#ubuntu-meeting log

14:33 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
14:33 <meetingology> Meeting started at 14:33:07 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
14:33 <meetingology> Available commands: action, commands, idea, info, link, nick
14:33 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )
14:33 <cpaelzer> glad to be back after the sprint
14:33 <cpaelzer> I hope there was no panic here
14:33 <slyon> It was pretty calm
14:33 <cpaelzer> let us get the normal agenda points covered
14:33 <cpaelzer> and then get to any open things left in AOB
14:33 <cpaelzer> thanks slyon
14:33 <cpaelzer> #topic current component mismatches
14:33 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
14:34 <cpaelzer> mirespace still supposed to work on the MIR of the perl deps
14:34 <cpaelzer> let me ping here again
14:34 <slyon> Those look pretty usual, except for dnspython, which was resolved today and will go away.
14:34 <cpaelzer> sorry for this overview not being readable again
14:35 <cpaelzer> is it the same
14:35 <slyon> Also, python-jsonschema is growing some more Recommends (cc jamespage)
14:35 <cpaelzer> I do not remember python-jsonschema
14:35 <cpaelzer> to python-rfc3987 and webcolors
14:35 <cpaelzer> oh yeah
14:35 <cpaelzer> good
14:35 <cpaelzer> so it was not just my memory
14:35 <sarnold> Tue 01 14:32:59 < slyon> python-jsonschema seems new, and needs to be looked at by the openstack team (cc jamespage)
14:36 <cpaelzer> oh, so there was no reply since
14:36 <cpaelzer> let me do the same ping on #openstack internally to ensure they see it
14:36 <cpaelzer> might have been lost in the sprint
14:37 <cpaelzer> done
14:37 <slyon> TIL: interestingly the Recommends (as in python-jsonschema case) are not enforced by britney, so that package migrated, even though it has component mismatches
14:37 <cpaelzer> that is ... unexpected
14:38 <cpaelzer> did you talk last week about python-reportlab?
14:38 <slyon> according to v_orlon this has been the case ever since
14:38 <slyon> cpaelzer: yes. reportlab is going to be demoted this cycle (once the desktop team demoted the printing stack)
14:38 <sarnold> heh, maybe https://bugs.launchpad.net/britney/+bug/1593148 ought to get a priority boost?
14:38 <cpaelzer> ok, waiting for that then
14:38 <cpaelzer> #topic New MIRs
14:38 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
14:38 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
14:38 <cpaelzer> none
14:38 <cpaelzer> wow
14:38 <cpaelzer> nice
14:38 <cpaelzer> for once!
14:39 <cpaelzer> #topic Incomplete bugs / questions
14:39 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:39 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
14:39 <cpaelzer> so slyon commented on s390x tools
14:39 <eslerm> (from components, is rustc still an approved MIR?)
14:39 <cpaelzer> eslerm:  it can only find and color one
14:39 <cpaelzer> so it finds the old rustc
14:39 <eslerm> thanks
14:39 <cpaelzer> not the new cargo+rustc one
14:40 <cpaelzer> ok I see that Mirespace worked on https://bugs.launchpad.net/ubuntu/+source/libmail-dmarc-perl/+bug/2023971 recently
14:40 <cpaelzer> not ready yet but that update is expected
14:40 <cpaelzer> what is https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/2019191 about ... ?
14:40 <slyon> s390-tools is a heads-up for everybody. It will start to pull in vendored rust dependencies. And it was not super clear how to handle them from a MIR/security perspective. Do we need a new MIR?
14:40 <slyon> cc schopin ^
14:40 <slyon> cc fheimes ^
14:40 <cpaelzer> hmm, we didn't add re-MIR in the past
14:41 * schopin pops his head in.
14:41 <cpaelzer> but this is a rather big change
14:41 <cpaelzer> I think they can ask for acceptance and re-review on the old MIR bug
14:41 <slyon> I created that bug, to have some starting point for a discussion
14:41 <cpaelzer> but I'm not sure about it
14:42 <slyon> sarnold: what's your perspective on packages in main pulling in new (vendored) dependencies?
