=== fego_ is now known as zephyr
=== jono is now known as Guest27980
=== Sp4rKy is now known as Sp4rKy_
=== Sp4rKy_ is now known as Sp4rKy
=== JoseAntonioR is now known as JoseeAntonioR
=== zequence_ is now known as zequence
=== psivaa is now known as psivaa-lunch
=== fader_` is now known as fader_
=== kyri is now known as tr3quart1sta
=== cking_ is now known as cking
=== psivaa-lunch is now known as psivaa
=== cjohnston_ is now known as cjohnston
=== chiluk` is now known as chiluk
=== dosaboy_ is now known as dosaboy
=== plars_ is now known as plars
mdeslaur o/16:34
meetingologyMeeting started Mon Jul  8 16:35:04 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:35
meetingologyAvailable commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired16:35
jdstrandThe meeting agenda can be found at:16:35
jdstrand[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:35
jdstrand[TOPIC] Announcements16:35
=== meetingology changed the topic of #ubuntu-meeting to: Announcements
jdstrandChristian Kuersteiner (ckuerste) provided debdiffs to lucid, precise, to fix libopenid-ruby (LP: #1190491). Your work is very much appreciated and will keep Ubuntu users secure.16:35
ubottuLaunchpad bug 1190491 in ruby-openid (Ubuntu Quantal) "XML denial of service vulnerability" [Medium,Fix released] https://launchpad.net/bugs/119049116:35
jdstrand[TOPIC] Weekly stand-up report16:35
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
jdstrandI'll go first16:35
jdstrandI'm on triage this week16:35
jdstrandlast week did various !AppArmor work in support of click packages, application isolation and the SDK. Some more to do there. Uploading patches to !AppArmor today (two uploads for saucy for now-- one with and without apache 2.4 patches16:35
jdstrandI have several pending updates I am trying to get out too16:36
jdstrandand patch piloting got deferred to this week16:36
jdstrandmdeslaur: you're up16:36
mdeslaurI just published raptor2 updates16:36
mdeslaurI'm on community this week16:36
mdeslaurI'm working on some ruby updates at the moment16:36
mdeslaurand have some other updates to test16:36
mdeslaurthat's it from me16:36
mdeslaursbeattie: you're up16:36
sbeattieI'm on apparmor this week16:37
sbeattieI'm also working on the SDK/click stuff.16:37
sbeattieI also need to review the bits that jdstrand has worked on.16:37
sbeattieThat's pretty much the focus for me this week. tyhicks?16:38
tyhicksI'm currently finishing up a lot of changes to the apparmor regression tests for dbus16:38
tyhicksOne of the changes addresses hangs that jdstrand experienced last week on a loaded system16:38
tyhicksI'll be working to drive the dbus syntax to completion16:39
tyhicksI wasn't able to get to any of the eCryptfs maintainership duties that I mentioned last week, so those will have to be done this week16:39
tyhicksI think that's it for me16:39
tyhicksjjohansen: you're up16:39
jjohansenwell there will be some syntax completion work this week16:40
jjohansenan apparmor meeting to prep for16:40
jjohansenand I will be continuing to work on my apparmor wi for July16:41
jjohansenI think that is it from me, sarnold your up16:42
sarnoldI'm going to finish review of aa-easyprof changes, apparmor 2.8.2 release, and MIR audits this week16:43
jdstrandsarnold: sorry for another big patch :) I think that may be it for a little bit anyway16:44
sarnoldapparmor 2.8.2 relies upon sbeattie or jjohansen to help walk me through it, but I think we wanted it released before tomorrow's apparmor meeting, so it'll probably happen today :)16:44
sarnoldjdstrand: oh cool :)16:44
sbeattiesarnold: I'll help guide you along for 2.8.216:45
sarnoldah, no chrisccoulson, jdstrand, back to you :)16:45
sarnoldsbeattie: thanks16:45
jdstrand[TOPIC] Highlighted packages16:45
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
jdstrandThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.16:45
jdstrandSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.16:45
jdstrand[TOPIC] Miscellaneous and Questions16:46
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
jdstrandDoes anyone have any other questions or items to discuss?16:46
jdstrandmdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks!16:56
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Jul  8 16:56:09 2013 UTC.16:56
meetingologyMinutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-08-16.35.moin.txt16:56
meetingologyMinutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-08-16.35.html16:56
sbeattiejdstrand: thanks!16:56
mdeslaurthanks jdstrand!16:56
sarnoldthanks jdstrand :)16:56
jjohansenthanks jdstrand16:56
