[14:30] o/ [14:30] ahoi [14:31] Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) [14:31] o/ [14:31] hello everyone, it is unusually calm today [14:31] good morning [14:31] o/ [14:31] ah, there we go [14:31] #topic current component mismatches [14:31] Mission: Identify required actions and spread the load among the teams [14:31] #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg [14:31] #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg [14:32] right away, yes we are still working on the dmarc perl tree [14:32] sorry for all the delay [14:32] what else is in there being new ... [14:32] iniramfs-tools -> dhcpcd seems ready. maybe cpaelzer (as the original reviewer) can double check [14:33] webkit2gtk -> jpeg-xl -> highway ? [14:33] I will double check dhcpcd tomorrow morning (moved to that queue) [14:33] sarnold: https://launchpad.net/ubuntu/+source/webkit2gtk/2.41.90-1ubuntu1 [14:33] thanks for the ping [14:33] jbicha: yay :) [14:33] nice [14:34] wow [14:34] just curious, how long is that usually building? [14:34] 6h in already oO [14:34] sarnold: I expect we'll file a MIR for jpeg-xl for 24.04. We really need the version from experimental (to add gdk-pixbuf support) but there are build test issues [14:34] that sounds good jbicha [14:34] also support in the upcoming LTS is "more" important than in the shorter mantic release [14:35] cpaelzer: webkit2gtk can take days to build on riscv64. It has to build 3 times: gtk3+libsoup2, gtk3+libsoup3, gtk4. Still more work needed to drop the libsoup2 build [14:35] six and a half hours for 2.40.5-1 [14:35] ok, in line with the past then [14:36] heh, and riscv64 .. took 2 days, 14 hours, 48 minutes, 16.1 seconds [14:36] the only other seen in mismatches is the long term "jaraco.text" misses [14:36] those are known to openstack [14:36] no need to act here in the meeting on them [14:36] going on ... [14:37] #topic New MIRs [14:37] Mission: ensure to assign all incoming reviews for fast processing [14:37] #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir [14:37] 4 of them [14:37] doenet6 again, is that back from incomplete? [14:37] no, back from security [14:37] that should be "in progress" ? [14:37] checking the right state just now [14:38] it was MIR team ack under constraints [14:38] since then no feedback on addressing those (it might have happend but we didn#t get pinged to review) [14:38] re-review I should say [14:38] and security is [14:38] After the MIR Team's requirements have been fulfilled to their satisfaction, [14:38] the Security team ACK for promoting dotnet6 to main. [14:38] so it is actually incomplete [14:39] until those requirements have been fulfilled [14:39] setting it that way [14:39] thank you [14:40] done [14:40] next is [14:40] libwebm [14:40] because that is the oldest [14:40] also out of security [14:40] nice [14:40] this seems ready. autopkgtest are now there and pass. s390x build passes, too. That were the two required TODOs from didrocks [14:40] So I guess it should be "In Progress"? [14:40] https://bugs.launchpad.net/ubuntu/+source/libwebm/+bug/2004523/comments/5 say all requirements should be good [14:40] -ubottu:#ubuntu-meeting- Launchpad bug 2004523 in libwebm (Ubuntu) "[MIR] libwebm (transitive dependency of libheif)[libheif -> aom -> libwebm]" [Undecided, New] [14:41] security acked as well [14:41] if we trust #5 -> in progress, maybe worth a re-check if all is true [14:41] was it just tests that we asked for? [14:41] build warnings [14:41] cpaelzer: I just did a brief re-check. didrocks requrested autopkgtest and s390x builds. Which is both done [14:42] for all the codec related MIRs, could we please review https://bugs.launchpad.net/ubuntu/+source/libheif/+bug/1827442 [14:42] -ubottu:#ubuntu-meeting- Launchpad bug 1827442 in libheif (Ubuntu) "[MIR] libheif" [Undecided, In Progress] [14:42] others were recommended TODOs [14:42] yes, coming to the same conclusion slyon [14:42] setting to in-progress where it can wait until all heif bits are ready [14:42] ack [14:43] two left [14:43] dracut and libei [14:44] we only have slyon and me today [14:44] or is any of didrocks or joalif around as well? [14:44] dracut is foundations. So I guess I take libei [14:44] sort of makes sense [14:44] I'd have liked emulated input, but for separation it makes sense [14:44] I can#t guarantee fast processing on dracut [14:45] what is the urgency level on this - do you happen to know slyon? [14:45] re dracut ... I had the impression that