| === not_phunyguy is now known as phunyguy | ||
| === genii is now known as genii-core | ||
| === not_phunyguy is now known as phunyguy | ||
| cpaelzer | pre-ping for MIR ddstreet doko sarnold didrocks jamespage | 14:29 |
|---|---|---|
| * cpaelzer lights a multi-dimensional campfire (for those with flooding it is warm and dry, for those with heat issues it is a cooling fire, for everyone else it is whatever they need) | 14:29 | |
| cpaelzer | #startmeeting Weekly Main Inclusion Requests status | 14:30 |
| meetingology | Meeting started at 14:30:25 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology | 14:30 |
| meetingology | Available commands: action, commands, idea, info, link, nick | 14:30 |
| cpaelzer | no old actions to look at | 14:30 |
| cpaelzer | #topic current component mismatches | 14:30 |
| didrocks | hey | 14:30 |
| cpaelzer | #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg | 14:30 |
| cpaelzer | #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg | 14:30 |
| sarnold | good morning | 14:31 |
| cpaelzer | hiho | 14:31 |
| sarnold | I like this multidimensional fire idea | 14:31 |
| cpaelzer | these seem to contain the same as recently | 14:31 |
| cpaelzer | let us check the status | 14:31 |
| cpaelzer | fence-agents still on security via https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/1927004 | 14:31 |
| ubottu | Launchpad bug 1927004 in fence-agents (Ubuntu) "[MIR] fence-agents" [Undecided, New] | 14:31 |
| cpaelzer | cherrypy on jamespage | 14:32 |
| cpaelzer | oh this one | 14:32 |
| cpaelzer | screen-resolution-extra -> policykit-1-gnome | 14:32 |
| didrocks | this is an alternative, I remember we used to have already c-m picking the wrong one and we had to workaroudn it, but did anyone of you remember what we did exactly? | 14:32 |
| cpaelzer | didrocks: you said last week you wanted to take a loolk | 14:32 |
| didrocks | http://launchpadlibrarian.net/544364041/screen-resolution-extra_0.18build2_0.18.1.diff.gz | 14:32 |
| cpaelzer | look | 14:32 |
| didrocks | it’s fullfiled by gnome-shell already | 14:32 |
| cpaelzer | ok so we consider this done and it will vanish from this view in some time | 14:33 |
| cpaelzer | thanks didrocks | 14:33 |
| didrocks | cpaelzer: no no | 14:33 |
| didrocks | it’s not done | 14:33 |
| cpaelzer | oh | 14:33 |
| didrocks | the issue is triggered by this diff | 14:33 |
| cpaelzer | then I misinerpreted "fulfilled" | 14:33 |
| cpaelzer | oh I see | 14:33 |
| cpaelzer | thanks | 14:33 |
| didrocks | and this diff is for every flavor not picking up gnome-shell | 14:33 |
| didrocks | so, the issue is in component-mismatch | 14:33 |
| didrocks | and I don’t remember how we workarounded it in other cases in the past… | 14:34 |
| sarnold | I think "oh that's a holdovre from..." | 14:34 |
| sarnold | (like terminator, esmtp, etc) | 14:34 |
| didrocks | yeah | 14:35 |
| cpaelzer | yes | 14:35 |
| cpaelzer | + policykit-1-gnome | gnome-shell | polkit-1-auth-agent, | 14:35 |
| cpaelzer | ok I'll try to remember this is part of that group | 14:35 |
| cpaelzer | thanks for checking didrocks | 14:35 |
| didrocks | yw | 14:35 |
| cpaelzer | #topic New MIRs | 14:35 |
| cpaelzer | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir | 14:35 |
| cpaelzer | still no action by doko on flashrom/libftdi :-/ | 14:35 |
| cpaelzer | I'll contact him and matt offline via a mail | 14:36 |
| * didrocks is surprised on busybox not being in main… | 14:36 | |
| cpaelzer | as I'd love to get it out of this stage in some way (continue or abort it) | 14:36 |
| cpaelzer | didrocks: lets us talk about busybox | 14:36 |
| cpaelzer | I guess we can agree and promite it right away | 14:36 |
| cpaelzer | TL;DR busyboy is in main, this is about an extra binary from the src package to be promoted | 14:36 |
| cpaelzer | Usually people ask that on the old MIR bugs | 14:37 |
| cpaelzer | but this one is so old, it has no MIR bug | 14:37 |
| sarnold | I wouldn't be surprised if there's outstanding cves in busybox that we've ignored, something like their tools for downloading files don't check tls certificates.. | 14:37 |
| didrocks | ah ack only one binary missing, I was wondering for a while with what I was playing after happy testing in casper :p | 14:37 |
| cpaelzer | sarnold: why would those have been ignroed? | 14:38 |
| cpaelzer | as far as I ahve looked it seems to be a differnt build from the same source | 14:38 |
| cpaelzer | so no "new code" to be promoted | 14:38 |
