2011-10-11

Differences between revisions 5 and 12 (spanning 7 versions)
Revision 5 as of 2011-10-11 08:52:20
Size: 1321
Editor: bjoern-michaelsen
Comment:
Revision 12 as of 2011-10-11 15:50:35
Size: 8316
Editor: pitti
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
 * [[https://elections.documentfoundation.org/2011/candidates.html|confirmed candidacy for TDF Board of Directors]] (bjoern-michaelsen)
Line 17: Line 18:
 * Fixed ldtp from being completely broken in oneiric (mterry)
 * Fixed a lot of memory leaks in the unity panel (mterry)
 * Reuploaded Glade 3 compatible with gtk2 parallelly installable with the gtk3 version. Quickly now points on the gtk2 version for pygtk usage (didrocks).
 * Started to write a design/(dx, platform) integration and task workfow script. Will talk about it more next week (didrocks).
Line 19: Line 24:
=== DX ===
 * Ted just got back from summit, he will get me a list of SRU bugs later today and I'll post them here.

=== UbuntuOne ===
 * ubuntuone-client-gnome SRU from the nautilus-open-terminal [[https://launchpad.net/bugs/865115 | crasher]] with lots of dupes coming today
Line 22: Line 32:
 * Lot of bug fixes and multiple backporting uploads (unity-lens-applications, unity-lens-files, compiz, unity)
 * ccsm works again without crashing :)
 * New compiz and compiz-plugins-main with a lot of bug fixes in -proposed. Please do test them! Already pinged the french forum and some bug confirmations already gathered!
 * New unity today or tomorrow in -proposed for https://launchpad.net/unity/+milestone/4.24.0 (remove all Sam's bug as it's part of the compiz upload)
 * Nothing in unity-2d apart from a crasher, already warned dx, working on it. Nothing worrying otherwise.
Line 23: Line 39:
 * Released versions 5.0.1 through 5.0.1.4 containing targeted bug fixes
 * 5.0.1.5 uploaded to oneiric-proposed
 * 5.0.2 in progress
Line 31: Line 50:
17:31:11 pitti so first, congrats everyone for oneiric
17:31:20 seb128 kenvandine, not sure it's a wow, he keeps complaining about bugs this week :p
17:31:24 pitti so it became a reasonably usable and stable release after all :)
17:31:26 kenvandine haha
17:31:27 seb128 yesterday banshee, today libreoffice
17:31:28 seb128 ;-)
17:31:38 seb128 pitti, \o/
17:31:44 seb128 works pretty fine for me as well
17:31:48 seb128 install and runtime ;-)
17:31:52 mterry hi
17:31:57 pitti still needs to pass the WAF test
17:32:02 pitti (here at least)
17:32:20 njpatel seb128, I only recognise the French mafia, they are the ones that rule my life
17:32:28 seb128 njpatel, ;-)
17:32:31 pitti kenvandine: anything to discuss for partner this week?
17:32:32 kenvandine njpatel, and don't you forget it
17:32:39 chrisccoulson hi
17:32:43 * pitti hopes kenvandine doesn't have a list of "ten things utterly broken in oneiric"
17:32:54 kenvandine pitti, it's on the wiki, tedg just got back from a week sprinting then summit over the weekend
17:32:57 njpatel chrisccoulson, your multi monitor bug is fixed courtesy of Trevinho
17:33:04 pitti ah, reloading FTW
17:33:08 chrisccoulson njpatel, excellent, thanks
17:33:08 kenvandine he will get me a list of planned SRUs later today and i'll link them on the wiki
17:33:16 pitti nice
17:33:20 kenvandine and i have dobey's u1 fix i am about to sponsor
17:33:24 kenvandine that is all i have right now
17:33:25 pitti didrocks: thanks for the unity update
17:33:32 pitti new SRU looking good, lots of +1 already
17:33:41 didrocks yeah, I leverage the french forum :-)
