[16:42] <tyhicks> hello
[16:42] <tyhicks> #startmeeting
[16:42] <meetingology> Meeting started Mon Dec  4 16:42:35 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:42] <meetingology> Available commands: action commands idea info link nick
[16:42] <mdeslaur> \o
[16:42] <tyhicks> The meeting agenda can be found at:
[16:42] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:42] <tyhicks> [TOPIC] Weekly stand-up report
[16:42] <tyhicks> jdstrand: you're up
[16:44] <jdstrand> hey
[16:44] <jdstrand> This week I'm primarily focusing on things for 2.30:
[16:44] <jdstrand> * finish review-tools resquashfs tests
[16:44] <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue)
[16:45] <jdstrand> * policy updates PR for 2.30
[16:45] <jdstrand> * pickup the ssh/gpg interfaces PR
[16:45] <jdstrand> * snapd 2.30 PR reviews
[16:45] <jdstrand> * investigate biometrics observe interface
[16:45] <jdstrand> * implement screen-lock interface
[16:45] <jdstrand> * non-2.30 PR reviews as have time (eg, layouts, xdg-settings)
[16:45] <jdstrand> that's it from me
[16:45] <jdstrand> mdeslaur: you're up
[16:45] <mdeslaur> I'm in the happy place this week
[16:45] <mdeslaur> I just published an evince update
[16:45] <mdeslaur> and I have a couple more to test
[16:45] <mdeslaur> I also want to work on ubuntu-support-status this week
[16:45] <mdeslaur> and I'm off on friday
[16:45] <mdeslaur> that's it for me, sbeattie?
[16:46] <sbeattie> I'm in the happy place
[16:46] <sbeattie> I'm still researching cve triage process for snaps
[16:46] <sbeattie> I have some upstream apparmor tasks I need to get to
[16:47] <sbeattie> I am also monitoring kernel cves/respins
[16:47] <sbeattie> and I have a couple of other random issues on my plate
[16:47] <sbeattie> that's it for me; tyhicks, over to you.
[16:47] <tyhicks>    * weekly role: happy place
[16:47] <tyhicks>    * embargoed issues
[16:47] <tyhicks>    * squashfs reproduceability
[16:47] <tyhicks>    * nudge a number of things along:
[16:47] <tyhicks>     * snapd seccomp logging PR
[16:48] <tyhicks>     * libseccomp Xenial SRU
[16:48] <tyhicks>     * audit SRUs
[16:48] <tyhicks>     * libseccomp-golang upstream PR
[16:48] <tyhicks> jjohansen: you're up
[16:48] <jjohansen> I am working on making apparmor mount mediation work with the mount code rework
[16:49] <jjohansen> I will also being doing a 4.14 kernel for the kernel team
[16:49] <jjohansen> and maybe I can get some work done on updating the backport kernels
[16:50] <jjohansen> and I suppose there are several bugs to look at but I don't have any bug numbers of particular ones
[16:50] <jjohansen> sarnold: you are up
[16:51] <sarnold> I'm on bug triage this week
[16:51] <sarnold> and doing some embargoed work
[16:51] <sarnold> with libteam MIR after that, if there's time
[16:52] <sarnold> that's it for me, chrisccoulson?
[16:52] <chrisccoulson> I need to finish up rust 1.22 updates this week. There are currently 3 separate failures I need to investigate, and one of these looks like it might be the "rust builds fail randomly in launchpad" issue I had last time
[16:53] <chrisccoulson> which I worked around by continually hitting retry until it built
[16:53] <chrisccoulson> I've got an embargoed update to prepare
[16:54] <chrisccoulson> I should be able to look at this apparmor / audit work this week
[16:54] <chrisccoulson> that's me done
[16:54] <ratliff> I'm on community this week
[16:54] <ratliff> Other than that I am still working on two internal assignments and an embargoed issue.
[16:54] <ratliff> on to you, leosilva
[16:54] <leosilva> I'm on CVE-triage this week.
[16:55] <leosilva> I just published curl for precise
[16:55] <leosilva> I'll do my normal hunting too and some research.
[16:55] <leosilva> that's it for me. tyhicks it's back to you!
[16:56] <tyhicks> [TOPIC] Highlighted packages
[16:56] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:56] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:56] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sun-javadb.html
[16:56] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp.html
[16:56] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/most.html
[16:56] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/git-hub.html
[16:56] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/libuser.html
[16:56] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:56] <tyhicks> Does anyone have any other questions or items to discuss?
