Meeting

• Who: SecurityTeam

• When: Mon May 18th 2015 16:38 UTC

• End: 17:03 UTC

• Where: #ubuntu-meeting on irc.freenode.net

• Chaired By: Tyler Hicks (tyhicks)

Attendance

• jdstrand
• sbeattie
• tyhicks
• jjohansen
• sarnold
• chrisccoulson

Not present

• mdeslaur

Agenda

• Announcements
  • None
• Weekly stand-up report (each member discusses any pending and planned future work for the week)
  • jdstrand
    • planning security team's work
    • finish up the libseccomp SRU once the required time passes
    • Snappy seccomp policy updates
    • Snappy review tools work
    • Detailing the Core and Touch security support
    • mdeslaur
      • weekly role: bug triage
      • libtasn1 and icu updates are out the door
      • pending security updates
      • embargoed issue
  • sbeattie
    • weekly role: cve triage
    • Seeing the wily apparmor upload through migration
    • 14.04 apparmor SRU paperwork is finished and need to be copied

    • AppArmor patch review for 2.10 release

    • gcc pie testing (few more test rebuilds, then can proceed with benchnmarking)
  • tyhicks
    • weekly role: happy place
    • development cycle planning

    • add kernel keyring mediation support to AppArmor parser

    • revive patch security updates
    • Send proposed fix for bug #1427264 to upstream schroot
    • Come up with a fix for bug #1438942
    • embargoed issue
  • jjohansen
    • kernel security update sign-offs

    • Prepare pull AppArmor request to get patches into 4.2

    • Continue work to upstream the Ubuntu AppArmor kernel delta

    • Advising on the work to add dconf mediation to AppArmor

  • sarnold
    • weekly role: community

    • determining the OpenStack CVE status after the server team uploads landed

    • OpenStack security updates

  • chriscoulson
    • Thunderbird update
    • Review the context-menu merge proposal
    • Circle back to other merge proposals that have been updated
    • Working on bugs for the 1.8 release
• Highlighted packages

  The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

  The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

• Miscellaneous and Questions

Log

Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-05-18-16.38.moin.txt