[15:01] <rbasak> o/
[15:01] <rbasak> ddstreet: you're still down for this meeting on the agenda. Is this correct?
[15:02] <ddstreet> yeah
[15:02] <ddstreet> assuming the mtg is happening
[15:02] <rbasak> Do you still want to proceed with the meeting?
[15:02] <sil2100> o/
[15:02] <ddstreet> rbasak i do, yes
[15:02] <sil2100> (sorry for being late)
[15:03] <jbicha> o/
[15:03]  * rbasak has low confidence in the connection he's on today
[15:03] <sil2100> \o
[15:03] <rbasak> If I stop responding, assume I've dropped and I'm not coming back any time soon please.
[15:03] <sil2100> Ok
[15:04] <micahg> o/
[15:08] <sil2100> I guess we have 4 at least?
[15:08] <sil2100> Who wants to chair
[15:08] <sil2100> ?
[15:10] <micahg> sil2100: would you mind?  I'm a little distracted at the moment
[15:10] <sil2100> Sure, but we'd need to do some rotation at one point ;)
[15:11] <micahg> yeah, hopefully I can chair the next meeting
[15:11] <sil2100> #startmeeting DMB
[15:11] <meetingology> Meeting started Mon Oct 23 15:11:10 2017 UTC.  The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[15:11] <meetingology> Available commands: action commands idea info link nick
[15:11] <sil2100> o/
[15:11] <sil2100> #topic Review of previous action items
[15:11] <BenC> o/
[15:11] <sil2100> I guess the two (done) action items from the agenda are done and can be discarded
[15:11] <sil2100> bdmurray: are you around?
[15:12] <bdmurray> sil2100: Yeah, just got in an errand took longer than I expected
[15:12] <sil2100> Did we get the PPU rights for fossfreedom enabled in the end?
[15:12] <sil2100> bdmurray: o/
[15:12] <sil2100> Hey!
[15:12] <bdmurray> I think there is still a bug open that had some discussion in it
[15:12] <sil2100> Oh my
[15:12] <bdmurray> bug 1716770
[15:12] <sil2100> Ok, I'll try to find it and help with getting it through
[15:12] <sil2100> Thanks
[15:13] <sil2100> Because of the release things got a bit out of hand
[15:13] <jbicha> I think it would make sense as a flavor set too instead of ppu
[15:13] <bdmurray> So I think somebody needs to review the packageset vs his requested packages
[15:13] <sil2100> +1 on that
[15:14] <sil2100> Once we review those, is there anything else formal-wise that needs to be done for this to become an automatic packageset?
[15:14] <sil2100> A TB bug or can we re-use this one?
[15:15] <sil2100> Anyway, let's get that sorted after the meeting
[15:15] <sil2100> #topic SRU Developer Applications
[15:16] <bdmurray> It sounded like slangasek had concerns about seeds being modified w/o DMB review.
[15:16] <micahg> this wasn't meant to be a seed based package
[15:16] <micahg> *packageset
[15:16] <jbicha> micahg: why not?
[15:16] <micahg> for exactly that reason :0
[15:16] <micahg> :)
[15:18] <micahg> it's not flavor upload rights, but rather personal upload rights for packages that he's worked on which coincides with some of the primary Budgie packaging (or that was my understanding at least)
[15:18] <bdmurray> Regardless reviewing the seed vs the requested packages might make sense.
[15:18] <micahg> sure, my vote was not for seed based upload rights though
[15:18] <sil2100> I think originally fossfreedom just wanted upload rights for budgie packages
[15:18] <sil2100> But this didn't really work as there was no packageset for budgie back then
[15:19] <sil2100> So to avoid confusion he just went for PPU rights
[15:19] <bdmurray> I think our debating of this is not helping the requestor. Maybe we should just do what they want.
[15:19] <sil2100> Because we still couldn't really give him upload rights for the budgie packageset as this doesn't exist
[15:20] <sil2100> Let's continue with the meeting and discuss later during AOB
[15:20] <sil2100> (if needed)
[15:20] <sil2100> #subtopic Dan Streetman
[15:20] <sil2100> https://wiki.ubuntu.com/ddstreet/UbuntuSRUDeveloperApplication
[15:20] <sil2100> http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi?render=html&sponsoree=Dan+Streetman
[15:20] <sil2100> ddstreet: o/
[15:20] <sil2100> ddstreet: re-introduce yourself please
[15:20] <ddstreet> hi all, i'm reapplying for sru developer
[15:20] <ddstreet> last application: https://irclogs.ubuntu.com/2017/09/11/%23ubuntu-meeting.txt
[15:21] <ddstreet> sponsored pkgs: http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi?render=html&sponsor=&sponsor_search=name&sponsoree=Dan+Streetman&sponsoree_search=name
[15:21] <ddstreet> and this bug that i've created the debdiffs for is waiting https://bugs.launchpad.net/ubuntu/xenial/+source/mdadm/+bug/1617919
[15:22] <sil2100> Questions please
[15:23] <jbicha> ddstreet: one question from before: is the Ubuntu kernel git repo public?
