14:32 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status 14:32 <meetingology> Meeting started at 14:32:48 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 14:32 <meetingology> Available commands: action, commands, idea, info, link, nick 14:32 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 14:33 <cpaelzer> most are already here and waiting :-) 14:33 <cpaelzer> #topic current component mismatches 14:33 <cpaelzer> Mission: Identify required actions and spread the load among the teams 14:33 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 14:33 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 14:33 <cpaelzer> one day this will copy&paste an embarrassing buffer of mine :-) 14:33 <cpaelzer> new is kea 14:33 <cpaelzer> which is an approved MIR 14:33 <cpaelzer> and intentional 14:33 <cpaelzer> just needs to be acted on by an AA 14:33 <cpaelzer> I've done a lot in this case and own the team doing it 14:33 <cpaelzer> it felt odd to also promote 14:34 <cpaelzer> didrocks: would you think you could have a look and promote if it LGTY ? 14:34 <sarnold> we're far enough along in the process I think it's probably about time to promote yourself 14:34 <didrocks> for sure! 14:34 <sarnold> ah, if we've got another one to hand, that's fine then :) 14:34 <cpaelzer> sarnold: I could and I have done so at times, but that doesn't have to be the common pattern :-) 14:34 <cpaelzer> thanks didrocks 14:34 * didrocks will be the monkey key pusher :) 14:34 <cpaelzer> nothing else in there 14:34 <dviererbe> :D 14:34 <cpaelzer> +1 credit to didrocks 14:35 <cpaelzer> #topic New MIRs 14:35 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing 14:35 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 14:35 <cpaelzer> as seb128 warned us last week, dbus-broker will come 14:35 <cpaelzer> and he mentioned to better do this in nearly 23.10 than late 14:35 <cpaelzer> so here it is 14:35 <slyon> I think I could do the review on dbus-broker, as I've already been involved with this in the past 14:35 <sarnold> mir open before the cycle starts, impressive :) 14:35 <cpaelzer> oh you were slyon, didn't realize that 14:35 <cpaelzer> yeah sure 14:36 <cpaelzer> thank you 14:36 <cpaelzer> assigned 14:36 <cpaelzer> sarnold: it is not a "first", all of pcs and a few more were early as well 14:36 <sarnold> cpaelzer: heh, good thing too, that was big [tm] 14:36 <cpaelzer> sarnold: and "early 23.10" is just 3-6 weeks away, so things are as urgent as always 14:37 <cpaelzer> #topic Incomplete bugs / questions 14:37 <cpaelzer> Mission: Identify required actions and spread the load among the teams 14:37 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 14:37 <cpaelzer> one recent comment on cpdb-backend-file 14:37 <cpaelzer> ok, that is no action on us 14:38 <didrocks> yep :) 14:38 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/cpdb-libs/+bug/1747759 is on security 14:38 <cpaelzer> good for the scope of this meeting 14:38 <cpaelzer> all else is older 14:38 <cpaelzer> #topic Process/Documentation improvements 14:38 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues 14:38 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls 14:38 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues 14:38 <cpaelzer> we have landed a few small but helpful changes last week 14:38 <cpaelzer> one more is up 14:38 <cpaelzer> https://github.com/canonical/ubuntu-mir/pull/16 14:39 <cpaelzer> dviererbe: already commented there 14:39 <dviererbe> I think we should wait until the owner responded 14:40 <cpaelzer> ack 14:40 <cpaelzer> that is my thought as well now reading it 14:40 <cpaelzer> I'm sure seb128 will update once he has a chance to do so 14:40 <cpaelzer> generally I think we all feel +1'ish 14:40 <cpaelzer> #topic MIR related Security Review Queue 14:40 <cpaelzer> Mission: Check on progress, do deadlines seem doable? 14:40 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:40 <cpaelzer> Internal link 14:40 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect 14:40 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much 14:40 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 14:41 <cpaelzer> I see all in the LP list also in jira 14:41 <cpaelzer> seems to normally progress 14:41 <cpaelzer> slyon: do you have context on the urgency of libheiff related things 14:41 <cpaelzer> slyon: will that be 23.10 or ... ? 14:42 <slyon> it's non-urgent and currently disabled in the packages 14:42 <slyon> but would be a nice to have to support heif/heic images (e.g. iPhone images) in libgd2 14:42 <slyon> I think it put the priorities accordingly in jira 14:43 <slyon> i.e. it should be after cargo + depends 14:43 <cpaelzer> thanks 14:43 <cpaelzer> #topic Any other business? 14:43 <joalif> i have a question 14:43 <cpaelzer> ok, we finally reach the "end of cycle calmness" phase 14:43 <cpaelzer> go joalif 14:44 <joalif> i reviewed bug 1973031 , libwpe for jammy, that got a sec review for kinetic 14:44 <joalif> do i need to assign for sec review again ? 14:44 <joalif> package is generally good 14:44 <cpaelzer> that was the "now let us also consider for jammy" case 14:45 <joalif> yup 14:45 <cpaelzer> you'd want to also have security ack that 14:45 <cpaelzer> so yes, assign them 14:45 <cpaelzer> but 14:45 <joalif> ok thanks cpaelzer 14:45 <cpaelzer> we'd not expect another full review 14:45 <joalif> ack 14:45 <eslerm> I'll followup with the previous security reviewer for libwpe 14:45 <slyon> jammy is shipping 1.12, which was also reviewed by security already.. 14:45 <cpaelzer> we expect them, to check the difference back then and comment if that should still be ok (or if not what needs to be adressed) 14:45 <cpaelzer> I haven't looked 14:45 <cpaelzer> even the same packaging version ? 14:46 <slyon> "1.12.0-1 as checked into kinetic" 14:46 <slyon> yes 14:46 <slyon> so I think we should be fine... 14:46 <sarnold> in this case I expect pretty much a rubber stamp; marc was liable to use it for the next security update anyway -- if I understand corrrectly, it's the only thing upstream supports anyway 14:46 <cpaelzer> well then, I'd still want them to say yes - but sarnold can probably do that in a minute 14:46 <cpaelzer> thanks for bringing it up joalif 14:47 <cpaelzer> steps from here: 1. joalif to assign it to security 2. security giving it a glimps if that is really the same 3. ack 4. adding dependencies 5. promotion to main 14:47 <slyon> Yes.. there might be some fixes that we'd want to cherry-pick: "The bugs discovered during review were immediately fixed by the upstream project and now waiting for upstream's input on assigning CVEs to some of them." 14:47 <cpaelzer> ok, makes sense 14:48 <cpaelzer> anything else ? 14:48 <didrocks> nothing for me 14:48 <cpaelzer> not from me or server-team 14:48 <joalif> nothing else 14:48 <sarnold> nothing from me 14:48 <slyon> nothing from foundations 14:49 <cpaelzer> I have actually a heif question, but after we close the official part 14:49 <cpaelzer> #endmeeting