting
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
[16:43] <meetingology> Meeting ended Mon Mar 27 16:43:11 2017 UTC.
[16:43] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-03-27-16.30.moin.txt
[16:43] <sarnold> thanks tyhicks :)
[16:43] <mdeslaur> thanks tyhicks
[16:43]  * genii mops up and cleans the coffeepot
[16:44] <tyhicks> I wasn't done with the pot of coffee
[16:46] <genii> :)
[16:46]  * genii puts another batch on
[19:00] <cyphermox> o/
[19:00] <rbasak> o/
[19:01] <cyphermox> I'm expiring again in 7 days.
[19:01] <sil2100> o/
[19:01] <rbasak> cyphermox: I think micahg might have something to say about that :-P
[19:02] <cyphermox> maybe I should run again, to make things more complicated
[19:03] <bdmurray> cyphermox: it wouldn't be more complicated because you'd be the only candidate afaik
[19:04] <micahg> was there a call for nominations
[19:04]  * sil2100 didn't see any e-mail
[19:04] <rbasak> To u-d-a IIRC
[19:05] <bdmurray> http://fridge.ubuntu.com/2017/03/14/upcoming-vacant-developer-membership-board-seats-call-for-nominations/
[19:05] <micahg> https://lists.ubuntu.com/archives/ubuntu-devel-announce/2017-March/001205.html
[19:05] <micahg> wow, almost 2 weeks
[19:06] <bdmurray> Before we get to far who will chair?
[19:07] <micahg> I have a call in 30 min, so probably shouldn't be me
[19:07] <sil2100> I would prefer to skip, one more chairing and I'll feel like a chair myself
[19:07] <bdmurray> #startmeeting
[19:07] <meetingology> Meeting started Mon Mar 27 19:07:57 2017 UTC.  The chair is bdmurray. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:07] <meetingology> Available commands: action commands idea info link nick
[19:08] <bdmurray> [TOPIC] Review of previous action items
=== meetingology changed the topic of #ubuntu-meeting to: Review of previous action items
[19:08] <bdmurray> rbasak added Rosco2 yes?
[19:09] <rbasak> Yes done
[19:09] <bdmurray> I did sent a call for nominations and we'll talk about that as a separate topic
[19:10] <bdmurray> sil2100 took care of ddstreet yes?
[19:10] <sil2100> bdmurray: yes, done
[19:10] <bdmurray> rbasak to create and add slashd to the new SRU-UPLOADERS team (done, pending TB action)
[19:10] <bdmurray> Is the TB action actioned?
[19:10] <rbasak> Not that I'm aware
[19:10] <rbasak> The next TB meeting is tomorrow I hope?
[19:10]  * rbasak isn't sure of the phase
[19:11] <bdmurray> okay but you are managing it / them?
[19:11] <rbasak> Yes. Carry that one over please, and I'll chase as needed.
[19:12] <bdmurray> just for posterity - rbasak to announce slashd's new SRU-UPLOADERS team membership (done)
[19:12] <bdmurray> sil2100 to finalize fossfreedom's application vote situation
[19:12] <bdmurray> what's up with that?
[19:12] <sil2100> bdmurray: that's more or less done now
[19:12] <sil2100> I need to just send out the note
[19:12] <sil2100> I poked infinity and got a final -1 vote from him
[19:13] <sil2100> This means the application got rejected in the end - I'll send out an announcement to that today
[19:13] <bdmurray> sil2100: okay
[19:14] <bdmurray> I don't see any applications dated for today so
[19:14] <bdmurray> [TOPIC] Expiring DMB members
=== meetingology changed the topic of #ubuntu-meeting to: Expiring DMB members
[19:14] <bdmurray> I sent out a call for nominations and received none
[19:15] <bdmurray> Although sil2100 and micahg mentioned they didn't see the announcement. Is u-d-a the right place to send it?
[19:15] <micahg> yes
[19:15] <bdmurray> Not to put you on the spot but how did you miss it?
[19:15] <sil2100> bdmurray: yes, I found it, got pushed to spam (?) on my gmail for unknown reasons
[19:15] <micahg> too busy and mailbox full might have meant it got dropped
[19:15] <rbasak> I wonder if everyone is assuming that someone else will apply. If we send out a second call, might that help?
[19:16] <micahg> I motion that we extend cyphermox's membership to match infinity's membership expiration date and send out of a call at the beginning of July
[19:16] <bdmurray> I don't see how things'll get better in July.
[19:17] <rbasak> Do we need TB approval for that?
[19:17] <bdmurray> IIRC we had a similar issue during the last election.
[19:17] <bdmurray> The issue being very few candidates.
[19:17] <rbasak> But I half agree with bdmurray - rather than postponing, perhaps we could continue to try to find replacements and extend cyphermox's term as needed until replacements are found?
[19:17] <rbasak> Assuming cyphermox wants to continue that is.
[19:17] <micahg> rbasak: we usually submit the results of the election to the TB for a final signoff, we could do that for this as well
[19:18] <cyphermox> rbasak: I have just sent a self-nomination email
[19:18] <rbasak> cyphermox: thanks!
