15:36 #startmeeting Weekly Main Inclusion Requests status 15:36 Meeting started at 15:36:19 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 15:36 Available commands: action, commands, idea, info, link, nick 15:36 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage 15:36 #topic current component mismatches 15:36 Mission: Identify required actions and spread the load among the teams 15:36 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 15:36 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:36 nothing totally new in non-proposed 15:36 o/ 15:36 licensecheck -> perl things - didn#t we ahve thta int he past? 15:37 licensecheck is new in -proposed 15:37 seems they've switched build-depends again 15:37 non-yay 15:37 I need to investigate the reasoning 15:37 cpaelzer: that might have been lintian -> perl things 15:37 slyon: but still that seems like a foundations tackle 15:37 ack 15:37 sarnold: it is a reoccuring pattern for both 15:37 other news here is OVS -> xdp-tools 15:37 fnordahl: has already filed a MIR 15:37 ack 15:37 I have reviewed it this morning 15:38 it LGTM, but needs security 15:38 so one more for your queue 15:38 jamespage: while we have you here, jaraco.text is on openstack i guess 15:38 and this week i see MIRs linked 15:38 so that processing seems to be started 15:38 *reading* 15:38 yeah I raised those as corey was busy on some other stuff 15:39 ok so these will look for reviewers in the next section 15:39 nothing else in mismatches AFAICS 15:39 great 15:39 #topic New MIRs 15:39 Mission: ensure to assign all incoming reviews for fast processing 15:39 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 15:39 duktape (still/again ?) 15:39 and the two python bits for jaraco 15:39 I can do one of the pythons tomorrow morning I guess 15:40 taking autocommand 15:40 what has changed on duktape ... ? 15:40 didrocks: marked it as new 15:40 I can take the other python thingy 15:40 maybe the prep is complete and the decision was they need it 15:40 ok slyon, done 15:41 so this one is still looking for a reviewer https://bugs.launchpad.net/ubuntu/+source/duktape/+bug/1997417 15:41 IMHO, there are some parts that are missing still 15:41 like no tests 15:41 joalif: didrocks: jamespage: ^^ who could have a look ? 15:41 (and I don’t think the reporters should skip section or have TODO before filing the MIR) 15:41 should we start doing an entire review or just mention from the get go "this section is missing, please file it?" 15:42 didrocks: depends on the todo, if it is like "we already know but will do FOO before it is complete" fine, but if it is "this is all bad and we know it, have fun" then no 15:42 didrocks: in incompletely filed MIRs I have in the past done partial reviews just pointing out the obvious 15:42 I’m telling that because I have the same issue with gnome-sushi, I did the entire review, but there is no tests, it was TODO to write a manual test plan and nothing since it was opened a month ago 15:42 didrocks: and saying they should ping me again once they think it is actually ready 15:43 didrocks: then gnome-sushi goes to incomplete and will starve there until provided 15:43 right, but I feel that sometimes, we are doing the reporter part compliance check because the reporter hasn’t 15:43 that and similar things do not block the review entirely though 15:43 like dependencies on universe and so on 15:43 yes, if the reporter seems lazy just ask them to do it 15:43 so basically, they are relying on the MIR team to do the work 15:43 ack then 15:43 but if they have done their due diligence and just want the review to know if there is more to resovle -> that seems fine 15:44 I'm ok to make this a case-by-case call 15:44 I will not shy away for postponing the reviews if some obvious sections are missing then 15:44 as it is hard to formalize a perfect rule for it 15:44 yeah 15:44 didrocks: yeah, but let them know why you postpone 15:44 so do a bug update to tell them why 15:44 from that moment on, it can be incomplete until provided 15:44 ack then 15:45 didrocks: would you be able to look at duktape thne? 15:45 I’ll take ducktape 15:45 without a c :) 15:45 didrocks: or was this another of the "known incomplete" cases? 