#ubuntu-meeting log

15:30 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
15:30 <meetingology> Meeting started at 15:30:39 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
15:30 <meetingology> Available commands: action, commands, idea, info, link, nick
15:30 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe )
15:30 <jbicha> o/
15:30 <cpaelzer> #topic current component mismatches
15:30 <slyon> o/
15:30 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
15:30 <joalif> o/
15:31 <cpaelzer> given the number of MIR cases in my inbox I assume a lot today ...
15:31 <slyon> flexparser (from python-pint) are ready for promotion as of today (needs AA)
15:31 <cpaelzer> thanks slyon, let me open and enqueue them
15:32 <cpaelzer> flexcache as well?
15:32 <slyon> that would be https://launchpad.net/bugs/2089037 and https://launchpad.net/bugs/2089036
15:32 <slyon> yes
15:32 <slyon> flexcache has been ready for a while IIRC
15:32 <cpaelzer> I see, and it was me saying so :-)
15:32 <cpaelzer> the rest is known/old and being worked on
15:32 <cpaelzer> except
15:33 <cpaelzer> xdg-desktop-portal -> fonts-inter
15:33 <jbicha> how do you want that handled? it's only a dev package with the font dependency
15:33 <slyon> It's a recommends, so should probably be dropped or use an Extra-Exclude
15:33 <slyon> jbicha: can you Extra-Exclude the -dev package?
15:34 <jbicha> yes
15:34 <cpaelzer> great
15:34 <slyon> thx!
15:34 <cpaelzer> I've asked renan to summarize me the ruby-* path as he is looking into these
15:34 <cpaelzer> hopefully I can tell you next week the steps there
15:34 <cpaelzer> #topic New MIRs
15:34 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
15:34 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
15:35 <cpaelzer> three to review
15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/rust-gst-plugin-gtk4/+bug/2097804
15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libva/+bug/2097800
15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/2095582
15:35 <cpaelzer> starting with libsass - some css magic I guess
15:35 <slyon> I can take one
15:35 <joalif> i'm working on python-libsass
15:35 <cpaelzer> right joalif
15:35 <joalif> I could take libsass
15:35 <jbicha> I still need to vendor the rust package in the next few days but I thought I ought to at least get it in the queue
15:36 <cpaelzer> oh I see, because it is the same overall topic
15:36 <cpaelzer> thanks joalif
15:36 <joalif> yup
15:36 <cpaelzer> slyon: ugly rust or ugly video codecs - what do you prefer?
15:37 <slyon> heh, whatever. Let me take rust-gst-plugin-gtk4
15:37 <slyon> (and ACK jbicha, I'll start looking into it early next week to give some headroom)
15:37 <cpaelzer> ok and the libva story for me
15:37 <jbicha> thank you
15:37 <cpaelzer> I know that years ago I wanted it myself, so you have +1 karma credit for requesting it
15:38 <cpaelzer> #topic Incomplete bugs / questions
15:38 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:38 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
15:38 <cpaelzer> top three was updated right before the meeting
15:38 <cpaelzer> reading ...
15:39 <jbicha> papers is NEW but 25.10 material at this point and is also rusty and needs to be vendored
15:39 <slyon> raspi-utils and ubuntu-x1e-settings are only status updates. getting close but not yet ready
15:39 <cpaelzer> ok, so this isn't ready yet and will be NEW once it is
15:39 <cpaelzer> yes slyon^
15:39 <cpaelzer> glad they are on the way and going well so far
15:40 <cpaelzer> libcamera and nbd (also by the Rpi people) should be promotable soon, just waiting for them to show up in mismatches
15:40 <cpaelzer> #topic Process/Documentation improvements
15:40 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
15:40 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
15:40 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
15:41 <cpaelzer> all drafts/old
15:41 <cpaelzer> #topic MIR related Security Review Queue
15:41 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
15:41 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
15:41 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:42 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:42 <cpaelzer> Internal link
15:42 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
15:42 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
15:42 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
15:42 <cpaelzer> We have been waiting on a few and sarnold mentioned to have new people as in good=resourece and as in unexperienced
15:42 <cpaelzer> how is it going sarnold?
