[16:31] <tyhicks> hello
[16:31] <mdeslaur> \o
[16:31] <tyhicks> #startmeeting
[16:31] <meetingology> Meeting started Mon Jan 30 16:31:40 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:31] <meetingology> Available commands: action commands idea info link nick
[16:31] <tyhicks> The meeting agenda can be found at:
[16:31] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <tyhicks> no announcements today
[16:31] <tyhicks> [TOPIC] Weekly stand-up report
[16:31] <tyhicks> jdstrand: you're up
[16:32] <jdstrand> hi!
[16:32] <jdstrand> short week this week (off firday)
[16:32] <jdstrand> mostly caught up on snappy reviews. After driving them to 0 by eod on Friday, now have 3 followup reviews that came in today
[16:32] <jdstrand> I plan to get back to seccomp arg filtering policy this week
[16:32] <jdstrand> I'll move the miscellaneous review tools updates card if I have time
[16:33] <jdstrand> that's it from me. mdeslaur, you're up
[16:33] <mdeslaur> I'm in the happy place
[16:33] <mdeslaur> currently working on openssl updates
[16:33] <mdeslaur> have a bunch of pending updates to test and publish
[16:33] <mdeslaur> that's it from me, sbeattie?
[16:33] <sbeattie> I'm on community this week.
[16:34] <sbeattie> I'll have kernel USNs to publish this week
[16:34] <sbeattie> I need to finish testing the openssh update I was working.
[16:35] <sbeattie> And then I'll poke at the list of outstanding issues
[16:35] <sbeattie> That's it for me. tyhicks?
[16:35] <tyhicks> I'm on bug triage this week
[16:35] <tyhicks> cve triage last week kept me from making much progress on work items
[16:36] <tyhicks> I need to submit my second revision of seccomp patches to lkml
[16:36] <tyhicks> workaround an apparmor utils bug that is keeping me from uploading apparmor 2.11 to zesty
[16:37] <tyhicks> I have 2 embargoed issues
[16:37] <tyhicks> that's it for me
[16:37] <tyhicks> jjohansen: you're up
[16:38] <jjohansen> I need to finish up with my end of the dconf work
[16:38] <jjohansen> I have some patches to send up to the kt
[16:39] <jjohansen> a reply to tetsuo to finish up and send out to lkml
[16:39] <jjohansen> and I really need to finish looking at casey's latest round of stacking patches
[16:40] <jjohansen> then if time more of the upstreaming work, plan is securityfs bits, that I didn't get to last week
[16:41] <jjohansen> thats it for me, sarnold you're up
[16:41] <sarnold> I'm on cve triage this week, working on MIRs in the remaining time
[16:42] <sarnold> I expect to finish the apache mellon module mir today or tomorrow depending upon how busy MITRE's been, so it would be nice to have a new top priority soon
[16:42] <sarnold> that's it for me, chrisccoulson?
[16:42] <chrisccoulson> I've got an oxide update to do this week, and I expect to have chromium to sponsor as well
[16:43] <chrisccoulson> Hopefully no other updates - thanks to a Firefox respin I ended up having to test that twice last week
[16:43] <tyhicks> :(
[16:43] <chrisccoulson> I've got a Firefox regression to fix, but that shouldn't take much time
[16:44] <chrisccoulson> Other than that, I'm finishing off tests for work I did in oxide last week, then I plan to move on to bug 1637195 which should mostly be a copy / paste job from webbrowser-app
[16:45] <chrisccoulson> And I need to make some changes to my firefox menubar patch and send that upstream, although there's currently nobody assigned to review that anyway
[16:45] <chrisccoulson> That's me done
[16:45] <ratliff> I'm in the happy place this week
[16:45] <ratliff> I have a few more updates for Snappy 15.04 to process
[16:46] <ratliff> Then I will work some on the notification process
[16:46] <ratliff> that's it for me this week
[16:46] <ratliff> back to you tyhicks
[16:47] <tyhicks> thanks!
[16:47] <tyhicks> [TOPIC] Highlighted packages
[16:47] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:47] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:47] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pen.html
[16:47] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/inn.html
[16:47] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/consolekit.html
[16:47] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/vxl.html
[16:47] <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/lwipv6.html
[16:47] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:47] <tyhicks> Does anyone have any other questions or items to discuss?
[16:49] <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks!
[16:49] <tyhicks> #endmeeting
[16:49] <meetingology> Meeting ended Mon Jan 30 16:49:54 2017 UTC.
[16:49] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-01-30-16.31.moin.txt
[16:50] <sarnold> thanks tyhicks!
