== Meeting information ==

 * #ubuntu-meeting: Weekly Main Inclusion Requests status meeting, started by cpaelzer, 11 Feb at 15:30 — 16:07 UTC.
 * Full logs at https://ubottu.com/meetingology/logs/ubuntu-meeting/2025/ubuntu-meeting.2025-02-11-15.30.log.html



== Meeting summary ==

=== current component mismatches ===

Discussion started by cpaelzer at 15:30.

 * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg   (cpaelzer, 15:30)
 * ''LINK:'' https://people.canonical.com/~ubuntu-archive/component-mismatches.svg   (cpaelzer, 15:30)

=== New MIRs ===

Discussion started by cpaelzer at 15:34.

 * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir   (cpaelzer, 15:34)
 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/rust-gst-plugin-gtk4/+bug/2097804   (cpaelzer, 15:35)
 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/libva/+bug/2097800   (cpaelzer, 15:35)
 * ''LINK:'' https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/2095582   (cpaelzer, 15:35)

=== Incomplete bugs / questions ===

Discussion started by cpaelzer at 15:38.

 * ''LINK:'' https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir   (cpaelzer, 15:38)

=== Process/Documentation improvements ===

Discussion started by cpaelzer at 15:40.

 * ''LINK:'' https://github.com/canonical/ubuntu-mir/pulls   (cpaelzer, 15:40)
 * ''LINK:'' https://github.com/canonical/ubuntu-mir/issues   (cpaelzer, 15:40)

=== MIR related Security Review Queue ===

Discussion started by cpaelzer at 15:41.

 * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir   (cpaelzer, 15:41)
 * ''LINK:'' https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir   (cpaelzer, 15:42)
 * ''LINK:'' https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594   (cpaelzer, 15:42)

=== Any other business? ===

Discussion started by cpaelzer at 15:44.




== People present (lines said) ==

 * cpaelzer (117)
 * joalif (19)
 * sarnold (19)
 * slyon (17)
 * jbicha (11)
 * jamespage (3)
 * meetingology (2)



== Full log ==


 15:30 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status

 15:30 <meetingology> Meeting started at 15:30:39 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology

 15:30 <meetingology> Available commands: action, commands, idea, info, link, nick

 15:30 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe )

 15:30 <jbicha> o/

 15:30 <cpaelzer> #topic current component mismatches

 15:30 <slyon> o/

 15:30 <cpaelzer> Mission: Identify required actions and spread the load among the teams

 15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg

 15:30 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg

 15:30 <joalif> o/

 15:31 <cpaelzer> given the number of MIR cases in my inbox I assume a lot today ...

 15:31 <slyon> flexparser (from python-pint) are ready for promotion as of today (needs AA)

 15:31 <cpaelzer> thanks slyon, let me open and enqueue them

 15:32 <cpaelzer> flexcache as well?

 15:32 <slyon> that would be https://launchpad.net/bugs/2089037 and https://launchpad.net/bugs/2089036

 15:32 <slyon> yes

 15:32 <slyon> flexcache has been ready for a while IIRC

 15:32 <cpaelzer> I see, and it was me saying so :-)

 15:32 <cpaelzer> the rest is known/old and being worked on

 15:32 <cpaelzer> except

 15:33 <cpaelzer> xdg-desktop-portal -> fonts-inter

 15:33 <jbicha> how do you want that handled? it's only a dev package with the font dependency

 15:33 <slyon> It's a recommends, so should probably be dropped or use an Extra-Exclude

 15:33 <slyon> jbicha: can you Extra-Exclude the -dev package?

 15:34 <jbicha> yes

 15:34 <cpaelzer> great

 15:34 <slyon> thx!

 15:34 <cpaelzer> I've asked renan to summarize me the ruby-* path as he is looking into these

 15:34 <cpaelzer> hopefully I can tell you next week the steps there

 15:34 <cpaelzer> #topic New MIRs

 15:34 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing

 15:34 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir

 15:35 <cpaelzer> three to review

 15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/rust-gst-plugin-gtk4/+bug/2097804

 15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libva/+bug/2097800

 15:35 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/2095582

 15:35 <cpaelzer> starting with libsass - some css magic I guess

 15:35 <slyon> I can take one

 15:35 <joalif> i'm working on python-libsass

 15:35 <cpaelzer> right joalif

 15:35 <joalif> I could take libsass

 15:35 <jbicha> I still need to vendor the rust package in the next few days but I thought I ought to at least get it in the queue

 15:36 <cpaelzer> oh I see, because it is the same overall topic

 15:36 <cpaelzer> thanks joalif

 15:36 <joalif> yup

 15:36 <cpaelzer> slyon: ugly rust or ugly video codecs - what do you prefer?

 15:37 <slyon> heh, whatever. Let me take rust-gst-plugin-gtk4

 15:37 <slyon> (and ACK jbicha, I'll start looking into it early next week to give some headroom)

 15:37 <cpaelzer> ok and the libva story for me

 15:37 <jbicha> thank you

 15:37 <cpaelzer> I know that years ago I wanted it myself, so you have +1 karma credit for requesting it

 15:38 <cpaelzer> #topic Incomplete bugs / questions

 15:38 <cpaelzer> Mission: Identify required actions and spread the load among the teams

 15:38 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir

 15:38 <cpaelzer> top three was updated right before the meeting

 15:38 <cpaelzer> reading ...

