/srv/irclogs.ubuntu.com/2010/09/27/#ubuntu-meeting.txt

=== nigelbabu is now known as nigelb
=== inkvizitor68sl is now known as ink|off|ZNC
=== ink|off|ZNC is now known as inkvizitor68sl
=== inkvizitor68sl is now known as inky_GPRS
=== inky_GPRS is now known as inkvizitor68sl
=== inkvizitor68sl is now known as ink|off|ZNC
=== doko__ is now known as doko
=== fader_` is now known as fader_
cjwatsoncody-somerville,persia,geser,nixternal,soren,stgraber: DMB meeting in three minutes, by my calendar12:58
cjwatsontwo12:58
cjwatsonbagsy not chair, since I chaired the last mega-meeting12:58
cody-somervilleI should note that I won't usually be able to make this time. I saw an e-mail about there being a proposed time change but I thought I'd have more time to respond before the change was actually made.13:00
cjwatsonthe discussion dragged on for months13:00
cjwatsonI'm sorry you didn't feel there was enough time to respond, but in any event it was clear that no one time was good for everyone.  Can you make the 1900 UTC slot in the rotation?13:00
* stgraber waves13:01
cody-somervilleI haven't had a chance to read the e-mail yet. I was sick for most of last week and on vacation the week before.13:02
* geser is here13:02
geserbut as I'm at work, I'm not the best candidate for chair13:03
cjwatsonDate: Tue, 31 Aug 2010 13:22:45 +010013:03
cjwatsonPlease speak now or forever hold your peace (at least until the next13:03
cjwatsontime).13:03
* barry waves13:03
* stgraber is also at work with a face-to-face meeting in 57 minutes (just after DMB) so probably not the best to chair that one either, sorry.13:04
cody-somervillecjwatson, Yea, 1900 UTC shouldn't be a problem at all.13:05
cjwatsonthere was also a thread from early July that AFAICS you didn't follow up to, Cody13:05
cjwatsonok, good13:05
cjwatsoncody-somerville,geser: can one of you chair, perhaps?13:05
gesercjwatson: how far up on your TODO list is setting up the voting for the free DMB seat?13:06
cjwatsonwe appear to have basic quorum at least13:06
cjwatsongeser: not very; if you'd like to take it over, please do13:06
geseris there a howto for it?13:06
cjwatsonI don't think so13:07
cjwatsonwhich is one reason I haven't done it yet13:07
raphinkHi guys, Raphael Pinson here, hope I'm not too late for the DMB13:07
cody-somervilleI guess I can chair.13:08
cody-somerville#startmeeting13:08
MootBotMeeting started at 07:08. The chair is cody-somerville.13:08
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]13:08
cody-somervilleDo we have quorum?13:09
stgraberwe are at least 4 on IRC from what I can see, so I think so.13:10
cjwatsonchair> thanks13:11
cody-somerville[TOPIC] Administrative Matters: Review Marco Rodrigues participation in Ubuntu Development13:11
MootBotNew Topic:  Administrative Matters: Review Marco Rodrigues participation in Ubuntu Development13:11
cody-somerville[LINK] https://wiki.ubuntu.com/MarcoRodrigues/ParticipationApplication13:11
MootBotLINK received:  https://wiki.ubuntu.com/MarcoRodrigues/ParticipationApplication13:11
cody-somervilleHe doesn't appear to be here.13:13
cjwatsonwe should consider in absentia I think13:13
cjwatsonI find ScottK's comment disturbing, and am looking for a citation so that I can read more about it13:14
cjwatson(regarding debian-games)13:14
cody-somervilleIndeed.13:14
cjwatsondoes anyone have one to hand?13:15
cjwatson(this is not doubting ScottK; I'm looking for a citation so that I can see how recent it is and make my own judgement about the circumstances)13:15
geserthat should be around the same time as his trouble in Ubuntu13:15
geserat least I don't know of any more recent one13:16
ScottKIt's not particularly recent.  It was shortly after he was asked not to contribute to Ubuntu.13:16
ScottK(I looked for the relevant message on the debian-games archive and couldn't find it)13:16
ScottKThe issue I was attempting to bring up was not that it was a recent problem, but that his description of his involvement with Debian is at best incomplete.13:17
cody-somervilleHe seems active in Debian in other teams.13:18
cjwatsonhis endorsements would be OK (if sparse) for a new application, but they seem a bit half-hearted for the standard of "MOTUs supporting this wish actively" (https://lists.ubuntu.com/archives/ubuntu-motu/2008-January/003067.html)13:19
cjwatsonto be honest, what I would be looking for is people saying "he's great now, we'd really like him back because it would take so much load off our shoulders"13:20
