| === JanC_ is now known as JanC | ||
| slyon | o/ | 14:30 |
|---|---|---|
| sarnold | good morning | 14:30 |
| slyon | c_paelzer is busy, I'll be running the meeting today | 14:31 |
| sarnold | thanks slyon | 14:31 |
| slyon | #startmeeting Weekly Main Inclusion Requests status | 14:31 |
| meetingology | Meeting started at 14:31:27 UTC. The chair is slyon. Information about MeetBot at https://wiki.ubuntu.com/meetingology | 14:31 |
| meetingology | Available commands: action, commands, idea, info, link, nick | 14:31 |
| slyon | Ping for MIR meeting - didrocks joalif slyon sarnold c_paelzer jamespage | 14:31 |
| joalif | o/ | 14:31 |
| slyon | #topic current component mismatches | 14:31 |
| slyon | Mission: Identify required actions and spread the load among the teams | 14:31 |
| slyon | #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg | 14:31 |
| slyon | #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg | 14:31 |
| slyon | c-m is looking rather clean. except for nvidia-graphics-drivers-418-server | 14:32 |
| slyon | but this is a binary update which has been in restricted before, so I guess there's nothing to do for us, and it just needs promotion | 14:33 |
| sarnold | I can't recall one of these things coming up before | 14:33 |
| didrocks | hey | 14:33 |
| slyon | I assume it got dropped & auto-demoted... now a new upload moved to multiverse instead of restricted. I'd leave this to the AAs to sort out | 14:34 |
| sarnold | will they automatically know it needs sorting out? or would a note in #ubuntu-release be appropriate? | 14:34 |
| slyon | It shows up in the AAs reports, so they should be aware | 14:35 |
| slyon | (e.g. c-m, which is an AA report) | 14:35 |
| slyon | #topic New MIRs | 14:35 |
| slyon | Mission: ensure to assign all incoming reviews for fast processing | 14:35 |
| slyon | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir | 14:35 |
| slyon | nothing \o/ (we took it all last week :)) | 14:36 |
| slyon | #topic Incomplete bugs / questions | 14:36 |
| slyon | Mission: Identify required actions and spread the load among the teams | 14:36 |
| slyon | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir | 14:36 |
| slyon | bug #1990655 : libgit2, http-parser | 14:36 |
| -ubottu:#ubuntu-meeting- Bug 1990655 in http-parser (Ubuntu) "MIR: libgit2, http-parser" [High, Incomplete] https://launchpad.net/bugs/1990655 | 14:37 | |
| slyon | didrocks: I feel like this should be status: New instead of Incomplete? ^ | 14:37 |
| slyon | it is pending security review, but good from our POV | 14:37 |
| didrocks | libgit2 is for sure, I only changed the assignee, resetting to New | 14:38 |
| slyon | thanks | 14:38 |
| slyon | what do we still need for http-parser? | 14:38 |
| sarnold | comment #6 suggests just security review | 14:39 |
| joalif | i dont recall we wait for anything | 14:39 |
| didrocks | yeah, seems to be the same to me, joalif didn’t have any remaining concerns? | 14:39 |
| slyon | joalif: if there's nothing else, could you change the status to "New" as well? | 14:39 |
| joalif | just a really minor recommended todo | 14:40 |
| joalif | but nothing else | 14:40 |
| slyon | joalif: ok sounds good! | 14:40 |
| joalif | sure | 14:40 |
| slyon | bug #1990582 => waiting for feedback/action from the reporter, nothing to do right now for us | 14:40 |
| -ubottu:#ubuntu-meeting- Bug 1990582 in thin (Ubuntu) "[MIR] Promote thin to main as a pcs dependency" [Undecided, Incomplete] https://launchpad.net/bugs/1990582 | 14:40 | |
| slyon | that's all updates for today. | 14:41 |
| slyon | I assume the MIR reviews we assigned last week are slowly progressing (I handled 2/5 already) | 14:41 |
| slyon | #topic MIR related Security Review Queue | 14:41 |
| slyon | Mission: Check on progress, do deadlines seem doable? | 14:41 |
| slyon | #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir | 14:41 |
| slyon | Internal link: | 14:42 |
| slyon | #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 | 14:42 |
| slyon | sarnold: can you give a brief update? | 14:42 |
| sarnold | there's been no progress on the security reviews, other tasks have sucked all the oxygen out of the room | 14:42 |
| slyon | we're getting very close to the end-of-cycle. Do we have any misses that we need to notify people about? | 14:43 |