15:42 <sarnold> cpaelzer: it's going well :) I'm optimistic again :)
15:42 <cpaelzer> nice to hear that
15:43 <sarnold> cpaelzer: the feature-freeze crunch has me a little worried but we've got much of our queue assigned and folks are making progress
15:43 <cpaelzer> Given the reviews we assigned we should assume the usual "few more"
15:43 <sarnold> *nod*
15:43 <cpaelzer> but making progress is all we need
15:43 <cpaelzer> thanks
15:43 <cpaelzer> Keep it up and pass our thanks to your security cohort!
15:43 <sarnold> will do :) thanks
15:44 <cpaelzer> #topic Any other business?
15:44 <cpaelzer> I have one on our docs, anything else?
15:44 <sarnold> none here
15:44 <joalif> i have a couple of questions
15:44 <cpaelzer> joalif first please
15:44 <joalif> does css makes to the list of 'parse data formats linke xml, json etc' ?
15:44 <jbicha> .
15:45 <cpaelzer> the question is rarely "what data it is" like CSS in this case, but more is it controlled externally
15:45 <cpaelzer> this is for python-libsass I guess right
15:45 <joalif> which would then require a sec review
15:45 <joalif> yes more of libsass tbh
15:45 <cpaelzer> so if the usage model is controlled program calls API, libsass renders CSS - I'd say that is not external control
15:46 <cpaelzer> if you'd point it to a webpage and it would read the CSS from it, that would be parsing data with external control
15:46 <joalif> the python-libsass is merely a wrapper all the parser seems to be done by lisbass c++ lib
15:46 <cpaelzer> TODO: - does not parse data formats (files [images, video, audio,
15:46 <cpaelzer> TODO:   xml, json, asn.1], network packets, structures, ...) from
15:46 <cpaelzer> TODO:   an untrusted source.
15:47 <cpaelzer> this is the rule you go for, and the important bit is "from an untrusted source"
15:47 <joalif> iiuc it can parse data provided by user so I would consider it with external control
15:47 <cpaelzer> so look at the usage model and decide, my gut feeling says it might be fine
15:47 <slyon> I'd probably go with sec-review for libsass c++ lib (as it can presumably consume any input), not necessarily for the python-libsass "wrapper"
15:47 <joalif> I agree slyon
15:48 <cpaelzer> umm
15:48 <cpaelzer> you made me click on the projects
15:48 <cpaelzer> first paragraph
15:48 <cpaelzer> Warning: LibSass is deprecated. While it will continue to receive maintenance releases indefinitely, there are no plans to add additional features or compatibility with any new CSS or Sass features. Projects that still use it should move onto Dart Sass.
15:48 <joalif> and yes
15:48 <cpaelzer> who is requesting that and why, was that from openstack horizon?
15:48 <sarnold> ow
15:48 <joalif> that would be the second question
15:49 <joalif> upstream has decided so
15:49 <joalif> i assume they are aware
15:49 <slyon> we migh cycle that back to jamespage ^
15:49 <cpaelzer> jamespage: ^^ I think you have to make a call on this, this is more for the owning team to make an argument - not joalif as the MIR reviewer
15:50 <jamespage> sure - let me dig - this was a bit of a surprise change from the upstream project
15:50 <cpaelzer> thanks jamespage
15:50 <cpaelzer> the argument I look for is either "Oh we didn't see let us instead do ..." or "we really have to do ..., because convincing ...."
15:50 <jamespage> I know that this is more recently supported than the previous modules used for the same function
15:50 <cpaelzer> so it is discontinued, but not as long?
15:51 <jamespage> basically yes
15:51 <cpaelzer> please have a hug from me, but it isn't super convincing yet :-)
15:51 <sarnold> > Dart Sass is the primary implementation of Sass, which means it gets new features before any other implementation. It’s fast, easy to install, and it compiles to pure JavaScript
15:52 <sarnold> I'm liking libsass more and more all the time :)
15:52 <cpaelzer> well, I see something complex or a hard call that makes no one too happy coming
15:52 <sarnold> hah, yes
15:52 <cpaelzer> but let us leave that to jamespage to prepare the way to go for next tme
15:52 <cpaelzer> time
15:52 <cpaelzer> joalif: both questions covered?