=== funkyHat_ is now known as funkyHat
meetingologyMeeting started Mon Jul  8 19:58:35 2013 UTC.  The chair is mdz. Information about MeetBot at http://wiki.ubuntu.com/meetingology.19:58
meetingologyAvailable commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired19:58
* stgraber waves20:00
mdz#topic action review20:01
=== meetingology changed the topic of #ubuntu-meeting to: action review
mdzI don't see any actions recorded from the previous meeting. correct?20:01
mdz#topic Discussion and vote on the development series alias name20:01
=== meetingology changed the topic of #ubuntu-meeting to: Discussion and vote on the development series alias name
mdzfollowing up from the previous meeting20:02
mdzcurrent proposals are "rolling" (preferred by Rick) and "next' (preferred by the TB)20:02
stgraberI don't think we gave any direct action indeed, though there's a sort of action for cjwatson to implement the LP code for the series alias20:02
mdzRick doesn't seem to be around20:02
mdzIIRC the reason we deferred was to get his input20:02
cjwatsonI mailed him earlier today, but he's just back from holiday and may be snowed under still20:02
cjwatsonI don't think there's a point in revisiting without him, since the point was indeed to reconcile20:02
cjwatsonperhaps we should try mail20:03
cjwatsonin any case:20:03
stgraberI also directly Cced him on the minutes but I haven't heard anything back from him either20:03
mdzI recommend that if the topic comes around again in 2 weeks and he's not here, we proceed anyway20:03
cjwatsonthere's an implementation issue wgrant raised when I started trying to get database changes made in support of this, with respect to PPAs20:03
cjwatsonI need to hash that out with him20:03
cjwatsonhowever William is now himself off on holiday20:03
cjwatsonso this is blocked for a while in any event20:03
cjwatsonI have the rest of the code written, so will be pretty close once that's sorted20:04
mdzeven if it's not blocking, it's not good to keep this open for too long20:04
mdzso I'd like to wrap it next time regardless20:04
mdz#topic Discussion and vote on OpenSSL as a system library20:06
=== meetingology changed the topic of #ubuntu-meeting to: Discussion and vote on OpenSSL as a system library
stgraberfine with me, I'll be at a sprint in London for our next meeting, but should still be able to attend20:06
mdzthread: https://lists.ubuntu.com/archives/technical-board/2013-June/001653.html20:06
mdzprevious thread: https://lists.ubuntu.com/archives/technical-board/2013-May/001602.html20:06
cjwatsonso, I haven't had a chance to reply properly to kees on this, but I finally managed to articulate my objection to his line of argument just now when preparing for this meeting20:06
cjwatsonit is this: his line of argument could be used to justify constructing derived works that combine the GPL with any other free-but-GPL-incompatible licence, as long as it's far enough embedded into our system20:08
cjwatsonand I just can't reconcile that with my understanding of the spirit of the GPL, as presented by the FSF20:08
mdzI think in many cases there's a divergence between the intent of the FSF and the intent of the copyright holder20:09
mdzand it seems fair to favor the latter20:09
cjwatsonsure, and I'm happy to accept an explicit statement from the licensor, as I've mentioned before20:09
cjwatsonhowever, we are talking here about the fallback case where there isn't an explicit statement20:09
mdzwe're talking about GPLv2, yes?20:10
cjwatsonv2 in one case, v3 in the other.  I forget which was which.20:10
cjwatsonif mongodb/squid/whatever issue an explicit statement clarifying the intent of their licence, and that covers the GPLed code involved, I'm more than happy to honour that20:10
cjwatsonthat much I think is not in dispute20:10
mdzso there seems to be no practical problem on the table (anymore)?20:11
cjwatsonbut, for the rest, an interpretation where it can be freely linked with openssl is not within *my* understanding of the spirit of the GPL, so I couldn't vote for allowing that20:11
cjwatsonwell, except that neither has actually got round to issuing such a statement AFAIK20:12
mdzScottK requested a statement on this regardless of any specific case20:12
sorenmdz: I understand there's a decent chance the copyright holder didn't intend to prevent us from linking their code with openssl. However, if our reading of the license says that it's not permitted, I think we're in very dangerous territory by wholesale assuming that the copyright holder didn't mean to have that particular bit of their license to us apply.20:12
