[14:58] <slashd> o/
[15:00] <rbasak> o/
[15:00] <jbicha> o/
[15:03] <tsimonq2> o/
[15:03] <rbasak> We have quorum. Who will chair?
[15:03] <rbasak> I have a meeting at quarter past the hour. Though I think I can probably multitask, I would like to avoid chairing in case I hold things up then.
[15:04] <sil2100> I'm around but busy with .5
[15:04] <sil2100> Very busy
[15:04] <tsimonq2> I have a meeting that was scheduled for now but the other individual is late... so no guarantees.
[15:05] <slashd> We have an applicant today I think
[15:05] <rbasak> blackboxsw: here?
[15:05] <jbicha> um, I guess I can chair
[15:05] <jbicha> give me a moment to look up the commands
[15:06] <jbicha> #startmeeting
[15:06] <meetingology> Meeting started Mon Jul 30 15:06:16 2018 UTC.  The chair is jbicha. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[15:06] <meetingology> Available commands: action commands idea info link nick
[15:06] <blackboxsw> hello hello rbasak
[15:06] <blackboxsw> yep, just back from 2 week vacation o/
[15:06] <slashd> jbicha, I can chair the next one, I never did it yet.
[15:06] <tsimonq2> I can take the one after that then.
[15:07] <jbicha> #topic Review of previous action items
[15:07] <jbicha> * cyphermox to sort out ML / IRC channel accesses
[15:07] <jbicha> I believe that's all taken care of
[15:08] <jbicha> #topic Package Set / Per Package Uploader Applications
[15:08] <jbicha> #subtopic blackboxsw requesting PPU for cloud-init & curtin
[15:09] <jbicha> #link https://wiki.ubuntu.com/ChadSmith/DeveloperPerPackageUploadApplication
[15:09] <blackboxsw> thanks jbicha.
[15:09] <jbicha> blackboxsw: could you start by introducing yourself? :)
[15:09] <blackboxsw> certainly...
[15:10] <blackboxsw> I'm a member of the Canonical server team and work closely with Scott Ryan and Josh as primary contributors of cloud-init and curtin  upstream
[15:11] <blackboxsw> I've been at Canonical since Nov 2011 and worked with Landscape, Charm Curtin and cloud-init
[15:11] <blackboxsw> sorry typo..  Landscape, maas juju, openstack curtin and cloud-init in my time here.
[15:12] <blackboxsw> I love system management problems and improving enterprise software to make it easier to use and understand.
[15:12] <blackboxsw> I've been exclusively on the ubuntu server team since Apr 2017 I believe and focused solely on cloud-init and curtin.
[15:13] <blackboxsw> prior to Canonical I was at HP in the open source and linux lab setting up system management on HP Itanium and ProLiant as well as HP cloud infrastructure(devops)
[15:14] <blackboxsw> also, a soccer fan, and former competitive ultimate frisbee player  :)
[15:14] <jbicha> blackboxsw: I'm looking at https://launchpad.net/~chad.smith/+uploaded-packages and I see 2 uploads for cloud-init (and SRUs) and 2 for curtin
[15:15] <blackboxsw> jbicha: that view only shows latest of any packege/series  since Debian's retirement of alioth  we couldn't search upload history well for ubuntu packages so I wrote a script to help folks
[15:15] <slashd> jbicha, there is more than that here: https://udd.debian.org/cgi-bin/ubuntu-sponsorships.cgi?render=html&sponsor=&sponsor_search=name&sponsoree=Chad+Smith&sponsoree_search=name
[15:15] <jbicha> I think normally the DMB expects more sponsored uploads before granting direct upload rights
[15:15] <blackboxsw> it's linked from my proposal let me get it
[15:15] <blackboxsw> and please feel free to use the script :)
[15:15] <blackboxsw> for others since that app is dead
[15:15] <blackboxsw> jbicha: https://wiki.ubuntu.com/ChadSmith/PackageUploads
[15:16] <blackboxsw> I thought about writing a simple web microservice to host basically the same querystring search terms as the old   ubuntu-sponsorships.cgi which no longer exists
[15:17] <blackboxsw> I may get to that soon, but vacation got in the way :)
[15:17] <blackboxsw> ahh thanks for th enew link for ubuntu-sponsorships.... I thought it was dead and gone
[15:18] <blackboxsw> sorry,  launchpad seems to limit the uploaded-packages view to only the latest release per series
[15:18] <blackboxsw> slashd: I hadn't known about that app showing up. thanks
[15:18] <slashd> blackboxsw, yw
[15:19] <blackboxsw> hey ahasenack
[15:19] <ahasenack> fly on the wall
[15:19] <slashd> blackboxsw, can you tell me a few thing things you would look at as a sponsor before uploading a patch in the upload queue and why ?
