[16:33] <tyhicks> hello
[16:33] <tyhicks> #startmeeting
[16:33] <meetingology> Meeting started Mon Feb 26 16:33:39 2018 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:33] <meetingology> Available commands: action commands idea info link nick
[16:33] <tyhicks> The meeting agenda can be found at:
[16:33] <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:33] <tyhicks> [TOPIC] Announcements
[16:33] <tyhicks> The generalist role rotation for this week as follows:
[16:34] <tyhicks> CVE Triage: mdeslaur, Bug Triage: leosilva, Community: sarnold, Happy Place: ratliff, sbeattie
[16:34] <tyhicks> An all new version of the USN website (usn.ubuntu.com) will be deployed today
[16:34] <mdeslaur> \o
[16:34] <tyhicks> Please report a bug (https://github.com/canonical-websites/usn.ubuntu.com/issues/) for any issue that you discover
[16:34] <tyhicks> Simon Deziel (sdeziel) provided a debdiff for artful for unbound (LP: #1723900)
[16:34] <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
[16:34] <tyhicks> [TOPIC] Weekly stand-up report
[16:34] <tyhicks> jdstrand: you're up
[16:34] <xnox> tyhicks, will the new website mine cryptocurrencies in javascript?
[16:34] <jdstrand> hi!
[16:35]  * xnox giggles
[16:35] <tyhicks> xnox: not yet but you never know what the future holds
[16:35] <jdstrand> completed: miscellaneous snappy conversations
[16:35] <jdstrand> completed: store reviews
[16:35] <jdstrand> completed: discuss/review PR 4741 - cmd/snap-update-ns: use recursive bind mounts for writable mimic (layouts)
[16:35] <jdstrand> completed: strict snaps on livecd implementation: PR 4714 (address review feedback)
[16:35] <jdstrand> progress: investigate more issues with minecraft and opening URLs
[16:35] <jdstrand> completed: ubuntu-security meeting
[16:35] <jdstrand> mdeslaur: you're up
[16:35] <jdstrand> hah
[16:35] <jdstrand> wait :P
[16:35] <mdeslaur> xnox: it's our new autopkgtest infrastructure
[16:35] <jdstrand> * be responsive to snapd PRs
[16:35] <jdstrand>   - portals (getting close)
[16:35] <jdstrand>   - layouts (landed, needs a little hardening for 2.32)
[16:35] <jdstrand>   - steam-support (blocked on upstream feedback)
[16:35] <jdstrand> * strict mode snaps on livecd (close to landing)
[16:35] <jdstrand> * miscellaneous policy investigations and updates
[16:35] <jdstrand> * prepare for sprint
[16:35] <jdstrand> * lxd snap regression wrt confinement as have time
[16:35] <jdstrand> * create screencast interface as have time
[16:35] <jdstrand> ok, now mdeslaur you're up :)
[16:36] <mdeslaur> you sure your paste buffer is empty now? ;)
[16:36] <mdeslaur> I'm on triage this week
[16:36] <jdstrand> my password is ready to paste
[16:36] <mdeslaur> I just pushed out a sensible-utils update
[16:36] <mdeslaur> and I'm going to work on something new off the list
[16:36] <mdeslaur> I also may have an embargoed issue
[16:36] <mdeslaur> that's it from me
[16:36] <mdeslaur> sbeattie: you're up
[16:37] <sbeattie> I'm in the happy place this week
[16:37]  * xnox thinks there is a glitch in jdstrand AI today, and a reboot is required.
[16:37] <sbeattie> I'm double-checking gcc-7, gcc-6, and gcc-5 packages with retpoline enabled by default for x86 for sponsoring today.
[16:38] <sbeattie> I'm also examining a glibc built by said compilers
[16:38] <xnox> sbeattie, nice =) gcc-8 as well? it's not default, but is available. And some libraries are coming from gcc-8, and used in userspace. E.g. libitm1 -> opencryptoki, etc.
[16:38] <sbeattie> xnox: not yet, but yeah, I hsuld do that, too
[16:38] <xnox> cool
[16:39] <sbeattie> I need to add the documentation bits to a patch to hardening retpoline options to dpkg, to support hardening=[+-]retpoline and submit to debian
[16:40] <sbeattie> There's other bits and bobs related to retpoline to track down in prep for starting the rebuild
[16:41] <sbeattie> (documentation, double-checking upstream for bug fixes, etc)
[16:41] <sbeattie> I need to prep a bit for the sprint next week
[16:41] <sbeattie> that'll consume my week, surely. tyhicks, over to you
[16:41] <tyhicks> thanks
[16:41]  * xnox silently pings rbalint to read above status update.
