[19:09] <micahg> skaet: ping re Firefox updates next week
[19:10] <skaet> micahg: yup?
[19:10] <micahg> skaet: can we publish to -updates and -security when ready (hopefully 2011-02-14) or do we need to wait until 10.04.2 is released?
[19:11] <jdstrand> we can also just publish to -security
[19:11] <jdstrand> (I can adjust crontab for the copies)
[19:12] <jdstrand> I would really prefer not to wait to publish to at least -security (it is extremely rare that we do so)
[19:12] <jdstrand> and I would hate to set the precedent going forward if it can be avoided
[19:12] <skaet> micahg: please wait until 10.04.2 is released to publish to -updates, in case any last minute dive/catches show up from the testing.   May be able to do earlier, but we'll need to see how it goes.
[19:13] <micahg> skaet: but -security would be ok?
[19:14] <skaet> micahg:  would like cjwatson or pitti to comment, but would think so.
[19:15]  * skaet still learning about interaction of -security with -updates, etc. 
[19:15]  * micahg doesn't know how images are generated, so isn't sure what's safe
[19:15] <jdstrand> skaet: the security team published to -security. there is a cronjob that automatically copies things from -security to -updates
[19:15] <jdstrand> skaet: that happens at :50
[19:16] <skaet> jdstrand: urk,  yeah, definitely want to hear from pitti then.   Possibly we should disable it for next week?
[19:16] <jdstrand> as an AA, I can disable that for the few days between firefox is released and the CDs are ready
[19:16] <jdstrand> I can't speak to how point releases deal with the various pockets
[19:17] <skaet> jdstrand,  sounds like that's the approach we'll take then, unless pitti or cjwatson advise otherwise, when they get the chance to read the backscroll ;)
[19:18] <jdstrand> there will most likely be an openssl update any day now
[19:18] <jdstrand> skaet: the one caveat with this approach is that security.ubuntu.com, aiui, is not mirrored and therefore there are bandwidth costs associated with not copying to -updates
[19:19] <jdstrand> so feedback from the others is welcome
[19:19]  * skaet agrees
[19:20]  * skaet agrees re: getting feedback from others ;)
[19:21] <jdstrand> actually, the copy happens at :58, not :50
[19:23] <skaet> images for QA and the iso tracker for 10.04.2 are due to be built tomorrow, so, we probably need to look at disabling cron job after the image set is in place, until we know they're basically sound.
[19:23] <cjwatson> there's no problem with publishing to -security, I just wouldn't want to guarantee that it will end up in images if you do that
[19:24] <cjwatson> cron job> certainly, seems SOP :)
[19:24] <cjwatson> skaet: so, -security => -updates
[19:24] <cjwatson> skaet: that actually saves Canonical quite a bit of bandwidth money
[19:24] <cjwatson> so it's an interesting question
[19:25] <cjwatson> I guess one factor is: does certification actually do anything special with Firefox?
[19:25] <cjwatson> oh, jdstrand mentioned bandwidth money too
[19:26] <cjwatson> if cert doesn't do much with Firefox, then we aren't actually (potentially) skipping any QA by letting it into -updates and risking building with it
[19:26] <cjwatson> if they do, then it's a harder question
[19:27] <cjwatson> bandwidth> I think I did the sums at the time and concluded that when I implemented that cron job I'd paid my salary for the year, though I may have been off by a factor of two or so ;-)
[19:28] <jdstrand> heh
[19:28] <jdstrand> there is actually a pending openssl update. I'm trying to ascertain the severity now
[19:29] <skaet> good data,  would like to understand a bit more.
[19:31] <skaet> cjwatson, who's best to ask understand economics of -updates/mirroring?
[19:32] <jdstrand> skaet: when is the point release supposed to go out?
[19:32] <cjwatson> elmo
[19:32] <skaet> jdstrand, next thursday (7 days from now)
[19:33] <jdstrand> ok
[19:34] <jdstrand> so, the openssl update is in some extensions that aren't used a lot
[19:34] <jdstrand> so I get to decide if the bandwidth costs of having only in -security outweigh when to release
[19:35] <jdstrand> regardless, we won't push openssl to -updates
[19:35] <jdstrand> cjwatson: I'm going to take copy-report offline for now, and tell the team to ping me directly
[19:35] <cjwatson> righto
[19:36] <cjwatson> note that the CD images are currently configured to build from -security (mostly as a hangover from the days when -security wasn't auto-copied to -updates)
[19:36] <cjwatson> I'll leave that alone for now, but it's easy to disable if we need to
[19:36] <cjwatson> just a heads-up that it's there
[19:36] <cjwatson> I mean, they currently build from -security + -updates
[19:37] <jdstrand> copy-report disabled with comment
[19:38] <cjwatson> thanks
[19:39] <jdstrand> ah, sbeattie made a keen observation-- I can still pocket copy non-lucid to -updates
[19:39]  * micahg isn't sure where we stand with the Firefox updates
[19:39] <jdstrand> so I'll do that manually for the next week (except where copying to lucid doesn't affect anything)
[19:40] <jdstrand> micahg: we (the security team) are proceeding like normal.
[19:40] <jdstrand> micahg: there is a question on whether or not we can/should pocket copy it to -updates
[19:40] <jdstrand> micahg: and it seems like skaet may be looking into that
[19:40] <micahg> jdstrand: ok, cool, even though it might make it onto the images if they're respun since the images are produced from -security + -updates?
[19:41] <cjwatson> I've still got copy-report set to mail me about needed syncs in my own crontab
[19:41] <cjwatson> so I should spot non-lucid changes that need to be made
[19:41] <jdstrand> cjwatson: cool. I've also asked the team to ping me directly
[19:41] <cjwatson> micahg: if we need to respin, we can decide whether we want to take -security or not, and disable -security in our image builds
[19:41] <micahg> cjwatson: ah, ok, cool
[19:42] <cjwatson> we will need to remember to take that decision if a respin is needed
[19:43] <micahg> ok, thanks cjwatson, skaet, jdstrand
[21:05] <ScottK> skaet: Looking at https://blueprints.launchpad.net/ubuntu/+spec/other-qa-n-testing-different-architectures - How can you be doing "Release manifest changes:INPROGRESS" when there is still "coordinate identification of set of products of interest:TODO" left?  Are the draft manifest changes available anywhere?
[21:06] <skaet> ScottK, coordinate identification of set of products of interest, should be INPROGRESS as well.
[21:07] <ScottK> persia: ^^^
[21:07] <ScottK> OK.
[21:07] <ScottK> I'm interested to know who's the Kubuntu POC for this coordination then.
[21:14] <skaet> ScottK,  will be coordinating with Riddell for Desktop and Rodrigo Belem for mobile.  Are these not the right contacts?
[21:15] <ScottK> skaet: They are.  I'll talk to them and make sure you've got the right inputs.  Thanks.
[21:45] <persia> ScottK, Thanks for the reminder.  INPROGRESS was indeed the correct status.