[15:24] <ddstreet> jbicha yes the ubuntu kernel git repos are public
[15:24] <jbicha> can you paste a link?
[15:24] <ddstreet> from my git
[15:24] <ddstreet> ubuntu/trusty	git://kernel.ubuntu.com/ubuntu/ubuntu-trusty.git (fetch)
[15:24] <ddstreet> ubuntu/trusty	git://kernel.ubuntu.com/ubuntu/ubuntu-trusty.git (push)
[15:24] <ddstreet> ubuntu/xenial	git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git (fetch)
[15:24] <ddstreet> ubuntu/xenial	git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git (push)
[15:24] <ddstreet> ubuntu/zesty	git://kernel.ubuntu.com/ubuntu/ubuntu-zesty.git (fetch)
[15:24] <ddstreet> ubuntu/zesty	git://kernel.ubuntu.com/ubuntu/ubuntu-zesty.git (push)
[15:25] <ddstreet> jbicha or if you mean the special kernel repos, they are in a different location, e.g.
[15:25] <ddstreet> ubuntu/aws	git+ssh://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-aws (fetch)
[15:26] <jbicha> I was looking for http://kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/log/?qt=author&q=streetman
[15:26] <jbicha> :)
[15:26] <ddstreet> sorry, i assumed you mean git url
[15:26] <jbicha> no problem, I found it
[15:27] <sil2100> ddstreet: a question from me: after you prepared an SRU, prepared the bug and uploaded the change to the archive (and this upload got accepted to -proposed), what work do you need to do next on that SRU?
[15:27] <ddstreet> verify the proposed package and mark the bug as verification-done-RELEASE
[15:27] <ddstreet> for affected releases
[15:27] <sil2100> Anything else?
[15:27] <ddstreet> add a comment to the bug with the details of the verification
[15:28] <ddstreet> then after 7 days or more, ping a sru person to move it to -updates
[15:28] <ddstreet> check the autopkgtest results
[15:28] <ddstreet> of there are any failures, explain them in the bug - or if the failures are a result of the change, it will need reworking
[15:28] <sil2100> Ok, thanks
[15:28] <ddstreet> which likely would involve re-patching, then re-uploading to -proposed again
[15:28] <sil2100> btw. the ping-the-sru-person is not required ;p
[15:29] <ddstreet> heh well hopefully not ;-)
[15:29] <sil2100> You can do that if the SRU is somehow priority but usually we'll just do it when the time comes ;)
[15:29] <ddstreet> it's not always clear when that time is to outsiders ;-)
[15:29] <jbicha> I'm looking at the last 2 SRUs from https://launchpad.net/~ddstreet/+uploaded-packages
[15:30] <jbicha> and they got sponsored very quickly, like same day
[15:30] <ddstreet> yes, last thurs i believe
[15:31] <ddstreet> jbicha you mean the lshw upload?
[15:31] <jbicha> well not initramfs-toolsbut the other 2 recent ones, just commenting
[15:31] <jbicha> lshw and vlan
[15:31] <ddstreet> sorry im not sure what vlan you mean?
[15:31] <ddstreet> that was sept 20
[15:31] <ddstreet> for vlan
[15:32] <ddstreet> the two lshw uploads are the same bug, just one for x and other for t
[15:32] <rbasak> o/
[15:32] <jbicha> you uploaded the debdiff for LP: #1716964 and it got sponsored later that day
[15:32] <ddstreet> jbicha am i misunderstanding you?
[15:32] <ddstreet> i think so yes
[15:32] <ddstreet> sorry, i'm not clear if there is a question for me?