[16:50] <ratliff> thanks tyhicks!
[16:50] <sbeattie> tyhicks: thanks!
[16:51] <mdeslaur> thanks tyhicks
[16:54] <jjohansen> thanks tyhicks
[16:58] <jdstrand> tyhicks: thanks!
[18:38] <slashd> whois slashd
[18:39] <slashd> disregard ^, forgot the "/"
[19:00] <rbasak> o/
[19:00] <sil2100> o/
[19:00] <rbasak> Who's here?
[19:00] <rbasak> I have a hard stop in about an hour (depends on how long a drive somewhere will be).
[19:01] <chiluk> o/
[19:01] <cyphermox> I'm here.
[19:01] <chiluk> hey cyphermox
[19:03] <sil2100> Who's driving the meeting?
[19:03] <chiluk> bdmurray ?? dmb meeting?
[19:03] <sil2100> The agenda mentions Adam
[19:04] <sil2100> chiluk: bdmurray won't be around sadly
[19:04] <rbasak> It's been stuck at Adam for a long time :-/
[19:05] <rbasak> I'd prefer not to chair today please. Too many distractions here right now, and note my hard stop above.
[19:05] <sil2100> I was chairing the last meeting, the additional one we had because of the holidays
[19:05] <sil2100> But still, we miss one person...
[19:06] <chiluk> infinity shows away as well
[19:07] <chiluk> can't we just use his absence as passive consent?
[19:07] <sarnold> :)
[19:07] <chiluk> there's really no way infinity would admit that I'm coredev material... then again, I'm not sure if he'd say that about most coredevs.
[19:07] <sil2100> hah ;)
[19:07] <rbasak> It is possible to hold a meeting and leave it to the ML to make a vote quorate.
[19:07] <chiluk> I'm fine with that.
[19:08] <sil2100> Yeah, I guess if we won't get quorrum I'm +1 on continuing that on the ML
[19:08] <sil2100> Since we can't postpone this forever
[19:08] <chiluk> yeah it's been almost 2 months now.
[19:08] <chiluk> well since I was put on the agenda.
[19:08] <sil2100> We'll just have to make sure that the vote continues on the ML, since those tend to take a very long time as well if left as-is
[19:08] <rbasak> Is the sponsorship miner down?
[19:09] <rbasak> There is https://launchpad.net/~chiluk/+uploaded-packages
[19:09] <rbasak> Which should be a subset I think.
[19:09] <sil2100> It works for me
[19:09] <chiluk> http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi?render=html&sponsor=&sponsor_search=name&sponsoree=*Chiluk&sponsoree_search=name
[19:09] <chiluk> is more complete
[19:10] <rbasak> Hmm, working now.
[19:10] <chiluk> but still not complete.
[19:10] <sil2100> cyphermox: can you chair? We could do as per rbasak's proposition - start the candidate review here and finish on the ML
[19:13] <sil2100> Ok then, I'll chair again in this case
[19:13] <sil2100> Need a minute though
[19:13] <sil2100> #startmeeting DMB meeting
[19:13] <meetingology> Meeting started Mon Jan 30 19:13:59 2017 UTC.  The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:13] <meetingology> Available commands: action commands idea info link nick
[19:14] <sil2100> #topic Review of previous action items
[19:14] <sil2100> rbasak to get mapreri's PPU additions done by the TB (carried over) <- is it still in progress?
[19:15] <rbasak> I've not managed to address anything for the DMB yet this year - sorry. I believe it's still in progress.
[19:15] <rbasak> IIRC, the TB did do something for us. I need to find out where it is.
[19:16] <sil2100> Ok, so I guess the other one is carried over as well
[19:16] <sil2100> Let's skip to the next point then
[19:16] <sil2100> #topic Package Set/Per Package Uploader Applications
[19:16] <sil2100> I see we still have David's application on the agenda
[19:17] <sil2100> Does anyone know if the vote for that got finalized on the ML?
[19:17] <sil2100> I at least don't remember getting the rest of the votes for that one
[19:17] <rbasak> I don't remember seeing any further votes on that.
[19:18] <rbasak> Yeah, no replies AFAICS.
[19:18] <mapreri> rbasak, sil2100: ISTR my PPU addition also required voting.
[19:18] <mapreri> when did those happen?
[19:19] <sil2100> I don't think single additions require a vote, right?
[19:19] <sil2100> Just one DMB member, if he decides it's fitting, can do the permission changes - or am I wrong?
[19:19] <rbasak> I think (and said) otherwise.
[19:20] <rbasak> AFAIK, a packageset addition can be done by one DMB member verifying that the proposed new package meets the packageset criteria in the description.