[15:22] <blackboxsw> slashd: I'm all about tooling and generating documented, repetitive results. So, most of the work I'm doing for cloud-init and curtin is to improving tooling and automated documentation around our SRU upload process. Limit our SRU exceptions by making our automated and manual testing  simpler and faster so we can cover more integration friction points
[15:24] <blackboxsw> I've started extending tooling to allow us to launch instances on various clouds for integration testing, improved our customer visible documentation content on cloudinit.readthedocs.orc and curtin.readthedocs.org and been the primary driver and test validation developer during most of the last 5 cloud-init srus.
[15:24] <blackboxsw> what I'm hoping to do is keep smoser out of the equation when we actually have to physically upload the bits after SRU validation has passed on all platforms. :)
[15:25] <blackboxsw> we can't have a single point of failure on curtin or cloud-init and I want to allow us to have more than one person who can fix the products of critical public-facing issues arise
[15:26] <blackboxsw> in case someone gets sick. which scott never does :)
[15:27] <slashd> blackboxsw, good where would you look for a package stuck in -proposed for more than 2 weeks for instance ?
[15:28] <blackboxsw> also, I've started building a history of our SRU validation tests which help us better collect and document scripts developed to test certain feature aspects and results  so we can leverage them into some of our automated tooling.   https://github.com/cloud-init/ubuntu-sru/tree/master/20180620
[15:28] <blackboxsw> I collect that content for each SRU so when we get enough use-cases we can develop integration tests that cover certain features in our  CI.
[15:29] <tsimonq2> blackboxsw: After slashd's question, where would you go to look if an SRU has regressed and has not been fully phased in?
[15:29] <blackboxsw> slashd: not sure if you were asking about queues
[15:29] <blackboxsw> I generally check the following during SRU process: ttps://launchpad.net/ubuntu/bionic/+queue?queue_state=1&queue_text=cloud-init
[15:29] <blackboxsw> https://launchpad.net/ubuntu/bionic/+queue?queue_state=1&queue_text=cloud-init    for each series under test
[15:30] <slashd> blackboxsw, the package has is built in -proposed, verification-done-$RELEASE, the 7 days waiting is done, but package doesn't move into -update for instance
[15:30] <blackboxsw> if something was stuck there I'd bing in ubuntu-devel channel so ask for assistance
[15:30] <blackboxsw> I normally also look over the age and related bugs @ https://people.canonical.com/~ubuntu-archive/pending-sru.html
[15:30] <slashd> blackboxsw, thanks
[15:30] <tsimonq2> blackboxsw: Thanks.
[15:31] <blackboxsw> for each series I've targeted, make sure that I've tagged those bugs accordingly once I finish attaching validation results
[15:31]  * rbasak has a couple of questions when you're ready
[15:32] <blackboxsw> so I thought there was an sru regresson tag like sru-verification-failed if I did hit a regression bug during testing
[15:32] <blackboxsw> like"verification-failed-$RELEASE"
[15:32] <blackboxsw> per https://wiki.ubuntu.com/StableReleaseUpdates
[15:34] <blackboxsw> tsimonq2: was that your question? I would tag it sru-verification-failed to ensure it didn't get phased in.
[15:34] <blackboxsw> or just the pending-sru.html dashboard as the place to validate status of a queued sryu
[15:34] <blackboxsw> or just the pending-sru.html dashboard as the place to validate status of a queued sru
[15:34] <blackboxsw> rbasak: fire away
[15:34] <tsimonq2> blackboxsw: Correct, but let's say an SRU team member lets it into -updates. It goes through a phasing process before actually being landed to all users.
[15:35] <tsimonq2> Where do you find the status of that?
[15:35]  * rbasak holds on
[15:35] <blackboxsw> ahh. I actually don't know where to look for that
[15:36] <blackboxsw> rmadison tells me once package has actually published to -updates... but hmm
[15:37] <tsimonq2> blackboxsw: For future reference, https://people.canonical.com/~ubuntu-archive/phased-updates.html and http://www.murraytwins.com/blog/?p=127 are worth looking into.
[15:37] <tsimonq2> That's it for me.
