15:31 #startmeeting Weekly Main Inclusion Requests status 15:31 Meeting started at 15:31:32 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 15:31 Available commands: action, commands, idea, info, link, nick 15:31 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 15:31 o/ 15:31 o/ 15:32 welcome back to a new year some of you 15:32 hello again to the others 15:32 let us get started 15:32 #topic current component mismatches 15:32 Mission: Identify required actions and spread the load among the teams 15:32 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 15:32 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:32 non proposed is very small now 15:32 \o/ 15:32 lxml is worked on by foundations I guess 15:32 yes slyon I see 15:32 good 15:33 the other is the known false positive 15:33 proposed has mostly known things 15:33 nut 15:33 dkim-perl 15:33 jaraco 15:33 I'm not sure I remember libqmi 15:33 and alembic I've seen long ago, seems to be needing something again 15:34 alembic was openstack IIRC - right jamespage? 15:34 o/ 15:34 it is 15:34 hi jbicha 15:34 https://bugs.launchpad.net/ubuntu/+source/python-typing-extensions/+bug/2002821 15:34 was filed 15:34 was reviewed 15:34 open to clear ... 15:34 hi o/ 15:35 libqmi is libqrtr-glib from last week 15:35 subscriptions all in place to support that 15:35 oh it seems only the subscription was missing 15:35 and it was approved before 15:36 yep - dependency looks to be coming in via jaraco and alembic now 15:36 yes the tree of deps changed 15:36 but it is ready 15:36 jamespage: will you promote it now that it is ready? 15:36 or do you want one of us to do so? 15:37 oh you can't 15:37 nope I can't ;) 15:37 needs an aa 15:37 sorry, my memory gave you more permissions 15:37 I'll do so tomorrow morning once I have time to do last saftey checks 15:37 I don't have the required superpoers 15:37 but it LGTM 15:38 next (as I learned of last week) https://bugs.launchpad.net/ubuntu/+source/libqrtr-glib/+bug/1963707 15:38 That was ok, seb completed the dependency for it to show up 15:38 I can promote that too then 15:39 +1 15:39 lsat but not least 15:39 on modbus we are waiting on Debian 15:39 not infinitely, but we want to give them time and if possible move together 15:39 FYI https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059985 15:39 going on in the agenda 15:39 #topic New MIRs 15:39 Mission: ensure to assign all incoming reviews for fast processing 15:39 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 15:40 oh wow 15:40 three new 15:40 https://bugs.launchpad.net/ubuntu/+source/gsasl/+bug/2044535 actually is only shown as it is up in the task list 15:40 the request is for libgssglue Edit 15:40 this seems to be a false positive 15:40 It's assigned to security 15:41 we need to mark this something else than New 15:41 doing so 15:41 Is it due to the unassigned gsasl task? 15:41 yes 15:41 Could probably be Invalid. 15:41 It was just to make it show up on foundations reports 15:41 I can handle that 15:41 ok 15:42 I've already updated 15:42 feel free to change it further 15:42 next two are christmas presents from seb128 15:42 https://bugs.launchpad.net/ubuntu/+source/speexdsp/+bug/2047149 15:42 https://bugs.launchpad.net/ubuntu/+source/roc-toolkit/+bug/2047150 15:42 both related to pipewire 15:42 to support more things 15:42 speex is a codec 15:42 what is roc ... 15:43 streaming 15:43 ok, either way 15:43 this needs reviewers 15:43 anyone up to take one this week? 15:44 I can take one for next tuesday 15:44 thx, handing you roc 15:44 jamespage: didrocks: joalif: anyone ok to review speexdsp ? 15:45 until the mid cycle spint I'm not sure I can handle one easily 15:46 (I just set pydantic to incomplete for jamepage 's review) 15:46 didrocks: mentioned he has a conflict usually now but is ok to pick one if highlighted, I'll do so and if impossible let me know and I'll try to squeeze it in ignoring the planning 15:46 thanks eslerm 15:46 ok, next agenda item 15:46 #topic Incomplete bugs / questions 15:46 Mission: Identify required actions and spread the load among the teams 15:46 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 15:46 pydantic eslerm mentioned 15:46 python-cssselect we mentioned before as well 15:47 and the dmarc related things are from mirespace 15:47 there was one update in one of those ... 15:47 reading 15:47 https://bugs.launchpad.net/ubuntu/+source/objgraph/+bug/2047821 ? 