[19:20] <rbasak> But I'm not aware of anything like that for PPU.
[19:20] <sil2100> Ah, indeed
[19:20] <sil2100> You might be right
[19:20] <mapreri> Yeah, I'm reporting due to what rbasak told me privately, given that I completely fail at finding a through description of DMB workflows :)
[19:20] <rbasak> There may be a policy I don't recall or never read about.
[19:20] <rbasak> All I know is https://wiki.ubuntu.com/DeveloperMembershipBoard/KnowledgeBase
[19:21] <rbasak> But, I think a vote for mapreri should be straightforward.
[19:21] <mapreri> oh, consider that I'm DD requiring PPU for a package I maintain, that might streamline the process for this particular case.
[19:22] <sil2100> Should we vote? We don't have a quorrum so it'd have to go through the ML as well
[19:22] <chiluk> if only I had a vote I'd vote for you mapreri.\
[19:22] <rbasak> Do we have a list of what mapreri can already upload?
[19:23] <mapreri> rbasak: pbuilder and libreoffice-dictionaries are in my PPU list from main; then I'm also MOTU.
[19:23] <mapreri> chiluk: :)
[19:23] <rbasak> mapreri: how long have you had those?
[19:23] <mapreri> rbasak: iirc early December 2016
[19:24] <rbasak> Ah, OK.
[19:24] <sil2100> Indeed:
[19:24] <sil2100> Archive Upload Rights for mapreri: archive 'primary', source package 'pbuilder'
[19:24] <sil2100> Archive Upload Rights for mapreri: archive 'primary', source package 'libreoffice-dictionaries'Archive Upload Rights for mapreri: archive 'primary', source package 'pbuilder'
[19:24] <rbasak> mapreri: how long have you been maintaining inkscape in Debian?
[19:24] <mapreri> rbasak: yeah, recently.
[19:24] <sil2100> Uh, double-paste I guess
[19:24] <mapreri> uh
[19:24] <mapreri> some time 2015 i think
[19:24] <rbasak> 2015?
[19:24] <rbasak> OK
[19:25] <mapreri> my first thing in the changelog is 2014
[19:25] <rbasak> I'm ready to vote then. Shame we don't have quorum :-/
[19:25] <rbasak> (but we can do a partial vote now and try to finish it on the ML later)
[19:25] <sil2100> Yeah, let's vote, I'll push the rest to the ML
[19:25] <mapreri> rbasak: (if it's still interesting)  [ Mattia Rizzolo ]\n  * debian/control: add myself to Uploaders => Apr 2015
[19:25] <sil2100> #vote for mapreri to gain additional PPU rights for inkscape
[19:25] <meetingology> Please vote on: for mapreri to gain additional PPU rights for inkscape
[19:25] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[19:26] <sil2100> +1
[19:26] <meetingology> +1 received from sil2100
[19:26] <rbasak> +1
[19:26] <meetingology> +1 received from rbasak
[19:26] <sil2100> cyphermox: you still around?
[19:28] <chiluk> sil2100: rbasak from KB "DDs who are PPU through the normal process can apply by email to have their access extended to further packages they (or a team they are a member of) maintain. This only requires one DMB member to agree in order to pass."
[19:28] <rbasak> Ah
[19:28] <sil2100> Oh
[19:28] <sil2100> #endvote
[19:28] <meetingology> Voting ended on: for mapreri to gain additional PPU rights for inkscape
[19:28] <meetingology> Votes for:3 Votes against:0 Abstentions:0
[19:28] <meetingology> Motion carried
[19:28] <chiluk> sounds like it's a pass  mapreri
[19:28] <rbasak> OK, done then. Sorry mapreri, I could have just done it when you first asked.
[19:29] <mapreri> Oh.  Well, guess all learned something today :)
[19:29] <sil2100> Should I add an action item for each of us to look through the KB again? ;)
[19:30] <chiluk> it's all the way at the bottom.. no one reads that far.
[19:30] <sil2100> Anyway, let's continue
[19:30] <mapreri> Thank you, anyway!
[19:30] <sil2100> mapreri: you're welcome!
[19:30] <sil2100> rbasak: will you handle that?
[19:30] <rbasak> Does someone want to take an action to sort that with the TB?
[19:30] <rbasak> Sure.
[19:30] <sil2100> Thanks :)
[19:30] <sil2100> #topic Ubuntu Core Developer Applications
[19:31] <cyphermox> sorry, i was on the phone
[19:31] <sil2100> #subtopic Dave Chiluk
[19:31] <sil2100> chiluk: could you introduce yourself?
