14:03 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
14:03 <meetingology> Meeting started Tue Jan 14 14:03:39 2020 UTC.  The chair is cpaelzer. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
14:03 <meetingology> 
14:03 <meetingology> Available commands: action commands idea info link nick
14:03 <cpaelzer> can you repeat for the log jamespage?
14:03 <jamespage> #link https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1859601
14:04 <jamespage> context is that we've split the ovn source package out of the openvswitch package (already in main).
14:04 <cpaelzer> as I said this morning, you already have my ack jamespage
14:05 <jamespage> the objective for 20.04 is to make OVN the default SDN for OpenStack on Ubuntu
14:05 <cpaelzer> as its source was in main before it has had reviews and such already
14:05 <jamespage> so I've seeded the required binaries into one of the server supported seeds
14:06 <cpaelzer> joeubuntu: you need to be the third vote to decide, do you agree that in such a case we can fast-path ack it to be promoted?
14:06 <joeubuntu> +1
14:07 <cpaelzer> jamespage: ok I'm setting the bug state
14:07 <jamespage> ta
14:07 <joeubuntu> for the reasons cpaelzer and jamespage  laid out.
14:07 <cpaelzer> jamespage: only it is listed as "unsubscribed"
14:07 <cpaelzer> jamespage: could you do the pkg-subscription for openstack team whie I change state
14:07 <jamespage> I sorted that out this morning - might not have refreshed yet
14:07 <cpaelzer> ah ok thanks
14:08 <cpaelzer> jamespage: the update is done, you just need to get an AAs attention as usual
14:09 <cpaelzer> other cases for discussion from you jamespage?
14:09 <jamespage> ta - no rush I'll chase one down if it does not happne
14:09 <jamespage> no - I think ceph-iscsi and nfs-ganesha are both with joeubuntu and the security team for review
14:09 <cpaelzer> ok then topic switch - I have an own bug(s) to discuss
14:09 * jamespage listens
14:10 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1819761 and https://bugs.launchpad.net/ubuntu/+source/runc/+bug/1817336
14:10 <ubottu> Launchpad bug 1819761 in containerd (Ubuntu) "[MIR] containerd" [Undecided,New]
14:10 <ubottu> Launchpad bug 1817336 in runc (Ubuntu) "[MIR] runc" [Undecided,New]
14:10 <cpaelzer> last discussed on the engineering sprint
14:10 <cpaelzer> let me summarize the background
14:10 <cpaelzer> 1. plenty of golang dependencies
14:10 <cpaelzer> 2. comes with the deps vendorized
14:10 <cpaelzer> 3. we were tasked to anaylze the dependencies if some of them are packaged
14:11 <cpaelzer> 4. this is a special case as runc/containerd will NOT stay at their version, they will get regular bumps to new major versions
14:11 <cpaelzer> like we did with docker.io in the past
14:11 <jamespage> and so their dependencies will change over time as well right
14:11 <jamespage> ?
14:11 <cpaelzer> yes jamespage, they will update
14:11 <cyphermox> cpaelzer: no, technically not a member anymore
14:12 <cpaelzer> cyphermox: :-/ but still o/
14:12 <cpaelzer> therefore the decision in Paris was that we'd want dependencies that have extra packages alrady in main (e.g. due to LXD work in the past) to use these packages
14:12 <cyphermox> cpaelzer: MIR is Canonical-specific, AFAIK; since I'm not Canonical anymore, I wouldn't necessarily be representing the best interests, but I'll be happy to give you my opinion on software when asked :)
14:13 <cpaelzer> if on a bump the vendored dependencies are needed on a newer level we'd swicth from package to vendored dependency
14:13 <cpaelzer> while the other vendored dependencies (since they'd move anyway and have no initial better review-path) can stay vendored
14:13 <cpaelzer> now the analysis is complete and was added to the bugs
14:13 <cpaelzer> TL;DR: none of the dependencies are in main already
14:14 <jamespage> concern - both juju and lxd are no longer shipped in the archive so are they archive maintainers for the packages that have been split out
14:14 <jamespage> ?