[15:32] <jbicha> sometimes, things get stuck in the sponsoring queue for a very long time, so I was just commenting that you have got some much quicker than that
[15:33] <jbicha> no question, just a comment
[15:33] <ddstreet> oh ok thanks
[15:33] <ddstreet> yes, i can't really let things hang out in the sponsorship queue, so since i don't have upload rights i have to actively find sponsors to pester
[15:33] <ddstreet> obviously, that's why i am requesting upload rights
[15:35] <bdmurray> previously you had mentioned being interested in sponsoring SRU uploads for other people. Is that still something you plan on doing?
[15:35] <ddstreet> yes
[15:36] <jbicha> it looks like you've done an average of 1 SRU set per month, sustained over the past year and a half (another comment, not really a question)
[15:36] <ddstreet> yes, on average, although i think i've picked up the pace significantly in the last month, since my last application was rejected because i hadn't done enough SRUs
[15:37] <ddstreet> before that, i had done mostly kernel fixes which don't show up in the sponsor list, and aren't relevant for this application
[15:38] <ddstreet> well, i'm not one to say if kernel fixes are relevant for this application, that is what bdmurray suggested during my first application
[15:38] <rbasak> No endorsements from two out of three of your latest sponsors?
[15:38] <sil2100> I left a comment
[15:38] <sil2100> It's like a soft endorsement ;)
[15:38] <ddstreet> rbasak i believe i asked you a while back, and i did ask apw but he did not respond
[15:38] <ddstreet> maybe didn't see my request
[15:39] <ddstreet> thanks sil2100!
[15:39] <jbicha> (no more questions from me for this application)
[15:39] <sil2100> Any other questions?
[15:39]  * rbasak is still reviewing
[15:40] <ddstreet> re: endorsement i also asked cpaelzer but i don't think he saw my request either
[15:40] <rbasak> So far, everything I see suggests a high quality of SRUswork.
[15:41] <rbasak> I'm still a little concerned by not having a big enough sample size though.
[15:41] <rbasak> What do other DMB members think of this?
[15:41] <micahg> same
[15:42] <ddstreet> rbasak micahg what would you consider a big enough sample size?
[15:43] <rbasak> That's a good question. I think it's variable depending on the quality of work demonstrated and the strength of the endorsements.
[15:43] <ddstreet> looks like i have ~22 separate SRUs so far, not counting multiple releases per SRU.
[15:43] <rbasak> https://launchpad.net/~ddstreet/+uploaded-packages is showing me 23 in total, including development release uploads, and including series SRU duplication.
[15:43] <rbasak> What am I missing?
[15:44] <ddstreet> rbasak i'm going by http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi?render=html&sponsor=&sponsor_search=name&sponsoree=Dan+Streetman&sponsoree_search=name
[15:45] <ddstreet> so 23 sounds right
[15:45] <sil2100> It's hard to judge what sample size we require here
[15:46] <ddstreet> what have you required of past applicants?
[15:46] <sil2100> But I'm rather confident in ddstreet's knowledge about the SRU process
[15:46] <bdmurray> I think there's only been one other applicant
[15:46] <ddstreet> for SRU, yes
[15:46] <micahg> usually a full cycle focused on whatever they're applying for
[15:47] <ddstreet> the sru developer team was created for him, slashd, because you were not ready to give him coredev
[15:47] <rbasak> To narrow it down, if I saw somewhere between 5 and 10 (not sure exactly) recent SRUs that required no significant review changes and had endorsements from >90% of sponsors from that sample, I'd be happy.
[15:47] <jbicha> I think applicants tend to upload more frequently than you do but I'm ok with the total upload count
[15:47] <sil2100> Should we start the vote?
[15:48] <sil2100> Everyone ready?
[15:48] <sil2100> We have this tendency to running over our meeting time
[15:48] <rbasak> I'm +0 right now. I don't have a list of SRUs in front of me as qualified by my criteria above to review.
[15:49] <rbasak> That seems to be mostly an issue of data mining.
[15:49] <sil2100> Ok, I see rbasak started the voting so let's just start it formally
[15:49] <sil2100> #vote Grant ddstreet SRU Developer
[15:49] <rbasak> Perhaps, in hindsight, we could ask applicants for this team to provide this as a summary to save us all doing it individually.
[15:49] <meetingology> Please vote on: Grant ddstreet SRU Developer
[15:49] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[15:49] <rbasak> +0
[15:49] <meetingology> +0 received from rbasak
[15:49] <jbicha> +1
[15:49] <meetingology> +1 received from jbicha
[15:49] <sil2100> +1, I have no good feeling on what criteria we have but I'm happy with ddstreet's SRUs so far
[15:49] <meetingology> +1, I have no good feeling on what criteria we have but I'm happy with ddstreet's SRUs so far received from sil2100
[15:50] <rbasak> To be clear, I _am_ happy with the quality of the work that I've seen.