[16:57] <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
[16:57] <tyhicks> #endmeeting
[16:57] <meetingology> Meeting ended Mon Dec  4 16:57:30 2017 UTC.
[16:57] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-12-04-16.42.moin.txt
[16:57] <ratliff> thank you, tyhicks!
[16:57] <leosilva> thanks tyhicks!
[16:57] <mdeslaur> thanks tyhicks!
[16:57] <jjohansen> thanks tyhicks
[16:58] <sarnold> thanks tyhicks
[16:59] <sbeattie> tyhicks: thanks!
[17:03] <jdstrand> tyhicks: thanks! :)
[19:01] <handsome_feng> Hi, Is it time for meeting?
[19:01] <rbasak> Yes. Who's here?
[19:01] <sil2100> o/
[19:01] <bdmurray> I am here
[19:02] <jbicha> o/
[19:02] <micahg_work> o/
[19:04] <sil2100> Who's chairing today?
[19:04] <sil2100> Should I?
[19:05] <rbasak> #startmeeting Developer Membership Board
[19:05] <meetingology> Meeting started Mon Dec  4 19:05:11 2017 UTC.  The chair is rbasak. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:05] <meetingology> Available commands: action commands idea info link nick
[19:05]  * rbasak volunteers
[19:05] <sil2100> rbasak: \o/
[19:05] <rbasak> #topic Review of previous action items
[19:05] <rbasak> jbicha to send out announcement email (done)
[19:05] <rbasak> rbasak to handle ACL for osomon's chromium-browser upload rights (done)
[19:05] <rbasak> #info All previous action items complete
[19:06] <rbasak> #topic Package Set/Per Package Uploader Applications
[19:06] <rbasak> #subtopic handsome_feng for some Kylin/UKUI related PPU
[19:06] <rbasak> handsome_feng: hello! Could you start by introducing yourself please?
[19:06] <handsome_feng> Sure, hello,everyone, I'm handsome_feng, I've been an member of ubuntu kylin for more than 3 years, my main duties these days are the maintenance of UKUI and other kylin packages, my PPU application is at https://wiki.ubuntu.com/handsome_feng/DeveloperApplication-PPU, and sorry for my poor english,  I may reply you a bit slowly. Thanks! :)
[19:07] <rbasak> #link https://wiki.ubuntu.com/handsome_feng/DeveloperApplication-PPU
[19:08] <rbasak> Questions for handsome_feng?
[19:09] <micahg_work> handsome_feng, I noticed that https://launchpad.net/ubuntu/+source/ukui-screensaver/1.0.3-0ubuntu1 was prepared before UI freeze and uploaded afterwards, can you explain how Ubuntu Kylin treats UI freeze and if this was an exception?
[19:09] <jbicha> happyaron: I'm curious whether you're present for the application
[19:09] <happyaron> yes I'm here
[19:10] <jbicha> thanks
[19:12] <handsome_feng> micahg_work: Yes, I understand the UI freeze: https://wiki.ubuntu.com/UserInterfaceFreeze, and this is aan exception, since I didn't find a sponner before the UI freeze. And I'm sorry for that. I will prepared the packages more early!
[19:13] <bdmurray> handsome_feng: Have you uploaded any stable release updates?
[19:14] <handsome_feng> bdmurray: No, I understand the SRU prosess: https://wiki.ubuntu.com/StableReleaseUpdates, and because the formar version of ubuntu kylin only add some packages on Ubuntu such as youker-assistant, indicator-china-weather and so on, It didn't need an SRU.
[19:14] <jbicha> handsome_feng: where do you find sponsors?
[19:17] <handsome_feng> jbicha: I usually email to happyaron, and if not , I will fill a bug with the tag and subscribe the sponner team
[19:18]  * rbasak has a couple of questions if the others are done
[19:18] <jbicha> handsome_feng: ok, I encourage you to go ahead and file the bug right away especially when getting close to Ubuntu release deadlines
[19:18] <jbicha> someone else may sponsor it from the queue before Aron gets around to it
[19:19] <jbicha> handsome_feng: do you know anything about becoming a Debian Maintainer? is that something you intend to apply for?
