[14:29] <cpaelzer> pre-ping for MIR ddstreet doko sarnold didrocks jamespage
[14:29]  * cpaelzer lights a multi-dimensional campfire (for those with flooding it is warm and dry, for those with heat issues it is a cooling fire, for everyone else it is whatever they need)
[14:30] <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
[14:30] <meetingology> Meeting started at 14:30:25 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
[14:30] <meetingology> Available commands: action, commands, idea, info, link, nick
[14:30] <cpaelzer> no old actions to look at
[14:30] <cpaelzer> #topic current component mismatches
[14:30] <didrocks> hey
[14:30] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
[14:30] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
[14:31] <sarnold> good morning
[14:31] <cpaelzer> hiho
[14:31] <sarnold> I like this multidimensional fire idea
[14:31] <cpaelzer> these seem to contain the same as recently
[14:31] <cpaelzer> let us check the status
[14:31] <cpaelzer> fence-agents still on security via https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/1927004
[14:32] <cpaelzer> cherrypy on jamespage
[14:32] <cpaelzer> oh this one
[14:32] <cpaelzer> screen-resolution-extra -> policykit-1-gnome
[14:32] <didrocks> this is an alternative, I remember we used to have already c-m picking the wrong one and we had to workaroudn it, but did anyone of you remember what we did exactly?
[14:32] <cpaelzer> didrocks: you said last week you wanted to take a loolk
[14:32] <didrocks> http://launchpadlibrarian.net/544364041/screen-resolution-extra_0.18build2_0.18.1.diff.gz
[14:32] <cpaelzer> look
[14:32] <didrocks> it’s fullfiled by gnome-shell already
[14:33] <cpaelzer> ok so we consider this done and it will vanish from this view in some time
[14:33] <cpaelzer> thanks didrocks
[14:33] <didrocks> cpaelzer: no no
[14:33] <didrocks> it’s not done
[14:33] <cpaelzer> oh
[14:33] <didrocks> the issue is triggered by this diff
[14:33] <cpaelzer> then I misinerpreted "fulfilled"
[14:33] <cpaelzer> oh I see
[14:33] <cpaelzer> thanks
[14:33] <didrocks> and this diff is for every flavor not picking up gnome-shell
[14:33] <didrocks> so, the issue is in component-mismatch
[14:34] <didrocks> and I don’t remember how we workarounded it in other cases in the past…
[14:34] <sarnold> I think "oh that's a holdovre from..."
[14:34] <sarnold> (like terminator, esmtp, etc)
[14:35] <didrocks> yeah
[14:35] <cpaelzer> yes
[14:35] <cpaelzer> + policykit-1-gnome | gnome-shell | polkit-1-auth-agent,
[14:35] <cpaelzer> ok I'll try to remember this is part of that group
[14:35] <cpaelzer> thanks for checking didrocks
[14:35] <didrocks> yw
[14:35] <cpaelzer> #topic New MIRs
[14:35] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
[14:35] <cpaelzer> still no action by doko on flashrom/libftdi :-/
[14:36] <cpaelzer> I'll contact him and matt offline via a mail
[14:36]  * didrocks is surprised on busybox not being in main…
[14:36] <cpaelzer> as I'd love to get it out of this stage in some way (continue or abort it)
[14:36] <cpaelzer> didrocks: lets us talk about busybox
[14:36] <cpaelzer> I guess we can agree and promite it right away
[14:36] <cpaelzer> TL;DR busyboy is in main, this is about an extra binary from the src package to be promoted
[14:37] <cpaelzer> Usually people ask that on the old MIR bugs
[14:37] <cpaelzer> but this one is so old, it has no MIR bug
[14:37] <sarnold> I wouldn't be surprised if there's outstanding cves in busybox that we've ignored, something like their tools for downloading files don't check tls certificates..
[14:37] <didrocks> ah ack only one binary missing, I was wondering for a while with what I was playing after happy testing in casper :p
[14:38] <cpaelzer> sarnold: why would those have been ignroed?
