#ubuntu-meeting log

15:30 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
15:30 <meetingology> Meeting started at 15:30:10 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
15:30 <meetingology> Available commands: action, commands, idea, info, link, nick
15:30 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage
15:30 <slyon> o/
15:30 <cpaelzer> o/
15:30 <jamespage> o/
15:30 <eslerm> o/
15:30 <eslerm> (sarnold is out)
15:31 <joalif> o/
15:31 <cpaelzer> welcome eslerm
15:31 <cpaelzer> #topic current component mismatches
15:31 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
15:31 <eslerm> thanks :D
15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
15:32 <cpaelzer> lots of jdk things
15:32 <cpaelzer> slyon: I expect that to be doko, or is this now within some dedicated team/people?
15:32 <slyon> cpaelzer: yeah, lots of c-m in general. I investigated jdk a bit. seems to be mostly related to the -doc package, maybe we can demote that. I'll try to get it cleared with doko (he's off today)
15:33 <cpaelzer> yes, if it really is a new -doc then add to extra excludes and be happy
15:33 <cpaelzer> next I see is glm -> highlights-js
15:33 <joalif> re glm->highlight.js I looked at it, glm pulls in highlight.js to enable syntax highlighting in a doc page
15:33 <joalif> it comes from debian https://salsa.debian.org/science-team/glm/-/commit/72cedac91ede1eac284796a5e1e1dcd0effb6303
15:33 <cpaelzer> glm itself is the mir team (not us, the Ui ones)
15:33 <joalif> the relevant upstream commit  https://github.com/g-truc/glm/pull/1120
15:34 <cpaelzer> does anyone have connections to them to ask?
15:34 <didrocks> (hey)
15:34 <cpaelzer> hi didrocks
15:35 <cpaelzer> having you here, do you still have connections to mir people?
15:35 <cpaelzer> to ask how to deal with glm?
15:35 <slyon> joalif: I wonder what happens if highlight.js is not installed? seems like "just" the highlighting wouldn't work?
15:35 <slyon> In this case we might be able to drop it to a suggests..
15:35 <slyon> (or rather the mir team should do this)
15:36 <cpaelzer> yeah, I'm looking for someone to own this - no matter how exactly it will be resolved
15:36 <didrocks> well, apart from RAOF, I don't, I can ping him, but he is kind of at the opposite side of the world :p
15:36 <joalif> that for sure, i'm not sure if it would impact the success of the build thoigh
15:36 <joalif> i haven't checked
15:36 <joalif> because it's used in debian/rules
15:36 <didrocks> let me try to follow up with saviq at worst
15:36 <joalif> https://www.irccloud.com/pastebin/5bQnDDfV/
15:37 <cpaelzer> let me ping on #ubuntu-release
15:37 <cpaelzer> done, let us continue
15:37 <cpaelzer> policykit-1 -> duktape
15:38 <slyon> joalif: ack I saw that... maybe we need to update that snippet to fail gracefully in case highlight.js is not found in /usr/share/javascript/highlight.js/*
15:38 <cpaelzer> thanks joalif and didrocks for getting glm analyzed and handled
15:38 <cpaelzer> last time we have seen policykit it was a false positive
15:38 <didrocks> correct
15:39 <cpaelzer> didrocks: do you want to look if this is one again?
15:39 <cpaelzer> slyon: libnet-dns-perl is for foundations
15:39 <slyon> if duktape is a false positive, we should add it to https://bugs.launchpad.net/ubuntu/+source/plzip/+bug/1980663
15:40 <slyon> ACK. I wasn't able to investigate any c-m besides jdk. but will take care of the foundations ones eventually
15:40 <cpaelzer> ok
15:40 <cpaelzer> wow
15:40 <cpaelzer> there are more when we scroll right
15:41 <cpaelzer> well that is how opening the archive feels
15:41 <cpaelzer> libsoup3 -> sysprof
15:41 <cpaelzer> desktop package
15:41 <didrocks> cpaelzer: I will double check policykit again
15:41 <cpaelzer> but I guess libsoup could be anywhere
15:42 <cpaelzer> let me grab checking libsoup
15:42 <cpaelzer> as the next is foundations again and I do not want to overload slyon
15:42 <cpaelzer> slyon: nvme-cli
15:42 <slyon> ok
15:42 <cpaelzer> -> libnvme libhugetlbfs
15:43 <cpaelzer> foundations has some items around nvme anyway
15:43 <cpaelzer> maybe you can pass this item on to whoever owns these this cycle after you made an initial check what is going on
15:43 <cpaelzer> looks like a new major version
15:43 <slyon> yes, I heard people talking about it in our standup today .)
