19:03 <vorlon> #startmeeting 19:03 <meetingology> Meeting started at 19:03:10 UTC. The chair is vorlon. Information about MeetBot at https://wiki.ubuntu.com/meetingology 19:03 <meetingology> Available commands: action, commands, idea, info, link, nick 19:03 <vorlon> #topic apologies 19:03 <vorlon> amurray sent his apologies to the list 19:03 <vorlon> and as mentioned, I expect sil2100 is indisposed due to release sprint 19:03 <vorlon> #topic action review 19:04 <vorlon> seb128/amurray/sil200 to help drafting the snap-store Ubuntu-specific tracks usage 19:04 <vorlon> seb128: anything to update here? 19:04 <seb128> not from me, and I didn't see activity from the others either 19:04 <vorlon> ok, carrying over 19:04 <vorlon> #action seb128/amurray/sil200 to help drafting the snap-store Ubuntu-specific tracks usage 19:04 * meetingology seb128/amurray/sil200 to help drafting the snap-store Ubuntu-specific tracks usage 19:04 <vorlon> rbasak to draft a proposal of the DMB-proposed inactivity expiration policy for TB ratification 19:05 <vorlon> rbasak: ? 19:05 <rbasak> Carry over again please 19:05 <vorlon> #action rbasak to draft a proposal of the DMB-proposed inactivity expiration policy for TB ratification 19:05 * meetingology rbasak to draft a proposal of the DMB-proposed inactivity expiration policy for TB ratification 19:05 <vorlon> rbasak to follow up on finding consensus on question of test plans for third party apps 19:05 <rbasak> Same again 19:05 <vorlon> #action rbasak to follow up on finding consensus on question of test plans for third party apps 19:05 * meetingology rbasak to follow up on finding consensus on question of test plans for third party apps 19:05 <rbasak> And my third too 19:05 <vorlon> #action rbasak to open wider discussion on third-party repo policy 19:05 * meetingology rbasak to open wider discussion on third-party repo policy 19:05 <vorlon> seb128 to follow up with SRU, AA, Release, Backporters and Security teams to document their membership process and link to it from https://wiki.ubuntu.com/TechnicalBoard#Team_Delegations 19:05 <vorlon> this appears to be in process 19:05 <seb128> I finally found some time to reach out to the teams 19:06 <vorlon> seb128: I was surprised that you were emailing the AAs about this because you are an admin in that team, and I thought in a previous round of discussion I suggested that you should take the point on drafting? 19:06 <seb128> but it was only yesterday, rbasak replied for the SRU team today 19:06 <vorlon> yes 19:06 <seb128> vorlon, I do plan to follow up/work on that but I decided to email anyway to give the context to everyone in the team 19:07 <seb128> I should perhaps have included a note about that directly 19:07 <seb128> I will follow up 19:07 <vorlon> ok 19:08 <vorlon> is there a new action that should be recorded now that this is in progress? the follow-up is done but of course there's nothing to record on the wiki yet 19:08 <seb128> maybe reword slightly the action item? 19:08 <rbasak> +1 19:09 <vorlon> huh maybe the new action would also be follow-up? :) 19:09 <seb128> follow up -> continue working 19:09 <vorlon> ok 19:09 <vorlon> #action seb128 to continue working with SRU, AA, Release, Backporters and Security teams to document their membership process and link to it from https://wiki.ubuntu.com/TechnicalBoard#Team_Delegations 19:09 * meetingology seb128 to continue working with SRU, AA, Release, Backporters and Security teams to document their membership process and link to it from https://wiki.ubuntu.com/TechnicalBoard#Team_Delegations 19:09 <vorlon> and mine is also carry-over 19:09 <vorlon> #action vorlon to write up draft guidelines for packages in the archive that download from the Internet 19:09 * meetingology vorlon to write up draft guidelines for packages in the archive that download from the Internet 19:10 <vorlon> #topic Scan the mailing list archive for anything we missed (standing item) 19:11 <vorlon> so in https://lists.ubuntu.com/archives/technical-board/2023-September/002763.html seb128 says he would like to "put the topic back on the agenda for the next TB meeting" 19:11 <vorlon> seb128: is there a discussion you want to have about this right now? 19:12 <seb128> vorlon, let's postpone to next time to let a chance for the concerned team to follow up on the emails I just sent, and also to have more TB members around? 19:12 <vorlon> ok 19:12 <vorlon> #action add to next meeting agenda to have follow-up discussion on https://lists.ubuntu.com/archives/technical-board/2023-September/002763.html 19:12 * meetingology add to next meeting agenda to have follow-up discussion on https://lists.ubuntu.com/archives/technical-board/2023-September/002763.html 19:13 <vorlon> then there is also https://lists.ubuntu.com/archives/technical-board/2023-October/002767.html 19:13 <vorlon> in which rbasak asks for TB sign-off 19:13 <vorlon> while we could vote here with 3 of us, that seems better done via the mailing list IMHO? 19:13 <rbasak> But nobody replied in the ML 19:14 <seb128> I was waiting for the meeting thinking it would be easier 19:14 <seb128> I will reply on the list since that didn't work out 19:14 <rbasak> We're here, so could we just do it now? 19:15 <rbasak> If you're both happy, then we could just call it done, and I can reply to the ML and speak for the TB in approving. 