17:01 #startmeeting 17:01 Meeting started Tue Mar 14 17:01:17 2017 UTC. The chair is slangasek. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 17:01 17:01 Available commands: action commands idea info link nick 17:01 :-) 17:01 [TOPIC] Apologies 17:01 none received on the mailing list 17:02 kees: are you here? 17:02 we have mdeslaur infinity slangasek; no sign of stgraber on channel 17:03 [TOPIC] Action review 17:03 * slangasek infinity to follow up with maas SRU exception 17:03 infinity: any news there? 17:03 No news is good news? 17:03 That's a thing, right? 17:03 well, that hardly stops the maas SRUs from coming in :) 17:03 heh 17:03 if you haven't made progress I'd like to suggest a path forward? 17:04 I need to make some time to go back to what is and isn't documented and JFDI. Said time has not been made. 17:04 I've recently started forcing people who are asking for SRU exceptions to do the work of preparing a wiki page like https://wiki.ubuntu.com/CurtinUpdates 17:05 and then once it's approved by a member of the SRU team, we update the main wiki page with a link to it 17:05 this puts the burden on the team that is asking for the SRU, which might work better than having you responsible for it 17:05 That sounds not unreasonable. 17:05 infinity: would you follow up with the maas team and tell them to do this? 17:05 *nod* 17:06 [ACTION] infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates 17:06 * meetingology infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates 17:06 cool, next 17:06 * slangasek infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing (ETA: 16.04.2 release) 17:06 I guess this didn't happen before 16.04.2 :) 17:06 That ETA is clearly a lie now. But another short deferral. 17:06 This also dovetails into your email about custom kernel support that I need to reply angrily to. 17:07 hmm :) 17:07 ok 17:07 [ACTION] infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing 17:07 * meetingology infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing 17:07 * slangasek slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests 17:08 in practice I guess we're already relying on the fallback 17:08 but I would still like to sort this out, it just hasn't been a high priority 17:08 anybody mind if I keep this todo on my list? :) 17:08 heh 17:09 hearing no objections... 17:09 [ACTION] slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests 17:09 * meetingology slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests 17:09 * slangasek slangasek to follow up to snapd-glib SRU exception request 17:09 I don't remember where this one got to 17:10 guess I just need to dig that out of the mail and reply to it, telling them to do the same thing as MAAS 17:10 will follow up today 17:10 [ACTION] slangasek to follow up to snapd-glib SRU exception request 17:10 * meetingology slangasek to follow up to snapd-glib SRU exception request 17:11 now, there's an item on the wiki page which I think was discussed last time and I failed to take it off? 17:11 also, sorry, I'm making a late add of an agenda topic... right now 17:11 yeah, we discussed that last week 17:12 on the email I just sent to the list re: walinuxagent 17:12 [TOPIC] walinuxagent 17:12 [LINK] https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html 17:12 any chance either of you had time to read this mail, which was sent at 17:01 UTC? ;) 17:12 I read it 17:13 mdeslaur: questions/concerns/feedback? 17:13 I think the reasoning is sound, and I don't have any objections 17:13 my only concern is how the code which is pulled down is validated 17:14 I haven't looked at it at all, is it sane? 17:14 mdeslaur: the endpoint is secured with SSL; there's no code signing that I'm aware of 17:14 How it's validated and/or how the source is validated. 17:15 SSL works if it's a static host we're pulling from, and we're not ignoring SSL host mismatches in the code. 17:15 I have an email thread with MS about how control of publishing code to that endpoint is managed, I would need to check with them before sharing details; I'll just say it seems reasonable, and again I don't think we should be setting a higher security bar for that endpoint than we do for the cloud substrate itself 17:17 infinity: that mostly relies on the underlying python libraries to enforce, AIUI; but the endpoint itself is supposed to be not spoofable 17:17 (as in, no arp/dns spoofing allowed) 17:17 Well, the libraries, and how you call the connect methods. 17:17 hrm, python 2 code...not sure how well ssl certs and hostnames are being checked 17:17 But yes. 17:17 should be python3 17:18 ah, yes, it is 17:18 ok 17:18 could we take a vote on this, so there's a record of this agreement? 17:18 sure 17:18 [VOTE] Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html 17:18 Please vote on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html 17:18 Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname) 17:18 Anyhow, I'm not super fond of the idea, but if we can't get them to push all their stuff to the archive, we don't really have a choice either. 17:19 yeah, it's not very archive-able 17:19 +1 17:19 +1 received from slangasek 17:19 +1 17:19 +1 received from mdeslaur 17:19 +1 17:19 +1 received from infinity 17:19 uh how do I end a vote again? 17:19 [ENDVOTE] 17:19 Voting ended on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html 17:19 Votes for:3 Votes against:0 Abstentions:0 17:19 Motion carried 17:19 got it :) 17:19 I could see this having more interesting use-cases in heterogenous clouds where the running software might want to change behaviour (or version) based on the compute node you're on. 17:19 [TOPIC] Mailing list archive 17:20 So, as a general policy, it's not awful. 17:20 * slangasek nods 17:20 mailing list, there's a request from bdmurray to extend cyphermox's DMB membership to allow coverage for a vote 17:20 this seems noncontroversial to me, any objection to me JFDI? 17:21 Go nuts. 17:21 no objection from me 17:21 [ACTION] slangasek to extend cyphermox DMB membership to cover next election 17:21 * meetingology slangasek to extend cyphermox DMB membership to cover next election 17:21 yes, please ;) 17:21 I see nothing else new on the mailing list 17:22 [TOPIC] community bugs 17:22 [LINK] https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard 17:22 zarro boogs 17:23 [TOPIC] Select a chair for the next meeting 17:23 looks like stgraber, with infinity as backup? 17:23 Yep. 17:24 [AGREED] next TB meeting Tuesday, March 28 @ 17:00 London Time; stgraber chair; infinity backup 17:24 [TOPIC] AOB 17:24 anything else? 17:25 nope 17:25 #endmeeting