[16:31] <jdstrand> hi!
[16:31] <jdstrand> #startmeeting
[16:31] <meetingology> Meeting started Mon Jun 24 16:31:17 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:31] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[16:31] <jdstrand> The meeting agenda can be found at:
[16:31] <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <jdstrand> [TOPIC] Announcements
[16:31] <jdstrand> Christian Kuersteiner (ckuerste) provided a debdiff for quantal for ruby-openid (LP: #1190179). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
[16:31] <jdstrand> [TOPIC] Weekly stand-up report
[16:31] <jdstrand> I'll go first
[16:31] <chrisccoulson> hi
[16:32] <jdstrand> I'm on community this week
[16:33] <jdstrand> I am currently working on finishing the SDK work items and goals for June deliverables
[16:33] <jdstrand> with luck, I will be done with June's work items today (thanks to me just picking up where sbeattie left off)
[16:34] <jdstrand> I did some phablet image testing last week, and will continue that this week. mostly just making sure that various pieces are landing and working correctly
[16:34] <jdstrand> I have monthly planning to do (with the help of the team)
[16:35] <jdstrand> and hopefully can get out a pending update
[16:35] <jdstrand> that's it from me. mdes laur isn't here today, so tyhicks, you're up
[16:36] <tyhicks> I suspect that I'll have some ContentPicker work this week, but won't know for sure until tomorrow
[16:37] <tyhicks> I'm continuing to freshen up the dbus-dev patches so that they're in shape for uploading/upstreaming
[16:38] <tyhicks> I'm also anxious to start work on the apparmor dbus policy parser changes that we voted on (pending jj's email about future IPC syntax)
[16:38] <jdstrand> tyhicks: are you planning an apparmor upload to the ppa?
[16:38] <tyhicks> jdstrand: probably not today
[16:38] <tyhicks> jdstrand: do we need to coordinate uploads?
[16:39] <jdstrand> ok. I will be doing a saucy upload to Ubuntu hopefully today, but also wanted to update the raring ppa with the same patches
[16:40] <tyhicks> jdstrand: that'll be fine - I'll just rebase on what you upload
[16:40] <jdstrand> tyhicks: I think if you are early or I am late, then yes. otherwise we should be ok
[16:40]  * tyhicks nods
[16:40] <tyhicks> I think that's it
[16:40] <jdstrand> my changes shouldn't affect anything you're doing
[16:40] <tyhicks> good
[16:41] <tyhicks> jjohansen: you're up
[16:41] <jjohansen> I'm finishing up with the apparmor3 backport for the phablet kernels.
[16:41] <jjohansen> there are some dbus patches tyhicks to look at
[16:41] <jjohansen> A couple of patches for 2.8 bugs to get out so I can help sarnold do the 2.8.2 release
[16:41] <jjohansen> I need to finish up my long delayed IPC syntax email that is blocking tyhick
[16:41] <jjohansen> And of course get back to my June WI
[16:41] <tyhicks> jjohansen: you have patches for the dbus package?
[16:42] <jjohansen> tyhicks: no, I just mean looking at the dbus related patches you posted
[16:42] <tyhicks> ah, got it
[16:42] <tyhicks> jjohansen: you wrote two of them, so you're almost half way done already ;)
[16:43] <jjohansen> \o/
[16:43] <jdstrand> heheh
[16:43] <jdstrand> is that an implicit ack?
[16:43] <tyhicks> heh :)
[16:43] <jjohansen> well we all know my code is perfect ;-)
[16:44] <jdstrand> :)
[16:44] <jjohansen> oh I guess I should say I have the weekly meeting with kshijt8 for his GSoC work
[16:45] <jjohansen> I think that is it from me sarnold your up
[16:45] <sarnold> I'm on triage this week
[16:46] <sarnold> I'll also be doing apparmor patch reviews, hopefully apparmor 2.8.2 release, and a lower-priority effort to finish up the bouncy castle test code I'm partly underway with..
