#ubuntu-meeting-2 log

19:02 <infinity> #startmeeting Ubuntu Technical Board
19:02 <meetingology> Meeting started Tue Oct  9 19:02:05 2018 UTC.  The chair is infinity. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
19:02 <meetingology> 
19:02 <meetingology> Available commands: action commands idea info link nick
19:02 <infinity> Looks like we're lacking a kees, but otherwise all here.
19:02 <infinity> #topic Action Review
19:03 * infinity Wimpress To follow-up on-list with design review to address MATE Boutique security/consent concerns.
19:03 <infinity> Did that happen?
19:03 <infinity> Doesn't look like it.
19:03 <Wimpress> Not yet. It will though.
19:03 <infinity> Mmkay.
19:03 * infinity infinity to ask maas team to prepare SRU exception policy à la CurtinUpdates
19:04 <infinity> As discussed in the in-person meeting in Brussels, I'm waiting on some feedback from Robie about the current state of things from his view as an SRU guy processing MaaS stuff.
19:05 * infinity formal ratification of third party seeded snap security policy
19:05 <infinity> That could do with a URL or something.
19:05 <infinity> Where is the policy we're supposed to be formally ratifying? :)
19:05 <vorlon> https://wiki.ubuntu.com/UbuntuSeededSnaps
19:05 <mdeslaur> https://wiki.ubuntu.com/UbuntuSeededSnaps
19:05 <mdeslaur> bah
19:06 <vorlon> last exchange between mdeslaur and myself was that the policy was ok with him, though I still felt that given that he had /had/ questions it was worth me clarifying the language some; but that in any event it seemed we were ready to vote on it if we had only had quorum
19:06 <infinity> Okay, we have quorum.  Do we want to take 5, read it end-to-end, then vote?
19:07 <mdeslaur> yeah
19:12 <infinity> "official Ubuntu snaps should be built only from source that is available in Launchpad." -- I still prefer an actual version-for-version source retention (even if that's just tarring up the pre-build tree and calling it the source and having that avialable somehow).
19:12 <infinity> The "repos might disappear" argument is as relevant to LP as it is to GitHub.
19:13 <stgraber> ^ same here, we had that discussion by e-mail a few times I believe, I'd prefer it if LP would just store a build artifact which is effectively the result of the snapcraft "pull" phase, splitting build between source and binary and allowing re-building the binaries from identical source if needed
19:13 <stgraber> whether that source is stored as a huge tarball or a commit in a LP-generated git tree, I don't really care
19:13 <vorlon> infinity, stgraber: so you mean that it should be ok for a build of an official snap to pull from parts hosted elsewhere at build time?
19:13 <infinity> My other concern, and maybe someone knows the answer, is how upgrades happen if we're using ubuntu-XX.XX channels.  Will that magically flip from ubuntu-18.04 to ubuntu-18.10 on upgrade, or will the user be stuc on the 18.04 branch until someone decides to obsolete it in the store and force ALL 18.04 users to a new one?
19:14 <stgraber> but having to manually setup mirroring of every single little bit of code in your snap can be a huge pain and won't help you much if one of those repo breaks or goes away on LP
19:14 <vorlon> infinity: support for that is landing in ubuntu-release-upgrader before 18.10 release
19:14 <stgraber> vorlon: so long as the stuff which was pulled is recorded and you can rebuild the binary from it, yeah
19:15 <infinity> vorlon: Okay, so non-release-upgrader upgrades (like, say, most of Ubuntu engineering) will not get the magic channel flip. :/
19:15 <vorlon> infinity: correct, apt will not do it for you
19:15 <infinity> vorlon: And yes, I don't think *where* the sources come from is relevant, if the licenses are sane and the pull result is stored as a "this is the whole source" blob.
19:15 <stgraber> what we care about is being able to re-build the binary from the same source (or a slightly modified one in the case of a security update), requiring everything be git hosted on LP makes it a lot of work for the snap publisher and doesn't actually save us from soneone doing a force push or the like
19:15 <vorlon> stgraber: well, my expectation is snapcraft tooling that facilitates populating any necessary repositories in LP, not just that users do this manually
19:17 <infinity> I'm thinking both for practical rebuild reasons, but also ease of GPL compliance.  Publishing source alongside binaries gets us out of the written offer branch of the license.
