=== oubiwann is now known as oubiwann_
=== JackyAlcine is now known as DanteAshton2
=== Artir is now known as DanteAshton3
=== DanteAshton2 is now known as JackyAlcine
=== DanteAshton3 is now known as Artir
=== JackyAlcine is now known as phillw1
=== Artir is now known as phillw3
=== phillw3 is now known as Artir
=== phillw1 is now known as JackyAlcine
=== JackyAlcine is now known as DanteAshton1
=== DanteAshton1 is now known as JackyAlcine
=== Artir is now known as DanteAhston
=== DanteAhston is now known as Artir
persiacody-somerville, soren, cjwatson, geser, stgraber, bdrung: about?12:01
cjwatsondon't we have a new board yet? :)12:04
persiaWe're picking one today, so this is the last for both of you.12:05
persiaIf we fail to get quorum to pick one, I'll pass the information received to the TB, and so there will be one for next time.12:05
persiastgraber, cody-somerville, bdrung ?12:09
persiaJust need one more.12:09
persiaRight.  I don't want to chair a non-meeting.12:14
persiacjwatson, soren: Thanks a lot for serving on the DMB.  You will be missed.12:14
persiaI'll ask the TB to select a new DMB from the nominees, with the poll data.12:14
persiaAnd the new DMB can process the pending applications.12:14
cjwatsonYou're welcome; bye!12:15
cjwatsonoh wait12:15
* geser waves12:15
persiaOh, hey geser!12:15
cjwatsonaha, quorum12:15
MootBotMeeting started at 06:15. The chair is persia.12:15
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]12:15
persia[LINK] https://wiki.ubuntu.com/DeveloperMembershipBoard/Agenda12:16
MootBotLINK received:  https://wiki.ubuntu.com/DeveloperMembershipBoard/Agenda12:16
persia[TOPIC] Selection of a new DMB12:16
MootBotNew Topic:  Selection of a new DMB12:16
* persia ends the poll12:16
* Amaranth rushes to vo....oh12:16
persiaSo, we had some nominees, and we had a poll.12:17
persiaResults are now available, with 93 voters.12:17
persia[LINK] http://www.cs.cornell.edu/w8/~andru/cgi-perl/civs/results.pl?id=E_924ef5b8e9f6d03b12:17
gesernot bad12:17
MootBotLINK received:  http://www.cs.cornell.edu/w8/~andru/cgi-perl/civs/results.pl?id=E_924ef5b8e9f6d03b12:17
persiaSo, do we wish to accept the winning set from CIVS?  Any reservations or concerns?12:18
* bdrung is here now.12:18
sorenpersia: lgtm12:18
cjwatsonso all incumbents stay, and Laney and maco replace soren and me12:18
persiaThat would be the result, yes.12:19
cjwatsonfairly tight race around the boundary12:19
* cdbs came last12:19
cjwatsonbut I don't see a reason to be concerned about the result12:20
persiaWell, if both of those departing are happy, and since the rest of us have obvious bias, I'll call that agreed.12:20
persia[AGREED} New DMB to be the winners of the CIVS poll, without modification or adjustment.12:21
MootBotAGREED received: [AGREED} New DMB to be the winners of the CIVS poll, without modification or adjustment.12:21
Daviey"None of the above" did particularly poorly.12:21
cjwatsondoes that come into effect after this meeting, or immediately? :)12:21
cjwatson(because if immediately, we probably just became inquorate)12:21
persiaWe'd lose quorum if it's immediate.  You're the closest to the TB we have available: how long did the term extension last?12:21
cjwatson"does not expect this to be complete until after 14th February", from your original mail12:22
cjwatsonand the TB agreed to an extension covering that12:22
cjwatsonso I think it's OK to consider the extension as covering this meeting12:23
persiaI assert it's still 14th February, as none of us are in New Zealand or points east.12:23
persiaMoving on.12:23
cjwatsonthe new DMB will need to select their own meeting times, etc., anyway12:23
persia[TOPIC] MOTU Application for Sylvestre Ledru12:23
MootBotNew Topic:  MOTU Application for Sylvestre Ledru12:23
persia[LINK] https://wiki.ubuntu.com/UbuntuDevelopment/SylvestreLedruMOTU12:24
MootBotLINK received:  https://wiki.ubuntu.com/UbuntuDevelopment/SylvestreLedruMOTU12:24
persiaThe LP link on that page is broken.12:24
persia[LINK] https://launchpad.net/~sylvestre12:24
MootBotLINK received:  https://launchpad.net/~sylvestre12:24
cdbsWhy was the page created under the UbuntuDevelopment/ directory?12:24
cdbsis there a change in policy?12:24
cjwatsonwiki layout in "random" shocker :)12:25
bdrungthe launchpad link is broken12:25
persiabdrung, That's why I posted two links :)12:25
persiaSylvestre, are you present?12:25
cjwatsonI've taken the liberty of editing his application to fix the LP link12:25
persiaHe doesn't seem to be present.12:28
persiaMoving on.12:28
persia[TOPIC] Development application for Dave Walker12:28
MootBotNew Topic:  Development application for Dave Walker12:28
persiaDaviey is applying for all of MOTU, Server, and Core at the same time.  I trimmed that down to just core-dev.12:29
Davieypersia, Yes, but i did want to go through the process for the other two12:29
persiaDaviey's application has not yet aged the week we request.  Do we wish to review it today, or wait for general comments, and review next time?12:29
cjwatsoncore-dev covers the lot, although it's rational to apply for the lot since that means that if we decline his core-dev application he doesn't need to go through another application cycle for the others12:29
persiaDaviey, code-dev is a member of both others.12:29
persiaIndeed.  That's how I read it: if we reject core-dev, we re-review MOTU and Server.12:30
Davieypersia, Direct inclusion or through inheritance?12:30
