[16:31] <tyhicks> hello!
[16:31] <leosilva> o/
[16:31] <chrisccoulson> whoop
[16:31]  * sbeattie waves
[16:31] <tyhicks> #startmeeting
[16:31] <meetingology> Meeting started Mon Nov 27 16:31:45 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:31] <meetingology> Available commands: action commands idea info link nick
[16:31] <tyhicks> The meeting agenda can be found at:
[16:31] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <tyhicks> [TOPIC] Announcements
[16:32] <mdeslaur> \o
[16:32] <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for konversation (LP: #1731797)
[16:32] <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
[16:32] <tyhicks> [TOPIC] Weekly stand-up report
[16:32] <tyhicks> jdstrand: you're up
[16:34] <tyhicks> mdeslaur: go ahead
[16:34] <mdeslaur> I'm in the happy place this week
[16:35] <mdeslaur> I have three updates I'm about to release, including the remote code execution issue found in exim this weekend
[16:35] <mdeslaur> we have exim compiled with PIE, so I don't think we have code execution
[16:35] <mdeslaur> but updates are ready anyway
[16:35] <mdeslaur> after that, I'll pick something up from the list, if leosilva left me any
[16:35] <mdeslaur> that's about it
[16:35] <mdeslaur> sbeattie: you're up
[16:35] <leosilva> hehe
[16:35] <sbeattie> I'm also in the happy place this week
[16:36] <sbeattie> My primary focus is on CVE notifications for snap owners
[16:36] <sbeattie> I have an openjdk-7 update from td daitx to test and publish
[16:36] <sbeattie> I have some upstream apparmor tasks open
[16:37]  * jdstrand is here (sorry)
[16:37] <sbeattie> and I have the usual bits of kernel cve triage to watch over.
[16:37] <sbeattie> that's probably my week.
[16:37] <sbeattie> jdstrand: you want to jump in?
[16:37] <tyhicks> jdstrand: go ahead
[16:37] <jdstrand> yeah
[16:37] <jdstrand> This week I am focusing on:
[16:37] <jdstrand> * email catchup from short week last week
[16:37] <jdstrand> * fix a review tools/store bug
[16:37] <jdstrand> * snapd PR reviews
[16:37] <jdstrand> * pickup the ssh/gpg interfaces PR
[16:37] <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue)
[16:37] <jdstrand> * investigate tun/tap intermittent spread failure as have time
[16:37] <jdstrand> * add kmod spread test as have time
[16:37] <jdstrand> * uid/gid privilege dropping as have time
[16:37] <jdstrand> * everything from ssh/gpg and after might change depending on an embargoed issue I might be asked to help with
[16:37] <jdstrand> that's it from me. back to you tyhicks :)
[16:39] <tyhicks> I'm on community this week
[16:39] <tyhicks> I'll be catching up on email from being off all last week
[16:40] <tyhicks> I have several things that I need to nudge along this week but shouldn't require any real work on my side (snapd seccomp logging PR, libseccomp xenial SRU, audit SRUs, libseccomp-golang upstream PR)
[16:41] <tyhicks> I plan to focus on reproducable squashfs images
[16:41] <tyhicks> there are two more ecryptfs kernel fixes that need to go into a 4.15 -rc release so I'll get to them as I have time
[16:41] <tyhicks> that's it for me
[16:41] <tyhicks> jj is out
[16:41] <tyhicks> sarnold: you're up
[16:44] <sarnold> I'm on cve triage this week, and getting caught up on whatever I missed while enjoying a nice long weekend
[16:44] <sarnold> apparmor patch reviews as I can, and finishing the embargoed review, starting on the next MIR on the list
[16:44] <sarnold> that should cover me, chrisccoulson?
[16:45] <chrisccoulson>  I've got a thunderbird update to do this week (started already), and a firefox publication to finish off
[16:46] <chrisccoulson> And then rust and cargo updates. I'm reasonably optimistic this one will go better than the last, and it shouldn't be too difficult
[16:46] <chrisccoulson> I also need to figure out how hard it is to backport python versions for the firefox build
[16:47] <tyhicks> how many weeks before that's needed?
[16:47] <chrisccoulson> tyhicks, python or rust?
[16:47] <tyhicks> chrisccoulson: python'
[16:47] <chrisccoulson> tyhicks, march for the actual release
[16:48] <chrisccoulson> but anytime now for trunk
[16:48] <tyhicks> ack, glad you're thinking about it this early
[16:48] <chrisccoulson> And then hopefully I'll have some time left to look at other things, finally
[16:48] <chrisccoulson> that's me done
[16:48] <tyhicks> ratliff: your turn
[16:49] <ratliff> I'm on bug triage this week
[16:49] <ratliff> After that I will continue to be focused on internal tasks.
[16:49] <ratliff> on to you leosilva
[16:49] <leosilva> I`m the happy place this week
[16:49] <leosilva> I also will have  a short week (Tuesday is my Friday)
[16:50] <leosilva> I have a postgresql-common to work and USN and some python that I'm waiting to push to ppas.
[16:50] <leosilva> I also want to hunt some pkg and push in my list of TODO.
[16:50] <leosilva> that ` all, tyhicks it is back to you
[16:51] <tyhicks> thanks
[16:51] <tyhicks> [TOPIC] Highlighted packages
[16:51] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:51] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:51] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python-rsa.html
[16:51] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/percona-xtrabackup.html
[16:51] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/libpgf.html
[16:51] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:51] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python3.7.html
[16:51] <tyhicks> Does anyone have any other questions or items to discuss?
[16:51] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html
[16:53] <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
[16:53] <tyhicks> #endmeeting
[16:53] <meetingology> Meeting ended Mon Nov 27 16:53:07 2017 UTC.
[16:53] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-11-27-16.31.moin.txt
[16:53] <mdeslaur> thanks tyhicks!
[16:53] <leosilva> tks tyhicks!
[16:53] <sarnold> thanks tyhicks!
[16:53] <sbeattie> tyhicks: thanks!
[16:54] <ratliff> thanks, tyhicks!
[16:55] <jdstrand> tyhicks: thanks!