=== JanC_ is now known as JanC
=== JamieBen_ is now known as JamieBennett
[16:32] <jjohansen> \o
[16:33] <tyhicks> hello
[16:33] <tyhicks> #startmeeting
[16:33] <meetingology> Meeting started Mon May 22 16:33:46 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:33] <meetingology> Available commands: action commands idea info link nick
[16:33] <tyhicks> The meeting agenda can be found at:
[16:33] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:34] <tyhicks> [TOPIC] Sponsored Updates
=== meetingology changed the topic of #ubuntu-meeting to: Sponsored Updates
[16:34] <tyhicks> Jose Manuel Santamaria Lema (santa_) provided debdiffs for xenial and yakkety for kauth (LP: #1689759)
[16:34] <ubottu> Launchpad bug 1689759 in kde4libs (Ubuntu Artful) "CVE 2017-8422 - kauth: Local privilege escalation" [High,Fix released] https://launchpad.net/bugs/1689759
[16:34] <tyhicks> Rik Mills (acheronuk) provided debdiffs for xenial and yakkety for kde4libs (LP: #1689759)
[16:34] <tyhicks> v.naini provided debdiffs for zesty for kauth and kde4libs (LP: #1689759)
[16:34] <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
[16:34] <tyhicks> [TOPIC] Join us!
=== meetingology changed the topic of #ubuntu-meeting to: Join us!
[16:34] <tyhicks> The Ubuntu Security Team has an open position. Learn more and apply at http://bit.ly/SecEngJob
[16:35] <tyhicks> [TOPIC] Weekly stand-up report
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
[16:35] <tyhicks> sbeattie: you're up
[16:35] <sbeattie> I'm in the happy place this week
[16:35] <acheronuk> tyhicks: you're welcome
[16:35]  * acheronuk shuts up
[16:35] <sbeattie> heh
[16:35] <tyhicks> hey acheronuk :)
[16:36] <sbeattie> I have an embargoed issue that I'm working on
[16:36] <sbeattie> I've some kernel cve triage bits and signoffs to do
[16:37] <sbeattie> I'll go down the open list to work on another update as well.
[16:37] <sbeattie> Oh, kernel team pointed me at some minor qrt failures to address with the 4.11 kernel.
[16:37] <sbeattie> (config renames ,etc.)
[16:38] <sbeattie> that's probably my week.
[16:38] <sbeattie> tyhicks: you're up
[16:38] <tyhicks> I'm on community this week
[16:38] <tyhicks> I've got a few eCryptfs kernel patches to review
[16:39] <tyhicks> I'm trying my best to cover for Jamie on forum.snapcraft.io this week
[16:40] <tyhicks> I've got some internal tasks to do today
[16:40] <tyhicks> then I'll spend time on seccomp
[16:40] <tyhicks> that's it
[16:40] <tyhicks> jjohansen: you're up
[16:41] <jjohansen> I'll be coordinating with sbeattie on some apparmor regression test failures, bug 1659111 is known and a kernel change, I knew about it before pushing, and told them the fix will follow
[16:41] <jjohansen> I have poked a couple people on the securityfs patches so hopefully I will be doing any needed replies/revision for that
[16:41] <ubottu> bug 1659111 in linux (Ubuntu Zesty) "UbuntuKVM guest crashed while running I/O stress test with Ubuntu kernel 4.4.0-47-generic" [High,In progress] https://launchpad.net/bugs/1659111
[16:43] <jjohansen> and I am working on finishing beating the patch queue for upstream into shape, largely still breaking a few things into smaller logical chunks that make sense and trying not to break bisecting
[16:43] <jjohansen> oh and I suppose maybe the fixes for some qrt regressions, maybe
[16:45] <tyhicks> jjohansen: was that the wrong bug number? did you mean bug 1692543?
[16:45] <ubottu> bug 1692543 in apparmor (Ubuntu) "Regression tests cannot write to apparmor path_max module parameter in artful/4.11" [Undecided,New] https://launchpad.net/bugs/1692543
[16:45] <jjohansen> tyhicks: sorry yes 1692543, I grabbed the wrong line from irc :)
[16:46] <tyhicks> cool
[16:46] <jjohansen> I am going to push some more RFCs up this week, and I expect that to consume the rest of my time
[16:47] <jjohansen> so I think that is it for me
[16:47] <tyhicks> sarnold: you're up
[16:47] <sarnold> i'm on bug triage this week; back to MIRs; AA patch reviews if those will be helpful. and internal tasks
[16:47] <sarnold> that's it for me, chrisccoulson is out right?, so, ratliff?
