20150720

Differences between revisions 81 and 82
Revision 81 as of 2015-07-13 15:06:14
Size: 2768
Editor: tyhicks
Comment:
Revision 82 as of 2015-07-13 17:01:05
Size: 9464
Editor: tyhicks
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
== Meeting (DRAFT) == == Meeting ==
Line 5: Line 5:
 * '''When''': Mon July 13th 2015 16:30 UTC
 * '''End''': 16:53 UTC		  * '''When''': Mon July 13th 2015 16:32 UTC
 * '''End''': 16:56 UTC
Line 15: Line 15:
 * jjohansen
Line 20: Line 19:
 * jjohansen
Line 26: Line 26:
   * email and irc catchup from being off last week
   * Working on adding a policy group for bug #1462489
   * Go through team trello board to update and prioritize it		    * Discussed out of box experience with design team
   * Continue reviewing IoM sprint summaries and takeaways
   * Embargoed item
   * Finish ubuntu-personal-security policy
Line 31: Line 32:
   * cups-filters and php5 updates are out
   * wily php5 merge
   * embargoed updates
   * non-embargoed updates		    * Fix certificate issue in ca-certificates
   * Security updates
Line 37: Line 36:
   * gcc pie testing    * Review doko's gcc-5 plans and how they intersect with -fPIE on amd64
Line 39: Line 38:
   * fixing arm64 kernel QRT failures    * Finish fixing QRT kernel failures on arm64
Line 42: Line 41:
   * Leftover community sponsoring
   * Review the kdbus LSM hook patch set
   * Determine the best way to fix in auditing bug in the phone images
   * Restart work on the UCT-to-trello bridge
Line 43: Line 46:
   * UCT to Trello
   * !AppArmor userspace support for kernel keyring mediation		   {{{#!wiki comment
Line 51: Line 53:
  }}}
Line 54: Line 57:
   * quick look at hallyn's cpuset cgroup pam modules
   * !AppArmor patch reviews
Line 57: Line 58:
   * determine why latest firefox build is crashing on precise i386
   * Mozilla updates
   * chromium update
   * finish reviewing pepper-flash oxide merge proposal
   * working on oxide 1.9 milestones		    * fix firefox 39 crashing on precise and trusty
   * embargoed update
   * thunderbird update
Line 69: Line 68:
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-07-06-16.32.moin.txt {{{{
11:33 < tyhicks> The meeting agenda can be found at:
11:33 < tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
11:33 < tyhicks> [TOPIC] Announcements
11:33 * tyhicks kicks the meeting bot
11:34 < teward> tyhicks: possible it's down with all the other bots?
11:35 < teward> if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting.
11:35 < teward> or pull it from my raw logs here on my client
11:35 < tyhicks> teward: possibly - I'm not aware of any others being down
11:35 < tyhicks> teward: thanks but I've got a logger going
11:35 < teward> ack
11:36 < tyhicks> I guess I'll just proceed
11:36 * teward lurks
11:36 < tyhicks> [TOPIC] Announcements
11:36 < tyhicks> Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677)
11:36 < ubottu> Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677
11:36 < jdstrand> fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else
11:36 < tyhicks> ok
11:36 < jdstrand> (at the end of the meeting)
11:36 < tyhicks> [TOPIC] Weekly stand-up report
11:36 < tyhicks> jdstrand: you're up
11:37 < jdstrand> today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello
11:37 < jdstrand> I need to continue going over the IoM summaries and takeaways
11:37 < jdstrand> I've got an embargoed item I am working on
11:38 < jdstrand> I'd like to finish up the ubuntu-personal-security policy bits
11:38 < jdstrand> then pick up a card as have time
11:38 < jdstrand> mdeslaur: you're up
11:39 < mdeslaur> I'm on bug triage this week
11:39 < mdeslaur> it's a short week for me as I'm on holiday friday and monday
11:39 < mdeslaur> I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon
11:39 < mdeslaur> and I'm going down the CVE list
11:40 < mdeslaur> I'll probably be stealing the in-progress nbd updates from sbeattie
11:40 < mdeslaur> that's about it, sbeattie, you're up
11:40 < sbeattie> I'm on cve triage this week
11:40 < sbeattie> I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily
11:41 < sbeattie> I need to look at doko's gcc-5 plans
11:41 < sbeattie> and that will probably consume my week
11:41 < sbeattie> tyhicks: you're up
11:42 < tyhicks> I'm in the happy place this week
11:42 < tyhicks> I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0)
11:42 < tyhicks> I will review the kdbus LSM hook patch set this week
11:43 < tyhicks> I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels)
11:43 < tyhicks> I want to get back to my UCT-to-trello bridge
11:43 < tyhicks> and I have several embargoed issues
11:44 < tyhicks> I think that's it for me
11:44 < tyhicks> sarnold: skipping to you as I don't see jj
11:45 < sarnold> I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the
                 ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough.
11:45 < sarnold> that's it for me, chrisccoulson?
11:46 < chrisccoulson> After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9
11:46 < chrisccoulson> But Firefox has something to say about that
11:47 < tyhicks> :/
11:47 < chrisccoulson> I've got 1 embargoed update to do, and I also need to do the thunderbird update
11:47 < chrisccoulson> that's me done
11:47 < sarnold> would it make sense at some point to revert precise back to a firefox ESR release?
11:47 < jdstrand> chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox?
11:48 < chrisccoulson> I'm not sure atm. I'd like to be able to reproduce this crash, but I can't
11:48 < tyhicks> the 14.04 crash?
11:48 < chrisccoulson> Yeah
11:49 < tyhicks> I can try in a VM
11:49 < chrisccoulson> That's what I'm doing at the moment too
11:49 < doko> sbeattie, please delay any config changes until the GCC 5 transition is done
11:49 < doko> it's already ugly enough
11:49 < sbeattie> doko: okay
11:50 < tyhicks> chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens
11:50 < chrisccoulson> thanks
11:50 < tyhicks> sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week
11:51 < tyhicks> sbeattie: if that goes quickly, picking up a MIR would be a good idea
11:52 < sbeattie> tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64
11:52 < tyhicks> ah, ok
11:52 < tyhicks> sbeattie: those are seccomp test failures, right?
11:53 < tyhicks> (due to symbol craziness)
11:54 < tyhicks> you can tell me later
11:54 < sbeattie> no, this is the test-kernel-security.py stuff, dealing with and testing for different configs
11:54 < tyhicks> oh
11:54 < tyhicks> ok
11:54 < tyhicks> moving on
11:54 < tyhicks> [TOPIC] Highlighted packages
11:54 < tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way
                 to do so.
11:54 < tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see
                 https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html
11:54 < tyhicks> [TOPIC] Miscellaneous and Questions
11:54 < tyhicks> Does anyone have any other questions or items to discuss?
11:56 < tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks!
}}}}