persiaBut, in practice, it doesn't matter.  You get the badges on LP.  You get accepted by the teams if you're working with them, etc.12:31
Davieypersia, yeah, it's just that server-dev is looking  kinda neglected.. so wanted to help raise the membership count addionally.12:31
sorenWell, not he server package set one.12:31
sorens/ he/ the/12:31
sorencore-dev isn't a member of that team, IIRC.12:32
Davieythe package set isn;t quite ready yet, is it cjwatson ?12:32
sorenOr am I on crack again?12:32
DavieyI was under the impression  it was waiting for the first member for the process to be completed12:32
sorenYeah, core-dev is not a member of that team.12:32
cjwatsonthe package set exists and AFAIK is administered by the DMB12:33
persiaNo, the process is complete.  At this point, any issues are implementation bugs.12:33
DavieyLast time i polled the ACL, server-dev didn't have access.12:33
cjwatsonindeed, that would imply the DMB delegating permissions12:33
cjwatsonwhich is generally a separate discussion from creating a package set12:34
cjwatsonoh, wait, the DMB owns ubuntu-server-dev12:34
persiaAnd I believe we had that discussion at the time server-dev was created, and decided that we would not delegate at this time.12:34
* Daviey wonders if he can be heard this meeting, but with the final ack being done with now+1 week pending criticism of his application.12:34
cjwatson== All uploaders for package set 'ubuntu-server' in 'natty' ==12:34
cjwatsonArchive Upload Rights for ubuntu-core-dev: archive 'primary', package set 'ubuntu-server' in natty12:34
cjwatsonArchive Upload Rights for ubuntu-server-dev: archive 'primary', package set 'ubuntu-server' in natty12:34
cjwatsonso ubuntu-server-dev does have access to the ubuntu-server package set12:35
persiaSo all is good.12:35
=== oubiwann_ is now known as oubiwann
cjwatsonand mathiaz was the first member there12:35
Davieyoh... that has been updated since i  last polled then :/12:35
Davieyor i am on soren;s crack12:36
persiaOpinions on questioning Daviey today?  Do any DMB members want more time to develop interesting questions?12:36
sorenI have perhaps one question.12:37
sorenIs there anything specific that you intend to work on that's outside of MOTU+ubuntu-server-dev's reach?12:37
Davieysoren, yes - I have an interest in the whole platform12:38
DavieyWhich was one reason i worked on dpkg.12:38
* soren can relate to that :)12:38
* bdrung is still reading the application.12:38
DavieyThe server set isn't exactly complete for my interests.12:38
soren...but if we're not going the process the applicatino today, it doesn't matter anyway.12:39
DavieyYou can see the difference if you look at the assigned packages for bug purposes and the package set12:39
Davieyit's reasonably large.12:39
persiacjwatson, geser: are you fine with questioning Daviey today?12:39
geserI'm fine12:39
cjwatsonI'm OK, though I've added a brief endorsement on his application too so don't really have any questions12:40
DavieyOne of the reasons i've got around to apply, is that i'm finding that I want to work on less - as i'm using up my favours of sponsorship working on things i HAVE to work on, rather than the addition of things i want to work on.12:40
persiaDaviey, How do you think we can encourage more peer-review by Ubuntu Developers?12:41
Davieypersia, well the patch pilot scheme has IMO already made a massive difference to this.12:41
DavieyBut it still lacks personal attachment.12:42
sorenPeople use the patch pilot for peer reviews?12:42
DavieyAh sorry12:42
Davieyi missread the question12:42
persiaDoes it?  While I like what patch-pilot is doing for sponsoring, I don't see how it helps peer-review between Ubuntu Developers.12:42
DavieyI think UDD can make a larger difference with this.12:42
DavieyI don't feel enough people use merge requests.12:43
cjwatsonwhat do you mean by peer review?12:43
DavieyI agree that JFDI attitude can help productivity12:43
cjwatsonyou mean people who are already Ubuntu developers?  (just clarifying)12:43
Davieycjwatson, Developers that can upload, asking peers to review it before uploading12:43
cjwatsonah, right, thanks12:44
cjwatsonif you understood the question I suppose that's all that matters :)12:44
DavieyYes, well JFDI can aid productivity - but something i have noticed; tradionally the server has often got a little rough end of the deal, when a feature in Desktop is needed12:44
DavieyPlymouth introduction was quite bad for Server IMO.12:45
persiaDo you think encouraging peer review would help that, or do you think we need more coordination between flavours?12:45
DavieyAnd some packages where silly mistakes have been made, could have been avoided if they had a once over.12:45
sorenPlymouth will end up as a big advantage for server users, too, though.12:46
DavieySome packages i've seen have had almost hacking away at a bug, until it's fixed.12:46
soren...but that's a separate discussion :)12:46
* persia has seen packages hacked away at until they aren't fixed, but the tests passed12:46
Davieypersia, Yeah, i realised as i was typing that; it's two issues really.12:46
cjwatsonone thing I noticed, as somebody caught in the middle, was that a number of server folks basically had the attitude of "no, it was fine as it was, we want you to rip this all back out" rather than an attitude of trying to improve new packages so that they could cover both server and desktop bases12:46