cjwatsonmy understanding was that mongodb said they were planning to but hadn't yet, and some squid developers had been making vague noises, but nothing determinative20:12
mdzsoren, agreed20:12
cjwatsonI respect the alternate readings that Dave and Kees and others have put forward; I just don't agree with them :)20:13
* kees is here, sorry I'm late20:13
cjwatsonhttp://gplv3.fsf.org/wiki/index.php/Compatible_licenses#GPLv2-incompatible_licenses explicitly lists the FSF's opinion that the OpenSSL licence is incompatible with the GPLv220:14
cjwatsonso I have an extremely hard time saying that we could assume the contrary in the absence of an explicit statement20:14
mdzI'm inclined to agree20:15
keeshm, given openssl is explicitly called out there, then yeah.20:15
cjwatsonsimilarly on http://www.gnu.org/licenses/license-list.html20:15
* soren too20:15
mdzbut I'm willing to be pragmatic with the statement from the copyright holders20:15
cjwatsonsorry, http://www.gnu.org/licenses/license-list.html#OpenSSL20:15
cjwatsonmdz: right, me too, absolutely20:15
mdze.g. an email is fine, I don't see it as necessary to have them change all of the copyright notices20:15
sorenI wish it weren't so, as it obviously is a pain in the "#¤%, but that's just how it is.20:15
keesmy rationale was mostly from the perspective of "since this is vague"... but that would make it NOT vague. :P20:15
keesalthough, I still wonder one thing...20:15
cjwatsonsoren: Yep, I entirely agree that this position is inconvenient - I just don't think we get to read licences for our convenience20:16
keesthere's no question it is incompat... but can it be dynamically linked?20:16
sorencjwatson: Precisely.20:16
keesi.e. clearly can't _include_ openssl in a piece of software. but link?20:16
mdzkees, that comes down to the interpretation of a derived work20:16
cjwatsonkees: The FSF's position on that is clear elsewhere; dynamically linking forms a derivative work of the two20:16
cjwatsonAgain, I would be happy to accept the overriding opinion of a licensor (copyright holder)20:16
cjwatsonBut it makes sense to me that if you've written software such that it requires dynamically linking against OpenSSL to actually work, then it's a derived work ...20:17
keeshow can linking be derived? the point of shared objects was to create API boundries.20:17
sorenNaturally. The license is the copyright holder's terms for other people's use of their software. Their interpretation will always take precedence.20:17
keesderived is "and then I added a new encryption scheme to openssl" not "and then I opened an https connection"20:18
sorenkees: When you consume libraries, your work builds on top of their functionality.20:18
cjwatsonI *think* this has been tested in court although [citation needed]20:18
keesso "combined work" != "derived work"20:18
sorenkees: That constitutes "derived work" in my book.20:18
keesso, "use LGPL" is the other answer, I guess.20:19
mdzthere is room for interpretation there, and maybe even different rulings in different jurisdictions20:19
keesbut what about the exceptions to this that were made for non-free libc?20:19
cjwatsonThat was because you couldn't run anything on those platforms at all without using the non-free libc20:19
cjwatsonThat being the point of the system library exception20:20
cjwatsonBut there are alternatives to using OpenSSL ...20:20
mdzFSVO "alternative" :-)20:20
keesheh, so if we kick gnutls out of the archive, we can link against openssl? :P20:20
cjwatsonI've never been convinced by trying to expand the scope of the system library exception, partly because it doesn't seem to fit the historical context of that exception20:20
keesI would argue that the context still holds: when all examples of using crypto references openssl, when is the defacto standard, that kind of makes it a system library, imo20:21
cjwatsonIn the case of the system library exception, you're using interfaces that have both free and non-free implementations - nothing about your program is inherently derived from the non-free thing20:21
cjwatsonBut in the case of the OpenSSL APIs (as opposed to the crypto standards they implement), those are very definitely proprietary (in the sense of ownership) to OpenSSL20:22
keesI think that stands for openssl too -- there is no other interface to swap into place.20:22
cjwatsonSo the C library and OpenSSL are not comparable here20:22
cjwatsonIf the GnuTLS stub for the OpenSSL APIs ever reached reasonable completion, then you could swap them freely and I think that changes the argument, not to mention the pragmatics20:23
