#ubuntu-meeting-2 log

17:01 <slangasek> #startmeeting
17:01 <meetingology> Meeting started Tue Mar 14 17:01:17 2017 UTC.  The chair is slangasek. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
17:01 <meetingology> 
17:01 <meetingology> Available commands: action commands idea info link nick
17:01 <slangasek> :-)
17:01 <slangasek> [TOPIC] Apologies
17:01 <slangasek> none received on the mailing list
17:02 <slangasek> kees: are you here?
17:02 <slangasek> we have mdeslaur infinity slangasek; no sign of stgraber on channel
17:03 <slangasek> [TOPIC] Action review
17:03 * slangasek infinity to follow up with maas SRU exception
17:03 <slangasek> infinity: any news there?
17:03 <infinity> No news is good news?
17:03 <infinity> That's a thing, right?
17:03 <slangasek> well, that hardly stops the maas SRUs from coming in :)
17:03 <mdeslaur> heh
17:03 <slangasek> if you haven't made progress I'd like to suggest a path forward?
17:04 <infinity> I need to make some time to go back to what is and isn't documented and JFDI.  Said time has not been made.
17:04 <slangasek> I've recently started forcing people who are asking for SRU exceptions to do the work of preparing a wiki page like https://wiki.ubuntu.com/CurtinUpdates
17:05 <slangasek> and then once it's approved by a member of the SRU team, we update the main wiki page with a link to it
17:05 <slangasek> this puts the burden on the team that is asking for the SRU, which might work better than having you responsible for it
17:05 <infinity> That sounds not unreasonable.
17:05 <slangasek> infinity: would you follow up with the maas team and tell them to do this?
17:05 <infinity> *nod*
17:06 <slangasek> [ACTION] infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates
17:06 * meetingology infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates
17:06 <slangasek> cool, next
17:06 * slangasek infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing (ETA: 16.04.2 release)
17:06 <slangasek> I guess this didn't happen before 16.04.2 :)
17:06 <infinity> That ETA is clearly a lie now.  But another short deferral.
17:06 <infinity> This also dovetails into your email about custom kernel support that I need to reply angrily to.
17:07 <slangasek> hmm :)
17:07 <slangasek> ok
17:07 <slangasek> [ACTION] infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing
17:07 * meetingology infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing
17:07 * slangasek slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
17:08 <slangasek> in practice I guess we're already relying on the fallback
17:08 <slangasek> but I would still like to sort this out, it just hasn't been a high priority
17:08 <slangasek> anybody mind if I keep this todo on my list? :)
17:08 <mdeslaur> heh
17:09 <slangasek> hearing no objections...
17:09 <slangasek> [ACTION] slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
17:09 * meetingology slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
17:09 * slangasek slangasek to follow up to snapd-glib SRU exception request
17:09 <slangasek> I don't remember where this one got to
17:10 <slangasek> guess I just need to dig that out of the mail and reply to it, telling them to do the same thing as MAAS
17:10 <slangasek> will follow up today
17:10 <slangasek> [ACTION] slangasek to follow up to snapd-glib SRU exception request
17:10 * meetingology slangasek to follow up to snapd-glib SRU exception request
17:11 <slangasek> now, there's an item on the wiki page which I think was discussed last time and I failed to take it off?
17:11 <slangasek> also, sorry, I'm making a late add of an agenda topic... right now
17:11 <mdeslaur> yeah, we discussed that last week
17:12 <slangasek> on the email I just sent to the list re: walinuxagent
17:12 <slangasek> [TOPIC] walinuxagent
17:12 <slangasek> [LINK] https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
17:12 <slangasek> any chance either of you had time to read this mail, which was sent at 17:01 UTC? ;)
17:12 <mdeslaur> I read it
17:13 <slangasek> mdeslaur: questions/concerns/feedback?
17:13 <mdeslaur> I think the reasoning is sound, and I don't have any objections
17:13 <mdeslaur> my only concern is how the code which is pulled down is validated
17:14 <mdeslaur> I haven't looked at it at all, is it sane?
17:14 <slangasek> mdeslaur: the endpoint is secured with SSL; there's no code signing that I'm aware of
17:14 <infinity> How it's validated and/or how the source is validated.
17:15 <infinity> SSL works if it's a static host we're pulling from, and we're not ignoring SSL host mismatches in the code.
17:15 <slangasek> I have an email thread with MS about how control of publishing code to that endpoint is managed, I would need to check with them before sharing details; I'll just say it seems reasonable, and again I don't think we should be setting a higher security bar for that endpoint than we do for the cloud substrate itself
17:17 <slangasek> infinity: that mostly relies on the underlying python libraries to enforce, AIUI; but the endpoint itself is supposed to be not spoofable
17:17 <slangasek> (as in, no arp/dns spoofing allowed)
17:17 <infinity> Well, the libraries, and how you call the connect methods.
17:17 <mdeslaur> hrm, python 2 code...not sure how well ssl certs and hostnames are being checked
17:17 <infinity> But yes.
17:17 <slangasek> should be python3
17:18 <mdeslaur> ah, yes, it is
17:18 <mdeslaur> ok
17:18 <slangasek> could we take a vote on this, so there's a record of this agreement?
17:18 <mdeslaur> sure
17:18 <slangasek> [VOTE] Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
17:18 <meetingology> Please vote on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
17:18 <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
17:18 <infinity> Anyhow, I'm not super fond of the idea, but if we can't get them to push all their stuff to the archive, we don't really have a choice either.
17:19 <slangasek> yeah, it's not very archive-able
17:19 <slangasek> +1
17:19 <meetingology> +1 received from slangasek
17:19 <mdeslaur> +1
17:19 <meetingology> +1 received from mdeslaur
17:19 <infinity> +1
17:19 <meetingology> +1 received from infinity
17:19 <slangasek> uh how do I end a vote again?
17:19 <slangasek> [ENDVOTE]
17:19 <meetingology> Voting ended on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
17:19 <meetingology> Votes for:3 Votes against:0 Abstentions:0
17:19 <meetingology> Motion carried
17:19 <slangasek> got it :)
17:19 <infinity> I could see this having more interesting use-cases in heterogenous clouds where the running software might want to change behaviour (or version) based on the compute node you're on.
17:19 <slangasek> [TOPIC] Mailing list archive
17:20 <infinity> So, as a general policy, it's not awful.
17:20 * slangasek nods
17:20 <slangasek> mailing list, there's a request from bdmurray to extend cyphermox's DMB membership to allow coverage for a vote
17:20 <slangasek> this seems noncontroversial to me, any objection to me JFDI?
17:21 <infinity> Go nuts.
17:21 <mdeslaur> no objection from me
17:21 <slangasek> [ACTION] slangasek to extend cyphermox DMB membership to cover next election
17:21 * meetingology slangasek to extend cyphermox DMB membership to cover next election
17:21 <cyphermox> yes, please ;)
17:21 <slangasek> I see nothing else new on the mailing list
17:22 <slangasek> [TOPIC] community bugs
17:22 <slangasek> [LINK] https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard
17:22 <slangasek> zarro boogs
17:23 <slangasek> [TOPIC] Select a chair for the next meeting
17:23 <slangasek> looks like stgraber, with infinity as backup?
17:23 <infinity> Yep.
17:24 <slangasek> [AGREED] next TB meeting Tuesday, March 28 @ 17:00 London Time; stgraber chair; infinity backup
17:24 <slangasek> [TOPIC] AOB
17:24 <slangasek> anything else?
17:25 <mdeslaur> nope
17:25 <slangasek> #endmeeting