Davieysoren, agreed... but the introduction could have been better handled perhaps.12:46
persiaSo, what's your proposal?  Since you don't like it, and you're wanting to join Core dev...12:46
cjwatsondo you think this is a fair criticism, is it recognisable to you, and what do you think we can do about it?12:46
cjwatson(this is very much something core-devs need to deal with - we're supposed to be integrating, not just picking a side)12:47
Davieycjwatson, interesting... i had not seen that attitude being too obvious.12:47
Davieycjwatson, I know some *users* mentioned that...but not sure it was clear cut within the team12:47
cjwatsonok, that's a reasonable response, the boundary wasn't always clear to me12:48
DavieyMany of the server team want to see more polish... and on a non-LTS release perhaps making it better is greater than stability on server.12:48
Daviey(not desktop or other flavours)12:48
sorenI cannot count how many hours I've spent on IRC, IRL, on blogs, eetc explaining that event driven boot isn't *just* about speeding things up.12:49
Davieysoren, yes, upstart actually has more benefits to server than desktop IMO.12:49
DavieyParticulary if upstart adds some of the features it initially blueprinted.12:50
sorenI can kind of see where people are coming from, though. Stuf that used to work suddenly didn't. It's easy to blame The New, Big Thing[tm].12:50
Davieysuch as xinetd incorporation.12:50
persiaSo, let's step away from discussing upstart features.12:51
DavieyIt's unfortunate that this often means increasing the delta with Debian.12:51
persiaI'm still curious how the issue that makes Daviey unhappy could be addressed.12:51
Davieypersia, Something we considered at a team level was peer review of every upload after a certain mark in the release schedule12:52
DavieyIt wasn't entirely agreed... but there was also some support for this.12:52
DavieyThis was also discussed at the last UDS...12:52
persiaDaviey, Did you imagine people would have reviews by people in their immediate teams (with interest in the package), or from other teams?12:52
Daviey... and that was "eventful"... but that was the whole platform, not just a specific area.12:53
Davieypersia, both...12:53
persiaWill you be bringing this issue to next UDS?12:53
DavieyIf the package is depends/recommends of another team, then the merge proposal is a good way of notifing them of a potential diff12:53
Davieypersia, Yes.12:53
geserDaviey: isn't this peer-review like a spsonsorship for each upload which seems to slow you down in your productivitiy?12:54
Davieygeser, interesting you say that...12:54
DavieyI would like to point out the peer review blog post regarding either bzr/lp... don't have it handy12:54
DavieyBut i think it might slow people down initially... but a review can be quite fast when in the habbit12:55
bdrungDaviey: how can we encourage devs to review packages from other teams? i am doing reviews for the package in the teams i am involved with and doing sponsoring, but i never reviewed packages from outside the team IIRC.12:55
Davieygeser, equally, sometimes it's good to be slowed down :)12:55
Davieybdrung, It depends - is this packages outside a set?12:55
persiaNot all team-maintained packages happen to have corresponding packagesets today.12:56
bdrungDaviey: i maintain most packages in Debian12:56
persiaBut for several teams, there are no outside contributions, despite the lack of packageset12:56
Davieybdrung, you must be busy :)12:56
Davieypersia, The blog post i'd like to refer you to made specifc references to working outside your comfort zone.12:57
DavieyI'd LOVE to be more involved in development outside my daily duties12:57
DavieyI think it adds an education factor, and better understanding12:57
persiaHrm?  I'm just responding to the question "is this packages outside a set", to indicate that we have a very weak mapping of teams and packagesets currently.12:57
DavieySometimes doing reviews can be harder than doing the change yourself.. and reviewing outside comfort zone makes everyone better IMO.12:58
Davieypersia, Perhaps my response would have been better targeted towards bdrung12:58
* persia is done with questions12:59
Davieypersia, but yes, having good defintions of teams/people linked to packages makes it easier to know who to talk to12:59
DavieyIt then reduces the need to maintain in-head knowledge12:59
DavieyFor example, i know not to touch some packages without speaking to certain individuals/teams13:00
DavieyAnd having a good person+team/package list defintion helps new contributors IMO.13:00
bdrungDaviey: assuming that i want to have my changes reviewed. then i push the bzr branch with my changes and create a merge proposal. wo will get notified with this merge proposal? what do i need to do to get notified about the packages i care about?13:01
Davieybdrung, It might require a bug against LP, AIUI currently you have to select who reviews it.13:02
DavieyI want to add, that i don't think it should be mandatory, but a better ethos of people asking each other,.... perhaps even informal13:03
bdrunghm, it would be nice if lp gives you the possibility to subscribe to merge proposals for specific packages and a way to query who is subscribed and has upload rights (= similar to Uploaders in d/control)13:04
DavieyWhat i have said so far, is possibly better continued in a shared UDS session.... and not one chappy spouting his opinions :)13:04