[15:37] <blackboxsw> I can find that the package is in accepted state in https://launchpad.net/ubuntu/bionic/+queue?queue_state=4&queue_text=cloud-init   ... but hmm
[15:37] <jbicha> blackboxsw: btw, see https://wiki.ubuntu.com/StableReleaseUpdates#Phasing
[15:37] <blackboxsw> ahh good deal, bookmarking now thanks tsimonq2
[15:37] <tsimonq2> jbicha's link too; that's where I got to both links.
[15:38] <rbasak> blackboxsw: how would you handle a feature release to cloud-init that happens after feature freeze in Ubuntu?
[15:39] <blackboxsw> since cloud-init has an SRU exception, I would go through the exception testing process for cloud-init documented here https://wiki.ubuntu.com/CloudinitUpdates
[15:40] <blackboxsw> if it is a large changeset, not a single cherry pick of a bug, I would create an SRU process bug like the following...
[15:40] <blackboxsw> https://bugs.launchpad.net/bugs/1777912
[15:41] <blackboxsw> within it we have to capture any ubuntu-specific functional changes made from a documentation standpoint
[15:42] <blackboxsw> minimally we allow CI to cover most cases (which integration tests on lxd,ec2 and kvm platforms, and we manually integration test  on platforms like : azure, gce,  openstack
[15:43] <blackboxsw> I do clean install and  upgrade testing on each platform to make sure we don't have regresssions during that process for instances or 'pets' which are upgraded
[15:43] <blackboxsw> *new* instances or 'pets'
[15:44] <tsimonq2> blackboxsw: What about in the development release of Ubuntu, prior to it being declared stable?
[15:44] <blackboxsw> after verification is done and all logs attached to the SRU bug pass, we request validation from MAAS and CDOQA
[15:46] <blackboxsw> there's an exception process that we went through this last time I thought. I'll see if I can dig that up. in this case for IBM we had a bug that needed fixing after bionic transitioned after feature freeze.
[15:46] <blackboxsw> https://wiki.ubuntu.com/FreezeExceptionProcess
[15:48] <rbasak> OK, thanks. Second question: have you ever done an SRU that isn't a backport from a latest upstream release? Or a development upload that isn't a new upstream release?
[15:48] <blackboxsw> so the FFE required an FFE bug and then a resulting set of verification steps.
[15:50] <blackboxsw> rbasak: I believe I've been involved in at least two cloud-init SRUs that were cherry picks of individual bugs backported to a given series. there was content in tip that we didn't want to leak back to xenial or artful  as it changed behavior.
[15:50] <blackboxsw> we have tooling in both cloud-init and curtin to support cherry picks or upstream snapshots very easily
[15:51] <rbasak> blackboxsw: would you be able to find me an example of one of those uploads please?
[15:51] <blackboxsw> depending on the need. but for all of the content we currently allow into tip/trunk we make sure we develop a simple config switch or enable tiny patch to allow the default behavior of a feature to be preserved in the stable releases.
[15:52] <smoser> 17.2-35-gf576b2a2-0ubuntu1~16.04.2
[15:52] <blackboxsw> rbasak: cloud-init (18.2-4-g05926e48-0ubuntu1~16.04.2) xenial-proposed; urgency=medium
[15:52] <rbasak> Thanks
[15:53] <blackboxsw> my version was IBM specific changes into xenial
[15:53] <blackboxsw> trying to find others
[15:53] <blackboxsw> thanks smoser
[15:54] <blackboxsw> true and smoser's was a break that a community contribution  introduced into Google's datasource which dropped all user-data :/
[15:54] <blackboxsw> so we had to patch that up quick and didn't want to leak all of tip into xenial
[15:54] <jbicha> blackboxsw: maybe a bit off-topic, but… I'm familiar with cloud-init but could you explain more about what curtin is for? it's not installed by default in Ubuntu Server, is it?
[15:56] <blackboxsw> jbicha: curtin is a simple/fast installer for ubuntu onto baremetal, it's primary consumer at the moment is maas.
[15:56] <smoser> (if you search for 04.2 at https://git.launchpad.net/ubuntu/+source/cloud-init/tree/debian/changelog?h=applied/ubuntu/xenial-devel you'll see many of Chad's cherry-pick uploads)
[15:56] <blackboxsw> it allows you to quickly configure network and storage and deploy ubuntu images very quickly as well as passthrough additional cloud-init configuration to the target machine
[15:57] <jbicha> thanks, I haven't really used MAAS much :)
[15:57] <jbicha> last call for questions…
[15:58] <blackboxsw> also it's used by the subiquity installer too (again that'll be under-the-hood for most users).
