=== maclin1 is now known as maclin [15:00] o/ [15:00] Anyone here? [15:00] hello [15:02] oSoMoN: hello! [15:03] Seems it's just me so far :-/ [15:03] bdmurray sent his apologies [15:03] Let's see if anyone else shows up. [15:03] I'm here. [15:04] hi cyphermox [15:04] o/ [15:04] o/ [15:05] hey jbicha, sil2100 [15:07] So we seem to have quorum [15:07] Can anyone chair? [15:08] I'm in another meeting atm... [15:09] I can give it a try, it would be my first time chairing [15:10] ok, let's not delay… [15:10] #startmeeting [15:10] Meeting started Mon Nov 20 15:10:48 2017 UTC. The chair is jbicha. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [15:10] Available commands: action commands idea info link nick [15:11] [TOPIC] Review of previous action items === meetingology changed the topic of #ubuntu-meeting to: Review of previous action items [15:11] > bdmurray to handle the PPU role for fossfreedom (done) [15:13] ok, that's done, I believe cyphermox was going to follow up by working on a proposed ubuntu-budgie seed [15:13] I sent the packageset list, but blocked on having the packageset created in the first place. I mentioned it to slang.asek last week. [15:14] having a packageset being created shouldn't be a problem in and of itself [15:14] no, just needs someone to push buttons [15:15] Is this a TB thing? [15:15] yes [15:15] cyphermox: I saw a pastebin but not an email from you with the packageset [15:15] If so we have the file-a-bug-and-post-to-the-ML process [15:16] the issue isn't the packageset but whether or not we wanted to give packageset VS PPU rights [15:16] The vote was for PPU rights [15:16] And this has been granted [15:16] It's a separate topic IMO [15:17] We want to create the packageset now for future people that want to contribute to budgie [15:17] for clarity, I wanted to see the proposed packageset and I dont think it's a problem to create the packageset before we have someone to use it [15:17] that's fine [15:18] I think we agree that there would be a new application and vote required for anyone to have upload rights for that packageset [15:19] cyphermox: can I give you an action item to send the packageset email? and then we can move on to the next topic? [15:20] +1 on that [15:22] well we can come back to that if needed when we discuss Any Other Business later [15:22] > sil2100 to grant ddstreet SRU permissions (done) [15:22] and rbalint was granted Core Dev permissions [15:22] so no further action is needed there [15:23] #topic PPU Application for osomon === meetingology changed the topic of #ubuntu-meeting to: PPU Application for osomon [15:23] o/ [15:23] Each applicant should introduce themselves (1-5 sentences) and provide links to their Ubuntu Wiki page. After the introduction the members of the Membership Review Board will review the pages and, if needed, ask the applicant further questions. [15:24] During this time it is encouraged for other members of the community to show their support for the applicant. Do not be alarmed if the members of the Developer Membership Board are quiet during this time; they are most likely reading wiki/launchpad/forum/other pages and deciding how they are going to vote. [15:25] oSoMoN: can you introduce yourself? [15:25] sure [15:25] I'm Olivier, I'm part of the Canonical desktop team [15:25] my main duties these days are the maintenance of chromium-browser and libreoffice [15:26] both ubuntu packages and snaps [15:26] my PPU application is at https://wiki.ubuntu.com/OlivierTilloy/PPUApplication [15:26] I work on chromium-browser on a daily basis, hopefully my application makes sense [15:26] I'm not familiar with how Ubuntu snap uploads work, do you currently need sponsorship for those? [15:27] no, no sponsorship needed for those [15:27] there's a shared account in the store for snaps maintained by canonical [15:27] hmm, that's interesting [15:27] and I'm a collaborator to that account, so I have upload rights for the LO and chromium snaps [15:29] interesting that snap upload rights don't go through the traditional upload rights application process, but I guess that's off-topic for right now [15:30] does anyone else on the DMB have any questions for the applicant? [15:30] o/ [15:30] oSoMoN: could you give us an example of when it may not be appropriate to upload to the archive please? [15:31] oSoMoN: recently you have sent a libreoffice SRU through sponsors with a wrong version number (the same as for the devel series) - could you explain why that happened? [15:31] rbasak, for instance during a freeze [15:32] sil2100, the SRU had been prepared before the corresponding version was in bionic [15:32] that was a mistake of course [15:33] oSoMoN: OK, and if during a freeze you felt an exception was warranted, what would you do? Feel free to choose an illustrative example rather than trying to exhaustively cover every possibility. [15:34] I would first question whether that exception is really needed, if e.g. it can't be made a 0day SRU [15:34] if not I would seek confirmation with the release team [15:35] and I would be particularly watchful of possible regressions [15:36] OK. Do you know where the documentation is that will tell you if we are in a freeze, and for the (formal; not necessarily required) process to seek an exception from the release team? [15:37] https://wiki.ubuntu.com/BionicBeaver/ReleaseSchedule for the release schedule and freezes [15:37] and https://wiki.ubuntu.com/FreezeExceptionProcess [15:38] OK thanks you. One final question. After a particular upload, can you summarise your subsequent responsibilities? [15:39] test out of -proposed, and once the package migrates monitor closely bug/crash reports [15:40] and act on them asap [15:40] monitor autopkgtest runs, too [15:40] and before all that, verify that the package builds fine in -proposed [15:41] In your experience, are all chromium-browser SRUs treated as security updates? [15:41] OK thanks. I'm ready to vote. [15:42] FTR, I don't expect anyone to test from devel -proposed specifically. Just take responsibility for it migrating and for any regressions. [15:42] oSoMoN: can you please explain why chromium has unusual versioning in the suffix? [15:43] jbicha, yes, all major chromium updates contain security fixes, and as such go through a validation process by the security team [15:43] micahg, the last number in the versioning is the bzr revision number in the packaging branch [15:43] oSoMoN: is there a reason for that? [15:44] micahg, I took over chromium packaging back in April and that was like that already, didn't feel a need to change/question it [15:45] I'm certainly open to suggestions [15:45] * micahg wonders who did that... [15:45] I can imagine using the bzr revision number makes it easy to script the changelog generation for a batch of series [15:46] I see that you maintain several chromium PPAs under your own name. I am a bit concerned that they are not maintained with a team [15:46] it's a cheap way to ensure you always bump the version, no matter what the major version number is [15:47] because it doesn't allow anyone else to make uploads to those PPAs, and it's a problem if the primary Ubuntu Chromium maintainer changes (like happened earlier this year) [15:47] jbicha, right, I've meant to transfer ownership of those PPAs to a team but never got around to doing it [15:47] oSoMoN: that's what the packaging version: XubuntuY(.Z) [15:47] I see there is an existing team: https://launchpad.net/~chromium-daily [15:47] jbicha, I'm making a note to do that this week [15:47] thanks [15:47] https://launchpad.net/~chromium-team too [15:48] ok, that one is probably better :) [15:49] I'd like to try to wrap up this meeting this hour, so… last call for questions [15:50] oSoMoN: I would encourage you to use standard versioning, I but I can imagine as well someone scripting with that version [15:51] micahg, ack, I made a note to do that, I'll use the standard versioning scheme starting with the next upload [15:51] FWIW, the git-ubuntu work attempts to encourage standardisation on this type of thing using the "lint" tool. It calculates the expected version, and complains if it is anything different. Which means that it has the code necessary for scripting to determine the expected version in a way that meets general Ubuntu developer expectations. We could expose that. [15:52] I'm not sure it covers all the edge cases yet, but it's pure Python and has tests so it shouldn't be too difficult to add more esoteric cases. [15:52] I'll need to migrate the packaging branches to git, too [15:52] #voters cyphermox jbicha micahg rbasak sil2100 [15:52] Current voters: cyphermox jbicha micahg rbasak sil2100 [15:53] #vote osomon to be granted PPU upload rights for chromium-browser [15:53] Please vote on: osomon to be granted PPU upload rights for chromium-browser [15:53] Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname) [15:53] +1 [15:53] +1 received from rbasak [15:53] +1 [15:53] +1 received from micahg [15:53] +1 [15:53] +1 received from jbicha [15:53] +1 [15:53] +1 received from sil2100 [15:54] cyphermox: are you still here? [15:55] I think we can anyway close the vote as the minimum number of positive votes has been reached [15:55] #endvote [15:55] Voting ended on: osomon to be granted PPU upload rights for chromium-browser [15:55] Votes for:4 Votes against:0 Abstentions:0 [15:55] Motion carried [15:56] oSoMoN: congratulations! [15:56] thanks! [15:56] oSoMoN: congratulations! [15:56] thank you for your work on Chromium and LibreOffice [15:57] [TOPIC] Any Other Business === meetingology changed the topic of #ubuntu-meeting to: Any Other Business [15:57] some good suggestions emerged from that conversation, thanks for the questions [15:57] jbicha: can you assign actions to sort out oSoMoN please [15:58] https://wiki.ubuntu.com/DeveloperMembershipBoard/KnowledgeBase#Actions_after_a_successful_application [15:58] I'm happy to take them if you like. [15:59] I can send the announcement email this evening [15:59] rbasak: could you take care of the ACL? I guess we need to file a bug with the Tech Board? [16:00] shall I remove myself from the agenda? [16:00] oSoMoN: I can take care of that, thanks [16:00] cheers [16:01] [ACTION] jbicha to send out announcement email [16:01] ACTION: jbicha to send out announcement email [16:01] ack [16:01] [ACTION] rbasak to handle ACL for osomon's chromium-browser upload rights [16:01] ACTION: rbasak to handle ACL for osomon's chromium-browser upload rights [16:02] The next Developer Membership Board meeting is scheduled for Monday, December 4 at 19:00 UTC [16:02] thanks everyone! [16:02] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [16:02] Meeting ended Mon Nov 20 16:02:26 2017 UTC. [16:02] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-11-20-15.10.moin.txt [16:02] thanks jbicha [16:02] thanks everyone [16:32] Security team meeting time! [16:32] #startmeeting [16:32] Meeting started Mon Nov 20 16:32:19 2017 UTC. The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [16:32] Available commands: action commands idea info link nick [16:32] The meeting agenda can be found at: [16:32] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:32] \o [16:32] [TOPIC] Announcements === meetingology changed the topic of #ubuntu-meeting to: Announcements [16:32] Today is Ubuntu Community Appreciation Day! [16:33] Many thanks to our Ubuntu security community members for your assistance in keeping Ubuntu users secure! :) [16:33] \o/ [16:33] More info at [16:33] [LINK] https://community.ubuntu.com/t/ubuntu-community-appreciation-day-nov-20th/1762 [16:33] [TOPIC] Weekly stand-up report === meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report [16:33] jdstrand: you're up [16:34] This is a short week for me and I'll only be working Mon and Tue. I'll continue to focus on: [16:34] * followups on urgent issues that came up last week as needed [16:34] * snappy PRs [16:34] * pickup the ssh/gpg interfaces PR [16:34] * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue) [16:34] mdeslaur: you're up [16:34] I'm in the happy place this week [16:34] I'm currently testing an embargoed issue [16:34] and I have imagemagick to look at [16:34] and another update to test [16:34] that's it for me, sbeattie ? [16:34] I'm on community this week. [16:35] I also have a short week, will be here through wednesday [16:35] I have an apport regression update to publish for ty hicks, and will likely have kernel updates to publish today/tomorrow [16:36] I'm working on the process for security triage for snaps [16:36] And I have some upstream apparmor work to do [16:36] that's it for me.... [16:37] jjohansen is next. I'm not sure if he is around, so we will give him a minute to chime in if he is [16:37] no ty hicks, I don't see sarnold or jjohansen, chrisccoulson, I think you're up? [16:38] I've got a chromium update to test, and I'm also expecting thunderbird [16:38] I've got a regression to fix in Firefox (we dropped the "Ubuntu" token from the user agent string, oddly due to a change in the build system) [16:40] I added a workaround to our rust package for 1.21 to get it to build, and there's a bug for that opened upstream by other distros (for around 1 month now) with no progress [16:41] I thought I understood the issue but it turns out I don't, so I might spend a little bit of time trying to actually understand what's going on and then add my notes to the upstream bug [16:41] but I don't want to spend a lot of time on that [16:41] Fingers crossed I'll finally have time to do something unrelated to rust or firefox packaging this week [16:42] I think that's me done [16:42] Am I the only one who doesn't have a short week? [16:42] sarnold: go ahead [16:42] I don't have a short week [16:42] my week is painfully long [16:42] me neither. [16:42] heh [16:42] I'm in the happy place this week, also working only MTW, doing embargoed work, apparmor patch reviews [16:43] that's it for me, ratliff? [16:43] I'm on CVE triage this week. I'll test out the new process. [16:43] I have a short week. :P [16:44] I also have more internal work to try to finish up. [16:44] leosilva: on to you [16:44] I'm the happy place this week. [16:44] I have some db updates to test (it's taking more time than what I want - selftests) [16:45] I also get python2.7 to update and will take a look in python3.* updates too. [16:45] that' all for me, [16:45] ratliff: you are back [16:45] thanks! [16:45] [TOPIC] Highlighted packages === meetingology changed the topic of #ubuntu-meeting to: Highlighted packages [16:45] The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. [16:45] See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [16:46] https://people.canonical.com/~ubuntu-security/cve/pkg/mcabber.html [16:46] https://people.canonical.com/~ubuntu-security/cve/pkg/derby.html [16:46] https://people.canonical.com/~ubuntu-security/cve/pkg/yubiserver.html [16:46] https://people.canonical.com/~ubuntu-security/cve/pkg/jabberd2.html [16:46] https://people.canonical.com/~ubuntu-security/cve/pkg/r-cran-stringi.html [16:46] [TOPIC] Miscellaneous and Questions === meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions [16:46] Does anyone have any other questions or items to discuss? [16:49] jdstrand, mdeslaur, sbeattie, sarnold, chrisccoulson, leosilva: Thanks! [16:49] thanks ratliff! [16:49] thanks ratliff :) [16:49] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [16:49] Meeting ended Mon Nov 20 16:49:16 2017 UTC. [16:49] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-11-20-16.32.moin.txt [16:49] thanks ratliff! [16:49] ratliff: thanks! [16:52] thanks ratliff !