[19:20] <handsome_feng> jbicha: I have read the https://www.debian.org/doc/manuals/maint-guide/, and yes, I want to be that. :)
[19:21] <handsome_feng> I want to apply the upload right for ukui packages
[19:21] <jbicha> thanks, I understand. I think Aron can help you later with the process to become a Debian Maintainer
[19:22] <handsome_feng> jbicha: Thanks, and I will try to learn more.
[19:24] <rbasak> handsome_feng: I believe that if I install ukui-screensaver, that will also install ubuntukylin-default-settings because ukui-screensaver depends on ukui-session-manager. Is this correct?
[19:25] <handsome_feng> yes
[19:25] <rbasak> Since ubuntukylin-default-settings changes the default Firefox search engine, I find this result surprising. I wouldn't expect to install a screensaver package and have my search engine change as a consequence.
[19:26] <rbasak> Do you have any opinion on this?
[19:27] <handsome_feng> Our parter request this, and I think we can delete this, or make it suguessed.
[19:28] <handsome_feng> Sorry for that
[19:28] <rbasak> Don't worry, I don't expect the packages to be bug free.
[19:29] <rbasak> I'm asking because I'd like to understand your own understanding of the packages for which you're requesting PPU.
[19:29] <rbasak> If you wanted to fix this, how would you change the dependencies?
[19:31] <handsome_feng> move the ubuntukylin-default-settings from depends to suggest, or just delete it
[19:31] <rbasak> OK, thank you. That answers my first question.
[19:32] <rbasak> BTW, the reason I came across this was https://askubuntu.com/questions/970219/123-sogou-com-trojan-horse-in-ukui-screensaver/970220#970220
[19:33] <rbasak> My second question: can you give me an example of something you may need to check and fix after you make an upload?
[19:33] <handsome_feng> rbasak, I will answer that, There is an other way.
[19:36] <handsome_feng>  verify that the package builds fine in -proposed, test out of -proposed and monitor autopkgtest runs
[19:36] <rbasak> OK thank you
[19:36] <rbasak> I don't have any more questions.
[19:37] <rbasak> Any further questions from anyone else?
[19:37] <bdmurray> Not from me
[19:37] <cyphermox> No questions
[19:38] <rbasak> sil2100, jbicha: any further questions?
[19:38] <sil2100> I'm good
[19:39] <jbicha> just a moment…
[19:40] <flexiondotorg> Evening.
[19:40] <cyphermox> actually
[19:40] <flexiondotorg> UKUI is base on MATE. I worked with handsome_feng when UKUI was originally uploaded.
[19:40] <cyphermox> handsome_feng: you're not asking for kylin-greeter?
[19:41] <handsome_feng> Yes, I think this time I already apply too much
[19:41] <flexiondotorg> He understands the relationship between the compoents well and I'd be happy to see him have upload rights for UKUI so they aren't beholden to seeking sponsorship.
[19:42] <rbasak> Thanks flexiondotorg! That's helpful
[19:42] <handsome_feng> flexiondotorg: Thanks !
[19:42] <flexiondotorg> Thanks to jbicha for letting me know this discussion was taking place :-)
[19:43] <rbasak> jbicha, cyphermox: anything further?
[19:43] <cyphermox> nope
[19:43] <jbicha> can I have a few more minutes? I'm still thinking and looking into uploads
[19:43] <jbicha> sorry for the delay
[19:43] <rbasak> OK
[19:48] <jbicha> rbasak: ok, I'm ready now
[19:48] <JackYu> Hi,  everyone, I'm Jack Yu from Ubuntu Kylin team. I'd like to support he have uploads rights for UKUI:).
[19:49] <rbasak> jbicha: ready to vote? Or ask a question? :)
[19:49] <jbicha> rbasak: I'm done asking questions :)
[19:49] <rbasak> JackYu: thanks
[19:49] <rbasak> OK
[19:49] <rbasak> #vote Grant handsome_feng PPU to ukui-menu, ukui-indicators, ukui-control-center, ukui-session-manager, ukui-screensaver, peony, ukui-desktop-environment
[19:49] <meetingology> Please vote on: Grant handsome_feng PPU to ukui-menu, ukui-indicators, ukui-control-center, ukui-session-manager, ukui-screensaver, peony, ukui-desktop-environment
[19:49] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[19:51] <jbicha> I hate voting no, but I would like to see you do some SRUs first and it doesn't look to me like the need for sponsorship is holding Ubuntu Kylin back much yet
[19:52] <jbicha> I encourage you to use other sponsors besides Aron, especially for the SRUs to have more variety
[19:52] <handsome_feng> Thank jbicha, I will.