[16:41] <tyhicks> I've got sprint prep
[16:42] <tyhicks> I'll be cleaning up any messes found with the switch to the new USN website today
[16:42] <tyhicks> I need to finalize an LSM stacking demo
[16:43] <tyhicks> I've got an embargoed issue
[16:43] <tyhicks> I'll also be involved in the retpoline by default discussions/uploads/etc
[16:44] <tyhicks> that's it for me
[16:44] <tyhicks> jjohansen: you're up
[16:45] <tyhicks> oh, he's not around right now
[16:45] <tyhicks> sarnold: go ahea
[16:47] <sarnold> sorry, I missed this window entirely! :)
[16:47] <sarnold> I'm on community, short week for me this weeke
[16:48] <sarnold> I expect to review some apparmor patches, then return to brotli MIR, and responding to questions on the openjpeg2 bugs I opened
[16:48] <sarnold> and I ought to try to rebuild my poor little pandaboard before the trip. I don't know how realistic that is :(
[16:49] <sarnold> that's me, chrisccoulson? or ratliff_ if chrisccoulson is still out? (sorry, can't recall)
[16:49] <ratliff_> vacation day for chris_ccoulson :)
[16:50] <ratliff_> I'm in the happy place this week.
[16:50] <ratliff_> I have sprint prep. I need to nurse the kpis along and touch up the tutorial. I have some internal tasks that I'm working on.
[16:50] <ratliff_> leosilva: it's up to you
[16:50] <leosilva> I'm bug triage this week.
[16:51] <leosilva> I'm take a look in qpdf cves, some of them has just test as patch - weird.
[16:51] <leosilva> besides that I'll to my hunting
[16:51] <leosilva> tyhicks: it's back to you
[16:51] <tyhicks> thanks!
[16:51] <leosilva> s/to/do/
[16:51] <tyhicks> [TOPIC] Highlighted packages
[16:51] <tyhicks> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security
[16:51] <tyhicks> updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:52] <tyhicks> [TOPIC] Miscellaneous and Questions
[16:52] <tyhicks> Does anyone have any other questions or items to discuss?
[16:53] <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ratliff, leosilva: Thanks!
[16:53] <tyhicks> #endmeeting
[16:53] <meetingology> Meeting ended Mon Feb 26 16:53:30 2018 UTC.
[16:53] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-02-26-16.33.moin.txt
[16:53] <sarnold> thanks tyhicks!
[16:53] <leosilva> tks tyhicks!
[16:53] <sbeattie> tyhicks: thanks!
[16:53] <ratliff_> thank you, tyhicks!
[16:55] <mdeslaur> thanks tyhicks!
[16:58] <jdstrand> tyhicks: thanks!
[18:59] <tsimonq2> o/
[18:59] <sil2100> o/
[19:00] <bdmurray> o/
[19:01] <tsimonq2> Maybe dmb-ping?
[19:05] <tsimonq2> sil2100:
[19:05] <tsimonq2> grr
[19:05] <tsimonq2> et al
[19:05] <tsimonq2> Maybe take this to the ML?
[19:06] <cyphermox> what?
[19:06] <tsimonq2> Oh hi, that's 3
[19:06] <bdmurray> tsimonq2: grr? Didn't you just edit wiki page about your app today?
[19:06] <sil2100> I guess we might have quorum for a meeting, right?
[19:07] <tsimonq2> bdmurray: grr = I messed up mobile keyboard
[19:08] <rbasak> I will have to run at any moment.
[19:08] <tsimonq2> np
[19:09] <bdmurray> tsimonq2: okay
[19:09] <tsimonq2> bdmurray: I'm perfectly fine, I knew it was tight timing anyways :)
[19:09] <sil2100> I'm a bit torn apart today, bdmurray, cyphermox - could one of you chair the meeting?
[19:10] <cyphermox> ok
[19:10] <micahg> I'm here as well
[19:10] <cyphermox> #startmeeting Developer Membership Board
[19:10] <meetingology> Meeting started Mon Feb 26 19:10:54 2018 UTC.  The chair is cyphermox. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[19:10] <meetingology> Available commands: action commands idea info link nick
[19:11] <cyphermox> #topic Review of previous action items
[19:11] <cyphermox> sil2100: to add budgie-extras to fossfreedom's PPU set
[19:11] <cyphermox> ^ that's done, cool
[19:11] <cyphermox> bdmurray: to handle mapreri's PPU-addition request
[19:12] <bdmurray> I submitted a bug report to that special project, let me have a look at it.
