[16:30] \o [16:30] startmeeting [16:31] #startmeeting [16:31] Meeting started Mon Mar 26 16:31:46 2018 UTC. The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [16:31] Available commands: action commands idea info link nick [16:32] The meeting agenda can be found at: [16:32] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:32] [TOPIC] Announcements === meetingology changed the topic of #ubuntu-meeting to: Announcements [16:32] Thanks to Simon Quigley (tsimonq2) for providing an update in xenial for atril (LP: #1735418) and updates in xenial and artful for plasma-workspace (LP: #1748247) [16:32] Launchpad bug 1735418 in atril (Ubuntu Bionic) "[CVE] Command injection with cbt files" [Medium,Fix released] https://launchpad.net/bugs/1735418 [16:33] Launchpad bug 1748247 in plasma-workspace (Ubuntu Bionic) "[CVE] Arbitrary command execution in the removable device notifier" [High,Fix released] https://launchpad.net/bugs/1748247 [16:33] Your work is very much appreciated and will keep Ubuntu users secure. [16:33] The Ubuntu Security Team is hiring! See the job posting at [16:33] [LINK] https://boards.greenhouse.io/canonical/jobs/1084137#.WqvsZ6jwaUk [16:33] [TOPIC] Weekly stand-up report === meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report [16:33] jdstrand: you're up [16:34] hi! [16:34] FYI, the portions of layouts and portals that are for me are now done (there might be some additional PRs here and there, but I think we can now mark the cards as DONE, which I'm in the process of doing). This week I plan to work on: [16:34] - there are a few emergency PRs for 18.04 related to systemd and glvnd breakage [16:34] - steam-support interface [16:34] - lxd partial confinement not working bug [16:34] - org.gnome.Shell.Screencast interface [16:34] - work done the backlog lane as have time [16:34] down* [16:35] I figure after this week I'm going to pivot to snaps and usns [16:35] that's it from me [16:35] * mdeslaur takes the mike [16:35] heh, yes. you're up :) [16:35] is this thing on? [16:35] I'm in the happy place this week [16:36] I just published some more tiff updates [16:36] and I think I've tracked down the regression in unixodbc [16:36] I need to test some wayland updates somehow [16:36] and I'll pick something else off the list [16:36] ratliff: hey thanks :) [16:36] that's about it, sbeattie? [16:36] sbeattie is on vacation this week [16:37] tsimonq2: nice to see you and we thank you! :) [16:37] ah! who's next [16:37] sarnold: you are up [16:37] hey tsimonq2 :) [16:37] I'm on bug triage this week [16:37] I'm working on the volume-key mir, moving down the list.. [16:38] hrm, I can't recall which one is next on the list [16:38] python-nacl [16:38] aha! thanks [16:38] and I saw john check in some apparmor patches, maybe review new patches if he's got them [16:39] and it's a short week, I'm off friday [16:39] that's it for me, chrisccoulson? [16:39] I've got a thunderbird update to do, and also yet another firefox update [16:40] I'll need to spend a small amount of time on 1 embargoed issue [16:40] And I've got 1 internal thing to work on [16:41] Hopefully I'll get back to working on this apparmor audit work after that [16:41] It's a short week for me (I'm off Friday as well) [16:41] That's me done [16:41] I'm on community this week. [16:42] I will mostly focus on internal tasks (including ideally talking to candidates for the Tech Lead job). [16:42] leosilva: on to you [16:42] I'm on cve-triage this week [16:42] I have a zsh to update - zsh that cool bash tool. [16:43] and I'll keep hunting pkgs to update [16:43] that is all, ratliff it's back to you [16:43] [TOPIC] Highlighted packages === meetingology changed the topic of #ubuntu-meeting to: Highlighted packages [16:43] The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel [16:43] free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [16:43] [TOPIC] Miscellaneous and Questions === meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions [16:44] Does anyone have any other questions or items to discuss? [16:46] jdstrand, mdeslaur, sarnold, chrisccoulson, leosilva: Thanks! [16:46] thanks ratliff! [16:46] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [16:46] Meeting ended Mon Mar 26 16:46:58 2018 UTC. [16:46] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-03-26-16.31.moin.txt [16:47] tks ratliff! [16:52] thanks ratliff! [16:52] ratliff: thanks! [19:00] o/ [19:00] o/ [19:01] o/ [19:02] \o [19:03] o/ [19:04] Who wants to chair today? [19:04] I think we have quorum [19:06] o/ [19:07] Ok, guess I'll chair in that case ;) [19:07] One moment [19:07] #startmeeting DMB [19:07] Meeting started Mon Mar 26 19:07:39 2018 UTC. The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [19:07] Available commands: action commands idea info link nick === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB Meeting | Current topic: [19:07] #topic Review of previous action items === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB Meeting | Current topic: Review of previous action items [19:08] sil2100 to add tsimonq2 to ubuntu-qt5-dev and send announcements (done) <- as marked, that has been done [19:08] Did we have anything else? [19:08] Cool. ;) [19:09] I guess not, let's move on in that case [19:09] #topic Ubuntu Core Developer Applications === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB Meeting | Current topic: Ubuntu Core Developer Applications [19:09] #subtopic slashd [19:09] https://wiki.ubuntu.com/slashd/coredev [19:09] slashd: o/ Please introduce yourself [19:10] My name is Eric, I was the first to join the new "SRU Developer" group created last year. This group can only upload in stable release, regardless of component (main, universe, etc). Since then I have sponsored various packages in stable release and worked closely with other experienced Ubuntu developer from different areas. Over the year as a sponsor, I have deal with different scenarios (various packages upload, MIR, ...) which I think [19:10] would convince you to welcome me in the "Core Developer" group. [19:12] Ok, time for questions [19:13] slashd: in the meantime a quick question from me: after which stage it is generally inappropriate to upload packages with visible string changes? [19:14] sil2100, when you talked about stage are you referring to schedule freeze stage ? [19:14] Yes [19:15] After which 'freeze' [19:15] sil2100, UserInterfaceFreeze [19:15] https://wiki.ubuntu.com/UserInterfaceFreeze [19:15] Good [19:16] slashd: have you worked on any merges from Debian to Ubuntu and/or library transitions? [19:17] micahg, I haven't done merges/library transitions as of today, but I did other stuffs such as participating in the +1maintainance, patch pilots, and dealt with 2 MIRs [19:21] slashd: could you tell me what's the current status of LP: #1700827 ? What fixes did you submit upstream from the ones that do_ko outlined during review? [19:21] Launchpad bug 1700827 in pcp (Ubuntu) "[MIR] pcp package" [Medium,Incomplete] https://launchpad.net/bugs/1700827 [19:23] sil2100, I did work with upstream (red hat) at changing the dpkg-source format from native(3.0) to quilt(3.0) as it is a requirement to have a patch system, I also worked on a FTBFS situation where the package was missing some dependencies [19:24] I'd like to suggest the pcp MIR counts outsized here :) this required a lot more work on slashd's part than usual MIR requestors [19:24] sil2100, I closely worked with security team and MIR approval team [19:27] Yeah, I know it was a very difficult one, just wanted to get an overview on how much work was required from slashd [19:27] sarnold: is that an endorsement? :) [19:27] slashd: thanks [19:27] rbasak: yes! yes it is. :) [19:27] slashd: let's say that today you received a customer request to add a package to Bionic in time for 18.04 (I know this isn't your area in Canonical but let's pretend). From an Ubuntu development perspective, which groups of Ubuntu developers will need to review the proposed package and for what? [19:27] sil2100, there was other stuff I don't remember on top of my head, but yeah it was a long standing MIR [19:28] rbasak, a package that not exist in the archive ? or that is part of universe for instance / [19:28] ? [19:28] A package that does not exist in the archive. [19:29] I would tend to contact the archive admin first [19:29] sil2100: upstream pcp folks were doing their own debian packaging; it worked, but wasn't up to the usual quality of packaging. slashd put in the time and effort to bring it up to standard and contribute it back upstream [19:29] Assume that it is unsuitable for Debian for some reason (so we can focus on the Ubuntu bit) [19:29] and security as well to ACK it [19:30] Based on my experience with MIR, I would say that security will probably be one of the first group to evaluate the package and see if this can be ACK or NACK [19:30] sil2100: I wanted radical enough changes to pcp to address the fact that much of the code was written to norms 20 years ago, and slashd helped organize conversations with upstream developers to move it along, prioritize the changes, etc. [19:31] sarnold: (the pcp work is interesting because his name doesn't show up in the debian/changelog or in the upload log) [19:31] slashd: what if the goal for the package is universe and doesn't need to go into main (again, let's pretend :) [19:32] Actually, maybe I'm going into too much detail here. [19:32] Never mind. [19:32] I'll ask this instead: is there anything else special you need for this proposed upload? [19:32] rbasak, sorry I don't know the answer, but I would say that I would ping someone more experimented and ask guidance if that happen one day [19:33] Anything release schedule related you can think of? [19:34] rbasak, well it needs to be before the Feature freeze [19:34] is that what you mean [19:34] ? [19:34] Yes :) [19:34] ok [19:35] I think I'll have a question or two more, but while I figure them out, does anyone else have questions? [19:36] slashd: I see that most of your uploads are as SRUs. Do you expect you'll be doing more work on the development release of Ubuntu now? [19:37] jbicha, yeah I did a lot of SRU for my team (being the only uploader), and of course not having the devel upload right, prevent me to help them more, so yeah you can expect me to participate more in the devlopement release as a sponsor, but also as a developer. [19:37] Note that I'm already doing a lot of gatekeeping job [19:37] ok, thanks [19:37] reviewing bionic debdiff from my colleague before it goes into coredev hands [19:38] so there is a lot of