[15:59] <jbicha> ok
[16:00] <jbicha> #vote Grant blackboxsw PPU for cloud-init & curtain
[16:00] <meetingology> Please vote on: Grant blackboxsw PPU for cloud-init & curtain
[16:00] <meetingology> Public votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)
[16:01] <tsimonq2> jbicha: You probably have to set the people that can vote first.
[16:01] <rbasak> blackboxsw is technically my colleague, though we don't cross paths much (working in different areas). I intend to follow my usual method of abstaining unless there is a unanimous vote and I need to vote to make quorum.
[16:02] <jbicha> +1
[16:02] <meetingology> +1 received from jbicha
[16:02] <blackboxsw> heh s/curtain/curtin :)
[16:02] <jbicha> blackboxsw: I told you I wasn't familiar with it! 😳 thanks
[16:03] <blackboxsw> we'll have to get broader market adoption.... I'll add it to my list ;)
[16:04] <tsimonq2> I would typically abstain because I don't already have upload access to these packages myself, but since I think we're short enough people on the DMB for this meeting, I'll go ahead and vote.
[16:04] <slashd> +1
[16:04] <meetingology> +1 received from slashd
[16:05] <tsimonq2> +1
[16:05] <meetingology> +1 received from tsimonq2
[16:05] <rbasak> sil2100: able to vote?
[16:06] <sil2100> One moment
[16:10] <sil2100> +1
[16:10] <meetingology> +1 received from sil2100
[16:11] <jbicha> rbasak: ^
[16:11] <rbasak> +0
[16:11] <meetingology> +0 received from rbasak
[16:11] <jbicha> #endvote
[16:11] <meetingology> Voting ended on: Grant blackboxsw PPU for cloud-init & curtain
[16:11] <meetingology> Votes for:4 Votes against:0 Abstentions:1
[16:11] <meetingology> Motion carried
[16:12] <blackboxsw> woot! thanks all!
[16:12] <jbicha> blackboxsw: welcome :)
[16:12] <slashd> Congrats blackboxsw ! Thanks for you great work on cloud-init
[16:12] <ahasenack> congrats blackboxsw
[16:12] <blackboxsw> as always I'll continue to lean on you all if there are questions that arise ;) thanks for all the help in the past
[16:12] <jbicha> this will also grant you Ubuntu membership
[16:13] <jbicha> any volunteers to handle adding him to the appropriate groups and setting up the PPU?
[16:13] <rbasak> https://wiki.ubuntu.com/DeveloperMembershipBoard/KnowledgeBase#Actions_after_a_successful_application is what is needed.
[16:13] <rbasak> I'll be happy to do it.
[16:14] <jbicha> #action rbasak to handle setting up PPU for blackboxsw
[16:14] <meetingology> ACTION: rbasak to handle setting up PPU for blackboxsw
[16:15] <jbicha> #topic MOTU applications
[16:15] <jbicha> Unit193's application is deferred until the next meeting.
[16:15] <jbicha> Please see the discussion on the list about the pseudonym concern. I think we'll want that to be resolved, at least for Unit193's case, by that meeting.
[16:15] <jbicha> #topic Any other business
[16:15] <jbicha> Next meeting is scheduled for Monday, August 13 at 19:00 UTC
[16:17] <jbicha> #endmeeting
[16:17] <meetingology> Meeting ended Mon Jul 30 16:17:32 2018 UTC.
[16:17] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-07-30-15.06.moin.txt
[16:18] <blackboxsw> thanks rbasak for the setup
[16:25] <sil2100> o/
[16:31] <mdeslaur> \o
[16:32] <ratliff> \o/
[16:32] <ratliff> #startmeeting
[16:32] <meetingology> Meeting started Mon Jul 30 16:32:11 2018 UTC.  The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
[16:32] <meetingology> Available commands: action commands idea info link nick
[16:32] <ratliff> The meeting agenda can be found at:
[16:32] <ratliff> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
[16:32] <ratliff> [TOPIC] Announcements
[16:32] <ratliff> Thanks to Thinh Hoang Quoc (g4mm4) for reporting  a subdomain takeover issue with the discourse.ubuntu.com domain.
[16:32] <ratliff> Your work is very much appreciated and will keep Ubuntu users secure. Thank you!
[16:33] <ratliff> The Ubuntu Security team is hiring. See https://grnh.se/8c0a6c1f1 for more details.