cody-somervilleIts not clear to me what exactly Marco wants.13:20
cjwatsonI certainly appreciate his efforts in cleaning up bugs against removed packages in Debian, although it is worth noting that ftpmaster is looking to do that automatically instead13:21
cjwatsoncody-somerville: he is banned from participating in Ubuntu development; he wants that ban lifted13:21
cjwatson(see https://lists.ubuntu.com/archives/ubuntu-motu/2008-January/003067.html)13:22
* persia apologises for being tardy13:22
cjwatsondoes anyone else have an actual opinion here?  mine seems to currently be: I'm not seeing a pressing reason to lift the ban, although I kind of dislike having to ban people as a general rule and understand that it is worth reviewing any bans we do have to impose from time to time13:25
cjwatsonand what I'd really appreciate in trying to form a more complete opinion is more strong opinions from other developers who've interacted with Kmos recently13:26
stgraberI'd also appreciate getting more feedback (be it negative or positive) and ideally more documented than what we currently have13:28
gesersome more feedback would be nice, I see currently on two weak endorsements from ~ubuntu-dev and one comment against lifting from ~ubuntu-dev13:29
persiaI don't really like administering the ban, and the few bits of feedback I've received have been positive, but I'll admit to not having much feedback.13:29
cjwatsonperhaps it would be worth deferring, and have the minutes of this meeting explicitly call for comments from developers?13:30
cody-somervilleI guess my question is, is it justified to require more from kmos than any other to allow him to participate because of his history? Should no longer being disruptive but instead on par with any new contributor be the necessary threshold to permit Marco to participate again?13:30
cjwatsoncody-somerville: my feeling is that lifting a ban should require more than the normal threshold, simply because we have that prior history13:30
cjwatsonthat said, I don't think bans should be unalterably for life13:31
persiaI think it ought require a lower threshold than we might require for other sorts of approvals we perform, simply because he's not permitted to engage in most of the activities we typically review.13:31
cjwatsoninteresting, and I see your point.  perhaps a different kind of threshold13:31
persia"different kind" is a better way of phrasing it, indeed.13:31
cody-somervilleWe don't require any review though for an individual to be able to participate.13:31
cjwatsonI guess what I mean by a higher threshold is that it ought to require a higher level of enthusiasm from *people*13:31
cjwatsongiven that many of the problems were essentially social13:32
persiaI believe we also must judge based on the criteria in the ban email, rather than anything else.13:32
cjwatsonI agree, and I'm trying to extemporise "MOTUs supporting this wish actively" into something we can apply13:33
cody-somervilleWhy would a Ubuntu developer get enthusiastic about someone who isn't allowed to participate in Ubuntu development?13:33
cjwatsonI don't know about you but I develop in more than just Ubuntu :-)13:33
cjwatsonplenty of people have Debian experience for instance13:33
persiaAnd plenty who don't end up spending time reviewing changes coming from Debian.13:34
geseris Kmos allowed to contribute through proxies (other MOTUs)?13:34
cjwatsonthe positive comments so far seem to be essentially "I got a few patches and they seemed OK"13:34
cjwatsonand that kind of thing13:34
persiageser, That's a complex question: I'd say that some of the work he's done with pitti skirts the edge of banned behaviour, whereas I was confortable with his work with liw (computer-janitor)13:34
cjwatsonLucas' comment involves some of the most direct experience, and is the most positive13:35
* persia spends some time each week reviewing apparent activity in Ubuntu and Debian, and counselling when there is an appearance of Ubuntu-development-related work13:35
cjwatsonpersia also commented in the report "The vast majority of the reports I have received about his work in Debian have been positive, especially those received in the last year"13:35
cody-somervilleI think we should give Marco a second chance, ie. a probationary period.13:35
cody-somervilleAt the end of the probationary period, we can evaluate any comments or complaints made against kmos after that time and make a decision if he can continue to participate or not.13:36