17:33:56 didrocks so that njpatel knows more that he is really ruled by the french mafia :)
17:34:03 didrocks will do the same tomorrow with unity
17:34:22 pitti 14 left on http://status.ubuntu.com/ubuntu-oneiric/canonical-desktop-team.html, but I was monitoring that, nothign serious there
17:34:26 pitti will just postpone to P
17:34:39 njpatel nooo
17:34:58 pitti so we got 389 work items done,
17:35:03 njpatel I don't mess with the French forum. As gord says, there are a lot of of you.
17:35:18 pitti I'll do some stats over the past cycles to have an estimate what we can go for in precise
17:35:45 pitti so, nothing from me this week except for "go out and test images and SRUs" :)
17:35:58 pitti does anyone have something we should discuss?
17:36:19 Sweetshark pitti: no more updates, not even security ones for OpenOffice.org available, even if Apache OOo would come around one day it would be completely different.
17:36:59 Sweetshark pitti: so maybe consider backporting Libreoffice to lucid, maverick?
17:37:15 pitti yuck
17:37:20 Sweetshark heh
17:37:26 pitti Sweetshark: you don't think that the odd security update can be backported?
17:37:42 pitti there haven't been terribly many USNs for OO.o/LibO so far
17:38:43 Sweetshark pitti: Im not sure, but LO has gone through some major code cleanups since OOo times.
17:38:43 pitti if the affected part of LibO didn't change fundamentally, then the patches ought to be backportable; and if it did, it might not even apply
17:39:08 pitti Sweetshark: do we have any currently outstanding CVEs which we could look at?
17:40:17 mdeslaur uhm, security isn't a valid reason to get LO into old releases
17:40:36 Sweetshark pitti: http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/ CVE-2011-2713 would likely apply also to OOo
17:40:37 ubot2 Sweetshark: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713)
17:40:52 pitti chrisccoulson: for "Review update plan for extensions with security team", has this been discussed?
17:41:23 chrisccoulson pitti - no, but there isn't much to discuss anymore. i've got that all pretty much figured out
17:41:34 pitti chrisccoulson: ah, good; setting to "done" then
17:41:38 chrisccoulson thanks
17:41:57 pitti Sweetshark: is that such a huge patch?
17:42:29 pitti Sweetshark: this sounds like the kind of issue which is usually an one-liner with an additional boundary check
17:43:00 Sweetshark pitti: no, IIRC those patches are rather small.
17:43:27 Sweetshark pitti: however, WMF exploits might not even work on linux anyway.
17:43:53 pitti Sweetshark: due to our fortified toolchain?
17:44:47 Sweetshark pitti: But I am bringing the topic more in a general sense -- maybe needs a more careful discussion on UDS.
17:45:20 pitti Sweetshark: can do; my gut feeling is that we should just apply the security patches and otherwise leave it alone; we could consider a PPA for people who really want it, of course
17:46:10 Sweetshark pitti: well, or because we dont do anything with the WMFs anyway, while on windows the exploit might wreck havoc with windows services ...
17:46:39 pitti @all: any other topics we need to discuss? otherwise let's adjourn
17:47:16 pitti Sweetshark: perhaps; but in principle such attacks work under linux, too, just with different code, of course, and the fortified toolchain makes stuff a lot harder in many cases
17:49:12 pitti ok, so thanks everyone!
17:49:17 pitti let's release that
17:49:25 pitti let's release that sleepy big cat

