20150720
2768
Comment:
|
9464
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
== Meeting (DRAFT) == | == Meeting == |
Line 5: | Line 5: |
* '''When''': Mon July 13th 2015 16:30 UTC * '''End''': 16:53 UTC |
* '''When''': Mon July 13th 2015 16:32 UTC * '''End''': 16:56 UTC |
Line 15: | Line 15: |
* jjohansen | |
Line 20: | Line 19: |
* jjohansen | |
Line 26: | Line 26: |
* email and irc catchup from being off last week * Working on adding a policy group for bug #1462489 * Go through team trello board to update and prioritize it |
* Discussed out of box experience with design team * Continue reviewing IoM sprint summaries and takeaways * Embargoed item * Finish ubuntu-personal-security policy |
Line 31: | Line 32: |
* cups-filters and php5 updates are out * wily php5 merge * embargoed updates * non-embargoed updates |
* Fix certificate issue in ca-certificates * Security updates |
Line 37: | Line 36: |
* gcc pie testing | * Review doko's gcc-5 plans and how they intersect with -fPIE on amd64 |
Line 39: | Line 38: |
* fixing arm64 kernel QRT failures | * Finish fixing QRT kernel failures on arm64 |
Line 42: | Line 41: |
* Leftover community sponsoring * Review the kdbus LSM hook patch set * Determine the best way to fix in auditing bug in the phone images * Restart work on the UCT-to-trello bridge |
|
Line 43: | Line 46: |
* UCT to Trello * !AppArmor userspace support for kernel keyring mediation |
{{{#!wiki comment |
Line 51: | Line 53: |
}}} | |
Line 54: | Line 57: |
* quick look at hallyn's cpuset cgroup pam modules * !AppArmor patch reviews |
|
Line 57: | Line 58: |
* determine why latest firefox build is crashing on precise i386 * Mozilla updates * chromium update * finish reviewing pepper-flash oxide merge proposal * working on oxide 1.9 milestones |
* fix firefox 39 crashing on precise and trusty * embargoed update * thunderbird update |
Line 69: | Line 68: |
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-07-06-16.32.moin.txt | {{{{ 11:33 < tyhicks> The meeting agenda can be found at: 11:33 < tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 11:33 < tyhicks> [TOPIC] Announcements 11:33 * tyhicks kicks the meeting bot 11:34 < teward> tyhicks: possible it's down with all the other bots? 11:35 < teward> if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting. 11:35 < teward> or pull it from my raw logs here on my client 11:35 < tyhicks> teward: possibly - I'm not aware of any others being down 11:35 < tyhicks> teward: thanks but I've got a logger going 11:35 < teward> ack 11:36 < tyhicks> I guess I'll just proceed 11:36 * teward lurks 11:36 < tyhicks> [TOPIC] Announcements 11:36 < tyhicks> Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677) 11:36 < ubottu> Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677 11:36 < jdstrand> fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else 11:36 < tyhicks> ok 11:36 < jdstrand> (at the end of the meeting) 11:36 < tyhicks> [TOPIC] Weekly stand-up report 11:36 < tyhicks> jdstrand: you're up 11:37 < jdstrand> today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello 11:37 < jdstrand> I need to continue going over the IoM summaries and takeaways 11:37 < jdstrand> I've got an embargoed item I am working on 11:38 < jdstrand> I'd like to finish up the ubuntu-personal-security policy bits 11:38 < jdstrand> then pick up a card as have time 11:38 < jdstrand> mdeslaur: you're up 11:39 < mdeslaur> I'm on bug triage this week 11:39 < mdeslaur> it's a short week for me as I'm on holiday friday and monday 11:39 < mdeslaur> I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon 11:39 < mdeslaur> and I'm going down the CVE list 11:40 < mdeslaur> I'll probably be stealing the in-progress nbd updates from sbeattie 11:40 < mdeslaur> that's about it, sbeattie, you're up 11:40 < sbeattie> I'm on cve triage this week 11:40 < sbeattie> I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily 11:41 < sbeattie> I need to look at doko's gcc-5 plans 11:41 < sbeattie> and that will probably consume my week 11:41 < sbeattie> tyhicks: you're up 11:42 < tyhicks> I'm in the happy place this week 11:42 < tyhicks> I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0) 11:42 < tyhicks> I will review the kdbus LSM hook patch set this week 11:43 < tyhicks> I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels) 11:43 < tyhicks> I want to get back to my UCT-to-trello bridge 11:43 < tyhicks> and I have several embargoed issues 11:44 < tyhicks> I think that's it for me 11:44 < tyhicks> sarnold: skipping to you as I don't see jj 11:45 < sarnold> I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough. 11:45 < sarnold> that's it for me, chrisccoulson? 