[16:46] <sarnold> I think that's me, chrisccoulson's turn :)
[16:46] <chrisccoulson> hi :)
[16:47] <chrisccoulson> it's firefox update day tomorrow, so i've been testing that today
[16:47] <chrisccoulson> we are actually going to push chromium out this week as well ;) (going to do that after firefox)
[16:47] <chrisccoulson> and then thunderbird too
[16:48] <chrisccoulson> so, busy start to the week
[16:48] <chrisccoulson> i did more work on oxide last week, and shall continue again later this week once the updates are out of the way
[16:48] <chrisccoulson> i think that's me done
[16:49] <jdstrand> [TOPIC] Highlighted packages
[16:49] <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:49] <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pktstat.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tcptrack.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/freebsd-sendpr.html
[16:49] <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gromacs.html
[16:49] <jdstrand> [TOPIC] Miscellaneous and Questions
[16:50] <jdstrand> Does anyone have any other questions or items to discuss?
[16:57] <jdstrand> thanks tyhicks, jjohansen, sarnold, chrisccoulson!
[16:57] <jdstrand> #endmeeting
[16:57] <meetingology> Meeting ended Mon Jun 24 16:57:08 2013 UTC.
[16:57] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-06-24-16.31.moin.txt
[16:57] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-06-24-16.31.html
[16:57] <sarnold> thanks jdstrand :)
[16:57] <jjohansen> thanks jdstrand
[16:58] <jdstrand> np
[19:57] <cjwatson> mdz: You're chairing this evening, right?
[19:59] <cjwatson> Hmm
[19:59] <cjwatson> Anyone else around?  Kees said he'd be 15mins late
[20:00] <stgraber> I'm around
[20:00] <soren> o/
[20:02] <cjwatson> I can't chair, kids' bedtime and too noisy
[20:02] <stgraber> should we wait for kees to have quorum?
[20:04] <soren> fine with me.
[20:04] <stgraber> I'm happy to chair but as the only thing on the agenda may need a vote, it's probably best to wait till kees joins us
[20:05] <cjwatson> I don't mind waiting abit
[20:05] <cjwatson> with spacing
[20:09] <kees> here!
[20:09] <kees> stgraber, cjwatson, soren: thanks for waiting :)
[20:10] <stgraber> hey kees
[20:10] <stgraber> #startmeeting Ubuntu Technical Board meeting
[20:10] <meetingology> Meeting started Mon Jun 24 20:10:09 2013 UTC.  The chair is stgraber. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[20:10] <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
[20:10] <stgraber> #topic Action review
[20:10] <stgraber> none listed on the wiki page
[20:10] <stgraber> #topic ColinWatson (puppeting for RickSpencer): "rolling" alias for development series
[20:11] <kees> everything last week got taken care of before I updated the agenda, so we're clean there
[20:11] <mdz> hi
[20:11] <kees> heya mdz
[20:11] <mdz> sorry I'm late
[20:11] <kees> no worries, we just got started
[20:11] <cjwatson> Ah, good
[20:12] <stgraber> hey mdz. No worries. I'll mark your as chair for the next meeting if that's alright (you were supposed to chair this one)
[20:12] <stgraber> *you
[20:13] <mdz> eek, sorry about that
[20:13] <cjwatson> So this (topic) is a leftover from UDS, which we assigned to Rick to come back to us with a name for approval: the name is to be used as an alias for whatever the current development series is, both for the publisher (so that people can choose to just stick with the alias rather than remembering to change every six months) and for uploads (so that people targeting "whatever's current" can just keep uploading to the ...
[20:13] <cjwatson> ... current alias without having to remember to change processes every six months)
[20:13] <cjwatson> After a WHOLE bunch of back-and-forth, Rick has come back with "rolling"
[20:14] <cjwatson> Hands up if you're surprised :)
[20:14] <cjwatson> He's on holiday this week, so I said I'd puppet
[20:14] <kees> for uploading, this means the release in the changelog?
[20:14] <cjwatson> From my point of view, as long as the name doesn't clash with anything else significant, I consider it a bikeshed and am prepared to go with basically anything reasonable
[20:14] <cjwatson> Right
[20:14] <cjwatson> (Or the sftp target, for those who use that)
[20:15] <kees> well sftp already has the "ubuntu" target.
[20:15] <cjwatson> It's actually a bit more than that :)
[20:15] <cjwatson> It's just not well known
[20:15] <cjwatson> (Anyway, that's a fine detail)
[20:16] <kees> for changelog, i'm less happy... this means there isn't really a sourceful hint as to the target release. hm
[20:16] <cjwatson> Hasn't hurt Debian
[20:16] <kees> but I guess it doesn't matter in practice.
