14:33 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status 14:33 <meetingology> Meeting started at 14:33:29 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 14:33 <meetingology> Available commands: action, commands, idea, info, link, nick 14:34 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 14:34 <cpaelzer> #topic current component mismatches 14:34 <cpaelzer> Mission: Identify required actions and spread the load among the teams 14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 14:34 <cpaelzer> welcome to a new cycle, all the sprinting and stuff made me be late 14:34 <cpaelzer> I hope you handled all that is caused by syncs last week :-P 14:35 <cpaelzer> ok 14:35 <cpaelzer> no MIR bugs, so we need to bring them up 14:35 <cpaelzer> first: abseil -> googletest 14:35 <cpaelzer> abseil = desktop 14:35 <slyon> It's a recommends, sho should probably be dropped to suggests.. 14:35 <cpaelzer> jbicha: didrocks: ^^ would you have a look there? 14:36 <cpaelzer> https://launchpad.net/ubuntu/+source/abseil/20230802.1-4 14:36 <cpaelzer> the diff only speaks about build depends 14:36 <cpaelzer> and it is probably a test dependency 14:36 <cpaelzer> next 14:37 <cpaelzer> python-pint -> requirejs and pydata-sphinx-theme 14:37 <cpaelzer> reads like documentation 14:37 <cpaelzer> jamespage: that is openstack 14:37 <cpaelzer> jamespage: could one of you have a look? 14:37 <cpaelzer> https://launchpad.net/ubuntu/+source/python-pint/0.23-1 14:38 <cpaelzer> yep 14:38 <cpaelzer> it is the doc package 14:38 <cpaelzer> https://launchpad.net/ubuntu/lunar/amd64/python-pint-doc/0.19.2-1 14:38 <cpaelzer> vs 14:38 <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python-pint-doc/0.23-1 14:39 <cpaelzer> just an exclude rule would be enough 14:39 <cpaelzer> there is no strict reason for the doc package to be in main 14:39 <cpaelzer> next 14:39 <cpaelzer> python-inflect ->python-typeguard 14:39 <cpaelzer> jamespage: also openstack 14:40 <cpaelzer> but here it is a new real dependency 14:40 <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python3-inflect/7.2.1-1 14:40 <cpaelzer> last but not least 14:40 <cpaelzer> python-arrow -> typeshed 14:40 <cpaelzer> and another one for openstack jamespage 14:40 <cpaelzer> I feel you just synced them all :-) 14:41 <cpaelzer> changed from https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.2.3-1 to https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.3.0-1 14:41 <cpaelzer> python3-typing-extensions -> python3-typeshed 14:41 <cpaelzer> ok, component mismatches done 14:42 <cpaelzer> jamespage: will wake up to a lot of pings ... :-/ 14:42 <cpaelzer> #topic New MIRs 14:42 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing 14:42 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 14:42 <cpaelzer> two for us 14:42 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456 14:42 <cpaelzer> had a MIR and security review in the past 14:43 <cpaelzer> but the package changed a lot since 14:43 <cpaelzer> so the ask is for a re-review 14:43 <cpaelzer> I can take one 14:43 <cpaelzer> next 14:43 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2067373 14:43 <slyon> I can take one for next week, too 14:44 <cpaelzer> thanks , assigned 14:44 <cpaelzer> #topic Incomplete bugs / questions 14:44 <cpaelzer> Mission: Identify required actions and spread the load among the teams 14:44 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 14:44 <cpaelzer> sysprof is still with jbicha for now 14:44 <cpaelzer> the others are pre sprint AFAICS 14:45 <cpaelzer> #topic Process/Documentation improvements 14:45 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues 14:45 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls 14:45 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues 14:45 <cpaelzer> some older ones that are stuck 14:45 <cpaelzer> we might mark them as that .. hmm 14:46 <cpaelzer> we need wording for https://github.com/canonical/ubuntu-mir/issues/51 14:46 <cpaelzer> eslerm: do you think you could provide a PR that wraps the consensus mentioned by slyon into words 14:46 <eslerm> I can 14:46 <cpaelzer> thanks in advance 14:47 <cpaelzer> https://github.com/canonical/ubuntu-mir/issues/55 14:47 <cpaelzer> has tackled the obvious things 14:47 <cpaelzer> the rest is "looking for volunteers" to tackle more 14:47 <cpaelzer> speak up if anyone wants to ... :-) 14:48 <eslerm> possibly, we could add that an owning teams director needs to request late MIRs 14:48 <eslerm> we had a last second libyuv request, which ended up not beeing needed after ack'd 14:49 <sarnold> there's a few cases to care for -- one with the "the team didn't plan" and then the "oh upstream or debian has walked away from package foo because they're switching to package bar" 14:49 <sarnold> i think our "you get to talk to the director of security engineering" is a decent speedbump to discourage the first one, but I wish we could come up with some clever ideas to spot the overlooked packages 14:50 <cpaelzer> I'm happy with adding "bring high level for late requests" 14:50 <cpaelzer> bring wording in a PR for that for discussion please 14:50 <cpaelzer> for the other case let us brainstorm for 3 minutes ... 