Ubuntu Wiki

Meeting

• Who: SecurityTeam

• When: Mon Jul 23 16:31:43 2018 UTC

• End: 16:56:41

• Where: #ubuntu-meeting on irc.freenode.net

• Chaired By: Emily Ratliff (ratliff)

Attendance

• • jdstrand
• mdeslaur
• sbeattie
• jjohansen
• sarnold
• chrisccoulson
• leosilva
• ratliff
• msalvatore
• ebarretto

Not present

• • mdeslaur
  • jjohansen
• jdstrand
• amurray

Agenda

• Announcements

  • Thanks to Simon Quigley (tsimonq2) for providing a debdiff for qutebrowser in bionic (LP: #1781295) and debdiffs for kwallet-pam in xenial-bionic (LP: #1768649)!

  • Thanks to Dan Streetman (ddstreet) for providing debdiffs for libxstream-java for trusty and xenial (LP: #1780844)!

  • Generalist role rotation
    • CVE Triage: amurray, Bug Triage: mdeslaur, Community: leosilva, Happy Place: barretto, msalvatore, sarnold, ratliff, sbeattie
  • We welcome Mike Salvatore and Eduardo Barretto to the Ubuntu Security Team today! Welcome Mike and Eduardo! We are thrilled that you are joining us to help continue improving security for Ubuntu users!

  • Ubuntu Security Team is hiring

• Weekly stand-up report (each member discusses any pending and planned future work for the week)
  • jdstrand
    • snapd PR reviews
    • adjust snap-confine to always use a device cgroup
    • follow up on unsquashfs issue (ie, work on re-enabling resquashfs enforcement
    • pick up review-tools snap USNs phase1/part ii work as have time
  • mdeslaur
    • clamav update
    • if possible, mysql update
    • security updates
  • sbeattie
    • intel-microcode updates
    • internal tasks
  • jjohansen
    • LSS-EU program committee duties
    • review mjg's network labeling patch

    • AppArmor feature work

  • sarnold
    • MIRs
      • xdg-desktop-portal

    • DebConf presentation

  • ChrisCoulson

    • thunderbird 60 updates

    • AppArmor audit

    • embargoed issue
  • ratliff
    • embargoed and internal work
  • leosilva
    • mutt update publication
    • python-cryptography updates
    • security updates
  • msalvatore
    • ant update
  • ebarretto
    • onboarding tasks
• Highlighted packages

  The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

• Miscellaneous and Questions
  • tsimonq2 asked where the highlighted packages went. A: We stopped publishing a list of highlighted packages because Debian merges were seen as more likely to succeed and known to be needed.

  • tsimonq2 commented that QtWebEngine needs an update for its embedded Chromium. Discussion deferred to #ubuntu-hardened.

Log

http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-07-23-16.31.moin.txt