15:29 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
15:29 <meetingology> Meeting started at 15:29:54 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
15:29 <meetingology> Available commands: action, commands, idea, info, link, nick
15:29 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )
15:30 <cpaelzer> I know I'm early, but wanted to get the ping out in time
15:30 <slyon> o/
15:30 <eslerm> hello o/
15:30 <cpaelzer> #topic current component mismatches
15:30 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
15:31 <cpaelzer> wow
15:31 <cpaelzer> the new nvidia driver is wanted a lot
15:31 <cpaelzer> I'm not in the mood to count the lines
15:31 <cpaelzer> but those are normal, no new MIR needed and the team handles them well
15:31 <cpaelzer> no action needed
15:31 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760 is open
15:32 <cpaelzer> I guess we will see that later as it seems ready for review
15:32 <slyon> yes
15:32 <joalif> o/
15:32 <eslerm> (just curious, how would I run mismatch on an arbitrary universe package to see its MIR requirements)
15:32 <cpaelzer> dkim-perl is known and still worked on by mirespace
15:32 <sarnold> good morning
15:33 <cpaelzer> eslerm: https://github.com/canonical/ubuntu-mir?tab=readme-ov-file#tools
15:33 <eslerm> thanks!
15:33 <cpaelzer> IIRC I wrote my own as it wasn't doing recursive needs
15:33 <cpaelzer> not sure anymore, it was long long ago
15:33 <cpaelzer> it is the right start
15:33 <cpaelzer> the rest in mismatches is also known
15:33 <cpaelzer> python-infelct
15:34 <cpaelzer> the same cssselect
15:34 <cpaelzer> and known logcheck->esmtp
15:34 <cpaelzer> going on in the agenda ...
15:34 <cpaelzer> #topic New MIRs
15:34 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
15:34 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
15:34 <cpaelzer> as assumed
15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760
15:34 <cpaelzer> and also
15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libnet-idn-encode-perl/+bug/2038929
15:34 <cpaelzer> let me read the discussion ont he latter
15:35 <slyon> I assume the latter could be WONTFIX, as mirespace changed the reverse-dependency, so that it is no longer needed
15:35 <cpaelzer> yeah that is how I read the comments too
15:36 <cpaelzer> The former looks for a reviewer
15:36 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-cssselect/+bug/2048760
15:37 <cpaelzer> we have slyon and me and it is slyon's case ... avoiding self-review I think I have to take this one
15:37 <cpaelzer> While I have more sprint things to prep that should squeeze in well (hope dies last)
15:38 <cpaelzer> #topic Incomplete bugs / questions
15:38 <slyon> The MIR templated used here ^ is a bit outdated. mkukri is willing to update it if needed. But overall the package seems to be in good shape, so we should be fine reviewing as-is, IMO
15:38 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:38 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
15:38 <slyon> cpaelzer: joalif was also waving above
15:38 <cpaelzer> oh, blind me
15:38 <cpaelzer> indeed
15:38 <joalif> I was about to write the same :p
15:38 * cpaelzer opens eyes
15:38 <joalif> I can take one
15:38 <cpaelzer> I've seen the security folks and slyon - sorry joalif
15:38 <joalif> no worries
15:38 <slyon> squeezing it in between a sprint, might not be the best idea
15:38 <joalif> i was abit late to the party
15:39 <cpaelzer> passed cssselect to you then joalif
15:39 <joalif> ok
15:39 <slyon> thx joalif!
15:39 <cpaelzer> I'll need to thank you in my sprint presentation somehow now ...
15:39 <sarnold> :)
15:39 <cpaelzer> comments on https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2015538
15:40 <mkukri> i unfortunately didnt have time to impove python3-cssselect today, but will have it done by next week
15:40 <cpaelzer> That is a Debian maintainer and upstream systemd contributor offering to help
15:40 <eslerm> I asked SEG and there wasn't extra capacity to take dbus-brokers wrapper
15:40 <cpaelzer> But it will still be O-release
15:40 <slyon> mkukri: please coordinate with joalif about that (maybe it's not needed)
15:40 <cpaelzer> eslerm: interesting, what was the answer?
15:41 <cpaelzer> it is kind of a very soon or in 24.10 atm right?
15:41 <eslerm> it was a favor request, they mentioned that they were tight on people but someone *might* be interested to take it on
15:41 <eslerm> adding the wrapper likely needs to go on a roadmap
15:41 <sarnold> yeah, and it's a large enough change that even if it were done today, I think there'd be serious questions about switching to it now
15:42 <cpaelzer> by not finding time we are also becoming one of the few that have not yet switched :-/
15:42 <cpaelzer> fedora changed ages ago, arch did announce the same last week
15:42 <sarnold> err .. the first "large change" is switching dbus implementations; the second "it were done today" was the (presumably) smallish wrapper
15:42 <eslerm> Security eyeballed how much work the wrapper would take during the review. There's a little bit of process state handling, but not much
15:42 <cpaelzer> maybe the link is worth adding to second the rationale?
15:43 <eslerm> I can
15:43 <cpaelzer> I'll add it
15:44 <slyon> dbus-broker was mostly driven by desktop. I wonder if seb128 is interested in merging v35 (even though it's in universe)? Just to keep it up to date
15:44 <cpaelzer> I still doubt this can happen without Desktop finding and dedicating resources to it
15:45 <slyon> adding the wrapper is another story then
15:45 <cpaelzer> ack
15:45 <cpaelzer> in the context of the MIR meeting this is interesting but not blocking us
15:45 <cpaelzer> would one ping Seb and others to ensure they reconsider it again as it is kind of the last chance to do so?
