14:33 #startmeeting Weekly Main Inclusion Requests status 14:33 Meeting started at 14:33:11 UTC. The chair is didrocks. Information about MeetBot at https://wiki.ubuntu.com/meetingology 14:33 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage 14:33 Available commands: action, commands, idea, info, link, nick 14:33 #topic current component mismatches 14:33 Mission: Identify required actions and spread the load among the teams 14:33 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 14:33 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 14:33 nothing new apparently 14:33 #topic New MIRs 14:33 Mission: ensure to assign all incoming reviews for fast processing 14:33 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 14:34 ah, libssh2 as been added :) 14:34 it was a missing dep of libgit2 I think 14:34 any taker? I’m unsure to have time for this this week 14:34 i can take it 14:35 \o/ 14:35 thanks! I think there will be some fun discussion on libssh vs libssh2 and the security gods are looking :) 14:35 The other is MIR licheerv-rtl8723ds-dkms 14:36 this one seems to come back to the discussion of "drivers/tests" 14:36 I’m happy to have a first look, but I think we should really discuss what to do with those in the QA team 14:37 ok, let’s move to incomplete bugs 14:37 #topic Incomplete bugs / questions 14:37 Mission: Identify required actions and spread the load among the teams 14:37 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 14:38 re http-parser shall we discuss it now or later ? 14:38 we can now 14:38 so apart from the upstream project being unmaintained 14:39 the package is ok 14:39 foundations say they are ok to take over 14:39 and also debian is actively maintaining it 14:39 so do we say ack or nack ? 14:40 I would then say ack under those circumstances, sanoard, what would you be your vote? 14:40 if we kicked out everything that was unsupported upstream it'd be a vastly smaller distro, but there's no denying that http parsers don't feel like the right place to be orphaned :( 14:41 yep… 14:41 if foundations is really onboard with maintenance as it comes up, that's probably good, but I want to make sure foundations understands that it might be some really heavy lifting, in addition to the far more likely case of nothing needed at all 14:42 I think you can make those points during the security review :) 14:42 trust me, I will :D 14:42 I haven't assigned it yet to security, shall I then ? 14:43 I think you are good to go 14:43 has it been upgraded to the latest upstream version yet? 14:43 all my requirements are not answered though. schopin, do you plan on answering the other required TODOs? 14:43 (I would prefer avoiding another ping/pong on the bug) 14:43 oh, or was that for libgit2 only? 14:43 joalif was talking about http-parser 14:43 didrocks: IIRC the remaining TODO was better test coverage? 14:44 wait, are we talking about libgit2 or http-parser? 14:44 http-parser is ack 14:45 schopin: we are missing on libgit2 an answer for the autopkgtests requirements and also, if possible, the warnings issue as recommended TODO 14:45 (I don’t think we write the recommended TODOs for them just being fully ignored :p) 14:45 warnings are adressed in latest upload, still stuck in unapproved atm. 14:45 oh, excellent! 14:45 I need to check a few things first before adressing the test case 14:46 sounds good to me 14:46 can we keep it as incomplete for libgit2 until this is done? 14:46 makes sense to me 14:46 alright 14:47 moving on to you sarnold :) 14:47 #topic MIR related Security Review Queue 14:47 Mission: Check on progress, do deadlines seem doable? 14:47 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:47 Internal link 14:47 - ensure your teams items are prioritized among each other as you'd expect 14:47 - ensure community requests do not get stomped by teams calling for favors too much 14:47 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 14:47 mic is yours :p 14:48 it's a significantly smaller list than I expected :D much thanks to my team mates who have taken mirs this cycle; it's not down to zero, and probably can't get there in time for release, but I'm pretty happy with how things went 14:48 I'm hopeful that upstream for editorconfig-core will come up with some small changes to not expose user input directly to pcre2 without too much troubl 14:48 anything urgent/worth mentioning on the ones that will probably miss the deadline? (not blocking teams/deliverable for this cycle?) 14:48 but whether they'll be able to come up with something in the very short time left before release seems unlikely :( 14:49 nullboot and fdk-aac will probably not be started in time to make it for kinetic 14:49 indeeed 14:49 can you ensure that the MIR reporters are aware? 14:49 good idea, will do 14:49 excellent, thanks sarnold! 14:49 #topic Any other business? 14:49 (nothing for me) 14:49 nothing here 14:49 nothing 14:50 let’s get back those 10 minutes then, thanks everyone! 14:50 #endmeeting