20161205
3456
Comment:
|
3013
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was copied from MeetingLogs/Security/20160627 | |
Line 2: | Line 3: |
## page was copied from MeetingLogs/Security/20160606 | |
Line 5: | Line 5: |
* '''When''': Mon June 20th 2016 16:31 UTC * '''End''': 16:51 UTC |
* '''When''': Mon June 27th 2016 16:31 UTC * '''End''': 16:54 UTC |
Line 11: | Line 11: |
* jdstrand | |
Line 15: | Line 16: |
* sarnold | |
Line 19: | Line 21: |
* jdstrand * sarnold |
* None |
Line 27: | Line 28: |
{{{#!wiki comment | |
Line 29: | Line 29: |
* snappy PR followups (gsettings, input methods) * snappy interface reviews (modem-manager, ppp, etc) * seccomp arg filtering follow-ups * various snapd interface policy updates and investigations * review tools updates for upcoming snap.yaml changes and various bug fixes * im-config testing * docker interface as have time }}} |
* Snappy dbus-bind interface * Snappy interfaces documentation * Work with morphis on testing/sponsoring pulseaudio SRU for disabling recording if snap policy (ie, finish phase 1) |
Line 38: | Line 33: |
* weekly role: CVE triage * tomcat updates * patch piloting * sbeattie |
|
Line 39: | Line 38: |
* publish security updates that were prepared/tested last week during the sprint * publish some additional security updates after testing * update the UEFI secure boot testing instructions * sbeattie |
* kernel USNs * sponsor kinit update * watch for doko's yakkety test rebuild and fix any PIE related build failures * tyhicks |
Line 44: | Line 43: |
* post-sprint followups/todos * pick up a security update * watch for and fix build failures in yakkety due to gcc pie changes * investigate failing aslr tests on ppc64el and s390x (LP: #1594347) * tyhicks * weekly role: bug triage * post-sprint followups/todos * AppArmor upload and SRU * lingering email catchup from vacation and sprint weeks |
* !AppArmor upload and SRU |
Line 54: | Line 45: |
* snap-confine PR reviews (seccomp arg filtering and some others that landed without security team review) | * embargoed issue |
Line 57: | Line 48: |
* post-sprint followups/todos * finish 4.7 AppArmor rebase and handoff to the kernel team * prepare upstream kernel pull request for some of the Ubuntu AppArmor delta {{{#!wiki comment |
* finish IPC cross label validation fix for stacking * revise profile name validation checks * LXC/LXD use some characters that were planned to be blocked * prepare upstream kernel pull request for some of the Ubuntu !AppArmor delta * finish testing 4.7 !AppArmor rebase and handoff to the kernel team |
Line 62: | Line 54: |
* weekly role: CVE triage * sprint prep and imagemagick }}} |
* weekly role: bug triage * embargoed issue * MIR audits |
Line 66: | Line 58: |
* chromium-browser sponsoring * publish Oxide update * test oxide on arm64 and fix any bugs discovered * converged device [[https://blueprints.launchpad.net/oxide/+spec/converged-device-support|features]] for oxide |
|
Line 67: | Line 64: |
* oxide updates * test oxide on arm64 and fix any bugs discovered |
|
Line 70: | Line 65: |
* post-sprint followups/todos * misc management tasks * finish the manager transition tasks from jdstrand * take time to learn the UCT tools |
* look into the Ubuntu CVE tracker |
Line 81: | Line 73: |
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-20-16.31.moin.txt | Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-27-16.31.moin.txt |
Meeting
Who: SecurityTeam
When: Mon June 27th 2016 16:31 UTC
End: 16:54 UTC
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: Tyler Hicks (tyhicks)
Attendance
- jdstrand
- mdeslaur
- sbeattie
- tyhicks
- jjohansen
- sarnold
ChrisCoulson
- ratliff
Not present
- None
Agenda
- Announcements
- Stefan Bader (smb) provided debdiffs for precise-xenial for xen
- Otto Kekäläinen (otto) provided debdiffs for wily-xenial for mariadb-10.0 (LP: #1589302)
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- jdstrand
- Snappy dbus-bind interface
- Snappy interfaces documentation
- Work with morphis on testing/sponsoring pulseaudio SRU for disabling recording if snap policy (ie, finish phase 1)
- mdeslaur
- weekly role: CVE triage
- tomcat updates
- patch piloting
- sbeattie
- weekly role: happy place
- kernel USNs
- sponsor kinit update
- watch for doko's yakkety test rebuild and fix any PIE related build failures
- tyhicks
- weekly role: community
AppArmor upload and SRU
- seccomp complain mode
- embargoed issue
- jjohansen
focus on AppArmor (stacking bugs for 16.04)
- finish IPC cross label validation fix for stacking
- revise profile name validation checks
- LXC/LXD use some characters that were planned to be blocked
prepare upstream kernel pull request for some of the Ubuntu AppArmor delta
finish testing 4.7 AppArmor rebase and handoff to the kernel team
- sarnold
- weekly role: bug triage
- embargoed issue
- MIR audits
ChrisCoulson
- chromium-browser sponsoring
- publish Oxide update
- test oxide on arm64 and fix any bugs discovered
converged device features for oxide
- document instructions for doing flash updates
- ratliff
- look into the Ubuntu CVE tracker
- jdstrand
- Highlighted packages
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
- None
Log
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-27-16.31.moin.txt
MeetingLogs/Security/20161205 (last edited 2016-12-05 18:56:44 by tyhicks)