14:51 <cpaelzer> It plays into the "re-evaluate things in main" TBH 14:51 <cpaelzer> which we asked for but got denied for resourcing 14:51 <eslerm> that's not what I mean with #22 14:51 <sarnold> storm idea one, look for new Replaces: or maybe dropped Depends: from other packages? 14:52 <eslerm> it is for cases where there is ack for the MIR, but then owning team goes idle for a long period of time (say 2 years) 14:52 <eslerm> I am okay dropping issue though 14:52 <sarnold> storm idea two, look for new packages with small levenstein distances from packages already in main 14:52 <cpaelzer> sarnold: I think we usually get signal by bugs, the cases I see crashing as where responsibility and ownership is unclear. 14:52 <cpaelzer> sarnold: which does not mean I'd not like a scanner that provides extra signal 14:53 <cpaelzer> eslerm: now I got you - like "what is the consequence if they make us busy and then walk away" ? 14:53 <cpaelzer> eslerm: I'm not sure, but things change - so that can not always be prevented IMHO. 14:54 <cpaelzer> eslerm: not sure if defining negative consequences would help, or did you have something completely different in mind? 14:54 <eslerm> mostly, this occured and then a package was added to main, and I believe it should have had a quick re-review first 14:54 <eslerm> it's not about negative consequences for us doing the work, just that more work is needed if a review has gone "stale" 14:55 <slyon> so adding something like a timeout on an ACK? 14:55 <eslerm> yes, I proposed 2 years 14:56 <slyon> sounds reasonable to me. 14:56 <cpaelzer> I'm +1 on timeout on an Ack 14:56 <slyon> cpaelzer: that would be like our re-review idea, but only for things that didn't make it into "main" yet. 14:57 <cpaelzer> While we do not get a re-review, if it didn't make it into main it is fine to time out 14:57 <cpaelzer> slyon: exactly 14:57 <cpaelzer> anyone willing to provide a wording PR for that? 14:57 <eslerm> I can propose a PR 14:57 <cpaelzer> thank you 14:57 <cpaelzer> uh, time flies 14:57 <cpaelzer> let us go on ... 14:57 <cpaelzer> #topic MIR related Security Review Queue 14:57 <cpaelzer> Mission: Check on progress, do deadlines seem doable? 14:57 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place. 14:57 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:57 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:57 <cpaelzer> Internal link 14:57 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect 14:57 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much 14:57 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 14:58 <eslerm> I am stepping down from helping manage MIRs for Security 14:58 <eslerm> my focus has changed to help coordinate CVEs 14:58 <eslerm> I've really enjoyed working on MIRs with all of you 🙏 14:58 <cpaelzer> we have the back to the future simplestreams reviews 14:58 <eslerm> (I'll of course followup on GH PRs) 14:58 <cpaelzer> oh no, we have upset eslerm with our back and forth 14:58 <cpaelzer> eslerm: please know that you will always be welcome to contribute and discuss 14:58 <slyon> :( Thanks a lot for your awesome work as part of the MIR process! 14:59 <cpaelzer> sarnold: does that mean it is back to just you, or will you train another security-buddy? 14:59 <cpaelzer> eslerm: and thanks for your many great contributions 14:59 <sarnold> cpaelzer: that hasn't been discussed yet, I'm hoping for another buddy, but it will be a real challenge to step into eslerm's shoes 14:59 <cpaelzer> fair 14:59 <cpaelzer> ok, the queue looks good 14:59 <cpaelzer> #topic Any other business? 14:59 <cpaelzer> see above :-) 14:59 <cpaelzer> nothing else from me 15:00 <slyon> I fixed python-pint quickly https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=f9ce523d40c3ec774fc67eac1c0db5e85fc9f186 (cc jamespage) 15:00 <sarnold> nothing from me 15:00 <eslerm> I've really enjoyed these meetings :,) 15:00 <slyon> nothing else :) 15:00 <cpaelzer> eslerm: you will still do reviews, juts not corodinate - right? 15:00 <sarnold> slyon: nice :) 15:00 <eslerm> I will do some reviews, but possibly not many this cycle 15:00 <cpaelzer> slyon: still needs a demotion I guess 15:00 <cpaelzer> ok, thanks eslerm 15:00 <cpaelzer> sorry for the rush, but I need to jump 15:01 <sarnold> happy hopping :) 15:01 <cpaelzer> see you next week 15:01 <cpaelzer> #endmeeting