Ubuntu Wiki

Meeting

• Who: SecurityTeam

• When: Mon Feb 4th 2013 18:00 UTC

• End: 18:30 UTC

• Where: #ubuntu-meeting on irc.freenode.net

• Chaired By: JamieStrandboge (jdstrand)

Attendance

• jdstrand
• mdeslaur
• sbeattie
• tyhicks
• jjohansen
• sarnold

Not present

• None

Agenda

• Announcements
  • Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075)
• Weekly stand-up report (each member discusses any pending and planned future work for the week)
  • jdstrand
    • weekly role: triage
    • firefox regression fix
    • embargoed issue #1
    • embargoed issue #2
    • audits
  • mdeslaur
    • weekly role: community
    • pending updates
  • sbeattie
    • weekly role: happy place

    • AppArmor:

      • display manager prototype
  • tyhicks
    • weekly role: happy place
    • embargoed item

    • AppArmor policy kernel interface

    • finish testing some changes to the AppArmor D-Bus mediation and upload to ppa

  • jjohansen
    • weekly role: happy place

    • AppArmor

    • socket labelling for get_peercon/DBus
    • rebase compat patches on top of base patches for alpha2 kernel to ppa
  • sarnold
    • weekly role: happy place

    • AppArmor code reviews

• Highlighted packages

  The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

  The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

• Miscellaneous and Questions

  • There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.

Log

Logs would normally be available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-02-04-18.11.html but the meeting bot was down at the time of the meeting. Here are the logs from the meeting:

12:11 < jdstrand> #startmeeting
12:11 < jdstrand> The meeting agenda can be found at:
12:11 < jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
12:11 < jdstrand> [TOPIC] Announcements
12:11 < jdstrand> Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075)
12:12 < ubottu> Launchpad bug 1099075 in chromium-browser (Ubuntu Raring) "new upstream release: 24.0.1312.56" [High,Fix released] https://launchpad.net/bugs/1099075
12:12 < jdstrand> there is still some work to do for armhf to compile, but i386 and amd64 for lucid-raring are now caught up with upstream :)
12:12 < jdstrand> [TOPIC] Weekly stand-up report
12:12 < jdstrand> I'll go first
12:13 < jdstrand> I'm on triage this week
12:13 < jdstrand> there is a firefox regression fix that is going out this week
12:13 < jdstrand> I'm working on an embargoed issue
12:14 < jdstrand> I've got another embargoed issue I'm working on
12:15 < jdstrand> if I have time, I might look at the lxc mir this week
12:15 < jdstrand> mdeslaur: you're up
12:15 < mdeslaur> I'm on community this week
12:16 < mdeslaur> I have a couple of pending updates to try and figure out how to test
12:16 < mdeslaur> (jquery and xserver-xorg-video-qxl)
12:16 < mdeslaur> and will continue going down the CVE list
12:16 < mdeslaur> that's pretty much it
12:16 < jdstrand> mdeslaur: xserver-xorg-video-qxl - ah, that is for spice, right?
12:16 < mdeslaur> yeah, it's the spice xorg driver
12:17 < mdeslaur> sbeattie: you're up
12:17 < jdstrand> I wonder if that would help us with our unity 3d stuff
12:17 < mdeslaur> jdstrand: no
12:17 < jdstrand> hmm
12:17 < jdstrand> someone else said it might
12:17 < mdeslaur> eventually, I believe they are planning on writing a 3d enabled driver
12:17 < mdeslaur> but, not currently
12:18 < jdstrand> plus, looking at the spice server MIR last week, I thought it plausible since spice is supposed to use the best 'hardware'
12:18 < jdstrand> ie, maybe the guest, maybe the host, but whatever. you know more than I at this point
12:19 < mdeslaur> it.s more efficient than vnc, but it's not 3d
12:19 < jdstrand> k
12:19 < jdstrand> sbeattie: sorry, please go ahead
12:19 < sbeattie> no worries
12:20 < sbeattie> I'm working on apparmor this week
12:20 < sbeattie> focusing on my blueprint work items
12:20 < sbeattie> I also need to finish up my objectives rejiggering
12:21 < sbeattie> that's pretty much it for me.
12:21 < sbeattie> tyhicks: poke
12:21 < tyhicks> My week looks similar to last week
12:21 < tyhicks> Embargoed issue, AppArmor policy kernel interface, need to finish testing some changes to the AppArmor D-Bus mediation patches that I made last week and upload the new dbus package to dbus-dev PPA
12:21 < tyhicks> that's it for me
12:21 < tyhicks> jjohansen: you're up
12:22 < jjohansen> I am plugging away on apparmor work items
12:22 < jjohansen> instead of working on env var filtering, we have switched priorities a little bit I am going to be working on socket labeling so we can have get_peercon working and fix that issue in the dbus patches
12:22 < jjohansen> oh and I suppose I need to finish up rebasing the compat patches on top of the base labeling/stacking patches today. So I can push an alpha2 kernel into the ppa and give sarnold something more to review
12:22 < tyhicks> oh nice
12:24 < jjohansen> thats it from /me sarnold
12:25 < sarnold> I'm going to be working on workitems and objectives this week
12:25 < sarnold> vde2 is waiting a main inclusion request audit, it'd be fun to work on that too, we'll see how jdstrand's teaching-time works out :)
12:26 < jjohansen> sarnold will be reviewing patches this week too :)
12:26 < sarnold> uh oh :)
12:26 < sarnold> apparently' I'm also reviewing patches this week :)
12:26 < sbeattie> hehe
12:26 < sarnold> jdstrand: back to you :)
12:27 < jdstrand> yes, that patch review should take priority :)
12:27 < jdstrand> (unless asked otherwise)
12:27 < jdstrand> [TOPIC] Highlighted packages
12:27 < jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
12:27 < jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
12:27 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/firebird2.5.html
12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/sleuthkit.html
12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/phpldapadmin.html
12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html
12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsocialweb.html
12:29 < jdstrand> [TOPIC] Miscellaneous and Questions
12:29 < jdstrand> Does anyone have any other questions or items to discuss?
12:32 < jdstrand> #endmeeting