#ubuntu-meeting-2 log

16:01 <slangasek> #startmeeting
16:01 <meetingology> Meeting started Tue Jul  7 16:01:19 2015 UTC.  The chair is slangasek. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:01 <meetingology> 
16:01 <meetingology> Available commands: action commands idea info link nick
16:01 <slangasek> [TOPIC] Apologies
16:01 <slangasek> no apologies sent on the list
16:01 <slangasek> kees, infinity appear to be absent
16:02 <slangasek> but we nevertheless have a quorum, so carrying on :)
16:02 <slangasek> [TOPIC] Action review
16:02 * slangasek slangasek to forward complaint to Canonical legal
16:02 <slangasek> carried over, again
16:02 <slangasek> again, if anyone felt strongly about stealing this from me I wouldn't stand in their way, otherwise I'll keep it on my todo
16:03 <pitti> FTR, stgraber is on holidays?
16:03 <stgraber> no I'm not :)
16:04 <mdeslaur> he just wishes :)
16:04 <stgraber> :)
16:04 <slangasek> nope, we're all still working, no matter how much our brains are overheating in this weather ;)
16:05 <slangasek> [TOPIC] Mailing list archive
16:05 <slangasek> there was a mail from apw this morning, which I just saw in the queue and approved through
16:05 <slangasek> I'm guessing most people haven't read it yet
16:05 <pitti> ah, I already wondered
16:05 <slangasek> Subject: Ubuntu Fan Updates for Trusty and Vivid
16:05 <pitti> I quickly read through it, but I'm not entirely sure about the impact yet
16:06 <mdeslaur> I skimmed it, but I'd have to look at the patch to form an opinion
16:06 <slangasek> for those who don't know, Ubuntu Fan is a clever stateless network multiplexer
16:06 <slangasek> it's a useful feature to have on cloud instances running containers
16:06 <slangasek> apw had approached me and asked me if it was SRUable
16:06 <pitti> it sounds similar to IPv4LL and NAT, and all the other crazy things people do to avoid IPv6 :)
16:07 <slangasek> and I expressed concern that this doesn't really fit our existing SRU policy, so should be discussed at a higher level
16:07 <pitti> but AFAIUI this is mostly a new feature, ignoring some undocumented preview that was already in the trusty kernel
16:07 <slangasek> vivid kernel
16:07 <pitti> i. e. the regression potential is that someone made use of that in trusty, and it's going to change/break?
16:07 <pitti> ah
16:07 <pitti> so for trusty this is entirely new
16:07 <slangasek> yes, the risk of regression potential is fairly low because it's a new feature
16:08 <stgraber> my main concern is the changes to iproute2 and other core bits to support the feature
16:08 <mdeslaur> is this upstream yet? what are the odds that it gets changed in an incompatible way while going upstream?
16:08 <slangasek> however, the SRU policy has always been rather clear that new features don't belong in SRUs - with the exception of hardware enablement
16:08 <pitti> yeah, that's my main gripe with it -- there's no indication of whether this has ever been reviewed by kernel developers, or proposed for inclusion
16:08 <slangasek> we've moved the line a few times wrt hardware enablement, to accomodate cloud substrate requirements
16:09 <stgraber> so last I heard, it's not upstream and we're not actively pushing for it to be upstreamed in its current shape, it also uses kernel identifiers for the tunnel type which may potentially be used by another in-kernel tunneling technology at some point, causing a clash
16:09 <slangasek> but I don't think I can justify this under the current SRU policy, so I think there's a higher-level policy discussion to be had rather than just making exceptions
16:09 <pitti> (wrt. security/quality review, and general sanity)
16:10 <pitti> so while from a regresssion potential POV this seems manageable (assuming that iproute2 only gets new features, and no changed behaviour)
16:10 <stgraber> so basically from my point of view: 1) ubuntu-fan package itself is fine and safe 2) changes to iproute2 may be risky 3) in-kernel non-upstream tunnel technology when needing unique IDs for netlink is a risk too
16:10 <pitti> it feels like exposing millions of LTS users with a brand new and largely unreviewed kernel feature that will be exposed to the network is a bit premature
16:11 <slangasek> so, I'd appreciate it if we could separate our SRU team hats from our TB hats here, difficult as that is :)
16:11 <pitti> sure; this is all TB anyway, as it's clearly outside of SRU policy
16:12 <slangasek> when I asked apw to refer it to the TB, it wasn't because I wanted the TB to analyze the risks of this specific SRU
16:12 <slangasek> but to discuss whether the SRU policy should, or should not, allow for updates such as this
16:12 <stgraber> ah, simple answer then, it shouldn't
16:12 <pitti> personally I would never like to give out a blanket permit for things like this
16:13 <slangasek> pitti: well, I have the opposite response: that we shouldn't give /exceptions/ for things like this :)
16:13 <pitti> even with this concrete case I have some serious concerns, I don't see how to allow even more general cases
16:13 <stgraber> backporting of a new major feature into a LTS release is very clearly out of scope for the normal SRU process and as it's not something I want to see abused, I don't believe it makes sense to have the SRU policy allow this
16:14 <pitti> slangasek: that'ss a good point from the POV that general written-down policy is better than arbitrary exceptions that are handed to whoever shouts the loudest
16:14 <slangasek> if it's justifiable in the specific case (which it may not be), I think that we should address that in the SRU policy.  The SRU policy currently says we don't allow new features in, this is a new feature: is the policy wrong, or is the SRU proposal one we should reject
16:16 <slangasek> so I'd say that taking the pulse here suggests that we don't want this SRU
16:16 <pitti> hm, so we could imagine how the fan proposal would have to look like in order for us to consider it acceptable
16:16 <stgraber> do we really need to update the SRU policy to say that the TB can overule? to me it seems like its stating the obvious...