11:46 < chrisccoulson> After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9 11:46 < chrisccoulson> But Firefox has something to say about that 11:47 < tyhicks> :/ 11:47 < chrisccoulson> I've got 1 embargoed update to do, and I also need to do the thunderbird update 11:47 < chrisccoulson> that's me done 11:47 < sarnold> would it make sense at some point to revert precise back to a firefox ESR release? 11:47 < jdstrand> chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox? 11:48 < chrisccoulson> I'm not sure atm. I'd like to be able to reproduce this crash, but I can't 11:48 < tyhicks> the 14.04 crash? 11:48 < chrisccoulson> Yeah 11:49 < tyhicks> I can try in a VM 11:49 < chrisccoulson> That's what I'm doing at the moment too 11:49 < doko> sbeattie, please delay any config changes until the GCC 5 transition is done 11:49 < doko> it's already ugly enough 11:49 < sbeattie> doko: okay 11:50 < tyhicks> chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens 11:50 < chrisccoulson> thanks 11:50 < tyhicks> sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week 11:51 < tyhicks> sbeattie: if that goes quickly, picking up a MIR would be a good idea 11:52 < sbeattie> tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64 11:52 < tyhicks> ah, ok 11:52 < tyhicks> sbeattie: those are seccomp test failures, right? 11:53 < tyhicks> (due to symbol craziness) 11:54 < tyhicks> you can tell me later 11:54 < sbeattie> no, this is the test-kernel-security.py stuff, dealing with and testing for different configs 11:54 < tyhicks> oh 11:54 < tyhicks> ok 11:54 < tyhicks> moving on 11:54 < tyhicks> [TOPIC] Highlighted packages 11:54 < tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 11:54 < tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html 11:54 < tyhicks> [TOPIC] Miscellaneous and Questions 11:54 < tyhicks> Does anyone have any other questions or items to discuss? 11:56 < tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks! }}}} |
Meeting
Who: SecurityTeam
When: Mon July 13th 2015 16:32 UTC
End: 16:56 UTC
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: Tyler Hicks (tyhicks)
Attendance
- jdstrand
- mdeslaur
- sbeattie
- tyhicks
- sarnold
- chrisccoulson
Not present
- jjohansen
Agenda
- Announcements
- Otto Kekäläinen (otto) provided a debdiff for vivid for mariadb-10.0 (LP: #1451677)
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- jdstrand
- Discussed out of box experience with design team
- Continue reviewing IoM sprint summaries and takeaways
- Embargoed item
- Finish ubuntu-personal-security policy
- mdeslaur
- weekly role: bug triage
- Fix certificate issue in ca-certificates
- Security updates
- sbeattie
- weekly role: cve triage
- Review doko's gcc-5 plans and how they intersect with -fPIE on amd64
AppArmor patch review in prep for the 2.10 release
- Finish fixing QRT kernel failures on arm64
- tyhicks
- weekly role: happy place
- Leftover community sponsoring
- Review the kdbus LSM hook patch set
- Determine the best way to fix in auditing bug in the phone images
- Restart work on the UCT-to-trello bridge
- embargoed issues (2)
- sarnold
- weekly role: community
- ppc64-diag MIR (and depends)
- chriscoulson
- fix firefox 39 crashing on precise and trusty
- embargoed update
- thunderbird update
- jdstrand
- Highlighted packages
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
- None
Log