Davieybdrung, agreed!13:04
bdrungDaviey: yes, let's continue this discussion on an other channel / next UDS13:05
persiaDaviey, The key is that this is a time when you have the spotlight to complain, and we have a duty to ensure you can move forward to solve the problem.  You taking it to UDS is the right answer in both cases.13:05
persiaAnyone else have other questions for Daviey?13:05
cjwatsonnot I13:06
persiaPlease feel free to vote by email to the d-m-b list, and I'll take a final tally when the comment period completes, with a renewed call for votes in the event that quorum is not reached.13:07
persia[TOPIC] Next Meeting13:07
MootBotNew Topic:  Next Meeting13:07
cjwatsonwhy vote by e-mail rather than here?13:07
DavieyOh, and one more thing... i am *sometimes* wrong.  Greater peer review just might not work.. but it'sworth trying - if it doeshelp improve quality.13:07
persiaI don't want to vote until after the comment period, in case something happens to change my vote.13:08
cjwatsonin that case I shouldn't vote at all13:08
persiaProbably not: we'll consider your comment.13:08
Davieyho hum ding.13:08
* cjwatson sends mail13:09
persiaSo, the newly selected DMB does not have agreement on meeting times.  We'll try to select some by email, and try to announce them by next Monday, to ensure that applicants can know when they have to attend a meeting when applying.13:09
persia[TOPIC] Anything else13:09
MootBotNew Topic:  Anything else13:09
persiaAnyone have anything here?13:09
MootBotMeeting finished at 07:11.13:11
persiaThanks everyone for coming.13:11
cjwatsonSo long and thanks for all the fish!13:11
Davieythanks all for hearing me.13:12
cjwatsonpersia: oh, somebody should take over developer-membership-board@ and devel-permissions@ list administration from me.  Do you want to do it?13:17
persiaOh, very much not, but I suppose I ought.  Please do adjust them to me.13:18
cjwatsonor if somebody else wants it that's fine too13:18
cjwatsondo you have the passwords?13:18
persiaAnd I'll hope I can find another victim from the new DMB.13:18
persiaI don't believe I have the passwords: I'd appreciate them fresh in any case.13:18
cjwatsonI'll send you them by encrypted mail13:19
persiaHow would you like us to make requests for TB-changes to ACLs?  random ping?  mail to you?  Mail to TB?13:20
cjwatsonmail to TB is probably the right thing13:21
cjwatsonI'm sure I'll often pick them up, but it would be best not to enshrine myself in a process13:21
persiamakes sense.  I'll ensure we do that in the future.13:25
=== oubiwann is now known as oubiwann_
=== cking is now known as cking-afk
maco<bdrung> hm, it would be nice if lp gives you the possibility to subscribe to merge proposals for specific packages and a way to query who is subscribed and has upload rights (= similar to Uploaders in d/control)  <-- yes yes yes please15:26
=== JackyAlcine is now known as Graviti
=== Graviti is now known as JackyAlcine
skaethi ara, bjf15:58
arahey skaet!15:58
* charlie-tca waves15:59
* skaet waves back to charlie-tca 15:59
* hggdh grabs new coffee15:59
jibelHi all!15:59
* marjo waves16:00
skaetlooks like quorum,  so time to start.  :)16:00
MootBotMeeting started at 10:01. The chair is skaet.16:01
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]16:01
skaetReminder, please follow the convention  of using ".." on a separate line when you've finished typing.    Also, If someone wants to comment on the last point, please "o/", so we know to wait.16:01
skaetThis meeting will be focusing on the 10.04.2 release.16:01
* charlie-tca hides16:01
skaetCouple of snags cropped up in the image creation on Friday, and a few more on the sniff testing over the weekend, so want to make sure we're all seeing the same priorities16:01
arasounds like a plan16:02
* zul waves16:02
skaetOn the good news front,  hardware cert has mostly finished the 2 week hardware certification runs, and no regressions were found as of last friday.  More details from ara later. :)16:02
skaetImages currently under rebuild are Xubuntu, and the K/Ubuntu DVDs.16:03
skaetAny questions before I get into the mailed out agenda/round table?16:03
araskaet, are we building Xubuntu 10.04.2 images? :)16:03
skaetara, yes they're being rebuilt.16:03
araI thought point releases images were just for Ubuntu16:04
araI guess I was wrong16:04
skaetcharlie-tca, go16:04
charlie-tcaThere are being built by request, for Xubuntu16:04
charlie-tcaWe did not do the .1 release, and wanted to get new stuff into the image, instead of the 352 updates after installing16:05
marjocharlie-tca: are testers lined up & committed?16:05
marjocharlie-tca: thx much16:06
charlie-tcaYou are welcome16:06
skaetara, marjo - They are also being built for kubuntu.16:06
marjoskaet: ack16:06
skaetok, no more hands, so on to the round table16:06
skaet[TOPIC] HW cert results and final image tests planned - ara16:07
MootBotNew Topic:  HW cert results and final image tests planned - ara16:07
araThe HW testing for 10.04.2 went pretty well. We are happy with the coverage we got. The results are available at:16:07
ara[LINK] http://people.canonical.com/~hwcert/point-release-testing/10_04_2.html16:07
MootBotLINK received:  http://people.canonical.com/~hwcert/point-release-testing/10_04_2.html16:07
araThe systems that didn't get tested are due to problems of infrastructure or faulty hardware that needs to get replaced, but all in all, I think the results are good enough to give the thumbs up hardware wise.16:07