19:17 <mdeslaur> "...source that is available in launchpad" doesn't exclude having an automatically-generated tarball
19:17 <stgraber> Ideally what I'd like to see is 1) LP runs "snapcraft pull" 2) Result is a source build artifact with a mangled snapcraft.yaml that's made to used the pull bits 3) Binary builds happen completely offline using that "source" artifact
19:17 <infinity> The harder it is to obtain source, the less easy it is to claim we're providing it. :P
19:17 <vorlon> and I think the snapcraft team was regarding the "capture the tree as an artifact" as a phase one
19:17 <infinity> mdeslaur: It doesn't exclude it, but it also doesn't specify it.  Nor does it, on the surface, solve the problem it claims to be solving.
19:18 <infinity> stgraber: +1 to that.
19:18 <infinity> stgraber: Effectively making "source packages".
19:18 <stgraber> yup
19:18 <vorlon> the problem then is that the process for building a security update where you need to modify the source due to missing upstream repo doesn't match the process for building the snap the first time
19:19 <vorlon> because 'snapcraft pull' will fail
19:19 <vorlon> and also, because you don't want to pull, you want to edit your source and use that
19:19 <stgraber> vorlon: but you could just dump the content of the last source package into the git tree, apply your fix and push
19:20 <stgraber> vorlon: at which point "pull" won't do anything because all content is local to the git tree and you'll build
19:20 <mdeslaur> keeping the tarball is a backup plan, not the way forward if the repo still exists
19:20 <mdeslaur> s/is/shouldn't be/
19:20 <mdeslaur> err
19:20 <vorlon> backing up, is this the level of design involvement the TB-as-TB wants to have in these requirements?
19:20 <mdeslaur> s/is/should be/
19:21 <vorlon> because I don't think that's a design discussion that fits in this meeting
19:21 <infinity> I want to make sure the source retention policy is sane and meaningful for both rebuilds and GPL compliance.
19:21 <vorlon> does the wording need to be adjusted to account for this?
19:21 <infinity> I don't need it to be exactly my design, but "must build from LP branches" is far too vague to actually solve either issue.
19:22 <infinity> LP isn't any more magic than GitHub, the users of LP can do the same silly things and make sources go away. :)
19:23 <vorlon> ok
19:23 <infinity> And I'm still wary of pointers to commits satisfying the FSF when it comes to shipping source side-by-side.  But maybe if those commits definitely never go away and 'snapcraft pull' is somehow guaranteed to always work forever?
19:23 <vorlon> I think it's precisely the case that 'snapcraft pull' won't be required to work forever
19:23 <infinity> (Note that this isn't just a concern for by-default-on-images stuff, but literally any GPL thing in the store, and I've mentioned it repeatedly)
19:23 <vorlon> or rather that there's no way to cause it to work forever
19:24 <vorlon> since 'snapcraft pull' is doing the bit to pull from upstream repos, which may have disappeared, or had tags rudely changed, or just had tags not specified, etc
19:24 <infinity> Right, if snapcraft pull can't necessarily work forever, then we need a tarball (or similar) of *The Source* that matches those shipped binaries.
19:26 <vorlon> right; so in my mind, the ideal is that this source is the git repo which is staged in LP prior to the snap build, and which could have handwavy acls that prevent the user from deleting it after
19:26 <infinity> We can't just say "eh, in six years, that source might accidentally go away, no big deal".  My source ISOs I generate to match binary ISOs should include the source tarballs for shipped snaps, and the store should have sources easily available for any free software (and especially GPL) binary shipped.
19:27 <vorlon> rather than a tarball spit out by lp itself, which ok, then you have the source, but then you can't reinject that tarball to do a maintenance build of the snap in question
19:27 <vorlon> (reinject a modified version of the tarball)
19:28 <infinity> So, how does a user of a snap trace back from their binary to the source, in a way where we can argue they're shipped together?
19:28 <stgraber> vorlon: why wouldn't you be? the source tarball would be a buildable snapcraft tree, so you can just unpack that in the git tree of the snap, apply your patch and push
19:28 <vorlon> infinity: that needs to be in metadata in the binary snap; apologies if I failed to capture that here as a requirement
19:28 <vorlon> stgraber: what does 'push' mean?
19:29 <vorlon> like, what are you pushing to where in launchpad, that doesn't look like a confusing special case and a break with the existing snap build process?
