== Meeting information ==

 * #ubuntu-meeting: Weekly Main Inclusion Requests status meeting, started by cpaelzer, 20 Feb at 15:31 — 16:04 UTC.
 * Full logs at https://ubottu.com/meetingology/logs/ubuntu-meeting/2024/ubuntu-meeting.2024-02-20-15.31.log.html



== Meeting summary ==

=== current component mismatches ===

Discussion started by cpaelzer at 15:31.

 * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg   (cpaelzer, 15:31)
 * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches.svg   (cpaelzer, 15:31)

=== New MIRs ===

Discussion started by cpaelzer at 15:34.

 * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir   (cpaelzer, 15:34)

=== Incomplete bugs / questions ===

Discussion started by cpaelzer at 15:35.

 * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir   (cpaelzer, 15:35)
 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/libmail-dmarc-perl/+bug/2023971 is back on mirespace  (cpaelzer, 15:36)
 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/bpfcc/+bug/2052813 I reviewed today  (cpaelzer, 15:36)
 * ''LINK:'' https://github.com/bus1/dbus-broker/pull/321   (eslerm, 15:49)

=== Process/Documentation improvements ===

Discussion started by cpaelzer at 15:54.

 * ''LINK:'' https://github.com/canonical/ubuntu-mir/pulls   (cpaelzer, 15:54)
 * ''LINK:'' https://github.com/canonical/ubuntu-mir/issues   (cpaelzer, 15:54)

=== MIR related Security Review Queue ===

Discussion started by cpaelzer at 15:54.

 * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir   (cpaelzer, 15:54)
 * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir   (cpaelzer, 15:54)
 * ''LINK:'' https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594   (cpaelzer, 15:54)

=== Any other business? ===

Discussion started by cpaelzer at 15:56.

 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/wsl-pro-service/+bug/2052495   (eslerm, 15:56)



== People present (lines said) ==

 * cpaelzer (135)
 * eslerm (23)
 * sarnold (22)
 * slyon (13)
 * mkukri (3)
 * meetingology (2)
 * jbicha (2)



== Full log ==


 15:31 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status

 15:31 <meetingology> Meeting started at 15:31:12 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology

 15:31 <meetingology> Available commands: action, commands, idea, info, link, nick

 15:31 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )

 15:31 <slyon> o/

 15:31 <cpaelzer> hello party people

 15:31 <cpaelzer> #topic current component mismatches

 15:31 <cpaelzer> Mission: Identify required actions and spread the load among the teams

 15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg

 15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg

 15:31 <cpaelzer> That is not much ...

 15:32 <cpaelzer> we still have kexec-tools -> xen, I guess my ping to xnox last week might no more help as much depending on his priorities now

 15:32 <cpaelzer> Let me bring this up in #kernel for awareness

 15:33 <cpaelzer> done

 15:34 <cpaelzer> on libcryptx I know that miriam has an upload to make he expected change up for review

 15:34 <cpaelzer> so that dependency will soon be gone

 15:34 <cpaelzer> #topic New MIRs

 15:34 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing

 15:34 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir

 15:34 <cpaelzer> we had plenty last two weeks

 15:34 <sarnold> good morning

 15:34 <cpaelzer> let us have a look this week

 15:34 <cpaelzer> hi sarnold

 15:34 <cpaelzer> wow

 15:35 <cpaelzer> as calm as component mismatches

 15:35 <cpaelzer> well, ok

 15:35 <cpaelzer> #topic Incomplete bugs / questions

 15:35 <sarnold> .. is it working? :)

 15:35 <cpaelzer> Mission: Identify required actions and spread the load among the teams

 15:35 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir

 15:35 <cpaelzer> ok I see plenty of recent updates here

 15:36 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libmail-dmarc-perl/+bug/2023971 is back on mirespace

 15:36 <cpaelzer> thanks joalif for the review

 15:36 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/bpfcc/+bug/2052813 I reviewed today

 15:36 <cpaelzer> it is ok but with quite a few required and recommended todos

 15:36 <cpaelzer> here in particular I wanted to ask eslerm and sarnold something

 15:37 <cpaelzer> could you open my review and scroll to the [Security] section

 15:37 <cpaelzer> In this case I'm not sure if I should say we need or do not need a security review

 15:37 <cpaelzer> WDYT?

