| sarnold | good morning | 14:30 |
|---|---|---|
| slyon | o/ | 14:31 |
| didrocks | hey o/ | 14:31 |
| slyon | Christian is at the sprint in copenhagen, so I will run the meeting, today. | 14:31 |
| slyon | joalif: are you around? I guess all others are at the sprint | 14:32 |
| slyon | #startmeeting Weekly Main Inclusion Requests status | 14:32 |
| meetingology | Meeting started at 14:32:17 UTC. The chair is slyon. Information about MeetBot at https://wiki.ubuntu.com/meetingology | 14:32 |
| meetingology | Available commands: action, commands, idea, info, link, nick | 14:32 |
| sarnold | woo, thanks slyon | 14:32 |
| joalif | yup I'm at sprint, but I'm around | 14:32 |
| slyon | #topic Review of previous action items | 14:32 |
| slyon | joalif: did you already have a chance to review bug #1965115 from last week's meeting? | 14:33 |
| ubottu | Bug 1965115 in nullboot (Ubuntu) "[MIR] nullboot" [Undecided, New] https://launchpad.net/bugs/1965115 | 14:33 |
| joalif | I'm working on it | 14:33 |
| slyon | ok, thanks. I think we had no other action items | 14:33 |
| slyon | #topic current component mismatches | 14:33 |
| slyon | Mission: Identify required actions and spread the load among the teams | 14:33 |
| slyon | #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg | 14:33 |
| slyon | #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg | 14:33 |
| slyon | there are quite some mismatches, especially in -proposed, but let's start with the release pocket | 14:34 |
| slyon | llvm-toolchain-13 vs z3 is in foundation's backlog, we're still investigating if we can drop one recommends, or if we actually need to do a z3 MIR | 14:34 |
| sarnold | libnotify -> sugar -> { python-gwebsockets, sugar-toolkit-gtk3} looks new to me | 14:35 |
| didrocks | yeah, I can take libnotify | 14:35 |
| slyon | libnotify looks new to me, too | 14:35 |
| slyon | thanks didrocks | 14:35 |
| slyon | looking at -proposed mismatches, there is gvfs -> libsoup3 -> sysprof – that is a desktop package too | 14:35 |
| didrocks | indeed, taking as well | 14:35 |
| slyon | didrocks: do you have capacity to ivestigate what's happening there, too? | 14:36 |
| slyon | thanks! | 14:36 |
| slyon | ok, next here are plenty of foundations packages, that I will have a look at: | 14:36 |
| slyon | licensecheck, sphinx, twisted, mutt, requests | 14:36 |
| slyon | I will at least try to do an investigation on those. | 14:36 |
| didrocks | (enjoy :)) | 14:37 |
| slyon | finally we have jaraco.text -> jaraco.context which is an openstack package, so for jamespage to have a look at (after the sprint I suppose) | 14:37 |
| slyon | did I miss anything? | 14:38 |
| sarnold | I think that's it | 14:38 |
| slyon | #topic New MIRs | 14:38 |
| slyon | Mission: ensure to assign all incoming reviews for fast processing | 14:38 |
| slyon | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir | 14:38 |
| slyon | <none> :) | 14:38 |
| sarnold | \o/ | 14:38 |
| slyon | #topic Incomplete bugs / questions | 14:38 |
| didrocks | yeah! | 14:38 |
| slyon | Mission: Identify required actions and spread the load among the teams | 14:38 |
| slyon | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir | 14:38 |
| slyon | we have bug #1963707 that was updated since last week | 14:39 |
| ubottu | Bug 1963707 in libqrtr-glib (Ubuntu) "[MIR] libqrtr-glib" [Low, Incomplete] https://launchpad.net/bugs/1963707 | 14:39 |
| slyon | seb created this... do you know anything about it didrocks ? | 14:39 |
| slyon | it's still in "Incomplete" status, is that accurate? | 14:39 |
| didrocks | I don’t. I can check on this, but this might wait for the sprint to be over | 14:39 |
| didrocks | I can chat with Jeremy too | 14:40 |
| slyon | that should be fine, i guess. As priority is set to "Low" | 14:40 |
| didrocks | yeah | 14:40 |
| slyon | Thanks that'd be great | 14:40 |
| slyon | #topic MIR related Security Review Queue | 14:40 |
| slyon | Mission: Check on progress, do deadlines seem doable? | 14:40 |
| slyon | #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir | 14:40 |
| slyon | sarnold: any updates? | 14:40 |
| sarnold | we haven't worked on MIRs this last week | 14:41 |
| slyon | that's sad :( but we're still early in the cycle! :) | 14:41 |
| slyon | thanks for the update | 14:41 |
| slyon | #topic Any other business? | 14:41 |
| sarnold | yeah, I had hoped to start in on one.. | 14:41 |
| joalif | juliank: re lp 1965115 (nullboot) any reason why it vendorizes go libraries ? | 14:41 |
| sarnold | we do have one question on https://bugs.launchpad.net/ubuntu/+source/networkd-dispatcher/+bug/1764362 | 14:41 |