16:16 <pitti> and then generalize that?
16:16 <slangasek> shall we follow up on the mailing list?
16:16 <slangasek> stgraber: uh?  I'm in no way talking about codifying "the TB can overrule"
16:17 <mdeslaur> There is a lot of potential for abuse in letting new features in. Is having the power to rule on new features something the SRU team in interested in?
16:18 <slangasek> speaking only for myself as an SRU team member: no
16:18 <pitti> with my former SRU hat on: I wouldn't be
16:18 <slangasek> because having the power to rule on it means we'll be constantly asked to rule on it
16:18 <stgraber> so my point of view, is keep the SRU policy as is, no new features and have the SRU team reject anything that's a new feature. None of that prevents escalation through the TB for a specific exception as seems to be the case here.
16:19 <pitti> processing SRUs is enough work without having to argue about new features all the time
16:19 <pitti> I'd actually be okay with new features in LTSes under reasonable circumstances; we do it all the time already, after all
16:19 <pitti> (new landscape or maas versions, etc.)
16:19 <slangasek> stgraber: I would not be happy with the TB ever signing off on a specific exception to the new feature rule without being able to articulate a general principle
16:20 <pitti> but they should have a reasonably low potential for introducing new bugs and security holes, which this particular proposal totally fails at
16:20 <pitti> right -- e. g. for the HW enablement we have a generic justification in the policy
16:21 <pitti> so if/once we agree to this particular proposal, we could then generalize it and see on which grounds we accept it
16:22 <slangasek> fwiw my risk analysis of this particular SRU differs from yours - it's already in the vivid kernel, the vivid kernel will land in trusty as part of the hwe process, new kernels have a huge attack surface anyway for security holes and we have a kernel update cadence to deal with that
16:23 <stgraber> yeah, the kernel side isn't a big concern of mine because we don't force those on our existing users
16:23 <slangasek> I also think the SRU process is adequate for dealing with the risks of regression, and doesn't need direct TB involvement
16:23 <stgraber> iproute2 however is a bit more problematic
16:24 <slangasek> anyway, so far I'm hearing a pretty firm "no" - so I think the next steps are to take that back to the mailing list?
16:24 <pitti> well, we wouldn't push/force it into trusty unless we were planning to actually use that feature, no?
16:24 <pitti> i. e. in some cloud workload via iproute2?
16:25 <stgraber> well, the feature can be used by anyone, cloud or not, it just shows up as a bridge that you can use with docker, lxc, lxd, ...
16:25 <pitti> right, the normal kernel backporting process kind of gets us that through the backdoor, but it would be inert without userspace changes
16:25 <pitti> so it's much less adding the new kernel feature, but rather making use of that by our default tools
16:25 <stgraber> right, you need the ubuntu-fan package and tools to talk to iproute2 to talk to the new kernel netlink interface
16:26 <slangasek> but it's also not as if this is going to be activated on existing systems automatically; someone has to invoke it to make use of it
16:26 <pitti> in general I don't want to respond to these kinds of requests with a plain "no" (as there's usually a good use case behind it), but more with a "how"
16:26 <pitti> slangasek: it's not? that's not at all clear to me
16:27 <stgraber> yeah, as I said, I'm not too concerned about the kernel side of it. What I'm concerned with is modifying iproute2
16:27 <stgraber> because if iproute2 breaks somehow, that means no network on the affected machine and that's kinda bad
16:27 <mdeslaur> part of the issue here is this seems to be an ubuntu-specific feature
16:27 <pitti> slangasek: it's very easy to accidentally or deliberately enable it on upgrades
16:27 <slangasek> pitti: it certainly is not, it's a completely new bridge type
16:27 <mdeslaur> it's not as if it's a backport of something present in a new version
16:29 <slangasek> mdeslaur: it's a backport of something present in a new version of the package in Ubuntu.  I'm not sure from a policy perspective (as opposed to a risk analysis perspective) that we should distinguish between Ubuntu-specific vs. not
16:29 <pitti> right, "ubuntu specific" doesn't belong into SRU policy, that should be general development policy
16:29 <pitti> (FWIW, I really don't like having this in vivid either)
16:30 <mdeslaur> slangasek: policy no, but it certainly has an impact on the risk. Even more so if there actually are plans to get it upstream and that turns into a compatibility nightmare for users.