araAbout the testing of the final images, has anything hardware related changed from the candidate images until now?16:08
skaetbjf, sconklin: ^^ ?16:08
sconklinNot sure why you called on me, we don't have anything to do with the testing . . .16:09
skaetsconklin - has any change gone in in the last 2 weeks that could impact the hardware that you're aware of?16:09
* skaet thinks not, but is just double checking.16:09
bjfyou've not taken a new kernel from us during the point release process, so how could it ?16:10
skaetbjf, fair enough16:10
araskaet, then, I guess there is no need to test the final images in hardware16:11
araskaet, ?16:12
skaetara,  sorry,  thinking if the boot infrastruture has changed16:12
skaetlets assume not unless rest of meeting brings up a good reason then.16:13
araskaet, OK, so that's all from me16:13
skaet[TOPIC] QA sniff testing from weekend and hot issues - jibel16:13
MootBotNew Topic:  QA sniff testing from weekend and hot issues - jibel16:13
jibel10.04.2 ISO Testing started last weekend and is going well.16:14
jibel2 major issues have been found:16:14
jibel * bug 718749 (rebuild in progress)16:14
jibel * bug 645818 (not a bug in lucid)16:14
ubottuLaunchpad bug 718749 in Ubuntu CD Images "Xubuntu i386 Lucid 10.04.2 images will not boot" [Critical,Fix released] https://launchpad.net/bugs/71874916:14
ubottuLaunchpad bug 645818 in usb-creator (Ubuntu Natty) "10.04.1 image created in Maverick does not boot in my Dell Mini9" [Critical,Triaged] https://launchpad.net/bugs/64581816:14
jibelFor 645818, we are looking for someone with a Lucid system, to create a bootable usb and confirm that he's not affected by this issue.16:14
jibelLast week, we have tested the upgrades from K/Ubuntu Desktop i386/amd64 Hardy and Karmic to
jibel2 have been found issues found:16:15
jibel* bug 71520616:15
jibel* bug 71524716:15
ubottuLaunchpad bug 715206 in gnome-panel (Ubuntu) "9.10 to 10.04.2: The panel encountered a problem while loading "OAFIID:GNOME_ClockApplet"." [Undecided,New] https://launchpad.net/bugs/71520616:15
ubottuLaunchpad bug 715247 in nautilus (Ubuntu) "8.04.4 -> 10.04.2 upgrade: popup with corba error during upgrade" [Undecided,New] https://launchpad.net/bugs/71524716:15
jibelUntested images:16:15
jibel* Ubuntu Server Installation and upgrade16:15
jibelany question ?16:16
zuldo you guys need help with that?16:16
jibelhggdh, ^16:16
hggdhjibel: sorry, I was not aware I was to test 10.04.216:17
jibelzul, okay we need help then16:17
hggdhI spent last week on hardy...16:17
zuljibel: ok ill bring it up in the meeting tomorrow then16:18
jibelzul, thanks.16:18
skaetjibel, how are we going to get testers to work around the maverick/natty bug for creation of 10.04.2 iso cds and usbs?   Is there some good documentation on this somewhere?16:18
jibelskaet, For testers I'll send an email to explain the issue, and point them to the bug report.16:20
=== Technovi1ing is now known as Technoviking
skaetjibel, thanks - that will help.   I'll make sure its documented in release notes.16:21
jibelskaet, it's not a nice bug but the workaround is easy.16:22
skaetthanks jibel.    any other questions?16:22
skaet[TOPIC] Image build status and plans  - cjwatson16:23
MootBotNew Topic:  Image build status and plans  - cjwatson16:23
cjwatsonas far as I know most things are green, with the exception of my screwup that broke the Xubuntu images and Ubuntu DVDs (i386 only).  The code bug is fixed and rebuilds are in progress.16:24
cjwatsonThe only build issue I'm aware of is that the following images are oversized: Xubuntu desktop amd64, Xubuntu desktop powerpc, Xubuntu desktop powerpc+ps3, Xubuntu alternate powerpc16:25
cjwatsonoh, and Kubuntu desktop i38616:25
cjwatsonI don't know how much we care about those, and about which ones16:25
skaetcharlie-tca, Riddell,  ^^ ?16:26
* skaet looks around..16:28
charlie-tcawe will live with it if I can't get them dow16:28
charlie-tcaI will get someone to look at the Xubuntu desktop amd64 and try to squeeze it down16:29
charlie-tcaThe other ones, I guess I don't really card so much16:30
skaetcharlie-tca, ok, thanks.   If we can't squeeze, we'll need to release note, so we should probably open a bug to track.16:30
charlie-tcaI will do that16:30
skaetcjwatson.  I'll follow up with Riddell about Kubuntu after the meeting about Kubuntu16:31
skaetany other questions?16:31
skaetthanks cjwatson16:32
skaet[TOPIC] any new business?16:32
MootBotNew Topic:  any new business?16:32
skaetor issues/concerns about 10.04.2?16:32
skaetok,  thanks for attending,  we'll go back to the regular agenda next meeting.16:33
pittiI'm terribly sorry, missed the time16:33
MootBotMeeting finished at 10:33.16:33
charlie-tcaThanks, skaet16:33
arathanks skaet16:34
skaetthanks bjf, sconklin, ara, jibel, cjwatson, charlie-tca16:34
marjothx skaet16:35
jibelthanks for chairing skaet16:35
skaetthanks marjo16:35
pittiskaet: any fires which I need to put out in lucid?16:36
skaetpitti,  thanks,  can you look at the bugs that jibel raised, and make sure no kitten killers in them,  cjwatson's handling the image rebuilds.  I'll paste them or the log (if available) to you directly16:40
pittiskaet: thanks, will have a look once you paste16:41
=== ian_brasil_ is now known as ian_brasil
* jdstrand waves18:00
* micahg waves18:01
* jdstrand waits for sbeattie 18:02
jdstrandok, let's get started18:05
