== Meeting information == * #ubuntu-meeting: Weekly Main Inclusion Requests status meeting, started by cpaelzer, 09 Jul at 14:31 — 14:48 UTC. * Full logs at https://ubottu.com/meetingology/logs/ubuntu-meeting/2024/ubuntu-meeting.2024-07-09-14.31.log.html == Meeting summary == === current component mismatches === Discussion started by cpaelzer at 14:31. * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg (cpaelzer, 14:31) * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches.svg (cpaelzer, 14:31) * ''LINK:'' https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=b278dfbe5072555b101b23f64100b88619109d4f (slyon, 14:33) * ''LINK:'' https://launchpad.net/ubuntu/+source/curl/8.8.0-3ubuntu3 (slyon, 14:34) === New MIRs === Discussion started by cpaelzer at 14:34. * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir (cpaelzer, 14:35) === Incomplete bugs / questions === Discussion started by cpaelzer at 14:35. * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir (cpaelzer, 14:35) === Process/Documentation improvements === Discussion started by cpaelzer at 14:40. * ''LINK:'' https://github.com/canonical/ubuntu-mir/pulls (cpaelzer, 14:40) * ''LINK:'' https://github.com/canonical/ubuntu-mir/issues (cpaelzer, 14:40) === MIR related Security Review Queue === Discussion started by cpaelzer at 14:41. * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir (cpaelzer, 14:41) * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir (cpaelzer, 14:41) * ''LINK:'' https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 (cpaelzer, 14:41) === Any other business? === Discussion started by cpaelzer at 14:43. * ''LINK:'' https://oeis.org/A000332 (cpaelzer, 14:48) == People present (lines said) == * cpaelzer (85) * slyon (18) * sarnold (15) * didrocks (10) * meetingology (2) * jbicha (2) == Full log == 14:31 #startmeeting Weekly Main Inclusion Requests status 14:31 Meeting started at 14:31:20 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 14:31 Available commands: action, commands, idea, info, link, nick 14:31 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 14:31 #topic current component mismatches 14:31 Mission: Identify required actions and spread the load among the teams 14:31 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 14:31 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 14:31 3 new sets 14:31 and a bunch of known ones 14:32 o/ 14:32 usidks2 -> exfatprogs 14:32 Desktop needs to think about what they want 14:32 jbicha: are you around and could make that happen? 14:32 rustc-1.76 -> fonts-open-sand/highlight.js 14:32 you might say it is foundations 14:32 but this smells 14:33 like a -doc package 14:33 that was forgotten to be added to auto-exclude 14:33 https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=b278dfbe5072555b101b23f64100b88619109d4f 14:33 not the first time from rustc IIRC, and yes, that was the -doc package 14:33 hehe :-) like this 14:33 we might need to demote rust-1.76-doc, though 14:33 not sure if the seed change is enough 14:33 IIRC if nothing holds it it would be auto-demoted 14:33 ok. let's wait and see 14:34 otherwise let me know 14:34 ack 14:34 next is curl -> nghttp3 / ngtcp2 14:34 https://launchpad.net/ubuntu/+source/curl/8.8.0-3ubuntu3 14:34 we are dropping this. 14:34 wow - did we reach http3, I'm so outdated 14:34 ok, already resolved 14:34 thanks 14:34 I discussed it with foundations this morning. We might re-enable http3 at some point in the future (once it lands in OpenSSL) 14:34 going on 14:34 #topic New MIRs 14:35 Mission: ensure to assign all incoming reviews for fast processing 14:35 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 14:35 empty 14:35 \o/ 14:35 weird at this point of the cycle 14:35 I’m fearing August now :) 14:35 so weird 14:35 Some reviews of last week have been handed out last week 14:35 some concluded, some still ongogin AFAICS 14:35 so it isn't that there is nothing going on 14:35 #topic Incomplete bugs / questions 14:35 Mission: Identify required actions and spread the load among the teams 14:35 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 14:35 jbicha: FYI bug #2071396 is looking mostly good, but we'd want to have the most recent version v0.2.0 14:36 thanks jbicha, waiting for you to call it ready 14:36 sarnold: I wasn't sure if we need security review on this ^ 14:36 also https://bugs.launchpad.net/ubuntu/+source/highway/+bug/2070807 is known but not yet ready 14:36 see comment #0 14:37 sarnold: it parses media files, that needs security 14:37 I decieded we don't need security update, as they are mostly parsing EDID data from trusted sources (kernel) 14:37 oh is that all they do ... 