16:31 <pitti> so assuming it *was* a properly reviewed feature in vivid's kernel, I wouldn't have a problem with letting this migrate to trusty as well via the normal backport process
16:31 <pitti> the "change userspace to make use of it" is what I'd like to understand more, as right now it sounds awfully dangerous
16:32 <pitti> so the "how to make this palatable" would include an upstream review, plus a more detailled description of the current and planned userspace changes to iproute and other tools, and a regression potential analysis
16:33 <pitti> all of which is really unrelated to SRUing this to trusty, but should retroactively be done for vivid too
16:34 <slangasek> all of that still doesn't pass the SRU policy as it stands, and only supports making an exception?
16:35 <slangasek> I'm against making an exception
16:35 <pitti> as for the SRU policy, I think we can make an amendment for backporting features from stable releases to LTSes which have a negligible regression potential
16:35 <pitti> it shoudl still be ack'ed individually IMHO, but it would be a guideline what the TB would look at
16:36 <pitti> (TBH I have a bigger problem with the feature itself than with backporting it)
16:38 <slangasek> ok; so you think that at least potentially this is something that we would want codified in the SRU policy as allowable
16:38 <pitti> yes, I do
16:38 <mdeslaur> pitti: acked by who, the SRU team or the tech board?
16:38 <pitti> pitti | hm, so we could imagine how the fan proposal would have to look like in order for us to consider it acceptable
16:38 <pitti> pitti | and then generalize that?
16:38 <slangasek> I agree, though I'm not yet sure what shape it should take
16:39 <pitti> mdeslaur: my feeling is "TB" at least initially
16:39 <mdeslaur> ok
16:39 <slangasek> but I think we're racking up exceptions at this point (maas, juju, proposal for fan) and we should consider whether the current SRU rules are still meeting their purpose
16:39 <pitti> this shouldn't be a "toss over the fence" kind of thing, but similar to preliminary MREs
16:40 <pitti> slangasek: right, that's a good point; now that we do have a lot of MREs we have some experience when we allowed them
16:40 <slangasek> not just MREs :)
16:40 <pitti> and most of the time the "interview" looked fairly similar: automatic/manual test plans and QA procedures, how to ensure that upgrades don't break, regression potential analysis
16:41 <slangasek> [ACTION] slangasek to document maas, juju, docker exceptions on https://wiki.ubuntu.com/StableReleaseUpdates#Special_Cases
16:41 * meetingology slangasek to document maas, juju, docker exceptions on https://wiki.ubuntu.com/StableReleaseUpdates#Special_Cases
16:41 <pitti> slangasek: juju is on https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
16:42 <slangasek> pitti: yes, but it's not actually an MRE so I'm going to move it :)
16:42 <pitti> maas was proposed, but never got signed off because the interview wasn't finished
16:42 <pitti> slangasek: ack
16:42 <pitti> slangasek: I'm happy to look at our existing MacroReleaseExceptions and come up with a proposal for a policy amendment for next time
16:43 <slangasek> so - next steps?  should we evolve this on the mailing list?
16:43 <pitti> as I usually responded to the bulk of MRE requests on the ML anyway
16:43 <pitti> I think there's two steps:
16:43 <pitti> 1) amend the policy for new features in LTS (as that's clearly a direction we've gone in in the past years)
16:44 <pitti> 2) respond to that concrete case with our gripes and request for more information about them
16:44 <slangasek> pitti: do you want to drive #1?
16:44 <pitti> slangasek: yes
16:44 <mdeslaur> pitti: that sounds reasonable
16:44 <slangasek> [ACTION] pitti to propose amendment to general SRU policy for new features in LTS
16:44 * meetingology pitti to propose amendment to general SRU policy for new features in LTS
16:45 <slangasek> [ACTION] all to respond to the Ubuntu Fan SRU proposal on list
16:45 * meetingology all to respond to the Ubuntu Fan SRU proposal on list
16:46 <slangasek> [TOPIC] community bugs
16:46 <slangasek> https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard
16:46 <slangasek> empty
16:46 <slangasek> [TOPIC] Select a chair for the next meeting
16:46 <slangasek> I believe that's stgraber, with infinity as backup, yes?
16:47 <stgraber> yep
16:47 <slangasek> [INFO] Next meeting 2015-07-21, 17:00 London time.  Chair: stgraber (next: infinity)
16:48 <slangasek> anything else that I've missed?
16:49 <pitti> nice to have a "real" meeting for a change :)
16:49 <mdeslaur> hehe, yes :)
16:49 <pitti> nothing else from me
16:49 <slangasek> :)
16:49 <slangasek> #endmeeting