* soren .oO{ What if all the time spent in different communities in different contexts discussing this particular problem had been put towards perfecting a libssl compatible wrapper for gnutls }20:23
keesI disagree. All the examples and recommended implementations of crypto I've seen for new programmers, school texts, etc, all use openssl interfaces.20:23
cjwatsonBut we just aren't there20:23
cjwatsonAnd those are therefore derivative of OpenSSL20:23
keessoren: yeah, that would be nice, for sure.20:23
cjwatsonThe OpenSSL people put substantial creativity into those interfaces - they aren't neutral things20:24
keesI don't see libc being a neutral interface either. If "C Programming in the Unix Environment" shows me how to use "popen", and it's an exception, then I think "Secure Programming" showing how to use OpenSSL is very nearly the same.20:25
mdzkees, I don't think the question is whether it's a de facto standard20:25
cjwatsonBut popen has lots of implementations, many free20:25
keesthen why would there be an exception for the non-free ones?20:25
mdzbut whether it's a Major Component or part of a Major Component of Ubuntu20:25
cjwatsonIf nobody else has managed to produce a sufficient replacement for OpenSSL, that *strengthens* OpenSSL's claim to have its licence respected properly20:25
keesmdz: right, and I view crypto as an OS primitive.20:26
cjwatsonI do not20:26
cjwatsonIt is not a required element20:26
mdzThe “System Libraries” of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A “Major Component”, in this context, means a m20:26
mdzajor essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it.20:26
cjwatsonmdz: (the wording is importantly different between v2 and v3; I analysed both in my original mail to the list about this)20:27
mdzyes, just adding some context here20:27
keesright, so that's why we differ in our conclusions. I believe crypto to be a Major Component, with OpenSSL being the defacto standard interface.20:28
* soren idly wonders how amazingly amputated Ubuntu would be without libssl20:28
cjwatsonIn GPLv2, the business about "major components" pertains to distributing source, section 3, but does not affect the requirement to distribute the work as a whole under the same licence, section 220:28
keessoren: I'll let you know right after I sniff all your traffic.20:28
mdzA "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. [GPLv3]20:28
cjwatsonSo IMO even invoking the system library exception does not save you for GPLv220:28
sorenkees: *rimshot*20:28
keesmdz: exactly. I actually think GPLv3 is MORE supportive of it.20:29
mdzkees, yes, I agree there is more wiggle room in v320:29
keessoren: but that's one of many reasons I think it's a critical piece of the OS.20:29
mdzin that particular definition20:29
mdzbut as cjwatson says, that's not the main issue in v220:29
sorenI don't really think it matters whether it's an implementation of an official standard.20:30
mdzthat's one of two conditions, only one of which needs to be met20:30
sorenIf there were some esoteric operating system whose basic API was entirely homegrown, I could write GPL software that runs on there without problems.20:30
keesI absolutely understand where cjwatson is coming from. I just don't come to the same conclusions.20:30
mdzcan we defer to someone with the requisite legal expertise here, rather than armchairing it?20:31
sorenmdz: But it's fun!20:31
cjwatsonmdz: The FSF have published their analysis20:31
mdzwe're all clearly capable of putting forth coherent, logical arguments which contradict each other20:31
cjwatsonI don't see what we gain from trying to rebut the authors of the licence20:31
mdzcjwatson, what are you referring to? something other than the license itself?20:32
keescjwatson: though I don't think they have published a statement that openssl is not a major component of ubuntu.20:32
cjwatsonkees: OpenSSL would have to be "included in the normal form of packaging a Major Component, but which is not part of that Major Component" to qualify20:33
cjwatsonmdz: Things like the license-list above20:33
mdzdespite the long, proud Debian tradition of debating license interpretations, I don't see this as part of the tech board's charter20:33
cjwatsonWell, I tried to reject it for ubuntu-archive, which is the normal body to interpret such things20:34
sorenmdz: Can you think of a more suitable, existing governing body for this?20:34
cjwatsonBut it's been escalated20:34