MootBotMeeting started at 12:05. The chair is jdstrand.18:05
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]18:05
jdstrandThe meeting agenda can be found at:18:05
jdstrand[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting18:05
MootBotLINK received:  https://wiki.ubuntu.com/SecurityTeam/Meeting18:05
jdstrand[TOPIC] Review of any previous action items18:05
MootBotNew Topic:  Review of any previous action items18:05
jdstrandonly thing from last week is the ia32-libs. aiui, mdeslaur is doing lucid and sbeattie is working on the rest. Since it is assigned I don't think we need to bring it up every week18:05
jdstrand[TOPIC] Weekly stand-up report18:06
MootBotNew Topic:  Weekly stand-up report18:06
mdeslaurjdstrand: I'm doing hardy, not lucid18:06
jdstrandmdeslaur: oh, I actually knew that. not sure why I put lucid...18:06
jdstrandI'll go first18:07
jdstrandI am on community this week18:07
jdstrandMozilla updates are imminent, so I will be testing and publishing firefox, xul and tbird soon18:07
jdstrandI got sidetracked last week by several things and made no progress on dbus/apparmor or dbus-glib update. Hopefully I can start on it again18:07
jdstrandSome of those things were profiling gnome thumbnailers, a chromium update, writing aa-disable, patch piloting and a number of meetings18:07
jdstrandI'm hoping this week will fair slightly better. micahg starts tomorrow, so I'll be handing off all the browser/mozilla stuff to him in the coming weeks18:08
jdstrandI think that's it from me18:08
jdstrandkees: you're up18:08
mdeslauroh sweet! hi micahg!18:08
micahghi mdeslaur18:08
* jdstrand is *very* happy to have micahg coming on board :)18:09
* kees hugs micahg18:09
* micahg hugs kees back18:09
keesI've got a few USNs coming up this week18:09
keesI'm in happy-place, which means I'm going to try to knock out the gcc testsuite change upstreaming. maybe some more %pK patches to LKML18:10
keeshonestly, the gcc stuff will probably eat most of my time. running the suite is crazy time-consuming18:10
keesI'd like to try to find people to fix the firefox and chromium hardening stuff18:11
keesafaik, firefox is still not PIE in natty, and chromium ARM has PIE disabled too18:11
keesthat's it from me...18:12
jdstrandkees: is that not PIE for armel/firefox or all archs?18:12
keesjdstrand: non-PIE for all archs with firefox18:13
keesyeah, it's a gcc-4.5 regression. following-up with chrisccoulson has bubbled to near the top of my todo list finally.18:14
jdstrandmicahg: would you be willing to work with chrisccoulson to conditionally set PIE for non-armel? (assuming it works for non-armel)18:14
jdstrandthen kees can continue to try to find people to fix armel stuff18:14
micahgjdstrand: it was failing before on all arches, but sure :)18:14
chrisccoulsonjdstrand, it fails on i38618:14
jdstrandwell, if it was failing everywhere, it sounds like chrisccoulson already knows about it18:14
keesyeah, I'm pretty sure the chromium and firefox PIE issues are separate18:15
* jdstrand nods18:15
chrisccoulsonjdstrand, the behaviour is unique to the i386 implementation of TLS18:15
chrisccoulsonbut i need to refresh my memory on the issue again ;)18:15
jdstrandchrisccoulson: cool. it would be great to not regress on this issue for natty release18:16
jdstrandI would think upstream would be interested in this too...18:16
keesthe arm-pie-chromium issue is technically not a regression (it's been disabled for a while). I just want to also get it fixed.18:16
jdstrandkees: actually, on lucid it was only recently turned off18:17
jdstrandI'm not sure if that is because only recently people noticed or because it recently broke18:17
keesjdstrand: right, but my understanding was that it was due to chromium version bumps18:17
keesi.e. it became new enough that someone hit it. or something. dunno; this is why I want to spend some time to investigate and delegate. :)18:18
jdstrandI don't know the cause. I do consider disabling pie in a security update, regardless of version bumping, as a regression18:18
jdstrandof course, there isn't a lot we can do there...18:18
* kees nods18:18
jdstrandkees: I appreciate you looking into it! :)18:18
* sbeattie is here, reading scrollback18:19
mdeslaurmy turn?18:20
jdstrandmdeslaur: as kees mentioned that was it from him, why don't you go18:21
mdeslaurSo, I'm currently testing fuse updates, and will release them once lucid's fuse package in -proposed gets released18:21
mdeslaurBesides that, I need to take a look at ffmpeg18:22
mdeslaurand still have work to do on apparmor-profiles18:22
mdeslaurI also have some gnome-screensaver fixes I want to push to natty, and possibly SRU into lucid and maverick18:22
* sbeattie saw mdeslaur's commits to the apparmor-profiles tree; nice start!18:22
mdeslaurand there was another package I wanted to work on this week...but...it slips my mind right now (d'oh!)18:23
mdeslaurthat's it from me18:23
* sbeattie takes his turn.18:24
sbeattieI have a krb5 update that I'll release once this meeting is over.18:24
sbeattieI have an openssl update for right afterward, though I need to do a little more testing with it.18:24
sbeattieI made some progress on apparmor release stuff, and have more to do on that this week.18:25
sbeattieThat's pretty much it for me.18:25
jdstrandsbeattie: I've seen a lot of those reviews. some of it should be quite nice (especially the opensuse stuff you slurped in)18:26
