[16:34] <tyhicks> hello
[16:34] <tyhicks> #startmeeting
[16:34] <meetingology> Meeting started Mon Mar 28 16:34:37 2016 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:34] <meetingology> Available commands: action commands idea info link nick
[16:34] <tyhicks> The meeting agenda can be found at:
[16:34] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:34] <tyhicks> [TOPIC] Weekly stand-up report
[16:34] <tyhicks> jdstrand: you're up
[16:35] <jdstrand> hey
[16:35] <jdstrand> I'm working on snappy stuff this week. specifically, I just uploaded it for a devpts newinstance, I've got a branch of fixes from sarnold's review and working on argument filtering today
[16:36] <jdstrand> I will continue to help with landing the caps -> interfaces transition
[16:36] <jdstrand> and snappy on classic policy
[16:36] <jdstrand> I think that's it from me
[16:36] <jdstrand> sbeattie: you're up
[16:37] <sbeattie> I'm in the happy place this week
[16:37] <sbeattie> After being off a week, I'm currently shoveling email by the truckload into a garbage bin
[16:38] <sbeattie> I need to see where the apparmor stacking stuff is at
[16:38] <sbeattie> I have some apparmor patches to review and other bits to work on there as well
[16:38] <sbeattie> I have a couple of kernel signoff tasks waiting for me.
[16:39]  * jdstrand notes that 'it' in the first sentence of mine was the launcher
[16:39] <sbeattie> I also plan on doing more pie work in preparation for 16.10 opening.
[16:39] <sbeattie> That's pretty much it for me
[16:39] <sbeattie> tyhicks: over to you
[16:40] <tyhicks> I'm on community this week
[16:40] <tyhicks> I'm currently wrapping up the AppArmor testplan for the 2.10.95 upload to xenial
[16:41] <tyhicks> it has been a painful process
[16:41] <tyhicks> I'd eventually like for us to automatically run most of those tests so that we're not seeing a bunch of test breakage right before an upload
[16:42] <tyhicks> after apparmor is uploaded, I need to catch up on email
[16:42] <tyhicks> I have ignored it for too long
[16:42] <tyhicks> then I need to do ecryptfs maintenance stuff (a couple bug fixes, patch reviews, mailing list replies)
[16:42] <sbeattie> tyhicks: anything we can help with on the testing front?
[16:43] <tyhicks> sbeattie: I think I'm a couple hours away from wrapping it up
[16:43] <sarnold> jenkaas may be useful..
[16:43] <tyhicks> if I get through all of that, I want to start pitching in with review work (MIRs, MP reviews, etc.)
[16:43] <tyhicks> sarnold: speaking of MIRs, you're up :)
[16:44] <sarnold> i'm on bug triage this week; I'm going to finish the fwupd mir today (and this time I mean it -- new approach, strace / exectrace the thing and try to see if the firmware.xml.gz is gpg checked or not rather than continuing via source inspection); I'll start golang-websocket-dev MIR but since I also have sprint travel prep, short week, may not finish it
[16:44] <tyhicks> oh... short week for me, too (off friday)
[16:44] <sarnold> I think that's it for me, tyhicks back to you?
[16:44] <tyhicks> thanks
[16:44] <tyhicks> [TOPIC] Highlighted packages
[16:45] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:45] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:45] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gtkwave.html
[16:45] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libinfinity.html
[16:45] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-h8300-hms.html
[16:45] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html
[16:45] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/fso-frameworkd.html
[16:45] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:45] <tyhicks> Does anyone have any other questions or items to discuss?
[16:48] <tyhicks> jdstrand, sbeattie, sarnold: Thanks!
[16:48] <tyhicks> #endmeeting
[16:48] <meetingology> Meeting ended Mon Mar 28 16:48:30 2016 UTC.
[16:48] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-03-28-16.34.moin.txt
[16:48] <sarnold> thanks tyhicks!
[16:50] <sbeattie> tyhicks: thanks!
[16:55] <jdstrand> thanks tyhicks :)
[19:14]  * mwhudson looks around for a dmb meeting
[19:24] <cyphermox> mwhudson: we're figuring out if, considering it's Easter Monday for some people, we have quorum.