cjwatsonI'm ambivalent about the ban-skating; on one hand I disapprove of working around bans, but on the other it seems somehow mean to complain based purely on that13:36
persiaI don't think it requires a probationary period.  I think the question before us is simply: shall we allow him to start as a new contributor.  If he doesn't behave, there's plenty of precedent to ask him to stop.  The risk is that we cause annoyance for developers, some of whom have already spent way too much time untangling from past actions.13:37
cjwatsonpersia: were the three cases of ban-skating recent?13:37
cjwatsonthe ones that caused developers to report them13:37
cody-somervillepersia, If we let him start as a new contributor than the same burden of proof to ban a new contributor will be required to ban him again.13:38
geserhow recent is "recent"?13:38
cjwatsonhow about "how long ago were they?"13:38
persiaOne of them was somewhere around lucid release (I think after beta freeze).  The others were earlier.  I'd have to dig logs to get exact dates.13:38
cjwatsonrough impression is OK13:39
cody-somervilleWe need to move on.13:39
geserhow severe were those annoyances?13:39
persiaMore common behaviour is to watch IRC (he's only +q), and when something he can sort comes up, passing the answer to someone in /query, which I tend to tolerate so long as nobody complains and it's not too obvious.13:40
persiageser, People saying "Isn't he banned"?  I don't recall any cases where there was something he did that caused specific cleanup issues.13:40
cody-somervilleI motion to postpone consideration.13:40
persiaLet me qualify that: I don't remember any such after the initial issues related to implementation of the ban.13:41
cjwatsonI second Cody's motion as long as the postponement includes a call for feedback from developers13:42
cjwatson(otherwise we'll just postpone indefinitely)13:42
geserhe should get allowed to work through a proxy (a MOTU) to get some actual feedback13:42
ScottKGiven that the threshold to get banned is SO high, it seems odd to me to consider it was a mistake.13:43
persiageser, I'm not sure how that is different from any other participation by a non-member of ~ubuntu-dev: to me that is equivalent to lifting the ban.13:43
cody-somerville[VOTE] Postpone consideration of Marco Rodrigues's request and call for feedback from developers.13:44
MootBotPlease vote on:  Postpone consideration of Marco Rodrigues's request and call for feedback from developers..13:44
MootBotPublic votes can be registered by saying +1/-1/+0 in the channel, private votes by messaging the channel followed by +1/-1/+0  to MootBot13:44
MootBotE.g. /msg MootBot +1 #ubuntu-meeting13:44
persiaScottK, I very much don't consider the ban a mistake.  I think it was important that it happened.  I happen to know that Kmos agrees.13:44
cjwatsonit's different because the proxy is volunteering to essentially be exposed to somebody who may turn out to waste their time13:44
cody-somerville+113:44
MootBot+1 received from cody-somerville. 1 for, 0 against. 0 have abstained. Count is now 113:44
cjwatsonand to take responsibility for the actions that result that are visible to other Ubuntu developers13:44
persiaI'm just under the impression that he's close to having reached the threshold required in the ban terms.13:44
persia+113:44
MootBot+1 received from persia. 2 for, 0 against. 0 have abstained. Count is now 213:44
geser+113:44
MootBot+1 received from geser. 3 for, 0 against. 0 have abstained. Count is now 313:44
cjwatson+1 # with comments above13:44
MootBot+1 received from cjwatson. 4 for, 0 against. 0 have abstained. Count is now 413:44
stgraber+113:44
MootBot+1 received from stgraber. 5 for, 0 against. 0 have abstained. Count is now 513:44
cody-somerville#endvote13:44
cody-somervillewhats the command to end the vote?13:45
geserpersia: eg. a new contributor can use requestsync, he should send them first to his proxy instead of directly to LP and ~ubuntu-sponsors13:45
cjwatson[ENDVOTE]13:45
cody-somerville[ENDVOTE]13:45
MootBotFinal result is 5 for, 0 against. 0 abstained. Total: 513:45
persiageser, Ah, so another oversight period.  Let's discuss next time, but I think I could accept that sort of thing, if there were volunteers.13:45
cody-somerville[ACTION] cody-somerville: Call for feedback from developers on Marco Rodrigues's request13:46
MootBotACTION received:  cody-somerville: Call for feedback from developers on Marco Rodrigues's request13:46
cody-somerville[TOPIC] PerPackageUploader Applications: Barry Warsaw for gtimelog13:46