| sarnold | I believe I did that last week | 14:43 |
| slyon | perfect, thanks! | 14:43 |
| sarnold | well, not *perfect*, but .. :) | 14:44 |
| slyon | indeed :p | 14:44 |
| slyon | #topic Any other business? | 14:44 |
| joalif | i have a couple of questions | 14:44 |
| sarnold | I'll miss next week's meeting, so I shall see you in prague :) | 14:44 |
| joalif | i'm reviewing ruby-ffi https://bugs.launchpad.net/ubuntu/+source/ruby-ffi/+bug/1990570 | 14:44 |
| -ubottu:#ubuntu-meeting- Launchpad bug 1990570 in ruby-ffi (Ubuntu) "[MIR] Promote ruby-ffi to main a pcs indirect dependency" [Undecided, New] | 14:44 | |
| joalif | i noticed that it makes a ffi_c.so , should there be a symbols file for this ? | 14:45 |
| joalif | also security wise it's ok according to the list, this package provides a gem to programmatically load dynamic libraries | 14:46 |
| didrocks | it depends if there are external consumer | 14:46 |
| joalif | do you think it would need a security review ? | 14:46 |
| didrocks | (for the symbols file) | 14:46 |
| didrocks | like, if the lib internal, only for the ruby binding? | 14:46 |
| joalif | i think it's for the ruby binding not external but i'll double check | 14:47 |
| didrocks | I would then check for the practice of python C bindings | 14:48 |
| joalif | ok thanks! | 14:48 |
| slyon | I reviewed ruby-childprocess, which is making use of ruby-ffi for IPC. I requested security-review, because I feel passing random data between processes should be double checked, as it could crash/DoS those processes. sarnold what do you tihnk? | 14:48 |
| slyon | so I would lean towards requesting sec-review for ruby-ffi, too. | 14:49 |
| sarnold | $ apt-file search /usr/lib/x86_64-linux-gnu/ruby/vendor_ruby/ | grep '\.so$' | wc -l | 14:49 |
| sarnold | 167 | 14:49 |
| joalif | slyon: yes, I saw your review that's why i'm wondering for ruby-ffi at well, thanks | 14:50 |
| sarnold | there might other examples in the ruby world, though if we're looking at the pythons because we think they're more likely to be done right.. | 14:50 |
| didrocks | (that was my guess in getting inspired by python, because it’s not done for the other ruby projects I checked and I think it’s better to double cross) | 14:50 |
| didrocks | but from the few python examples I found, it’s the same, no symbol file | 14:50 |
| didrocks | I think if they are tests importing the final product (python or ruby) module, and exercising it, it’s good enough to ensure about the ABI stability regarding the runtime? | 14:51 |
| sarnold | slyon: good question; I'm more inclined to say it depends upon the type of software architecture the library encourages -- oftentimes ipc is used for things that are logically one program and this is just a detail of shuffling bytes around, so there's no boundaries being crossed. but others are intended to provide generic client-server or peers-on-a-bus architecture (like dbus) and that would be | 14:52 |
| sarnold | more important for a security review, I think | 14:52 |
| joalif | re symbols : it's not just tests in this case, in any case I look into it to see exactly how it's used and what happens with other rudy libs and python | 14:52 |
| slyon | sarnold: IIUC ruby-childprocess/-ffi is basically a module, which could be used to implement both types of architecture. | 14:53 |
| sarnold | This gem aims at being a simple and reliable solution for controlling | 14:54 |
| sarnold | external programs running in the background on any Ruby / OS combination. | 14:54 |
| sarnold | hah, yeah, that does feel like a security review would fit | 14:54 |
| sarnold | if I had a dollar for every time I saw unsafe child process handling.. | 14:54 |
| slyon | sarnold: haha, thanks for the confirmation! | 14:54 |
| sarnold | thanks :D | 14:55 |
| slyon | joalif: does that answer your questions? | 14:55 |
| joalif | yup all covered! | 14:55 |
| joalif | thank you all! | 14:55 |
| slyon | do we have anything else? | 14:55 |
| joalif | nothing from me | 14:55 |
| slyon | alright, thank you all! | 14:56 |
| sarnold | thanks slyon, all :) | 14:56 |
| slyon | looking forward to meeting you in prague! | 14:57 |
| slyon | #endmeeting | 14:57 |
| meetingology | Meeting ended at 14:57:03 UTC. Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2022/ubuntu-meeting.2022-10-18-14.31.moin.txt | 14:57 |