[19:24] <mwhudson> cyphermox: yeah, i figured that was likely to be a problem
[19:26] <stgraber> I'm around
[19:32] <stgraber> current state is that cyphermox is around, bdmurray is around, I'm around and micahg is kinda around (had to step away for a few minutes)
[19:32] <stgraber> so if we all manage to be around at the same time, that's quorum
[19:33] <cyphermox> well, I'm not going anywhere, building ubiquity again while I prepare some other stuffs
[19:33] <mwhudson> i am minding a 3yo but i have an ipad so,,,
[19:34] <stgraber> I need to step away for about 10min unfortunately but I'll be back after that. Doesn't look like Eric Desrochers (slashd) is around, so looks like it will just be mwhudson
[19:56] <stgraber> I'm back but haven't heard back from the other DMB members... so I guess we're still waiting for micahg to get back
[19:56] <micahg> still on the phone
[19:59] <micahg> here now
[20:01]  * mwhudson is still here but would like to head off if the meeting is not actually going to happen
[20:05] <stgraber> still here
[20:06] <stgraber> so we need bdmurray and cyphermox
[20:06] <cyphermox> I'm here, still annoyed at ubiquity
[20:06] <bdmurray> Here
[20:06] <stgraber> cool, who's chairing?
[20:06] <stgraber> (I'm on a call, multi-tasking, so not ideal for me to do it)
[20:07] <micahg> same here (multi-tasking)
[20:08] <cyphermox> I think everybody is going to be multi-tasking
[20:08] <cyphermox> I'll chair, give me a second
[20:10] <cyphermox> #startmeeting DMB 2016-03-28
[20:10] <meetingology> Meeting started Mon Mar 28 20:10:15 2016 UTC.  The chair is cyphermox. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[20:10] <meetingology> Available commands: action commands idea info link nick
[20:11] <cyphermox> #topic Review of previous action items
[20:11] <cyphermox> any change?
[20:12] <cyphermox> #voters cyphermox stgraber bdmurray micahg
[20:12] <meetingology> Current voters: bdmurray cyphermox micahg stgraber
[20:12] <cyphermox> moving on...
[20:13] <cyphermox> #topic Ubuntu Contributing Developer applications
[20:13] <cyphermox> looks like we don't have slashd around here today; skipping to the next point on agenda
[20:13] <cyphermox> #topic Ubuntu Core Developer applications
[20:14] <cyphermox> #subtopic Michael Hudson-Doyle's application (mwhudson) for core-dev
[20:14]  * mwhudson o/
[20:14] <cyphermox> mwhudson: please introduce yourself
[20:14] <mwhudson> hi, i'm a long time canonical employee who has been moving more and into ubuntu dev over the years
[20:15] <mwhudson> i've been de facto maintaining go for the last 6 or 7 months
[20:16] <mwhudson> i'm going to be working on using go shared libraries in the next cycle, which will require touching every package that we want to build into a shared library
[20:16] <mwhudson> which is why i'm applying for core dev rather than ppu, even though i don't have heaps of uploads on varied things yet
[20:17] <mwhudson> .. is that enough? :)
[20:17] <mwhudson> oh yes, i've also applied to maintain go in debian
[20:18] <mwhudson> and have developed a decent relationship with the existing golang maintainers
[20:22] <cyphermox> any DMB members have questions for mwhudson?
[20:22] <cyphermox> stgraber: bdmurray: micahg: ?
[20:23] <cyphermox> mwhudson: how does working on golang qualify you for dealing with all packages in the ubuntu archive?
[20:23] <mwhudson> cyphermox: well, it doesn't, i guess
[20:23] <bdmurray> mwhudson: You seem to be in favor of having all uploads reviewed, would you be looking for people to review your uploads?
[20:23] <mwhudson> cyphermox: surely not all core devs work on all packages?