15:47 ok still on her 15:47 sarnold: that one is good 15:47 pydantic has security ack already, but upstream brought up a concern afterwards 15:47 that was there for a potential MIr 15:47 but fixed in cherrypy3 last few days 15:48 eslerm: oh is that what happened, reading ... 15:48 jamespage: I think the pydantic question is for you to answer that is from the openstack deps 15:49 will this change to v2 to not be stuck? 15:49 I'm not sure what stuck means, debian hasn't updated to v2 yet 15:49 the pydantic in debian seems unhappy https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058324 and the v2 uses rust https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052619 -- there may not be an easy path forward 15:49 https://github.com/pydantic/pydantic/tags 15:50 there are really many 2.x updates but only minimal fix updates on 1.x 15:50 eslerm: and they have no namespacing calling it pydantic2 to be co-installable or any such? 15:51 I'm not aware of that 15:51 hrm 15:51 ok, incomplete is right for james and the team to answer how they want to deal with that 15:51 it can be 1.x now, but we'd need a commitment to make it 2.x to maintain it in the long run - is that the correct state eslerm? 15:51 that feels appropriate to me 15:51 eslerm: would you require 2.x in noble or any time later? 15:52 likely, Seth? 15:52 security support in LTS would be much better with 2.x 15:52 I don't think that's under debate and I did comment on this - it just quite a wide set of packages to test and update to bump to 2 right now 15:52 I'm not sure "require" is quite the right word; the timing is pretty poor :( 15:52 indeed 15:52 +1 15:52 reading more of the backlog 15:53 we even discussed that 15:53 a change of this magnitude would be nice to do *before* an LTS release; I could easily imagine the upstream folks moving on to a hypothetical 2.1 and 2.2 etc in quick order, as they keep making progress... 15:53 we did 15:53 and I should remember as I posted in november 15:53 "- not going to 2.x for now, thanks for explaining" 15:53 hah, nice 15:53 ok, so this can go back to in-progress 15:53 was worth to make sure 15:53 upstreams comment was: "Just to confirm, I assume it will be pydantic V2 that's added to Ubuntu main?! It would be very unfortunate if an old and outdated version was added." 15:54 old, outdated, and hopefuilly stable :) 15:54 we will add v1 to main now and update it in the future to v2 15:54 sounds good to me 15:54 oh wow 15:54 the time 15:54 arr 15:54 let me go on 15:54 arrrr 15:54 #topic Process/Documentation improvements 15:55 Mission: Review pending process/documentation pull-requests or issues 15:55 #link https://github.com/canonical/ubuntu-mir/pulls 15:55 #link https://github.com/canonical/ubuntu-mir/issues 15:55 nothing new 15:55 #topic MIR related Security Review Queue 15:55 Mission: Check on progress, do deadlines seem doable? 15:55 Some clients can only work with one, some with the other escaping - the URLs point to the same place. 15:55 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:55 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:55 Internal link 15:55 - ensure your teams items are prioritized among each other as you'd expect 15:55 - ensure community requests do not get stomped by teams calling for favors too much 15:55 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 15:55 have things started to speed up again now that people come back? 15:55 wow, so clean! 15:55 oh well, I have a filter on :D 15:55 they have not; we've had this conversation with upstream as part of working the pydantic mir 15:55 ha ;) 15:56 but it's not yet recovered full velocity 15:56 setting up training for libgssglue MIR, email mirs should be handled 15:56 fdk-aac-free may need to be assigned 15:57 libmysofa is waiting on upstream fixes 15:57 isn't that icon saying Jorge is on it? 15:57 yes, it is his first mir 15:57 welcoem then :-) 15:57 \o/ 15:57 :D 15:58 I love to see your team grow 15:58 from the certs/fips team for crypto too :) 15:58 me too 15:58 well, I think it is time for 15:58 #topic Any other business? 15:58 nothing else from me 15:58 none here 15:58 slyon: jamespage: ? 15:58 nothing 15:58 I'd like to connect with slyon about growing the rust core set, but offline 15:58 ack 15:58 ack 15:58 well then, goodbye 15:58 see you next week 15:58 o/ 15:59 and happy review, fixing and all else 15:59 #endmeeting