15:29 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status 15:29 <meetingology> Meeting started at 15:29:54 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 15:29 <meetingology> Available commands: action, commands, idea, info, link, nick 15:29 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 15:30 <cpaelzer> I know I'm early, but wanted to get the ping out in time 15:30 <slyon> o/ 15:30 <eslerm> hello o/ 15:30 <cpaelzer> #topic current component mismatches 15:30 <cpaelzer> Mission: Identify required actions and spread the load among the teams 15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:31 <cpaelzer> wow 15:31 <cpaelzer> the new nvidia driver is wanted a lot 15:31 <cpaelzer> I'm not in the mood to count the lines 15:31 <cpaelzer> but those are normal, no new MIR needed and the team handles them well 15:31 <cpaelzer> no action needed 15:31 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760 is open 15:32 <cpaelzer> I guess we will see that later as it seems ready for review 15:32 <slyon> yes 15:32 <joalif> o/ 15:32 <eslerm> (just curious, how would I run mismatch on an arbitrary universe package to see its MIR requirements) 15:32 <cpaelzer> dkim-perl is known and still worked on by mirespace 15:32 <sarnold> good morning 15:33 <cpaelzer> eslerm: https://github.com/canonical/ubuntu-mir?tab=readme-ov-file#tools 15:33 <eslerm> thanks! 15:33 <cpaelzer> IIRC I wrote my own as it wasn't doing recursive needs 15:33 <cpaelzer> not sure anymore, it was long long ago 15:33 <cpaelzer> it is the right start 15:33 <cpaelzer> the rest in mismatches is also known 15:33 <cpaelzer> python-infelct 15:34 <cpaelzer> the same cssselect 15:34 <cpaelzer> and known logcheck->esmtp 15:34 <cpaelzer> going on in the agenda ... 15:34 <cpaelzer> #topic New MIRs 15:34 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing 15:34 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 15:34 <cpaelzer> as assumed 15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760 15:34 <cpaelzer> and also 15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libnet-idn-encode-perl/+bug/2038929 15:34 <cpaelzer> let me read the discussion ont he latter 15:35 <slyon> I assume the latter could be WONTFIX, as mirespace changed the reverse-dependency, so that it is no longer needed 15:35 <cpaelzer> yeah that is how I read the comments too 15:36 <cpaelzer> The former looks for a reviewer 15:36 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760 15:37 <cpaelzer> we have slyon and me and it is slyon's case ... avoiding self-review I think I have to take this one 15:37 <cpaelzer> While I have more sprint things to prep that should squeeze in well (hope dies last) 15:38 <cpaelzer> #topic Incomplete bugs / questions 15:38 <slyon> The MIR templated used here ^ is a bit outdated. mkukri is willing to update it if needed. But overall the package seems to be in good shape, so we should be fine reviewing as-is, IMO 15:38 <cpaelzer> Mission: Identify required actions and spread the load among the teams 15:38 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 15:38 <slyon> cpaelzer: joalif was also waving above 15:38 <cpaelzer> oh, blind me 15:38 <cpaelzer> indeed 15:38 <joalif> I was about to write the same :p 15:38 * cpaelzer opens eyes 15:38 <joalif> I can take one 15:38 <cpaelzer> I've seen the security folks and slyon - sorry joalif 15:38 <joalif> no worries 15:38 <slyon> squeezing it in between a sprint, might not be the best idea 15:38 <joalif> i was abit late to the party 15:39 <cpaelzer> passed cssselect to you then joalif 15:39 <joalif> ok 15:39 <slyon> thx joalif! 15:39 <cpaelzer> I'll need to thank you in my sprint presentation somehow now ... 15:39 <sarnold> :) 15:39 <cpaelzer> comments on https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2015538 15:40 <mkukri> i unfortunately didnt have time to impove python3-cssselect today, but will have it done by next week 15:40 <cpaelzer> That is a Debian maintainer and upstream systemd contributor offering to help 15:40 <eslerm> I asked SEG and there wasn't extra capacity to take dbus-brokers wrapper 15:40 <cpaelzer> But it will still be O-release 15:40 <slyon> mkukri: please coordinate with joalif about that (maybe it's not needed) 15:40 <cpaelzer> eslerm: interesting, what was the answer? 15:41 <cpaelzer> it is kind of a very soon or in 24.10 atm right? 15:41 <eslerm> it was a favor request, they mentioned that they were tight on people but someone *might* be interested to take it on 15:41 <eslerm> adding the wrapper likely needs to go on a roadmap 15:41 <sarnold> yeah, and it's a large enough change that even if it were done today, I think there'd be serious questions about switching to it now 15:42 <cpaelzer> by not finding time we are also becoming one of the few that have not yet switched :-/ 15:42 <cpaelzer> fedora changed ages ago, arch did announce the same last week 15:42 <sarnold> err .. the first "large change" is switching dbus implementations; the second "it were done today" was the (presumably) smallish wrapper 15:42 <eslerm> Security eyeballed how much work the wrapper would take during the review. There's a little bit of process state handling, but not much 15:42 <cpaelzer> maybe the link is worth adding to second the rationale? 