11:33 < tyhicks> The meeting agenda can be found at: 11:33 < tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 11:33 < tyhicks> [TOPIC] Announcements 11:33 * tyhicks kicks the meeting bot 11:34 < teward> tyhicks: possible it's down with all the other bots? 11:35 < teward> if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting. 11:35 < teward> or pull it from my raw logs here on my client 11:35 < tyhicks> teward: possibly - I'm not aware of any others being down 11:35 < tyhicks> teward: thanks but I've got a logger going 11:35 < teward> ack 11:36 < tyhicks> I guess I'll just proceed 11:36 * teward lurks 11:36 < tyhicks> [TOPIC] Announcements 11:36 < tyhicks> Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677) 11:36 < ubottu> Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677 11:36 < jdstrand> fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else 11:36 < tyhicks> ok 11:36 < jdstrand> (at the end of the meeting) 11:36 < tyhicks> [TOPIC] Weekly stand-up report 11:36 < tyhicks> jdstrand: you're up 11:37 < jdstrand> today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello 11:37 < jdstrand> I need to continue going over the IoM summaries and takeaways 11:37 < jdstrand> I've got an embargoed item I am working on 11:38 < jdstrand> I'd like to finish up the ubuntu-personal-security policy bits 11:38 < jdstrand> then pick up a card as have time 11:38 < jdstrand> mdeslaur: you're up 11:39 < mdeslaur> I'm on bug triage this week 11:39 < mdeslaur> it's a short week for me as I'm on holiday friday and monday 11:39 < mdeslaur> I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon 11:39 < mdeslaur> and I'm going down the CVE list 11:40 < mdeslaur> I'll probably be stealing the in-progress nbd updates from sbeattie 11:40 < mdeslaur> that's about it, sbeattie, you're up 11:40 < sbeattie> I'm on cve triage this week 11:40 < sbeattie> I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily 11:41 < sbeattie> I need to look at doko's gcc-5 plans 11:41 < sbeattie> and that will probably consume my week 11:41 < sbeattie> tyhicks: you're up 11:42 < tyhicks> I'm in the happy place this week 11:42 < tyhicks> I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0) 11:42 < tyhicks> I will review the kdbus LSM hook patch set this week 11:43 < tyhicks> I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels) 11:43 < tyhicks> I want to get back to my UCT-to-trello bridge 11:43 < tyhicks> and I have several embargoed issues 11:44 < tyhicks> I think that's it for me 11:44 < tyhicks> sarnold: skipping to you as I don't see jj 11:45 < sarnold> I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough. 11:45 < sarnold> that's it for me, chrisccoulson? 11:46 < chrisccoulson> After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9 11:46 < chrisccoulson> But Firefox has something to say about that 11:47 < tyhicks> :/ 11:47 < chrisccoulson> I've got 1 embargoed update to do, and I also need to do the thunderbird update 11:47 < chrisccoulson> that's me done 11:47 < sarnold> would it make sense at some point to revert precise back to a firefox ESR release? 11:47 < jdstrand> chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox? 11:48 < chrisccoulson> I'm not sure atm. I'd like to be able to reproduce this crash, but I can't 11:48 < tyhicks> the 14.04 crash? 11:48 < chrisccoulson> Yeah 11:49 < tyhicks> I can try in a VM 11:49 < chrisccoulson> That's what I'm doing at the moment too 11:49 < doko> sbeattie, please delay any config changes until the GCC 5 transition is done 11:49 < doko> it's already ugly enough 11:49 < sbeattie> doko: okay 11:50 < tyhicks> chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens 11:50 < chrisccoulson> thanks 11:50 < tyhicks> sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week 11:51 < tyhicks> sbeattie: if that goes quickly, picking up a MIR would be a good idea 11:52 < sbeattie> tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64 11:52 < tyhicks> ah, ok 11:52 < tyhicks> sbeattie: those are seccomp test failures, right? 11:53 < tyhicks> (due to symbol craziness) 11:54 < tyhicks> you can tell me later 11:54 < sbeattie> no, this is the test-kernel-security.py stuff, dealing with and testing for different configs 11:54 < tyhicks> oh 11:54 < tyhicks> ok 11:54 < tyhicks> moving on 11:54 < tyhicks> [TOPIC] Highlighted packages 11:54 < tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 11:54 < tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html 11:54 < tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html 11:54 < tyhicks> [TOPIC] Miscellaneous and Questions 11:54 < tyhicks> Does anyone have any other questions or items to discuss? 11:56 < tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks!
MeetingLogs/Security/20150720 (last edited 2015-07-20 17:00:40 by tyhicks)