15:43 <slyon> :)
15:44 <cpaelzer> ok, chase them down :-P
15:44 <cpaelzer> looking at the clock
15:44 <cpaelzer> oO
15:44 <cpaelzer> going on
15:44 <cpaelzer> #topic New MIRs
15:44 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
15:44 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
15:44 <cpaelzer> eslerm: is here and smartcard is in this list
15:44 <cpaelzer> oh I see
15:45 <cpaelzer> so the decision was "no need for now"
15:45 <cpaelzer> I've marked it incomplete
15:45 <cpaelzer> otherwise it looks as if it would wait on us
15:45 <eslerm> noted, thank you
15:45 <cpaelzer> dh-cargo is back up here
15:45 <cpaelzer> didrocks: you look afte rcargo - right?
15:45 <didrocks> yeah, cargo itself needed a second look
15:46 <didrocks> it’s the next one on my list, I need to refresh my memory first
15:46 <cpaelzer> ok and dh-cargo - wasn't assigned last time
15:46 <cpaelzer> probably due to the sprint keeping all of us busy
15:46 <cpaelzer> anyone always wanted to look at a dh tool?
15:46 <didrocks> I think I can, but would not commit it for next week
15:46 <cpaelzer> well you have the other one
15:46 <cpaelzer> let me take it instead
15:47 <didrocks> ack then :)
15:47 <cpaelzer> dh-cargo to me
15:47 <cpaelzer> but there is more
15:47 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libheif/+bug/1827442
15:47 <slyon> thanks, I was hesitnat to take it due to being "foundations internal"
15:47 <cpaelzer> agreed
15:47 <slyon> ^ this was brought up by steve the other day.
15:48 <eslerm> (dh-cargo was part of LP#1957932)
15:48 <cpaelzer> but he correctly said "probably want to have it updated using the new template in order to do a new review"
15:48 <cpaelzer> I expect someone in foundations doing the mentioned update
15:48 <cpaelzer> then we assign it here for a review
15:48 <cpaelzer> WDYT?
15:48 <slyon> sounds good. I'll find somebody in foundations
15:48 <cpaelzer> I updated the bug
15:49 <cpaelzer> also let them check if it is just heif or heif + the 265 libs
15:49 <cpaelzer> thanks slyon
15:49 <cpaelzer> gogin on
15:49 <cpaelzer> #topic Incomplete bugs / questions
15:49 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:49 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
15:50 <cpaelzer> all from just now except ..
15:50 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/ruby-eventmachine/+bug/1990580
15:50 <cpaelzer> is there something left for the server team?
15:50 <cpaelzer> reading ...
15:51 <cpaelzer> ok, lucas waits for joalif to confirm " I hope the explanation above clarifies everything for you."
15:51 <cpaelzer> does it @ joalif ?
15:52 <joalif> sorry in other mtg at the same time
15:52 <joalif> can you repeat
15:52 <cpaelzer> joalif: did the answer on https://bugs.launchpad.net/ubuntu/+source/ruby-eventmachine/+bug/1990580 satisfy you
15:52 <joalif> ok i'll look at it in a bit
15:53 <cpaelzer> If it does, assign security as they will be next to process it
15:53 <cpaelzer> if it does not - tell Lucas what is missing still
15:54 <cpaelzer> updated the bug to match that
15:54 <cpaelzer> #topic MIR related Security Review Queue
15:54 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
15:54 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:54 <cpaelzer> Internal link
15:54 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
15:55 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
15:55 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
15:55 <cpaelzer> and here we have eslerm stepping in for Seth for a while
15:55 <cpaelzer> he wanted to ask for new/other ways to express priorities - is that correct eslerm?
15:55 <cpaelzer> this is trhe moment to de-confuse all of us so we can agree on it :-)
15:55 <eslerm> during the sprint the Security Team discussed how to become more consistent with our response time to MIRs
15:55 <eslerm> we decided to write a status update each pulse (every two weeks) to update the MIR Team
15:55 <eslerm> I would like to publish the status report to a repo, but that will wait until Seth is back
15:56 <eslerm> I can email the status report to MIR Team members as well
15:56 <eslerm> the reports cannot be public, as there could be sensitive information in them
15:56 <eslerm> e.g., there is a novel security disclosure in the initial report
15:56 <eslerm> Open to questions, criticisms, and comments :)
15:56 <eslerm> the initial report is in Seth's vacation email
15:56 <cpaelzer> will that replace https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 then ?
