#ubuntu-meeting log

15:31 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
15:31 <meetingology> Meeting started at 15:31:15 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
15:31 <meetingology> Available commands: action, commands, idea, info, link, nick
15:31 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe )
15:31 <cpaelzer> #topic current component mismatches
15:31 <slyon> o/
15:31 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
15:31 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
15:31 <sarnold> good morning
15:31 <cpaelzer> in the normal mismatches we see a bunch of ruby
15:31 <cpaelzer> renanrodrigo is here today, we will discuss this in AOB
15:31 <dviererbe> o/
15:31 <jbicha> it's still on my todo to drop the fonts-inter dependency
15:32 <joalif> o/
15:32 <cpaelzer> then we have the x1e settings which is https://bugs.launchpad.net/ubuntu/+source/ubuntu-x1e-settings/+bug/2095536
15:32 <cpaelzer> ready to promote
15:32 <cpaelzer> I'll queue this for tomorrow morning
15:32 <slyon> x1e-settings: Yes, at least the version in -proposed
15:32 <cpaelzer> proposed mismatches are not so different
15:32 <cpaelzer> going on
15:33 <cpaelzer> #topic New MIRs
15:33 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
15:33 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
15:33 <cpaelzer> OK, feature freeze frenzy it seems
15:33 <cpaelzer> let us start at the top - papers
15:33 <renanrodrigo> is this more than usual? heh
15:33 <slyon> curl vs nghttp3 is new IIRC? dviererbe can you carry that to Foundations?
15:33 <cpaelzer> yes
15:33 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/papers/+bug/2097727
15:33 <dviererbe> sure :)
15:34 <cpaelzer> this is towards coming releases
15:34 <cpaelzer> so if in doubt we might skip that for other cases today AFAICS
15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/ruby-sinatra/+bug/2095497
15:34 <jbicha> at review last week, we decided that Papers is actually a 25.04 goal. It is a fork of evince, to replace evince
15:34 <slyon> dviererbe: maybe create a placeholder bug: https://launchpad.net/ubuntu/+source/nghttp3/+filebug?field.title=%5BMIR%5D+nghttp3&field.status=Incomplete&field.tags=plucky (& subscribe ~ubuntu-mir)
15:34 <cpaelzer> that is one example of what renanrodrigo will bring to AOB
15:34 <dviererbe> slyon: ack
15:34 <cpaelzer> oh, thanks jbicha
15:34 <cpaelzer> i was going by the text
15:34 <cpaelzer> - The package papers is required in Ubuntu main no later than August 2025 due to Ubuntu 25.10 Feature Freeze and a desire to make this swap before Ubuntu 26.04 LTS
15:35 <jbicha> sorry I just updated the text now
15:35 <cpaelzer> thanks
15:35 <cpaelzer> ok so this one looks for a reviewer
15:35 <cpaelzer> I'm out as reviewer for many others, so I'm gonna take this one
15:35 <cpaelzer> out because I'm opart of the team driving them
15:35 <slyon> ack
15:36 <cpaelzer> next we have https://bugs.launchpad.net/ubuntu/+bug/2072561
15:36 <cpaelzer> which is almost a new qeue review and MIR at once
15:36 <cpaelzer> which is fine, we recommended them to get it in shape before uploading - because then SRU rules do not apply
15:36 <cpaelzer> but since I was so involved in guiding them I consider myself a bad reviewer
15:36 <slyon> yeah, it's special, because not yet in universe... I could take it, not sure about the NEW review part, though.
15:36 <cpaelzer> at the core it is a rust based packcage that wants to be in main in all releases
15:37 <cpaelzer> thanks slyon
15:37 <cpaelzer> you do not have to do literal NEW queue slyon
15:37 <slyon> okay
15:37 <cpaelzer> just any packaging issue you spot, you might report as well to help them
15:37 <joalif> libsass-python is not new, actually I'll post the review within the hour
15:37 <cpaelzer> thanks joalif
15:38 <cpaelzer> let me assign you on the case for correctness
15:38 <joalif> did it
15:38 <cpaelzer> which leaves two more
15:38 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/python-observabilityclient/+bug/2095359 which seems to be a normal python dep for openstack
15:39 <cpaelzer> joalif: could this be your next one?
15:39 <joalif> I can but "is required in Ubuntu main no later than Feb 20" is that even doable ?
15:39 <cpaelzer> if the outcome is no-security review needed - possibly
15:40 <joalif> ok, I'll take it
15:40 <slyon> I've done MIR reviews hours before the FeatureFreeze deadline in the past :P
15:40 <cpaelzer> These python libs often are quite straight forward and sometimes go that path
15:40 <cpaelzer> but I'm not pre-determiniing the outcome of your judgement
15:40 <sarnold> from our docs: > For a MIR to be considered for a release, it must be assigned to the Security team (by the MIR team) before Beta Freeze. This does not guarantee that a security review can be completed by Final Release. Ask the director of Security for exceptions.