| joalif | thanks slyon, all :) | 14:57 |
| didrocks | thanks! See you in Prague | 14:59 |
| nicoz | Good luck to all the candidates... each of you makes this community special | 18:14 |
| * vorlon waves | 19:02 | |
| rbasak | o/ | 19:02 |
| vorlon | https://wiki.ubuntu.com/TechnicalBoardAgenda hasn't been updated, still shows next meeting in August with sil2100 chairing | 19:03 |
| vorlon | who I don't know whether is planning to make it, given that it's release week | 19:05 |
| rbasak | I don't have much to report. | 19:07 |
| rbasak | Third party repo requirements is making good progress, but it's all internal in the sense of the things Canonicalers need to do to get it all implemented. | 19:08 |
| rbasak | I hope to be able to report back in a few weeks with a more concrete plan in terms of progress. | 19:08 |
| vorlon | sounds good | 19:09 |
| rbasak | For requirements B, F1 and F2 in particular. | 19:09 |
| sil2100 | Eeek | 19:10 |
| sil2100 | I think I'm late | 19:10 |
| sil2100 | Sorry | 19:10 |
| sil2100 | o/ | 19:10 |
| vorlon | sil2100: hi, are you willing to chair? (wiki says you're on for it but I don't know if the wiki is just out of date) | 19:11 |
| sarnold | sil2100: https://paste.debian.net/1257514/ | 19:11 |
| sil2100 | I could chair, I guess, just to go formally if we have any new possible action items | 19:13 |
| vorlon | like you, my head is in release space this week of course | 19:13 |
| sil2100 | Since I suppose the rest is just progress on the two issues | 19:14 |
| sil2100 | #startmeeting Ubuntu Technical Board | 19:15 |
| meetingology | Meeting started at 19:15:26 UTC. The chair is sil2100. Information about MeetBot at https://wiki.ubuntu.com/meetingology | 19:15 |
| meetingology | Available commands: action, commands, idea, info, link, nick | 19:15 |
| sil2100 | #topic Action review | 19:15 |
| sil2100 | I suppose no sense to go through all of those, I think we already said those are still in progress | 19:15 |
| sil2100 | Release makes it slower | 19:15 |
| sil2100 | #topic Check up on community bugs (standing item) | 19:16 |
| sil2100 | Okay, I see no new open bugs at least | 19:16 |
| sil2100 | #topic Scan the mailing list archive for anything we missed (standing item) | 19:17 |
| sil2100 | I suppose there's no new items | 19:17 |
| vorlon | I guess one minor thing there since you're the two other Canonicalers on the TB | 19:17 |
| vorlon | do either of you want to open an RT so I'm not a SPOF on the UES calendar? | 19:18 |
| sil2100 | I think the TB elections are for next month | 19:18 |
| rbasak | On the topic of the calendar, vorlon I wonder if it's easier for you to just delete the existing recurring event and we can create a fresh one that we all can edit? | 19:18 |
| rbasak | I don't mind filing an RT either, but I'm not clear on exactly what to ask for. | 19:18 |
| vorlon | I'm not sure if that's better or worse than the status quo, where I have granted you edit access to the recurring event | 19:18 |
| vorlon | rbasak: basically, edit access to the calendar that owns this event | 19:19 |
| vorlon | which I think is better than changing it to be an event I personally own | 19:19 |
| rbasak | Ah I can edit it | 19:19 |
| rbasak | I just fixed the meeting location | 19:19 |
| sil2100 | Can we edit the dates as well? | 19:20 |
| vorlon | as long as you do it in the context of this recurring event yes! | 19:20 |
| rbasak | Do we need anything further then? | 19:20 |
| sil2100 | I think this is good enough to me | 19:21 |
| sil2100 | Okay, I think that's it for the ML items | 19:21 |
| sil2100 | #topic AOB | 19:21 |
| sil2100 | Anything else to discuss? | 19:21 |
| rbasak | Nothing from me. Thanks! | 19:21 |
| vorlon | thanks! | 19:23 |
| sil2100 | #endmeeting | 19:28 |
| meetingology | Meeting ended at 19:28:19 UTC. Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2022/ubuntu-meeting.2022-10-18-19.15.moin.txt | 19:28 |
| sil2100 | THank you! And sorry for being late, I try to finish up things at home here to get back to the releasey stuff | 19:28 |
| Bashing-om | Community Council Election: My vote completed - finally. Thanks to José's patience and guidance :D | 23:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