15:57 <cpaelzer> that was used to prioritize
15:57 <eslerm> no, we could integrate the two
15:57 <cpaelzer> or will it only help to show your "answer" but not change any of your planning?
15:57 <eslerm> so that, everything pertinent is in jira but we would also have a higher level overview to put everything together
15:58 <cpaelzer> It sounds nice, but it also sounds complex
15:58 <cpaelzer> if this costs you a lot of time, then I'd say do not do it
15:58 <cpaelzer> if it helps you to organize yourself, then it is good
15:58 <slyon> I feel like the level of detail from seth's email is not really needed at the MIR meeting
15:58 <slyon> if so we could probably look it up in the jira card updates/comments?
15:58 <cpaelzer> as a TL;DR the MIR team never cared too much "how" you do it - as long as we can insert bugs into your todo-queue and have a feeling on when they will complete
15:59 <slyon> ^ this.
15:59 <didrocks> I agree with the point cpaelzer made
15:59 <cpaelzer> I agree to slyon that the meeting does not need that detail
15:59 <cpaelzer> that detail goes to the MIR - bugs
15:59 <cpaelzer> that is the one place - one per case
15:59 <eslerm> okay, if it sounds good, I'll do the status report internally to get security on one page and then update jira cards that way
15:59 <cpaelzer> that sounds fine to me eslerm
16:00 <cpaelzer> essentially it will stay an "implementation detail" of yours
16:00 <slyon> yes it should end up in the MIR LP bug when finished. And if we need status updates, we could probably look at the jira card (e.g. "security team is working with upstream about XXX")
16:00 <cpaelzer> if any of the things we know (lp bugs and to some extend that jira board to prioritize) will change let us know
16:00 <eslerm> okay, can do
16:01 <cpaelzer> ok, then let us do it this way
16:01 <cpaelzer> summary: you do stuff, we are ok with it as nothing changes for us :-)
16:01 <eslerm> +1
16:01 <cpaelzer> but in any case, thanks for bringing it up and discussing it eslerm
16:01 <cpaelzer> whenever you want to change the process or anything related down the road, bring it up here as well
16:02 <cpaelzer> if we pre-agree but it needs details it becomes a PR to the github repo
16:02 <eslerm> I have one question
16:02 <cpaelzer> now going on
16:02 <cpaelzer> oh well put that question into ...
16:02 <cpaelzer> #topic Any other business?
16:02 <eslerm> a lot of the ruby packages are dependent on pcs, which Seth has a question to
16:02 <cpaelzer> yeah, ask me eslerm
16:02 <cpaelzer> kanashiro[m]: ^^ watch this
16:03 <eslerm> is it okay to set the priority of all those ruby packages to wishlist until pcs is resolved?
16:03 <cpaelzer> not really, we need all of them to complete (we can only move it as one)
16:03 <cpaelzer> if we set them all to wishlist then we will not make it in time
16:04 <cpaelzer> but I'm fine if you keep them all as high as PCS, but order it in PCS itself first - and if passed then do the rest
16:04 <eslerm> I mean, resolve Seth's question (not promote pcs first)
16:04 <cpaelzer> but I'm afraid if you mark them wishlist ever too many other things will slip in betwene
16:04 <cpaelzer> we already failed to promote it last cycle
16:04 <cpaelzer> I'll be in well-earned trouble if we miss it again
16:04 <cpaelzer> eslerm: yeah, promote pcs first is not an option
16:05 <cpaelzer> as I said they all belong together
16:05 <cpaelzer> and are of high prio and importance
16:05 <cpaelzer> towards 24.04 we need this transition early (hence we wanted 22.10 before) as SW using it will need to adapt
16:05 <cpaelzer> and that kind of SW isn't the most trivial usually
16:05 <cpaelzer> did that solve the question eslerm?
16:05 <eslerm> okay, I'll do some more research. iirc, Seth was concerned that the codebase was moving to python
16:06 <cpaelzer> not that I know
16:06 <eslerm> for now yes :D
16:06 <eslerm> thank you
16:06 <cpaelzer> ok
16:06 <cpaelzer> anyone else something to talk about?
16:06 <slyon> nothing.
16:06 <cpaelzer> eslerm: and if the codebase moves we still would not have the time to wait
16:06 <cpaelzer> we would move with it when it does
16:06 <eslerm> understood
16:06 <cpaelzer> nothing else from me
16:06 <didrocks> nothing either
16:06 <cpaelzer> ok that sounds good then
16:06 <slyon> thanks cpaelzer, all!
16:06 <cpaelzer> thanks and sorry for the long meeting
16:07 <cpaelzer> #endmeeting