[18:00] <mdeslaur> \o
[18:00] <tyhicks> hello
[18:00] <jjohansen> \o
[18:00] <micahg> hi
[18:01]  * mdeslaur pokes at sbeattie with pointed stick
[18:02]  * sbeattie waves
[18:02] <mdeslaur> cool
[18:02] <mdeslaur> #startmeeting
[18:02] <meetingology> Meeting started Mon Sep 10 18:02:19 2012 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[18:02] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[18:02] <mdeslaur> The meeting agenda can be found at:
[18:02] <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[18:02] <mdeslaur> [TOPIC] Announcements
[18:02] <mdeslaur> thanks to ScottK for his help on security updates for python-django last week. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[18:02] <mdeslaur> [TOPIC] Weekly stand-up report
[18:02] <mdeslaur> I'll go first
[18:03] <mdeslaur> I've just published gimp and python-django
[18:03] <mdeslaur> and I've published a usn for the ubiquity-slideshow-ubuntu package
[18:03] <mdeslaur> I'll start work on an embargoed issue this week, and will try and get to some other CVEs in our list...we have quite a large list right now
[18:04] <mdeslaur> oh, and I'm on community
[18:04] <mdeslaur> that's it, sbeattie, you're up
[18:04] <sbeattie> I'm on triage this week
[18:04] <sbeattie> I've got updates for mesa, horizon, and eglibc underway
[18:04] <mdeslaur> \o/ eglibc
[18:05] <sbeattie> I also need to get the apparmor-dbus ppa up and going.
[18:05] <sbeattie> I'll try to pick up another update due to the large list
[18:05] <sbeattie> that's it for me. micahg?
[18:06] <micahg> I've got patch piloting, Firefox 15.0.1, Chromium for precise, webkit on oneiric
[18:06] <micahg> oh, and Mozilla pretesting time permitting
[18:06] <micahg> tyhicks: tag
[18:06] <tyhicks> I'm in the happy place this week
[18:07] <tyhicks> I got two xmlrpc-c patches upstreamed late last week and I'm in the process of publishing an update for xmlrpc-c as we speak
[18:08] <tyhicks> After that, I need to take a closer look into an eCryptfs regression in precise - Bug 1047261
[18:08] <tyhicks> and then I'll be splitting time between coming up to speed on apparmor introspection interface patches and another update or two
[18:08] <tyhicks> that's it for me
[18:08] <tyhicks> jjohansen: you're up
[18:08] <jjohansen> I have an update of yama stacking patches and a couple of link restriction qrt failures to look into
[18:08] <jjohansen> Some testing of IMA so that we can turn its config on in quantal
[18:08] <jjohansen> Some reported apparmor quantal regression failures to look into.
[18:08] <jjohansen> Finish piecing back together apparmor dbus (a little bit of parser work and what ever surprises come up in testing), and work with sbeattie to get the ppa up
[18:08] <jjohansen> There is a kernel workflow failure that I was pointed at last week that I need to finish looking into, where some CVEs aren't moving out of the pending state.
[18:08] <jjohansen> Push out the latest apparmor lock, fs patches
[18:12] <jjohansen> mdeslaur: back to you
[18:12] <mdeslaur> [TOPIC] Highlighted packages
[18:12] <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[18:12] <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[18:12] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/mednafen.html
[18:13] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/shibboleth-sp2.html
[18:13] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/torcs.html
[18:13] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/eclipse.html
[18:13] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/znc.html
[18:13] <mdeslaur> [TOPIC] Miscellaneous and Questions
[18:13] <mdeslaur> Does anyone have any other questions or items to discuss?
[18:19] <mdeslaur> thanks everyone!
[18:19] <mdeslaur> #endmeeting
[18:19] <meetingology> Meeting ended Mon Sep 10 18:19:13 2012 UTC.
[18:19] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-09-10-18.02.moin.txt
[18:19] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-09-10-18.02.html
[18:19] <sbeattie> mdeslaur: thanks!
[18:19] <micahg> mdeslaur: thanks
[18:19] <jjohansen> thanks mdeslaur
[19:01] <micahg> !dmb-ping
[19:02] <cody-somerville> Hi Folks
[19:02]  * rsalveti waves
[19:02] <tumbleweed> o/
[19:02]  * infinity readies his pom-poms to cheer for rsalveti.