stgraberagreed, the FSF clearly lists the OpenSSL license as being incompatible without the extra clause so unless the copyright holder says otherwise (which they can and we should encourage them to when possible), I believe we should respect the license's author's interpretation20:34
mdzso I don't think we'll come to a unanimous agreement here today20:35
cjwatsonCan we dispose of part of it?  I had the sense we were (mostly?) agreed that the situation with GPLv2 was clear20:36
stgraberthe TB is the normal escalation path from ubuntu-archive, so I have no problem with us making a call here, not sure what we'd gain in postponing it some more or trying to find somebody else to delegate to20:36
mdzcjwatson, good point20:36
mdzkees, can you concede the v2 piece?20:36
mdzstgraber, this is a technical matter, but not within the discipline where we have expertise20:36
mdz(with all due respect for cjwatson's experience with licensing)20:37
cjwatsonoh, merely an *experienced* armchair lawyer :P20:37
mdzwe are fundamentally reliant on third party analysis to make a reasonable call here20:37
cjwatsonno need for due-respect qualifiers :)20:37
mdzwhereas for technical matters pertaining to software engineering and suchlike, I would be comfortable with us being a primary source20:38
keesmdz: I don't think I do, since GPLv3 was meant to clarify GPLv2, and GPLv3 (to me) supports OpenSSL being a Major Component.20:38
stgrabermdz: sure, and I believe the various documents that have been linked and the various analysis on our mailing-list and others is sufficient for us to make a reasonable call20:38
cjwatsonkees: What about my point that the major component bit of GPLv2 is not sufficient to permit what people are trying to do?20:38
keesstgraber: I don't disagree that trying to release KeesSSL (forked from OpenSSL) would mean it's not GPL compat.20:38
cjwatsonkees: It's confined to the source-distribution bit in section 3, while the must-distribute-work-as-a-whole-under-this-licence thing is in section 2 with no mention of the system library exception ...20:39
keescjwatson: I'm not sure I understood what you meant with it.20:39
mdzkees, he means that there's no such exception which enables the distribution of the software under the terms of the GPL20:40
cjwatsonMy objection to linking GPLv2 with OpenSSL is that I believe that forms a derived work as a whole, and v2 s. 2 says that the work as a whole must be licensed under the terms of the GPL20:40
mdzthere's only an exception to allow those components to be excluded from source code distribution20:40
keesmdz: "the software" being OpenSSL or thing-dyn-linking-to-openssl ?20:40
cjwatsonAnd that the system library bit is an exception for s. 3 not s. 220:40
mdzkees, the derived work20:40
keesI suck at arm-chair lawyering20:42
mdzok, so the options seem to be: 1. vote here and now, or 2. defer to an expert opinion20:42
mdzany other options to put on the table?20:42
mdz"keep arguing" is excluded ;-)20:42
mdzit's been a month and no consensus has emerged20:43
keescjwatson: where in GPLv2 is the linking bit?20:43
stgraberI unfortunately fear that 2. is == "keep arguing" and I agree we've argued enough about this :)20:43
mdzstgraber, how so? I think we could easily agree on a law firm we could trust to give us an informed opinion20:44
mdzbut we have another topic on the agenda and only 15 minutes left20:44
mdzI for one have a meeting directly after20:44
cjwatsonkees: v2 doesn't specify, it relies on copyright law interpretation to define what's a derived work20:44
cjwatsonkees: v3 clarified this to "Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, ..."20:45
keescjwatson: the faq seems to imply v2 has a system library exception. https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs20:46
cjwatsoncovering source code distribution20:46
cjwatsonoh, found another interesting thing20:46
cjwatsonfrom one of the authors of the GPLv3; says 'Debian unsuccessfully sought FSF opinion that OpenSSL was a GPLv3 "System Library"'20:46
mdz#vote +1 means vote here and now, -1 means defer to an expert third party opinion, +0 means do nothing and leave things as they are (i.e. somewhat ambiguous)20:47
meetingologyPlease vote on: +1 means vote here and now, -1 means defer to an expert third party opinion, +0 means do nothing and leave things as they are (i.e. somewhat ambiguous)20:47
meetingologyPublic votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)20:47
meetingology+1 means vote here and now, -1 means defer to an expert third party opinion, +0 means do nothing and leave things as they are (i.e. somewhat ambiguous) received from mdz20:47
