20180730
3246
Comment:
|
2763
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was renamed from MeetingLogs/Security/20170605 == Meeting (DRAFT) == |
## page was copied from MeetingLogs/Security/20180723 ## page was copied from MeetingLogs/Security/20180625 == Meeting == |
Line 4: | Line 5: |
* '''When''': Mon June 12th 2017 16:31 UTC * '''End''': 16:48 UTC |
* '''When''': Mon Jul 23 16:31:43 2018 UTC * '''End''': 16:56:41 |
Line 7: | Line 8: |
* '''Chaired By''': Tyler Hicks (tyhicks) | * '''Chaired By''': Emily Ratliff (ratliff) |
Line 10: | Line 11: |
{{{#!wiki comment | |
Line 11: | Line 13: |
}}} | |
Line 13: | Line 16: |
* tyhicks | {{{#!wiki comment }}} |
Line 17: | Line 21: |
* leosilva | |
Line 18: | Line 23: |
* leosilva | * msalvatore * ebarretto |
Line 21: | Line 27: |
* None | {{{#!wiki comment * mdeslaur * jjohansen }}} * jdstrand * amurray |
Line 25: | Line 36: |
* Balint Reczey (rbalint) provided debdiffs for xenial-zesty for kodi (LP: #Bug:1694249) * Balint Reczey (rbalint) provided debdiffs for trusty-zesty for wireshark (LP: #Bug:1397091) * Gianfranco Costamagna (!LocutusOfBorg) provided debdiffs for trusty-zesty for ettercap (LP: #Bug:1695722) |
* Generalist role rotation * CVE Triage: amurray, Bug Triage: mdeslaur, Community: leosilva, Happy Place: barretto, msalvatore, sarnold, ratliff, sbeattie * We welcome Mike Salvatore and Eduardo Barretto to the Ubuntu Security Team today! Welcome Mike and Eduardo! We are thrilled that you are joining us to help continue improving security for Ubuntu users! * Ubuntu Security Team [[https://grnh.se/8c0a6c1f1|is hiring]] |
Line 29: | Line 41: |
{{{#!wiki comment | |
Line 30: | Line 43: |
* finish overlayfs/apparmor/snaps investigation * snappy-debug work * fix to work with journald * update for snapd 2.25/2.26 * gnome3/wayland/plasma interfaces * snappy forum discussions and PR reviews * miscellaneous snappy policy updates PR |
* snapd PR reviews * adjust snap-confine to always use a device cgroup * follow up on unsquashfs issue (ie, work on re-enabling resquashfs enforcement * pick up review-tools snap USNs phase1/part ii work as have time }}} * mdeslaur * clamav update * if possible, mysql update * security updates * sbeattie * intel-microcode updates * internal tasks {{{#!wiki comment }}} * jjohansen * LSS-EU program committee duties * review mjg's network labeling patch * !AppArmor feature work * sarnold * MIRs * xdg-desktop-portal * !DebConf presentaton * !ChrisCoulson * thunderbird 60 updates * !AppArmor audit |
Line 38: | Line 69: |
* mdeslaur * weekly role: community * puppet updates * libtasn updates * additional security updates as time allows * sbeattie * weekly role: bug Triage * embargoed issue * sudo update * kernel triage bits * tyhicks * weekly role: CVE triage * !eCryptfs patch review (userspace and kernel) * seccomp patches * finish elfutils updates * pick up security update * jjohansen * LSS talk/discussion proposal * LSS program committee duties * !AppArmor kernel patch upstreaming * merge against security tree * some remaining work before the pull request can be sent * work with SUSE regarding the AppArmor patches for 4.13 kernel * sarnold * weekly role: happy place * sponsor two updates from last week * xdelta3 mir * !AppArmor patch review to support jjohansen's upstreaming work * !ChrisCoulson * Firefox updates * sponsor chromium-browser updates * embargoed issue * work on the Firefox start page * move away start.ubuntu.com * provide Ubuntu-specific design once we hear back |
|
Line 74: | Line 70: |
* weekly role: happy place * internal tasks * technical communication * Ubuntu Core 15 updates |
* embargoed and internal work * leosilva * mutt update publication * python-cryptography updates * security updates * msalvatore * ant update * ebarretto * onboarding tasks |
Line 79: | Line 80: |
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are: | |
Line 82: | Line 82: |
* none | * tsimonq2 asked where the highlighted packages went. A: We stopped publishing a list of highlighted packages because Debian merges were seen as more likely to succeed and known to be needed. * tsimonq2 commented that !QtWebEngine needs an update for its embedded Chromium. Discussion deferred to #ubuntu-hardened. |
Line 85: | Line 86: |
Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-06-05-16.31.moin.txt | http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-07-23-16.31.moin.txt |
Meeting
Who: SecurityTeam
When: Mon Jul 23 16:31:43 2018 UTC
End: 16:56:41
Where: #ubuntu-meeting on irc.freenode.net
Chaired By: Emily Ratliff (ratliff)
Attendance
- mdeslaur
- sbeattie
- jjohansen
- sarnold
- chrisccoulson
- leosilva
- ratliff
- msalvatore
- ebarretto
Not present
- jdstrand
- amurray
Agenda
- Announcements
- Generalist role rotation
- CVE Triage: amurray, Bug Triage: mdeslaur, Community: leosilva, Happy Place: barretto, msalvatore, sarnold, ratliff, sbeattie
- We welcome Mike Salvatore and Eduardo Barretto to the Ubuntu Security Team today! Welcome Mike and Eduardo! We are thrilled that you are joining us to help continue improving security for Ubuntu users!
Ubuntu Security Team is hiring
- Generalist role rotation
- Weekly stand-up report (each member discusses any pending and planned future work for the week)
- mdeslaur
- clamav update
- if possible, mysql update
- security updates
- sbeattie
- intel-microcode updates
- internal tasks
- jjohansen
- LSS-EU program committee duties
- review mjg's network labeling patch
AppArmor feature work
- sarnold
- MIRs
- xdg-desktop-portal
DebConf presentaton
- MIRs
ChrisCoulson
- thunderbird 60 updates
AppArmor audit
- embargoed issue
- ratliff
- embargoed and internal work
- leosilva
- mutt update publication
- python-cryptography updates
- security updates
- msalvatore
- ant update
- ebarretto
- onboarding tasks
- mdeslaur
- Highlighted packages
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
- Miscellaneous and Questions
- tsimonq2 asked where the highlighted packages went. A: We stopped publishing a list of highlighted packages because Debian merges were seen as more likely to succeed and known to be needed.
tsimonq2 commented that QtWebEngine needs an update for its embedded Chromium. Discussion deferred to #ubuntu-hardened.
Log
http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-07-23-16.31.moin.txt
MeetingLogs/Security/20180730 (last edited 2018-07-30 17:52:47 by emilyr)