20140303
Meeting
Who: SecurityTeam
End: 17:00 UTC
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: JamieStrandboge (jdstrand)
Attendance
- jdstrand
- mdeslaur
- sbeattie
- tyhicks
- jjohansen
- sarnold
- chrisccoulson
Not present
- None
Agenda
- Announcements
- [ACTION] chrisccoulson send oxide and qtwebkit benchmark results to mailing list
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- jdstrand
- weekly role: triage
- pending updates
- click-apparmor update for frameworks
- investigate Qt 5.2 profile denials
- miscellaneous catch up
- mdeslaur
- weekly role: community
- pending updates
- patch pilot
- sbeattie
AppArmor
- finished up items related to 2.8.95 in the archive except for tools not being able to parse dbus rules
- ipc testing with jjohansen
- tyhicks
- finished up kernel keyring work (talked to upstream, sent pam patch up)
- finish up addressing final few comments from the dbus-daemon mediation patches review
- kdbus for a day or two to finish/continue the upstream conversation
- help with testing
- jjohansen
AppArmor
- ipc and kernel issues
- testing with sbeattie
- cross namespace stacking as time allows
- sarnold
AppArmor 2.8.95 upload. Remaining issue is tools failing with dbus
- MIRs: juju-core, schroot, strongswan, glusterfs, thermald. nginx, done from a security perspective)
- internal code audit
- chrisccoulson
- Oxide
- user-agent override mechanism
- reimplemented the script messaging API on the renderer side to fix some bugs (initial implementation was only for the unit tests). Continue with this
- Oxide
- jdstrand
- Highlighted packages
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
Log
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-03-16.39.html
MeetingLogs/Security/20140303 (last edited 2014-03-03 17:14:09 by jdstrand)