[20:16] <cjwatson> I personally wasn't going to use it for regular Ubuntu uploads
[20:16] <cjwatson> But it would be available
[20:16] <kees> things going into -proposed will still need a release name dash proposed...
[20:16] <cjwatson> Not true
[20:17] <cjwatson> Magic aliasing :)
[20:17] <kees> well, okay, not NEED
[20:17] <cjwatson> I haven't uploaded anything explicitly to -proposed for about six months
[20:17] <kees> ok, I'm over my mental disruption about chnagelog now :)
[20:17] <cjwatson> Direct uploads to the release pocket are redirected to -proposed automatically, so there's been no need
[20:18] <cjwatson> I haven't started the implementation yet, but it wouldn't surprise me if the rolling -> <current dev> aliasing would happen most naturally after -proposed is stripped off, anyway
[20:18] <kees> yeah, and nothing should use the changelog for that.. it should use actual pkg and version details
[20:18] <cjwatson> Right, especially given widespread copies in modern Ubuntu
[20:19] <kees> (thinking about the security workflow, for example)
[20:19] <cjwatson> Yeah, I would be surprised if security didn't want to continue just using the true suite names; they don't have an awful lot of "oh, just use whatever's current" mindset
[20:19] <kees> okay, I'm cool with what a rolling release would mean for the technical bits.
[20:20] <kees> now, name. "rolling" is fine, but it'd be nice to have something snappier
[20:20] <cjwatson> My only personal caveat about the name is that it sort of socially engineers us into coming closer to an *actual* rolling release, but arguably, we're gradually heading that way anyway and as long as we don't do it precipitously (which I don't think is going to happen) ...
[20:21] <cjwatson> So I'm cool with it
[20:21] <kees> what were the other suggested names, and why were they not used?
[20:22]  * kees suggests "icarus"
[20:22] <cjwatson> Honestly, I don't have a full list, we delegated the naming to Rick and this is what he came back with
[20:22] <kees> or "babel"
[20:22] <cjwatson> "ubuntu" was suggested; I said "argh, category conflict and hideous confusion"
[20:22] <kees> haha, yeah, no
[20:22] <cjwatson> So I'd be -1 on that one, but mentioning it for the record :)
[20:23] <kees> i don't like "rolling" for similar reasons "rolling release confusion"
[20:23] <cjwatson> If you want a full "why weren't other things used" then we'll have to wait for Rick to get back from holidays
[20:24] <mdz> how about "current"?
[20:24] <cjwatson> That and "next" were my preferred names, but I ran out of energy for bikeshedding and decided I wasn't too bothered.  I think "current" has the problem that people ask "well, isn't the LTS current?"
[20:25] <kees> "current" would be sufficiently different from "stable" and "devel"
[20:25] <cjwatson> Which I'd acknowledge - in fact it's similar to part of the problem with "ubuntu"
[20:25] <kees> i like "next" a lot
[20:25] <stgraber> http://paste.ubuntu.com/5796585/
[20:25] <cjwatson> "next" appeals to git people but not sure it's broad enough, and I think there was some concern about confusion with unity next
[20:25] <stgraber> that's the list of names we came up during the vUDS session ^
[20:26] <mdz> "next" WFM also
[20:27] <kees> i don't like "tip" "head" or "trunk" because they're too tied to vcs imho. i don't have a vcs association with "next" as strongly.
[20:27] <kees> i think "devel" is too overloaded already
[20:28] <kees> (oh and "master" is too vcs-y for me too)
[20:29] <stgraber> I personally like "next" and dislike "rolling" for the same reason kees mentioned earlier.
[20:29] <kees> it sounds like "next" is best from that list? using a declarative instead of a proper noun also avoids release name confusion
[20:29] <cjwatson> next and rolling are the same part of speech :-)
[20:29] <cjwatson> Well, ish
[20:30] <kees> i meant "rolling" being confused with "rolling release"
[20:30]  * slangasek gets summoned
[20:30] <cjwatson> kees: I guess my question is, how inaccurate would that really be
[20:30] <kees> and I prefer "next" because it isn't an animal
[20:31] <cjwatson> kees: Oh, certainly we should stay away from anything that could fit into the category this is aliasing
[20:31] <kees> cjwatson: inaccurate? well, it's not a release, and to switch from "next" to "rolling" for an _actual_ rolling release would take non-zero work
[20:31] <slangasek> so I'm not sure I can offer any more concrete justifications for one name or another, but it would be nice if this could be decided since it's been carried over several times now (through no fault of the TB)
[20:32] <cjwatson> We (collectively) nacked the notion of moving straight to a rolling release in one step; but I think we are kind of heading in that direction in a variety of ways
[20:32] <cjwatson> So I suppose it's kind of an aspirational name
[20:32] <slangasek> if there's not a consensus for "rolling", should this maybe go to the next meeting, when rickspencer3 can be available?
