| === PeterRabbit1 is now known as Guest34489 | ||
| jdstrand | hi! | 16:31 |
|---|---|---|
| * sbeattie waves hello | 16:32 | |
| jdstrand | #startmeeting | 16:32 |
| jdstrand | The meeting agenda can be found at: | 16:32 |
| jdstrand | [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting | 16:32 |
| meetingology | Meeting started Mon Oct 1 16:32:11 2018 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. | 16:32 |
| meetingology | Available commands: action commands idea info link nick | 16:32 |
| jdstrand | [TOPIC] Announcements | 16:32 |
| === meetingology changed the topic of #ubuntu-meeting to: Announcements | ||
| jdstrand | First off, I'd like to warmly welcome joemcmanus to the team as our new security team manager. Glad to have you Joe! :) | 16:32 |
| sbeattie | welcome, joemcmanus! | 16:32 |
| jdstrand | The generalist role rotation for this week as follows: | 16:33 |
| mdeslaur | \o | 16:33 |
| jdstrand | CVE Triage: msalvatore (ebarretto), Bug Triage: sarnold, Community: sbeattie, Happy Place: amurray, mdeslaur, leosilva, ebarretto | 16:33 |
| jdstrand | [TOPIC] Weekly stand-up report | 16:33 |
| === meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report | ||
| jdstrand | oh, I forgot one announcement | 16:34 |
| jdstrand | The Ubuntu Security Team is hiring! | 16:34 |
| jdstrand | Ubuntu Security engineer: https://boards.greenhouse.io/canonical/jobs/1158266?t=8c0a6c1f1 | 16:34 |
| jdstrand | ok, I'll go first for standup | 16:34 |
| jdstrand | This week I plan to: | 16:34 |
| jdstrand | * continue brand store snap declarations | 16:34 |
| jdstrand | * continue kubernetes-support interfaces | 16:34 |
| jdstrand | * various snapd PR reviews | 16:34 |
| jdstrand | * iterate on docker PRs | 16:34 |
| jdstrand | * embargoed issue | 16:34 |
| jdstrand | mdeslaur: you're up | 16:35 |
| mdeslaur | I'm in the happy place this week | 16:35 |
| mdeslaur | I just finished publishing a whole new ghostscript version to the stable releases to fix a bunch of security issues that don't have CVE numbers | 16:35 |
| mdeslaur | hopefully it won't cause any major regressions | 16:36 |
| mdeslaur | I have an embargoed issue to publish later on once upstream makes the issue public | 16:36 |
| mdeslaur | and I'll be continuing more CVE work after that | 16:36 |
| mdeslaur | that's about it, sbeattie, you're up | 16:36 |
| sbeattie | I'm on community this week | 16:36 |
| jdstrand | mdeslaur: do you think it warrants a call for testing? | 16:37 |
| mdeslaur | what, ghostscript? | 16:37 |
| sarnold | it's already out the door :) | 16:37 |
| mdeslaur | I already published it | 16:37 |
| mdeslaur | I tested the heck out of it | 16:37 |
| jdstrand | mdeslaur: yes, and, ok :) | 16:37 |
| mdeslaur | and judging by the number of open bugs against the old version, this one can only be better | 16:37 |
| jdstrand | mdeslaur: it was the 'hopefully' that threw me:) | 16:38 |
| mdeslaur | I will keep a look out for regression bugs | 16:38 |
| * jdstrand nods | 16:38 | |
| jdstrand | mdeslaur: thanks for taking that on. ghostscript can be challenging | 16:38 |
| jdstrand | sorry sbeattie, go ahead :) | 16:39 |
| sbeattie | kernel updates are being published now, will start the USNs for them after the meeting. | 16:39 |
| sbeattie | I have imagemagick packages in the ubuntu-security-proposed ppa that disable pdf/ps support, to avoid ghostscript (for all the reasons above) that I'll be testing and publishing. | 16:40 |
| mdeslaur | \o/ | 16:40 |
| sbeattie | After that, I need to spend some time looking at possible addiitonal toolchain hardening for cosmic+1. | 16:40 |
| sbeattie | That will probably take up my week. | 16:41 |
| sbeattie | jjohansen: over to you. | 16:41 |
| jjohansen | Its a short week for me, I am off Wednesday, Thursday, and maybe Friday. | 16:41 |
| jjohansen | I am still trying to finish up last weeks items, apparmor items for the 4.20 pull request: mjg secmark patch, kernel_t label for kernel network tasks, and the nonewprivs work. LSM stacking patches, and the 2.10.4, 2.11.2, 2.12.1, 2.13.1 stable releases for apparmor | 16:41 |
| jjohansen | thats it for me, sarnold you're up | 16:42 |
