#ubuntu-meeting log

14:31 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
14:31 <meetingology> Meeting started at 14:31:50 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
14:31 <meetingology> Available commands: action, commands, idea, info, link, nick
14:31 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage
14:32 <didrocks> hey cpaelzer
14:32 <cpaelzer> #topic current component mismatches
14:32 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:32 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
14:32 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
14:32 <cpaelzer> nothing new in there
14:32 <cpaelzer> as I said, the last few calm weeks :-)
14:32 <slyon> o/
14:32 <cpaelzer> wb slyon
14:32 <cpaelzer> #topic New MIRs
14:32 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
14:32 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
14:33 <sarnold> good morning
14:33 <sarnold> oh my
14:33 <cpaelzer> so much for calm
14:33 <cpaelzer> but hey I've wanred about that a few weeks ago
14:34 <slyon> haha that's plenty of ruby MIRs
14:34 * didrocks removes his hand from the alarm button then
14:34 <cpaelzer> to be fair
14:34 <cpaelzer> it is a lot of very small usually easy packages
14:34 <sarnold> o/~ to be faaiir o/~
14:34 <cpaelzer> instead of a single super massive one
14:34 <cpaelzer> hehe
14:34 <cpaelzer> ok let us talk about the non-pcs one first
14:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libgit2/+bug/1990655
14:35 <didrocks> I haven’t noticed that slyon answered, the status is wrong though
14:35 <cpaelzer> that is the other known "there will be more" case by schopin
14:35 <didrocks> I need to have a reread and asses on libgit2, I will do that
14:35 <didrocks> (tomorrow probably)
14:35 <cpaelzer> ok, so I'll re-assign it to you for now didrocks
14:36 <cpaelzer> and depending on the outcome it goes to ack/nack/security next
14:36 <didrocks> yep
14:36 <cpaelzer> now around PCS
14:37 <cpaelzer> this was all meant to be doen in 22.10 but the dependency tree exploded on us
14:37 <cpaelzer> as you can see
14:37 <cpaelzer> I've asked to at least provide it very early for 23.04 because the item will move there
14:37 <cpaelzer> let us first distribute the "easy" ones - which are the 14 ruby-* cases
14:38 <cpaelzer> how about round robin them between the four of us being joalif didrocks slyon and myself ?
14:38 <joalif> yup
14:38 <cpaelzer> that would be 3 or 4 of them for each of us
14:38 <didrocks> yeah, please note I have another pending, failing to trying to get one assigned and no time for review
14:38 <didrocks> but at least, for those, before 23.04 opens, that should be doable
14:38 <cpaelzer> yep
14:38 <slyon> yes, though I might not be able to get all of them reviewed by next week.
14:39 <cpaelzer> hehe
14:39 <cpaelzer> that is totally fine
14:41 <cpaelzer> ok that set is done
14:41 <cpaelzer> you can reload the list now that the view is clearer
14:41 <sarnold> wow :)
14:41 <cpaelzer> we have pcs itself, two python* and "thin"
14:42 <cpaelzer> I guess in complecity this is (descending) pcs > tornado (but easier as it was in main before) > thin > dacite
14:42 <cpaelzer> this is again 4
14:42 <cpaelzer> one each?
14:42 <cpaelzer> any preference?
14:43 <cpaelzer> since I'm the manager of the team driving it I'd prefer not to do pcs itslef for political reasons
14:43 <cpaelzer> other thna that I'm happy on any of them
14:43 <slyon> OK, maybe something in the middle for me thin or tornado
14:43 <cpaelzer> ok tornado it will be
14:43 * didrocks picks randomly a python one, let’s take python3-dacite
14:44 <cpaelzer> joalif: are you ok to take PCS itself or does that make you cursing my name for the rest of the day?
14:44 <joalif> LOL
14:44 <joalif> cpaelzer: that's ok :)
14:44 <cpaelzer> to be clear - on this barrage no one expects a return of all next week
14:44 <cpaelzer> aim for 1-2 per week and we should be good
14:45 <didrocks> sounds good to me, let’s hope we don’t get the cargo stuff at the same time :)
14:46 <cpaelzer> we knew both will come
14:46 <cpaelzer> and one had to be earlier
14:46 <cpaelzer> if cargo comes next week it will just enqueue and still be ok
14:46 <cpaelzer> at the intended 1-2 per week that will still be very early in the 23.04 cycle
14:46 <didrocks> yes
14:46 <cpaelzer> and then sarnold knows his queue early on and can call for addition reviewers on security
14:46 <cpaelzer> #topic Incomplete bugs / questions
14:46 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:47 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
14:47 <cpaelzer> libgit (we talked) and tuned (old)
14:47 <cpaelzer> nothing to discuss here IMHO
14:47 <didrocks> yeah, tuned still has no response…
14:47 <cpaelzer> oh well 27th Sept ??