MootBotNew Topic:  PerPackageUploader Applications: Barry Warsaw for gtimelog13:46
cjwatsonFIFO order for the rest of the agenda is barry then raphink13:46
cjwatsonah yes :)13:46
cody-somerville[LINK] https://wiki.ubuntu.com/BarryWarsaw/MyApplication13:46
MootBotLINK received:  https://wiki.ubuntu.com/BarryWarsaw/MyApplication13:46
barryhi guys13:47
cody-somervillebarry, Please briefly introduce yourself and the rationale for your request.13:48
barrybarry warsaw here.  i'm on platform foundations, and a long time python core dev.  i have ppu for a handful of packages and was recently given upstream commit privs to gtimelog.  since i'll be spinning packages for it i'd like to get ppu for gtimelog in ubuntu13:49
cody-somervillebarry, How many times have you uploaded gtimelog to Ubuntu?13:49
barrycody-somerville, one sponsored upload.  the version in lucid was *way* out of date (squeeze too), so i worked w/upstream to get a new version out, then fixed the packaging and got sponsor to upload13:50
cody-somervillebarry, Does gtimelog use any patch system?13:51
barryquilt313:51
persiabarry, How is the state of gtimelog in Debian?13:52
geserbarry: I guess doko reviewed the new packaging before sponsoring. Did he found any issues you needed to fix?13:52
barrypersia, we need to get 0.4.0 into debian.  i've contacted the debian maintainer and between him, myself, and upstream author, we're trying to work out a transfer or cooperation13:53
barrygeser, no, i don't think so13:53
barrypersia, iirc the current registered deb maint for gtimelog is mia13:53
cody-somervillebarry, Do you you build your packages in a chroot before uploading to Ubuntu?13:54
persiaIt's orphaned, actually: Debian bug #58514513:54
ubottuDebian bug 585145 in wnpp "ITA: gtimelog -- minimal timelogging system" [Normal,Open] http://bugs.debian.org/58514513:54
cjwatsoncody-somerville: (I don't ;-) )13:54
barrycody-somerville, yep, and a ppa (~gtimelog-dev)13:55
cody-somervillebarry, Are you subscribed to bug reports filed against gtimelog in Ubuntu?13:55
barrycody-somerville, i am13:56
barrycody-somerville, upstream uses lp for bugs and i am now an admin for ~gtimelog-dev so i'm watching everything (at least i think i am ;)13:56
cody-somervilleAny other questions for barry before I call the vote?13:56
* stgraber doesn't have any.13:57
* cjwatson has none, other than get on with building enough breadth that we can just make you a MOTU already :-)13:57
persiaOr something else, as appropriate.13:58
barrycjwatson, :)13:58
barrypersia, i actually think we should add some kind of python packageset13:58
cody-somerville[VOTE] Grant Barry Warsaw PPU permission to gtimelog13:58
MootBotPlease vote on:  Grant Barry Warsaw PPU permission to gtimelog.13:58
MootBotPublic votes can be registered by saying +1/-1/+0 in the channel, private votes by messaging the channel followed by +1/-1/+0  to MootBot13:58
MootBotE.g. /msg MootBot +1 #ubuntu-meeting13:58
cjwatson+113:58
MootBot+1 received from cjwatson. 1 for, 0 against. 0 have abstained. Count is now 113:58
stgraber+113:58
geser+113:58
MootBot+1 received from stgraber. 2 for, 0 against. 0 have abstained. Count is now 213:58
MootBot+1 received from geser. 3 for, 0 against. 0 have abstained. Count is now 313:58
cody-somerville+113:58
MootBot+1 received from cody-somerville. 4 for, 0 against. 0 have abstained. Count is now 413:58
persia+0 : insufficient prior history of work with the package: one upload does not show maintainance history13:59
MootBotAbstention received from persia. 4 for, 0 against. 1 have abstained. Count is now 413:59
* stgraber is off to another meeting now13:59
cody-somerville[ENDVOTE]14:00
MootBotFinal result is 4 for, 0 against. 1 abstained. Total: 414:00
barrypersia, ack. it's a rather slow moving package, but i do intend to do more bug fixing on it14:00
soreno/14:00
cody-somervilleIs that successful?14:01
cjwatsonoh hello soren14:01
persiabarry, Understood.  Note that I was +0 rather than -1 because I know you'll do a good job on it, but I think that you don't qualify under PPU guidelines according to https://wiki.ubuntu.com/UbuntuDevelopers14:01
persiacody-somerville, Yes.14:01
* barry nods14:01
sorenSorry, apparantly I suck at timezones.14:02
cody-somerville[VOTE] Ubuntu Core Developer Application:  Raphaël Pinson (recovery)14:02
MootBotPlease vote on:  Ubuntu Core Developer Application:  Raphaël Pinson (recovery).14:02
MootBotPublic votes can be registered by saying +1/-1/+0 in the channel, private votes by messaging the channel followed by +1/-1/+0  to MootBot14:02
