== Meeting ==
 * '''Who''': SecurityTeam
 * '''When''': [[http://www.timeanddate.com/worldclock/fixedtime.html?month=07&day=25&year=2011&hour=28&min=0&sec=0&p1=0|Mon Jul 18th 2011 17:00 UTC]]
 * '''End''': 17:30 UTC
 * '''Where''': #ubuntu-meeting on irc.freenode.net
 * '''Chaired By''': JamieStrandboge (jdstrand)

== Attendance ==
 * kees
 * jdstrand
 * jjohansen
 * mdeslaur
 * micahg
 * sbeattie

== Not present ==
 * None

== Agenda ==
 * Review of any previous action items
 * Weekly stand-up report (each member discusses any pending and planned future work for the week)
  * jdstrand
   * Weekly role: triager
   * pending updates
   * attempting a dbus/apparmor upload with just the stubs
   * attempting a couple of apparmor profiling work items
   * training class
   * archive admin
  * kees
   * Weekly role: community
   * go through oss-security for kernel CVEs since MITRE is behind
   * work with kernel team on bug sync tool
  * mdeslaur
   * Weekly role: happy place
   * pending updates (several, one embargoed)
   * patch pilot
  * sbeattie
   * Weekly role: happy place
   * pending update
   * !AppArmor work items
  * micahg
   * Weekly role: happy place
   * pending updates
 * Highlighted packages
 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. The highlighted packages for this week are:
  * [[http://people.canonical.com/~ubuntu-security/cve/pkg/smilutils.html|smilutils]]: [[http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0385.html|CVE-2009-0385]] 
  * [[http://people.canonical.com/~ubuntu-security/cve/pkg/libglpng.html|libglpng]]: [[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1519.html|CVE-2010-1519]] 
  * [[http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html|ntop]]: [[http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2732.html|CVE-2009-2732]] 
  * [[http://people.canonical.com/~ubuntu-security/cve/pkg/ziproxy.html|ziproxy]]: [[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1513.html|CVE-2010-1513]] [[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-2350.html|CVE-2010-2350]] 
  * [[http://people.canonical.com/~ubuntu-security/cve/pkg/ccid.html|ccid]]: [[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4530.html|CVE-2010-4530]]
 * Miscellaneous and Questions
  * jdstrand out of town for two weeks starting Monday (conference/holiday)
  * kees at conference next week
  * bliss brought up the idea for identifying/auditing/hardening certain packages in Ubuntu. Ideas for process will be taken to the ubuntu-hardened mailing list. May include wiki, bugs, etc. jdstrand said once packages are identified, could highlight in the 'Highlighted packages' section
  * sbeattie discussed openjdk updates and whether to issue a -1 and wait for armel for a -2. Consensus was 'yes, sounds good'

== Log ==
Logs available at http://www.novarata.net/mootbot/