[14:00] <bittin> hey
[14:29] <bittin> cpaelzer: SRU/MRU meeting?
[14:29] <cpaelzer> yep
[14:29] <cpaelzer> hi bittin
[14:29] <bittin> hey cpaelzer
[14:29] <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
[14:29] <meetingology> Meeting started at 14:29:46 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
[14:29] <meetingology> Available commands: action, commands, idea, info, link, nick
[14:30] <cpaelzer> ping sarnold jamespage ddstreet doko didrocks999 - MIR team meeting
[14:30] <ddstreet> o/
[14:30] <didrocks999> hey
[14:31] <sarnold> good morning
[14:31] <cpaelzer> hello everyone, no previous action items so let us start with
[14:31] <cpaelzer> #topic current component mismatches
[14:31] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
[14:31] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
[14:31] <cpaelzer> a lot of usual suspects (false positives and dormant seeds)
[14:31] <cpaelzer> what seems new to me is gnome-shell -> gtk4 -> fonts-cantarell
[14:32] <cpaelzer> didrocks:  that sounds liek you might know something about it
[14:32] <cpaelzer> hi doko
[14:32] <cpaelzer> just started component mismatches, gnome-shell ->... fonts-cantarell is the only new one
[14:33] <doko> o/
[14:33] <cpaelzer> didrocks: ? ^^
[14:33] <didrocks> cpaelzer: I’ve already dealt with gtk4, doing the review, fonts-cantarell is only if we promote the -examples, which we won’t
[14:33] <sarnold> woot
[14:33] <cpaelzer> so you'll adda an extra exclude or something and this ill vanish?
[14:33] <cpaelzer> will
[14:34] <didrocks> cpaelzer: I think it’s because the source is not promoted yet, but I’ll do it and look back
[14:34] <cpaelzer> well, ok
[14:34] <cpaelzer> thanks didrocks
[14:34] <cpaelzer> the important bit here is that it is under control and needs no action :-)
[14:34] <cpaelzer> #topic New MIRs
[14:34] <didrocks> yep:)
[14:34] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
[14:34] <cpaelzer> empty \o/
[14:35] <cpaelzer> #topic Incomplete bugs / questions
[14:35] <didrocks> hourra!
[14:35] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
[14:35] <cpaelzer> fuse we mentioned last week - that now is a MIR project of foundations btw
[14:35] <cpaelzer> bugs against many packages that still have fuse2 are filed
[14:35] <cpaelzer> once all are ready we will transition, but that might take a while
[14:36] <cpaelzer> afaik ginggs seems to lead that effort
[14:36] <cpaelzer> nothing totally new in incomplete that we would not be aware of
[14:36] <cpaelzer> jamespage: I still consider the cherryp3 incomplete case on you btw
[14:36] <cpaelzer> #topic Any other business?
[14:36] <sarnold> yeah..
[14:37] <cpaelzer> I wanted to ask everyone for their respective teams - are there more things coming for 21.10 MIRs?
[14:37] <cpaelzer> we know we ahve a few blocked on the evey too busy security team
[14:37] <cpaelzer> but further ones that will come into the MIR queue - are there more expected/planned ?
[14:37] <sarnold> there's a v4l2loopback package that a commercial support group in canonical is looking to support in focal, hirsute, impish, and forward
[14:37] <didrocks> there is adsys coming (hopefully next week)
[14:38] <cpaelzer> ours (server) are already open MIRs (on security atm)
[14:38] <bittin> the security team is having a sprint next week i did hear in the latest https://ubuntusecuritypodcast.org/
[14:38] <didrocks> which will probably need a security review (and it’s a go package, with vendored deps)
[14:38] <sarnold> bittin: probably a company-wide roadmap review sprint
[14:38] <bittin> sarnold: might be
[14:38] <doko> well, yes, my impression was that ginggs wanted some input from the package owners ...
[14:39] <sarnold> the nice folks working on v4l2loopback haven't done the 'usual mir' process; they've so far been doing everything via email
[14:39] <cpaelzer> doko: on the few that I saw I was dealing with the cases
[14:39] <doko> ok, is desktop doing the same?
[14:39] <cpaelzer> doko: but surely there are more that I've not seen
[14:39] <cpaelzer> sarnold: what does that mean - did they send a mail directly to -security ?
[14:39] <sarnold> has anyone else been doing similar work on the v4l2loopback package 'out of usual channels'?