[19:31] <chiluk> https://wiki.ubuntu.com/chiluk/CoreDevApplication
[19:31] <chiluk> I've been working for Canonical as a Sustaining engineer for the last 4 years fixing Ubuntu advantage customer issues.
[19:32] <chiluk> many of which don't result in uploads.
[19:32] <chiluk> I've had a LP id since 2008, and I think I started with Ubuntu in 06..
[19:32] <chiluk> so it's been a while.
[19:32] <chiluk> I mostly fix packages in main, hence the Coredev app instead of MOTU.
[19:33] <chiluk> and I also mostly do SRU's and not development uploads.
[19:33] <chiluk> actually probably 80% of my uploads are SRUs.
[19:33] <chiluk> which makes getting fixes out a real bear..
[19:34] <chiluk> since I currently need two other devs to approve any of my fixes.
[19:34] <chiluk> I think that's most of it.
[19:34] <rbasak> Two questions: 1) what are your goals with respect to upload rights; and 2) is not having core dev blocking you at the moment, apart from uploading SRUs, and if so, how?
[19:35] <rbasak> IOW, are you asking for core dev just to fix the SRU problem?
[19:35] <chiluk> rbasak: 1) I'd like upload rights so I no longer have to harass existing core devs.
[19:36] <chiluk> 2.) it is blocking me at the moment. https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1655225
[19:36] <chiluk> is a good example
[19:36] <chiluk> mostly I feel that me not having core dev puts an undo burden on the other core devs in the U.S. Timezones.
[19:37] <chiluk> as I'm part of a larger team with few core devs.
[19:37] <rbasak> Are you familiar with the conversation with - slashd I think?
[19:37] <chiluk> rbasak I am.
[19:38] <chiluk> and rbasak I'm not sure if that would be useful.
[19:38] <rbasak> I'm sorry I haven't addressed that yet.
[19:38] <rbasak> But I am interested in your opinion. Please go on.
[19:38] <chiluk> rbasak, I'm also TIL on a few packages ..
[19:38] <rbasak> (I'm sorry I have to run in 20 minutes, otherwise I'd chat for longer right now)
[19:38] <chiluk> rbasak, also I'm not sure if having SRU only upload is even possible given the structure of teams in LP.
[19:39] <chiluk> I do like the general idea, but I don't think it's doable given the current structure of development in Ubuntu.
[19:39] <chiluk> unless there's something that LP can do that I'm not aware of.
[19:40] <rbasak> My concern is that based on your application I feel that your experience is quite narrow. I would like to hear what others think of this kind of case. I appreciate the pain and I want to fix that. But does that mean it's appropriate to change ACLs bits to wide open?
[19:41] <sil2100> chiluk: I have a question regarding a recent discussion I saw on #ubuntu-devel - it seems one of your merges didn't have a correct changelog, right?
[19:41] <rbasak> I'm really quite torn, and I think the answer to that question is bigger than just me or a few people on the DMB.
[19:41] <chiluk> sil2100: yes that is correct.
[19:41] <sil2100> chiluk: why was that? Did you put non-remaining changes into the 'remaining changes' part by mistake?
[19:41] <rbasak> And I'm interested to hear what some really-long-time Ubuntu devs think.
[19:41] <sil2100> (like, new changes)
[19:42] <chiluk> sil2100: it was a merge I did this morning that I was TIL on.  and yes it was a mistake... the change still existed, but it had been merged into debian..
[19:42] <sil2100> Ah, ok
[19:43] <chiluk> sil2100: I also do my best to get the corresponding dd or previous UCD to do the upload... which is part of the reason slangasek caught that one.
[19:44] <chiluk> rbasak what other things do you think I need to broaden my experience?
[19:45] <chiluk> I guess another reason I'd like to get coredev is so that I can manage series tracks in bugs.
[19:46] <chiluk> I think there's another team for that, but coredev is definitely included in that group.
[19:47] <chiluk> exuse me for a sec, but I need to make sure my dog is not being eaten by a coyote.
[19:47] <cyphermox> well, everyone makes mistakes in changelogs every once in a while, or in merging anyway. I usually first go through making changelog and then ripping things out if it shows that they are in fact merged or no longer require
[19:48] <sil2100> chiluk: during your work on packages, did you have a lot experience with dealing with autopkgtests, proposed migration and the like?
[19:48] <rbasak> chiluk: I think if I were to filter SRUs out of your endorsements and your sponsored uploads, it would be a bit thin. I'm not sure we'd give core dev to a hypothetical applicant with that application.