MootBotE.g. /msg MootBot +1 #ubuntu-meeting14:02
cody-somervilleerr..14:02
cody-somerville[ENDVOTE]14:02
MootBotFinal result is 0 for, 0 against. 0 abstained. Total: 014:02
* cjwatson doesn't interpret the "uploads" there as a strict plural; it depends on the circumstances14:02
cody-somerville[TOPIC] Ubuntu Core Developer Application:  Raphaël Pinson (recovery)14:02
MootBotNew Topic:  Ubuntu Core Developer Application:  Raphaël Pinson (recovery)14:02
raphinkhehe ;)14:02
cody-somerville[LINK] https://lists.ubuntu.com/archives/devel-permissions/2010-August/000098.html14:02
MootBotLINK received:  https://lists.ubuntu.com/archives/devel-permissions/2010-August/000098.html14:02
raphinkI can give a summary here :-)14:02
cody-somervilleraphink, please do and please include a link to your launchpad page14:03
raphinkHello, I'm Raphael Pinson. Some of you probably know me from my involvment in Kubuntu as a core-dev, mostly between 2005 and 2007. Since then, I have mostly worked as a Systems Engineer for a major telecom company and built a buildd/wanna-build/reprepro system to automate the creation of Debian/Ubuntu packages for a fleet of about 3000 servers. My recent involvment in Ubuntu has mostly been on projects like byobu (with kirkland) or augeas (14:03
raphinkwith nxvl).14:03
raphinkLike I posted on the ML, some time ago, I lost my ubuntu-dev, ubuntu-coredev and ubuntu-members upload rights as I hadn't renewed my LP memberships. Thanks to the advice of canonical employees, I was able to get my ubuntu-members membership back so I can use my @ubuntu.com email again, but I would like to recover my upload rights as well. I have quite a few packages to contribute (mostly server software such as db5.0, mysql-server-5.1 or db14:03
raphinkxml) and I'd be happy to upload them.14:03
raphinkLP page: https://launchpad.net/~raphink14:03
sorenI hope none of that is intended for Maverick?14:03
cody-somerville[LINK] https://launchpad.net/~raphink14:04
MootBotLINK received:  https://launchpad.net/~raphink14:04
raphinkthe wiki page is a bit oldish probably ;-)14:04
raphinksoren: I'm not in a hurry to upload anything, and when it comes to db5.0 for example, I would certainly speak to the db4.8 package maintainer first ;-)14:04
raphinkalthough db5.0 doesn't exist in the repositories yet, so it wouldn't hurt14:05
nixternalwoo, i see raphink \o/14:05
raphinkhaha, hi nixternal :-)14:05
cody-somervilleHow long ago did your membership expire?14:06
raphinkhmmm probably almost a year ago I would say, not sure of the date14:06
raphinkthe LP page for core-dev used to list deactivated members with the date14:07
sorenExpired on 2009-03-1314:07
cjwatsonSubject: raphink expired from team14:07
cjwatsonDate: Fri, 13 Mar 2009 05:15:10 -000014:07
raphinkok :)14:07
soren(According to https://edge.launchpad.net/~ubuntu-core-dev/+members  )14:07
raphinkyou're better than me at finding these info :-)14:07
geserraphink: what did you do to get up-to-date with current processes?14:07
persiaraphink, What caused you to let your development lapse?14:08
raphinkfamily :-)14:08
raphinkthere's priorities in life, contributing is important to me, but it's not the #1 priority14:08
raphinkas far as processes and techiques geser14:08
raphinklike I said, I'm ftpmaster at my work14:08
raphinkso I'm the one training all the packagers in my company with all the packaging technos and processes (debian policy) when they need to14:09
raphinkthat doesn't necessarily ensure I know everything about the latest processes inside Ubuntu14:09
raphinkbut I'm up-to-date as far as packaging techniques go14:09
raphinkI would certainly ask if in doubt14:10
raphinkI know enough people around here to find experts in processes if I need to14:10
cody-somervilleI'm quite hungry so I'd like to call the vote if nobody has any other questions.14:11
raphinkhehe ;)14:11
cjwatsonno questions14:13
sorenI'm good.14:13
cody-somerville[VOTE] Ubuntu Core Developer Application:  Raphaël Pinson (recovery)14:13
MootBotPlease vote on:  Ubuntu Core Developer Application:  Raphaël Pinson (recovery).14:13
MootBotPublic votes can be registered by saying +1/-1/+0 in the channel, private votes by messaging the channel followed by +1/-1/+0  to MootBot14:13
MootBotE.g. /msg MootBot +1 #ubuntu-meeting14:13
soren+114:13
MootBot+1 received from soren. 1 for, 0 against. 0 have abstained. Count is now 114:13
cody-somerville+014:13
MootBotAbstention received from cody-somerville. 1 for, 0 against. 1 have abstained. Count is now 114:13