ScottKFWIW, right now we have at least two archive admins with a different view of what's permissible and if something is accepted into the archive shouldn't depend on who does the review.20:47
meetingology+1 received from stgraber20:48
meetingology+1 received from kees20:48
mdzweird, meetingology seems to have interpreted my vote request as a vote20:48
cjwatsonand has the context that the v3 redraft of the system library exception was motivated by making Nexenta legal20:48
meetingology+1 received from soren20:48
meetingology-1 received from mdz20:48
cjwatson+1   I feel I have *read* enough expert third party opinions and would rather get it over wish20:48
meetingology+1   I feel I have *read* enough expert third party opinions and would rather get it over wish received from cjwatson20:48
meetingologyVoting ended on: +1 means vote here and now, -1 means defer to an expert third party opinion, +0 means do nothing and leave things as they are (i.e. somewhat ambiguous)20:48
meetingologyVotes for:4 Votes against:1 Abstentions:020:48
meetingologyMotion carried20:48
mdzok, so we vote20:48
mdzso what do we specifically want to decide? whether an exception is required to have GPL (v2 or v3) software link with OpenSSL in Ubuntu?20:49
keesI think that summarizes it, yes.20:50
cjwatsonwe should vote on our interpretation of v2 and v3 separately IMO20:50
mdzwe're all in agreement that it's cool with an exception, and that the exception doesn't need to be shipped with the software, correct?20:50
keesshouldn't the exception be in debian/copyright though?20:50
cjwatsonI'd say the packager ought to put it in debian/copyright, but I'm willing to trust an e-mail, yes20:50
cjwatson(plenty of precedent for that, including at least one of my own packages ;-) )20:50
mdzproposed motion to vote on: An explicit exception is required in order for GPLv2 licensed software to link (statically or dynamically) with OpenSSL in Ubuntu20:51
keesseems like having the exception living somewhere in HEAD is sufficient, in the source better, in debian/copyright best.20:51
stgraberyep, I'm fine with that, it's how we've mostly been doing things and what the license author recommends (not the separate e-mail part, but I'm fine with that if it's in debian/copyright)20:51
sorenmdz: Sounds good to me.20:51
cjwatsonIs there any dispute about the static case?20:52
keesmdz: yeah, wording on that vote seems good20:52
keesI don't dispute the static case at all20:52
cjwatsonWe didn't discuss that above20:52
mdzok, removing that then20:52
mdz#vote An explicit exception is required in order for GPLv2 licensed software to dynamically link with OpenSSL in Ubuntu20:52
meetingologyPlease vote on: An explicit exception is required in order for GPLv2 licensed software to dynamically link with OpenSSL in Ubuntu20:52
meetingologyPublic votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)20:52
meetingology+1 received from soren20:53
meetingology+1 received from stgraber20:53
mdzI didn't want the vote to imply that static linking was OK20:53
meetingology+1 received from mdz20:53
meetingology-1 received from kees20:53
meetingology+1 received from cjwatson20:53
meetingologyVoting ended on: An explicit exception is required in order for GPLv2 licensed software to dynamically link with OpenSSL in Ubuntu20:53
meetingologyVotes for:4 Votes against:1 Abstentions:020:53
meetingologyMotion carried20:53
mdz#vote An explicit exception is required in order for GPLv3 licensed software to dynamically link with OpenSSL in Ubuntu20:53
meetingologyPlease vote on: An explicit exception is required in order for GPLv3 licensed software to dynamically link with OpenSSL in Ubuntu20:53
meetingologyPublic votes can be registered by saying +1, +0 or -1 in channel, (private votes don't work yet, but when they do it will be by messaging the channel followed by +1/-1/+0 to me)20:53
meetingology-1 received from kees20:54
meetingology+1 received from stgraber20:54
mdz+0 I don't think I have studied this one enough20:54
meetingology+0 I don't think I have studied this one enough received from mdz20:54
cjwatson+1 - kees did come close to persuading me to at least abstain, but the presentation from Red Hat's counsel has re-convinced me20:54
meetingology+1 - kees did come close to persuading me to at least abstain, but the presentation from Red Hat's counsel has re-convinced me received from cjwatson20:54
meetingology+1 received from soren20:54
meetingologyVoting ended on: An explicit exception is required in order for GPLv3 licensed software to dynamically link with OpenSSL in Ubuntu20:54
meetingologyVotes for:3 Votes against:1 Abstentions:120:54