[19:02] <cody-somerville> #startmeeting Developer Membership Board Meeting
[19:02] <meetingology> Meeting started Mon Sep 10 19:02:34 2012 UTC.  The chair is cody-somerville. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:02] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[19:02] <rsalveti> infinity: :-)
[19:03] <cody-somerville> #topic Review of previous action items
[19:03] <cody-somerville> #subtopic micahg to document the zentyal packageset
[19:03] <micahg> impossible as the API doesn't allow it :)
[19:03]  * micahg will file bug for that
[19:04] <cody-somerville> micahg, Ack
[19:04] <tumbleweed> and I may even fix it, I did a rocketfuel-setup, intending to have a look...
[19:04]  * stgraber waves
[19:04] <cody-somerville> #accepted Impossible as the API doesn't allow it - micahg will file bug. Tumbleweed may look to fix it.
[19:04] <cody-somerville> #subtopic laney to delete network-manager packageset
[19:05] <cody-somerville> I don't think Laney is making it today.
[19:05] <cody-somerville> Carrying action item
[19:05] <cody-somerville> #action laney to delete network-manager packageset
[19:05] <meetingology> ACTION: laney to delete network-manager packageset
[19:05] <cody-somerville> #subtopic laney to contact menesis about schooltool packageset
[19:05] <tumbleweed> also can't be done without lp changes
[19:06] <cody-somerville> #action laney to delete network-manager packageset (may require lp changes however)
[19:06] <meetingology> ACTION: laney to delete network-manager packageset (may require lp changes however)
[19:06] <stgraber> tumbleweed: removing package sets?
[19:06] <cody-somerville> #subtopic laney to contact TB to see if netbook/unr/mobile packagesets are still needed
[19:06] <cody-somerville> Action is reported as done in agenda
[19:07] <cody-somerville> #accepted TB was contacted regarding continued need for netbook/unr/mobile packagesets
[19:07] <cody-somerville> #subtopic stgraber to add ppu for lexical to fwts
[19:07] <stgraber> I believe that was done, let me check
[19:07] <stgraber> yep
[19:07] <cody-somerville> #accepted Added PPU for lexical to fwts
[19:08] <cody-somerville> #topic Ubuntu Core Developer Applications
[19:08] <cody-somerville> #subtopic Ubuntu Core Developer Application: Ricardo Salveti
[19:08]  * rsalveti o/
[19:08] <cody-somerville> https://wiki.ubuntu.com/RicardoSalveti/CoreDevApplication
[19:09] <tumbleweed> stgraber: yes
[19:09] <cody-somerville> rsalveti, Hello. Please introduce yourself and your application.
[19:09] <rsalveti> sure
[19:10] <rsalveti> my name is Ricardo Salveti, working and living in Brazil, mostly involved with ARM related activities over the past few years
[19:11] <rsalveti> I'm a canonical employee, currently allocated at Linaro working as the team lead for the developer platform team, which is responsible of creating and maintaining the Ubuntu Linaro Evaluation Builds
[19:11] <rsalveti> these Ubuntu LEBs are currently based on both the last stable release and the current one, which we use to integrate and deliver the linaro specific projects and developments
[19:12] <rsalveti> so in the end we can provide an image that can be used in many different development boards, helping the development and validation before the code from the other working groups can be integrated at upstream
[19:12] <rsalveti> or even at the ubuntu archive
[19:13] <rsalveti> in the past I also worked at the old ubuntu arm team
[19:13] <rsalveti> mostly during the maverick/natty cycles, helping improving the ARM support in general
[19:13] <rsalveti> as a generalist, I'm usually involved on coding and bugfixes all across the os, from bootloader, kernel, init system and X11
[19:14] <rsalveti> I also worked improving and enabling the OpenGL ES2.0 support at the archive, for arm, so we could have accelerated rendering with our supported boards
[19:14] <rsalveti> such as Pandaboard
[19:15] <rsalveti> also helping getting Unity 3d to properly work on ARM, by helping with coding/bugfixes and also package updates
[19:15] <cody-somerville> rsalveti, Do you find the Ubuntu release and development processes provides downstream consumers such as Linaro with a reliable and stable foundation to build custom solutions and product on top of? What were some of the pain points in this regard and how would you go about fixing them?