[16:33] <ratliff> [TOPIC] Weekly stand-up report
[16:33] <ratliff> jdstrand: you're up
[16:35] <mdeslaur> zzzzz
[16:35] <mdeslaur> ok, I'll go
[16:35] <mdeslaur> I'm on community this week, and since one of my co-workers is slacking off on some beach somewhere, I'll be doing triage too
[16:35] <jdstrand> sorry
[16:35] <mdeslaur> I have some mysql updates to publish
[16:35] <mdeslaur> and an embargoed issue to test and publish too
[16:36] <mdeslaur> after that, I'll be going down the list as usual
[16:36] <mdeslaur> that's about it
[16:36] <mdeslaur> jdstrand: you're up
[16:36] <jdstrand> This week I plan on working on:
[16:36] <jdstrand> - miscellaneous snapd reviews (notably, anbox, but also a few others)
[16:36] <jdstrand> - brand store snap declarations
[16:36] <jdstrand> - various followups for Debian AppArmor MR reviews
[16:36] <jdstrand> - an embargoed item
[16:36] <jdstrand> - kubernetes interface as have time
[16:36] <jdstrand> that's it from me. who is after me, jjohansen?
[16:37] <jjohansen> I need to finish up with bug 1780227
[16:37] <jjohansen> need to look into 1783922 and report regression around bind mounts on 4.18
[16:37] <jjohansen> review sarnold's debconf presentation
[16:38] <jjohansen> I have david's mount patches to review, and mjg's packet labeling patches to review also
[16:38] <jjohansen> and I am off Wednesday and Thursday so I doubt I will get all of that done
[16:38] <jjohansen> sarnold: you're up
[16:38] <sarnold> I'm in the happy place this week; I'm going to debconf, so much travel, then conference, presentation, and then returning next week. I'm unlikely to have much traction on the xdg portal gtk backend mir, but I'll try to fit some in
[16:39] <sarnold> that's it for me, chrisccoulson?
[16:39] <chrisccoulson> I've got a chromium update to do
[16:39] <chrisccoulson> I'm also working on an embargoed issue
[16:40] <chrisccoulson> it's a short week for me this week, but I hope to have thunderbird 60 prepared before I finish too
[16:40] <chrisccoulson> that's me done
[16:40] <ratliff> I'm in the happy place this week.
[16:40] <ratliff> I have internal and embargoed work to do.
[16:40] <ratliff> leosilva: your turn
[16:40] <leosilva> I'm in the happy place this week.
[16:41] <leosilva> I'm working on the mysql-5.5 update for precise
[16:41] <leosilva> Other than that I'm on free season hunting new pkgs.
[16:41] <leosilva> msalvatore: I think is your turn
[16:41] <msalvatore> Last week I published fixes for CVE-2018-10866 and CVE-2016-10727.
[16:41] <msalvatore> I'm in the happy place this week.
[16:42] <msalvatore> This morning I published a fix for CVE-2018-10900.
[16:42] <msalvatore> This week I plan to work on firming up our policies and tooling for CVE prioritization with respect to universe packages in support of Expanded ESM.
[16:42] <msalvatore> That's it for me. ebarretto, you're up.
[16:42] <ebarretto> - I'm in the happy place this week
[16:42] <ebarretto> - started working on package updates. The first package that I've updated went public today: libonig (trusty and xenial). Any feedback or complaints, please let us know. :)
[16:42] <ebarretto> - I am continuing on package updates, next package: capnproto.
[16:42] <ebarretto> - still catching up/learning the team tasks, processes and information
[16:43] <ebarretto> that's it from me!
[16:43] <ratliff> thanks!
[16:43] <ratliff> [TOPIC] Highlighted packages
[16:43] <ratliff> The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so.
[16:43] <ratliff> See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
[16:43] <ratliff> [TOPIC] Miscellaneous and Questions
[16:43] <ratliff> Does anyone have any other questions or items to discuss?
[16:45] <ratliff> jdstrand, mdeslaur, jjohansen, sarnold, chrisccoulson, leosilva, msalvatore, ebarretto: Thanks!
[16:45] <mdeslaur> thanks ratliff!
[16:45] <ratliff> #endmeeting
[16:45] <meetingology> Meeting ended Mon Jul 30 16:45:40 2018 UTC.
[16:45] <meetingology> Minutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-07-30-16.32.moin.txt
[16:45] <msalvatore> thanks, ratliff
[16:45] <leosilva> thanks ratliff!
[16:45] <jjohansen> thanks ratliff
[16:46] <sarnold> thanks ratliff!
[16:49] <ebarretto> thanks ratliff!