[19:53] <jbicha> -1 please re-apply after doing some SRUs
[19:53] <meetingology> -1 please re-apply after doing some SRUs received from jbicha
[19:54] <cyphermox> +1
[19:54] <meetingology> +1 received from cyphermox
[19:54] <sil2100> +1, I would like to see some more SRUs as well, but currently I see no blockers in knowledge or skill
[19:54] <meetingology> +1, I would like to see some more SRUs as well, but currently I see no blockers in knowledge or skill received from sil2100
[19:55] <bdmurray> +1 as SRUs would get reviewed by the SRU team anyway
[19:55] <meetingology> +1 as SRUs would get reviewed by the SRU team anyway received from bdmurray
[19:55] <rbasak> +1 I consider happyaron's endorsement to be the key decider, given he has been handsome_feng's primary sponsor.
[19:55] <meetingology> +1 I consider happyaron's endorsement to be the key decider, given he has been handsome_feng's primary sponsor. received from rbasak
[19:55] <rbasak> I believe micahg had to step away.
[19:56] <rbasak> That's everyone I think?
[19:56] <rbasak> #endvote
[19:56] <meetingology> Voting ended on: Grant handsome_feng PPU to ukui-menu, ukui-indicators, ukui-control-center, ukui-session-manager, ukui-screensaver, peony, ukui-desktop-environment
[19:56] <meetingology> Votes for:4 Votes against:1 Abstentions:0
[19:56] <meetingology> Motion carried
[19:56] <rbasak> handsome_feng: congratulations!
[19:56] <rbasak> And thank you for your continued contributions, of course.
[19:56] <happyaron> congrats handsome_feng
[19:56] <jbicha> handsome_feng: thank you and keep up the good work!
[19:57] <JackYu> thanks, every one!
[19:57] <handsome_feng> Thank you all \o/
[19:57] <ypwong> handsome_feng, congrats
[19:57] <rbasak> Any volunteers to follow the successful application checklist?
[19:57] <maclin> thanks, every one!
[19:58] <rbasak> #action rbasak to arrange handsome_feng's PPU changes
[19:58] <meetingology> ACTION: rbasak to arrange handsome_feng's PPU changes
[19:58] <rbasak> #action rbasak to announce handsome_feng successful application
[19:58] <meetingology> ACTION: rbasak to announce handsome_feng successful application
[19:58] <rbasak> #info handsome_feng's application was successful
[19:58] <rbasak> #topic Outstanding mailing list requests to assign
[19:59] <rbasak> "Please add new MATE applications to my MATE package set"
[19:59] <rbasak> flexiondotorg: is this still outstanding?
[20:00] <rbasak> Let's move on for now
[20:00] <rbasak> #info Carried forward
[20:01] <rbasak> #topic Any other business
[20:01] <rbasak> #subtopic Regenerate packagesets and create one for Ubuntu Budgie
[20:01] <rbasak> Regeneration would cover the MATE request I think?
[20:01] <jbicha> cyphermox: ^
[20:03] <cyphermox> blocked on TB creating the Budgie packageset; otherwise I'd need to move some more code around in the packageset generation
[20:03] <cyphermox> we might as well really do it right once.
[20:04] <rbasak> OK, thanks.
[20:04] <rbasak> Does that cover flexiondotorg's request also?
[20:04] <jbicha> cyphermox: I guess we might as well make a Kylin packageset too at the same time?
[20:04] <rbasak> It already is one; I checked.
[20:05] <jbicha> oh I see http://people.canonical.com/~ubuntu-archive/packagesets/bionic/ubuntukylin
[20:07] <cyphermox> rbasak: it will cover flexiondotorg's request too
[20:25] <sil2100> Are we done?
[20:25] <sil2100> I guess we need to do endmeeting :)
[20:26] <rbasak> Sorry!
[20:26] <rbasak> Let's end the meeting
[20:26] <rbasak> Assuming there are no objections to 18 December for the next meeting.
[20:26] <rbasak> If there are objections, please raise it on the list.
[20:26] <rbasak> #endmeeting
[20:26] <meetingology> Meeting ended Mon Dec  4 20:26:51 2017 UTC.
[20:26] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-12-04-19.05.moin.txt
[20:37] <sil2100> rbasak: thanks for chairing!
[20:37] <sil2100> o/