| ubottu | Launchpad bug 1965115 in nullboot (Ubuntu) "[MIR] nullboot" [Undecided, New] https://launchpad.net/bugs/1965115 | 14:41 |
| ubottu | Launchpad bug 1764362 in networkd-dispatcher (Ubuntu) "[MIR] networkd-dispatcher" [Undecided, Fix Released] | 14:41 |
| slyon | ok. let's go with nullboot first | 14:42 |
| slyon | joalif: are those go-dependencies available as individual packages in the archive? | 14:42 |
| slyon | IIRC we have some rules that allow vendoring of go libraries | 14:43 |
| didrocks | with a correct rationale and ensuring that the maintainance will follow, this is allowed | 14:43 |
| joalif | slyon: need to check this, but still iiuc it is required by the process to be justified why librearies are vendorized | 14:43 |
| slyon | like those: "Go Package that follows the Debian Go packaging guidelines" "vendoring is used, but the reasoning is sufficiently explained" "golang: static builds are used, the team confirmed their commitment to the additional responsibilities implied by static builds." | 14:43 |
| slyon | yes, if the justification and maintenance commitment is missing, you should ask about it in the LP bug | 14:44 |
| joalif | ok thanks | 14:44 |
| slyon | OK. netwirkd-dispatcher next, what was the question there sarnold? | 14:45 |
| sarnold | we're curious why networkd-dispatcher wasn't forwarded to the security team for security review -- the checklist suggests to me that it should have been forwarded to us for review, based on the "Package does install services, timers or recurring jobs" rule https://wiki.ubuntu.com/MainInclusionProcess | 14:46 |
| sarnold | (the context is https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ ) | 14:47 |
| slyon | that MIR is 4 years old... I haven't been involved at that time, does anybody have context about this? | 14:47 |
| slyon | I don't know how our rules MIR evolved in the past 4 year... | 14:47 |
| didrocks | yeah, at the time, security review was more depending on how the reviewed felt it | 14:47 |
| sarnold | quite a lot, I think :) | 14:47 |
| slyon | sarnold: do you think it makes sense to do a security-review retro-actively for networkd-dispatcher? | 14:48 |
| didrocks | we have stricter and defined rules now | 14:48 |
| sarnold | slyon: probably not, I expect our friends at microsoft probably gave it a pretty thorough look | 14:48 |
| slyon | OK. I need to read up on that microsoft link. But other than that, I think we can leave it as is for now? | 14:49 |
| sarnold | I'm more curious if future similar cases of privileged dbus services would be seen differently today or not | 14:49 |
| slyon | sarnold: yes, thanks for bringing this up. IMO according to our new rules anything that runs a system service with escalated privilegs should go through security review. | 14:50 |
| sarnold | cool cool :) | 14:50 |
| slyon | so, yes. I think this would be seen differently today. | 14:50 |
| slyon | didrocks: do you agree? (you've been around longer than me) | 14:51 |
| didrocks | oh sure, today, we have way more rigorous rules and this will definitively go through security | 14:51 |
| slyon | Alright folks, that's all for today then. | 14:51 |
| didrocks | thanks slyon for hosting the meeting :) | 14:52 |
| slyon | if there isnt any thing else? | 14:52 |
| sarnold | nothing else, thanks :) | 14:52 |
| joalif | nope | 14:52 |
| slyon | #endmeeting | 14:52 |
| meetingology | Meeting ended at 14:52:28 UTC. Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2022/ubuntu-meeting.2022-05-03-14.32.moin.txt | 14:52 |
| joalif | thanks slyon, all | 14:52 |
| slyon | thank you all! | 14:52 |
| didrocks | thanks! | 14:52 |
| sarnold | thanks slyon, didrocks, joalif | 14:52 |
| slyon | enjoy your 10 min back :) | 14:52 |
| didrocks | :) | 14:53 |
| juliank | joalif: because that's the the policy and it's been explained at length in the maintenance section | 15:12 |
| nicoz | o/* | 20:02 |
| DD3my_ | ei nicoz | 20:03 |
| nicoz | Can you accept "Daniele De Michele" on Ubuntu Wiki Editors to complete his application? | 20:03 |
| nicoz | on Launchpad | 20:03 |
| nicoz | @madhens ;) | 20:05 |
| nicoz | this is his post https://discourse.ubuntu.com/t/dd3my-membership-application/28146/9 | 20:06 |
| Eickmeyer | nicoz: Probably the best person to tag for that would be kenvandine , but warning: this is a bad week as there's a bunch of people away at a developer summit this week. | 20:24 |
| nicoz | ;) ok ok thanks Eickmeyer | 20:24 |
| DD3my_ | thanks Eickmeyer :) | 20:25 |
| Eickmeyer | nicoz, DD3my_ : Also, this is definitely not the best channel for that, but I'm not sure what the best channel would be, tbh. :) | 20:26 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
