20140224

Meeting

Attendance

  • jdstrand
  • mdeslaur
  • sbeattie
  • tyhicks
  • jjohansen
  • sarnold

Not present

  • chrisccoulson

Agenda

  • Announcements

    • Thanks to Stefan Bader (smb) provided updates for precise-saucy for xen . Your work is very much appreciated and will keep Ubuntu users secure. Great job! Smile :)

  • Actions
    • [ACTION] chrisccoulson to benchmark oxide and qtwebkit
      • benchmarks: DONE
      • mailing list: TODO
  • Weekly stand-up report (each member discusses any pending and planned future work for the week)
    • jdstrand
      • weekly role: happy place
      • pending updates
      • infographic and scopes reviews
      • miscellaneous catch up
    • mdeslaur
      • weekly role: triage
      • ca-certificates updates
      • pending updates
    • sbeattie

      • AppArmor

        • help integrate python tools
        • ipc testing
        • help sarnold with apparmor upload
    • tyhicks
      • kernel keyring investigation
      • finish up dbus-daemon patches (ie, v2 based on upstream comments)
      • ppc testsuite failures
    • jjohansen

      • AppArmor

        • test ipc kernels-- if they pass, upload to PPA
        • revising around namespaces, especially a bug that breaks non-ns x transitions
        • couple of other bugs and testing to work out
        • apparmor 2.9 coordination
    • sarnold

      • upload AppArmor 2.8.95 to Ubuntu

      • back to MIRs
    • chrisccoulson
  • Highlighted packages

    The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

    The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

  • Miscellaneous and Questions

Log

Meeting bot unavailable at time of meeting.

Log listed here:

12:00 < jdstrand> #startmeeting
12:00 < jdstrand> seems we don't have our bot
12:00 < jdstrand> The meeting agenda can be found at:
12:00 < jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
12:00 < jdstrand> [TOPIC] Announcements
12:01 < jdstrand> Thanks to Stefan Bader (smb) provided updates for precise-saucy for xen . Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
12:01 -!- howefield [~howefield@pdpc/supporter/active/howefield] has quit [Write error: Broken pipe]
12:01 < mdeslaur> smb rocks \m/ \m/
12:01 < jdstrand> [TOPIC] Review of any previous action items
12:01 < jdstrand> [ACTION] chrisccoulson to benchmark oxide and qtwebkit
12:01 < jdstrand> I know the benchmarks are done
12:02 < jdstrand> I didn't see the email, but could have missed it
12:03 < jdstrand> I think chrisccoulson may have stepped away since this is well past the sceduled time of the meeting, so I'll just add a new action
12:03 < jdstrand> [ACTION] chrisccoulson to send benchmarks email to list
12:03 < jdstrand> [TOPIC] Weekly stand-up report
12:03 < jdstrand> I'll go first
12:03 < jdstrand> I'm in the happy place this week
12:03 < jdstrand> I've got quite a few updates assigned to me that I'll be working on
12:03 -!- toddy [~torsten@ubuntu/member/toddyhb] has quit [Excess Flood]
12:04 < jdstrand> and I've gotten a lot of miscellaneous stuff piled up to catch up on judging by my inbox
12:05 -!- toddy [~torsten@ubuntu/member/toddyhb] has joined #ubuntu-meeting
12:05 < jdstrand> two of those is updating the infographic confinement spec (it is changing again)
12:05 < jdstrand> and updating the scopes spec and following up with the scopes team
12:05 < jdstrand> mdeslaur: you're up
12:05 < mdeslaur> I'm on triage this week
12:06 < mdeslaur> I have some ca-certificates updates that I need to double-check, and then I'll get the copied to -proposed for a couple of weeks
12:06 < mdeslaur> after that, I'm working on the CVE list which has gotten bigger since last week
12:06 < mdeslaur> I may also poke at debcompare some more...it's pretty good now
12:07 < mdeslaur> oh, btw, I've converted uvt to python3, so if it breaks, let me know
12:07 -!- pcwhite [~PaulW2U@pdpc/supporter/active/paulw2u] has joined #ubuntu-meeting
12:07 < mdeslaur> that's it from me
12:07 < mdeslaur> sbeattie: you're up
12:07 < sbeattie> I'm on apparmor again this week.
12:08 < sbeattie> I'm working on a bit of fallout from landing the python tools to help sarnold with landing the updated package in ubuntu
12:09 < sbeattie> As well as the usual kernel testing bits for jjohansen's work
12:09 < sbeattie> I also need to update the apparmor daily recipe ppa, as it's failing due to the python stuff landing upstream
12:10 < sbeattie> I think that's it from me.
12:10 < sbeattie> tyhicks: you're up
12:10 < tyhicks> I'm currently looking into some kernel keyring oddities in Trusty
12:11 < tyhicks> it was noticed after the ecryptfs test suite started failing
12:11 -!- pcwhite is now known as PaulW2U
12:11 < mdeslaur> hrm
12:11 < tyhicks> I've got a workaround in the test suite but now I'm working with dhowells (kernel keyring upstream) to figure out what is going on
12:12 < tyhicks> after that, I'll go back to getting a v2 of the dbus-daemon patches attached the upstream AA mediation bug
12:12 < tyhicks> I'm almost done with addressing all of Simon's feedback
12:12 < tyhicks> there's a lot of changes, but I've been testing as I go so there's not too much left
12:13 < jdstrand> tyhicks: I didn't follow along last week. I saw that the kdbus guys were like "it's fine for you to propose this for dbus-daemon, but it ain't gonna work for us", but didn't see dbus-daemon's comments
12:13 < tyhicks> if I can get all of that done, I want to circle back around and make sure we've got all of our kernel test failures on ppc straightened out
12:13 < jdstrand> tyhicks: so dbus-daemon upstream is generally ok with it? just need some touchups?
12:13 < tyhicks> jdstrand: yes, they seem to be ok with it
12:13 < tyhicks> jdstrand: all of the comments are in the bug
12:14 < jdstrand> ok
12:14 < jdstrand> tyhicks: re kdbus-- we still are going to propose our small patch, correct?
12:14 < mdeslaur> should we?
12:14 < tyhicks> jdstrand: it is something that we need to discuss - they are still very opposed to it
12:14 < jdstrand> right, so lets not discuss that here
12:15 < tyhicks> that's it for me
12:15 < jdstrand> we can take it to #ubuntu-hardened after the meeting
12:15  * tyhicks nods
12:15 < tyhicks> jjohansen: you're up
12:16 < jjohansen> so I'm working on apparmor this week, I've got another round of test kernels building atm, and if it passes basic testing I will shove it up to the ppa
12:17 -!- noy [~Noy@wesnoth/developer/noy] has quit [Quit: noy]
12:17 < jjohansen> I've got revising to do around namespaces, especially a bug that breaks non-ns x transitions
12:18 -!- genii [~quassel@ubuntu/member/genii] has joined #ubuntu-meeting
12:20 < jjohansen> and a couple of other bugs and testing to work out. We have a new method for detecting which kernel userspace combination we are in, so that we can drop the config patch for backports. Which was breaking containers, ...
12:20 < jjohansen> there is some coordination around apparmor 2.9 that will happen today in the upstream meeting
12:20 < jjohansen> I think thats it sarnold your u
12:20 < jjohansen> s/u/up
12:21 < sarnold> I'm on community this week
12:22 < sarnold> I have some new apparmor packages for trusty that use a trunk snapshot that we're calling 2.8.95, since it's not quite ready to be called a 2.9, and as a result of the snapshot and testing I've got a teeny patch for apparmor to update the libapparmor1 version number to libapparmor2 in an auto*something file
12:22 < sarnold> the new trusty packages are a mixed bag; on the one hand, the large accumulated patch set is now significantly smaller and we've dropped the old perl tools which none of us felt capable of supporting for five years
12:22 < sarnold> on the other hand, the new python tools are still a bit thin and need more testing.
12:23 < sarnold> i don't know how much we want to improve the python tools before proposing the new apparmor for landing
12:23 < sarnold> but it feels like we need at least aa-disable to work correctly before asking for a landing
12:24 < sbeattie> sarnold: I have a couple of small patches that make aa-disable work without aborting because of not understanding dbus rules
12:24 < jdstrand> we should have aa-enforce too then
12:24 < jdstrand> I assume
12:25 < sarnold> I've also got a large stack of MIRs, some fairly important pacakges that many people are waiting on (nginx, juju, etc.) -- that alone could fill the week.. so here's hoping the release team won't mind me blocking progress too much..
12:25 < jdstrand> do I understand correctly that we are only blocked on the python tools?
12:25 < sarnold> sbeattie: Yay! :D thanks!
12:25 < sarnold> jdstrand: moment, let me go re-find that email..
12:26 < sarnold> jdstrand: there's a handful of other qrt test failures not relaated to the python tools that also need investigation
12:26 -!- dholbach [~daniel@ubuntu/member/dholbach] has quit [Quit: Ex-Chat]
12:26 < sarnold> jdstrand: it could be that some (most?) are due to a kernel that hasn't yet picked up all the apparmor patches, I think I heard jjohansen mention that lsat week
12:27 < jdstrand> ok, we need to get all that sorted so we can get this uploaded
12:27  * jdstrand stating the obvious
12:27 < sbeattie> sarnold, jdstrand: I'll take a look at the QRT failures.
12:27 < sarnold> yeah, I'm looking forward to retrying with sbeattie's latest fixes, that'll hopefully be half of QRT.. :)
12:28 < jdstrand> thanks-- I'd help there, but have a lot of updates I need to get to
12:28 < sarnold> heh, yeah, I recall triage last week...
12:28 < sarnold> what a week
12:28 < jjohansen> sarnold: ? the kernel shouldn't really have anything to do with the userspace failures. It needs to support old and new kernels
12:29 < sarnold> I think that's me done, chrisccoulson if you're around you're up :)
12:29 < jdstrand> if it was only the new stuff from last week...
12:29 < sarnold> jjohansen: ah, ok. darn.
12:31 < jdstrand> ok, I think chrisccoulson is away (which is fine)
12:31 < jdstrand> [TOPIC] Highlighted packages
12:31 < jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
12:31 < jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
12:31 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/turba2.html
12:31 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html
12:31 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/sleuthkit.html
12:31 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ganglia-web.html
12:31 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd.html
12:31 < jdstrand> [TOPIC] Miscellaneous and Questions
12:33 < jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, 
                  ChrisCoulson: thanks! 
12:33 < jdstrand> #endmeeting

MeetingLogs/Security/20140224 (last edited 2014-02-24 18:34:54 by jdstrand)