[14:39] <sarnold> cpaelzer: yes
[14:40] <doko> e.g. https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/1935668
[14:40] <cpaelzer> no I didn't see/get and v4l2loopback info
[14:40] <cpaelzer> thanks for the info on adsys didrocks
[14:40] <cpaelzer> didrocks: that xdg / fuse question is for you I guess
[14:41] <sarnold> cpaelzer: I know we've got a flood of packages with names I can't remember all doing some supported things without much input / involvement from us, and I was curious where / how those sorts of exceptions from usual process are documented, and if I need to be asking this team to move to a public MIR bug
[14:41] <didrocks> yeah, but I don’t know as I’m not doing GNOME work for some years now, I can be the man in the middle ofc and ask
[14:41] <cpaelzer> sarnold: I'd answer to those mails pushing them to the official process - or do they have a good reason to go "secretly"
[14:41] <cpaelzer> thanks didrocks
[14:41] <sarnold> cpaelzer: good question
[14:42] <cpaelzer> sarnold: if the intended use case is NOT promotion in the acrhive they might "only ask you"
[14:42] <didrocks> but right now, just reading the message looks like we should hold it: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/1935668/comments/2
[14:42] <cpaelzer> and skip the normal MIR process
[14:42] <didrocks> unsure if this is what doko is referring to as giving the bug # here
[14:42] <cpaelzer> didrocks: yeah it is about assessing the situation to be "ready to move"
[14:42] <cpaelzer> didrocks: not about uploading a change now
[14:43] <didrocks> ack
[14:43] <doko> right, we don't want to have two versions of fuse in main, therefore coordinating the switch ...
[14:43] <sarnold> cpaelzer: okay, cool, I can work with this; I'll re-read the emails and see if it's actual promotion in the archive or if it's something else that they're after, and ask them to use the public process if it's archive promotion. thanks :)
[14:43] <cpaelzer> great sarnold
[14:44] <cpaelzer> I guess "that is it" for today then
[14:44] <cpaelzer> thanks for the sync @everony
[14:45] <cpaelzer> see you all next week
[14:45] <bittin> cyas
[14:45] <cpaelzer> #endmeeting
[14:45] <meetingology> Meeting ended at 14:45:14 UTC.  Minutes at https://new.ubottu.com/meetingology/logs/ubuntu-meeting/2021/ubuntu-meeting.2021-07-13-14.29.moin.txt
[14:45] <sarnold> woo, thanks cpaelzer, all :)
[14:45] <didrocks> thanks cpaelzer, everyone :)
[18:59] <mdeslaur> \o
[18:59] <sil2100> o/
[19:00] <rbasak> o/
[19:01] <sil2100> I think there's enough of us, right?
[19:02] <sil2100> Let's maybe start this meeting o/
[19:02] <mdeslaur> yep!
[19:02] <sil2100> #startmeeting Ubuntu Technical Board
[19:02] <meetingology> Meeting started at 19:02:22 UTC.  The chair is sil2100.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
[19:02] <meetingology> Available commands: action, commands, idea, info, link, nick
[19:02] <sil2100> #topic Apologies
[19:02] <sil2100> No apologies for today, but I would like to apologize for missing last meeting - that was quite unexpected from my side
[19:02] <sil2100> #topic Action review
[19:03] <sil2100> ACTION: Wimpress To follow-up on-list with design review to address MATE Boutique security/consent concerns.
[19:03] <mdeslaur> I was on vacation last time and forgot about the meeting :P
[19:03] <sil2100> I think there was some movement on that during the last meeting, right rbasak?
[19:03] <rbasak> I need to follow up with Martin again there I think.
[19:03] <rbasak> There was movement, yes, but not since then.
[19:04] <sil2100> Ok, so should we leave it as-is until we know more?
[19:04] <rbasak> Yes - carry the action for me, please.
[19:04] <sil2100> #action Wimpress To follow-up on-list with design review to address MATE Boutique security/consent concerns.
[19:04] <meetingology> ACTION: Wimpress To follow-up on-list with design review to address MATE Boutique security/consent concerns.
[19:05] <sil2100> The two next action items are on vorlon who doesn't seem to be around, so I'll carry them over
[19:05] <sil2100> #action formal ratification of third party seeded snap security policy, depends on:
[19:05] <meetingology> ACTION: formal ratification of third party seeded snap security policy, depends on:
[19:05] <sil2100> #action vorlon to circle around with store, snapcraft, et all, and revise the snap source revision policy to be more clear with regards to rebuildability and GPL compliance.
