#ubuntu-meeting-2 2015-07-07
 * slangasek waves
<mdeslaur> hi!
<pitti> \o
<slangasek> #startmeeting
<meetingology> Meeting started Tue Jul  7 16:01:19 2015 UTC.  The chair is slangasek. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
<meetingology> Available commands: action commands idea info link nick
<slangasek> [TOPIC] Apologies
<slangasek> no apologies sent on the list
<slangasek> kees, infinity appear to be absent
<slangasek> but we nevertheless have a quorum, so carrying on :)
<slangasek> [TOPIC] Action review
<slangasek> ACTION: slangasek to forward complaint to Canonical legal
<slangasek> carried over, again
<slangasek> again, if anyone felt strongly about stealing this from me I wouldn't stand in their way, otherwise I'll keep it on my todo
<pitti> FTR, stgraber is on holidays?
<stgraber> no I'm not :)
<mdeslaur> he just wishes :)
<stgraber> :)
<slangasek> nope, we're all still working, no matter how much our brains are overheating in this weather ;)
<slangasek> [TOPIC] Mailing list archive
<slangasek> there was a mail from apw this morning, which I just saw in the queue and approved through
<slangasek> I'm guessing most people haven't read it yet
<pitti> ah, I already wondered
<slangasek> Subject: Ubuntu Fan Updates for Trusty and Vivid
<pitti> I quickly read through it, but I'm not entirely sure about the impact yet
<mdeslaur> I skimmed it, but I'd have to look at the patch to form an opinion
<slangasek> for those who don't know, Ubuntu Fan is a clever stateless network multiplexer
<slangasek> it's a useful feature to have on cloud instances running containers
<slangasek> apw had approached me and asked me if it was SRUable
<pitti> it sounds similar to IPv4LL and NAT, and all the other crazy things people do to avoid IPv6 :)
<slangasek> and I expressed concern that this doesn't really fit our existing SRU policy, so should be discussed at a higher level
<pitti> but AFAIUI this is mostly a new feature, ignoring some undocumented preview that was already in the trusty kernel
<slangasek> vivid kernel
<pitti> i. e. the regression potential is that someone made use of that in trusty, and it's going to change/break?
<pitti> ah
<pitti> so for trusty this is entirely new
<slangasek> yes, the risk of regression potential is fairly low because it's a new feature
<stgraber> my main concern is the changes to iproute2 and other core bits to support the feature
<mdeslaur> is this upstream yet? what are the odds that it gets changed in an incompatible way while going upstream?
<slangasek> however, the SRU policy has always been rather clear that new features don't belong in SRUs - with the exception of hardware enablement
<pitti> yeah, that's my main gripe with it -- there's no indication of whether this has ever been reviewed by kernel developers, or proposed for inclusion
<slangasek> we've moved the line a few times wrt hardware enablement, to accomodate cloud substrate requirements
<stgraber> so last I heard, it's not upstream and we're not actively pushing for it to be upstreamed in its current shape, it also uses kernel identifiers for the tunnel type which may potentially be used by another in-kernel tunneling technology at some point, causing a clash
<slangasek> but I don't think I can justify this under the current SRU policy, so I think there's a higher-level policy discussion to be had rather than just making exceptions
<pitti> (wrt. security/quality review, and general sanity)
<pitti> so while from a regresssion potential POV this seems manageable (assuming that iproute2 only gets new features, and no changed behaviour)
<stgraber> so basically from my point of view: 1) ubuntu-fan package itself is fine and safe 2) changes to iproute2 may be risky 3) in-kernel non-upstream tunnel technology when needing unique IDs for netlink is a risk too
<pitti> it feels like exposing millions of LTS users with a brand new and largely unreviewed kernel feature that will be exposed to the network is a bit premature
<slangasek> so, I'd appreciate it if we could separate our SRU team hats from our TB hats here, difficult as that is :)
<pitti> sure; this is all TB anyway, as it's clearly outside of SRU policy
<slangasek> when I asked apw to refer it to the TB, it wasn't because I wanted the TB to analyze the risks of this specific SRU
<slangasek> but to discuss whether the SRU policy should, or should not, allow for updates such as this
<stgraber> ah, simple answer then, it shouldn't
<pitti> personally I would never like to give out a blanket permit for things like this
<slangasek> pitti: well, I have the opposite response: that we shouldn't give /exceptions/ for things like this :)
<pitti> even with this concrete case I have some serious concerns, I don't see how to allow even more general cases
<stgraber> backporting of a new major feature into a LTS release is very clearly out of scope for the normal SRU process and as it's not something I want to see abused, I don't believe it makes sense to have the SRU policy allow this
<pitti> slangasek: that'ss a good point from the POV that general written-down policy is better than arbitrary exceptions that are handed to whoever shouts the loudest
<slangasek> if it's justifiable in the specific case (which it may not be), I think that we should address that in the SRU policy.  The SRU policy currently says we don't allow new features in, this is a new feature: is the policy wrong, or is the SRU proposal one we should reject
<slangasek> so I'd say that taking the pulse here suggests that we don't want this SRU
<pitti> hm, so we could imagine how the fan proposal would have to look like in order for us to consider it acceptable
<stgraber> do we really need to update the SRU policy to say that the TB can overule? to me it seems like its stating the obvious...