[20:32] <cjwatson> I agree that "rolling" and "release" (the latter in the traditional Ubuntu sense anyway) are kind of oxymoronic in combination
[20:32] <kees> right, so I'd like to discourage a rolling release by not naming this alias "rolling"
[20:33] <cjwatson> I can start the work either way if the TB doesn't object to the fundamental concept, and slot in the name at the end, so it doesn't necessarily delay us a lot to wait
[20:33] <kees> slangasek: how about we go with "next" and if it has to be renamed, do that at a separate TB meeting. that way you're unblocked
[20:33] <cjwatson> (The name would likely be a database entry anyway)
[20:34] <kees> +1: alias for whatever is currently devel
[20:34] <kees> +1: naming it "next"
[20:34] <slangasek> cjwatson: does that unblock you?
[20:34] <cjwatson> I'd hoped not to have to go round again, but it does look like "next" is the rough consensus here
[20:34] <kees> what happens when there is no devel release? (right after stable cuts?)
[20:35] <cjwatson> The interval there is minutes
[20:35] <kees> heh, ok
[20:35] <cjwatson> Well, maybe an hour or two at most
[20:35] <cjwatson> I will try to make it not actually explode LP in that interval :)
[20:35] <kees> well, i guess it appears, but can be frozen. nm
[20:36] <cjwatson> slangasek: For now, yes
[20:36] <kees> having this alias will make several of my tools much happier :)
[20:38] <cjwatson> Do we need to explicitly vote here, or do we have clear consensus?
[20:38] <stgraber> sorry, was re-watching some of the vUDS discussion. So sounds like we all agree on having the alias (I thought we did that already at an earlier meeting but it's good nobody changed their mind) and that we tend to prefer "next"
[20:39] <stgraber> Do we want to vote on the name and have this set in stone or do we feel like we should give Rick a chance to convince us to use "rolling" instead?
[20:39] <kees> i didn't see if soren had thoughts
[20:39] <kees> i would like it actively not be "rolling" :P
[20:40] <mdz> "rolling" seems misleading but apparently there are some political considerations here
[20:40] <soren> kees: I didn't have a strong enough opinion to speak up :)
[20:40] <kees> soren: heh :)
[20:40] <stgraber> same here, I plan on -1 any vote to get "rolling" as that name, doesn't mean there can't be enough +1 to balance that out :)
[20:41] <cjwatson> Well, at least for now, that would clearly require more votes than are present, so let's assume we wouldn't
[20:41] <cjwatson> It sounds like if Rick wants to press for rolling then he needs to argue that case directly rather than by inadequate proxy :)
[20:41] <kees> let's go with "next" and if it needs additional bikeshedding it can happen later
[20:42] <cjwatson> I'll suggest that either he make the next meeting or he argue by e-mail
[20:42] <kees> regardless, it sounds like you're unblocked and the dev work to support "next" can start
[20:43] <stgraber> it's just going to be a pain to change after this goes live, so I'd suggest we let cjwatson do the actual implementation but just wait until after the next TB meeting to flip the switch
[20:43]  * kees nods
[20:43] <stgraber> so Rick (or anyone else for that matter) will have until then to argue for another name or we'll go with "next"
[20:44] <kees> +1
[20:44] <cjwatson> This certainly encourages me to put the name in the DB rather than hardcoding it, which is probably a good idea
[20:44] <mdz> ok, 30 minutes on this topic. time to move on? :-)
[20:44] <cjwatson> Not that I was massively inclined towards the latter, but still
[20:44] <cjwatson> Sure
[20:45] <cjwatson> Thanks
[20:45] <stgraber> alright, moving on
[20:45] <stgraber> #topic Scan the mailing list archive for anything we missed (standing item)
[20:45] <kees> openss
[20:45] <kees> l
[20:46] <stgraber> right and a Micro release exception for Xen
[20:46] <cjwatson> Oh, god.  I haven't really processed kees' reply on openssl yet.  Sorry ...