[19:05] <meetingology> ACTION: vorlon to circle around with store, snapcraft, et all, and revise the snap source revision policy to be more clear with regards to rebuildability and GPL compliance.
[19:05] <sil2100> Next one is from vorlon as well - did anyone hear any update on that?
[19:05] <sil2100> i.e. vorlon to reply to seeded snap upload permissions question on list
[19:06] <sil2100> If not, we'll carry it over
[19:06] <sil2100> ...let's carry over!
[19:06] <sil2100> #action vorlon to reply to seeded snap upload permissions question on list
[19:06] <meetingology> ACTION: vorlon to reply to seeded snap upload permissions question on list
[19:07] <sil2100> And final one is on me, and sadly this is not done yet - but I have just started drafting a draft some time before the meeting
[19:07] <sil2100> So hopefully, pinky promise, there'll be something to review for the next meeting
[19:07] <sil2100> #action sil2100 to start a draft summarizing the OEM archive portion of the meeting which xnox and TB will review, edit, and ratify before we move on to figuring out the next step
[19:07] <meetingology> ACTION: sil2100 to start a draft summarizing the OEM archive portion of the meeting which xnox and TB will review, edit, and ratify before we move on to figuring out the next step
[19:07] <sil2100> #topic Scan the mailing list archive for anything we missed (standing item)
[19:08] <sil2100> There are two ML items from June from what I see
[19:08] <rbasak> There's two Flatpak related requests
[19:08] <sil2100> Not sure if those got handled
[19:08] <sil2100> Yeah, let's start with this one: https://lists.ubuntu.com/archives/technical-board/2021-June/002560.html
[19:09] <rbasak> I'm tempted to delegate this decision to the security team
[19:10] <rbasak> Any reason we shouldn't?
[19:10] <rbasak> sarnold: FYI ^
[19:10] <sil2100> Sounds fair, I personally don't feel strongly about changing the current status-quo, especially that it's an universe package
[19:11] <sil2100> But if the security team feels that Ubuntu would benefit more if we'd change, I guess it's something up for discussion
[19:11] <mdeslaur> I think delegating to the security team is fine, unless there is controversy about the decision, in that case, the security team can bring it back to the tech board
[19:12] <mdeslaur> sil2100: it's being promoted to main
[19:12] <sarnold> thanks rbasak, reading..
[19:12] <sil2100> Ah, now I see mention of an MIR
[19:13] <sil2100> hm, I must say that for packages we consider 'main' I like the idea of consistency, but I think it's fair to leave the decision to the security team
[19:13] <rbasak> Let's ask the security team to provide an opinion in the first instance, at least.
[19:13] <mdeslaur> I think it should be consistent too
[19:14] <sil2100> Who wants to follow up on that e-mail? To get the security teams professional opinion?
[19:15] <mdeslaur> I'd prefer someone else do the follow up
[19:15] <sil2100> ;)
[19:15] <rbasak> Sure
[19:15] <rbasak> to ubuntu-hardened@l.u.c?
[19:16] <sil2100> Oh, I didn't even know about such list?
[19:16]  * mdeslaur didn't either
[19:17] <sil2100> rbasak: do you volunteer, or should I take it?
[19:17] <sarnold> the one guy who used to use that list stopped writing us questions :(
[19:17] <rbasak> I'm volunteering :)
[19:17] <sil2100> \o/
[19:17] <mdeslaur> rbasak: cc the list, and cc security@u.c please
[19:17] <sil2100> #action rbasak to follow up regarding security-team's advice on the flatpak TB request
[19:17] <meetingology> ACTION: rbasak to follow up regarding security-team's advice on the flatpak TB request
[19:18] <rbasak> mdeslaur: by "the list", you mean ubuntu-hardened@?
[19:18] <mdeslaur> yeah
[19:18] <rbasak> OK :)
[19:18] <sarnold> thanks :)
[19:19] <sil2100> What about the other TB ML message from June? Re: https://lists.ubuntu.com/archives/technical-board/2021-June/002559.html
[19:20] <sil2100> I didn't read the thread, does it have anything actionable?
[19:20] <rbasak> So Erich uploaded displaycal to Impish Unapproved, and it's been sitting there since.
[19:20] <rbasak> I don't know what the AAs are expecting - maybe the resolution of this thread?
[19:21] <rbasak> (FWIW, IMHO they're right to wait until the thread is resolved)
[19:21] <rbasak> I think this is a case where we just need to make a decision.
[19:21] <rbasak> Either us, or the AAs, or the release team. The appropriate team is unclear to me.