[19:48] <rbasak> Now, it may be that Ubuntu devs say "yes but that's fine", and that's an open question that I'm not sure about.
[19:48] <rbasak> I intend to prioritise getting that thread started about this.
[19:50] <chiluk> sil2100: I did have to deal with autopkgtest failures with my core-utils upload, and possibly a few others.
[19:50] <chiluk> but there are only a few.
[19:50] <sil2100> chiluk: did you always make sure that the packages that were sponsored for you made it to the release pocket?
[19:51] <chiluk> always..
[19:51] <chiluk> that's part of our teams process.
[19:51] <rbasak> I need to run very soon.
[19:51] <chiluk> we don't close our customer cases, until our package uploads hit the -udates archives.
[19:51] <sil2100> Ok, I had one more question, but rbasak maybe you want me to start the vote now?
[19:51] <chiluk> rbasak, additionally we are usually the first to do verification on the uploads as well..
[19:52] <rbasak> I would like to defer my vote for now, pending any outcome of the thread. I'm sorry I have not followed up on that yet. I will prioritise doing that.
[19:52] <sil2100> Ok
[19:52] <rbasak> Especially now that there are two blocked on it.
[19:52] <rbasak> I'm sorry for the pain and I really want to unblock you, but I also feel that it's a bigger issue that we should resolve, and that it's important for us to be consistent.
[19:52] <sil2100> In this case what I would propose is to take the vote to the mailing list in that case
[19:52] <chiluk> rbasak: completely understood.
[19:53] <chiluk> I just feel this is the next logical step for me to become more efficient.. and for the rest of the team to be more efficient by not having to micro-manage my uploads.
[19:53] <sil2100> There everyone will be able to think his decision though
[19:53] <sil2100> chiluk: ok, one semi-technical question - let's say you work on a package (or maybe sponsor some upload for someone) where you add a new binary dependency to a package
[19:53] <rbasak> chiluk: to be clear, I'd be happy with you uploading SRUs without a sponsor.
[19:54] <rbasak> Based on your application.
[19:54] <rbasak> I'm just not sure that core dev is the right step, and that's what I'd like wider opinion on.
[19:54] <chiluk> thanks rbasak
[19:54] <sil2100> chiluk: what would be the first few things you'd need to check in such a case?
[19:54] <rbasak> I'm going to run as I need to be somewhere.
[19:54] <sil2100> rbasak: see you o/
[19:54] <rbasak> Sorry I couldn't help more today.
[19:54] <rbasak> o/
[19:55] <chiluk> sil2100: add to debian/control, check for additional dependencies, then check for other packages that depend on the package I changed...
[19:55] <chiluk> manifest for iso's may need to change as well.
[19:55] <chiluk> also rebuilding may be necessary for all related packages
[19:55] <chiluk> depending on the change.
[19:55] <sil2100> chiluk: ok, now let's say the package you work on is in main - does that opt for some additional change?
[19:55] <sil2100> I mean, additional check?
[19:56] <chiluk> yes.. if the dependency is in universe
[19:56] <sil2100> That's what I wanted to hear
[19:56] <chiluk> that universe package may have to be pulled into main as well...
[19:56] <chiluk> I haven't had to do that yet.
[19:56] <chiluk> but I'm aware of the restrictions related to it.
[19:56] <sil2100> It very frequently happens with packages that Canonical is upstream for
[19:56] <sil2100> Anyway
[19:57] <chiluk> fortunately I will rarely be the uploader for those.
[19:57] <sil2100> Ok, those are all questions from me
[19:57] <sil2100> cyphermox: any questions?
[19:57] <sil2100> If not, I guess let's move this to a mailing thread and do the vote there
[19:57] <chiluk> I'm ok with that.
[19:57] <chiluk> infinity can reject me there.
[19:58] <chiluk> because infinity.
[19:58] <sil2100> Noo, Adam's not like that!
[19:58] <sil2100> He's a good guy, really
[19:58] <sil2100> For realz
[19:58] <sil2100> Anyway, thanks for showing up and sorry for not being able to sort it out here
[19:58] <chiluk> sil2100: i know... I just like to give him crap.
[19:58] <sil2100> ;)
[19:59] <sil2100> #endmeeting
[19:59] <meetingology> Meeting ended Mon Jan 30 19:59:02 2017 UTC.
[19:59] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-01-30-19.13.moin.txt
[19:59] <sil2100> I'll send out the e-mail in a bit
[19:59] <sil2100> Thanks everyone!
[19:59] <chiluk> thanks sil2100, rbasak, cyphermox... fortunately my dog was not eaten, but she did find something she's trying to kill.