[16:48] <ratliff> I'm on CVE triage this week
[16:48] <ratliff> I am finalizing an ESM update and will do the same update for Ubuntu Core 15 (rtmpdump)
[16:48] <ratliff> Most of the week will be focused on internal tasks.
[16:48] <ratliff> that's it for me, back to you tyhicks
[16:49] <tyhicks> thanks
[16:49] <tyhicks> [TOPIC] Highlighted packages
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
[16:49] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:49] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:49] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-saml.html
[16:49] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html
[16:49] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/kinit.html
[16:49] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-rest-client.html
[16:49] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jsoup.html
[16:49] <tyhicks> [TOPIC] Miscellaneous and Questions
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
[16:49] <tyhicks> Does anyone have any other questions or items to discuss?
[16:51] <tyhicks> sbeattie, jjohansen, sarnold, ratliff: Thanks!
[16:51] <tyhicks> #endmeeting
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
[16:51] <meetingology> Meeting ended Mon May 22 16:51:41 2017 UTC.
[16:51] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-05-22-16.33.moin.txt
[16:51] <jjohansen> thanks tyhicks
[16:51] <ratliff> thank you tyhicks!
[16:52] <sbeattie> tyhicks: thanks!
[16:54] <sarnold> thanks tyhicks!
[18:07] <cking> is there meant to be a DMB meeting right now?
=== JanC_ is now known as JanC
[18:58] <bdmurray> Given that today is a Canadian holiday will we have quorum for the DMB meeting?
[19:00] <sil2100> o/
[19:00] <sil2100> Not sure
[19:02] <bdmurray> o/
[19:10] <jbicha> It's quiet…too quiet… :(
[19:11] <cking> i guess the meeting looks like it may be postponed
[19:12] <bdmurray> jbicha: Yeah, sorry about that. As I mentioned its a Canadian holiday and a couple of board members are Canadian.
[19:15] <jbicha> next Monday is a US holiday
[19:16] <cking> and a UK one too, and I'd like to be around for that to get PPU rights :-/
[19:16] <bdmurray> The schedule is every two weeks so the next one would be June 5th. We could take discussion of the applications to email.
[19:17] <cking> bdmurray, if that's possible, I'd appreciate that for my PPU request for zfs et al
[19:17] <sil2100> ;/
[19:18] <rbasak> Sorry I'm late.
[19:19] <bdmurray> rbasak: No problem, there's only 3 of us as it is.
[19:19] <sil2100> rbasak: hey! No problem, we don't have a quorum yet sadly
[19:19] <sil2100> So we didn't even start yet
[19:19] <bdmurray> We were just discussing reviewing via email.
[19:19] <sil2100> Let me re-ping
[19:19] <rbasak> OK
[19:21] <sil2100> I suppose we won't have anyone more, I would opt for an e-mail vote
[19:21] <sil2100> But we'd have to make sure that it's handled in a timely fashion
[19:22] <bdmurray> sil2100: How about we each start the discussion and babysit one application?
[19:27] <bdmurray> micahg: Are you here for the meeting?
[19:28] <micahg> I can sort of be, I'm in another meeting, so responses might be delayed
[19:28] <bdmurray> Hmm, isn't that usually the case?
[19:28] <micahg> yes, unfortunately :(
[19:28] <bdmurray> Would reviewing via email work better for you?
[19:29] <micahg> I don't know if that captures the whole story, it's good for the basic info, but the Q&A is sometimes useful to clarify one way or another (assuming we're talking about applications)
[19:31] <bdmurray> How do you suggest getting the Q&A if being engaged in meetings is challenging?
[19:31] <micahg> well, this is why I wanted to change the meeting times, the current times overlap for me
[19:32] <bdmurray> What happened with that?
[19:35] <micahg> I had trouble getting feedback from everyone and by the time I got feedback, I think the poll expired
[19:36] <micahg> it's a moot point until after the election I think
[19:36] <sil2100> bdmurray: +1 on the babysitting
[19:36] <bdmurray> sil2100: I'll take jbicha's application then
[19:37] <sil2100> bdmurray: ok, was cking for today as well?
[19:37] <bdmurray> sil2100: his came in at the last minute but I think we should review it anyway
[19:37] <bdmurray> let's not be a barrier
[19:37] <cking> i was very much 11th hour
[19:38] <sil2100> Yeah, I guess, I'll take a look at the application in a moment and follow up - you want to do some Q&A here + some voting, then finish it all of through e-mail? Or all by e-mail?
[19:38] <bdmurray> I'm fine with all by email.
[19:40] <sil2100> cking: would that be fine for you as well? I'd send out the discussion e-mail in a moment to get your application reviewed
[19:40] <cking> sure, that's perfect for me
[19:51]  * rbasak disappears
[20:02]  * cking eod
=== nacc_ is now known as nacc