[16:30] <ratliff> #startmeeting
[16:30] <meetingology> Meeting started Mon Jun 11 16:30:14 2018 UTC.  The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:30] <meetingology> Available commands: action commands idea info link nick
[16:30] <ratliff> The meeting agenda can be found at:
[16:30] <ratliff> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:30] <ratliff> [TOPIC] Announcements
[16:30] <ratliff> Thanks to Corey Bryant (coreycb) for providing a debdiff for bionic for python-oslo.middleware (LP: #1628031).
[16:30] <ratliff> Thanks to Simon Deziel (sdezial) for provided debdiffs for artful and bionic for unbound (LP: #1773720).
[16:31] <ratliff> Your work is very much appreciated and will keep Ubuntu users secure. Thank you!
[16:31] <ratliff> The Ubuntu Security team is hiring. See https://grnh.se/8c0a6c1f1 for more details.
[16:31] <ratliff> [TOPIC] Weekly stand-up report
[16:31] <ratliff> jdstrand: you're up
[16:32] <jdstrand> hi!
[16:32] <jdstrand> This is a short week for me (off friday and all next week). This week I plan to work on:
[16:32] <jdstrand> * snapd PR reviews
[16:32] <jdstrand> * go through the anbox design and think through what proper confinement might look like
[16:32] <jdstrand> * iterate on last open PR (udev trigger)
[16:32] <jdstrand> that's it from me. mdeslaur, you're up
[16:32] <jdstrand> * adjust snap-confine to always use a device cgroup
[16:32] <jdstrand> * pick up review-tools snap USNs phase1/part ii work as have time
[16:32] <mdeslaur> I'm on triage this week
[16:33] <mdeslaur> I'm currently working on a massive imagemagick update
[16:33] <mdeslaur> if anyone wants to help test, packages are building in the security team proposed PPA
[16:33] <mdeslaur> I'm also working on en embargoed issue
[16:33] <mdeslaur> and I'll pick something else from the list after that
[16:33] <mdeslaur> that's it from me
[16:33] <mdeslaur> sbeattie?
[16:33] <sbeattie> I'm in the happy place this week
[16:34] <sbeattie> I'm currently working on gnupg/gnupg2 updates
[16:34] <sbeattie> (they're also available in the security team proposed PPA for testing)
[16:34] <sbeattie> kernel updates are in the process of being published, will be publishing USNs for those
[16:35] <sbeattie> I also have amd64-microcode updates to publish once the kernel is out the door
[16:35] <sbeattie> after that, I have a couple of internal tasks to taek on.
[16:35] <sbeattie> That will probably consume my week.
[16:36] <sbeattie> jjohansen: over to you
[16:36] <jjohansen> I need to get my upstream kernel apparmor pull request out this morning, it was delayed last week because of the idr patch
[16:37] <jjohansen> and then I really need to focus on apparmor 3, specifically the feature subsetting so that we correctly compile versioned policy to what the kernel supports
[16:38] <jjohansen> if I get that done, I will move on to what ever other misc apparmor 3 issues need addressed so we can kick it out next week
[16:38] <jjohansen> sarnold: you are up
[16:38] <sarnold> I'm on community this week
[16:38] <sarnold> working down the list of MIRs, fprintd and .. related package .. and need to submit presentation topic to debconf
[16:38] <sarnold> that's it for me, chrisccoulson?
[16:39] <sarnold> (oh yes, reviewing john's patches if he feels it useful)
[16:39] <chrisccoulson> I'm currently working on a firefox update
[16:39] <chrisccoulson> the thunderbird update I was expecting still hasn't happened, so I'll have to do that if it does
[16:40] <chrisccoulson> I triaged all of the spidermonkey CVEs at the end of last week, and I'll probably do an update for that this week
[16:40] <chrisccoulson> other than that, I'm still working on getting thunderbird 60 packages building
[16:41] <chrisccoulson> I hope I'll have enough time after that to do something else, as it's .... *drum roll* .... rust updates next week
[16:41] <chrisccoulson> that's me done
[16:42] <ratliff> I'm in the happy place this week.
[16:43] <ratliff> This week will be dedicated to internal work. When I get a few spare minutes I will work on triaging wireshark CVEs to ensure they show the actual state.
[16:43] <ratliff> leosilva: on to you
[16:43] <leosilva> I'm bug-triage this week.
[16:43] <leosilva> I'm working on ruby updates.
[16:44] <leosilva> I'll also do some cve- searching after ruby to pick other updates
[16:44] <leosilva> ratliff: it's back to you.
[16:44] <ratliff> thanks, leosilva!
[16:44] <ratliff> [TOPIC] Highlighted packages
[16:44] <ratliff> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so.
[16:44] <ratliff> See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:44] <ratliff> [TOPIC] Miscellaneous and Questions
[16:44] <ratliff> Does anyone have any other questions or items to discuss?
[16:46] <ratliff> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson, leosilva: Thanks!
[16:46] <ratliff> #endmeeting
[16:46] <meetingology> Meeting ended Mon Jun 11 16:46:21 2018 UTC.
[16:46] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-06-11-16.30.moin.txt
[16:46] <leosilva> tks ratliff!
[16:47] <sbeattie> ratliff: thanks!
[16:47] <jjohansen> thanks ratliff
[16:47] <sarnold> thanks ratliff!
[16:51] <jdstrand> thanks ratliff :)