15:40 <cpaelzer> just saying what is likely needed to make Feb 20th
15:40 <cpaelzer> yep sarnold
15:40 <cpaelzer> it can be promoted after FF
15:40 <joalif> libsass it's gonna have a problem but I'll elaborate later
15:41 <cpaelzer> I think jamespage wanted to be extra correct and prep it even before FF
15:41 <cpaelzer> last is https://bugs.launchpad.net/ubuntu/+source/libimobiledevice-glue/+bug/2074086
15:41 <cpaelzer> but that got checked
15:41 <cpaelzer> security has done ...
15:41 <cpaelzer> ack
15:41 <cpaelzer> what did we demand ...
15:41 <cpaelzer> no required TODOs
15:41 <jbicha> sarnold had comments with this one
15:42 <cpaelzer> indeed on august 2024
15:42 <cpaelzer> sarnold: are you ok with the ack Frederico has given?
15:43 <sarnold> cpaelzer: I really don't know what we ought to do with the embedded crypto :( on the one hand, probably this isn't unique
15:43 <cpaelzer> it isn't :-/
15:43 <cpaelzer> I remember tomcrypt in some places
15:43 <sarnold> it's just so easy to embed, heh
15:44 <cpaelzer> I think it is ok, but call to the honor of seb128 to stick to " .... goal to work over the next cycles to try to improve things"
15:44 <cpaelzer> because it is also easy to keep things as-is
15:44 <cpaelzer> I know, I'm guilty of it myself sometimes :-/
15:44 <sarnold> heh, me too. so much.
15:45 <cpaelzer> ok, so we are giving it an ok then
15:45 <cpaelzer> updating the case
15:45 <cpaelzer> updated the case
15:46 <cpaelzer> let us hurry, AFAICS two bigger topics in AOB
15:46 <cpaelzer> #topic Incomplete bugs / questions
15:46 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:46 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
15:46 <cpaelzer> 1 stub https://bugs.launchpad.net/ubuntu/+source/nghttp3/+bug/2098769
15:46 <cpaelzer> as discussed above
15:46 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/automake-1.17/+bug/2098750
15:47 <cpaelzer> is one of the "let us try to be better"
15:47 <cpaelzer> it needs a review but each of us got one already
15:47 <cpaelzer> It is waiting for the foundations team to opt in and file the paperwork anyway
15:47 <slyon> yes, dviererbe FYI ^ tagged rls-pp-incoming for foundations
15:47 <slyon> it's probably our first case of a "regular" re-review
15:47 <cpaelzer> I'd drop the mir approval team until it is ready
15:47 <dviererbe> slyon: I did so too
15:47 <cpaelzer> so it can come back fresh when we need to look
15:47 <slyon> wfm
15:48 <cpaelzer> what is the last state on https://bugs.launchpad.net/ubuntu/+source/rust-gst-plugin-gtk4/+bug/2097804
15:48 <slyon> there are a few TODOs for jbicha ^
15:48 <cpaelzer> reviewed and back from slyon to jbicha
15:48 <cpaelzer> ok
15:48 <cpaelzer> no action right now then
15:48 <cpaelzer> #topic Process/Documentation improvements
15:48 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
15:49 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
15:49 <slyon> mostly looking good (no sec-review), still lacking the Rust vendoring story, which first needs to be implemented in the packaging
15:49 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
15:49 <cpaelzer> ack @slyon
15:49 <sarnold> heh, when the review looks like a stacktrace..
15:49 <cpaelzer> nothing new here in the PRs/Issues
15:49 <slyon> jbicha: give me a ping once rust-gst-plugin-gtk4 is ready from the packaging side
15:49 <cpaelzer> #topic MIR related Security Review Queue
15:49 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
15:49 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
15:49 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:49 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:49 <cpaelzer> Internal link
15:49 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
15:49 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
15:49 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
15:49 <cpaelzer> ok sarnold, we've seen a sec review complete
15:49 <cpaelzer> how are the others going
15:49 <slyon> sarnold: :P that's a "nm" symobls dump
15:49 <cpaelzer> I see jpeg-xl which I think is for plucky as well right?
15:50 <sarnold> slyon: ah yes :)
15:50 <sarnold> fede has been quite busy with MIRs :D
15:50 <cpaelzer> oh yeah
15:51 <sarnold> giampaolo also took care of jemalloc, which worried me due to its age, but it sounded pretty solid
15:51 <sarnold> I haven't talked with sudhakar lately, sorry, not sure onjpeg-xl :(
15:51 <jbicha> slyon: thanks, yes I'll let you know once I've got the gst plugin working better
15:51 <sarnold> .. same with noam and glycin :(
15:52 <cpaelzer> yeah, seen and appreciate jmalloc - thanks
15:52 <sarnold> and provd I think we had some concerns that itwasn't necessary for this cycle. I can't actually recall how those conversations went, though. hmm.