persia+114:13
MootBot+1 received from persia. 2 for, 0 against. 1 have abstained. Count is now 214:13
geser+114:13
MootBot+1 received from geser. 3 for, 0 against. 1 have abstained. Count is now 314:13
cjwatson+1 # generally happy for people to return as long as they can put some time in again and have put some effort into catching up14:14
MootBot+1 received from cjwatson. 4 for, 0 against. 1 have abstained. Count is now 414:14
cody-somerville[ENDVOTE]14:14
MootBotFinal result is 4 for, 0 against. 1 abstained. Total: 414:14
soren(While I would prefer if people would just renew their memebership when Launchpad tells them to, I believe re-granting them their membership should be a formality)14:14
cody-somerville[TOPIC] Select a chair for the next meeting14:14
MootBotNew Topic:  Select a chair for the next meeting14:14
raphinksoren: sometimes you're on vacation when this happens ;-)14:14
sorenThey could be as up-to-date (or out-of-date) as the ones who manage to click "Renew".14:15
raphinkthanks guys, enjoy your meal cody-somerville14:15
sorenraphink: Precisely.14:15
geserthe next meeting is at 19:00 UTC, right?14:15
cody-somervilleyup14:15
geserthen I should be able to chair it14:15
cody-somerville[ACTION] geser to chair next meeting14:16
sorenSorry about missing the first hour. /me adjusts calendar. :(14:16
MootBotACTION received:  geser to chair next meeting14:16
cody-somerville#endmeeting14:16
MootBotMeeting finished at 08:16.14:16
persiasoren, I like to hear why people left, and what they plan to do when they come back.  We had a couple cases in the past where people seemed to want things for vanity reasons, and I think it's important we don't encourage our repositories to be more vulnerable.14:16
sorenpersia: If they explicitly left, sure.14:17
sorenpersia: If they exired, less so.14:17
* persia doesn't see much difference, since it's impossible to understand the mindset of folks not pressing the button14:17
sorenpersia: Is you're really serious about checking up on people every once in a while, we shoulnd't let people refresh on their own, but always come before the DMB to get it refreshed.14:17
persiaThat said, we could do a much better job about poking people who expire to ensure it's intentional.14:17
raphinkthat's more work for sure14:18
persiasoren, I would prefer that were the case, personally.  The few discussions about it in which I've participated always fall down somewhere along the way.14:18
sorenpersia: /me finds it equally impossible to understand the mindset of people who /do/ press the button.14:18
persiaraphink, I think that's the main reason we don't do it that way :)14:18
persiasoren, Compeltely agreed.14:19
raphinkfrom my experience, having your membership expire can be discouraging14:19
persiasoren, Weel, identically impossible, rather.14:19
raphinkas in, it might prevent you from uploading some things because you don't want to go through a process of renewal, DMB, etc.14:19
persiaIdeally that shouldn't be something people consider hard or scary.14:20
raphinkmhm14:21
persiaNote that getting from here to my ideal world is a long, long journey :)14:22
raphinkhaha14:22
geserraphink: is the renewal process to hard/easy?14:22
raphinkonce you know about it, it's rather easy ;-)14:22
raphinkmaybe it's lacking documentation (or I'm bad at finding it)14:22
geserprobably the first14:23
persiaI think the (limited) documentation is some email to the MC list a long time ago.14:39
raphinkpersia: you were my documentation in that case iirc14:45
persiaheh, yeah.  I need to upload increasing chunks of my memory to the wiki, a bad habit I've had for years now, sadly.14:46
raphinkwell, same here14:47
=== Ursinha is now known as Ursinha-lunch
=== ian_brasil___ is now known as ian_brasil
=== Ursinha-lunch is now known as Ursinha
keesmdeslaur, jdstrand, sbeattie, robbiew, nxvl, jjohansen: security team meeting! ready?18:07
jdstrando/18:07
mdeslaurhi!18:07
sbeattiehey18:08
keesquorum!18:08
keesokay, I'll start.18:08
jjohansen\o18:08
keesthe update I was going to be working on has been delayed by upstream, so I'm going to find something else to do.18:08
keesthe CVE triage last week was mysteriously light. it scares me.18:08
mdeslaurcalm before the storm18:09
sbeattiekees: that's because the week before, it was painful18:09
keesah-ha.18:09
sbeattiekees: feel free to go back and review the umpteen webkit/chromium and other issues I triaged.18:09
robbiew0/18:09