| sarnold | I'm on bug triage this week; I'm going to finish the xdg-desktop-portal-gtk MIR 1750069 this week, hopefully by tomorrow; then I'll run down the list of MIRs in trello. I'll do apparmor patch reviews as needed. | 16:43 |
| sarnold | that's it for me.. leosilva? | 16:43 |
| leosilva | I'm in the happy place this week | 16:43 |
| leosilva | I pushed a USN for bind9 for precise | 16:43 |
| leosilva | I spent some time in a glib2.0 regression, but it eends as a no sec regression | 16:43 |
| leosilva | I'll do the hunting pkg and find something to update - right now I'm digging on liblouis | 16:44 |
| leosilva | that is it for me | 16:44 |
| mdeslaur | libleo | 16:44 |
| leosilva | msalvatore: I think it's up to you now | 16:44 |
| leosilva | hehe. | 16:44 |
| msalvatore | Hi all. I'm on CVE triage this week, but It's a super short week for me (I'm out oct2-oct12) | 16:45 |
| msalvatore | ebarretto will fill in for CVE triage | 16:45 |
| msalvatore | I published fixes for uwsgi this morning | 16:45 |
| msalvatore | I'm focusing on CVE triage and re-triage of older CVEs for today. | 16:45 |
| msalvatore | ebarretto: you're up | 16:45 |
| ebarretto | I'm in the happy place/cve triage this week: | 16:46 |
| ebarretto | - Released today new opencv update for bionic | 16:46 |
| ebarretto | - Also released a new version of monit for xenial because of a regression in the last update (LP: #Bug:1786910) | 16:46 |
| ebarretto | - I am working on updating libav for trusty, right now I am testing the security fixes that were backported | 16:46 |
| ebarretto | - I will be doing CVE triage starting tomorrow to cover msalvatore | 16:46 |
| ebarretto | - If anyone finds any problem in uwsgi update from msalvatore, feel free to ping me and add me to bugs | 16:46 |
| ebarretto | that's it for me ... joemcmanus you're up | 16:47 |
| ebarretto | jdstrand, did we skip chrisccoulson ? | 16:49 |
| chrisccoulson | yep ;) | 16:49 |
| chrisccoulson | shall I go now? | 16:49 |
| jdstrand | ebarretto: he was skipped. I thought it was me now knowing who was out :) | 16:49 |
| mdeslaur | man, we keep forgetting chrisccoulson | 16:49 |
| mdeslaur | he's too quiet | 16:49 |
| chrisccoulson | lol | 16:49 |
| jdstrand | chrisccoulson: yes please :) | 16:49 |
| jdstrand | hey, I can't prove it, but I was thinking about it :) | 16:49 |
| mdeslaur | hehe | 16:49 |
| ebarretto | hehe | 16:50 |
| chrisccoulson | I'm expecting a firefox release to test and publish this week, although the release hasn't happened yet | 16:50 |
| chrisccoulson | I've got an embargoed update too | 16:50 |
| chrisccoulson | and I'll be working on the libssh2 MIR | 16:50 |
| chrisccoulson | that shouldn't take all week, so I'll have time for something else (something else on the review queue?) | 16:51 |
| chrisccoulson | that's me done | 16:51 |
| jdstrand | chrisccoulson: I think so, yes, we getting to the end :) | 16:51 |
| jdstrand | [TOPIC] Highlighted packages | 16:51 |
| === meetingology changed the topic of #ubuntu-meeting to: Highlighted packages | ||
| jdstrand | The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security | 16:52 |
| jdstrand | updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. | 16:52 |
| jdstrand | [TOPIC] Miscellaneous and Questions | 16:52 |
| === meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions | ||
| jdstrand | Does anyone have any other questions or items to discuss? | 16:52 |
| jdstrand | mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson (see, I didn't forget!), leosilva, msalvatore, ebarretto, joemcmanus: thanks! | 16:54 |
| jdstrand | #endmeeting | 16:54 |
| === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | <wxl> be nice | ||
| meetingology | Meeting ended Mon Oct 1 16:54:40 2018 UTC. | 16:54 |
| meetingology | Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-10-01-16.32.moin.txt | 16:54 |
| sarnold | thanks jdstrand! | 16:54 |
| jjohansen | thanks jdstrand | 16:54 |
| ebarretto | thanks jdstrand | 16:54 |
| sbeattie | jdstrand: thanks! | 16:55 |
| leosilva | tks jdstrand ! | 16:55 |
| chrisccoulson | :) | 16:55 |
| mdeslaur | thanks jdstrand | 16:56 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!