#ubuntu-meeting log

14:33 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
14:33 <meetingology> Meeting started at 14:33:29 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
14:33 <meetingology> Available commands: action, commands, idea, info, link, nick
14:34 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )
14:34 <cpaelzer> #topic current component mismatches
14:34 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
14:34 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
14:34 <cpaelzer> welcome to a new cycle, all the sprinting and stuff made me be late
14:34 <cpaelzer> I hope you handled all that is caused by syncs last week :-P
14:35 <cpaelzer> ok
14:35 <cpaelzer> no MIR bugs, so we need to bring them up
14:35 <cpaelzer> first: abseil -> googletest
14:35 <cpaelzer> abseil = desktop
14:35 <slyon> It's a recommends, sho should probably be dropped to suggests..
14:35 <cpaelzer> jbicha: didrocks: ^^ would you have a look there?
14:36 <cpaelzer> https://launchpad.net/ubuntu/+source/abseil/20230802.1-4
14:36 <cpaelzer> the diff only speaks about build depends
14:36 <cpaelzer> and it is probably a test dependency
14:36 <cpaelzer> next
14:37 <cpaelzer> python-pint -> requirejs and pydata-sphinx-theme
14:37 <cpaelzer> reads like documentation
14:37 <cpaelzer> jamespage:  that is openstack
14:37 <cpaelzer> jamespage: could one of you have a look?
14:37 <cpaelzer> https://launchpad.net/ubuntu/+source/python-pint/0.23-1
14:38 <cpaelzer> yep
14:38 <cpaelzer> it is the doc package
14:38 <cpaelzer> https://launchpad.net/ubuntu/lunar/amd64/python-pint-doc/0.19.2-1
14:38 <cpaelzer> vs
14:38 <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python-pint-doc/0.23-1
14:39 <cpaelzer> just an exclude rule would be enough
14:39 <cpaelzer> there is no strict reason for the doc package to be in main
14:39 <cpaelzer> next
14:39 <cpaelzer> python-inflect ->python-typeguard
14:39 <cpaelzer> jamespage: also openstack
14:40 <cpaelzer> but here it is a new real dependency
14:40 <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python3-inflect/7.2.1-1
14:40 <cpaelzer> last but not least
14:40 <cpaelzer> python-arrow -> typeshed
14:40 <cpaelzer> and another one for openstack jamespage
14:40 <cpaelzer> I feel you just synced them all :-)
14:41 <cpaelzer> changed from https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.2.3-1 to https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.3.0-1
14:41 <cpaelzer> python3-typing-extensions -> python3-typeshed
14:41 <cpaelzer> ok, component mismatches done
14:42 <cpaelzer> jamespage:  will wake up to a lot of pings ... :-/
14:42 <cpaelzer> #topic New MIRs
14:42 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
14:42 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
14:42 <cpaelzer> two for us
14:42 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456
14:42 <cpaelzer> had a MIR and security review in the past
14:43 <cpaelzer> but the package changed a lot since
14:43 <cpaelzer> so the ask is for a re-review
14:43 <cpaelzer> I can take one
14:43 <cpaelzer> next
14:43 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2067373
14:43 <slyon> I can take one for next week, too
14:44 <cpaelzer> thanks , assigned
14:44 <cpaelzer> #topic Incomplete bugs / questions
14:44 <cpaelzer> Mission: Identify required actions and spread the load among the teams
14:44 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
14:44 <cpaelzer> sysprof is still with jbicha for now
14:44 <cpaelzer> the others are pre sprint AFAICS
14:45 <cpaelzer> #topic Process/Documentation improvements
14:45 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
14:45 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
14:45 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
14:45 <cpaelzer> some older ones that are stuck
14:45 <cpaelzer> we might mark them as that .. hmm
14:46 <cpaelzer> we need wording for https://github.com/canonical/ubuntu-mir/issues/51
14:46 <cpaelzer> eslerm: do you think you could provide a PR that wraps the consensus mentioned by slyon into words
14:46 <eslerm> I can
14:46 <cpaelzer> thanks in advance
14:47 <cpaelzer> https://github.com/canonical/ubuntu-mir/issues/55
14:47 <cpaelzer> has tackled the obvious things
14:47 <cpaelzer> the rest is "looking for volunteers" to tackle more
14:47 <cpaelzer> speak up if anyone wants to ... :-)
14:48 <eslerm> possibly, we could add that an owning teams director needs to request late MIRs
14:48 <eslerm> we had a last second libyuv request, which ended up not beeing needed after ack'd
14:49 <sarnold> there's a few cases to care for -- one with the "the team didn't plan" and then the "oh upstream or debian has walked away from package foo because they're switching to package bar"
14:49 <sarnold> i think our "you get to talk to the director of security engineering" is a decent speedbump to discourage the first one, but I wish we could come up with some clever ideas to spot the overlooked packages
14:50 <cpaelzer> I'm happy with adding "bring high level for late requests"
14:50 <cpaelzer> bring wording in a PR for that for discussion please
14:50 <cpaelzer> for the other case let us brainstorm for 3 minutes ...
