15:35 <sarnold> #startmeeting Weekly Main Inclusion Requests status 15:35 <meetingology> Meeting started at 15:35:12 UTC. The chair is sarnold. Information about MeetBot at https://wiki.ubuntu.com/meetingology 15:35 <meetingology> Available commands: action, commands, idea, info, link, nick 15:35 <sarnold> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) 15:35 <sarnold> #topic current component mismatches 15:35 <sarnold> Mission: Identify required actions and spread the load among the teams 15:35 <sarnold> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 15:35 <sarnold> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:35 <sarnold> wow so much qt6 15:36 <slyon> I pushed some seed changes to hopefully get rid of the qt5 & qt6 trees earlier today. 15:36 <sarnold> woot 15:36 <slyon> Also I cleaned up the sbuild->mmdebstrap and investigated libgit2 (more about this in AOB) 15:36 <jbicha> there was a request for an archive admin to demote new gpgme binaries for qt6 15:36 <sarnold> tmux to jemalloc, server team .. 15:36 <slyon> jbicha: do you have a reference? 15:37 <slyon> I added extra includes for the new libqgpgme* packages 15:37 <sarnold> i'm always skeptical of packages that "need" a fancy malloc, I hope this can be cleaned up. (nothing against jemalloc..) 15:37 <slyon> *extra-excludes 15:37 <jbicha> slyon: https://irclogs.ubuntu.com/2024/11/03/%23ubuntu-release.html#t18:38 15:37 <slyon> thx 15:37 <slyon> cpaelzer: should investigate/delegate tmux 15:38 <sarnold> libgit2 -> node-undici looks to be foundations, too? perhaps the http parser gizmo has a new requirement? I had the impression that there might be a good replacement for the http gizmo they were using, so there might be a very nice outcome there.. 15:39 <sarnold> python-osprofiler -> python-jaeger-client looks like openstack, is that one for jamespage to either file MIRs (my guess) or remove the dep? 15:39 <slyon> sarnold: Yes, I updated the attached MIR bug report. lining out 3 options, and would like to get some security team insights about the different approaches 15:39 <sarnold> slyon: oh sweet :) 15:39 <sarnold> plucky kernel seed feels like an aa thing to handle, another one for cpaelzer in a free moment? 15:40 <sarnold> python-pint -> flexcache and flexparser, feels like another jamespage thing to drive 15:40 <slyon> ack, or maybe the kernel team themselves? Not sure who handles those usually, but they tend to go away after a while :) 15:40 <sarnold> slyon: lol yes :) 15:40 <sarnold> logcheck->esmtp feels like it'd be nice to take off the graph this cycle, through whatever means :) 15:41 <jamespage> sarnold: probably - I'll take a look this week 15:41 <sarnold> jamespage: thanks :) 15:42 <sarnold> so .. that leaves the various unapproved MIRs .. we should probably try to figure out where each one of those is at, and see if they need assignment, or a poke, etc 15:42 <sarnold> https://bugs.launchpad.net/ubuntu/+source/jpeg-xl/+bug/2070882 and https://bugs.launchpad.net/ubuntu/+source/highway/+bug/2070807 -- looks like these are back to jbicha for the moment 15:42 <slyon> ACK, we probably want the original MIR reviewer to validate/update the case 15:43 <sarnold> https://bugs.launchpad.net/ubuntu/+source/libgit2/+bug/2080872 is looking for advice, so please everyone give this a look and advise :) https://bugs.launchpad.net/ubuntu/+source/libgit2/+bug/2080872 15:43 <jbicha> I believe jpeg-xl & highway are ready. architecture-properties also 15:43 <sarnold> https://bugs.launchpad.net/ubuntu/+source/architecture-properties/+bug/2080965 15:44 <slyon> joalif: can you double-check jpeg-xl 15:44 <slyon> ? 15:44 <sarnold> jbicha: could you add comments to the bugs with the current states? I thought jpeg-xl might still be waiting on security review? (but I haven't really looked in N weeks) 15:44 <slyon> I will double-check highway 15:44 <slyon> and I will double-check architecture properties 15:45 <sarnold> architecture-properties confuses me, there's a bunch of i386 discussion there, but I thought this package was mostly about indicating 64 bit in general, or which flavor of amd64 instruction sets it supports? 