[20:46] <Daviey> Discussion on OpenSSL as a system library seems to be wedged.
[20:46] <kees> what's the update history on xen? do we have good testing for it?
[20:47] <cjwatson> I don't think I'm persuaded by kees' position but I still need to reply properly
[20:47] <kees> cjwatson: yeah, i figure openssl should continue a bit longer on the list, but we will need a vote at some point. slangasek promised a rebuttal too
[20:47] <cjwatson> Daviey: Is mongodb upstream's promise to add an exception still proceeding?
[20:48] <Daviey> cjwatson: yes, but MUCH slower than we hoped.
[20:48] <Daviey> cjwatson: (but this is also related to the squid issue aswell.)
[20:48] <kees> i didn't suspect you would be, since i can see the key elements where we have a separate conclusion on the same details :0
[20:48] <kees> er, :P
[20:49] <kees> i will follow up on the list with mre questions for xen.
[20:50] <kees> btw, we have several standing "provisional" mres still. bdmurray pointed this out to me. do we want to set a specific time to review them?
[20:50] <Daviey> I'm not comfortable speaking on behalf of the kernel team regarding xen, but my feeling as a server rep is that it isn't that good.  That said, I am supportive of this - providing a good level of QA is performed.
[20:50] <stgraber> right, so we need to continue both the openssl discussion and the Xen MRE discussion on the mailing-list. I meant to ask some questions wrt testing to Stefan but apparently got distracted and forgot about it...
[20:50]  * kees nods
[20:50] <stgraber> kees: we can add that to the agenda of our next meeting
[20:51] <kees> agreeds
[20:51] <kees> and I'll add an official vote for the openssl thing, just to have it done.
[20:51] <stgraber> ok
[20:51] <cjwatson> Daviey: Hm, I thought it was a lot better from precise on
[20:52] <cjwatson> Is that not the case?
[20:52] <Daviey> cjwatson: Oh, it is MUCH better from precise.  But I do not know how good our regression testing is.
[20:52] <kees> me too, but I haven't actually paid close attention
[20:52] <cjwatson> Fair enough
[20:52] <kees> cool
[20:52] <stgraber> #topic Check up on community bugs (standing item)
[20:52] <stgraber> count is still 0, moving on
[20:52] <kees> empty!
[20:52] <stgraber> #topic Select a chair for the next meeting
[20:53] <stgraber> that'll be mdz
[20:53] <mdz> ack
[20:53] <stgraber> #topic AOB
[20:53] <stgraber> anything?
[20:53] <kees> nothing from me.
[20:53] <mdz> nope
[20:54] <cjwatson> Not I
[20:55] <stgraber> ok then, thanks everyone!
[20:55] <kees> thanks stgraber!
[20:55] <stgraber> #endmeeting
[20:55] <meetingology> Meeting ended Mon Jun 24 20:55:04 2013 UTC.
[20:55] <meetingology> Minutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-06-24-20.10.moin.txt
[20:55] <meetingology> Minutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-06-24-20.10.html
[20:55] <cjwatson> Thanks
[20:56] <kees> cjwatson: the problem with openssl, is that you weight the areas you're highlighted higher than the areas I have, and vice-versa. I can't really show why your interpretation is _wrong_, just that I see a different one.
[20:57] <kees> so it's a weird spot to be in. I do think the benfits of my interpretation exceed the downsides, though, so maybe that could be part of the evaluation too. hmm
[20:57] <cjwatson> We possibly have different perceptions of the historical background
[20:57] <kees> that's certainly true.
[20:58] <cjwatson> I'm very wary of doing what could turn out to be a self-serving licence analysis - we're not the ones who get to pick the interpretation, which is why I tend to err towards the conservative when the licensors haven't given us guidance
[20:59] <cjwatson> I'm pretty much always happy to regard explicit licensor guidance as primary (although remembering that the relevant licensors might be more than just the upstream project in question, if there's extra contributed/borrowed/linked code involved)
[20:59] <kees> yeah; I certainly tend to try to see things by spirit when letter gets weird. anyway, to the mailing list. :)
[21:00] <cjwatson> I agree that there are benefits in your interpretation, and we wouldn't be having the discussion if there weren't :)  I just think this isn't necessarily a situation where trying really hard lets us win
[21:00] <cjwatson> But as you say