 15:39 <jbicha> papers is NEW but 25.10 material at this point and is also rusty and needs to be vendored

 15:39 <slyon> raspi-utils and ubuntu-x1e-settings are only status updates. getting close but not yet ready

 15:39 <cpaelzer> ok, so this isn't ready yet and will be NEW once it is

 15:39 <cpaelzer> yes slyon^

 15:39 <cpaelzer> glad they are on the way and going well so far

 15:40 <cpaelzer> libcamera and nbd (also by the Rpi people) should be promotable soon, just waiting for them to show up in mismatches

 15:40 <cpaelzer> #topic Process/Documentation improvements

 15:40 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues

 15:40 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls

 15:40 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues

 15:41 <cpaelzer> all drafts/old

 15:41 <cpaelzer> #topic MIR related Security Review Queue

 15:41 <cpaelzer> Mission: Check on progress, do deadlines seem doable?

 15:41 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.

 15:41 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir

 15:42 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir

 15:42 <cpaelzer> Internal link

 15:42 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect

 15:42 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much

 15:42 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594

 15:42 <cpaelzer> We have been waiting on a few and sarnold mentioned to have new people as in good=resourece and as in unexperienced

 15:42 <cpaelzer> how is it going sarnold?

 15:42 <sarnold> cpaelzer: it's going well :) I'm optimistic again :)

 15:42 <cpaelzer> nice to hear that

 15:43 <sarnold> cpaelzer: the feature-freeze crunch has me a little worried but we've got much of our queue assigned and folks are making progress

 15:43 <cpaelzer> Given the reviews we assigned we should assume the usual "few more"

 15:43 <sarnold> *nod*

 15:43 <cpaelzer> but making progress is all we need

 15:43 <cpaelzer> thanks

 15:43 <cpaelzer> Keep it up and pass our thanks to your security cohort!

 15:43 <sarnold> will do :) thanks

 15:44 <cpaelzer> #topic Any other business?

 15:44 <cpaelzer> I have one on our docs, anything else?

 15:44 <sarnold> none here

 15:44 <joalif> i have a couple of questions

 15:44 <cpaelzer> joalif first please

 15:44 <joalif> does css makes to the list of 'parse data formats linke xml, json etc' ?

 15:44 <jbicha> .

 15:45 <cpaelzer> the question is rarely "what data it is" like CSS in this case, but more is it controlled externally

 15:45 <cpaelzer> this is for python-libsass I guess right

 15:45 <joalif> which would then require a sec review

 15:45 <joalif> yes more of libsass tbh

 15:45 <cpaelzer> so if the usage model is controlled program calls API, libsass renders CSS - I'd say that is not external control

 15:46 <cpaelzer> if you'd point it to a webpage and it would read the CSS from it, that would be parsing data with external control

 15:46 <joalif> the python-libsass is merely a wrapper all the parser seems to be done by lisbass c++ lib

 15:46 <cpaelzer> TODO: - does not parse data formats (files [images, video, audio,

 15:46 <cpaelzer> TODO:   xml, json, asn.1], network packets, structures, ...) from

 15:46 <cpaelzer> TODO:   an untrusted source.

 15:47 <cpaelzer> this is the rule you go for, and the important bit is "from an untrusted source"

 15:47 <joalif> iiuc it can parse data provided by user so I would consider it with external control

 15:47 <cpaelzer> so look at the usage model and decide, my gut feeling says it might be fine

 15:47 <slyon> I'd probably go with sec-review for libsass c++ lib (as it can presumably consume any input), not necessarily for the python-libsass "wrapper"

 15:47 <joalif> I agree slyon

 15:48 <cpaelzer> umm

 15:48 <cpaelzer> you made me click on the projects

 15:48 <cpaelzer> first paragraph

 15:48 <cpaelzer> Warning: LibSass is deprecated. While it will continue to receive maintenance releases indefinitely, there are no plans to add additional features or compatibility with any new CSS or Sass features. Projects that still use it should move onto Dart Sass.

 15:48 <joalif> and yes

 15:48 <cpaelzer> who is requesting that and why, was that from openstack horizon?

 15:48 <sarnold> ow

 15:48 <joalif> that would be the second question

 15:49 <joalif> upstream has decided so

 15:49 <joalif> i assume they are aware

 15:49 <slyon> we migh cycle that back to jamespage ^

 15:49 <cpaelzer> jamespage: ^^ I think you have to make a call on this, this is more for the owning team to make an argument - not joalif as the MIR reviewer

 15:50 <jamespage> sure - let me dig - this was a bit of a surprise change from the upstream project

 15:50 <cpaelzer> thanks jamespage

 15:50 <cpaelzer> the argument I look for is either "Oh we didn't see let us instead do ..." or "we really have to do ..., because convincing ...."

 15:50 <jamespage> I know that this is more recently supported than the previous modules used for the same function

 15:50 <cpaelzer> so it is discontinued, but not as long?