[19:15] <rsalveti> for Quantal I'm glad that we were finally able to get the PowerVR SGX driver in place, letting us releasing the desktop image for Panda during B1
[19:16] <rsalveti> cody-somerville: usually, yes, but we had to deal with a few issues as well
[19:17] <rsalveti> the first one happened when we decided to generate our own rootfs, based on ubuntu
[19:17] <rsalveti> as live-build wasn't that supported at that time
[19:17] <rsalveti> but lately that improved once the live-build support was improved at ubuntu (around oneiric?), and we were also able to cross-bootstrap it with qemu
[19:18] <rsalveti> making it a lot easier for us to customize the image at the build time
[19:18] <rsalveti> another issue we got was the lack of proper cross build support
[19:18] <rsalveti> as specially for ARM, the engineers are quite used to just use cross-compilation for everything
[19:18] <rsalveti> and as on ubuntu we officially just support native build, that was a bit of a pain for those developers
[19:19] <rsalveti> luckily that was improved a lot with multi-arch support, but it's still not looking very nice
[19:19] <rsalveti> http://people.linaro.org/~wookey/buildd/precise/sbuild-ma/status-bootstrap.html
[19:19] <rsalveti> one example
[19:20] <rsalveti> I think we also got one for quantal this week
[19:20] <rsalveti> wookey is working on setting up a buildd to try to verify the cross-build support for our packages
[19:20] <rsalveti> using multi-arch
[19:20] <rsalveti> but currently I think perf is one of the main issues, as porting it to multi-arch and getting it able to be cross-buildable is a pain
[19:21] <rsalveti> *perl
[19:21] <cody-somerville> rsalveti, Is that work that you hope will make it into Ubuntu at some point?
[19:21] <rsalveti> and the last one, which we got from ARM, is that once the release is done, the src packages from updates/security can be replaced with new package updates
[19:22] <rsalveti> and that is an issue specially when they got an image which can't easily be updated, and they want/need the src/dbg packages from one specific version which is not available anymore
[19:23] <rsalveti> cody-somerville: we're working to get this supported at ubuntu for a while already, hopefully this time it'll be enough to bootstrap the Aarch64 more easily
[19:23] <cody-somerville> The last issue: Is that an issue with how you deliver your package updates to customers or an issue with Ubuntu's archives?
[19:23] <rsalveti> our goal is to also work helping debian/ubuntu with the aarch64 port later this year, so at least for a minimum rootfs it's quite useful to be able to cross-build them
[19:24]  * stgraber remembers getting quite a few patches from wookey to support cross-building of various bits of the archive
[19:24] <rsalveti> cody-somerville: the problem happens once the vendor updates the image, but later wants to debug one specific package that was also updated at the updates/security pocket
[19:25] <cody-somerville> rsalveti, Do you see a future where official packages in the Ubuntu archive could be generated via cross-building instead of needing to all be done on native hardware?
[19:25] <rsalveti> then he's unable to find the older version by just using apt-get
[19:26] <rsalveti> cody-somerville: I think so (we also discussed in the past the support for cross-build at launchpad), but the problem is the amount of time it takes to get that in place
[19:26] <rsalveti> it might be the same time where we'll be getting huge armv8 servers around
[19:26] <infinity> (There are reasons other than time why not to do it)
[19:26] <rsalveti> then the cross build is not that relevant anymore
[19:26] <rsalveti> infinity: sure, but even for development/experimental support
[19:28] <rsalveti> so I believe it's good to be able to cross build packages, specially now that we have multi-arch support
[19:28] <rsalveti> but I don't see it becoming an official/supported way by ubuntu
[19:28] <cody-somerville> rsalveti, Do you have any major goals that you'd like to achieve in the next six months if you were to become a Ubuntu core developer?
[19:29] <rsalveti> cody-somerville: keep improving the support for the current arm targets, but also helping the support for other devices, such as the A10 based tablets/servers/dongles etc
[19:29] <rsalveti> I think those variants will become quite relevant in a few months, specially because they are incredibly cheap
[19:30] <rsalveti> also, helping with the Aarch64 port as well
[19:30] <rsalveti> (which is our current focus at linaro)
[19:31] <rsalveti> and, there's still a lot of work to make the opengl related packages at the archive also compatible with OpenGL ES
[19:32] <cody-somerville> rsalveti, Being a Ubuntu Core Developer isn't just about upload permissions, it also means being a leader. Can you describe a situation or an issue in the Ubuntu community where you've shown leadership?