vor_lon may not want to take us down that path https://lists.ubuntu.com/archives/ubuntu-devel/2023-August/042752.html [14:45] cpaelzer: I think the plan is landing it this cycle [14:45] puh, ok [14:45] well, i'll try [14:45] I recommended bdrung to get the changes into -proposed already, while waiting on MIR. [14:46] ack [14:46] it's related to all the inird efficiency discussions on ubuntu-devel [14:46] in regard to FF especially [14:46] #topic Incomplete bugs / questions [14:46] Mission: Identify required actions and spread the load among the teams [14:46] #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir [14:47] dotnet, heif, libmail - all cases we already had [14:47] what is s390x-tools with rust waiting on? [14:47] ... checking [14:47] https://bugs.launchpad.net/ubuntu/+source/s390-tools/+bug/2030482 [14:47] -ubottu:#ubuntu-meeting- Launchpad bug 2030482 in s390-tools (Ubuntu) "[MIR] s390-tools Rust dependencies (vendored)" [Undecided, Incomplete] [14:48] s390-tools needs a packaging update and filing a MIR, Foundations will look into that [14:48] thanks [14:48] but nothing to act yet as MIR team [14:48] FYI I think other serde-* have been approved as well [14:48] basically a re-MIR, due to new vendored Dependencies, because of newly added Rust tooling [14:48] I saw your scan for "what is in already" [14:48] ok, next agenda item [14:48] #topic Process/Documentation improvements [14:48] Mission: Review pending process/documentation pull-requests or issues [14:48] that "what'sin already" scan is very nifty :) [14:49] #link https://github.com/canonical/ubuntu-mir/pulls [14:49] #link https://github.com/canonical/ubuntu-mir/issues [14:49] re-reviews are on hold [14:49] no one really wanted to commit the resources for those [14:49] the idea isn't bad [14:49] but it isn't the right time it seems [14:49] :( [14:50] :,( [14:50] we asked last week for everyone to read on base-sets [14:50] slyon: did you get enough feedback? [14:50] that is https://github.com/canonical/ubuntu-mir/issues/35 [14:50] -ubottu:#ubuntu-meeting- Issue 35 in canonical/ubuntu-mir "RFC: Introduce 'base-sets' for vendored dependencies" [Open] [14:50] cpaelzer: eh.. not too much feedback. [14:51] But I think the idea of having those as parts of seeds is good. [14:51] Not sure what the next step would be, though. [14:51] was that my idea? then it is good :-P [14:51] :) [14:51] but TBH - feel free to continue pushing on this a bit at low/med prio [14:51] Maybe I'll bring that up with toolchain maintainers during the next sprint [14:51] I think it is a good move for the rust toolchain owning sub-team of foundations [14:51] +1 [14:52] and then there is https://github.com/canonical/ubuntu-mir/issues/34 [14:52] -ubottu:#ubuntu-meeting- Issue 34 in canonical/ubuntu-mir "Should we ask for a bit of research/investment on isolation?" [Open] [14:52] I guess we had general "we like it" but I'd need to prep a PR with suggested wording [14:52] putting it on my not-so-far-back-log [14:52] #topic MIR related Security Review Queue [14:52] Mission: Check on progress, do deadlines seem doable? [14:52] Some clients can only work with one, some with the other escaping - the URLs point to the same place. [14:52] #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir [14:52] #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir [14:52] Internal link [14:52] - ensure your teams items are prioritized among each other as you'd expect [14:52] - ensure community requests do not get stomped by teams calling for favors too much [14:52] #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 [14:52] we have seen quite some complete [14:52] I'm proud of security, tell them that eslerm and sarnold! [14:53] :D [14:53] queues look healthy, some in each lane [14:53] and we have seen there is progress [14:53] is anything in danger of beeing too later for the cycle? [14:53] I'm still a bit scared of the big pile of perl but it feels to me like things are going smoothly [14:53] remember, that promotions can be done after FF - just rebuilds with changed feature enablement are a bit more tricky [14:54] I keep pushing for the perl work internally [14:54] but really, look how those were in the past [14:54] yes [14:54] I expect maybe <5 out of those to need to go in depth [14:54] I know you've beencutting that pile down to size :) [14:54] and that should be doable [14:54] I'd like to discuss LP#1827442 and possibly pause all related security reviews until it is retriaged [14:54] -ubottu:#ubuntu-meeting- Launchpad bug 1827442 in libheif (Ubuntu) "[MIR] libheif" [Undecided, In Progress] https://launchpad.net/bugs/1827442 [14:54] and a lot of those just won't go through us [14:55] well then eslerm [14:55] #topic Any other business? [14:55] https://bugs.launchpad.net/ubuntu/+source/libheif/+bug/1827442 [14:55] as requested to discuss above [14:56] . [14:56] comments near the end state the current status [14:56] uhoh, is that a placeholder for a *new* issue? or an indicator of a comment-in-progress? :) [14:56] I'm not sure that libheif could be promoted without kvazaar or other replacements [14:56] That is actually a great set of a summary eslerm [14:57] yes [14:57] I only fail to see how each of those component stand in their own progress through the MIR process [14:57] I'm wondering how strict the MIR team's policy on requiring rust dependencies to be vendored is. Specifically thinking about librsvg for 24.04 (out of scope for Mantic). background in Debian bug 1049413 [14:57] -ubottu:#ubuntu-meeting- Debian bug 1049413 in src:librsvg "librsvg: Update to 2.56 or later" [Wishlist, Open] https://bugs.debian.org/1049413 [14:58] jbicha: I guess the situation is similar as bug #2030482 [14:58] -ubottu:#ubuntu-meeting- Bug 2030482 in s390-tools (Ubuntu) "[MIR] s390-tools Rust dependencies (vendored)" [Undecided, Incomplete] https://launchpad.net/bugs/2030482 [14:58] jbicha: we have recently discussed on slowly weakening the "forced vendoring" if there is strong reason to believe in stability of a particular lib (https://github.com/canonical/ubuntu-mir/issues/35) [14:58] -ubottu:#ubuntu-meeting- Issue 35 in canonical/ubuntu-mir "RFC: Introduce 'base-sets' for vendored dependencies" [Open] [14:58] eslerm: I guess I can ask vpa1977 to give his stance on bug #1827442 AFAIK it's a bit on the back burner right now [14:58] -ubottu:#ubuntu-meeting- Bug 1827442 in libheif (Ubuntu) "[MIR] libheif" [Undecided, In Progress] https://launchpad.net/bugs/1827442 [14:58] jbicha: but this hasn't yet concluded or led to changes to policy being made [14:59] I think the Rust GTK stack is still under heavy development but we generally have GTK bindings for popular languages in main. And Rust is very popular for newer GNOME-ish apps [14:59] thanks slyon, I'm only raising this because of mantic. if this is a backburner issue, perhaps that is fine [15:00] jbicha: is that GTK rust stack at least "one stack" which generally agrees on which versions/interfaces to use at a given time? [15:00] that incompatibility and often breaking on changes was one of the reasons to enforce vendoring back int he day [15:01] you might want to bribe slyon and the toolchain team to act on https://github.com/canonical/ubuntu-mir/issues/35 and bug #2030482 quicker as they would pave the way and policy for you [15:01] -ubottu:#ubuntu-meeting- Bug 2030482 in s390-tools (Ubuntu) "[MIR] s390-tools Rust dependencies (vendored)" [Undecided, Incomplete] https://launchpad.net/bugs/2030482 [15:01] -ubottu:#ubuntu-meeting- Issue 35 in canonical/ubuntu-mir "RFC: Introduce 'base-sets' for vendored dependencies" [Open] [15:01] the rust-gtk stack is large (I don't have an exact count, maybe 15+ packages) and yes, they are generally compatible with each other & hopefully 3rd party apps keep up [15:01] I'm unsure if we can do much for you on that topday jbicha other than saying "yes we have thought about reconsidering the forced-vendoring" [15:02] jbicha: you might be able to help by stating that as an example and the general compatibility into https://github.com/canonical/ubuntu-mir/issues/35 [15:02] -ubottu:#ubuntu-meeting- Issue 35 in canonical/ubuntu-mir "RFC: Introduce 'base-sets' for vendored dependencies" [Open] [15:02] that's fine. This is just an early heads up that we are exploring this [15:02] to be clear, no one said "yay vendoring" it was more a choice between two bad options back then picking the less impactful one [15:03] but as we see in many places now, things seem to change ... [15:03] but either way this needs help, support and backing by the /rust)-toolchain people [15:03] so win them! [15:03] we are over time already [15:03] but also at the end of the agenda [15:03] thanks jbicha for bringing it up - this helps the topic overall to gain traction [15:03] nothing else from server [15:04] nothin from me [15:04] thanks all [15:04] thank you all [15:04] bye [15:04] nothing, thanks! [15:04] #endmeeting [15:04] o/ [15:04] thanks cpaelzer, all :)