Ubuntu Wiki

Meeting

• Who: SecurityTeam

• When: Mon Mar 24th 2014 16:30 UTC

• End: 17:00 UTC

• Where: #ubuntu-meeting on irc.freenode.net

• Chaired By: JamieStrandboge (jdstrand)

Attendance

• jdstrand
• mdeslaur
• sbeattie
• tyhicks
• jjohansen
• sarnold
• chrisccoulson

Not present

• None

Agenda

• Announcements

  • [ACTION] chrisccoulson send oxide and qtwebkit benchmark results to mailing list: DONE (https://lists.launchpad.net/oxide/msg00003.html)

• Weekly stand-up report (each member discusses any pending and planned future work for the week)
  • jdstrand
    • weekly role: triage

    • run/comment on AppArmor ipc kernel, etc

    • golang MIR
    • help with oxide to Ubuntu
    • embargoed issues

    • ScopesConfinement discussions

    • updates
  • mdeslaur
    • weekly role: community
    • pending updates
    • ca-certificates updates for stable releases
    • initramfs-tools update to fix /run being mounted without noexec
    • apache2 update
  • sbeattie

    • AppArmor

      • ipc test cases
      • monitoring 2.8.95 bugs
  • tyhicks

    • LXC regressions in AppArmor (1296459, 1295774)

    • AppArmor work items

  • jjohansen

    • AppArmor

      • ipc revisions
      • coordinate with sbeattie and tyhicks
      • bug fixing
  • sarnold
    • weekly role: happy place
    • MIRs: juju, schroot, strongswan, and glusterfs to start and finish

    • help with AppArmor as needed

  • chrisccoulson
    • Oxide
      • land Oxide in the archive
      • code reviews
      • blog posts:

        • http://www.chriscoulson.me.uk/blog/?p=242

        • http://www.chriscoulson.me.uk/blog/?p=251

• Highlighted packages

  The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

  The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

• Miscellaneous and Questions

  • < ScottK> You might want to consider promoting clamav 0.98.1 from backports to updates or security/updates.  0.97.8 is not able to use all the current virus definitions and so there's a capability/security gap there if people aren't using backports.

    • mdeslaur will followup on this

Log

Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-24-16.35.html