15:52 <joalif> yup
15:52 <sarnold> jbicha :)
15:52 <joalif> thank you all!
15:53 <jbicha> 'automake' is now built by automake-1.17 so it needs to be promoted to main with bug subscriber & automake-1.16 removed
15:53 <cpaelzer> slyon: that sounds foundation'ish - since they have no new representative yet would you ping them?
15:53 <slyon> I can
15:53 <jbicha> thank you
15:54 <cpaelzer> ok, my topic is for now just probing your opinions
15:54 <cpaelzer> I'm trying to allocate time to modernize archive admin documentation next cycle, when prepping that a bit myself and Sally felt that we might want to move MIR process into the same as it is 98% archive management related topic
15:55 <cpaelzer> here is the question now ...
15:55 <cpaelzer> would you mind if I re-host the content of https://github.com/canonical/ubuntu-mir into a different project, likely with a more limited admin set?
15:55 <cpaelzer> we'd all be contributors, and AAs can merge the PRs (or similar)
15:56 <sarnold> AAs feel like a very limited resource
15:56 <cpaelzer> This isn't fully defined, but I wanted to hear if you'd appreciate being co-located with all the other archive management or if you'd object
15:56 <slyon> wfm, we've been going through the PR workflow for all the changes anyway (and have AA on the MIR team to help resolve our cases)
15:56 <cpaelzer> sarnold: so far i'm merging the PRs, being an AA
15:56 <sarnold> cpaelzer: hah, so it's no actual change then? :)
15:57 <cpaelzer> kind of
15:57 <jbicha> are you talking about switching to a readthedocs platform now too?
15:57 <joalif> i dont mind moving it anywhere as long as it's easy to find :p
15:57 <cpaelzer> yes, it would come (if it goes the way I think of it now) in a GH/RTD approach including the full diataxis split
15:58 <cpaelzer> our current page would become ~4 1. explanation 2. howto file 3. how to review 4. meeting
15:58 <cpaelzer> A lot is unclear still, but it is time to modernize the AA wiki page a lot
15:59 <cpaelzer> and then we felt it would be odd if just the MIR descriptions live elsewhere
15:59 <cpaelzer> as slyon said, we already do issues/PRs
15:59 <cpaelzer> so nothing on that would change
16:00 <sarnold> i'm not exactly opposed to it, but I don't love the diataxis "now you have four to a dozen pages to search to find the thing you're looking for"
16:00 <cpaelzer> Can I send you to Daniele for that discussion? :-)
16:00 <sarnold> please no :)
16:01 <cpaelzer> I can promise to keep the MIR elements cohesive and well findable
16:01 <cpaelzer> lots of experience with the server guide docs by now, there are ways like landing and index pages allowing to make it not appear to spread out while getting the benefit of the split
16:02 <jbicha> that 4-page outline sounds fine with me. +1 to joalif's vote :)
16:02 <sarnold> our little thing is just so much smaller than eg server docs
16:02 <sarnold> I can certainly appreciate that the aa docs feels like a good place for it to live
16:03 <sarnold> and if it's mostly you do the work anyway and you don't mind, sure :) but when you're no longer on the mir team, will the remaining AAs be up for it?
16:04 <slyon> people would do PRs as usual, we just need AA to click the merge button, which IMO is fine, as we also need AA to click the "promote" button in our workflow
16:05 <sarnold> if we'll always have an AA on the MIR team, because of course we would, then yeah that's probably fine
16:05 <cpaelzer> hehe
16:05 <cpaelzer> thank you for the pre-discussion
16:06 <cpaelzer> I hear some reasonable "please watch out for ..." and opinions, but no show-stoppers
16:06 <cpaelzer> thank you
16:06 <cpaelzer> closing the meeting now, ...
16:06 <cpaelzer> anything else?
16:06 <joalif> nothing from me
16:06 <cpaelzer> ok, here some usual entropy for you to count down
16:06 <cpaelzer> 32218
16:07 <cpaelzer> 25184
16:07 <cpaelzer> 15611
16:07 <cpaelzer> endmeeting
16:07 <sarnold> thanks cpaelzer, all :)
16:07 <cpaelzer> and once more
16:07 <cpaelzer> #endmeeting