 15:51 <jamespage> basically yes

 15:51 <cpaelzer> please have a hug from me, but it isn't super convincing yet :-)

 15:51 <sarnold> > Dart Sass is the primary implementation of Sass, which means it gets new features before any other implementation. It’s fast, easy to install, and it compiles to pure JavaScript

 15:52 <sarnold> I'm liking libsass more and more all the time :)

 15:52 <cpaelzer> well, I see something complex or a hard call that makes no one too happy coming

 15:52 <sarnold> hah, yes

 15:52 <cpaelzer> but let us leave that to jamespage to prepare the way to go for next tme

 15:52 <cpaelzer> time

 15:52 <cpaelzer> joalif: both questions covered?

 15:52 <joalif> yup

 15:52 <sarnold> jbicha :)

 15:52 <joalif> thank you all!

 15:53 <jbicha> 'automake' is now built by automake-1.17 so it needs to be promoted to main with bug subscriber & automake-1.16 removed

 15:53 <cpaelzer> slyon: that sounds foundation'ish - since they have no new representative yet would you ping them?

 15:53 <slyon> I can

 15:53 <jbicha> thank you

 15:54 <cpaelzer> ok, my topic is for now just probing your opinions

 15:54 <cpaelzer> I'm trying to allocate time to modernize archive admin documentation next cycle, when prepping that a bit myself and Sally felt that we might want to move MIR process into the same as it is 98% archive management related topic

 15:55 <cpaelzer> here is the question now ...

 15:55 <cpaelzer> would you mind if I re-host the content of https://github.com/canonical/ubuntu-mir into a different project, likely with a more limited admin set?

 15:55 <cpaelzer> we'd all be contributors, and AAs can merge the PRs (or similar)

 15:56 <sarnold> AAs feel like a very limited resource

 15:56 <cpaelzer> This isn't fully defined, but I wanted to hear if you'd appreciate being co-located with all the other archive management or if you'd object

 15:56 <slyon> wfm, we've been going through the PR workflow for all the changes anyway (and have AA on the MIR team to help resolve our cases)

 15:56 <cpaelzer> sarnold: so far i'm merging the PRs, being an AA

 15:56 <sarnold> cpaelzer: hah, so it's no actual change then? :)

 15:57 <cpaelzer> kind of

 15:57 <jbicha> are you talking about switching to a readthedocs platform now too?

 15:57 <joalif> i dont mind moving it anywhere as long as it's easy to find :p

 15:57 <cpaelzer> yes, it would come (if it goes the way I think of it now) in a GH/RTD approach including the full diataxis split

 15:58 <cpaelzer> our current page would become ~4 1. explanation 2. howto file 3. how to review 4. meeting

 15:58 <cpaelzer> A lot is unclear still, but it is time to modernize the AA wiki page a lot

 15:59 <cpaelzer> and then we felt it would be odd if just the MIR descriptions live elsewhere

 15:59 <cpaelzer> as slyon said, we already do issues/PRs

 15:59 <cpaelzer> so nothing on that would change

 16:00 <sarnold> i'm not exactly opposed to it, but I don't love the diataxis "now you have four to a dozen pages to search to find the thing you're looking for"

 16:00 <cpaelzer> Can I send you to Daniele for that discussion? :-)

 16:00 <sarnold> please no :)

 16:01 <cpaelzer> I can promise to keep the MIR elements cohesive and well findable

 16:01 <cpaelzer> lots of experience with the server guide docs by now, there are ways like landing and index pages allowing to make it not appear to spread out while getting the benefit of the split

 16:02 <jbicha> that 4-page outline sounds fine with me. +1 to joalif's vote :)

 16:02 <sarnold> our little thing is just so much smaller than eg server docs

 16:02 <sarnold> I can certainly appreciate that the aa docs feels like a good place for it to live

 16:03 <sarnold> and if it's mostly you do the work anyway and you don't mind, sure :) but when you're no longer on the mir team, will the remaining AAs be up for it?

 16:04 <slyon> people would do PRs as usual, we just need AA to click the merge button, which IMO is fine, as we also need AA to click the "promote" button in our workflow

 16:05 <sarnold> if we'll always have an AA on the MIR team, because of course we would, then yeah that's probably fine

 16:05 <cpaelzer> hehe

 16:05 <cpaelzer> thank you for the pre-discussion

 16:06 <cpaelzer> I hear some reasonable "please watch out for ..." and opinions, but no show-stoppers

 16:06 <cpaelzer> thank you

 16:06 <cpaelzer> closing the meeting now, ...

 16:06 <cpaelzer> anything else?

 16:06 <joalif> nothing from me

 16:06 <cpaelzer> ok, here some usual entropy for you to count down

 16:06 <cpaelzer> 32218

 16:07 <cpaelzer> 25184

 16:07 <cpaelzer> 15611

 16:07 <cpaelzer> endmeeting

 16:07 <sarnold> thanks cpaelzer, all :)

 16:07 <cpaelzer> and once more

 16:07 <cpaelzer> #endmeeting



Generated by MeetBot 0.4.0 (https://wiki.ubuntu.com/meetingology)