[17:00]  * slangasek waves
[17:00]  * infinity grunts
[17:00] <mdeslaur> hi
[17:01] <slangasek> hello
[17:01] <mdeslaur> sorry for not updating the agenda
[17:01] <slangasek> #startmeeting
[17:01] <meetingology> Meeting started Tue Mar 14 17:01:17 2017 UTC.  The chair is slangasek. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[17:01] <meetingology> Available commands: action commands idea info link nick
[17:01] <slangasek> :-)
[17:01] <slangasek> [TOPIC] Apologies
[17:01] <slangasek> none received on the mailing list
[17:02] <slangasek> kees: are you here?
[17:02] <slangasek> we have mdeslaur infinity slangasek; no sign of stgraber on channel
[17:03] <slangasek> [TOPIC] Action review
[17:03] <slangasek> ACTION: infinity to follow up with maas SRU exception
[17:03] <slangasek> infinity: any news there?
[17:03] <infinity> No news is good news?
[17:03] <infinity> That's a thing, right?
[17:03] <slangasek> well, that hardly stops the maas SRUs from coming in :)
[17:03] <mdeslaur> heh
[17:03] <slangasek> if you haven't made progress I'd like to suggest a path forward?
[17:04] <infinity> I need to make some time to go back to what is and isn't documented and JFDI.  Said time has not been made.
[17:04] <slangasek> I've recently started forcing people who are asking for SRU exceptions to do the work of preparing a wiki page like https://wiki.ubuntu.com/CurtinUpdates
[17:05] <slangasek> and then once it's approved by a member of the SRU team, we update the main wiki page with a link to it
[17:05] <slangasek> this puts the burden on the team that is asking for the SRU, which might work better than having you responsible for it
[17:05] <infinity> That sounds not unreasonable.
[17:05] <slangasek> infinity: would you follow up with the maas team and tell them to do this?
[17:05] <infinity> *nod*
[17:06] <slangasek> [ACTION] infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates
[17:06] <meetingology> ACTION: infinity to ask maas team to prepare SRU exception policy à la https://wiki.ubuntu.com/CurtinUpdates
[17:06] <slangasek> cool, next
[17:06] <slangasek> ACTION: infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing (ETA: 16.04.2 release)
[17:06] <slangasek> I guess this didn't happen before 16.04.2 :)
[17:06] <infinity> That ETA is clearly a lie now.  But another short deferral.
[17:06] <infinity> This also dovetails into your email about custom kernel support that I need to reply angrily to.
[17:07] <slangasek> hmm :)
[17:07] <slangasek> ok
[17:07] <slangasek> [ACTION] infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing
[17:07] <meetingology> ACTION: infinity to play with seed/maint-check changes on dogfood to build a new xenial release pocket for support length auditing
[17:07] <slangasek> ACTION: slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
[17:08] <slangasek> in practice I guess we're already relying on the fallback
[17:08] <slangasek> but I would still like to sort this out, it just hasn't been a high priority
[17:08] <slangasek> anybody mind if I keep this todo on my list? :)
[17:08] <mdeslaur> heh
[17:09] <slangasek> hearing no objections...
[17:09] <slangasek> [ACTION] slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
[17:09] <meetingology> ACTION: slangasek to investigate getting tagged ubuntu-community bugs automatically forwarded to technical-board, and if not feasible, fall back to DMB sending signed emails to list for ACL requests
[17:09] <slangasek> ACTION: slangasek to follow up to snapd-glib SRU exception request
[17:09] <slangasek> I don't remember where this one got to
[17:10] <slangasek> guess I just need to dig that out of the mail and reply to it, telling them to do the same thing as MAAS
[17:10] <slangasek> will follow up today
[17:10] <slangasek> [ACTION] slangasek to follow up to snapd-glib SRU exception request
[17:10] <meetingology> ACTION: slangasek to follow up to snapd-glib SRU exception request
[17:11] <slangasek> now, there's an item on the wiki page which I think was discussed last time and I failed to take it off?
[17:11] <slangasek> also, sorry, I'm making a late add of an agenda topic... right now
[17:11] <mdeslaur> yeah, we discussed that last week
[17:12] <slangasek> on the email I just sent to the list re: walinuxagent
[17:12] <slangasek> [TOPIC] walinuxagent
[17:12] <slangasek> [LINK] https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
[17:12] <slangasek> any chance either of you had time to read this mail, which was sent at 17:01 UTC? ;)
[17:12] <mdeslaur> I read it
[17:13] <slangasek> mdeslaur: questions/concerns/feedback?
[17:13] <mdeslaur> I think the reasoning is sound, and I don't have any objections
[17:13] <mdeslaur> my only concern is how the code which is pulled down is validated
[17:14] <mdeslaur> I haven't looked at it at all, is it sane?