 15:38 <sarnold> I'm

 15:38 <cpaelzer> yes you are

 15:38 <sarnold> :D

 15:38 <sarnold> I'm not sure either; on the one hand, administrative privilege is required to run these, so there's a thin barrier at best

 15:38 <sarnold> most of the security layer happens in the kernel

 15:38 <cpaelzer> yes, by BPF being in isolation there

 15:39 <cpaelzer> some isolation

 15:39 <cpaelzer> here is the deal, if you say you do not think it is needed, my call will be it is not needed

 15:39 <eslerm> I'll let sarnold decide

 15:39 <cpaelzer> and then we are fine

 15:39 <eslerm> a quick review might remove some footguns

 15:39 <cpaelzer> if you say, no you want - then I go that way

 15:39 <sarnold> I believe that this package itself is very little risk to the security team, but the kernel portion might -- so, I'm inclined to say that this doesn't need security team review

 15:40 <cpaelzer> eslerm: is there a good way to express "we should have a quick check but not a full reivew"

 15:40 <eslerm> likely :)

 15:41 <cpaelzer> hehe

 15:41 <cpaelzer> how about you volunteer for that "quick but not full" check

 15:41 <cpaelzer> then the solution is that I'll assign you

 15:41 <cpaelzer> actually it is back with mkukri so I'd subscribe you

 15:41 <eslerm> a short audit might find something useful to report upstream, it might just be bugs, if the security context cannot be made worse by bugs

 15:42 <eslerm> I can do that

 15:42 <cpaelzer> thank you

 15:42 <eslerm> (i.e., only bugs exist if you are already root, not vulnerabilities)

 15:42 <cpaelzer> you are subscvribed

 15:42 <cpaelzer> "subscribed"

 15:42 <cpaelzer> next is https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2015538

 15:42 <mkukri> oh anything is fine by me as far as these MIRs go

 15:43 <mkukri> current plan is for me to address the TODOs next week and hopefully get it uploaded by FF

 15:43 <cpaelzer> thanks mkukri if only we'd have known that we could dump anything on you as part of this :-P

 15:43 <slyon> cpaelzer: so you helped get the apparmor delta upstreamed into Debian dbus-broker? We should be able to drop the Ubuntu delta then, right?

 15:43 <mkukri> "these MIRs" as in the ones already assigned, anything extra will have to go through foundations managers, am afraid :)

 15:44 <cpaelzer> yes slyon the Debian maintainer is helpful and friendly, he asked for that delta even

 15:44 <cpaelzer> and on the bug he helped to explain to resolve some of the discussions

 15:44 <cpaelzer> like not ever fully replacing dbus anyway because dbus-run-session from the src:dbus package works just fine

 15:44 <cpaelzer> that directly addresses a concern of eslerm

 15:45 <cpaelzer> and overall makes this more likely to work out

 15:45 <cpaelzer> I have no good overview of what else is left open here, but it could go back to seb128 to reconsider

 15:45 <cpaelzer> jbicha: ^^ could you pass that info on please as seb seems to not be around atm

 15:45 <sarnold> should we then ask for a split of src:dbus into one package for dbus-run-session, one package for the policy/config/deps that bluca mentions, and one package (for universe) for the daemon that we want to demote?

 15:46 <cpaelzer> sarnold: IMHO no, we have packages where we explicitly say "this binary in main, the rest not"

 15:46 <sarnold> cpaelzer: hah, I see I forgot the word 'binary' in there

 15:46 <cpaelzer> doing that here is much smaller maintenance effort than keeping a huge delta splitting the source

 15:46 <cpaelzer> oh

 15:47 <cpaelzer> yeah, that "splitting the binaries to just keep what we want in main" would be a good next step then

 15:47 <eslerm> +1

 15:48 <slyon> +1

 15:48 <cpaelzer> I added a comment on the bug

 15:48 <eslerm> a rust vendored version of dbus-broker-session is also needed, right?