14:51 <cpaelzer> It plays into the "re-evaluate things in main" TBH
14:51 <cpaelzer> which we asked for but got denied for resourcing
14:51 <eslerm> that's not what I mean with #22
14:51 <sarnold> storm idea one, look for new Replaces: or maybe dropped Depends: from other packages?
14:52 <eslerm> it is for cases where there is ack for the MIR, but then owning team goes idle for a long period of time (say 2 years)
14:52 <eslerm> I am okay dropping issue though
14:52 <sarnold> storm idea two, look for new packages with small levenstein distances from packages already in main
14:52 <cpaelzer> sarnold: I think we usually get signal by bugs, the cases I see crashing as where responsibility and ownership is unclear.
14:52 <cpaelzer> sarnold: which does not mean I'd not like a scanner that provides extra signal
14:53 <cpaelzer> eslerm: now I got you - like "what is the consequence if they make us busy and then walk away" ?
14:53 <cpaelzer> eslerm: I'm not sure, but things change - so that can not always be prevented IMHO.
14:54 <cpaelzer> eslerm: not sure if defining negative consequences would help, or did you have something completely different in mind?
14:54 <eslerm> mostly, this occured and then a package was added to main, and I believe it should have had a quick re-review first
14:54 <eslerm> it's not about negative consequences for us doing the work, just that more work is needed if a review has gone "stale"
14:55 <slyon> so adding something like a timeout on an ACK?
14:55 <eslerm> yes, I proposed 2 years
14:56 <slyon> sounds reasonable to me.
14:56 <cpaelzer> I'm +1 on timeout on an Ack
14:56 <slyon> cpaelzer: that would be like our re-review idea, but only for things that didn't make it into "main" yet.
14:57 <cpaelzer> While we do not get a re-review, if it didn't make it into main it is fine to time out
14:57 <cpaelzer> slyon: exactly
14:57 <cpaelzer> anyone willing to provide a wording PR for that?
14:57 <eslerm> I can propose a PR
14:57 <cpaelzer> thank you
14:57 <cpaelzer> uh, time flies
14:57 <cpaelzer> let us go on ...
14:57 <cpaelzer> #topic MIR related Security Review Queue
14:57 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
14:57 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
14:57 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
14:57 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
14:57 <cpaelzer> Internal link
14:57 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
14:57 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
14:57 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
14:58 <eslerm> I am stepping down from helping manage MIRs for Security
14:58 <eslerm> my focus has changed to help coordinate CVEs
14:58 <eslerm> I've really enjoyed working on MIRs with all of you 🙏
14:58 <cpaelzer> we have the back to the future simplestreams reviews
14:58 <eslerm> (I'll of course followup on GH PRs)
14:58 <cpaelzer> oh no, we have upset eslerm with our back and forth
14:58 <cpaelzer> eslerm: please know that you will always be welcome to contribute and discuss
14:58 <slyon> :( Thanks a lot for your awesome work as part of the MIR process!
14:59 <cpaelzer> sarnold: does that mean it is back to just you, or will you train another security-buddy?
14:59 <cpaelzer> eslerm: and thanks for your many great contributions
14:59 <sarnold> cpaelzer: that hasn't been discussed yet, I'm hoping for another buddy, but it will be a real challenge to step into eslerm's shoes
14:59 <cpaelzer> fair
14:59 <cpaelzer> ok, the queue looks good
14:59 <cpaelzer> #topic Any other business?
14:59 <cpaelzer> see above :-)
14:59 <cpaelzer> nothing else from me
15:00 <slyon> I fixed python-pint quickly https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=f9ce523d40c3ec774fc67eac1c0db5e85fc9f186 (cc jamespage)
15:00 <sarnold> nothing from me
15:00 <eslerm> I've really enjoyed these meetings :,)
15:00 <slyon> nothing else :)
15:00 <cpaelzer> eslerm: you will still do reviews, juts not corodinate - right?
15:00 <sarnold> slyon: nice :)
15:00 <eslerm> I will do some reviews, but possibly not many this cycle
15:00 <cpaelzer> slyon: still needs a demotion I guess
15:00 <cpaelzer> ok, thanks eslerm
15:00 <cpaelzer> sorry for the rush, but I need to jump
15:01 <sarnold> happy hopping :)
15:01 <cpaelzer> see you next week
15:01 <cpaelzer> #endmeeting