action I do behind the scene for making thing smoother for everyone [19:39] For the record: I've worked with slashd quite a bit. [19:40] And in proposing the Ubuntu SRU developers team, one downside was that it still blocks slashd's team on uploading fixes to the development release in advance of an SRU. slashd still currently needs to get sponsorship for that AIUI. [19:40] Indeed [19:40] My view was that the SRU developers team was worth it by unblocking SRU uploads even if it didn't help directly with development release fixes that sometimes must precede them. [19:41] AIUI slashd could do with core dev so that he can do these, and currently no other team will do. [19:41] SRU developer was and still is really useful. We have a new member since a couple of months now (ddstreet) [19:42] Any other questions? [19:42] slashd's application lays out his current experience nicely for us I think (thanks) but I thought I'd make this rationale clear as well. [19:43] * rbasak is still thinking, but go ahead and start the vote if everyone else is ready [19:44] bdmurray: no questions? [19:44] slashd: I guess one more. What's a seed? A very short summary is fine. [19:44] sil2100: no, thanks for checking [19:44] rbasak, it's a list of package part of the distribution (boot, desktop, , ...) [19:45] classification for package by topics/areas [19:45] slashd: OK. Can you give me an example of a reason an Ubuntu developer might change one? [19:46] (I actually just wanted to check if bdmurray is alive) [19:46] rbasak, demotion of a package from main to universe ? [19:46] OK, great. Thanks :) [19:46] No more questions from me. [19:47] sil2100: I'm not that old [19:48] Is everyone ready to vote? [19:48] * rbasak is ready to vote [19:49] micahg, jbicha: ? [19:49] yes, let's vote :) [19:50] ok [19:50] #vote Grant slashd Ubuntu Core Developer [19:50] Please vote on: Grant slashd Ubuntu Core Developer [19:50] Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname) [19:51] +1 [19:51] +1 received from jbicha [19:52] +0 great technically, but no specific experience with some common dev release activities, I wish there was a way to grant rights for SRU style uploads to the dev release [19:52] +0 great technically, but no specific experience with some common dev release activities, I wish there was a way to grant rights for SRU style uploads to the dev release received from micahg [19:54] +1 I've concerns similar to micahg but think this would help their workflow and believe slashd will assk for help when he needs it. [19:54] +1 I've concerns similar to micahg but think this would help their workflow and believe slashd will assk for help when he needs it. received from bdmurray [19:55] I have a personal rule that I prefer not to vote when I endorse a candidate. In this case I think I'd have endorsed slashd after having chatted to him about the details of his application, but I deliberately didn't do that earlier in this meeting so that I could feel happier voting directly. Based on my personal experience working with slashd, I think that he does well in being cautious in areas he [19:55] is unfamiliar, finds the right people from whom to get advice, and takes on board appropriate advice. I think he's demonstrated that he knows enough about Ubuntu development process that he knows how to ask the right questions. So even though he doesn't have as much knowledge in some areas as I would like, his general approach gives me the confidence that he'll make a good core dev. This combined [19:55] with his need to upload to the development release makes me a narrow +1. [19:55] +1 [19:55] +1 received from rbasak [20:01] apologies for the delay… [20:02] One moment [20:05] +1 (normally since I endorsed I wouldn't vote, but as things are right now Eric's application would still pass even with the absent members voting negative - so, done!) [20:05] +1 (normally since I endorsed I wouldn't vote, but as things are right now Eric's application would still pass even with the absent members voting negative - so, done!) received from sil2100 [20:05] #endvote [20:05] Voting ended on: Grant slashd Ubuntu Core Developer [20:05] Votes for:4 Votes against:0 Abstentions:1 [20:05] Motion carried [20:05] slashd: congratulations! [20:05] thanks everyone for your vote and comment, I appreciate it [20:05] and my taking good note of your advice [20:06] Who wants to add and announce our new core-developer? [20:06] I can take care of that today [20:07] jbicha: thanks! [20:08] #action jbicha to add slashd to core-dev and announce his successful application [20:08] ACTION: jbicha to add slashd to core-dev and announce his successful application [20:08] #topic AOB === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB Meeting | Current topic: AOB [20:08] Anything else? [20:08] I guess we're already pass our meeting time [20:08] So let's finish [20:08] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [20:08] Meeting ended Mon Mar 26 20:08:34 2018 UTC. [20:08] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-03-26-19.07.moin.txt [20:08] Thanks everyone o/ [20:08] thanks sil2100 [20:09] thanks sil2100 bdmurray micahg rbasak jbicha [20:09] darkxst hasn't updated the ubuntu-gnome supported seeds yet, so no action from us is needed there yet [21:26] slashd: congratulations! :D