20161212
|
Size: 3362
Comment:
|
Size: 2958
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| == Meeting (DRAFT) == | == Meeting == |
| Line 4: | Line 4: |
| * '''When''': Mon June 27th 2016 16:30 UTC * '''End''': 16:50 UTC |
* '''When''': Mon June 27th 2016 16:31 UTC * '''End''': 16:54 UTC |
| Line 28: | Line 28: |
| * snappy PR followups (gsettings, input methods) * snappy interface reviews (modem-manager, ppp, etc) * seccomp arg filtering follow-ups * various snapd interface policy updates and investigations * review tools updates for upcoming snap.yaml changes and various bug fixes * im-config testing * docker interface as have time |
* Snappy dbus-bind interface * Snappy interfaces documentation * Work with morphis on testing/sponsoring pulseaudio SRU for disabling recording if snap policy (ie, finish phase 1) |
| Line 37: | Line 33: |
| * publish security updates that were prepared/tested last week during the sprint * publish some additional security updates after testing * update the UEFI secure boot testing instructions |
* tomcat updates * patch piloting |
| Line 42: | Line 37: |
| * post-sprint followups/todos * pick up a security update * watch for and fix build failures in yakkety due to gcc pie changes * investigate failing aslr tests on ppc64el and s390x (LP: #1594347) |
* kernel USNs * sponsor kinit update * watch for doko's yakkety test rebuild and fix any PIE related build failures |
| Line 48: | Line 42: |
| * post-sprint followups/todos * AppArmor upload and SRU * lingering email catchup from vacation and sprint weeks |
* !AppArmor upload and SRU |
| Line 52: | Line 44: |
| * snap-confine PR reviews (seccomp arg filtering and some others that landed without security team review) | * embargoed issue |
| Line 55: | Line 47: |
| * post-sprint followups/todos * finish 4.7 AppArmor rebase and handoff to the kernel team * prepare upstream kernel pull request for some of the Ubuntu AppArmor delta |
* finish IPC cross label validation fix for stacking * revise profile name validation checks * LXC/LXD use some characters that were planned to be blocked * prepare upstream kernel pull request for some of the Ubuntu !AppArmor delta * finish testing 4.7 !AppArmor rebase and handoff to the kernel team |
| Line 60: | Line 54: |
| * sprint prep and imagemagick | * embargoed issue * MIR audits |
| Line 62: | Line 57: |
| * chromium-browser sponsoring * publish Oxide update * test oxide on arm64 and fix any bugs discovered * converged device [[https://blueprints.launchpad.net/oxide/+spec/converged-device-support|features]] for oxide |
|
| Line 63: | Line 63: |
| * oxide updates * test oxide on arm64 and fix any bugs discovered |
|
| Line 66: | Line 64: |
| * post-sprint followups/todos * misc management tasks * finish the manager transition tasks from jdstrand * take time to learn the UCT tools |
* look into the Ubuntu CVE tracker |
| Line 77: | Line 72: |
| Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-20-16.31.moin.txt | Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-27-16.31.moin.txt |
Meeting
Who: SecurityTeam
When: Mon June 27th 2016 16:31 UTC
End: 16:54 UTC
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: Tyler Hicks (tyhicks)
Attendance
- jdstrand
- mdeslaur
- sbeattie
- tyhicks
- jjohansen
- sarnold
ChrisCoulson
- ratliff
Not present
- None
Agenda
- Announcements
- Stefan Bader (smb) provided debdiffs for precise-xenial for xen
- Otto Kekäläinen (otto) provided debdiffs for wily-xenial for mariadb-10.0 (LP: #1589302)
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- jdstrand
- Snappy dbus-bind interface
- Snappy interfaces documentation
- Work with morphis on testing/sponsoring pulseaudio SRU for disabling recording if snap policy (ie, finish phase 1)
- mdeslaur
- weekly role: CVE triage
- tomcat updates
- patch piloting
- sbeattie
- weekly role: happy place
- kernel USNs
- sponsor kinit update
- watch for doko's yakkety test rebuild and fix any PIE related build failures
- tyhicks
- weekly role: community
AppArmor upload and SRU
- seccomp complain mode
- embargoed issue
- jjohansen
focus on AppArmor (stacking bugs for 16.04)
- finish IPC cross label validation fix for stacking
- revise profile name validation checks
- LXC/LXD use some characters that were planned to be blocked
prepare upstream kernel pull request for some of the Ubuntu AppArmor delta
finish testing 4.7 AppArmor rebase and handoff to the kernel team
- sarnold
- weekly role: bug triage
- embargoed issue
- MIR audits
ChrisCoulson
- chromium-browser sponsoring
- publish Oxide update
- test oxide on arm64 and fix any bugs discovered
converged device features for oxide
- document instructions for doing flash updates
- ratliff
- look into the Ubuntu CVE tracker
- jdstrand
- Highlighted packages
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
- None
Log
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-06-27-16.31.moin.txt
MeetingLogs/Security/20161212 (last edited 2016-12-12 17:00:40 by tyhicks)