15:45 but is is known incomplete 15:45 the test section is entirely skipped 15:45 ok, then feel free to point that out OR do a full review which includes pointint ig out - up to you 15:45 s/pointint ig/pointing it/ 15:46 thanks, assigned 15:46 #topic Incomplete bugs / questions 15:46 Mission: Identify required actions and spread the load among the teams 15:46 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 15:46 yes, bandali hadn't finished preparing the duktape MIR but was planning to this week 15:46 ok jbicha, thanks for the FYI 15:46 we consider it incomplete and not yet assign eit then 15:46 *unassignign didrocks* 15:47 duktape and sishi was discussed already 15:47 the most recent other update is cpdb-libs 15:47 reading ... 15:47 4 years old for printing ... ? 15:48 ok, just an update about the Debian side of it 15:49 no action (by us) needed as of now 15:49 #topic MIR related Security Review Queue 15:49 Mission: Check on progress, do deadlines seem doable? 15:49 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:49 Internal link 15:49 - ensure your teams items are prioritized among each other as you'd expect 15:49 - ensure community requests do not get stomped by teams calling for favors too much 15:49 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 15:49 as expected the queue grows sarnold 15:49 sarnold: how is the planned increase in workforce to review going? 15:51 on ruby-rack and ruby-sinatra - did you (and eslerm) come to conclusion with Kanashiro how we proceed? 15:51 cpaelzer: it's going well, mark has been working on several MIRs so far, and sbeattie and aburrage and I had a discussion yesterday; we'll distribute tasks to team members soon, and would like to remind stakeholders to ensure the prioritizations in jira match their needs 15:51 AFAIK the intend was to approve it but require to move to the new major before 24.04 - that would work 15:51 sarnold: to match our need, what would you like most to reflect "has to go in 23.04" ? 15:52 sarnold: flags, deadlines, due dates, comments, ... ? 15:52 yes; it'd also be nice to have a stronger 'backup plan' idea in place should our strong commitment fade 15:52 The backup plan is complain a lot and then crawl begging for forgiveness at anyone we committed our items to 15:52 :) 15:53 cpaelzer: I think the little prioritization chevrons, straight lines, etc, in jira is the way to reflect the priorities 15:53 though text descriptions of *why* might be very nice 15:54 something else we discussed yesterday is libssh2, the last MIR didn't go great.. and we were wondering, if cargo-in-main is intended for our building needs, do we *need* remote access stuff in this cargo? 15:55 that is for schopin to answer I guess 15:55 or, is our cargo packaging expected to be useful outside of our builders? breaking it doesn't seem great, but distro-packaged language-specific tooling always feels like it's missing functionality vs upstream stuff that changes every two or three months 15:56 it doesn't have to be figured out today :) 15:56 ok 15:57 I've done a few prio updates to reflect the current state 15:57 we're also looking at moving our meetings around to better match the pulses 15:57 back to hoping you get enough workforce 15:57 both the internal task distribution meeting and the office hours meeting 15:57 sarnold: we use cargo to do the vendoring, which usually will do some networking stuff. 15:57 one day *dream* those reviews will happen early in the cycle and findings not need to be adressed last minute :-) 15:57 schopin: ack, makes perfect sense. thanks 15:57 going on then ... 15:58 #topic Any other business? 15:58 nothing from me 15:58 there's bug #1973033 (and possibly some other hidden, related MIR updates for jammy) – not actionable for us right now. Just a reminder for everybody to resolve/review their assigned, "hidden" Jammy MIRs from last year. 15:58 nothing else from me 15:58 as a heads up for sarnold mostly, alex has been aware since prague - but isc-kea will also enter the 23.04 deadline security review queue soon 15:58 we have been working on tests for a while (to prevent the case didrocks mentioned to be incomplete) 15:58 cpaelzer: oh nice! is that packaged in debian yet? I thought it was entirely unpackaged :( 15:58 but given the time of the cycle we will enter it to the queue this week 15:59 sarnold: we have updated it for several cycles by now 15:59 sarnold: we'll most probably also have netplan related MIRs for python-rich + dependencies for 23.04 (but not sure if they need sec-review) 15:59 paride in particular 15:59 aha, very glad to hear it 15:59 nice! 15:59 I mostly mention so you know for capacity expectations for you sarnold 15:59 ok, time is up 15:59 thank you all 15:59 ! 15:59 rushing to the next meeting ... 15:59 thanks cpaelzer, all :) 15:59 #endmeeting