14:47 <cpaelzer> yeah that was you incompleting it
14:47 <cpaelzer> ok
14:47 <cpaelzer> #topic MIR related Security Review Queue
14:47 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
14:47 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
14:48 <cpaelzer> no surprises here
14:48 <cpaelzer> sarnold: now that the plan for 23.04 slowly gets real - how about those smartcard things there?
14:48 <cpaelzer> will they be back on the roadmap?
14:48 <sarnold> I don't think much was done in the last week; mark is workingo n putting together a fuzz test harness for editorconfig-core
14:49 <cpaelzer> was that after you tried to say no
14:49 <sarnold> cpaelzer: heh, that's a good question; I think we have a meeting on our agenda with desktop team to see if that's still desired
14:49 <cpaelzer> and then realized it is already in the archive (bundled)
14:49 <cpaelzer> sarnold: is that a breakout session on one of the sprints?
14:49 <sarnold> cpaelzer: it should eb, yeah, thanks for the reminder, I'll doublecheck it :)
14:50 <cpaelzer> sarnold: while checking (I couldn't find it) could you ask for my name to be added to the invitee list please?
14:50 <sarnold> it's not great for editorconfig to be bundled into one program, but at least that limits the scope of flaws to whoever runs that one program, not all the dozen editors that use it
14:50 <sarnold> will do!
14:50 <cpaelzer> thanks
14:50 <cpaelzer> and that is an interesting insight into potential benefits of bundled sources :-)
14:50 <sarnold> yes :)
14:50 <cpaelzer> oh we forgot
14:50 <cpaelzer> Internal link
14:51 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
14:51 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
14:51 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
14:51 <cpaelzer> well I forgot
14:51 <cpaelzer> now we
14:52 <cpaelzer> ncie confusion
14:52 <cpaelzer> smartcard has a pcscd
14:52 <sarnold> yes :(
14:52 <cpaelzer> and we now entered pcs and pscd for HA
14:52 <cpaelzer> not to be mistaken for pcscd
14:52 <cpaelzer> arr
14:52 <cpaelzer> anyway, next agenda entry
14:52 <cpaelzer> #topic Any other business?
14:52 <sarnold> nothing here
14:52 <cpaelzer> none from me, except thanking you for spreading the pcs load
14:53 <didrocks> I have one
14:53 <slyon> didrocks: did you already have a chance to look into bug #1991508
14:53 <didrocks> so, I have not yet fully check for https://bugs.launchpad.net/bugs/1991508
14:53 <didrocks> slyon: this is what I told before, I haven’t the time to start it
14:53 <didrocks> however, this is another case of new hardware support
14:53 <slyon> I was asked by Foundations to push for this as it seems to be required to build usable LiceeRV 22.10 images for the release
14:53 <didrocks> with no test
14:54 <didrocks> slyon: well, TBH, that request should have got scheduled way before FF :)
14:54 <didrocks> so, there is no testplan either
14:54 <didrocks> (I find that a lot of MIRs are too easily filled without fulfilling any test requirement)
14:54 <didrocks> I feel that at least, someone has access to the hardware somewhere
14:54 <didrocks> and there should be a written testplan
14:54 <cpaelzer> It ends in the usual "this should at least be a compromise - what testing could you offer" sitation
14:54 <slyon> I think the hardware is available at my team mates... but it would require a manual test plan, right?
14:54 <didrocks> what do people think?
14:55 <cpaelzer> yes a manual test plan and proof that it is executable (e.g. a sample log) is much better than <nothing>
14:55 <didrocks> yeah, and I am a little bit unhappy TBH that it’s the 3rd MIR in a row where the testing requirement is simply discared
14:55 <didrocks> (not only Foundation, but cross team)
14:56 <didrocks> I’m wonder how we can emphasize "If you don’t say what’s your plan on this, this is not even something we are considering"
14:56 <cpaelzer> yep, but each time we got at least something out of insisting which is better than just doing nothing
14:56 <cpaelzer> ack on that didrocks
14:56 <cpaelzer> people should try to comply without us rejecting it first to force it
14:56 <didrocks> yeah, it’s just that maybe the test is no clear enough? Should we use bold/scary message on the template? :p
14:56 <slyon> ack on that, indeed
14:57 <cpaelzer> didrocks: I'm happy to make it more scary, but I do not have great words for it in cache atm
14:57 <sarnold> there is a comment in the description, "we commit to install and test this package for each new kernel that would be released, which is enough to make sure it still works"
14:57 <cpaelzer> whoever gets to it is welcomed to throw a PR at https://github.com/canonical/ubuntu-mir
14:57 <didrocks> sarnold: right, but this is not a testplan, written down
14:57 <sarnold> ahh
14:57 <didrocks> and what if the person writing this has this somewhere on his head and leave?
