Meeting
Who: SecurityTeam
End: 18:30 UTC
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: JamieStrandboge (jdstrand)
Attendance
- jdstrand
- mdeslaur
- sbeattie
- tyhicks
- jjohansen
- sarnold
Not present
- None
Agenda
- Announcements
- Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075)
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- jdstrand
- weekly role: triage
- firefox regression fix
- embargoed issue #1
- embargoed issue #2
- audits
- mdeslaur
- weekly role: community
- pending updates
- sbeattie
- weekly role: happy place
AppArmor:
- display manager prototype
- tyhicks
- weekly role: happy place
- embargoed item
AppArmor policy kernel interface
finish testing some changes to the AppArmor D-Bus mediation and upload to ppa
- jjohansen
- weekly role: happy place
AppArmor
- socket labelling for get_peercon/DBus
- rebase compat patches on top of base patches for alpha2 kernel to ppa
- sarnold
- weekly role: happy place
AppArmor code reviews
- jdstrand
- Highlighted packages
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.
Log
Logs would normally be available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-02-04-18.11.html but the meeting bot was down at the time of the meeting. Here are the logs from the meeting:
12:11 < jdstrand> #startmeeting 12:11 < jdstrand> The meeting agenda can be found at: 12:11 < jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 12:11 < jdstrand> [TOPIC] Announcements 12:11 < jdstrand> Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075) 12:12 < ubottu> Launchpad bug 1099075 in chromium-browser (Ubuntu Raring) "new upstream release: 24.0.1312.56" [High,Fix released] https://launchpad.net/bugs/1099075 12:12 < jdstrand> there is still some work to do for armhf to compile, but i386 and amd64 for lucid-raring are now caught up with upstream :) 12:12 < jdstrand> [TOPIC] Weekly stand-up report 12:12 < jdstrand> I'll go first 12:13 < jdstrand> I'm on triage this week 12:13 < jdstrand> there is a firefox regression fix that is going out this week 12:13 < jdstrand> I'm working on an embargoed issue 12:14 < jdstrand> I've got another embargoed issue I'm working on 12:15 < jdstrand> if I have time, I might look at the lxc mir this week 12:15 < jdstrand> mdeslaur: you're up 12:15 < mdeslaur> I'm on community this week 12:16 < mdeslaur> I have a couple of pending updates to try and figure out how to test 12:16 < mdeslaur> (jquery and xserver-xorg-video-qxl) 12:16 < mdeslaur> and will continue going down the CVE list 12:16 < mdeslaur> that's pretty much it 12:16 < jdstrand> mdeslaur: xserver-xorg-video-qxl - ah, that is for spice, right? 12:16 < mdeslaur> yeah, it's the spice xorg driver 12:17 < mdeslaur> sbeattie: you're up 12:17 < jdstrand> I wonder if that would help us with our unity 3d stuff 12:17 < mdeslaur> jdstrand: no 12:17 < jdstrand> hmm 12:17 < jdstrand> someone else said it might 12:17 < mdeslaur> eventually, I believe they are planning on writing a 3d enabled driver 12:17 < mdeslaur> but, not currently 12:18 < jdstrand> plus, looking at the spice server MIR last week, I thought it plausible since spice is supposed to use the best 'hardware' 12:18 < jdstrand> ie, maybe the guest, maybe the host, but whatever. you know more than I at this point 12:19 < mdeslaur> it.s more efficient than vnc, but it's not 3d 12:19 < jdstrand> k 12:19 < jdstrand> sbeattie: sorry, please go ahead 12:19 < sbeattie> no worries 12:20 < sbeattie> I'm working on apparmor this week 12:20 < sbeattie> focusing on my blueprint work items 12:20 < sbeattie> I also need to finish up my objectives rejiggering 12:21 < sbeattie> that's pretty much it for me. 12:21 < sbeattie> tyhicks: poke 12:21 < tyhicks> My week looks similar to last week 12:21 < tyhicks> Embargoed issue, AppArmor policy kernel interface, need to finish testing some changes to the AppArmor D-Bus mediation patches that I made last week and upload the new dbus package to dbus-dev PPA 12:21 < tyhicks> that's it for me 12:21 < tyhicks> jjohansen: you're up 12:22 < jjohansen> I am plugging away on apparmor work items 12:22 < jjohansen> instead of working on env var filtering, we have switched priorities a little bit I am going to be working on socket labeling so we can have get_peercon working and fix that issue in the dbus patches 12:22 < jjohansen> oh and I suppose I need to finish up rebasing the compat patches on top of the base labeling/stacking patches today. So I can push an alpha2 kernel into the ppa and give sarnold something more to review 12:22 < tyhicks> oh nice 12:24 < jjohansen> thats it from /me sarnold 12:25 < sarnold> I'm going to be working on workitems and objectives this week 12:25 < sarnold> vde2 is waiting a main inclusion request audit, it'd be fun to work on that too, we'll see how jdstrand's teaching-time works out :) 12:26 < jjohansen> sarnold will be reviewing patches this week too :) 12:26 < sarnold> uh oh :) 12:26 < sarnold> apparently' I'm also reviewing patches this week :) 12:26 < sbeattie> hehe 12:26 < sarnold> jdstrand: back to you :) 12:27 < jdstrand> yes, that patch review should take priority :) 12:27 < jdstrand> (unless asked otherwise) 12:27 < jdstrand> [TOPIC] Highlighted packages 12:27 < jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 12:27 < jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 12:27 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/firebird2.5.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/sleuthkit.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/phpldapadmin.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsocialweb.html 12:29 < jdstrand> [TOPIC] Miscellaneous and Questions 12:29 < jdstrand> Does anyone have any other questions or items to discuss? 12:32 < jdstrand> #endmeeting