 15:48 <slyon> I also just synced the dbus-broker package

 15:48 <cpaelzer> thank you for the discussion

 15:48 <cpaelzer> yes eslerm, that is one of the known required todos

 15:48 <eslerm> dbus-broker-session is still in PR iiuc

 15:49 <cpaelzer> interesting

 15:49 <eslerm> https://github.com/bus1/dbus-broker/pull/321

 15:49 <cpaelzer> wow

 15:49 <cpaelzer> next incomplete is https://bugs.launchpad.net/ubuntu/+source/gnome-snapshot/+bug/2052652

 15:49 <slyon> but bluca mentions we could keep using dbus-run-session (if it is split into an separate binary anyway)

 15:49 <cpaelzer> got a review by slyon

 15:49 <cpaelzer> ack slyon, that is how I understood it too

 15:50 <eslerm> ah, ack

 15:50 <cpaelzer> So I guess this is just back to the requesting team to resolve required TODOs

 15:50 <slyon> gnome-snapshot has quite some TODOs for jbicha. I wonder if we should already get this into security-queue, as it seems time sensitive?

 15:50 <cpaelzer> it will go to the security reivew

 15:50 <cpaelzer> so you might want to add that to the queue already despite being back for open tasks

 15:50 <cpaelzer> hehe

 15:50 <cpaelzer> we thought alike slyon

 15:50 <slyon> hehe

 15:50 <cpaelzer> sarnold: eslerm: WDYT?

 15:51 <sarnold> yeah, we should be pulling things forward as we can

 15:51 <eslerm> I prefer things hitting our queue early

 15:51 <jbicha> I'll forward this conversation to Seb but I believe he won't be able to respond this week

 15:51 <cpaelzer> ok, do it!

 15:52 <cpaelzer> jbicha: thank you, feel free to respond in his name or pull in others as you see appropriate (or don't - really up to you)

 15:52 <cpaelzer> next recent incomplete is https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/2051916

 15:52 <cpaelzer> yet another review done, thanks didrocks

 15:52 <cpaelzer> again having lots of required and some recommended TODOs

 15:52 <cpaelzer> that is back on Paul for now

 15:52 <eslerm> should security review this while others are working on TODOs?

 15:52 <cpaelzer> a bit symbols, plenty of testing .- just like bpfcc actually

 15:53 <cpaelzer> this again was called to need a review

 15:53 <cpaelzer> so yes, to bring things forward I think it would be great to add that to the queue already as well

 15:53 <slyon> upils: is working on this actively

 15:53 <cpaelzer> I need to keep time in mind, so I'll go on

 15:53 <cpaelzer> but this section was very worthwhile today

 15:54 <cpaelzer> bringing a lot of things forwards

 15:54 <cpaelzer> #topic Process/Documentation improvements

 15:54 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues

 15:54 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls

 15:54 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues

 15:54 <cpaelzer> nothing new

 15:54 <cpaelzer> #topic MIR related Security Review Queue

 15:54 <cpaelzer> Mission: Check on progress, do deadlines seem doable?

 15:54 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.

 15:54 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir

 15:54 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir

 15:54 <cpaelzer> Internal link

 15:54 <slyon> we fixed the graph last week with dviererbe :)

 15:54 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect

 15:54 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much

 15:54 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594

 15:54 <cpaelzer> we just said we will add two

 15:54 <cpaelzer> awesome slyon and dviererbe

 15:54 <eslerm> I added a comment to https://bugs.launchpad.net/ubuntu/+source/fdk-aac-free/+bug/1977614

 15:54 <sarnold> slyon woo! :) thanks

 15:55 <cpaelzer> thanks eslerm

 15:55 <cpaelzer> that was jbicha requesting that, he might know if that is of current priority or not

 15:56 <cpaelzer> I'll go on in the agenda ...

 15:56 <cpaelzer> #topic Any other business?