<pitti> and then generalize that?
<slangasek> shall we follow up on the mailing list?
<slangasek> stgraber: uh?  I'm in no way talking about codifying "the TB can overrule"
<mdeslaur> There is a lot of potential for abuse in letting new features in. Is having the power to rule on new features something the SRU team in interested in?
<slangasek> speaking only for myself as an SRU team member: no
<pitti> with my former SRU hat on: I wouldn't be
<slangasek> because having the power to rule on it means we'll be constantly asked to rule on it
<stgraber> so my point of view, is keep the SRU policy as is, no new features and have the SRU team reject anything that's a new feature. None of that prevents escalation through the TB for a specific exception as seems to be the case here.
<pitti> processing SRUs is enough work without having to argue about new features all the time
<pitti> I'd actually be okay with new features in LTSes under reasonable circumstances; we do it all the time already, after all
<pitti> (new landscape or maas versions, etc.)
<slangasek> stgraber: I would not be happy with the TB ever signing off on a specific exception to the new feature rule without being able to articulate a general principle
<pitti> but they should have a reasonably low potential for introducing new bugs and security holes, which this particular proposal totally fails at
<pitti> right -- e. g. for the HW enablement we have a generic justification in the policy
<pitti> so if/once we agree to this particular proposal, we could then generalize it and see on which grounds we accept it
<slangasek> fwiw my risk analysis of this particular SRU differs from yours - it's already in the vivid kernel, the vivid kernel will land in trusty as part of the hwe process, new kernels have a huge attack surface anyway for security holes and we have a kernel update cadence to deal with that
<stgraber> yeah, the kernel side isn't a big concern of mine because we don't force those on our existing users
<slangasek> I also think the SRU process is adequate for dealing with the risks of regression, and doesn't need direct TB involvement
<stgraber> iproute2 however is a bit more problematic
<slangasek> anyway, so far I'm hearing a pretty firm "no" - so I think the next steps are to take that back to the mailing list?
<pitti> well, we wouldn't push/force it into trusty unless we were planning to actually use that feature, no?
<pitti> i. e. in some cloud workload via iproute2?
<stgraber> well, the feature can be used by anyone, cloud or not, it just shows up as a bridge that you can use with docker, lxc, lxd, ...
<pitti> right, the normal kernel backporting process kind of gets us that through the backdoor, but it would be inert without userspace changes
<pitti> so it's much less adding the new kernel feature, but rather making use of that by our default tools
<stgraber> right, you need the ubuntu-fan package and tools to talk to iproute2 to talk to the new kernel netlink interface
<slangasek> but it's also not as if this is going to be activated on existing systems automatically; someone has to invoke it to make use of it
<pitti> in general I don't want to respond to these kinds of requests with a plain "no" (as there's usually a good use case behind it), but more with a "how"
<pitti> slangasek: it's not? that's not at all clear to me
<stgraber> yeah, as I said, I'm not too concerned about the kernel side of it. What I'm concerned with is modifying iproute2
<stgraber> because if iproute2 breaks somehow, that means no network on the affected machine and that's kinda bad
<mdeslaur> part of the issue here is this seems to be an ubuntu-specific feature
<pitti> slangasek: it's very easy to accidentally or deliberately enable it on upgrades
<slangasek> pitti: it certainly is not, it's a completely new bridge type
<mdeslaur> it's not as if it's a backport of something present in a new version
<slangasek> mdeslaur: it's a backport of something present in a new version of the package in Ubuntu.  I'm not sure from a policy perspective (as opposed to a risk analysis perspective) that we should distinguish between Ubuntu-specific vs. not
<pitti> right, "ubuntu specific" doesn't belong into SRU policy, that should be general development policy
<pitti> (FWIW, I really don't like having this in vivid either)
<mdeslaur> slangasek: policy no, but it certainly has an impact on the risk. Even more so if there actually are plans to get it upstream and that turns into a compatibility nightmare for users.