[15:51] <sil2100> bdmurray, BenC, micahg: ?
[15:51] <micahg> +0 I have a good technically feeling, and am very close to voting in favor, but still feel like we should have a few more recent SRUs as rbasak mentioned
[15:51] <meetingology> +0 I have a good technically feeling, and am very close to voting in favor, but still feel like we should have a few more recent SRUs as rbasak mentioned received from micahg
[15:51] <bdmurray> +1 I think the working being done is of fine quality, but I'm still concerned about the posibility of things being sponsored. I guess the SRU team is a safety check there though.
[15:51] <meetingology> +1 I think the working being done is of fine quality, but I'm still concerned about the posibility of things being sponsored. I guess the SRU team is a safety check there though. received from bdmurray
[15:53] <ddstreet> bdmurray i don't quite understand what exactly you're concerned about there, but thanks for the +1
[15:54] <sil2100> BenC: are you still around to vote? :)
[15:55] <bdmurray> ddstreet: I think I'm concerned about you having the skills to judge the quality of an SRU.
[15:55] <ddstreet> i see
[15:57] <ddstreet> bdmurray feel free to point out any specific examples where I've done something wrong - that will help me improve myself, right
[16:06] <ddstreet> so, is the voting done?
[16:07] <jbicha> sorry, we're trying to figure out if we can end the vote now without BenC
[16:07] <sil2100> Yeah, some discussions on the procedures
[16:07]  * ddstreet refills coffee
[16:12] <sil2100> Sorry about this, would be much better if we got this one more vote from BenC ;)
[16:12] <jbicha> sil2100: maybe we should move on with the rest of the meeting?
[16:13] <bdmurray> Please
[16:13] <jbicha> rbalint: are you here?
[16:20] <sil2100> Ok, let me end the vote
[16:20] <sil2100> #endvote
[16:20] <meetingology> Voting ended on: Grant ddstreet SRU Developer
[16:20] <meetingology> Votes for:3 Votes against:0 Abstentions:2
[16:20] <meetingology> Motion carried
[16:22] <sil2100> rbasak: did I end to early?
[16:23] <sil2100> ddstreet: ok, sorry for the wait, congratulations!
[16:23] <ddstreet> thanks
[16:24] <sil2100> I think we have this settled
[16:24] <sil2100> (I think)
[16:24] <sil2100> Who wants to take the action?
[16:24] <sil2100> I'll just take it
[16:25] <sil2100> #action sil2100 to grant ddstreet SRU permissions
[16:25] <meetingology> ACTION: sil2100 to grant ddstreet SRU permissions
[16:25] <sil2100> #topic AOB
[16:25] <sil2100> We probably had something but since we're already 25 minutes over, I'd say... let's discuss next time
[16:26] <sil2100> We just need to make sure to push fossfreedom's upload rights forward
[16:26] <sil2100> Anyway, if you don't mind, I need to finish the meeting since I need to go AFK
[16:26] <sil2100> #endmeeting
[16:26] <meetingology> Meeting ended Mon Oct 23 16:26:30 2017 UTC.
[16:26] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-10-23-15.11.moin.txt
[16:26] <sil2100> Thanks everyone o/
[16:30] <tyhicks> hello
[16:31] <tyhicks> #startmeeting
[16:31] <meetingology> Meeting started Mon Oct 23 16:31:03 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:31] <meetingology> Available commands: action commands idea info link nick
[16:31] <tyhicks> The meeting agenda can be found at:
[16:31] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:31] <mdeslaur> \o
[16:31] <tyhicks> [TOPIC] Weekly stand-up report
[16:31] <leosilva> o/
[16:31] <tyhicks> jdstrand: you're up
[16:31] <jdstrand> hey
[16:31] <jdstrand> This week I plan to:
[16:31] <jdstrand> * finish some snappy-debug work based on sprint feedback
[16:31] <jdstrand> * do a ton of snapd PR reviews. Some for layouts, which I expect to take a lot of time since they are attempting to use overlayfs
[16:32] <jdstrand> * miscellaneous interface policy updates
[16:32] <jdstrand> * get back to uid/gid seccomp arg filtering work as have time
[16:32] <jdstrand> that's it from me. mdeslaur, you're up
[16:32] <mdeslaur> I'm in the happy place this week
[16:32] <mdeslaur> I have a short week as I'm off on friday
[16:32] <mdeslaur> I just published a few updates
[16:32] <mdeslaur> and I have a couple of others to test
[16:32] <mdeslaur> I'll probably pick something new off the list after that
[16:33] <mdeslaur> that's it, sbeattie, you're up
[16:33] <sbeattie> I'm also in the happy place this week
[16:34] <sbeattie> I'm doing some investigating on notifying snaps that they have security issues in embedded packaging
[16:34] <sbeattie> I'm also going to be focusing on apparmor this week, in concert with some of the work debian is doing
[16:35] <sbeattie> I also have an update to finish up, and the usual set of kernel triage to do
[16:35] <sbeattie> that'll take up my week. tyhicks?