14:57 <didrocks> hence writing is better :)
14:58 <slyon> didrocks: do you see any chance this licheeRV MIR could be resolved ahread of release if a testplan is provided in a timely manner?
14:58 <slyon> (i.e. today/tomorrow?)
14:58 <cpaelzer> I mean what ar ewe trying to do here a) keep ubuntu great and b) ensure teams are not digging their own grave - I think it is helpful (and not mean) to be more explicit what/why a test plan is expected
14:58 <didrocks> slyon: as you are in touch with whoever is pushing this to write the testplan? I still hope to be able to review it in parallel before EOW
14:58 <didrocks> I can’t commit for today/tomorrow unfortunately, as I’m already max out
14:58 <cpaelzer> didrocks: slyon: is this looking like it also needs a round of security?
14:59 <didrocks> doesn’t look like it (from the description)
14:59 <cpaelzer> it is a kernel module after all right?
14:59 <didrocks> right
14:59 <slyon> EOW should be fine, I guess. I'm in touch with Alex and Heinrich and will ask them to provide a testplan ASAP
14:59 <cpaelzer> ok, I'm sure you'll make the right call didrocks
14:59 <cpaelzer> and slyon will get the team crunching on completing this to be acceptable
14:59 <didrocks> kernel module, I will have to look how scary the code is
14:59 <cpaelzer> ok
14:59 <cpaelzer> any other - other topics?
14:59 <didrocks> slyon: sounds good, thanks!
14:59 <slyon> ok, thank you!
14:59 <joalif> i have one
14:59 <joalif> i'm reviewing libssh2
15:00 <cpaelzer> I'm slightly disctracted by other meetings now- but go joalif
15:00 <joalif> https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/1991650
15:00 <slyon> my other (parallel) meeting just ended :)
15:00 <cpaelzer> what is the question there joalif?
15:00 <joalif> libssh with same functionality in main, however chopin's argument "Regarding the feature duplication between libssh1 and libssh2, the Rust bindings for the latter are well-maintained and see substantial usage, whereas the former are barely used..Given that FFI bindings are one of the trickiest area of Rust in terms of unsafe code, I believe it safer not to try and port cargo to libssh1."
15:00 <joalif> sounds ok to me
15:01 <joalif> what do you think ?
15:01 <cpaelzer> to me that is a reasonable explanation why duplication is needed, although it makes me sad that we have to have two
15:01 <cpaelzer> let me check why the deps I knew have changed ...
15:01 <sarnold> I'm not sure they're as 'duplicate' as their names would sound, https://www.libssh2.org/libssh2-vs-libssh.html
15:02 <cpaelzer> oh they are not "the same"
15:02 <didrocks> puzzling
15:02 <schopin> They're similar enough that I thought justification was warranted :)
15:03 <joalif> yup, btw great work on MIR bug schopin
15:03 <sarnold> good instinct :)
15:04 <cpaelzer> what is holding libssh in main?
15:05 <cpaelzer> maybe they could switch to libssh2 as well?
15:05 <cpaelzer> oh I see, curl and cryptosetup and a few - hmm maybe not
15:05 <schopin> curl actually links against libssh2 by default upstream
15:05 <cpaelzer> I'm leaning to "it was tried to not duplicate too much => ok"
15:06 <cpaelzer> schopin: I was only looking at revdeps
15:06 <cpaelzer> maybe once libssh2 is in we could do a check which could/would check
15:06 <cpaelzer> qemu would be ok to change IIRC
15:06 <cpaelzer> you say curl as well
15:06 <cpaelzer> libvirt would be ssh2 compat as well
15:07 <schopin> I'll put that as a roadmap idea for next cycle :)
15:14 <cpaelzer> thanks schopin
15:14 <cpaelzer> and by that and no other comment
15:14 <cpaelzer> let us close this meeting for today
15:14 <cpaelzer> thank you all!
15:14 <sarnold> thanks cpaelzer, all :)
15:14 <cpaelzer> #endmeeting