<pitti> so assuming it *was* a properly reviewed feature in vivid's kernel, I wouldn't have a problem with letting this migrate to trusty as well via the normal backport process
<pitti> the "change userspace to make use of it" is what I'd like to understand more, as right now it sounds awfully dangerous
<pitti> so the "how to make this palatable" would include an upstream review, plus a more detailled description of the current and planned userspace changes to iproute and other tools, and a regression potential analysis
<pitti> all of which is really unrelated to SRUing this to trusty, but should retroactively be done for vivid too
<slangasek> all of that still doesn't pass the SRU policy as it stands, and only supports making an exception?
<slangasek> I'm against making an exception
<pitti> as for the SRU policy, I think we can make an amendment for backporting features from stable releases to LTSes which have a negligible regression potential
<pitti> it shoudl still be ack'ed individually IMHO, but it would be a guideline what the TB would look at
<pitti> (TBH I have a bigger problem with the feature itself than with backporting it)
<slangasek> ok; so you think that at least potentially this is something that we would want codified in the SRU policy as allowable
<pitti> yes, I do
<mdeslaur> pitti: acked by who, the SRU team or the tech board?
<pitti> pitti | hm, so we could imagine how the fan proposal would have to look like in order for us to consider it acceptable
<pitti> pitti | and then generalize that?
<slangasek> I agree, though I'm not yet sure what shape it should take
<pitti> mdeslaur: my feeling is "TB" at least initially
<mdeslaur> ok
<slangasek> but I think we're racking up exceptions at this point (maas, juju, proposal for fan) and we should consider whether the current SRU rules are still meeting their purpose
<pitti> this shouldn't be a "toss over the fence" kind of thing, but similar to preliminary MREs
<pitti> slangasek: right, that's a good point; now that we do have a lot of MREs we have some experience when we allowed them
<slangasek> not just MREs :)
<pitti> and most of the time the "interview" looked fairly similar: automatic/manual test plans and QA procedures, how to ensure that upgrades don't break, regression potential analysis
<slangasek> [ACTION] slangasek to document maas, juju, docker exceptions on https://wiki.ubuntu.com/StableReleaseUpdates#Special_Cases
<meetingology> ACTION: slangasek to document maas, juju, docker exceptions on https://wiki.ubuntu.com/StableReleaseUpdates#Special_Cases
<pitti> slangasek: juju is on https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
<slangasek> pitti: yes, but it's not actually an MRE so I'm going to move it :)
<pitti> maas was proposed, but never got signed off because the interview wasn't finished
<pitti> slangasek: ack
<pitti> slangasek: I'm happy to look at our existing MacroReleaseExceptions and come up with a proposal for a policy amendment for next time
<slangasek> so - next steps?  should we evolve this on the mailing list?
<pitti> as I usually responded to the bulk of MRE requests on the ML anyway
<pitti> I think there's two steps:
<pitti> 1) amend the policy for new features in LTS (as that's clearly a direction we've gone in in the past years)
<pitti> 2) respond to that concrete case with our gripes and request for more information about them
<slangasek> pitti: do you want to drive #1?
<pitti> slangasek: yes
<mdeslaur> pitti: that sounds reasonable
<slangasek> [ACTION] pitti to propose amendment to general SRU policy for new features in LTS
<meetingology> ACTION: pitti to propose amendment to general SRU policy for new features in LTS
<slangasek> [ACTION] all to respond to the Ubuntu Fan SRU proposal on list
<meetingology> ACTION: all to respond to the Ubuntu Fan SRU proposal on list
<slangasek> [TOPIC] community bugs
<slangasek> https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard
<slangasek> empty
<slangasek> [TOPIC] Select a chair for the next meeting
<slangasek> I believe that's stgraber, with infinity as backup, yes?
<stgraber> yep
<slangasek> [INFO] Next meeting 2015-07-21, 17:00 London time.  Chair: stgraber (next: infinity)
<slangasek> anything else that I've missed?
<pitti> nice to have a "real" meeting for a change :)
<mdeslaur> hehe, yes :)
<pitti> nothing else from me
<slangasek> :)
<slangasek> #endmeeting
<meetingology> Meeting ended Tue Jul  7 16:49:58 2015 UTC.
<meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting-2/2015/ubuntu-meeting-2.2015-07-07-16.01.moin.txt
<slangasek> thanks, all!
<mdeslaur> thanks slangasek, thanks all
<pitti> thanks everyone
<stgraber> thanks
<pitti> et bonne nuit !
<stgraber> :)