[19:21] <rbasak> So therefore maybe this is a case where the TB should just decide.
[19:22] <rbasak> IMHO, the biggest issue is the UX where users usually expect stuff installed by default to remain stable for the lifetime of the release.
[19:22] <sil2100> I don't think I have enough context right now, would have to read the whole thread first
[19:22] <rbasak> And that expectation would be broken here I think.
[19:23] <rbasak> chromium is an exception in this matter, but I don't think DisplayCAL qualifies.
[19:23] <sil2100> Ah, so this is the case of a new dummy package but with flatpak as the real source, right?
[19:23] <rbasak> Right
[19:23] <mdeslaur> yeah, plus it adds a new flatpak repo
[19:23] <rbasak> Eickmeyer: o/ ^
[19:24] <mdeslaur> which is the thing that I personally don't like and is akin to adding PPAs
[19:24] <rbasak> There are lots of open questions here, such as a flavour adding a third party software source by default, etc.
[19:24] <sil2100> Yeah, tricky
[19:24] <mdeslaur> doing that is the very reason we want mate to change how their store works
[19:25] <rbasak> Eickmeyer points out that installing snaps by default, and the chromium deb that installs a snap, is also equivalent to "adding a third party software source".
[19:25] <rbasak> However I don't think they're really the same, as I explained in the thread. Lots of differences that impact UX.
[19:25] <mdeslaur> we ship with the snap repo preconfigured
[19:25] <mdeslaur> the other one is adding a new one, contrary to user expectations
[19:26] <sil2100> I mean, the difference is also that we make sure that the snaps that we do preinstall follow a certain level of 'stability', as rbasak already mentioned
[19:26] <sil2100> Which I don't think we have the guarantee of with the case of the added flathub.org flatpak repository?
[19:27] <rbasak> mdeslaur: I don't see the distinction you're describing. AIUI, Eickmeyer wants to ship with a Flatpak repo enabled by default, and a Flatpak installed, just as Ubuntu ships with the Snap Store enabled by default, and some snaps installed.
[19:27] <rbasak> I do agree with what sil2100 just said though.
[19:27] <mdeslaur> rbasak: he wants the deb package to enable a new flatpak repo
[19:27] <mdeslaur> or am I misunderstanding
[19:27] <sil2100> I mean, I would be fine if we just had the guarantee of stability with the new software they install - in one way or another
[19:28] <rbasak> mdeslaur: that's just the mechanism. The snapd deb package enables the Snap Store :)
[19:28] <rbasak> There's also questions over things like where the package is built, and the ability for Ubuntu developers to be able to override/patch what ships if required.
[19:29] <rbasak> eg. if there's a security vulnerability and the upstream Flatpak repo maintainer is absent, then what happens?
[19:29] <mdeslaur> Is the producer of the flatpak going to support it on ubuntu for the lifetime of the release?
[19:29] <rbasak> In the Snap case, I believe there are arrangements to do with tracks and channels to support that situation.
[19:29] <rbasak> mdeslaur: that's another difference. That isn't currently part of the proposal.
[19:29] <sil2100> Yeah, so in my opinion it's not a matter of technology here, but a matter of arrangements with the people responsible
[19:30] <mdeslaur> rbasak: (re: mechanism): one is installing the snapd software itself, the other is installing an random piece of software (displaycal) and getting a repo added
[19:31] <sil2100> So it's not a problem that it's flatpak and from flathub.org, but more like a problem that we don't have arrangements with the people responsible, making sure that the flatpak remains stable and up-to-date with fixes
[19:31] <sil2100> Since sure, we don't always have up-to-date universe packages, but Ubuntu developers have the powers to update them if needed
[19:31] <sil2100> But here we need to have something arranged so that this still happens
[19:31] <rbasak> Right - but also, that the package installed isn't a rolling release.
[19:31] <rbasak> That's not what users expect from the average app that ships with Ubuntu by default.
[19:32] <mdeslaur> and will that rolling release still support a 5 year old version of ubuntu in 5 years...
[19:32] <rbasak> I think we basically have a fairly extensive list of "properties" of the system here, that we think users expect, but just adding this Flatpak will not deliver.
[19:32] <sil2100> So personally I wouldn't straight away say 'no' to this proposal, but maybe before saying 'yes' try to get the discussion started on how to handle the maintenance situation from the Ubuntu perspective
[19:33] <rbasak> Agreed
[19:33] <rbasak> I think we need to enumerate the list.
[19:33] <sil2100> If Eickmeyer finds a good way to solve this, we can say 'yes' no problem - I personally, right now, have no such good idea, but maybe Eickmeyer has a better concept!
