Ubuntu Wiki

Meeting

• Who: SecurityTeam

• When: Mon Jan 23rd 2012 18:00 UTC

• End: 18:30 UTC

• Where: #ubuntu-meeting on irc.freenode.net

• Chaired By: JamieStrandboge (jdstrand)

Attendance

• jdstrand
• mdeslaur
• sbeattie
• micahg
• tyhicks
• jjohansen

Not present

Agenda

• Announcements
  • Happy new year and welcome to our first meeting this year.
  • Thanks
    • Thanks to Mahyuddin Susanto (udienz) for his help on security updates for the community supported lighttpd (LP: #906792), cacti (LP: #906773) and squid3 (LP: #907690) packges on lucid and higher over the last weeks.
    • Also would like to thank Ante Karamatić (ivoks) for providing a debdiff for lucid for phpmyadmin (LP: #913846)
    • Thank you to Harald Jenny (harald-a-little-linux-box) for providing a debdiff for hardy for openswan (LP: #917754)

    Your work is very much appreciated and will keep Ubuntu users secure. Great job!

• Weekly stand-up report (each member discusses any pending and planned future work for the week)
  • jdstrand
    • short week, off Fri
    • Weekly role: triage
    • pending updates
    • archive admin work
    • audits
  • mdeslaur
    • Weekly role: happy place
    • pending updates
    • investigate several embargoed issues
  • sbeattie
    • Weekly role: community
    • test openjdk regression update
    • pending update
    • gdb regression update testing
    • apparmor work items

    • possibly help with AppArmor 2.7.1 release

  • micahg
    • Weekly role: happy place
    • pending updates
    • patch piloting
    • finish rapid release testing
    • back to webkit
  • tyhicks
    • possibly short week (jury duty)
    • Weekly role: happy place
    • fixed ecryptfs kernel and upstreamed them in time for the window
    • pending updates
  • jjohansen
    • Weekly role: happy place

    • upstream AppArmor 2.7.1 release

    • pending updates

    • AppArmor work items (mount rules)

    • review ecryptfs patches
    • testing of proper fix for /proc/pid/mem issue
• Highlighted packages

  The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are:

  The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

• Miscellaneous and Questions

  • [jdstrand] People are talking quite a bit about the recent /proc/<pid>/mem handling in the kernel. We have released an update today (http://www.ubuntu.com/usn/usn-1336-1/)

  • [micahg] speakers for UDW and I thought it might be nice if someone gave a talk on helping with security updates. jdstrand thought someone had already done this before and will followup with the team
  • [sbeattie] nuclearbob proposed a couple of additional tags for qrt in bug 913818 and bug 913812, and I wanted to get the team's opinions on them
    • [ACTION] sbeattie to follow up on qrt bugs from QA team
    • [ACTION] jdstrand to make sure ubuntu-security gets QRT bug mail

Log

Logs available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-01-23-18.00.moin.txt