=== maclin1 is now known as maclin
=== niedbalski_ is now known as niedbalski
meetingologyMeeting started Mon Jan 22 16:43:28 2018 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:43
meetingologyAvailable commands: action commands idea info link nick16:43
tyhicksThe meeting agenda can be found at:16:43
tyhicks[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:43
tyhicks[TOPIC] Announcements16:43
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
tyhicksOtto Kekäläinen provided debdiffs for mariadb-5.5, mariadb-10.0, and mariadb-10.1 (LP: #1740608) (LP: #740768)16:43
ubottuLaunchpad bug 1740608 in mariadb-5.5 (Ubuntu) "USN-3459-1: partially applies to MariaDB too" [Medium,Fix released] https://launchpad.net/bugs/174060816:43
ubottuLaunchpad bug 740768 in Datum soerepro "soerepro: cultural practices extraction, Fatal error: Method CForm::__toString() must not throw an exception" [Critical,Fix released] https://launchpad.net/bugs/74076816:43
tyhicksthat's not the right bug16:44
tyhicksI dropped a digit16:44
tyhicks(LP: #1740768)16:44
ubottuLaunchpad bug 1740768 in mariadb-10.1 (Ubuntu) "CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks" [Undecided,Fix released] https://launchpad.net/bugs/174076816:44
tyhicksRay Link (rlink) provided a debdiff for xenial for xmltooling (LP: #1743762)16:45
ubottuLaunchpad bug 1743762 in xmltooling (Ubuntu Bionic) "Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]" [Undecided,Triaged] https://launchpad.net/bugs/174376216:45
tyhicksThank you for your assistance in keeping Ubuntu users secure! :)16:45
tyhicks[TOPIC] Weekly stand-up report16:45
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
tyhicksjdstrand: you're up16:45
jdstrandLast week I attended the product sprint so this week I will be playing catch-up and working through sprint outcomes. In addition to that, I plan to focus on:16:46
jdstrand* snappy PR reviews, esp wrt the layouts feature, portals and the x11 interface slot policy16:46
jdstrand* look at an lxd snap regression wrt to 'partial apparmor confinement' feature16:46
jdstrand* prepare a demo with tyhicks wrt lsm stacking16:46
jdstrand* review tools updates as have time16:46
jdstrand* create screecast interface as have time16:46
jdstrand* strict mode snaps on livecd as have time16:46
jdstrandthat's it from me. mdeslaur, you're up16:46
mdeslaurI'm on triage this week16:47
mdeslaurand I'm in the process of publishing a few usns16:47
mdeslaurI need to take a look at the state of qemu patches16:47
mdeslaurand will either work on that this week, or something else depending on priority16:47
mdeslaurthat's about it for me, sbeattie?16:47
sbeattieI'm in the happy place this week16:48
sbeattieI'm working on backporting the gcc retpoline patchset back to trusty + precise-esm, after having respun them.16:48
sbeattie(those are x86 only)16:49
sbeattieI'm also trying to track down chat toolchain changes are needed for other arches.16:49
sbeattieThere'll be some kernel USNs to publish as the first attempt at spectre mitigations lands.16:50
sbeattie(and the usual kernel cve triage)16:50
sbeattieThere's also likely openjdk packages coming down the pike.16:50
sbeattieThat's it for me.16:50
sbeattietyhicks: you're up.16:50
tyhickssbeattie: that sounds like a lot going on at once so pull me in when needed16:51
tyhicksI have sprint followups16:51
tyhicksneed to transcribe my notes16:51
tyhicks(from the sprint)16:51
tyhicksworking on an LSM stacking demo16:51
tyhicksmeltdown and spectre coordination will continue to take quite a bit of my time16:52
tyhicksthat's probably enough for this week16:52
tyhicksjjohansen: you're up16:52
jdstrandoh I forgot to mention the chrony upload16:53
jdstrandI plan to upload chrony with an apparmor profile16:53
jjohansenI am working on updating our stacking patches against the latest revision of the LSM stacking patches16:53
jjohansenonce I get that done it will be back to looking at the mount patches16:54
jjohansenand fosdem prep16:54
jjohansenand of course working on the 4.16 pull request16:54
jjohansenthat is it for me, sarnold you are up16:55
tyhicksjjohansen: the mount patches are for the 4.16 pull request, right?16:55
jjohansentyhicks: I know David would like to get them in, whether they are actually going 4.16 I am unsure16:56
tyhicksoh, that's for David16:56
jjohansenyeah, the whole mount system rework16:56
tyhicksI forgot about that16:57
jjohansenatm I am working with it as if they are going to be part of a 4.16 pull request, and will be happy if they aren't16:58
tyhicksack, thanks16:58
tyhickssarnold: go ahead16:58
sarnoldI'm on community this week; I'm starting the libsdl2 MIR16:58
sarnoldat least I think that's the one to start; ratliff said a few weeks ago that it'd be next in the queue, but now I see that cpae lzer intends to switch qemu to use the new sdl in 18.10 ..16:59
sarnoldwhich makes me curious what the plan ought to be16:59
sarnoldthere's nothing too wrong with doing a mir 'earlier' than it's needed of course but it'd probably be nice to have just one sdl in 18.04 main17:00
tyhickssarnold: lets sync with cpae lzer after this meeting and get his opinion on that vs chrony vs something else17:00
sarnoldtyhicks: okay, makes sense17:00
sarnoldchrisccoulson, you're up :)17:00
chrisccoulsonI've got firefox updates this week, and a chromium update to test and publish17:00
chrisccoulsonI also need to start the first rust update of 2018. Hoping it will be an easy one17:01
chrisccoulsonI did finally start on the changes to the apparmor audit logging last week, so I intend to carry on with that this week17:02
tyhicksoh, nice17:03
chrisccoulsonand I can step in if sbeattie wants any help with openjdk updates too17:03
chrisccoulsonthat's me done17:03
tyhicksleosilva: you're up17:04
leosilvaI'm in bug triage this week17:04
leosilvaI have a gimp USN to push and rsync too.17:04
leosilvaAlso have a libvirt updates to re-test and figure out what is happening in precise version.17:04
leosilvabesided that I'll push mysql to my update stack and keepg looking for others pkgs.17:05
leosilvaThat's all from me.17:05
leosilvatyhicks: you are back.17:05
tyhicks[TOPIC] Highlighted packages17:05
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
tyhicksThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.17:05
tyhicksSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.17:05
tyhicksDoes anyone have any other questions or items to discuss?17:05
tyhicks[TOPIC] Miscellaneous and Questions17:06
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
tyhicksjdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, leosilva: Thanks!17:09
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Jan 22 17:09:57 2018 UTC.17:09
meetingologyMinutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-01-22-16.43.moin.txt17:09
leosilvatks tyhicks!17:10
sbeattietyhicks: thanks!17:10
sarnoldthanks tyhicks!17:10
jjohansenthanks tyhicks17:11
jdstrandtyhicks: thanks!17:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!