[14:38] <cpaelzer> as far as I ahve looked it seems to be a differnt build from the same source
[14:38] <cpaelzer> so no "new code" to be promoted
[14:38] <cpaelzer> I'd like to understand why in this scenario CVEs would have been ignored, to get a feeling if this needs only MIR ack or also security re-review
[14:38] <didrocks> yeah, it’s only the dynamic linking (the static is in main) if I read the MIR correctly
[14:39] <cpaelzer> yes didrocks - that should be it
[14:39] <sarnold> cpaelzer: because busybox is often used in environments where 'the usual things' are broken / missing / intentionally unavailable
[14:39] <cpaelzer> ah but now you could use it in "others environments"
[14:39] <sarnold> yeah
[14:39] <cpaelzer> and that might change the attack surface
[14:39] <cpaelzer> ok thanks
[14:40] <cpaelzer> I think this is a trivial review from the MIR POV (nt a full one), but a more coplex one from the security side then
[14:40] <didrocks> looks like it
[14:40] <sarnold> heh, alas yes..
[14:40] <cpaelzer> but since this is a server case I'd want to ask if someone else could do the MIR-check on this
[14:40] <cpaelzer> to not look like special-case-self-signed-off
[14:40] <cpaelzer> since no one but the three of us seem available, would you didrocks be able to do that MIR check there?
[14:41] <cpaelzer> and then probably assign it to security to get thie rre-eval?
[14:41] <didrocks> cpaelzer: will do
[14:41] <cpaelzer> oh btw #action cpaelzer to clarify libftdi with matt/doko
[14:41] <cpaelzer> #action cpaelzer to clarify libftdi with matt/doko
[14:41] <meetingology> ACTION: cpaelzer to clarify libftdi with matt/doko
[14:41] <cpaelzer> thanks didrocks
[14:41] <cpaelzer> that gets us to the next agenda item
[14:41] <didrocks> yw!
[14:42] <cpaelzer> #topic Incomplete bugs / questions
[14:42] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
[14:42] <cpaelzer> sdl is me, that will soon be ready for promotion
[14:42] <cpaelzer> no action needed
[14:42] <doko> o/
[14:42] <cpaelzer> flatpack ...
[14:42] <cpaelzer> reading
[14:42] <cpaelzer> oh we marked it incomplete last week
[14:42] <cpaelzer> ok nothing new
[14:42] <cpaelzer> welcome doko
[14:43] <cpaelzer> before I send you a mail doko, would you this week have time to resolve flashrom/libftdi ?
[14:43] <cpaelzer> I have asked a few weeks in a row and some way it should get off our incoming list
[14:43] <doko> right, it should be updated, fwupd needs a dependency
[14:43] <cpaelzer> I've outlined it a few times already, it is about a non MIR-team evaluation wihch seems "approved" by you
[14:44] <doko> yes, but I don't want to see it. fwupd needs to build with that support. waiting for an upload now
[14:45] <cpaelzer> an upload of fwupd to pull it in?
[14:45] <doko> yes
[14:46] <doko> jawn-smith working on it
[14:46] <cpaelzer> so this was an approval by you then back on 2021-03-11
[14:47] <cpaelzer> if you could confirm this now that would be helpful, then I could do an update and set the bug to the right states
[14:48] <jawn-smith> o/ I can do upload a change with a dependency
[14:49] <jawn-smith> s/do//
[14:49] <cpaelzer> jawn-smith: I was mostly concerned because the bug looked like needing a review still
[14:49] <cpaelzer> this is now clarified and I have updated the bug
[14:49] <cpaelzer> you can do the upload now and then promotion to main can happen
[14:49] <cpaelzer> and it is by now gone from the MIR-team incoming queue
[14:50] <cpaelzer> Thanks for all the clarifications, we look good again now ...
[14:50] <cpaelzer> #topic Any other business?
[14:50] <jawn-smith> excellent, thanks!
[14:50] <cpaelzer> nothing from me
[14:50] <sarnold> \o/
[14:50] <sarnold> nothing from me
[14:50] <didrocks> nothing either
[14:55] <cpaelzer> ok timeout :-)
[14:55] <cpaelzer> see you all next week then
[14:55] <sarnold> woot, thanks cpaelzer, all :)
[14:55] <cpaelzer> thanks
[14:55] <cpaelzer> #endmeeting
[14:55] <meetingology> Meeting ended at 14:55:43 UTC.  Minutes at https://new.ubottu.com/meetingology/logs/ubuntu-meeting/2021/ubuntu-meeting.2021-06-29-14.30.moin.txt
[14:55] <didrocks> see you o/
[18:57] <cyphermox> o/
[18:57] <rbasak> o/
[19:04] <rbasak> mdeslaur: around?
[19:04] <rbasak> vorlon?
[19:04]  * rbasak doesn't see sil2100 here
[19:19]  * rbasak goes back to his evening