jdstrandmicahg: I know you only officially start tomorrow, but is there anything you'd like to mention? typically we mention what we hope to work on in the coming week, and occasionally work that we did last week as it might affect this week (or that is particularly cool)18:27
jdstrandmicahg: it is ok to say 'no'. I know I just sprung this on you :)18:28
micahgFinish getting set up, I'd like to start looking at the webkit update, 1.2.7 is out18:28
jdstrandsounds great18:29
jdstrand[TOPIC] Miscellaneous and Questions18:29
MootBotNew Topic:  Miscellaneous and Questions18:29
jdstrandOne thing sbeattie mentioned to me last week is vendor-sec tracking18:29
jdstrandI'll let him expand on it if he wants, but the basic idea is that we treat it as quite ad-hoc18:29
jdstrandwhoever happens to see something, mentions it18:30
jdstrandeg, the last postgresql update18:30
jdstrandwe knew about it early, but we didn't let pitti know, and basically reacted to it18:30
jdstrandI wonder if this could be improved more?18:31
jdstrandwe could try to use the CVE-2011-NNNX method more often18:31
mdeslaurjdstrand: did you have anything in mind?18:31
keesI've found the vsec threads difficult to really "triage" until they're reached a certain stage18:31
jdstrandmdeslaur: not really, this is just open for discussion (beyond what I just mentioned)18:32
jdstrandkees: yes, I tend to agree18:32
jdstrandI also don't tend to update my embargoed branch very often...18:32
keessometimes there are weeks between something being brought up and it being remotely actionable.18:32
jdstrandtrue. that was indeed the case with postgres, iirc18:33
* sbeattie wondered if he just needs better management of that particular email folder.18:33
jdstrandperhaps it would be best to identify any problems with the current system, and then see if we actually need to fix them18:34
jdstrandsbeattie: are there particular things you find lacking?18:35
sbeattiethe concern I have is us not noticing stuff that comes through vendor-sec, because it comes in a mish-mash of stuff we don't as much about, because there's other active threads that are developing fixes that "drown" out other issues.18:36
sbeatties/don't/don't care/18:36
jdstrandI think that is a valid concern18:37
jdstrandwhat do others think?18:37
sbeattieWas wondering if there was a light-weight way of coordinating that we can ignore certain threads, should watch others for deveopling fixes, etc.18:37
micahgmaybe if one person can keep an eye on vendor-sec each week?18:37
keestraditionally this is the person doing "triage"18:38
jdstrandwe could do something like what we do with USN assignments-- a one line assessment in a file...18:38
jdstrandI'm not sure how helpful that would be...18:38
mdeslaurI think vendor-sec is important enough that we all should be looking at it, not just the triage person18:38
jdstrandmdeslaur: what are your thoughts?18:38
keesI don't exactly see a specific problem to solve yet.18:38
mdeslaurbug, that being said18:38
keesmdeslaur: that's fair18:39
jdstrandI was on triage last week18:39
mdeslaurI think we should make sure to call out any packages we see that appear there, and make sure someone takes responsability for it18:39
jdstrandI mentioned only one item18:39
mdeslaurwhether it be in a file or not18:39
mdeslaurif we notice that we're skipping some, I think we can move into doing the CVE-XXXX stuff, or even a simple file18:40
jdstrandin a way, this is preassignment18:40
mdeslaurso, in the case of postgresql, what exactly did we do wrong there?18:40
mdeslaurwe didn't notify pitti?18:41
jdstrandmdeslaur: in that case, pitti told us about it, when we actually had the info18:41
mdeslaurwhen we saw something about postgresql, did we just assume pitti would be telling us about it?18:41
jdstrandwell, without divulging too much info18:42
jdstrandthere was a question posted regarding notifying upstream18:42
jdstrandthe answer was that upstream was notified18:42
jdstrandthen it sat there until pitti told us about it18:43
jdstrandbut, the issuing wasn't critical18:43
jdstrandwe all probably read the thread18:43
jdstrandI know I wasn't thinking it was a huge deal at the time18:43
mdeslaurI'm sorry...I though pitti _was_ postgresql upstream18:43
jdstrandmdeslaur: he is the debian maintainer18:44
jdstrandhe does not do upstream postgresql afaik18:44
mdeslaurah, I thought he did, so I'm mistaken18:44
jdstrandmdeslaur: and he happens to provide updates for -security out of tradition18:44
mdeslaurso...we couldn't have told him anyway18:44
jdstrandyes we could have18:44
jdstrandwe are allowed to let developers who work on it know18:45
jdstrandeg, kernel embargoed stuff18:45
jdstrandthey just have to know not to talk about it, etc18:45
jdstrandin fact, pitti may have already known18:45
jdstrandwhich I think is part of the problem in this particular case-- we didn't communicate18:45
jdstrandbut then again, I wasn't thinking it was world-burning and a 0day we had to jump on18:46
jdstrandat least, as I recall from reading the thread from weeks ago18:46
jdstrandso, ok, let's drive this to resolution18:46
jdstranda) is there a problem? b) if there is, is the answer pre-assigning?18:47
jdstrandI'm not sure there is a problem, per se18:47
sbeattiejdstrand: are you sure you're thinking of the right vuln? I don't see a "thread" about it, just a singlepost.18:47
jdstrandhold on18:48
jdstrandsbeattie: yes, I was. I responded privately18:51