[20:24] <cyphermox> mwhudson: well, really it's a thinly veiled deeper question ;)
[20:24] <mwhudson> cyphermox: i think my record in other projects should indicate that you don't need to worry about going crazy and doing things un-supervised
[20:24] <mwhudson> bdmurray: for less trivial things, yes
[20:24] <doko> cyphermox, ohh, he's touching gccgo as well ;p
[20:25] <cyphermox> doko: you didn't write a testimonial for mwhudson on his wiki page; are you here to cheer for him? :)
[20:25] <mwhudson> bdmurray: there's a difference between asking for advice/review and asking for sponsorship
[20:25] <bdmurray> doko: You've sponsored some packages for him, do you have an opinion?
[20:25] <mwhudson> bdmurray: in my experience on other projects too
[20:26] <doko> sorry, otp
[20:26] <mwhudson> bdmurray: e.g. getting commit rights to go upstream smoothed things, even though getting stuff reviewed there is easier than getting sponsorship in ubuntu ime
[20:27] <mwhudson> that said, if you want to see more general ubuntu dev from me before granting core dev, i won't be offended!
[20:28] <micahg> stgraber sponsored an upload as well :)
[20:28] <cyphermox> so did I
[20:28] <stgraber> haha, yeah, tiny packaging fix :)
[20:28] <mwhudson> my attempts at getting advocates on my application were not very successful :/
[20:29] <cyphermox> mwhudson: it's not that there's anything wrong with the application per se, every one is different. we're just trying to see if you understand the impact of what you're done so far, and limitations
[20:29] <cyphermox> you have one testimonial from slangasek already, and doko was here too to vouch for you; that's good
[20:30] <cyphermox> (I'm not saying more to not influence the decision of the other DMB members. FWIW, I'm ready to vote)
[20:30] <mwhudson> cyphermox: what do you mean by limitations?
[20:31] <cyphermox> mwhudson: when it's time to ask for review, etc.
[20:31] <mwhudson> ah ok
[20:31] <mwhudson> i think by nature i err on the side of caution there
[20:31] <mwhudson> possibly excessively so :-)
[20:32] <micahg> mwhudson: are you familiar with the release cycle and which type of uploads are appropriate when?
[20:33] <mwhudson> micahg: yes, more or less
[20:34] <mwhudson> as in we are in final freeze now, so all changes to things that are seeded require release team approval, and past beta you need a ffe from a release team for new features
[20:35] <mwhudson> for better or worse i seem to interact with ~ubuntu-release people quite a lot :-)
[20:35] <micahg> do you know where you can find the milestone dates with all the relevant freezes and links to their respective documentation?
[20:36] <mwhudson> on the wiki? i always have to google to find the page though :)
[20:36] <mwhudson> https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
[20:37] <mwhudson> the stuff i work on tends not to be very user-facing, so i don't know much about the ui freeze/translation stuff
[20:38] <micahg> yeah, googling is fine :)
[20:39] <micahg> but if you notice, feature freeze actually kicks in about a week before the first beta so things can be stabilized
[20:40] <mwhudson> ah yes
[20:40] <stgraber> micahg: when we are in beta freeze or other similar milestone where we're about to put out images, do you know how to check whether a package you're about to upload is affected (and so know when to refrain from uploading)?
[20:40] <mwhudson> i am subscribed (and actually read :-p) to ubuntu-devel-announce
[20:40] <mwhudson> stgraber: assuming that was for me, i use seeded-in-ubuntu
[20:41] <micahg> that was likely an mtcf
[20:41]  * micahg made an acronym :)
[20:41] <stgraber> yeah, I sure hope micahg know about it :)
[20:41] <mwhudson> micahg: m tab completion fail?
[20:41] <micahg> multi-tasking tab complete failure
[20:42] <mwhudson> ah
[20:42] <micahg> or should that be mttcf
[20:42] <stgraber> mwhudson: so next cycle while the cdimage team is preparing beta-1, are you fine to upload vlc to the archive?