keesI've been fighting with the rng qrt; dieharder is yelling about minor stuff18:09
keessbeattie: let's hire someone to do that. :)18:09
keesI'm working on an embargoed issue, but that's mostly done and the solution is simple and in the hands of who needs it.18:10
* jdstrand triaged some of the chromium ones18:10
keesI've got a topic for the end, so I'll stop here. jdstrand is up18:11
jdstrandlast week I beat down a number of bugs in libvirt. one of them gave me a better understanding for my update18:12
jdstrandI still have to do lucid testing of all the peripheral applications as mentioned before... maybe this is the week that happens...18:13
jdstrandI'm on triage this week18:13
jdstrandI plan to do the get_file_list.sh audits (as part of ReleaseCycle) as well as do the qrt testing of applications that have apparmor profiles18:13
jdstrandI need jjohansen's network mediation fix though18:14
keesyou mean maverick testing, yes?18:14
jdstrandjjohansen: do have an amd64 kernel for maverick18:14
jjohansenjdstrand: duh, I'll get you a kernel in about an hour18:14
jdstrandkees: yes-- run the qrt tests on maverick18:14
jdstrandkees: well, all of it-- all maverick, all the time18:14
jdstrandthese things and any new bugs that come in should keep me busy this week18:15
jdstrandthat's it from me. mdeslaur?18:15
mdeslaurmy turn18:15
mdeslaurso, I finally released the fixes for CVE-2009-355518:15
ubottuThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle att18:16
jdstrand\o/18:16
* mdeslaur punches ubottu18:16
mdeslaurand there hasn't been any bugs reported against them so far, so it's looking good :)18:16
jdstrandmdeslaur: great, great job18:16
jdstrandjjohansen: oh, I forgot to thank you. thanks!18:16
keesyeah, awesome work mdeslaur18:17
mdeslaurthis week, I'll be releasing: avahi, libgdiplus, libhx, libmikmod, lvm2 and mako updates18:17
keeswooo!18:17
jdstrandmdeslaur: is that all?18:17
jdstrandslacker18:17
mdeslaurlol18:17
jdstrand:)18:17
keeshehe18:18
mdeslaurthat's it from me18:18
mdeslaursbeattie?18:18
sbeattieI was on community last week.18:18
sbeattieI released a quassel update and also moved ant from security-proposed.18:18
sbeattieI still need to do an SRU upload for openjdk/lucid to address the haxb regressions, but want to look for other potential SRU fixes as well.18:20
sbeattiethis week I'm in the happy place, so I should be able to do that.18:20
sbeattieI'm also hoping to pick up and push out a couple more updates.18:20
sbeattieI think that's everything.18:21
sbeattieOh, as an aside, kees wasn't joking when he mention hiring someone for webkit security: http://webapps.ubuntu.com/employment/canonical_UP-USE/18:21
sbeattie(in case anyone reading is interested in applying)18:22
jdstrandyep18:22
keesthat might be a twitter-worthy url, actually. I'll send that out.18:22
sbeattiethat's all from me.18:22
mdeslauroh! yeah, if you're a webkit hacker, please come join the coolest team: security! :)18:22
jdstrand(as well as Mozilla and Chromium)18:22
jdstrandand mozilla and chromium-- don't leave them out either :)18:22
mdeslaurand mozilla and chromium18:22
mdeslaur:)18:23
jdstrandI have a quick item for the end as well18:23
kees"Want to hack on webkit, chromium, firefox? Join the Ubuntu Security Team! http://webapps.ubuntu.com/employment/canonical_UP-USE/" <- sound good?18:23
mdeslauryes18:24
sbeattieWorks For Me.18:24
jdstrands/firefox/and firefox/18:24
jdstrandbut yes, sounds fun and positive :)18:24
keesedited and sent18:24
keesokay, jdstrand, you first on items18:25
jdstrandwe may want to do the same in #ubuntu-mozillateam, since that is where all the browser guys hang out18:25
jdstrandoh, me, yes18:26
jdstrandit would be good if we all peeked at https://bugs.launchpad.net/ubuntu/maverick/+bugs for anything that we touch18:26
jdstrandI did this morning and believe the apparmor and libvirt ones are in hand, but other people's eyes would be great18:26
mdeslaurjdstrand: yeah, I took a look at the earlier18:26
jdstrandI think there are ~142 bugs there18:26
jdstrandcool18:26
jdstrandthat was all I had18:27
mdeslaurthere's libtiff that looked related to us18:27
mdeslaurkees: ^18:27
keesthere are still a few libtiff issues that upstream is working on or worked on, yeah18:27
mdeslaurcool18:27
keesI wanted to have us think outloud about UDS planning.18:27
keeswe already talked about how we wanted to have roundtables and scatter ourselves around the UDS to help guide stuff, but do we have anything more specific we want to do?18:28
