14:34 #startmeeting Weekly Main Inclusion Requests status 14:34 Meeting started at 14:34:24 UTC. The chair is didrocks. Information about MeetBot at https://wiki.ubuntu.com/meetingology 14:34 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 14:34 Available commands: action, commands, idea, info, link, nick 14:34 #topic current component mismatches 14:34 Mission: Identify required actions and spread the load among the teams 14:34 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 14:34 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 14:34 c-m-p: I don’t see anything new, the whole mm/pp stack is in discussion with the desktop team 14:35 c-m: all good too, nothing to add 14:35 #topic New MIRs 14:35 Mission: ensure to assign all incoming reviews for fast processing 14:35 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 14:36 the status is incorrect on all of them 14:36 jbicha: please, look at https://github.com/canonical/ubuntu-mir for the correct status, it should be New once ready for review 14:36 is it? the process states section has "new/confirmed" even on step 1 14:37 oh, I still had the old wiki version in mind :) 14:37 In this case, I specifically chose Confirmed, but LP automatically upgrades bugs to Confirmed if someone clicks "this affects me" :/ 14:37 ah, that was maybe why it was changed to it 14:37 ok, my bad then :) 14:38 sorry for the false ping 14:38 ok, so we need to split them 14:38 but as I’m the only non security member here, I think nobody else can take any other? 14:39 and I don’t want to assign for joalif or jamespage with them being away 14:39 the 5 packages are fairly similar to each other 14:39 I can take a second for the next pulse but can’t act more, I already have one 14:39 yeah, at this point it's probably just a question of "how many does didrocks want?" :) 14:40 sarnold: we agreed with management to take 2 by pulse 14:40 this pulse was already full, so next pulse, I already have 1 14:40 heh 14:40 + another one 14:40 sounds like the start of the cycle, indeed 14:40 but it means I can’t take anymore for the next 2 pulses 14:40 sorry 2 weeks* 14:41 so meh, let’s do that, and maybe that will convince people to add more people to the MIR team :) 14:41 I think libglibmm is the one making more sense, isn’t it jbicha? 14:41 that's fine with me to start there 14:42 oh it actually depends on libsigc++-3.0 though 14:42 jbicha: I see that most of them have a bunch of lintian warnings, some could be fixed if we are working on debian, is it the case? 14:42 libsig actually has a symbols file already :) 14:42 \o/ 14:43 my opinion is that the lintian warnings are harmless, but yes I can fix things in Debian if needed 14:43 jbicha: at worst with lintian override? that way, you get a clean list, and when a new one is introduced, you will notice it rather than being list in the existing list 14:43 thanks! 14:43 ok, taking libsigc++ first 14:44 if joalif or jamespage reads afterwards, please, take one on the list ^ 14:44 "national-encoding"? 14:45 #topic Incomplete bugs / questions 14:45 Mission: Identify required actions and spread the load among the teams 14:45 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 14:45 sarnold: I try to ignore m4 files 14:45 jbicha: ahh, apparently, as did I, I saw the 'x86_64-linux-gnu' and assumed it was an .so :) 14:46 ok, on the incomplete list, only tagging and other in progress comments as far as I can see 14:46 let’s move on 14:46 duktape assigned to band_ali, probably for todos? 14:46 right 14:46 and cargo, similar, tagged 14:46 yep 14:46 #topic Process/Documentation improvements 14:46 Mission: Review pending process/documentation pull-requests or issues 14:46 #link https://github.com/canonical/ubuntu-mir/pulls 14:46 #link https://github.com/canonical/ubuntu-mir/issues 14:47 unsure I will have time to go to your PR dviererbe this week, but nice to see this work! 14:47 No problem :) 14:48 I think for typos, an approval from a peer is enough to merge 14:48 ooo is there an easy way to see the rendered flowchart? 14:48 Just go to my repo 14:48 https://github.com/dviererbe/ubuntu-mir/tree/modernize-process-states-overview 14:48 dviererbe: ah! 14:48 \o/ 14:48 that’s nice, I didn’t know that was rendered by GH! 14:49 I just learned about that this week 14:49 just used mermaid today and rendered a svg… 14:49 so ok, I have some PR to open :) 14:50 ok, let’s move to the next section 14:50 #topic MIR related Security Review Queue 14:50 Mission: Check on progress, do deadlines seem doable? 14:50 Some clients can only work with one, some with the other escaping - the URLs point to the same place. 14:50 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:50 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:50 Internal link 14:50 - ensure your teams items are prioritized among each other as you'd expect 14:50 - ensure community requests do not get stomped by teams calling for favors too much 14:50 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 14:50 sarnold: anything to mention at this point? 14:51 didrocks: eslerm finished cpdb-libs last week \o/ :) and we've assigned tasks around 14:51 ironic that for once, you are more on the security side than the reviewer side :p 14:51 I'm working on dbus-broker 14:51 oh, that will make seb128 happy 14:51 someone signed up for cargo, but since it is incomplete I'll suggest other cargo dependencies 14:52 unsure we got a conclusion on the maintaince side yet 14:52 yeah 14:52 ok, so good progress on that front :) 14:52 #topic Any other business? 14:52 the one missing piece from dbus-daemon does seem like a large risk.. 14:52 exactly 14:53 and we need to know where we are heading to, to prevent doing a MIR security review check for nothing 14:53 we're not interested in *two* running dbus daemons, one for system and one for user 14:53 I could hold off for now 14:53 maybe check with seb128 first, as he was the one checking with foundation IIRC 14:54 apart from breaking dbus (oh wait… broker, not breaker :p) anything else to note? 14:54 I'll ping ~mir-security-review-priority on MM 14:54 sounds good to me 14:54 I think eslerm ought to continue onwards; dbus is an integral part of everything, and getting issues with it sorted out as early as possible seems like a good approach 14:54 I'll just do what Seth suggests :D 14:54 ack! 14:55 and even if we decide to stick with what we've got because it meets gdm's needs, maybe we'll find useful things for upstream to work on before we return 14:56 oh yes! we missed the .../issues/ section earlier 14:56 https://github.com/canonical/ubuntu-mir/issues 14:56 I just added one about team members :) and eslerm added one a few days ago https://github.com/canonical/ubuntu-mir/issues/22 14:56 https://github.com/canonical/ubuntu-mir/issues/24 has been "opened" for years 14:57 yeah, agreed on 22, but it’s also blocked on 24 still 14:57 anyway, I think we should discuss processes when more team members are around, wdyt? 14:57 +1 14:57 +1 14:57 now that it's written down somewhere, I can trust cpaelzer will be annoyed enough by it to try to drive that through to an answer of how we do this :) 14:57 heh, sounds good! 14:58 that's it for me 14:58 ok, going once… 14:58 going twice… 14:58 and here we go! Thanks everyone :) 14:58 thanks didrocks, dviererbe, eslerm, jbicha :) 14:58 #endmeeting