19:30 <stgraber> vorlon: you have a LP git tree which contains the snapcraft.yaml for your snap, you clone that git tree, you wipe it clean, you unpack your source tarball in there, you apply your patch, you commit everything, you git push, you go in LP and you click the snap build button, that builds without using any external deps and pushes to the store
19:30 <infinity> vorlon: *if* the snap has metadata pointing to the exact git commit on the exact branch in LP required to reproduce the build, *and* we have guarantees that said branches will never disapper from LP, I'm fine with that proposal.  Those things need to be spelled out, though.
19:30 <stgraber> well, it is the special case though, it's the case where the snap is abandoned and the security team needs to push an update ASAP
19:30 <vorlon> ok, so you push the entire tarball to the git repo that previously included only snapcraft.yaml.  At least that makes sense from a workflow POV
19:30 <stgraber> otherwise, normal updates will be pushed by the upstream who will keep updating their snapcraftl.yaml to keep working
19:31 <vorlon> but then my question is why you don't always just push all the source to that git repo and build from it
19:31 <infinity> vorlon: I think I still need a way to pull all of that into source ISOs, for the "shipping physical media to consumers and not having to worry about written offer BS" crowd, but meh.
19:31 <stgraber> vorlon: no real reasons you couldn't other than pushing hundreds of megs of stuff into a git repo isn't all that much fun
19:32 <vorlon> maybe the deltas are smaller than that? :)
19:32 <vorlon> so should I take the action to refine the language about source retention before we vote?
19:33 <infinity> vorlon: Anyhow, my TLDR is that I don't need the design to precisely match my specs or stgraber's, but I do need the document to spell out exactly how source retention and GPL-compliance will be handled before I can sign off on it.
19:33 <infinity> vorlon: And if that needs some round-trips with the snapcraft and store teams to make sure the lanaguage matches what reality will be, so be it. :)
19:34 <infinity> vorlon: I'd also like (but won't block my vote on) some discussion around WTF we do about people like me who don't use do-release-upgrade because, well, I upgrade on release day before any of that works.
19:34 <infinity> vorlon: And, thus, if I had installed with snaps in 18.04, I'd be stuck on 18.04 snaps.. Indefinitely?
19:35 <vorlon> infinity: well, I think the mvo philosophy is that the release notes are the text version of u-r-u
19:35 * infinity grumbles.
19:35 <infinity> u-r-u was never meant to do heavy lifting, any code there was meant to be hackish workarounds for things we screwed up in packages. :P
19:36 <infinity> Not an excuse to avoid smooth upgrades.
19:36 <mdeslaur> I feel like snapd should handle release migrations itself
19:36 <infinity> It likely should.
19:36 <vorlon> snapd doesn't define the policy
19:36 <vorlon> so how should it handle the migration?
19:37 <vorlon> I would argue that if you're going to try to automate this for a user that did apt dist-upgrade before release, it should be implemented as an u-r-u fix-up mode
19:37 <infinity> It knows what release it's running on.  If you have snaps from ubuntu-18.04 and you're now running 18.10, could it not just flipperoo?
19:37 <mdeslaur> hrm
19:38 <infinity> Assuming we declare those branches as reserved keywords that mean "snaps for this release".
19:38 <vorlon> infinity: as a version-guarded one-time change in the postinst?
19:38 <mdeslaur> if we're going to name channels after releases, it should be smart enough to handle release upgrades
19:38 <vorlon> snapd isn't what names the channels
19:38 <vorlon> and the maintainers of snapd aren't the owners of the distro policy
19:39 <infinity> vorlon: Less sure about specifics.  But unless the new channels are available and populated on release opening day (seems unlikely), it's probable that the migration would be staggered for early adopters.
19:39 <vorlon> so I find it awkward to have the policy implemented in a maintainer script of a package that is owned by a team that's a fair bit removed from the upgrade handling generally
19:40 <vorlon> infinity: the channels *should* be opened on release opening day; we don't get daily image builds for the new series until they exist
19:40 <infinity> snapd tries to refresh on the regular anyway, it seems sensible that it would scan for a channel for your current release and flip you if it's found.
19:41 <infinity> This also gives third-party people a smooth way to do stable channels per release.
19:41 <infinity> Cause it would just magically DTRT on upgrade.
19:41 <infinity> (If they desire such a thing)
19:41 <infinity> Indeed, I was thinking about this when I got switched from lxd debs to snaps.