[19:33] <rsalveti> I think specially with the pandaboard/beagle users, where they are always pushing and requiring better support for their own use cases
[19:33] <rsalveti> I always try to help at the #ubuntu-arm channel with any board specific issue, and also helping them becoming more interested at Ubuntu
[19:33] <rsalveti> by providing an easy way to consume ubuntu, and also build whatever they like on top of it
[19:34] <rsalveti> so that's why getting the opengles drivers integrated by default was a quite important step
[19:34] <rsalveti> I think that ubuntu was the first arm distro that got the drivers integrated at the archive
[19:34] <rsalveti> first for the omap3 boards, and later for omap4
[19:34] <rsalveti> which helped people developing the opengles support at unity, but also for others that were consuming and developing applications on top of Qt
[19:34] <rsalveti> using the opengles support for it
[19:36] <cody-somerville> rsalveti, What motivated you to apply to become a Ubuntu Core Developer? Is there any reason you haven't applied previously for MOTU?
[19:37] <rsalveti> cody-somerville: that's a funny fact, I thought about applying to motu first, and that's how I became an ubuntu universe contributor (at that time it wasn't clear what team/permission would be related with motu)
[19:38] <rsalveti> I remember we had even wiki pages showing that ubuntu universe contributor would be just like a motu
[19:38] <rsalveti> but I found later on that it wasn't that way still
[19:38] <rsalveti> but then, as most of the packages I was changing at ubuntu was part of main, I just decided to apply to core-dev directly
[19:40] <rsalveti> specially after working and contributing to ubuntu for almost 5 releases
[19:45] <cody-somerville> Any other questions?
[19:45] <stgraber> rsalveti: are you subscribed to ubuntu-devel-announce?
[19:45] <rsalveti> stgraber: yes
[19:46] <rsalveti> hm, maybe not announce, let me check
[19:46]  * rsalveti is subscribed to so many ubuntu related mls
[19:46] <micahg> rsalveti: you mention that you don't like the kernel SRU process, this has actually been measurably improved in the past few years, did you have any specific ideas on how it can be even better?
[19:47] <stgraber> rsalveti: ubuntu-devel-announce is where all the freezes are announced, so it's really a must read before uploading anything
[19:47] <rsalveti> stgraber: oh, true, I usually prefer to follow the release meetings at every friday
[19:48] <stgraber> that works too (same information)
[19:48] <rsalveti> micahg: I think specially on the kernel side, the kernel stable updates are updated more frequently nowadays
[19:48] <rsalveti> guess after the qa side of ubuntu got a bit of more focus, that also improved on that direction as well
[19:49] <rsalveti> but it's common to find bugfixes waiting for more than one month
[19:49] <micahg> they have a 3 week cadence, so if you miss the train, you get on the next one
[19:49] <rsalveti> which I think can upset a few users, as it can take quite a while to get some minor but important fixes in place
[19:50] <micahg> the problem is that you'll always have more fixes to get in, it should only be up to 3 weeks for a new kernel to hit proposed where people can grab it if they need it sooner
[19:50] <rsalveti> I believe for an lts 3 weeks might make sense, not so sure for the other releases
[19:50] <micahg> rsalveti: the problem is the time to verify all the fixes across the board
[19:50] <micahg> they just barely make it in 3 weeks now AIUI
[19:50] <rsalveti> yup :-( I know the pain
[19:51] <rsalveti> it's also common for the reporter to disappear
[19:51] <stgraber> rsalveti: another question for you :)
[19:51] <stgraber> rsalveti: Let's say you're a core dev, we are on the 21st of September 2012 and you have two packages that you want to upload, not containing any new feature. vlc and python-gevent. Should you upload these to the archive? If not, why?
