2011-10-11

Actions from previous meeting

Actions from this meeting

Weekly Summary

Partner update

DX

  • Ted just got back from summit, he will get me a list of SRU bugs later today and I'll post them here.

UbuntuOne

  • ubuntuone-client-gnome SRU from the nautilus-open-terminal crasher with lots of dupes coming today

Unity

  • Lot of bug fixes and multiple backporting uploads (unity-lens-applications, unity-lens-files, compiz, unity)

  • ccsm works again without crashing Smile :)

  • New compiz and compiz-plugins-main with a lot of bug fixes in -proposed. Please do test them! Already pinged the french forum and some bug confirmations already gathered!

  • New unity today or tomorrow in -proposed for https://launchpad.net/unity/+milestone/4.24.0 (remove all Sam's bug as it's part of the compiz upload)

  • Nothing in unity-2d apart from a crasher, already warned dx, working on it. Nothing worrying otherwise.

Software Center

  • Released versions 5.0.1 through 5.0.1.4 containing targeted bug fixes
  • 5.0.1.5 uploaded to oneiric-proposed
  • 5.0.2 in progress

Kubuntu

X.org

IRC log Western edition

17:31:11        pitti   so first, congrats everyone for oneiric
17:31:20        seb128  kenvandine, not sure it's a wow, he keeps complaining about bugs this week :p
17:31:24        pitti   so it became a reasonably usable and stable release after all :)
17:31:26        kenvandine      haha
17:31:27        seb128  yesterday banshee, today libreoffice
17:31:28        seb128  ;-)
17:31:38        seb128  pitti, \o/
17:31:44        seb128  works pretty fine for me as well
17:31:48        seb128  install and runtime ;-)
17:31:52        mterry  hi
17:31:57        pitti   still needs to pass the WAF test
17:32:02        pitti   (here at least)
17:32:20        njpatel seb128, I only recognise the French mafia, they are the ones that rule my life
17:32:28        seb128  njpatel, ;-)
17:32:31        pitti   kenvandine: anything to discuss for partner this week?
17:32:32        kenvandine      njpatel, and don't you forget it
17:32:39        chrisccoulson   hi
17:32:43         *      pitti hopes kenvandine doesn't have a list of "ten things utterly broken in oneiric"
17:32:54        kenvandine      pitti, it's on the wiki, tedg just got back from a week sprinting then summit over the weekend
17:32:57        njpatel chrisccoulson, your multi monitor bug is fixed courtesy of Trevinho
17:33:04        pitti   ah, reloading FTW
17:33:08        chrisccoulson   njpatel, excellent, thanks
17:33:08        kenvandine      he will get me a list of planned SRUs later today and i'll link them on the wiki
17:33:16        pitti   nice
17:33:20        kenvandine      and i have dobey's u1 fix i am about to sponsor
17:33:24        kenvandine      that is all i have right now
17:33:25        pitti   didrocks: thanks for the unity update
17:33:32        pitti   new SRU looking good, lots of +1 already
17:33:41        didrocks        yeah, I leverage the french forum :-)
17:33:56        didrocks        so that njpatel knows more that he is really ruled by the french mafia :)
17:34:03        didrocks        will do the same tomorrow with unity
17:34:22        pitti   14 left on http://status.ubuntu.com/ubuntu-oneiric/canonical-desktop-team.html, but I was monitoring that, nothign serious there
17:34:26        pitti   will just postpone to P
17:34:39        njpatel nooo
17:34:58        pitti   so we got 389 work items done,
17:35:03        njpatel I don't mess with the French forum. As gord says, there are a lot of of you.
17:35:18        pitti   I'll do some stats over the past cycles to have an estimate what we can go for in precise
17:35:45        pitti   so, nothing from me this week except for "go out and test images and SRUs" :)
17:35:58        pitti   does anyone have something we should discuss?
17:36:19        Sweetshark      pitti: no more updates, not even security ones for OpenOffice.org available, even if Apache OOo would come around one day it would be completely different.
17:36:59        Sweetshark      pitti: so maybe consider backporting Libreoffice to lucid, maverick?
17:37:15        pitti   yuck
17:37:20        Sweetshark      heh
17:37:26        pitti   Sweetshark: you don't think that the odd security update can be backported?
17:37:42        pitti   there haven't been terribly many USNs for OO.o/LibO so far
17:38:43        Sweetshark      pitti: Im not sure, but LO has gone through some major code cleanups since OOo times.
17:38:43        pitti   if the affected part of LibO didn't change fundamentally, then the patches ought to be backportable; and if it did, it might not even apply
17:39:08        pitti   Sweetshark: do we have any currently outstanding CVEs which we could look at?
17:40:17        mdeslaur        uhm, security isn't a valid reason to get LO into old releases
17:40:36        Sweetshark      pitti: http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/ CVE-2011-2713 would likely apply also to OOo
17:40:37        ubot2   Sweetshark: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713)
17:40:52        pitti   chrisccoulson: for "Review update plan for extensions with security team", has this been discussed?
17:41:23        chrisccoulson   pitti - no, but there isn't much to discuss anymore. i've got that all pretty much figured out
17:41:34        pitti   chrisccoulson: ah, good; setting to "done" then
17:41:38        chrisccoulson   thanks
17:41:57        pitti   Sweetshark: is that such a huge patch?
17:42:29        pitti   Sweetshark: this sounds like the kind of issue which is usually an one-liner with an additional boundary check
17:43:00        Sweetshark      pitti: no, IIRC those patches are rather small.
17:43:27        Sweetshark      pitti: however, WMF exploits might not even work on linux anyway.
17:43:53        pitti   Sweetshark: due to our fortified toolchain?
17:44:47        Sweetshark      pitti: But I am bringing the topic more in a general sense -- maybe needs a more careful discussion on UDS.
17:45:20        pitti   Sweetshark: can do; my gut feeling is that we should just apply the security patches and otherwise leave it alone; we could consider a PPA for people who really want it, of course
17:46:10        Sweetshark      pitti: well, or because we dont do anything with the WMFs anyway, while on windows the exploit might wreck havoc with windows services ...
17:46:39        pitti   @all: any other topics we need to discuss? otherwise let's adjourn
17:47:16        pitti   Sweetshark: perhaps; but in principle such attacks work under linux, too, just with different code, of course, and the fortified toolchain makes stuff a lot harder in many cases
17:49:12        pitti   ok, so thanks everyone!
17:49:17        pitti   let's release that 
17:49:25        pitti   let's release that sleepy big cat

IRC log Eastern edition

 






        
 
            

DesktopTeam/Meeting/2011-10-11  (last edited 2011-10-11 15:50:35 by pitti)