| cpaelzer | I'd like to understand why in this scenario CVEs would have been ignored, to get a feeling if this needs only MIR ack or also security re-review | 14:38 |
| didrocks | yeah, it’s only the dynamic linking (the static is in main) if I read the MIR correctly | 14:38 |
| cpaelzer | yes didrocks - that should be it | 14:39 |
| sarnold | cpaelzer: because busybox is often used in environments where 'the usual things' are broken / missing / intentionally unavailable | 14:39 |
| cpaelzer | ah but now you could use it in "others environments" | 14:39 |
| sarnold | yeah | 14:39 |
| cpaelzer | and that might change the attack surface | 14:39 |
| cpaelzer | ok thanks | 14:39 |
| cpaelzer | I think this is a trivial review from the MIR POV (nt a full one), but a more coplex one from the security side then | 14:40 |
| didrocks | looks like it | 14:40 |
| sarnold | heh, alas yes.. | 14:40 |
| cpaelzer | but since this is a server case I'd want to ask if someone else could do the MIR-check on this | 14:40 |
| cpaelzer | to not look like special-case-self-signed-off | 14:40 |
| cpaelzer | since no one but the three of us seem available, would you didrocks be able to do that MIR check there? | 14:40 |
| cpaelzer | and then probably assign it to security to get thie rre-eval? | 14:41 |
| didrocks | cpaelzer: will do | 14:41 |
| cpaelzer | oh btw #action cpaelzer to clarify libftdi with matt/doko | 14:41 |
| cpaelzer | #action cpaelzer to clarify libftdi with matt/doko | 14:41 |
| meetingology | ACTION: cpaelzer to clarify libftdi with matt/doko | 14:41 |
| cpaelzer | thanks didrocks | 14:41 |
| cpaelzer | that gets us to the next agenda item | 14:41 |
| didrocks | yw! | 14:41 |
| cpaelzer | #topic Incomplete bugs / questions | 14:42 |
| cpaelzer | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir | 14:42 |
| cpaelzer | sdl is me, that will soon be ready for promotion | 14:42 |
| cpaelzer | no action needed | 14:42 |
| doko | o/ | 14:42 |
| cpaelzer | flatpack ... | 14:42 |
| cpaelzer | reading | 14:42 |
| cpaelzer | oh we marked it incomplete last week | 14:42 |
| cpaelzer | ok nothing new | 14:42 |
| cpaelzer | welcome doko | 14:42 |
| cpaelzer | before I send you a mail doko, would you this week have time to resolve flashrom/libftdi ? | 14:43 |
| cpaelzer | I have asked a few weeks in a row and some way it should get off our incoming list | 14:43 |
| doko | right, it should be updated, fwupd needs a dependency | 14:43 |
| cpaelzer | I've outlined it a few times already, it is about a non MIR-team evaluation wihch seems "approved" by you | 14:43 |
| doko | yes, but I don't want to see it. fwupd needs to build with that support. waiting for an upload now | 14:44 |
| cpaelzer | an upload of fwupd to pull it in? | 14:45 |
| doko | yes | 14:45 |
| doko | jawn-smith working on it | 14:46 |
| cpaelzer | so this was an approval by you then back on 2021-03-11 | 14:46 |
| cpaelzer | if you could confirm this now that would be helpful, then I could do an update and set the bug to the right states | 14:47 |
| jawn-smith | o/ I can do upload a change with a dependency | 14:48 |
| jawn-smith | s/do// | 14:49 |
| cpaelzer | jawn-smith: I was mostly concerned because the bug looked like needing a review still | 14:49 |
| cpaelzer | this is now clarified and I have updated the bug | 14:49 |
| cpaelzer | you can do the upload now and then promotion to main can happen | 14:49 |
| cpaelzer | and it is by now gone from the MIR-team incoming queue | 14:49 |
| cpaelzer | Thanks for all the clarifications, we look good again now ... | 14:50 |
| cpaelzer | #topic Any other business? | 14:50 |
| jawn-smith | excellent, thanks! | 14:50 |
| cpaelzer | nothing from me | 14:50 |
| sarnold | \o/ | 14:50 |
| sarnold | nothing from me | 14:50 |
| didrocks | nothing either | 14:50 |
| cpaelzer | ok timeout :-) | 14:55 |
| cpaelzer | see you all next week then | 14:55 |
| sarnold | woot, thanks cpaelzer, all :) | 14:55 |
| cpaelzer | thanks | 14:55 |
| cpaelzer | #endmeeting | 14:55 |
| meetingology | Meeting ended at 14:55:43 UTC. Minutes at https://new.ubottu.com/meetingology/logs/ubuntu-meeting/2021/ubuntu-meeting.2021-06-29-14.30.moin.txt | 14:55 |
| didrocks | see you o/ | 14:55 |
| === genii-core is now known as genii | ||
| cyphermox | o/ | 18:57 |
| rbasak | o/ | 18:57 |
| rbasak | mdeslaur: around? | 19:04 |
| rbasak | vorlon? | 19:04 |
| * rbasak doesn't see sil2100 here | 19:04 | |
| * rbasak goes back to his evening | 19:19 | |
| === genii is now known as genii-core | ||
| === JanC_ is now known as JanC | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