15:46 <slyon> I can
15:46 <cpaelzer> thx
15:46 <cpaelzer> #topic Process/Documentation improvements
15:46 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
15:46 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
15:46 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
15:46 <cpaelzer> no new entries
15:46 <cpaelzer> some wnated to discuss offline about base-sets
15:46 <cpaelzer> any major change already on that front?
15:47 <eslerm> some in Foundations MM
15:47 <eslerm> not a major roadmap item atm, but there is related work to do
15:47 <slyon> verdict was that the Foundations toolchain squad does not have capacity to work on it this cycle, but security might start working on some relevant tooling
15:47 <cpaelzer> ok
15:47 <cpaelzer> thanks for the update
15:47 <cpaelzer> #topic MIR related Security Review Queue
15:47 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
15:47 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
15:47 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:47 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:47 <cpaelzer> Internal link
15:48 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
15:48 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
15:48 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
15:48 <cpaelzer> There seem to be 6 in TODO+Backlog
15:48 <cpaelzer> given that we are closing in towards FF and with a bit more distance towards release
15:48 <cpaelzer> could security do a spike to get those handled?
15:49 <eslerm> I'm training the certs/fips folks for MIRs after this meeting (libgssglue) and setting up similar meeting for fdk-aac-free
15:49 <cpaelzer> well, that is great to hear
15:49 <eslerm> the perl ones are more or less done, it would be nice if another perl one was ready
15:49 <eslerm> libmysofa is still in upstream's hands iiuc
15:49 <cpaelzer> libmail-mime-perl is in TODO
15:49 <eslerm> openscap is a backlog security task (not for MIR)
15:49 <eslerm> I'm not aware of roc-toolkit yet
15:49 * eslerm looks
15:50 <cpaelzer> arr, that was one that was switched away
15:50 <cpaelzer> you might want to remove the card in your jira though
15:50 <slyon> eslerm: I finished roc-toolkit MIR review today. It's ready for security review
15:50 <eslerm> \o/
15:50 <eslerm> I'll try to assign it this week
15:50 <cpaelzer> I'll ping mirespace if there are any more perl MIRs waiting to get them to us asap for you to be able to use them for training
15:51 <eslerm> thank you
15:51 <eslerm> Andrei has worked up a perl fuzzing process for those
15:52 <cpaelzer> ok, I pinged mirespace about it
15:52 <eslerm> perl turns out not to be great for training though :)
15:52 <mirespace> cpaelzer: They all are submitted
15:52 <cpaelzer> ah
15:52 <cpaelzer> well, great
15:52 <cpaelzer> afte rso many months of yet another no one thought of that to be possible :-)
15:52 <mirespace> hehe... well, let's see how libcryptX evolves :(
15:52 <sarnold> mirespace: woo :) nice work working those through :)
15:53 <cpaelzer> mirespace: libcryptx was the bad one enmbedding another version of a lib right?
15:53 <mirespace> thanks sarnold! :$
15:53 <mirespace> yes, that one
15:53 <cpaelzer> *sigh*
15:53 <cpaelzer> why can't things ever be easy
15:54 <cpaelzer> mirespace: hmm, reading the comment
15:54 <cpaelzer> it seems you wait for us on this
15:54 <cpaelzer> but by being assigned to you it won't show up in any query
15:54 <cpaelzer> let me löink it here
15:54 <cpaelzer> for us to have a look now
15:54 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libcryptx-perl/+bug/2046154
15:54 <cpaelzer> I'd appreciate we all could have a look to conclude on ways forward
15:55 <cpaelzer> option #1 sounds even worse :-/
15:56 <cpaelzer> for #2 - sad that even that ed25519 uses the embedded tomcrypt
15:56 <eslerm> I'll bring this LP up during the fips/certs mir training
15:56 <slyon> maybe adrien does have an opinion on that?
15:57 <cpaelzer> I see how #3 is the easiest, but OTOH the one taking way the function users want from this whole stack of tools
15:57 <eslerm> slyon: I'll ask
15:57 <mirespace> I'm  working on trying to separate ed255519 from dkim itself at putting it like recommend... there is a sodium based perl lib that that handles also ed255519, but is pretty abandoned
15:58 <cpaelzer> I think I miss #4 - make this an optional dependency, so that some encryptions work out of the bux and others are a suggest to a universe package
15:58 <mirespace> (sorry, I put a extra that )
15:58 <cpaelzer> really I'd love to see adriens and eslerm (after bringing it up) thoughts on this
15:58 <sarnold> I'd love to know if they're abandoned because they are working fine and don't need maintaining, or if they're so busted that the authors gave up :(
15:58 <cpaelzer> after all they might say "ok, while not great - using it as is is the least bad option"
15:59 <cpaelzer> I mean I found that the embedded lib is more up to date than the lib itself
15:59 <sarnold> ha
15:59 <cpaelzer> time is running out
15:59 <mirespace> (sorry, I need to drop ... thank you all)
15:59 <sarnold> bye mirespace :) thanks
15:59 <cpaelzer> looking forwadr to seeing your comment on the case later on
15:59 <cpaelzer> we all need to drop ...
16:00 <cpaelzer> #topic Any other business?
16:00 <sarnold> noen here
16:00 <cpaelzer> last minute urgent things?
16:00 <slyon> nope
16:00 <cpaelzer> not from me
16:00 <joalif> none from me
16:00 <eslerm> thanks all o/
16:00 <cpaelzer> nice, over and out
16:00 <slyon> thanks cpaelzer, all!
16:00 <sarnold> thanks cpaelzer, all :)
16:00 <cpaelzer> #endmeeting