[17:14] <slangasek> mdeslaur: the endpoint is secured with SSL; there's no code signing that I'm aware of
[17:14] <infinity> How it's validated and/or how the source is validated.
[17:15] <infinity> SSL works if it's a static host we're pulling from, and we're not ignoring SSL host mismatches in the code.
[17:15] <slangasek> I have an email thread with MS about how control of publishing code to that endpoint is managed, I would need to check with them before sharing details; I'll just say it seems reasonable, and again I don't think we should be setting a higher security bar for that endpoint than we do for the cloud substrate itself
[17:17] <slangasek> infinity: that mostly relies on the underlying python libraries to enforce, AIUI; but the endpoint itself is supposed to be not spoofable
[17:17] <slangasek> (as in, no arp/dns spoofing allowed)
[17:17] <infinity> Well, the libraries, and how you call the connect methods.
[17:17] <mdeslaur> hrm, python 2 code...not sure how well ssl certs and hostnames are being checked
[17:17] <infinity> But yes.
[17:17] <slangasek> should be python3
[17:18] <mdeslaur> ah, yes, it is
[17:18] <mdeslaur> ok
[17:18] <slangasek> could we take a vote on this, so there's a record of this agreement?
[17:18] <mdeslaur> sure
[17:18] <slangasek> [VOTE] Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
[17:18] <meetingology> Please vote on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
[17:18] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[17:18] <infinity> Anyhow, I'm not super fond of the idea, but if we can't get them to push all their stuff to the archive, we don't really have a choice either.
[17:19] <slangasek> yeah, it's not very archive-able
[17:19] <slangasek> +1
[17:19] <meetingology> +1 received from slangasek
[17:19] <mdeslaur> +1
[17:19] <meetingology> +1 received from mdeslaur
[17:19] <infinity> +1
[17:19] <meetingology> +1 received from infinity
[17:19] <slangasek> uh how do I end a vote again?
[17:19] <slangasek> [ENDVOTE]
[17:19] <meetingology> Voting ended on: Affirm the walinuxagent exception for out-of-band code updates on Azure guests https://lists.ubuntu.com/archives/technical-board/2017-March/002287.html
[17:19] <meetingology> Votes for:3 Votes against:0 Abstentions:0
[17:19] <meetingology> Motion carried
[17:19] <slangasek> got it :)
[17:19] <infinity> I could see this having more interesting use-cases in heterogenous clouds where the running software might want to change behaviour (or version) based on the compute node you're on.
[17:19] <slangasek> [TOPIC] Mailing list archive
[17:20] <infinity> So, as a general policy, it's not awful.
[17:20]  * slangasek nods
[17:20] <slangasek> mailing list, there's a request from bdmurray to extend cyphermox's DMB membership to allow coverage for a vote
[17:20] <slangasek> this seems noncontroversial to me, any objection to me JFDI?
[17:21] <infinity> Go nuts.
[17:21] <mdeslaur> no objection from me
[17:21] <slangasek> [ACTION] slangasek to extend cyphermox DMB membership to cover next election
[17:21] <meetingology> ACTION: slangasek to extend cyphermox DMB membership to cover next election
[17:21] <cyphermox> yes, please ;)
[17:21] <slangasek> I see nothing else new on the mailing list
[17:22] <slangasek> [TOPIC] community bugs
[17:22] <slangasek> [LINK] https://bugs.launchpad.net/ubuntu-community/+bugs?field.assignee=techboard
[17:22] <slangasek> zarro boogs
[17:23] <slangasek> [TOPIC] Select a chair for the next meeting
[17:23] <slangasek> looks like stgraber, with infinity as backup?
[17:23] <infinity> Yep.
[17:24] <slangasek> [AGREED] next TB meeting Tuesday, March 28 @ 17:00 London Time; stgraber chair; infinity backup
[17:24] <slangasek> [TOPIC] AOB
[17:24] <slangasek> anything else?
[17:25] <mdeslaur> nope
[17:25] <slangasek> #endmeeting
[17:25] <meetingology> Meeting ended Tue Mar 14 17:25:29 2017 UTC.
[17:25] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting-2/2017/ubuntu-meeting-2.2017-03-14-17.01.moin.txt
[17:25] <mdeslaur> thanks slangasek
[17:25] <slangasek> mdeslaur, infinity, cyphermox: thanks!
[17:25] <mdeslaur> thanks infinity
[17:25] <cyphermox> thanks to you, I had just had a request for DMB stuff.
[17:26] <slangasek> cyphermox: renewal done ;)
[17:26] <cyphermox> there was an important comma there.
[17:26] <cyphermox> ta