14:42 <cpaelzer> IMHO (and that really is opinion for now) - they should re-review, but we haven't put re-review of any kind in-process yet
14:42 <slyon> would it be a normal package dependency, we would probably handle it through the component-mismatches process and have all of the dependencies MIRed
14:43 <cpaelzer> mostly to avoid people getting things approved while trivial and then exploding complexity without ensuring quality and maintainability
14:43 <sarnold> we normally assume that some reasonable amount of changes over time are just going to happen, and that's fine, but this sounds like it might be a pretty big set of changes. maybe we ought to try to use 'package churn' as a guide for our "re-review old packages" stretch goal?
14:43 <cpaelzer> slyon: do they have to be vendored?
14:43 <eslerm> this seems to be a meta package https://github.com/ibm-s390-linux/s390-tools
14:43 <schopin> The MIR rules state that they do :)
14:43 <slyon> cpaelzer: Probably yes. Those are rust crates
14:44 <sarnold> .. and maybe at the birth of a new ecosystem is a good time to try to encourage 'good taste' in selecting which crates to vendor? not that we've got *that* much influence over upstream authors..
14:44 <schopin> This specific upstream should be easier to work with than most.
14:44 <sarnold> yeah
14:45 <schopin> But then there's the issue of the *version* of the crates we want them to use.
14:45 <cpaelzer> yep the rules were written with the ecosystem of the time in mind
14:45 <slyon> So we basically ask for a new s390-tools MIR and will see what that brings (I expect lots of work, as those are big crates)
14:45 <sarnold> and since the goal is to get it to compile with the new tools, today, on an oddball architecture, they'll have a very strong incentive to make sure it actually works in the places where rust feels weakest
14:46 <cpaelzer> slyon: yes, that would be helpful I think
14:46 <cpaelzer> let us continue for now
14:46 <cpaelzer> and to close this section out, dhcpcd - is that the one you meant will resolve in a bit slyon?
14:47 <slyon> no. I was talking about dnspython
14:47 <cpaelzer> oh
14:47 <cpaelzer> so laste ocmment on https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/2019191
14:47 <sarnold> dhcpcd is probably waiting on tobias to replace non-fips-approved code with fips-approved-code
14:47 <cpaelzer> yeah, thanks for cleaning up the assignment
14:47 <cpaelzer> to make it clear who we wait on
14:48 <slyon> (schopin I will tag bug #2030482 as rls-mm-incoming, so we can assign the MIR to somebody in the next ubuntu-meeting)
14:48 <schopin> fair enough :)
14:48 <cpaelzer> #topic MIR related Security Review Queue
14:48 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
14:48 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
14:48 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
14:48 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
14:48 <slyon> Right. I should probably ping tobhe and/or bdrung about dhcpcd
14:49 <cpaelzer> Internal link
14:49 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
14:49 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
14:49 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
14:49 <eslerm> initial libmysofa MIR is in review. We need upstream followup to decide on promotion--reviewer on PTO. dropping libmysofa-utils from promotion would help. @seb128
14:49 <eslerm> libwebm and nvme-stas MIRs are drafted and in review. likely to be published this week
14:49 <eslerm> dasbus will be taken when nmve-stas is complete
14:49 <eslerm> dotnet6 MIR s in progress
14:49 <eslerm> Security's fdk-aac review is blocked downstream, Desktop may have an alternative package to promote
14:50 <cpaelzer> that all sounds fine IMHO - thanks for the update. Anything else to add sarnold or anyone?
14:50 <slyon> eslerm: do we get our ETA for rust/cargo today?
14:50 <bdrung> slyon, i talked with tobhe yesterday. He will prepare the patches for using openssl that I can hopefully upload today or tomorrow.