19:41 <mdeslaur> adding the release to the channel name is a workaround to snapd not knowing and not handling releases
19:42 <infinity> And it asked what I wanted (3.0 or dev or something like that?) and I wondered how it can ever return me to what we think is "right" for an LTS, eg.
19:42 <vorlon> and what does it do when the user has manually selected the 18.04 channel but is running 18.10?  I don't agree that snapd magicking this is an answer
19:42 <mdeslaur> it does the same thing as when a user manually installed a package from xenial into bionic
19:42 <vorlon> mdeslaur: I don't agree.  I don't think there's anything that snapd should know here at all
19:43 <vorlon> mdeslaur: if the user manually installed a xenial package on bionic, they can then pin it
19:43 <vorlon> the proposal here is an entirely new magic mechanism for snapd to know which channels you want, that then needs override controls when it's wrong
19:44 <infinity> Does it have no concept of state?
19:44 <vorlon> all to solve the problem that a handful of people who work on the distro itself don't use u-r-u
19:44 <vorlon> infinity: of course it does.  the state is that "something external to snapd has selected ubuntu-18.04 as a channel".
19:45 <infinity> If you select 18.04 on 18.10 when 18.04 and 18.10 exist, you wanted 18.04, weirdo.  If 18.10 suddenly appears and you're on 18.10, you want to upgade, same logic as apt and new versions.
19:45 <infinity> And by "you", I mean a human request, not an installer.
19:46 <infinity> I'd wager more than a handful of people don't use u-r-u.
19:46 <vorlon> well, we're spending a lot of time here on something you said was not a blocker
19:46 <infinity> Of course, I'd also argue that the more we talk about how to integrate snaps in the distro, the more I'm convinced it's not really a reasonable thing to be doing.
19:46 <infinity> So... Yay?
19:46 <vorlon> I'm sure there are lots of people who *don't* use u-r-u.  But that doesn't mean they *shouldn't* be using u-r-u or that we should spend extra engineering effort supporting them
19:47 <infinity> If we refuse to let snapd have any knowledge about releases and how to interact with release upgrades, it's just plain not a first-class citizen here.  An external tool to fudge it isn't making that better.
19:50 <infinity> Anyhow, I think we've wasted enough time being grumpy about all of that, and the source retention policy stuff is more important and still an open question, so ending this.
19:50 <mdeslaur> infinity, stgraber: do you have any other objections to the policy other than the source availability?
19:51 <stgraber> nope, that's the only issue I have with it at this time
19:51 * infinity vorlon to circle around with store, snapcraft, et all, and revise the snap source revision policy to be more clear.
19:51 <vorlon> ack
19:51 <vorlon> thanks
19:51 <infinity> mdeslaur: The upgrade thing will nag at me, but like I said before we started arguing about it, I won't block on that.  Source retention is my blocker.
19:52 <infinity> #topic doko's stuff.
19:52 <mdeslaur> infinity: ack, thanks
19:52 <infinity> We still have three bullet points from doko on the Agenda.  Do we want to do anything about those?  Any discussion?  Delete them so I can stop looking at them every two weeks?
19:53 <vorlon> infinity: +1, with notification to doko that this has been done
19:55 <stgraber> +1 on dropping
19:55 <infinity> vorlon: As long as someone other than me does the notifying.  doko's already pretty sure I hate him. :P
19:55 <mdeslaur> lol
19:56 <infinity> #topic Mailing List!
19:56 <vorlon> heh
19:57 <infinity> So, TB elections started, and then stopped again.  Exciting times.  Go, democracy.
19:57 <infinity> I assume it'll re-start again soon with a fixed ballot. :P
19:57 <stgraber> hopefully will take less time to setup than last time around :)
19:57 <infinity> And then there's the bit about switching the default Ubuntu VCS to git.  Which appears to have happened.
19:57 <infinity> So yay to that.
19:58 <infinity> #topic Community Bugs
19:58 <infinity> None. :(
19:58 <infinity> The community needs to bug us more.
19:58 <infinity> #topic Next Chair
19:59 <infinity> Looks like kees with mdeslaur as backup, if we don't all get replaced in the election that may or may not happen.
19:59 <mdeslaur> sounds good to me
19:59 <infinity> #topic AOB
19:59 <infinity> You have 30 seconds for other business before I close this mess and go think about all the life decisions that led me here.
20:00 <mdeslaur> lol
20:00 <infinity> #endmeeting