Meeting

  • Who: SecurityTeam

  • When: Mon July 13th 2015 16:32 UTC

  • End: 16:56 UTC

  • Where: #ubuntu-meeting on irc.freenode.net

  • Chaired By: Tyler Hicks (tyhicks)

Attendance

  • jdstrand
  • mdeslaur
  • sbeattie
  • tyhicks
  • sarnold
  • chrisccoulson

Not present

  • jjohansen

Agenda

  • Announcements
    • Otto Kekäläinen (otto) provided a debdiff for vivid for mariadb-10.0 (LP: #1451677)
  • Weekly stand-up report (each member discusses any pending and planned future work for the week)
    • jdstrand
      • Discussed out of box experience with design team
      • Continue reviewing IoM sprint summaries and takeaways
      • Embargoed item
      • Finish ubuntu-personal-security policy
    • mdeslaur
      • weekly role: bug triage
      • Fix certificate issue in ca-certificates
      • Security updates
    • sbeattie
      • weekly role: cve triage
      • Review doko's gcc-5 plans and how they intersect with -fPIE on amd64

      • AppArmor patch review in prep for the 2.10 release

      • Finish fixing QRT kernel failures on arm64
    • tyhicks
      • weekly role: happy place
      • Leftover community sponsoring
      • Review the kdbus LSM hook patch set
      • Determine the best way to fix in auditing bug in the phone images
      • Restart work on the UCT-to-trello bridge
      • embargoed issues (2)
    • sarnold
      • weekly role: community
      • ppc64-diag MIR (and depends)
    • chriscoulson
      • fix firefox 39 crashing on precise and trusty
      • embargoed update
      • thunderbird update
  • Highlighted packages