 15:56 <eslerm> I have one more question

 15:56 <cpaelzer> I had all mine above already

 15:56 <cpaelzer> shoot eslerm

 15:56 <eslerm> https://bugs.launchpad.net/ubuntu/+source/wsl-pro-service/+bug/2052495

 15:56 <cpaelzer> not to be considered an order

 15:56 <eslerm> is any special consideration needed for promoting to older LTS'

 15:57 <cpaelzer> ok, I know a bit of that context

 15:57 <jbicha> yes, we'd like to get fdk-aac-free into main for Noble. I will ping my Fedora contacts today about the fork being outdated

 15:57 <slyon> eslerm: so far the package is not even available on older series... so I would ignore it for now?

 15:57 <eslerm> thanks jbicha

 15:57 <eslerm> ack, thanks slyon

 15:57 <eslerm> so, our review would not be acking old LTS then ?

 15:57 <cpaelzer> the consideration we had in the past

 15:57 <slyon> the owning team should request MIR for the older series once it's ready

 15:58 <eslerm> sounds good to me

 15:58 <cpaelzer> slyon: but here they requested it right away

 15:58 <cpaelzer> they did spell out that this will immediately go back to older releases

 15:58 <cpaelzer> what we have done in that case in the past

 15:58 <slyon> eslerm: yes. We'll probably have the same version backported to older LTS (I assume)... so an follow-up MIR for older LTS should be easy

 15:58 <cpaelzer> was looking if that adds any special issues

 15:58 <sarnold> cpaelzer: wsl currently plays no part in any of the testing anywhere in the companym, as far as I can tell: there's no britney, none of the security team tests have ever been tested in wsl, etc. it's always felt like a "well, if it works, that's neat" sort of thing

 15:58 <cpaelzer> like, dependencies or the context no more working

 15:59 <sarnold> cpaelzer: it's weird to me to be considering selling pro for wsl without having the basic testing story covered

 15:59 <cpaelzer> and then we have said "this is ok, also for those releases"

 15:59 <cpaelzer> sarnold: this is for pro in wsl as you say, and that is actually tested daily and on any change by the Desktop team owning this agent and by the pro team it is tested as well from the other POV to this

 16:00 <cpaelzer> pro on wsl, does not make this story any different

 16:00 <cpaelzer> we could also say we need tests on each cloud, each container stack, ... then

 16:00 <cpaelzer> but we do not

 16:00 <eslerm> I believe security can proceed with only Nobel in mind (a conditional ack for just 24.04 if needed) while this is all worked out

 16:00 <sarnold> can windows execute systemd yet?

 16:01 <sarnold> as far as I know, the clouds can, and some of the containers do, some do not..

 16:01 <cpaelzer> to be clear, you can have a lot of things in WSL already, even pro works there. But it isn't called that way and this makes it able to enable it more smoothly.

 16:01 <slyon> sarnold: I remember helping with systemd support for wsl in the past, so probably yes

 16:01 <cpaelzer> yes, it can in some environments

 16:02 <sarnold> I seem to recall lucy making it work, but does the thing that we or microsoft ship work?

 16:02 <cpaelzer> it isn't as bad as you might think :-)

 16:02 <sarnold> I think comparing it to a new architecture is perhaps the better comparison

 16:02 <cpaelzer> but again, this request is only for an agent that makes enabling pro possible in smoother ways

 16:02 <sarnold> sure

 16:03 <cpaelzer> it is not "let us create Ubuntu for WSL, what should we do"

 16:03 <sarnold> I'm asking the larger question

 16:03 <cpaelzer> those are questions to be asked, but not as part of this MIR

 16:03 <sarnold> cpaelzer: just promise me that someone is asking these questions of the right people

 16:04 <cpaelzer> sarnold: you send me a mail summarize with what you want to be asked and I make it happen

 16:04 <sarnold> cpaelzer: awesome, thanks :)

 16:04 <cpaelzer> I have quite some ties to many people, probably all that need to hear that

 16:04 <cpaelzer> ok

 16:04 <cpaelzer> thank you all, I need to close

 16:04 <cpaelzer> I'm too late already ...

 16:04 <sarnold> thanks cpaelzer, all :)

 16:04 <cpaelzer> thanks++

 16:04 <eslerm> thanks everyone o/

 16:04 <cpaelzer> #endmeeting



Generated by MeetBot 0.4.0 (https://wiki.ubuntu.com/meetingology)