[19:12] <bdmurray> bug 1747093
[19:12] <bdmurray> I'll ping a TB member about it.
[19:13] <mapreri> bad TB :>
[19:13] <tsimonq2> heh
[19:13] <cyphermox> alrighty
[19:13] <cyphermox> #topic Package Set/Per Package Uploader Applications
[19:14] <cyphermox> tsimonq2: the one issue I see though is that typically we ask to have a week's lead time to be able to review the application before doing the DMB meeting
[19:14] <tsimonq2> Yes, I understand.
[19:14] <cyphermox> to be fair, let's make sure that's written down somewhere
[19:15] <tsimonq2> It is, but it's a "should" ;)
[19:15] <rbasak> It's documented already at https://wiki.ubuntu.com/DeveloperMembershipBoard/ApplicationProcess
[19:15] <rbasak> I don't think we need to have a strict policy on it, since we can vote with our...votes as needed.
[19:16] <cyphermox> any DMB members here opposing the review today?
[19:16] <micahg> I know there were some questions of viability of application by email already
[19:16] <bdmurray> I thought rbasak had asked a question about the application.
[19:16] <rbasak> I don't oppose, but I may end up being -1 subject to more information or time.
[19:16] <rbasak> If indeed I'm here to vote.
[19:16] <tsimonq2> bdmurray: That was solved I believe.
[19:17] <rbasak> I am still struggling to understand exactly what is blocking on you not being able to upload these packages.
[19:17] <bdmurray> tsimonq2: I think a response should have been sent to the original query even if it was addresed out of band.
[19:17] <rbasak> I found three uploads. Are there any more?
[19:17] <tsimonq2> There's four packages in main.
[19:17] <tsimonq2> rbasak: Yes, there's quite a bit more.
[19:18] <tsimonq2> bdmurray: Sure, apologies.
[19:18] <rbasak> tsimonq2: your third table seems to have uploads that you performed without sponsorship.
[19:18] <rbasak> Which is great for the DMB to review of course.
[19:18] <rbasak> It's useful to have in the application.
[19:18] <rbasak> But first I'd like to understand what you're being blocked in uploading.
[19:19] <tsimonq2> I can't land the stack via the CI Train myself because four packages in the stack aree in main.
[19:19] <rbasak> And the best way to demonstrate that is with a list of sponsored uploads, so we can see your work, what sorts of uploads they were, who sponsored them, etc.
[19:19] <tsimonq2> Sure, I understand.
[19:21] <tsimonq2> For uploads, mitya57 and LocutusOfBorg sponsor things for me nowadays.
[19:21] <tsimonq2> (With Qt.)
[19:21] <tsimonq2> It's a bit hard to see who pressed the button on Bileto but it's been one of them.
[19:22] <rbasak> I found three uploads> FTR, I think three is fine for an experienced uploader helping with transitions etc.
[19:23] <rbasak> I haven't decided how you fit with that for myself yet though, because I'm not sure I understand (yet) your existing contributions.
[19:23] <tsimonq2> OK; ftr I helped with the 5.7.1, 5.9.0, 5.9.1, 5.9.2 transitions  in Debian and Ubuntu  and 5.9.3 and 5.9.4 in  Ubuntu only.
[19:24] <tsimonq2> I did 5.9.3 and 5.9.4 myself, with 5.9.2 being mostly me
[19:24] <tsimonq2> 5.9.0 was a joint effort.
[19:24] <rbasak> OK, but what specifically did that involve for you in Ubuntu?
[19:25] <tsimonq2> 5.9.2+ was merging from Debian or doing Ubuntu-specific uploads.
[19:26] <tsimonq2> 5.9.2 was mostly syncs while 5.9.3+ is Ubuntu-only with the whole stack.
[19:26] <tsimonq2> This also involved the normal transition stuff like no-change rebuilds, etc.
[19:27] <tsimonq2> I did some work with 5.7 but that was *mostly* Mirv and mitya57, both of which have eendorsed my application.
[19:27] <tsimonq2> Does that answer your questions?
[19:28] <tsimonq2> For the record, this is 5.9.4: https://bileto.ubuntu.com/#/ticket/311
[19:28] <tsimonq2> er
[19:28] <tsimonq2> https://bileto.ubuntu.com/#/ticket/3113
[19:28] <tsimonq2> With the exception of one qttools upload, that was all me.
[19:30] <tsimonq2> I'm not done yet either, qtwebengine is building and should be ready to land tobnight, as well as qtwebview.
[19:30] <tsimonq2> *tonight
[19:31] <tsimonq2> Is that all for questions? :)
[19:33] <tsimonq2> (Hello?)