14:37 reading more ... 14:37 slyon: yeah, I'm also not sure .. I think I'd expect the kernel to just hand over raw blobs without inspection.. but if they've already got fuzzing in place, that's very impressive, and our capacity issues this cycle suggests that we ought to try to steer things away from us where it makes sense 14:37 yeah mostly sysfs data 14:38 yeah, I would say from the comment as it’s only sysfs info, it shouldn’t need? 14:38 and yeah fuzzing <3 14:38 oh you are on libdisplay-info still 14:38 yeah, sorry cpaelzer :) 14:38 yeah, I type so slow, heh 14:38 I was on the src:highway already 14:38 Right, they have fuzzing in place for their parser. Seems solid overall. 14:39 I think we can stay with no security review 14:39 that’s why you are managing people, ahead of us :p 14:39 that src:highway I expect needing a security review once it is ready in general 14:39 :D 14:39 yes, highway feels like it needs security review, jpegs are reachable via more than "plug in a device" :) 14:39 although, it is just "Efficient and performance-portable SIMD wrapper " 14:39 so it does not know it deals with image files 14:40 heh 14:40 up to you to decide once it is ready 14:40 but still, uncontrolled source usually means better have a look to be safe 14:40 going on here ... 14:40 #topic Process/Documentation improvements 14:40 Mission: Review pending process/documentation pull-requests or issues 14:40 #link https://github.com/canonical/ubuntu-mir/pulls 14:40 #link https://github.com/canonical/ubuntu-mir/issues 14:40 cleaned of all but the long waiting cases 14:40 and those got an update why they are stuck 14:41 #topic MIR related Security Review Queue 14:41 Mission: Check on progress, do deadlines seem doable? 14:41 Some clients can only work with one, some with the other escaping - the URLs point to the same place. 14:41 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:41 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 14:41 Internal link 14:41 - ensure your teams items are prioritized among each other as you'd expect 14:41 - ensure community requests do not get stomped by teams calling for favors too much 14:41 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 14:41 "restart to keep using firefox" sheesh 14:42 alas, no progress in the last week, and given my interview schedule this week, unlikely any progress this week, either :( 14:42 our director is keenly aware of our capacity problems 14:43 hiring and onboarding new people takes immense time .. so .. this might be a repeating story for a while. 14:43 "our director is keenly aware of our capacity problems" is what we wanted to hear 14:43 thanks 14:43 #topic Any other business? 14:44 his advice was to get in the most important pieces early 14:44 nothing for me 14:44 nothing here 14:44 nothing here 14:44 I know there will be a big MIR not yet in the queue soon 14:44 . 14:44 to satisfy sarnold missing more activity 14:45 lucky him :) 14:45 oh boy oh boy! just like old times :) 14:45 except for highway needing an autopkgtest, I consider it ready for review. Sorry I didn't get to that last week 14:45 about a package new to the archive and aiming to go to main in all releases soon 14:45 something hwlib from the cert team, but it was not yet ready for review today 14:45 but FYI for now 14:46 new toys! 14:46 yep 14:46 ok, all looks good 14:47 and jbicha, no need to excuse. You know it is needed and you prep it right away - that is good and nothing to excuse :-) 14:47 ok, with that I think we can close for today 14:47 thanks cpaelzer, all! 14:47 thanks cpaelzer, all :) 14:47 thanks you all! 14:48 https://oeis.org/A000332 14:48 35 14:48 15 14:48 5 14:48 1 14:48 0 14:48 0 14:48 0 14:48 0 14:48 #endmeeting Generated by MeetBot 0.4.0 (https://wiki.ubuntu.com/meetingology)