[16:35] <tyhicks> happy_place++
[16:36] <tyhicks> I need to finalize the upstream libseccomp-golang changes and update the PR
[16:36] <tyhicks> update the seccomp(2) man page for the kernel logging changes
[16:36] <tyhicks> eCryptfs patch review
[16:36] <tyhicks> AppArmor work to support Debian's !AppArmor-in-Debian sprint
[16:36] <tyhicks> that's it for me
[16:36] <tyhicks> I don't think jjohansen is back yet
[16:36] <tyhicks> sarnold: go ahead and we'll circle back to jjohansen
[16:36] <sarnold> I'm on bug triage this week
[16:37] <sarnold> I'll also be helping out the debian apparmor sprint as I can
[16:37] <sarnold> and doing MIRs, I expect to finish spice-vdagent early in the week
[16:37] <sarnold> with what time may be left I'll look at the pcp changes in response the last cycle's MIR
[16:37] <sarnold> that's it for me, chrisccoulson?
[16:37] <jbicha> yay, MIRs
[16:38] <chrisccoulson> I've got a chromium update to test and publish
[16:38] <chrisccoulson> Then I need to finish off the rust 1.20 update - artful is done, I just need to backport it. Fingers crossed there are no new problems and this is the end of it for a few weeks
[16:38] <chrisccoulson> then hopefully fun stuff
[16:39] <chrisccoulson> that's me done
[16:39]  * tyhicks crosses fingers
[16:39] <tyhicks> ratliff: you're up
[16:39] <ratliff> I'm on community this week
[16:40] <ratliff> After that I have quite a bit of internally focused work which will consume my week.
[16:40] <ratliff> on to you, leosilva
[16:40] <leosilva> I'm in CVE triage this week
[16:40] <leosilva> I have a couple of UNS to publish for precise
[16:41] <leosilva> besides that I'll do my hunting for pkgs to update and watch some git for triage in pkgs I'm waiting patches
[16:41] <leosilva> that's for me
[16:41] <leosilva> tyhicks: it's back to yu!
[16:41] <tyhicks> jjohansen: any chance you're back yet?
[16:42] <tyhicks> lets move on
[16:42] <tyhicks> [TOPIC] Highlighted packages
[16:42] <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
[16:43] <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:43] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/swift-plugin-s3.html
[16:43] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sniffit.html
[16:43] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/ruby-rack.html
[16:43] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/digikam.html
[16:43] <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html
[16:43] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:43] <tyhicks> Does anyone have any other questions or items to discuss?
[16:43] <jbicha> https://lists.debian.org/debian-devel/2017/10/msg00405.html
[16:43] <jbicha> I think Debian GNOME would be ok with a totem apparmor profile in the totem packaging, except that I don't think the Debian GNOME has apparmor expertise to maintain it
[16:44] <jbicha> (mentioned since y'all were talking about apparmor in Debian)
[16:44] <tyhicks> jbicha: we're working closely with intrigeri all week on this sort of stuff
[16:45] <tyhicks> jbicha: thanks for mentioning it
[16:45] <jbicha> thanks, that's all from me :)
[16:45] <tyhicks> cool :)
[16:45] <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
[16:45] <tyhicks> #endmeeting
[16:45] <meetingology> Meeting ended Mon Oct 23 16:45:36 2017 UTC.
[16:45] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-10-23-16.31.moin.txt
[16:45] <sarnold> thanks tyhicks!
[16:46] <leosilva> tks tyhicks !
[16:46] <mdeslaur> thanks tyhicks
[16:48] <sbeattie> tyhicks: thanks!