[19:52] <rsalveti> after the <snapshot>-freeze, like beta-2, I'd first make sure I have the bugs opened and with proper explanation about why they need to be fixed
[19:53] <rsalveti> and then go to #ubuntu-release to request more info if I should update those packages or not, and then push to the archive
[19:53] <rsalveti> if they are not critical enough, otherwise going to -proposed might be the way to go
[19:54] <rsalveti> at times near release I don't want to push anything that's not well communicated at #ubuntu-release
[19:54] <stgraber> well, you should really only be poking #ubuntu-release for things that are seeded
[19:54] <stgraber> which of these two packages (if any) are part of these packages that are frozen for the milestone?
[19:55] <micahg> s/seeded/on images/ before final freeze
[19:56] <cody-somerville> We'll now move to the vote.
[19:56] <cody-somerville> #vote Ubuntu Core Developer Application: Ricardo Salveti
[19:56] <meetingology> Please vote on: Ubuntu Core Developer Application: Ricardo Salveti
[19:56] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)
[19:56] <rsalveti> python-gevent is part of main
[19:56] <rsalveti> but I think we have a freeze for universe as well at some point, right?
[19:56] <rsalveti> quite near the final freeze
[19:57] <rsalveti> stgraber: but I would only push a package at this point if it can be useful for the image, otherwise it might be good to wait for the release
[19:57] <rsalveti> not necessarily for universe packages, sure
[19:57] <cody-somerville> +1 based on interview, contributions, and endorsements.
[19:57] <meetingology> +1 based on interview, contributions, and endorsements. received from cody-somerville
[19:58] <stgraber> well, apparently cody-somerville started the vote already, so I'll just quickly explain why I chose these two packages
[19:59] <stgraber> vlc is part of mythbuntu so is covered by the milestone freeze but ONLY for LTS releases, so not for 12.10 where it can be freely uploaded until final freeze
[19:59] <micahg> rsalveti: main/universe is much less important than affects an image/doesn't affect an image
[19:59] <stgraber> (universe final freeze)
[19:59] <rsalveti> yup, true
[19:59] <stgraber> python-gevent is only on the Edubuntu media AFAIK as a dependency of python-x2go (universe) but that means it's part of the milestone freeze and shouldn't be uploaded without explicit approval of the release team
[20:00] <rsalveti> that's why I'd first go to #ubuntu-release, I know we have many variants around
[20:00] <barry> +1
[20:00] <meetingology> +1 received from barry
[20:00] <stgraber> rsalveti: do you know what tool to use whether a package is seeded and what media it might affect?
[20:01] <stgraber> +1
[20:01] <meetingology> +1 received from stgraber
[20:01] <tumbleweed> +1
[20:01] <meetingology> +1 received from tumbleweed
[20:01] <micahg> +1
[20:01] <meetingology> +1 received from micahg
[20:01] <rsalveti> stgraber: seeded-in-ubuntu, but also look at the seeds file
[20:02] <cody-somerville> #endvote
[20:02] <meetingology> Voting ended on: Ubuntu Core Developer Application: Ricardo Salveti
[20:02] <meetingology> Votes for:5 Votes against:0 Abstentions:0
[20:02] <meetingology> Motion carried
[20:03] <stgraber> rsalveti: yep, seeded-in-ubuntu is good for that. Grepping through the seeds works too but I prefer to let germinate do the calculation :)
[20:03] <cody-somerville> rsalveti, Congratulations and welcome to the Ubuntu Core Developer team.
[20:03] <rsalveti> stgraber: yeah :-)
[20:03] <infinity> \o/
[20:03] <rsalveti> \o/
[20:03] <rsalveti> thanks all folks
[20:03] <rsalveti> glad to be part of the team
[20:03] <stgraber> rsalveti: congrats
[20:03] <cody-somerville> #topic AOB
[20:03] <rsalveti> and proud as well
[20:04] <cody-somerville> Is there any other business for the board?
[20:04] <cody-somerville> If not, the next chair will be tumbleweed.
[20:04] <cody-somerville> #endmeeting
[20:04] <meetingology> Meeting ended Mon Sep 10 20:04:45 2012 UTC.
[20:04] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-09-10-19.02.moin.txt
[20:04] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-09-10-19.02.html
[20:04] <cody-somerville> Thank you everyone.
[20:05] <barry> thanks cody-somerville
[20:05] <skaet_> congratulations rsalveti :)
[20:06] <rsalveti> skaet_: thanks! :-)