[19:33] <rbasak> Can I see some diffs of what you actually uploaded to Ubuntu with sponsorship? I'm not sure how to get that.
[19:33] <rbasak> (apart from the three I found)
[19:34] <tsimonq2> https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.9.3+dfsg-0ubuntu1
[19:35] <tsimonq2> https://launchpad.net/ubuntu/+source/qtsvg-opensource-src/5.9.3-0ubuntu1
[19:36] <tsimonq2> I'm on mobile so it's taking me a bit, but the 5.9.3 transition was sponsored via Bil
[19:36] <tsimonq2> *Bileto
[19:37] <tsimonq2> I believe LocutusOfBorg did the review and pressed the button.
[19:37] <tsimonq2> 5.9.2 should be similar
[19:38] <tsimonq2> https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.9.2+dfsg-4ubuntu1
[19:38] <tsimonq2> etc.
[19:38] <tsimonq2> Would you like me to find additional uploads?
[19:39] <bdmurray> I personally need some more time to review specifically the diffs rbasak is requesting.
[19:39] <tsimonq2> Sure, no problem.
[19:39]  * LocutusOfBorg is here in case you want some answer
[19:40] <tsimonq2> You can also find a lot on the ubuntu+1 branches of  the packages here: https://salsa.debian.org/qt-kde-team/qt//
[19:40] <bdmurray> To be clear I mean more time than I think we have in this meeting.
[19:40] <tsimonq2> Alright, no problem at all.
[19:41] <tsimonq2> Does the rest of the DMB concur?
[19:41] <rbasak> I agree with bdmurray
[19:41] <rbasak> Could you update your application so that we have a link to sponsored Ubuntu diffs please?
[19:42] <tsimonq2> Alright. Can we continue this on the mailing list then? Thd d
[19:42] <rbasak> Yeah
[19:42] <rbasak> Continue on the ML, and we'll schedule another meeting when we're ready.
[19:42] <tsimonq2> Sure.
[19:42] <tsimonq2> Thanks everyone,
[19:42] <rbasak> That diff is one of the three I had found :)
[19:43] <tsimonq2> OK ;)
[19:44] <cyphermox> bdmurray: alright
[19:44] <bdmurray> tsimonq2: So to ease the process I think you could provide us specific links to diffs showing your work.
[19:44] <cyphermox> there's a core dev app for next month, yikes
[19:45] <cyphermox> let's go the rest of this review on the ML, though
[19:45] <tsimonq2> bdmurray: Sure.
[19:45] <cyphermox> #topic AOB?
[19:45] <bdmurray> Going back in time - I goofed about the PPU request and didn't email the TB.
[19:45] <bdmurray> I'll fix that today.
[19:46] <mapreri> put an #action to review my ppu bug next time again?
[19:46] <cyphermox> mapreri: alrady there.
[19:46] <cyphermox> #action bdmurray to email the TB about mapreri's PPU.
[19:46] <meetingology> ACTION: bdmurray to email the TB about mapreri's PPU.
[19:46] <cyphermox> anything else?
[19:46] <mapreri> ta :)
[19:47] <bdmurray> I don't think so.
[19:47]  * rbasak has to run
[19:47] <cyphermox> ok, let's wrap this up
[19:47] <cyphermox> who's next chair?
[19:47] <sil2100> I can
[19:47] <cyphermox> ack
[19:47] <cyphermox> #endmeeting
[19:47] <meetingology> Meeting ended Mon Feb 26 19:47:53 2018 UTC.
[19:47] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-02-26-19.10.moin.txt
[19:47] <cyphermox> thanks everyone!
[19:48] <bdmurray> cyphermox: thank you for chairing
[19:48] <sil2100> Thanks!
[19:48] <mapreri> bdmurray: can't you just add ~techboard to the bug subscribers?
[19:48] <tsimonq2> bdmurray: Er, so uploads that I have upload access to and were sponsored + stuff in main, or just stuff in main?
[19:48] <sil2100> cyphermox: thanks for chairing :)
[19:48] <tsimonq2> Thanks everyone! Much appreciated :)
[19:48] <bdmurray> mapreri: That's not what our documentation regarding the process says.
[19:49] <mapreri> bdmurray: ok (just to me it feels weird to file a bug the target people won't receive and then manually mail *shrug*)
[19:50] <bdmurray> tsimonq2: uploads which you have had sponsored for the four additional packages for which you are requesting upload rights
[19:50] <tsimonq2> bdmurray: Sure, will do, thanks!
[22:18] <rbasak> bdmurray, mapreri: it's not in the process because we can't actually do it (ACL restriction).