mdeslaurkees: you mean stuff we'd like to cover in our roundtables?18:29
keesmdeslaur: no I meant more specifically. blueprints we think we can't do without, etc?18:29
keesmdeslaur: i.e. instead of last UDS's planning style ("what is anything we might be interested in?") I figured we could do "what is absolutely required?"18:30
jdstrandkees: we need to meet as apparmor upstream for sure18:31
sbeattiekees: I'm hoping to do a session with the qa team on increasing collaboration and usage of qa-r-t (again).18:31
jdstrandmost of my stuff last time is moving BPs forward to track things todo18:31
jdstrandthat sounded weird18:32
keesI'd like to talk to soyuz folks again; I'd like to see incremental publication so we can publish amd64 kernels while we wait on sparc, for example.18:32
jdstrandI have a lot todo; I'd like time to do it, but don't have a lot to discuss18:32
jdstrandkees: that would be very welcome18:32
keesjdstrand: yeah, agreed18:33
keesokay, so I guess we'll each make the bps we're interested in and go from there. :) that's really it from me.18:33
jdstrandkees: we could schedule some time to go through all the BPs and prioritize them into reality18:33
keesjdstrand: all the existing ones, you mean?18:34
jdstrandkees: ie, all the ones that didn't get completed-- at least for lucid and maverick18:34
jdstrandkees: that is the idea, yeah18:34
jdstrandwe can reprioritize things18:34
jdstrand(if needed)18:34
jdstrandyou know, so we don't lose track of old stuff that never got implemented due to time constraints and that we didn't move forward18:35
jdstrandmaybe there isn't a lot, but I feel like it would be worth reviewing18:35
keesyup, totally. we did that for maverick too18:35
jdstrandcool18:36
jdstrandkees: speaking of bps, can you update https://blueprints.launchpad.net/ubuntu/+spec/security-m-gpg-migration? should probably be at least 'Started'18:37
keesyeah, good point.18:37
kees"slow progress"18:38
jdstrandmdeslaur: fwiw, evo in maverick seems just fine with the new keys18:38
jdstrandmdeslaur: I bet you already knew that though18:38
mdeslaurjdstrand: oh? I'm surprised18:38
jdstrandkees: I bet tbird is going to be ok too, since lucid and maverick have tbird >= 3.018:39
jdstrandmdeslaur: I can verify sbeattie's USNs fine. I didn't try all the other stuff18:39
mdeslaurjdstrand: oh, the problem was with sending email, not verifying it18:39
mdeslaurjdstrand: but, it's probably fixed now18:39
keesyeah, once we validate tbird, it's probably time to do the GPG migration. I will write up the how-to.18:39
jdstrandkees: well, mdeslaur and I need evo to work :)18:40
mdeslaurI'll test evo this week18:40
* sbeattie adds an apparmor todo item to migrate that project's key.18:40
keesjdstrand: I thought evo was okay? "evo in maverick seems just fine with the new keys"18:41
keesoh, er, I somehow skipped over "problem was with sending email"18:41
jdstrandkees: a) mdeslaur said sending was an issue and b) part of the bp is lucid compatibility.18:41
keeslucid!? that's so OOOOLD ;)18:42
jdstrandthough if all but lucid/evo worked, I wonder if we could consider migrating our keys anyway18:42
jdstrandperhaps a disussion for after mdeslaur does his evaluation18:42
keessounds good.18:42
keessbeattie: did you follow the migration process that the debian folks published?18:43
sbeattiekees: yes.18:43
jdstrandkees: I don't have anything more wrt UDS otoh. I'd like to think about it more though18:43
mdeslaurwell, if our users are running evo on lucid and can't verify our email signatures, that would be bad(tm)18:43
jdstrandmdeslaur: well, verifying does work on maverick-- but like you said, it needs to be evaluated fully18:44
jdstrand(ie, maybe verifying worked in lucid too)18:44
keesokay, anything else anyone wants to bring up?18:44
jdstrandkees: you are only working on dieharder with the rng?18:45
jdstrandI was planning to fire up some ec2 instances for rng !dieharder18:46
keesjdstrand: yeah, haven't done the non-dieharder tests. saw "$100" and decided to stay away :)18:46
jdstrandkees: hehe18:47
jdstrandI was told that is not a problem18:47
jdstrandkees: I'll take non-dieharder18:47
keesjdstrand: okay, cool18:47
keesalright, sounds like we're done. thanks!18:49
jdstrandthanks kees!18:51
mdeslaurthanks!18:51
=== doko_ is now known as doko
=== ink|off|ZNC is now known as inkvizitor68sl
=== unimix_ is now known as unimix
=== unimix_ is now known as unimix
=== yofel_ is now known as yofel
=== Ursinha is now known as Ursinha-afk

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!