15:43 <eslerm> I can 15:43 <cpaelzer> I'll add it 15:44 <slyon> dbus-broker was mostly driven by desktop. I wonder if seb128 is interested in merging v35 (even though it's in universe)? Just to keep it up to date 15:44 <cpaelzer> I still doubt this can happen without Desktop finding and dedicating resources to it 15:45 <slyon> adding the wrapper is another story then 15:45 <cpaelzer> ack 15:45 <cpaelzer> in the context of the MIR meeting this is interesting but not blocking us 15:45 <cpaelzer> would one ping Seb and others to ensure they reconsider it again as it is kind of the last chance to do so? 15:46 <slyon> I can 15:46 <cpaelzer> thx 15:46 <cpaelzer> #topic Process/Documentation improvements 15:46 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues 15:46 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls 15:46 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues 15:46 <cpaelzer> no new entries 15:46 <cpaelzer> some wnated to discuss offline about base-sets 15:46 <cpaelzer> any major change already on that front? 15:47 <eslerm> some in Foundations MM 15:47 <eslerm> not a major roadmap item atm, but there is related work to do 15:47 <slyon> verdict was that the Foundations toolchain squad does not have capacity to work on it this cycle, but security might start working on some relevant tooling 15:47 <cpaelzer> ok 15:47 <cpaelzer> thanks for the update 15:47 <cpaelzer> #topic MIR related Security Review Queue 15:47 <cpaelzer> Mission: Check on progress, do deadlines seem doable? 15:47 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place. 15:47 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:47 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:47 <cpaelzer> Internal link 15:48 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect 15:48 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much 15:48 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 15:48 <cpaelzer> There seem to be 6 in TODO+Backlog 15:48 <cpaelzer> given that we are closing in towards FF and with a bit more distance towards release 15:48 <cpaelzer> could security do a spike to get those handled? 15:49 <eslerm> I'm training the certs/fips folks for MIRs after this meeting (libgssglue) and setting up similar meeting for fdk-aac-free 15:49 <cpaelzer> well, that is great to hear 15:49 <eslerm> the perl ones are more or less done, it would be nice if another perl one was ready 15:49 <eslerm> libmysofa is still in upstream's hands iiuc 15:49 <cpaelzer> libmail-mime-perl is in TODO 15:49 <eslerm> openscap is a backlog security task (not for MIR) 15:49 <eslerm> I'm not aware of roc-toolkit yet 15:49 * eslerm looks 15:50 <cpaelzer> arr, that was one that was switched away 15:50 <cpaelzer> you might want to remove the card in your jira though 15:50 <slyon> eslerm: I finished roc-toolkit MIR review today. It's ready for security review 15:50 <eslerm> \o/ 15:50 <eslerm> I'll try to assign it this week 15:50 <cpaelzer> I'll ping mirespace if there are any more perl MIRs waiting to get them to us asap for you to be able to use them for training 15:51 <eslerm> thank you 15:51 <eslerm> Andrei has worked up a perl fuzzing process for those 15:52 <cpaelzer> ok, I pinged mirespace about it 15:52 <eslerm> perl turns out not to be great for training though :) 15:52 <mirespace> cpaelzer: They all are submitted 15:52 <cpaelzer> ah 15:52 <cpaelzer> well, great 15:52 <cpaelzer> afte rso many months of yet another no one thought of that to be possible :-) 15:52 <mirespace> hehe... well, let's see how libcryptX evolves :( 15:52 <sarnold> mirespace: woo :) nice work working those through :) 15:53 <cpaelzer> mirespace: libcryptx was the bad one enmbedding another version of a lib right? 15:53 <mirespace> thanks sarnold! :$ 15:53 <mirespace> yes, that one 15:53 <cpaelzer> *sigh* 15:53 <cpaelzer> why can't things ever be easy 15:54 <cpaelzer> mirespace: hmm, reading the comment 15:54 <cpaelzer> it seems you wait for us on this 15:54 <cpaelzer> but by being assigned to you it won't show up in any query 15:54 <cpaelzer> let me löink it here 15:54 <cpaelzer> for us to have a look now 15:54 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libcryptx-perl/+bug/2046154 15:54 <cpaelzer> I'd appreciate we all could have a look to conclude on ways forward 15:55 <cpaelzer> option #1 sounds even worse :-/ 15:56 <cpaelzer> for #2 - sad that even that ed25519 uses the embedded tomcrypt 15:56 <eslerm> I'll bring this LP up during the fips/certs mir training 15:56 <slyon> maybe adrien does have an opinion on that? 15:57 <cpaelzer> I see how #3 is the easiest, but OTOH the one taking way the function users want from this whole stack of tools 15:57 <eslerm> slyon: I'll ask 15:57 <mirespace> I'm working on trying to separate ed255519 from dkim itself at putting it like recommend... there is a sodium based perl lib that that handles also ed255519, but is pretty abandoned 15:58 <cpaelzer> I think I miss #4 - make this an optional dependency, so that some encryptions work out of the bux and others are a suggest to a universe package 15:58 <mirespace> (sorry, I put a extra that ) 15:58 <cpaelzer> really I'd love to see adriens and eslerm (after bringing it up) thoughts on this 15:58 <sarnold> I'd love to know if they're abandoned because they are working fine and don't need maintaining, or if they're so busted that the authors gave up :( 15:58 <cpaelzer> after all they might say "ok, while not great - using it as is is the least bad option" 15:59 <cpaelzer> I mean I found that the embedded lib is more up to date than the lib itself 15:59 <sarnold> ha 15:59 <cpaelzer> time is running out 15:59 <mirespace> (sorry, I need to drop ... thank you all) 15:59 <sarnold> bye mirespace :) thanks 15:59 <cpaelzer> looking forwadr to seeing your comment on the case later on 15:59 <cpaelzer> we all need to drop ... 16:00 <cpaelzer> #topic Any other business? 16:00 <sarnold> noen here 16:00 <cpaelzer> last minute urgent things? 16:00 <slyon> nope 16:00 <cpaelzer> not from me 16:00 <joalif> none from me 16:00 <eslerm> thanks all o/ 16:00 <cpaelzer> nice, over and out 16:00 <slyon> thanks cpaelzer, all! 16:00 <sarnold> thanks cpaelzer, all :) 16:00 <cpaelzer> #endmeeting