[20:45] <mwhudson> stgraber: i admit don't entirely understand what seeded-in-ubuntu is telling me here (it's only seeded in the daily images, so maybe it's ok?) so i would certainly ask someone before uploading
[20:46] <stgraber> mwhudson: daily and daily-live specifically mean that it's on an image
[20:46] <stgraber> though I admit my tricky question kinda failed here because mate is now seeding it :)
[20:47] <stgraber> mwhudson: care to take a guess at the same for mythtv? :)
[20:48] <mwhudson> let me guess this is going to depend if mythbuntu is official in some sense
[20:48] <stgraber> haha, not official, but close
[20:48] <mwhudson> i don't *think* mythbuntu is handled by the cdimage team, but i don't know
[20:49] <stgraber> mythbuntu is an official flavour, everything seeded-in-ubuntu tells you is usually right
[20:49] <stgraber> however mythbuntu is an LTS-only flavour
[20:49] <mwhudson> so again, i'd be asking
[20:49] <stgraber> so they do no put out images in non-LTS cycles which means that those packages aren't actually frozen
[20:50] <stgraber> mwhudson: have you ever done a package merge? do you know where to get the list of pending merges?
[20:50] <mwhudson> ah so next cycle it would be ok to upload something mythubuntu-only during freeze, but it would not have been this cycle
[20:50] <mwhudson> stgraber: i have merged golang several times
[20:50] <stgraber> mwhudson: correct
[20:50] <mwhudson> stgraber: merges.ubuntu.com
[20:50] <mwhudson> wait, that's not the list of pending merges i guess
[20:50] <stgraber> mwhudson: cool, are you going to help merging more packages next cycle?
[20:50] <mwhudson> yes
[20:51] <stgraber> it is, the links to the index files can be found in the header
[20:51] <stgraber> cool
[20:51] <stgraber> mwhudson: how about library transitions? can you tell us what's involved with those?
[20:51] <mwhudson> i also have a medium term plan to get rid of the delta for the golang packaging entirely ...
[20:51] <mwhudson> stgraber: as in, new SONAMEs?
[20:52] <stgraber> mwhudson: right
[20:52] <mwhudson> i only know the outlines, that you upload a new lib source package that creates eg libfoo4, then upload (or rebuild) all its deps until nothing reverse-depends on the now nbs libfoo3 package and it can be removed from the archive
[20:53] <mwhudson> i've only watched from the sidelines though, never really been involved
[20:53] <mwhudson> (something that will obviously change a bit with go shared libraries)
[20:54] <stgraber> do you know of the tool we use to track those?
[20:54] <mwhudson> no
[20:55] <mwhudson> i know britney/proposed-migration is involved somewhat, but i don't think you mean that?
[20:55] <stgraber> http://people.canonical.com/~ubuntu-archive/transitions/
[20:55] <stgraber> no, ben ^ lets you track the needed rebuilds
[20:56] <stgraber> there may be circular dependencies and other complications which require several round of uploads
[20:56]  * mwhudson bookmarks
[20:57] <mwhudson> not a very interesting point in the cycle to be looking at that page i guess :-)
[20:58] <stgraber> have you ever done SRUs?
[20:58] <mwhudson> yes
[20:58] <mwhudson> mostly for gccgo i think
[20:58] <mwhudson> (so i didn't do the actual packaging, doko did, but i made patches and filed the bugs and did the verification)
[20:58] <stgraber> ok, can you describe the process to me, from upload to the archive to it landing on someone's system?
[20:59] <mwhudson> the upload goes to proposed, the bug gets tagged verification-needed, then once that's changed to verifcation-done and 7 days have passed and britney is happy, it migrates to -updates
[21:00] <mwhudson> and as updates is enabled by default, everyone should get it next time they update
[21:00] <stgraber> just missed two tiny details :)
[21:00] <stgraber> 1) the upload is held in the queue for review by the SRU team
[21:00] <stgraber> 2) not everyone gets updates at the same time, we phase them
[21:01] <stgraber> http://people.canonical.com/~ubuntu-archive/phased-updates.html
[21:01] <mwhudson> ah yes, 1) was totally opaque to me for the longest time
[21:01] <stgraber> do you know where to look at the current queues?
[21:01] <mwhudson> i presume for more user facing things, some staring at errors.ubuntu.com is involved
[21:02] <mwhudson> https://launchpad.net/ubuntu/xenial/+queue
[21:02] <stgraber> cool
[21:02] <stgraber> are you familiar with backports and can you explain how they different from SRUs?