    The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

    The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

  • Miscellaneous and Questions
    • None

Log

11:33 < tyhicks> The meeting agenda can be found at:
11:33 < tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
11:33 < tyhicks> [TOPIC] Announcements
11:33  * tyhicks kicks the meeting bot
11:34 < teward> tyhicks: possible it's down with all the other bots?
11:35 < teward> if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting.
11:35 < teward> or pull it from my raw logs here on my client
11:35 < tyhicks> teward: possibly - I'm not aware of any others being down
11:35 < tyhicks> teward: thanks but I've got a logger going
11:35 < teward> ack
11:36 < tyhicks> I guess I'll just proceed
11:36  * teward lurks
11:36 < tyhicks> [TOPIC] Announcements
11:36 < tyhicks> Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677)
11:36 < ubottu> Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677
11:36 < jdstrand> fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else
11:36 < tyhicks> ok
11:36 < jdstrand> (at the end of the meeting)
11:36 < tyhicks> [TOPIC] Weekly stand-up report
11:36 < tyhicks> jdstrand: you're up
11:37 < jdstrand> today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello
11:37 < jdstrand> I need to continue going over the IoM summaries and takeaways
11:37 < jdstrand> I've got an embargoed item I am working on
11:38 < jdstrand> I'd like to finish up the ubuntu-personal-security policy bits
11:38 < jdstrand> then pick up a card as have time
11:38 < jdstrand> mdeslaur: you're up
11:39 < mdeslaur> I'm on bug triage this week
11:39 < mdeslaur> it's a short week for me as I'm on holiday friday and monday
11:39 < mdeslaur> I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon
11:39 < mdeslaur> and I'm going down the CVE list
11:40 < mdeslaur> I'll probably be stealing the in-progress nbd updates from sbeattie
11:40 < mdeslaur> that's about it, sbeattie, you're up
11:40 < sbeattie> I'm on cve triage this week
11:40 < sbeattie> I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily
11:41 < sbeattie> I need to look at doko's gcc-5 plans
11:41 < sbeattie> and that will probably consume my week
11:41 < sbeattie> tyhicks: you're up
11:42 < tyhicks> I'm in the happy place this week
11:42 < tyhicks> I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0)
11:42 < tyhicks> I will review the kdbus LSM hook patch set this week
11:43 < tyhicks> I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels)
11:43 < tyhicks> I want to get back to my UCT-to-trello bridge
11:43 < tyhicks> and I have several embargoed issues
11:44 < tyhicks> I think that's it for me
11:44 < tyhicks> sarnold: skipping to you as I don't see jj
11:45 < sarnold> I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the 
                 ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough.
11:45 < sarnold> that's it for me, chrisccoulson?
11:46 < chrisccoulson> After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9
11:46 < chrisccoulson> But Firefox has something to say about that
11:47 < tyhicks> :/
11:47 < chrisccoulson> I've got 1 embargoed update to do, and I also need to do the thunderbird update
11:47 < chrisccoulson> that's me done
11:47 < sarnold> would it make sense at some point to revert precise back to a firefox ESR release?
11:47 < jdstrand> chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox?
11:48 < chrisccoulson> I'm not sure atm. I'd like to be able to reproduce this crash, but I can't
11:48 < tyhicks> the 14.04 crash?
11:48 < chrisccoulson> Yeah
11:49 < tyhicks> I can try in a VM
11:49 < chrisccoulson> That's what I'm doing at the moment too
11:49 < doko> sbeattie, please delay any config changes until the GCC 5 transition is done
11:49 < doko> it's already ugly enough
11:49 < sbeattie> doko: okay
11:50 < tyhicks> chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens
11:50 < chrisccoulson> thanks
11:50 < tyhicks> sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week
11:51 < tyhicks> sbeattie: if that goes quickly, picking up a MIR would be a good idea
11:52 < sbeattie> tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64
11:52 < tyhicks> ah, ok
11:52 < tyhicks> sbeattie: those are seccomp test failures, right?
11:53 < tyhicks> (due to symbol craziness)
11:54 < tyhicks> you can tell me later
11:54 < sbeattie> no, this is the test-kernel-security.py stuff, dealing with and testing for different configs
11:54 < tyhicks> oh
11:54 < tyhicks> ok
11:54 < tyhicks> moving on
11:54 < tyhicks> [TOPIC] Highlighted packages
11:54 < tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way 
                 to do so.
11:54 < tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see 
                 https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html
11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html
11:54 < tyhicks> [TOPIC] Miscellaneous and Questions
11:54 < tyhicks> Does anyone have any other questions or items to discuss?
11:56 < tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks!

MeetingLogs/Security/20150720 (last edited 2015-07-20 17:00:40 by tyhicks)