jdstrandso, postgres aside18:52
jdstrand12:47 < jdstrand> a) is there a problem? b) if there is, is the answer pre-assigning?18:53
jdstrandkees, sbeattie, mdeslaur: ^ opinions?18:53
jdstrandmicahg: ^18:53
sbeattieright, the fear is that, if we didn't this particular postgresql issue until we were prompted from pitti, are we letting other things slip through the cracks.18:54
* micahg doesn't know whether or not there's a problem yet :)18:54
mdeslaurwell, whatever slips through the cracks simply shows up after CRD18:54
mdeslaurit's not as if we're skipping updates altogether18:54
mdeslaurof course, we need to publish stuff at CRD18:55
jdstrandand we jump all over the world-burning stuff18:55
mdeslaurand I think everybody needs to read vendor-sec and make sure someone's got the ball on things we spot18:55
jdstrandwell, that is a gray area18:56
mdeslaurI think postgresql is a bad example in this case18:56
jdstrandI mean, we don't need to jump on a low issue18:56
mdeslauryes, and there are low issues on vendor-sec...and universe stuff also18:56
jdstrandmany mediums we probably don't, though it is nice if we do18:56
keesperhaps we should put stuff into the embargoed tree once a CVE has been assigned on vsec, or if it's serious enough with a very short CRD18:57
jdstrandkees: that is a good idea18:57
jdstrandif it has a CVE, put it in embargoed18:57
jdstrandtbh, we should have ben doing that all along18:57
jdstrandI certainly haven't18:57
keesbut they develop so slowly that it can span triagers18:57
jdstrandwell, so we need to be updating our embargoed tree daily probably18:58
keesso perhaps the current triager should add CVEs, and update changing CRDs18:58
jdstrandand then as we see CVEs assigned in vsec, we add them18:58
* jdstrand nods18:58
mdeslaurand skip everything that doesn't have a CVE? :P18:58
keesbut, as mdeslaur says, we should probably all read it18:58
jdstrandothers can check/follow-up with the triager18:58
mdeslaurseems to be that doesn't solve the problem :P18:59
jdstrandI think it does18:59
jdstrandit is tracked18:59
jdstrandit'll show up in cve_todo18:59
mdeslauronly stuff that has a CVE gets tracked18:59
keesmdeslaur: if something is coming fast without a CVE, it should get the CVE-2011-NNN1 or whatever18:59
jdstrandmdeslaur: or high priority stuff18:59
jdstrandthen we use the convention kees just mentioned18:59
mdeslaurok, so triager adds everything he sees to embargoed tree19:00
jdstrandwhen a cve is assigned, we bzr mv CVE-2011-NNN1 ...19:00
jdstrandI don't think so19:00
kees(and update the internal name)19:00
jdstrandall CVEs assignments19:00
jdstrandhigh priority or higher get CVE-2011-NNNX19:00
jdstrandbut that is my opinion19:00
mdeslaurwhat about stuff not in main, we ignore it?19:00
jdstrandmdeslaur: yes19:01
jdstrand(again, my opinion)19:01
jdstrandwell, ignore it in terms of CVE-2011-NNNX19:01
mdeslaurjdstrand: so if it does get a cve, but is not in main, we add it to embargoed anyway?19:02
jdstrandI think that is fair19:02
jdstrandmost of that ends up in oss-security anyway19:02
jdstrand(ie, not much maintenance work)19:02
jdstrandto summarize:19:02
jdstrandif has CVE with CRD, add to embargoed19:02
jdstrandif no CVE, but is officially supported and high priority, add to embargoed19:03
jdstrand(with CVE-YYYY-NNNX)19:03
jdstrandeveryone reads the list19:03
jdstrandthe triager adds19:03
sbeattie+1 from me19:04
mdeslaurwhat about CVE with no CRD?19:04
jdstrandkees, mdeslaur, sbeattie, micahg: ^ will that address the concerns/issues appropriately?19:04
keesmdeslaur: skip it, I think.19:05
jdstrandI agree19:05
keesjdstrand: sounds good; I've updated the Duties page19:05
jdstrandkees: thanks! :)19:05
mdeslaurok, +119:05
jdstrandactually, if it is supported, with a CVE but no CRD, we should ad it19:05
jdstrandotherwise skip19:06
jdstrand(that way it still shows up in our cve todo list19:06
jdstrandwhich gives us an opportunity to be reminded to followup with upstream, etc19:07
jdstrandkees, mdeslaur, sbeattie: ^19:09
jdstrandmicahg: ^19:09
mdeslaurjdstrand: that sounds good19:09
micahgsounds good to me19:09
kees(Duties re-updated)19:09
jdstrandmicahg: you are not under my fingertips just yet :)19:09
jdstrandso, that is it from me19:09
jdstranddoes anyone have any other questions or items to discuss?19:10
micahgjust an update on Mozilla stuff19:10
micahgno release today, on a day-to-day slip19:10
jdstrandthank goodness19:10
jdstrandI was going to be hardpressed to get it tested by eod19:11
micahgjdstrand: I wouldn't bother, there might be new builds19:11
jdstrandmicahg: what is the new date?19:11
micahgjdstrand: when it's ready :)19:12
jdstrandmicahg: and that is tentatively when? :)19:12
micahgjdstrand: they didn't say, I think they're hoping for tomorrow, but can't promise19:12
jdstrandwell, then I need to test the current builds19:13
jdstrandotherwise I'll be hours to a day late19:13
jdstrand(depending on when they push it out)19:13
jdstrandI'll talk to you in #ubuntu-mozillateam19:13
jdstrandI think that's it then19:14
jdstrandthanks everyone! :)19:14
MootBotMeeting finished at 13:14.19:14
mdeslaurthanks jdstrand!19:14
sbeattiejdstrand: thanks!19:15
micahgjdstrand: thanks :)19:15
keesthanks jdstrand :)19:16
=== zul_ is now known as zul
=== zul_ is now known as zul
=== jam1 is now known as jam
=== starcraft is now known as starcraftman
=== bjf is now known as bjf[afk]

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!