[19:33] <rbasak> And then see what Eickmeyer can come up with to meet those requirements (or negotiate them).
[19:34] <sil2100> Ok, do you want to follow up, or maybe you want someone other from the TB to follow up instead?
[19:34] <sil2100> (since I completely missed this thread)
[19:35] <rbasak> I'm happy to do it, if others feel I'm the best person to tackle a reply!
[19:35] <mdeslaur> can we work on that list of requirements?
[19:36] <mdeslaur> I mean, can we collaborate on it before it is submitted?
[19:36] <rbasak> How should we do that?
[19:37] <rbasak> One way might be to do it on-list, making it clear that it's discussion towards a list of requirements rather than a final version? Or would you like to do this somewhere else?
[19:37] <sil2100> Makes sense, but I'm not sure if we'd be able to discuss it fully during this meeting
[19:38] <mdeslaur> rbasak: perhaps we can discuss it as a side-topic on the tech-board list and once we have a list of requirements we can submit them to the main topic?
[19:38] <sil2100> On list is possible, there's also this uh, ugly way of using some shared document first? I know google docs isn't ideal, but maybe there are better technologies (more open)
[19:38] <rbasak> Etherpad?
[19:39] <sarnold> hey looks like ubuntu's instance is still live :)
[19:39] <rbasak> I'm happy whichever way :)
[19:39] <sil2100> Oh, etherpad! Been a while since I last used that - maybe that's a good idea?
[19:40] <sil2100> Since it's good if each of us has time to think it through and leave some comments
[19:40] <rbasak> https://pad.ubuntu.com/third-party-repository-requirements
[19:41] <sil2100> Thanks for creating it! Let me add an action item for this for the next meeting
[19:42] <sil2100> #action Work on getting a set of requirements for Ubuntu packages that enable third party software repositiories by default - related to a ML entry
[19:42] <meetingology> ACTION: Work on getting a set of requirements for Ubuntu packages that enable third party software repositiories by default - related to a ML entry
[19:42] <sil2100> Whoops, let me add the link there
[19:42] <sil2100> #action ^ https://pad.ubuntu.com/third-party-repository-requirements
[19:42] <meetingology> ACTION: ^ https://pad.ubuntu.com/third-party-repository-requirements
[19:43] <sil2100> Ok, in the meantime, let us move on
[19:43] <rbasak> Apparently it doesn't support apostrophes :-/
[19:43] <sil2100> #topic Check up on community bugs (standing item)
[19:43] <sil2100> I didn't see any open bugs, so let's move on
[19:43] <sil2100> #topic Select a chair for the next meeting (next from https://launchpad.net/~techboard/+members)
[19:44] <sil2100> #info The next chair is mdeslaur, with cyphermox as backup
[19:44] <mdeslaur> ack
[19:44] <sil2100> Thanks!
[19:44] <sil2100> #topic AOB
[19:44] <sil2100> ...anything we need to talk about?
[19:45] <sil2100> If not, then let us finish up and start working on those requirements, I see rbasak already proposed some!
[19:45] <sil2100> So be sure to take a look and write your thoughts/comments
[19:45] <sil2100> #endmeeting
[19:45] <meetingology> Meeting ended at 19:45:36 UTC.  Minutes at https://new.ubottu.com/meetingology/logs/ubuntu-meeting/2021/ubuntu-meeting.2021-07-13-19.02.moin.txt
[19:45] <mdeslaur> yeah, I'll take a look tomorrow
[19:45] <sil2100> Thank you everyone!
[19:45] <sil2100> I think this was quite productive
[19:45] <sil2100> o/
[19:46] <mdeslaur> rbasak: sil2100 perhaps we should split "adding a default repo" and "installing a third party package" into two distinct things?
[19:46] <rbasak> mdeslaur: sure - please go ahead and edit
[19:46] <sil2100> mdeslaur: hm, might be an idea
[19:46] <mdeslaur> ok will do first thing tomorrow, gotta run
[19:46] <rbasak> I'm not sure how to split the requirements.
[19:46] <rbasak> But we can figure that out
[19:46] <sil2100> mdeslaur: could you write that up on the doc!
[19:46] <sil2100> Thanks!
[19:46] <sil2100> Ok, I disappear into the few final hours of my holidays
[19:46] <sil2100> o/
[19:47]  * sil2100 edits the agenda and goes
[19:47] <mdeslaur> thanks sil2100! thanks rbasak