14:14 <jamespage> they/there
14:14 <cpaelzer> yes they are still
14:14 <jamespage> I suspect the LXD team where probably doing some of them
14:14 <cpaelzer> as usual with a MIR who brought it in owns it
14:14 <cpaelzer> but they might have dropped to universe since then
14:15 <jamespage> are they also in Debian?
14:15 <cpaelzer> most, but not all are packaged in Debian/Ubuntu
14:15 <jamespage> just considering that if they are Ubuntu only and end up with no reverse depends they might pop up on a potential to remove list
14:16 <jamespage> TBH I struggle to hate vendoring - on the one side I appreciate that its not the distro model and muddies the view of the world
14:16 <jamespage> on the other hand - its what upstream have tested with...
14:16 <jamespage> that said we've taken a similar approach in ceph
14:16 <joeubuntu> as long as we can  easily track the versions in the vendored code I am not against it.
14:16 <jamespage> (and that's not go)
14:16 <cpaelzer> jamespage: joeubuntu: what I'd want from you know is considering the above; the Paris discussion if you remember; and the bugs; then with me discuss/ack that we'll go forward on this case with the MIR and security review keeping dependencies vendored
14:17 <cpaelzer> kanashiro: ^^ if you want to chime in as well
14:17 <joeubuntu> I think we should proceed as planned in Paris .
14:17 <cpaelzer> kanashiro: ahasenack were the ones working on prepping the MIRs and the package
14:17 <cpaelzer> joeubuntu: ok, that would mean since nothing is in main we keep all vendored then
14:18 <jamespage> tbh I think that's the reality of where the packages would be in 6-9 months anyway
14:18 <jamespage> so at least if we've reviewed whats vendored we have a know good startline...
14:18 <doko> sorry, typing too much ...
14:18 <joeubuntu> We've got the ability to track it on our end, so I'm cool with it.
14:19 <cpaelzer> ok, I'd MIR ack the bugs then and "all that is left" is the security review then (a lot I know)
14:19 <cpaelzer> it already is assigned to security and on their trello
14:19 <cpaelzer> doko: anything to add since you are now with us?
14:19 <cpaelzer> we can give you a few min to inhale all the backlog here :-)
14:20 <joeubuntu> As an update we are down to 9 MIRs from a high of 14 in December.
14:20 <doko> not from my side
14:20 <kanashiro> do you mean a way to track the diff of vendorized deps between versions in both packages?
14:21 <cpaelzer> kanashiro: joeubuntu and all of seucrity will need to track if containerd has dependency A at version 1.2.3
14:21 <joeubuntu> kanashiro , if that is for me, we have the ability to track the version of vendorized code in all vendored packages
14:22 <cpaelzer> in case 1.2.3 becomes known to be affected to know that we also need to change the package that vendorized it
14:22 <joeubuntu> I can't recall the details of how... but the tools exist.
14:22 <cpaelzer> kanashiro: have you added the result of the package anylasis to both bugs already runc and containerd?
14:22 <cpaelzer> anylasis->analysis
14:23 <kanashiro> cpaelzer, I just need to add a comment to containerd bug, but I have it in my notes
14:23 <ahasenack> note we will have potentially two versions of vendor code in the archive: the package in universe, and the vendored code inside runc/containerd
14:23 <cpaelzer> I only see it on the runc bug
14:23 <cpaelzer> kanashiro: ok please add it there
14:23 <kanashiro> runc ibug is ok
14:23 <cpaelzer> ahasenack: yeah but that (two versions) is the natural consequence of vendorizing
14:23 <ahasenack> yep
14:23 <cpaelzer> ok I conclude that we are ok and will update the bug then
14:24 <cpaelzer> lets go on with the tail end of the "normal" MIR meeting
14:24 * kanashiro is copying and pasting his notes regarding containerd now
14:24 <cpaelzer> #topic Review of previous action items
14:24 <cpaelzer> I'm not aware of recent action items
14:24 <cpaelzer> anything for you others?