19:15 <rbasak> If you have questions or concerns, then we could discuss that right now. 19:15 <vorlon> rbasak: I'm happy, and additionally I don't see the fact that this is done after EoSS to be something that structurally requires TB signoff 19:16 <seb128> I'm +1 as well 19:16 <rbasak> I was unclear if that aspect was for the TB or SRU team to decide - it's unclear that the SRU team has any say after EoSS at all. 19:16 <vorlon> if we're doing the formal signoff here let's call a vote 19:16 <rbasak> But I figured that if the TB and SRU team are both happy, then we can call it done. 19:17 <vorlon> rbasak: <shrug> the fact that there is a difference between standard support and esm support, and the fact that we keep the archive open past the end of standard support, is also not anything that required TB signoff 19:17 <rbasak> We don't have any formal definition of what requires TB sign-off :) 19:17 <vorlon> #vote sign off on UbuntuAdvantageToolsUpdates exception that "Facilities that enable access to Ubuntu Pro may be added to the main Ubuntu archive and installed by default" and "Updates shall be permitted as usual for SRUs and additionally after EoSS." 19:17 <meetingology> Please vote on: sign off on UbuntuAdvantageToolsUpdates exception that "Facilities that enable access to Ubuntu Pro may be added to the main Ubuntu archive and installed by default" and "Updates shall be permitted as usual for SRUs and additionally after EoSS." 19:17 <meetingology> Public votes can be registered by saying +1, -1 or +0 in channel (for private voting, private message me with 'vote +1|-1|+0 #channelname') 19:18 <vorlon> +1 19:18 <meetingology> +1 received from vorlon 19:18 <rbasak> The whole ESM arrangement was done with TB members involved so I think we can assume the TB is happy with it. 19:18 <rbasak> +1 19:18 <meetingology> +1 received from rbasak 19:18 <seb128> +1 19:18 <meetingology> +1 received from seb128 19:18 <vorlon> #endvote 19:18 <meetingology> Voting ended on: sign off on UbuntuAdvantageToolsUpdates exception that "Facilities that enable access to Ubuntu Pro may be added to the main Ubuntu archive and installed by default" and "Updates shall be permitted as usual for SRUs and additionally after EoSS." 19:18 <meetingology> Votes for: 3, Votes against: 0, Abstentions: 0 19:18 <meetingology> Motion carried 19:18 <rbasak> Great! Thanks. 19:18 <vorlon> that's it for mailing list 19:18 <vorlon> #topic Check up on community bugs and techboard bugs 19:19 <vorlon> #link https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard 19:19 <vorlon> 0 19:19 <vorlon> #link https://bugs.launchpad.net/techboard 19:19 <vorlon> nothing new... 19:19 <vorlon> (and both covered via outstanding actions) 19:20 <vorlon> #topic Select a chair for the next meeting (next from https://launchpad.net/~techboard/+members) 19:20 <vorlon> I believe next is sil2100 with amurray as backup 19:21 <seb128> ack 19:21 <vorlon> #agreed next chair: sil2100, backup: amurray 19:21 <meetingology> AGREED: next chair: sil2100, backup: amurray 19:21 <vorlon> #topic AOB 19:22 <vorlon> one little thing that might be worth mentioning here vs in a direct message 19:22 <vorlon> DMB recently approved philroche's PPU application for livecd-rootfs 19:22 <vorlon> and the packageset stuff seemed to all happen behind the scenes, which is fine - I assume rbasak switched hats DMB->TB and got it done? 19:23 <vorlon> anyway I also gave him direct commit rights on the git repo (because it's not git-ubuntu yet cough cough) which caused me to notice that rcj who is no longer actively involved in Ubuntu development still has livecd-rootfs ppu rights as well 19:23 <seb128> vorlon, it was mentioned on https://lists.ubuntu.com/archives/devel-permissions/2023-October/002350.html I think? 19:23 <rbasak> Yes I just did the PPU addition wearing my TB hat, without bothering with the process for a bug, because I'm on both teams. 19:23 <vorlon> seb128: right, TB isn't expected to be subscribed to that list? (I'm not) 19:24 <seb128> fair enough 19:24 <vorlon> so anyway, this made me aware that DMB doesn't review historic PPU rights or packagesets to confirm they're still relevant and appropriate 19:24 <rbasak> We only created the bug process to request PPU changes because we were struggling to get the changes done otherwise. I think we should keep that option open (eg. if a TB+DMB member is unavailable or retires) but didn't think it was mandatory to use. 19:24 <vorlon> and I just wanted to make the rest of the TB aware of this 19:25 <rbasak> doesn't review historic> this applies to things like core dev, too. 19:25 <vorlon> very true 19:25 <seb128> I was going to say that, taking the archive team as another example 19:25 <rbasak> It has been suggested that perhaps we should expire people from those teams if they haven't uploaded for some period of time. 19:26 <rbasak> Although I wouldn't want to encourage uploaders to make junk uploads to keep their rights, either. 