meetingologyMotion carried20:54
mdzScottK, satisfactory?20:54
ScottKmdz: Definitely.  I think that's quite clear.20:54
mdz#topic Review our current "provisional" Micro Release Exceptions20:54
=== meetingology changed the topic of #ubuntu-meeting to: Review our current "provisional" Micro Release Exceptions
ScottKThanks for taking on this difficult issue.20:55
keeswhile those slides were very interesting, I still feel that we're a different distro from both RH and debian.20:55
cjwatsonThanks; and hope nobody was offended by robust debate :-)20:55
mdzProvisional exceptions:20:55
mdzNova, Glance, Horizon, Keystone (to unblock SRU on 2012-06-25)20:55
mdzCinder, Quantum on 2012-12-0320:55
mdzLibreOffice (2012-06-25)20:55
mdzMesa (2012-07-23 - SPECIAL CASE: piglit test suite is not in-tree, needs to be run on real hardware)20:55
mdzvlc (2012-07-23)20:55
mdzceph for Ubuntu >= 12.10 and ceph upstream LTS releases 2013-02-2520:55
mdzlibdrm for Ubuntu 12.10. Backport of the 13.04 version to match that backported in 12.04 as part of lts-raring enablement.20:55
keesyeah, thanks for this. I never expected to convince everyone, but I'm glad to have had the chance to lay out my thoughts. :)20:55
stgraberso I granted the libdrm one as a one-time thing, I believe mlankhorst did that backport and so we can now remove it from the list20:56
cjwatsonThe server MREs seem to be going fairly smoothly from what I've seen20:56
keesto review the pMRE list, I'd be curious to see how many times they've been SRUed since the pMRE, and how many regressions were seen.20:56
mdzstgraber, agreed, you can go ahead and remove that if you like20:56
mdzkees, yes, that would be useful20:57
mdzI don't have that information to hand20:57
mdzand suspect it would take some legwork to assemble20:57
stgrabermdz: done20:57
keesbdmurray: do you happen to have any off-the-top-of-your-head thoughts on these pMRE packages's SRU behavior so far?20:57
cjwatsonShould be minable easily out of /ubuntu/+source/foo/+publishinghistory20:58
cjwatsonThere've certainly been "some" of each of the server ones; I don't immediately recall regressions there ...20:58
bdmurraykees: with my work on phasing updates I have a report of possible regressions about packages released to -updates20:58
bdmurrayhowever, since some of the packages are server related and those don't automatically go to errors it may not very helpful20:59
bdmurrayhere is the report20:59
mdzwe're out of time21:00
mdzI don't recall the reason for reviewing these; presumably just general housecleaning?21:01
mdzseems like we could take the analysis offline and probably resolve these by mail21:01
keesmdz: yes21:01
cjwatsonI think so; it ought to be done every so often21:01
keesmdz: agreed, thanks!21:01
mdzso someone could cross-reference bdmurray's analysis with the list of pMREs and send the results to the mailing list21:01
cjwatsonmail> agreed21:01
mdzany volunteers?21:01
keesmdz: I will do that21:01
mdzkees, thank you21:01
cjwatsonthank you!21:01
mdz#action kees to cross-reference phased-updates.html with pMREs and send analysis to technical-board@21:02
meetingologyACTION: kees to cross-reference phased-updates.html with pMREs and send analysis to technical-board@21:02
mdz#topic next chair21:02
=== meetingology changed the topic of #ubuntu-meeting to: next chair
mdzso stgraber and I swapped21:02
cjwatsonI guess that means it's probably me?21:02
mdzpitti? soren?21:02
cjwatson22nd - I'll be at the releng sprint in London21:02
cjwatsonnot totally sure I'll be around21:03
mdzpitti would be next in nick order21:03
mdzoh, sorry, confused21:03
mdzI was going to be last time, right?21:03
mdzand stgraber filled in21:03
cjwatsonoh, that would still make it pitti then I guess21:03
mdzso I think pitti next, then soren, then cjwatson21:03
mdz#action pitti to chair next meeting21:03
meetingologyACTION: pitti to chair next meeting21:03
cjwatsonif we remember21:03
mdz#topic EOB21:03
=== meetingology changed the topic of #ubuntu-meeting to: EOB
mdzanything incredibly urgent?21:03
mdzer AOB21:03
mdzthanks, all21:04
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Jul  8 21:04:09 2013 UTC.21:04
meetingologyMinutes (wiki):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-08-19.58.moin.txt21:04
meetingologyMinutes (html):        http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-08-19.58.html21:04
cjwatsonthanks mr chair21:04
=== Trevinho_ is now known as Trevinho
=== JoseeAntonioR is now known as j
=== j is now known as JoseeAntonioR
=== JoseeAntonioR is now known as jose

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!