15:46 <sarnold> well, I might as well put that in the bug, I may not be the only one curious :) 15:47 <slyon> sarnold: I think it also provides some "is-32bit" / "is-64bit" (or alike) conditions 15:47 <slyon> so would be good to have on i386 15:47 <jbicha> slyon: oops, jpeg-xl is blocked for security review, which means highway doesn't need to be promoted yet 15:48 <slyon> ok. Let's assign it to ubuntu-security then 15:48 <sarnold> cool cool 15:48 <sarnold> https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:48 <sarnold> all covered 15:48 <slyon> ack 15:48 <sarnold> maybe we ought to swap the order of these links? heh 15:49 <sarnold> #topic New MIRs 15:49 <sarnold> Mission: ensure to assign all incoming reviews for fast processing 15:49 <sarnold> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 15:49 <sarnold> looks like all four covered already 15:49 <sarnold> #topic Incomplete bugs / questions 15:49 <sarnold> Mission: Identify required actions and spread the load among the teams 15:49 <sarnold> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 15:49 <slyon> I created tracking bug #2087937 15:50 <slyon> nothing actionable for us. I downgraded the Recommends in sbuild 15:51 <sarnold> is ther any appetite for considering a switch to mmdebstrap? I understand it's way faster than debootstrap, and if this unshare mode is nice it might also be an improvement over chroots? 15:51 <slyon> I remember some recent discussion in Foundations about using it in ubuntu-image, which was rejected 15:51 <slyon> (I can dig up the details, if needed) 15:52 <sarnold> it might be nice, I'm probably not the only one curious :) 15:52 <slyon> I'll add a link to the LP bug 15:52 <joalif> @slyon @jbicha wrt to jpeg-xl it needs a sec review plus highway to promoted 15:53 <sarnold> https://bugs.launchpad.net/ubuntu/+source/lenovo-wwan-unlock/+bug/2058192 is coming along nicely, it looks like they made some changes https://github.com/lenovo/lenovo-wwan-unlock/commit/255ec187a428a99710d0e44b165ee95436952830 so that's probably on me to review 15:54 <sarnold> https://bugs.launchpad.net/ubuntu/+source/linuxptp/+bug/2071717 looks like it's "back to ther reporter to handle this"? probably we can skip looking at the rest of this list 15:54 <slyon> nothing new in here ^ needs more work by the OEM team 15:54 <sarnold> #topic Process/Documentation improvements 15:54 <sarnold> Mission: Review pending process/documentation pull-requests or issues 15:54 <sarnold> #link https://github.com/canonical/ubuntu-mir/pulls 15:54 <sarnold> #link https://github.com/canonical/ubuntu-mir/issues 15:55 <sarnold> I seriously wish for a date from github on most recent change to a thing; anyway it feels like these are fine 15:55 <sarnold> #topic MIR related Security Review Queue 15:55 <sarnold> Mission: Check on progress, do deadlines seem doable? 15:55 <sarnold> Some clients can only work with one, some with the other escaping - the URLs point to the same place. 15:55 <sarnold> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:55 <sarnold> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:55 <sarnold> Internal link 15:55 <sarnold> - ensure your teams items are prioritized among each other as you'd expect 15:55 <sarnold> - ensure community requests do not get stomped by teams calling for favors too much 15:55 <sarnold> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 15:55 <sarnold> hmm importance sort is probably not the best (it never is) 15:57 <sarnold> well, here's hoping that this cycle is more effective than last cycle.. it's sad seeing last cycle's stuff on here :( 15:58 <sarnold> I'm concerned about fdk-aac-free -- that code felt pretty abandoned :( 15:58 <sarnold> otherwise i'll try to get some traction on these 15:59 <sarnold> please do make sure the items in the jira are prioritised appropriately -- we can't always handle them in priority order, since we also try to match who is available with what is available with the time available, etc.. 15:59 <sarnold> but it certainly helps 15:59 <sarnold> so.. 15:59 <sarnold> #topic Any other business? 15:59 <slyon> sarnold: I'd like you input on option A/B/C in https://bugs.launchpad.net/ubuntu/+source/node-undici/+bug/2080872/comments/2 – doesn't need to be ad-hoc, but maybe as a comment on LP 16:00 <sarnold> slyon: ack, thanks for the reminder :) 16:00 <slyon> basically, we have no proper libllhttp package, so should consider how to vendor it 16:00 <sarnold> oh dang, I was hoping it was "replace it with something less weird" :) 16:01 <slyon> well... its typescript being transpiled to C and then vendored as a shared object... tell me about weird :) 16:01 <sarnold> *shudder* 16:02 <sarnold> if that's it... 16:02 <sarnold> #endmeeting