19:26 <vorlon> fwiw it feels to me that ppu should have >= scrutiny to the general uploader teams; because someone who has passed muster for core-dev might perhaps dip in and out of involvement over time while still having passed the bar for technical knowledge of Ubuntu as a whole 19:27 <rbasak> That would help keep the archive secure - less attack surface for an adversary getting hold of uploaders' keys, etc. 19:27 <vorlon> whereas someone who has only been approved for PPU of a particular package(set), and has NOT been involved in the maintenance of it... well? 19:27 <vorlon> Anyway! this isn't something I wanted to demand / propose immediate changes around, just raising awareness and food for thought 19:28 <rbasak> I'm not sure I see that distinction really, but I agree with the general principle. 19:28 <rbasak> FWIW, this sort of thing has been discussed within the DMB before. I don't remember anyone having any particular objections. 19:28 <vorlon> rbasak: well in this specific case I would say that if rcj actually exercised his PPU rights on livecd-rootfs I would immediately be checking if his account was compromised (or, er, if he was personally compromised) 19:28 <rbasak> We don't currently have the mechanism. Somebody would have to write the code. 19:29 <vorlon> also while security is always a concern, I also want to balance that against not causing folks in the broader Ubuntu developer community feel like they are being cast off if they have had less time to be involved 19:29 <rbasak> I'm not keen on singling out individuals FWIW. If we want to implement this kind of policy, we should do it, but we should define the criteria and apply it at once for whomever it's met. 19:30 <rbasak> Perhaps we could "downgrade" them to "Contributing Developer", and the DMB should have a lower bar on reapplication. 19:30 <vorlon> of course. I'm just using him as an example of why we might want a policy, because I'm familiar enough with the specifics there 19:30 <rbasak> So that they are still recognised for their previous contributions. 19:30 <vorlon> oh, one other practical implication of all of this 19:32 <vorlon> the release team bot that auto-approves non-frozen packages in the unapproved queue ... honors packagesets. So having stale packagesets wastes some developer time during release freezes 19:32 <rbasak> honors packagesets> what does that mean, exactly? 19:33 <rbasak> Is it re-applying an ACL somehow? 19:33 <rbasak> Because apart from that, a packageset is just a list of packages, no? 19:33 <vorlon> rbasak: the bot assumes that packages that are part of a packageset, but not seeded in main, should not be blindly waved through the queue 19:33 <vorlon> which means they sit in the queue longer until a human reviews them 19:33 <vorlon> maybe the answer is "the bot shouldn't do that" 19:33 <rbasak> I was going to say that :) 19:34 <rbasak> Can it use seeded-in-ubuntu instead perhaps? 19:34 <vorlon> well now we're getting into the weeds 19:34 <vorlon> because I have issues with the implementation of that command too :) 19:35 <vorlon> anyway, enough of this digression IMHO 19:35 <rbasak> The thing is, the DMB doesn't actively maintain packagesets 19:35 <rbasak> It's sort of difficult to do. 19:35 <rbasak> In practice they are only tweaked on request 19:35 <vorlon> yeah 19:36 <vorlon> IMHO https://ubuntu-archive-team.ubuntu.com/packagesets/mantic/ has some definitely dodgy stuff 19:37 <seb128> we should probably try to review those at some point indeed 19:37 <seb128> the ubuntugnome one for example doesn't make sense anymore 19:37 <seb128> just to pick one random example 19:38 <vorlon> would we want the TB to do that review? DMB? Random Ubuntu devs (maybe on the release team) proposing removals? 19:39 <seb128> having the devs proposing removals might make sense, I'm unsure the TB or DMB have enough context on the specifics of each set 19:40 <vorlon> sounds fine to me 19:40 <vorlon> anyway - 19:40 <vorlon> AOB? 19:41 <rbasak> I just managed to dig up https://irclogs.ubuntu.com/2023/08/07/%23ubuntu-meeting.html#t19:24 19:41 <rbasak> This is an example of Brian noticing the mythbuntu packageset still existing 19:41 <vorlon> oh augh 19:41 <vorlon> :) 19:41 <seb128> vorlon, on the cleaning of packagesets should we take a note / action item to maybe at least start a discussion about it on a project list tbd? 19:41 <rbasak> He got an action item to clear it up since he noticed, but I'm not sure if that was recorded properly. 19:42 <vorlon> seb128: I don't want to take the action because it's low-priority, and I don't want it to be "everybody's responsibility" either :) 19:43 <seb128> rbasak, the action isn't listed on the wiki so it seems it wasn't recorded properly 19:44 <seb128> vorlon, fair enough, I keep a note on my backlog of things I might try to do one day if nobody beats me to it 19:44 <vorlon> sounds good 19:44 <vorlon> shall we call the meeting there? 19:44 <rbasak> Sure, thanks. 19:44 <vorlon> #endmeeting