14:50 <slyon> bdrung: sounds great, thanks
14:50 <cpaelzer> great, thanks for the info bdrung
14:50 <eslerm> yes, cargo MIR draft is complete and in review as of today
14:50 <sarnold> slyon: one better :) pfsmorigo has posted a review for review :) it's on us to take a look and iterate on it
14:50 <cpaelzer> I was shuffling agenda items unintentionally
14:51 <cpaelzer> #topic Process/Documentation improvements
14:51 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
14:51 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
14:51 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
14:51 <cpaelzer> as I posted https://github.com/canonical/ubuntu-mir/pull/31 can land now
14:51 <cpaelzer> everyone that might later complain has approved
14:51 <didrocks> \o/
14:51 <cpaelzer> anyone wants to use the last change of stopping me?
14:52 <cpaelzer> 3
14:52 <cpaelzer> 2
14:52 <sarnold> uhoh, is this the "supervillian transformation moment"? :)
14:52 <cpaelzer> 1
14:52 <cpaelzer> hehe
14:52 <jbicha> is this AOB?
14:52 <cpaelzer> no
14:52 <slyon> not yet jbicha
14:52 <cpaelzer> this is the issue/Pr section
14:52 <cpaelzer> merged
14:52 <cpaelzer> how about https://github.com/canonical/ubuntu-mir/pull/33 ?
14:53 <cpaelzer> did we settle enough on this
14:53 <cpaelzer> spelling is fixed
14:53 <cpaelzer> and I thought most of the discussion should be in
14:53 <cpaelzer> I'm context switching in this case ...
14:54 <cpaelzer> didrocks: I think your comment is the only one I have not yet addressed
14:54 <sarnold> the package build log note was a nice one
14:54 <cpaelzer> oh actually I think I have added binary and source
14:54 <cpaelzer> yes
14:54 <cpaelzer> https://github.com/canonical/ubuntu-mir/pull/33/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R881
14:54 <cpaelzer> didrocks: are you fine as well then?
14:55 <didrocks> cpaelzer: that’s correct, I would have preferred we dig a little bit deeper in it: but TBH, no time for this… So good enough as is
14:55 <cpaelzer> I didn't want to explode complexity
14:55 <cpaelzer> PRs welcome :-P
14:55 <cpaelzer> let us merge it then and anyone is free to extend at another day
14:55 <cpaelzer> ok?
14:55 <didrocks> understandable :)
14:55 <sarnold> ack
14:56 <cpaelzer> done
14:56 <cpaelzer> then last new before AOB
14:56 <cpaelzer> https://github.com/canonical/ubuntu-mir/issues/35
14:56 <cpaelzer> I think this is a good topic to have
14:56 <cpaelzer> but breaking the time we have
14:56 <slyon> ^ This is something I was thinking about today.
14:56 <cpaelzer> can we declare review and discussion homework until next week?
14:56 <slyon> Not necessarily needed right now. But maybe everybody could have a look eventually and leave their comments
14:57 <cpaelzer> I've added it to my "to review" list
14:57 <cpaelzer> thanks for starting the thought
14:57 <slyon> cc schopin, too ^
14:57 <cpaelzer> #topic Any other business?
14:57 <cpaelzer> jbicha: now :-)
14:57 <cpaelzer> nothing from server this week btw
14:58 <jbicha> https://gitlab.freedesktop.org/libinput/libei will be a new dependency for Mutter 45 for Desktop so I'm letting y'all know that will be a rush and coming soon
14:58 <sarnold> mmm eis
14:58 <cpaelzer> jbicha: what is your gut-feeling on quality of it?
14:59 <cpaelzer> libEgg :-)
14:59 <cpaelzer> thanks for the heads up
14:59 <slyon> jbicha: we can usually do promotions post feature freeze. So as long as you can get your changes in (e.g. using FFe), we should still have some time. But that's for the heads-up!
14:59 <cpaelzer> jbicha: you can file this asap even before the dependency is there
14:59 <cpaelzer> so that we can start to review next week
15:00 <cpaelzer> ok, anything else - or can we close?
15:00 <slyon> thanks*
15:00 <cpaelzer> 5
15:00 <cpaelzer> 7
15:00 <cpaelzer> 8
15:00 <sarnold> nothing here
15:00 <cpaelzer> #endmeeting