14:25 <cpaelzer> ok - I take that as a no, then ...
14:25 <cpaelzer> #topic New MIRs
14:25 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
14:25 <cpaelzer> there is https://bugs.launchpad.net/ubuntu/+source/gamemode/+bug/1853830
14:25 <ubottu> Launchpad bug 1853830 in gamemode (Ubuntu) "[MIR] gamemode" [Undecided,New]
14:25 <cpaelzer> from the Desktop team or Wimpress
14:26 <cpaelzer> anyone having extra context on that one?
14:27 <cpaelzer> didrocks: I know you are not here - but you'll read thids ping. Could you clarify if this is up for review or waiting on anything else?
14:27 <cpaelzer> It is there quite some time for not being mentioned before, therefore a pre-check by someone close to desktop could be useful
14:27 <cpaelzer> next list
14:28 <cpaelzer> #topic Incomplete bugs / questions
14:28 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
14:29 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/usbguard/+bug/1816548
14:29 <ubottu> Launchpad bug 1816548 in usbguard (Ubuntu) "[MIR] usbguard" [Undecided,Incomplete]
14:29 <cpaelzer> joeubuntu: did you (=security) and any desktop member get further on this one?
14:29 <cpaelzer> last was an update by jdstrand missing still some fixes
14:30 <cpaelzer> seb128 isn't here, didrocks could you ask internally if Desktop wants to re-emphasize or drop the efforts on usbguard?
14:31 <joeubuntu> cpaelzer It is still in progress by jdstrand
14:31 <cpaelzer> should it move from incomplete to new then?
14:31 <cpaelzer> as incomplete indicates waiting on the reporter
14:32 <joeubuntu> Let me check with jdstrand when he comes back.
14:32 <cpaelzer> ok, you have the powers to set tat state then if he agrees
14:32 <joeubuntu> yup
14:32 <cpaelzer> the last I see worth for discussion is https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061
14:33 <ubottu> Launchpad bug 711061 in openjpeg2 (Ubuntu) "[MIR] openjpeg2" [High,Incomplete]
14:33 <cpaelzer> had security review a) https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061/comments/62
14:33 <cpaelzer> which let doko set it to incomplete
14:33 <cpaelzer> then a lot of things happened
14:33 <cpaelzer> and we got https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061/comments/71
14:33 <cpaelzer> which is security review (b)
14:34 <cpaelzer> doko: joeubuntu: Is that ready for promotion now?
14:34 <cpaelzer> as (b) was an ack
14:34 <joeubuntu> Yes it was acked. promote
14:34 <cpaelzer> doko: or are you waiting on https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061/comments/70 ?
14:34 <ubottu> Launchpad bug 711061 in openjpeg2 (Ubuntu) "[MIR] openjpeg2" [High,Incomplete]
14:35 <joeubuntu> cpaelzer hold on,
14:35 <cpaelzer> holing ... :-)
14:35 <cpaelzer> +d
14:36 <joeubuntu> I  may be wrong...
14:36 <cpaelzer> I also don't see desktop-packages subscribed
14:37 <joeubuntu> I thought it was done, let me check with the team and get back via email.
14:37 <cpaelzer> joeubuntu: you could check with the team and then do a small update on the bug maybe?
14:37 <cpaelzer> directly on https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061
14:37 <ubottu> Launchpad bug 711061 in openjpeg2 (Ubuntu) "[MIR] openjpeg2" [High,Incomplete]
14:37 <joeubuntu> will do
14:38 <cpaelzer> thanks
14:38 <cpaelzer> so I guess we unblcoked all we heard about
14:38 <cpaelzer> #topic Any other business?
14:38 <cpaelzer> we had the two big discussion in the beginning
14:38 <cpaelzer> anything else?
14:39 <cpaelzer> ... no?
14:39 <cpaelzer> 3
14:39 <cpaelzer> 2
14:39 <cpaelzer> 1
14:39 <cpaelzer> than ks everyone
14:39 <cpaelzer> today was a rather big one, so thanks-twice!
14:39 <cpaelzer> #endmeeting