15:52 <jbicha> glycin is a dependency for the loupe app which we'll want for 25.10
15:52 <cpaelzer> I didn't have that on extra-urgent either
15:52 <sarnold> (it lives in a repo with a few other things, and something about all the recent work is on the other things in that repo..?)
15:52 <cpaelzer> but the image supprt stacks I think were meant to be in now
15:53 <cpaelzer> hence my question on jpeg-xl
15:53 <cpaelzer> If you could friendly-poke sudhakar?
15:53 <sarnold> will do
15:53 <cpaelzer> thanks
15:53 <cpaelzer> going into AOB
15:53 <cpaelzer> #topic Any other business?
15:53 <cpaelzer> I know of the ruby things with Renan
15:53 <joalif> libsass
15:53 <cpaelzer> and it sounded libsass from joalif
15:53 <cpaelzer> ruby is simple, but I want a group ack
15:53 <cpaelzer> so let me raise this first
15:54 <cpaelzer> the TL;DR (poke renanrodrigo if you need details) is this
15:54 <cpaelzer> used to be part of the core ruby codebase and was in main
15:54 <cpaelzer> the code moved to individually packaged elements
15:54 <cpaelzer> and evolved there
15:54 <cpaelzer> so it is one of the common "fast paths" of "it was in main already, just now from a new source"
15:55 <cpaelzer> If you are ok, I'd fast process them when renan has done the paperwork, but I wanted to raise it for a team ack to not appear as preferring our own cases
15:55 <cpaelzer> opinions?
15:55 <renanrodrigo> FWIW base64, as well as other gems (in the bug description) were converted from default to bundled gems in libruby; more MIR requests will come for those others as they appear in component-mismatches
15:55 <slyon> sounds like we could apply the deferred re-review rule, to do opt-in MIRs after you fast-path processed them
15:55 <slyon> (whenever there's capacity left)
15:56 <cpaelzer> yeah, we can keep the requests in that state
15:56 <cpaelzer> and pick up in weeks we are not all getting so many already
15:56 <slyon> exactly
15:56 <cpaelzer> any objections?
15:56 <slyon> +1 from me
15:56 <joalif> nope
15:56 <cpaelzer> thanks
15:56 <joalif> nope as in no objections, +1
15:56 <cpaelzer> I'd ask joalif to outline the problem with libsass please
15:57 <sarnold> yeah, I think the ruby fast-track with intended re-reviews makes sense
15:57 <sarnold> on my focal machine .. $ apt-file search base64.rb | wc -l
15:57 <sarnold> 9
15:57 <joalif> so tldr MIR ack with todos, assigned to james page it needs a sec-review , and before FF
15:57 <cpaelzer> oh
15:57 <cpaelzer> so the problem is timing
15:57 <joalif> yes
15:57 <cpaelzer> TODOs + security
15:57 <cpaelzer> I think that is OK
15:57 <joalif> for sec-team and openstack team
15:58 <cpaelzer> it isn't needed to upload the change to plucky proposed
15:58 <cpaelzer> the approval is "only" needed to migrate
15:58 <cpaelzer> jamespage: do you think that timing (upload now, migrate later) will work for you?
15:58 <sarnold> https://discourse.ubuntu.com/t/plucky-puffin-release-schedule/36461
15:58 <cpaelzer> only if the security review fails or the TODOs are not done - then it breaks and needs to be unrolled
15:59 <sarnold> beta freeze is march 24 (a monday, go figure :)
15:59 <dviererbe> oh... does the nghttp3 vs. curl MIR issue paperwork need to be done before FF?
16:00 <cpaelzer> OK, let me summarize again
16:00 <cpaelzer> the chagne to land things in propsoed needs to be done by FF
16:00 <slyon> dviererbe: it's already in -proposed, so no. But should the MIR fail, you need to somehow drop the new dependency (or get a FFe)
16:00 <dviererbe> slyon: ack
16:00 <cpaelzer> The reviews and subsequent tasks need to be done in time towards beta
16:00 <cpaelzer> the later you get the less likely will it work out
16:01 <dviererbe> ok
16:01 <cpaelzer> ok, so we are on time
16:01 <cpaelzer> and kind of through a lot of topics
16:01 <cpaelzer> thank you all in MIR and security for the ongoing efforts to keep quaklity up!
16:01 <cpaelzer> closing for today
16:01 <cpaelzer> let me give you some numbers as usual
16:02 <cpaelzer> 5522
16:02 <cpaelzer> (head punching my num block)
16:02 <cpaelzer> bye
16:02 <slyon> o/
16:02 <sarnold> thanks cpaelzer, all :)
16:02 <cpaelzer> #endmeeting