20181015

Differences between revisions 5 and 7 (spanning 2 versions)
Revision 5 as of 2018-10-15 20:58:11
Size: 2515
Editor: jdstrand
Comment:
Revision 7 as of 2018-10-16 14:51:39
Size: 3079
Editor: jdstrand
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was copied from MeetingLogs/Security/20181001
== Meeting (DRAFT) ==		 == Meeting ==
Line 4: Line 3:
 * '''When''': Mon Oct 1 16:32:11 2018 UTC
 * '''End''': Mon Oct 1 16:54:40 2018 UTC		  * '''When''': Mon Oct 15 17:00:44 2018 UTC
 * '''End''': Mon Oct 15 17:18:44 2018 UTC
Line 7: Line 6:
 * '''Chaired By''': Jamie Strandboge (jdstrand)  * '''Chaired By''': Joe McManus (joemcmanus)
Line 30: Line 29:
  * First off, I'd like to warmly welcome joemcmanus to the team as our new security team manager. Glad to have you Joe! :)   * SLC Sprint next week, Jamie & Joe out of office
Line 32: Line 31:
  * Thanks
Line 35: Line 33:
   * CVE Triage: msalvatore (ebarretto), Bug Triage: sarnold, Community: sbeattie, Happy Place: amurray, mdeslaur, leosilva, ebarretto    * CVE Triage: leosilva, Bug Triage: ebarreto, Community: msalvatore, Happy Place: the rest :)
Line 40: Line 38:
   * continue brand store snap declarations
   * continue kubernetes-support interfaces
   * various snapd PR reviews
   * iterate on docker PRs
   * embargoed issue
  {{{#!wiki comment 		  {{{#!wiki comment
Line 48: Line 41:
  * jdstrand
   * fix bug in snapd wrt system-key and calculating apparmor parser features
   * respond to feedback for recently pushed kubernetes policy updates
   * continue on brand store declarations
   * product roadmap sprint prep
Line 49: Line 47:
   * ghostscript update
   * embargoed issue
   * additional reactive updates		    * short week
   * net-snmp updates
   * test the ppp updates
   * additional updates as time allows
Line 53: Line 52:
   * kernel updates went out, so USN publications now
   * imagemagick updates
   * toolchain hardening options for cosmic+1		    * kernel signoffs and some re-triage
   * investigate toolchain updates for cosmic+1
   * apparmor reviews
Line 57: Line 56:
   * apparmor items for 4.20 pull request: mjg secmark patch, kernel_t label for kernel network tasks, no new privs work
   * LSM stacking patches
   * 2.10.4, 2.11.2, 2.12.1, 2.13.1 stable releases of apparmor		    * finish the apparmor releases, which includes rolling out a 2.13.2 emergency release because initscripts are broken on suse and debian.
   * more LSM stacking review and work on the ubuntu patchset
   * refresh and get an RFC out for the NS LSM hook patchset this week
   * LSS-EU presentation
   * nnp changes so I can get back to Eric with them
   * audit/prompting work and apparmor 3.0 userspace as time allows
Line 61: Line 63:
   * xdg-desktop-portal-gtk
   * go down the MIR list
   * apparmor patch reviews as needed		    * oath-toolkit mir
   * aa patch reviews as jj asks for them
   * additional MIRs as time allows
   * file a few bug reports from the previous MIRs as time allows
Line 65: Line 68:
   * sponsored firefox update
   * embargoed update		    * thunderbird 60.2.1 publication. Now ready to hand over to the desktop team
   * firefox sponsored upload from desktop team
Line 69: Line 72:
   * liblouis update
   * go down the list		    * cve triage this week
   * attend python brasil event
   * moin update.
   * additional cves/pkgs to update as time allows
Line 72: Line 77:
   * very short week so only focusing on CVE triage    * community this week
   * wireshark, version 2.6.1 for trusty, xenial, and bionic went out today
   * update look and feel for the ubuntu cve tracker
   * resolve some universe CVEs as time allows
Line 74: Line 82:
   * opencv update
   * monit update
   * libav		    * bug triage this week
   * tomcat6 update (trusty and xenial)
   * tomcat7 as time permits
   * continue retriaging CVEs
Line 78: Line 87:
   * Plan for SLC
   * Web page update planning
   * 1:1 with team
   * Security role phone screens
Line 81: Line 94:

== Log ==
http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-10-01-16.32.moin.txt

Meeting

  • Who: SecurityTeam

  • When: Mon Oct 15 17:00:44 2018 UTC

  • End: Mon Oct 15 17:18:44 2018 UTC

  • Where: #ubuntu-meeting on irc.freenode.net

  • Chaired By: Joe McManus (joemcmanus)

Attendance

  • jdstrand
  • mdeslaur
  • sbeattie
  • jjohansen
  • sarnold
  • chrisccoulson
  • leosilva
  • msalvatore
  • ebarretto
  • joemcmanus

Not present

  • amurray

Agenda

  • Announcements
  • Weekly stand-up report (each member discusses any pending and planned future work for the week)
    • jdstrand
    • jdstrand
      • fix bug in snapd wrt system-key and calculating apparmor parser features
      • respond to feedback for recently pushed kubernetes policy updates
      • continue on brand store declarations
      • product roadmap sprint prep
    • mdeslaur
      • short week
      • net-snmp updates
      • test the ppp updates
      • additional updates as time allows
    • sbeattie
      • kernel signoffs and some re-triage
      • investigate toolchain updates for cosmic+1
      • apparmor reviews
    • jjohansen
      • finish the apparmor releases, which includes rolling out a 2.13.2 emergency release because initscripts are broken on suse and debian.
      • more LSM stacking review and work on the ubuntu patchset
      • refresh and get an RFC out for the NS LSM hook patchset this week
      • LSS-EU presentation
      • nnp changes so I can get back to Eric with them
      • audit/prompting work and apparmor 3.0 userspace as time allows
    • sarnold
      • oath-toolkit mir
      • aa patch reviews as jj asks for them
      • additional MIRs as time allows
      • file a few bug reports from the previous MIRs as time allows
    • !chrisccoulson
      • thunderbird 60.2.1 publication. Now ready to hand over to the desktop team
      • firefox sponsored upload from desktop team
      • libssh2 MIR
    • leosilva
      • cve triage this week
      • attend python brasil event
      • moin update.
      • additional cves/pkgs to update as time allows
    • msalvatore
      • community this week
      • wireshark, version 2.6.1 for trusty, xenial, and bionic went out today
      • update look and feel for the ubuntu cve tracker
      • resolve some universe CVEs as time allows
    • ebarretto
      • bug triage this week
      • tomcat6 update (trusty and xenial)
      • tomcat7 as time permits
      • continue retriaging CVEs
    • joemcmanus
      • Plan for SLC
      • Web page update planning
      • 1:1 with team
      • Security role phone screens
  • Highlighted packages

    The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

  • Miscellaneous and Questions

MeetingLogs/Security/20181015 (last edited 2018-10-16 14:51:39 by jdstrand)