Actions from previous meeting

Actions from this meeting

Weekly Summary

Partner update

DX

  • Ted just got back from summit, he will get me a list of SRU bugs later today and I'll post them here.

UbuntuOne

  • ubuntuone-client-gnome SRU from the nautilus-open-terminal crasher with lots of dupes coming today

Unity

  • Lot of bug fixes and multiple backporting uploads (unity-lens-applications, unity-lens-files, compiz, unity)

  • ccsm works again without crashing Smile :)

  • New compiz and compiz-plugins-main with a lot of bug fixes in -proposed. Please do test them! Already pinged the french forum and some bug confirmations already gathered!

  • New unity today or tomorrow in -proposed for https://launchpad.net/unity/+milestone/4.24.0 (remove all Sam's bug as it's part of the compiz upload)

  • Nothing in unity-2d apart from a crasher, already warned dx, working on it. Nothing worrying otherwise.

Software Center

  • Released versions 5.0.1 through 5.0.1.4 containing targeted bug fixes
  • 5.0.1.5 uploaded to oneiric-proposed
  • 5.0.2 in progress

Kubuntu

X.org

IRC log Western edition

17:31:11        pitti   so first, congrats everyone for oneiric
17:31:20        seb128  kenvandine, not sure it's a wow, he keeps complaining about bugs this week :p
17:31:24        pitti   so it became a reasonably usable and stable release after all :)
17:31:26        kenvandine      haha
17:31:27        seb128  yesterday banshee, today libreoffice
17:31:28        seb128  ;-)
17:31:38        seb128  pitti, \o/
17:31:44        seb128  works pretty fine for me as well
17:31:48        seb128  install and runtime ;-)
17:31:52        mterry  hi
17:31:57        pitti   still needs to pass the WAF test
17:32:02        pitti   (here at least)
17:32:20        njpatel seb128, I only recognise the French mafia, they are the ones that rule my life
17:32:28        seb128  njpatel, ;-)
17:32:31        pitti   kenvandine: anything to discuss for partner this week?
17:32:32        kenvandine      njpatel, and don't you forget it
17:32:39        chrisccoulson   hi
17:32:43         *      pitti hopes kenvandine doesn't have a list of "ten things utterly broken in oneiric"
17:32:54        kenvandine      pitti, it's on the wiki, tedg just got back from a week sprinting then summit over the weekend
17:32:57        njpatel chrisccoulson, your multi monitor bug is fixed courtesy of Trevinho
17:33:04        pitti   ah, reloading FTW
17:33:08        chrisccoulson   njpatel, excellent, thanks
17:33:08        kenvandine      he will get me a list of planned SRUs later today and i'll link them on the wiki
17:33:16        pitti   nice
17:33:20        kenvandine      and i have dobey's u1 fix i am about to sponsor
17:33:24        kenvandine      that is all i have right now
17:33:25        pitti   didrocks: thanks for the unity update
17:33:32        pitti   new SRU looking good, lots of +1 already
17:33:41        didrocks        yeah, I leverage the french forum :-)
17:33:56        didrocks        so that njpatel knows more that he is really ruled by the french mafia :)
17:34:03        didrocks        will do the same tomorrow with unity
17:34:22        pitti   14 left on http://status.ubuntu.com/ubuntu-oneiric/canonical-desktop-team.html, but I was monitoring that, nothign serious there
17:34:26        pitti   will just postpone to P
17:34:39        njpatel nooo
17:34:58        pitti   so we got 389 work items done,
17:35:03        njpatel I don't mess with the French forum. As gord says, there are a lot of of you.
17:35:18        pitti   I'll do some stats over the past cycles to have an estimate what we can go for in precise
17:35:45        pitti   so, nothing from me this week except for "go out and test images and SRUs" :)
17:35:58        pitti   does anyone have something we should discuss?
17:36:19        Sweetshark      pitti: no more updates, not even security ones for OpenOffice.org available, even if Apache OOo would come around one day it would be completely different.
17:36:59        Sweetshark      pitti: so maybe consider backporting Libreoffice to lucid, maverick?
17:37:15        pitti   yuck
17:37:20        Sweetshark      heh
17:37:26        pitti   Sweetshark: you don't think that the odd security update can be backported?
17:37:42        pitti   there haven't been terribly many USNs for OO.o/LibO so far
17:38:43        Sweetshark      pitti: Im not sure, but LO has gone through some major code cleanups since OOo times.
17:38:43        pitti   if the affected part of LibO didn't change fundamentally, then the patches ought to be backportable; and if it did, it might not even apply
17:39:08        pitti   Sweetshark: do we have any currently outstanding CVEs which we could look at?
17:40:17        mdeslaur        uhm, security isn't a valid reason to get LO into old releases
17:40:36        Sweetshark      pitti: http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/ CVE-2011-2713 would likely apply also to OOo
17:40:37        ubot2   Sweetshark: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713)
17:40:52        pitti   chrisccoulson: for "Review update plan for extensions with security team", has this been discussed?
17:41:23        chrisccoulson   pitti - no, but there isn't much to discuss anymore. i've got that all pretty much figured out
17:41:34        pitti   chrisccoulson: ah, good; setting to "done" then
17:41:38        chrisccoulson   thanks
17:41:57        pitti   Sweetshark: is that such a huge patch?
17:42:29        pitti   Sweetshark: this sounds like the kind of issue which is usually an one-liner with an additional boundary check
17:43:00        Sweetshark      pitti: no, IIRC those patches are rather small.
17:43:27        Sweetshark      pitti: however, WMF exploits might not even work on linux anyway.
17:43:53        pitti   Sweetshark: due to our fortified toolchain?
17:44:47        Sweetshark      pitti: But I am bringing the topic more in a general sense -- maybe needs a more careful discussion on UDS.
17:45:20        pitti   Sweetshark: can do; my gut feeling is that we should just apply the security patches and otherwise leave it alone; we could consider a PPA for people who really want it, of course
17:46:10        Sweetshark      pitti: well, or because we dont do anything with the WMFs anyway, while on windows the exploit might wreck havoc with windows services ...
17:46:39        pitti   @all: any other topics we need to discuss? otherwise let's adjourn
17:47:16        pitti   Sweetshark: perhaps; but in principle such attacks work under linux, too, just with different code, of course, and the fortified toolchain makes stuff a lot harder in many cases
17:49:12        pitti   ok, so thanks everyone!
17:49:17        pitti   let's release that 
17:49:25        pitti   let's release that sleepy big cat

IRC log Eastern edition

 






        
 
            

DesktopTeam/Meeting/2011-10-11  (last edited 2011-10-11 15:50:35 by pitti)