[21:03] <mwhudson> i am loosely familiar, i know the requirements are less stringent about what can get in there, but i don't actually know what the requirements are
[21:03] <stgraber> ok, requirements are typically that they must be changed uploads from the source release they come from (backportpackage does that for you) and that they can't break their reverse dependencies
[21:03] <mwhudson> the key difference from the user's pov is that you only get them if you ask for them, they don't happen to unsuspecting victims
[21:04] <stgraber> cool
[21:04] <stgraber> do you know how packages end up being pulled into main and onto installation media and images?
[21:05] <mwhudson> the latter is to do with seeds and germinate?
[21:05]  * mwhudson spots the pun, very very late 
[21:05] <stgraber> :)
[21:05] <stgraber> yeah, so does the former
[21:05] <mwhudson> but main is closed under build-depends as well as depends
[21:05] <stgraber> do you know where to find the list of packages which should be promoted or demoted by haven't been yet?
[21:06] <mwhudson> or at least was, or is right now or something
[21:06] <mwhudson> (i know this is changing)
[21:06] <mwhudson> um, i know component-mismatches emails get sent to ubuntu-devel all the time
[21:06] <stgraber> what's changing is whether packages in main can build-depend on packages which aren't (or aren't yet) in main
[21:07] <stgraber> cool, yeah, that's component-mismatches there is also a more comprehensive online report of it with fancy svg and stuff
[21:07] <mwhudson> so yeah, a bit of guessing gets me to http://people.canonical.com/~ubuntu-archive/component-mismatches.html
[21:07] <stgraber> yep, that one and its matching one for the proposed pocket
[21:07] <stgraber> what's needed for a package currently in universe to be moved to main, outside of a friendly archive admin to actually process the move?
[21:08] <mwhudson> a MIR and the security team review that involves
[21:08] <stgraber> ok
[21:08] <stgraber> so we're more than out of time and I think I'm out of questions to ask, anything else the other members may want to ask?
[21:08] <bdmurray> and a package subscriber
[21:08] <mwhudson> oh yes
[21:09] <bdmurray> not me
[21:09] <mwhudson> i am that package subscriber for at least one package :)
[21:09] <stgraber> yeah, that's one of the tick box in the MIR process, I think it may even ask for a team rather than individual subscriber
[21:14] <cyphermox> #vote mwhudson to be granted core-dev
[21:14] <meetingology> Please vote on: mwhudson to be granted core-dev
[21:14] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[21:14] <stgraber> +1
[21:14] <meetingology> +1 received from stgraber
[21:14] <bdmurray> +1
[21:14] <meetingology> +1 received from bdmurray
[21:14] <cyphermox> +1
[21:14] <meetingology> +1 received from cyphermox
[21:17] <cyphermox> micahg: ?
[21:21] <micahg> =1
[21:21] <micahg> +1
[21:21] <meetingology> +1 received from micahg
[21:22] <stgraber> mwhudson: congratulations!
[21:22] <mwhudson> woo thanks everyone
[21:23] <stgraber> cyphermox: close the vote and wrap up the meeting?
[21:23] <cyphermox> yep
[21:23] <cyphermox> #endvote
[21:23] <meetingology> Voting ended on: mwhudson to be granted core-dev
[21:23] <meetingology> Votes for:4 Votes against:0 Abstentions:0
[21:23] <meetingology> Motion carried
[21:23] <cyphermox> congrats mwhudson
[21:24] <cyphermox> we're way over time, I think it's time we wrap up this meeting, indeed
[21:24] <cyphermox> #topic AOB
[21:24] <cyphermox> any other things?
[21:24] <stgraber> nope, hopefully we'll have a new DMB soon :)
[21:26] <cyphermox> yeah, we need to finish restaffing.
[21:26] <cyphermox> alright, that's all folks
[21:26] <cyphermox> #endmeeting
[21:26] <meetingology> Meeting ended Mon Mar 28 21:26:50 2016 UTC.
[21:26] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2016/ubuntu-meeting.2016-03-28-20.10.moin.txt