[19:18] <micahg> we're approaching the end of the cycle, I think people will be busy
[19:18] <micahg> July is in the middle before feature freeze which should allow people a little more time to think about it
[19:18] <cyphermox> I *did* miss the deadline though, so YMMV
[19:18] <rbasak> micahg: I accept that. My point is that rather than pushing back to July, perhaps we should push back only as far as is necessary.
[19:19] <micahg> startup in May again
[19:19] <micahg> ?
[19:20] <bdmurray> I don't think its gonna help, but we can just place private bets on that.
[19:20] <micahg> we can try to run a social media campaign leading up to it maybe if someone has time
[19:20] <micahg> 1-3 part series on life as a DMB member?
[19:21] <cyphermox> ahah :)
[19:22] <bdmurray> There are only 86 core devs, so a social media campaign seems like a bit much.
[19:22] <micahg> MOTUs are allowed to run as well
[19:23] <bdmurray> Well one of their "latest members" is sil2100 which must have been some time ago.
[19:24] <bdmurray> Anyway, the proposal is to extend cyphermox's membership to end of May and send out a request for nominations in the beginning of that month?
[19:24] <cyphermox> we haven't reviewed a MOTU application in quite a while
[19:24] <micahg> well, it's an extra 50 people
[19:26] <micahg> yeah, I think people have moved to more siloed rights instead of a broader focus, which is a mixed bag
[19:26] <micahg> there's very little traffic in the MOTU channel
[19:27] <micahg> Is there anyone focusing on the non-snap development community anymore?
[19:30] <bdmurray> rbasak, cyphermox, sil2100: Are you happing with extending cyphermox's membership until the end of May and holding elections then?
[19:31] <rbasak> No objection.
[19:32] <cyphermox> bdmurray: no objection
[19:35] <bdmurray> [ACTION] bdmurray to get cyphermox's membership extended
[19:35] <meetingology> ACTION: bdmurray to get cyphermox's membership extended
[19:35] <bdmurray> [TOPIC] Outstanding mailing list requests to assign
=== meetingology changed the topic of #ubuntu-meeting to: Outstanding mailing list requests to assign
[19:36] <bdmurray> I think I saw a ping over the weekend
[19:36] <rbasak> There were a couple I think
[19:36] <rbasak> "Re-generate the list of my personal packageset"
[19:36] <rbasak> "one more PPU package for ~mapreri"
[19:36] <bdmurray> The one from happyaron?
[19:36] <rbasak> Yep
[19:37] <rbasak> Raphaël Pinson asking for core-dev reinstatement
[19:38] <rbasak> "Please add xfdashboard to xubuntu packageset"
[19:38] <rbasak> That's Feb 07 - did that ever get done?
[19:38] <bdmurray> [ACTION] bdmurray to look at ~mapreri's one more package
[19:38] <meetingology> ACTION: bdmurray to look at ~mapreri's one more package
[19:38] <bdmurray> rbasak: Can you do the re-gen?
[19:38] <rbasak> OK
[19:39] <rbasak> Uh
[19:39] <rbasak> I'll sort it anyway
[19:39] <rbasak> I don't think Aron has a personal packageset.
[19:39] <bdmurray> ACTION: rbasak to sort Aron's request
[19:40] <bdmurray> ACTION: bdmurray to add Raphaël Pinson back to core-dev
[19:40] <bdmurray> [ACTION] rbasak to sort Aron's request
[19:40] <meetingology> ACTION: rbasak to sort Aron's request
[19:40] <bdmurray> [ACTION] bdmurray to add Raphaël Pinson back to core-dev
[19:40] <meetingology> ACTION: bdmurray to add Raphaël Pinson back to core-dev
[19:42] <bdmurray> [ACTION] bdmurray to look into xfdashboard being in xubuntu packageset
[19:42] <meetingology> ACTION: bdmurray to look into xfdashboard being in xubuntu packageset
[19:42] <bdmurray> There I think we got them all
[19:42] <cyphermox> actually, let me take care of xfdashboard, I'm already looking at the packageset code.
[19:42] <bdmurray> okay
[19:43] <bdmurray> [TOPIC] Any other business?
=== meetingology changed the topic of #ubuntu-meeting to: Any other business?
[19:43] <rbasak> Thank you for chairing bdmurray
[19:43] <cyphermox> I'm happy to chair next.
[19:44] <bdmurray> cyphermox: noted, thanks
[19:44] <bdmurray> Okay, I guess that's a wrap.
[19:45] <bdmurray> Ask your friends to run in May though!
[19:45] <bdmurray> #endmeeting
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
[19:45] <meetingology> Meeting ended Mon Mar 27 19:45:38 2017 UTC.
[19:45] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-03-27-19.07.moin.txt
[19:46] <micahg> thanks bdmurray
[19:46] <rcj> bdmurray: Was a date for a May mtg determined?
[19:46] <bdmurray> rcj: No, but it'd follow the usual schedule
[19:47] <bdmurray> rcj: 5/8 and 5/22
[19:51] <rcj> bdmurray: Ah, so there's a 2nd April mtg on the 24th then.
[19:51] <bdmurray> rcj: indeed
[19:51] <rcj> Excellent