/srv/irclogs.ubuntu.com/2024/02/20/#ubuntu-meeting.txt

=== pushkarnk1 is now known as pushkarnk
=== enr0n_ is now known as enr0n
cpaelzero/15:30
eslermo/15:30
cpaelzer#startmeeting Weekly Main Inclusion Requests status15:31
meetingologyMeeting started at 15:31:12 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology15:31
meetingologyAvailable commands: action, commands, idea, info, link, nick15:31
cpaelzerPing for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )15:31
slyono/15:31
cpaelzerhello party people15:31
cpaelzer#topic current component mismatches15:31
cpaelzerMission: Identify required actions and spread the load among the teams15:31
cpaelzer#link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg15:31
cpaelzer#link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg15:31
cpaelzerThat is not much ...15:31
cpaelzerwe still have kexec-tools -> xen, I guess my ping to xnox last week might no more help as much depending on his priorities now15:32
cpaelzerLet me bring this up in #kernel for awareness15:32
cpaelzerdone15:33
cpaelzeron libcryptx I know that miriam has an upload to make he expected change up for review15:34
cpaelzerso that dependency will soon be gone15:34
cpaelzer#topic New MIRs15:34
cpaelzerMission: ensure to assign all incoming reviews for fast processing15:34
cpaelzer#link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir15:34
cpaelzerwe had plenty last two weeks15:34
sarnoldgood morning15:34
cpaelzerlet us have a look this week15:34
cpaelzerhi sarnold15:34
cpaelzerwow15:34
cpaelzeras calm as component mismatches15:35
cpaelzerwell, ok15:35
cpaelzer#topic Incomplete bugs / questions15:35
sarnold.. is it working? :)15:35
cpaelzerMission: Identify required actions and spread the load among the teams15:35
cpaelzer#link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir15:35
cpaelzerok I see plenty of recent updates here15:35
=== flag is now known as ppisati
cpaelzerhttps://bugs.launchpad.net/ubuntu/+source/libmail-dmarc-perl/+bug/2023971 is back on mirespace15:36
-ubottu:#ubuntu-meeting- Launchpad bug 2023971 in libmail-dmarc-perl (Ubuntu) "[MIR] libmail-dmarc-perl" [High, Incomplete]15:36
cpaelzerthanks joalif for the review15:36
cpaelzerhttps://bugs.launchpad.net/ubuntu/+source/bpfcc/+bug/2052813 I reviewed today15:36
-ubottu:#ubuntu-meeting- Launchpad bug 2052813 in bpfcc (Ubuntu) "[MIR] bpfcc" [Undecided, Incomplete]15:36
cpaelzerit is ok but with quite a few required and recommended todos15:36
cpaelzerhere in particular I wanted to ask eslerm and sarnold something15:36
cpaelzercould you open my review and scroll to the [Security] section15:37
cpaelzerIn this case I'm not sure if I should say we need or do not need a security review15:37
cpaelzerWDYT?15:37
sarnoldI'm15:38
cpaelzeryes you are15:38
sarnold:D15:38
sarnoldI'm not sure either; on the one hand, administrative privilege is required to run these, so there's a thin barrier at best15:38
sarnoldmost of the security layer happens in the kernel15:38
cpaelzeryes, by BPF being in isolation there15:38
cpaelzersome isolation15:39
cpaelzerhere is the deal, if you say you do not think it is needed, my call will be it is not needed15:39
eslermI'll let sarnold decide15:39
cpaelzerand then we are fine15:39
eslerma quick review might remove some footguns15:39
cpaelzerif you say, no you want - then I go that way15:39
sarnoldI believe that this package itself is very little risk to the security team, but the kernel portion might -- so, I'm inclined to say that this doesn't need security team review15:39
cpaelzereslerm: is there a good way to express "we should have a quick check but not a full reivew"15:40
eslermlikely :)15:40
cpaelzerhehe15:41
cpaelzerhow about you volunteer for that "quick but not full" check15:41
cpaelzerthen the solution is that I'll assign you15:41
cpaelzeractually it is back with mkukri so I'd subscribe you15:41
eslerma short audit might find something useful to report upstream, it might just be bugs, if the security context cannot be made worse by bugs15:41
eslermI can do that15:42
cpaelzerthank you15:42
eslerm(i.e., only bugs exist if you are already root, not vulnerabilities)15:42
cpaelzeryou are subscvribed15:42
cpaelzer"subscribed"15:42
cpaelzernext is https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/201553815:42
mkukrioh anything is fine by me as far as these MIRs go15:42
-ubottu:#ubuntu-meeting- Launchpad bug 2015538 in dbus-broker (Ubuntu) "[MIR] dbus-broker" [Undecided, Incomplete]15:42
mkukricurrent plan is for me to address the TODOs next week and hopefully get it uploaded by FF15:43
cpaelzerthanks mkukri if only we'd have known that we could dump anything on you as part of this :-P15:43
slyoncpaelzer: so you helped get the apparmor delta upstreamed into Debian dbus-broker? We should be able to drop the Ubuntu delta then, right?15:43
mkukri"these MIRs" as in the ones already assigned, anything extra will have to go through foundations managers, am afraid :)15:43
cpaelzeryes slyon the Debian maintainer is helpful and friendly, he asked for that delta even15:44
cpaelzerand on the bug he helped to explain to resolve some of the discussions15:44
cpaelzerlike not ever fully replacing dbus anyway because dbus-run-session from the src:dbus package works just fine15:44
cpaelzerthat directly addresses a concern of eslerm15:44
cpaelzerand overall makes this more likely to work out15:45
cpaelzerI have no good overview of what else is left open here, but it could go back to seb128 to reconsider15:45
cpaelzerjbicha: ^^ could you pass that info on please as seb seems to not be around atm15:45
sarnoldshould we then ask for a split of src:dbus into one package for dbus-run-session, one package for the policy/config/deps that bluca mentions, and one package (for universe) for the daemon that we want to demote?15:45
cpaelzersarnold: IMHO no, we have packages where we explicitly say "this binary in main, the rest not"15:46
sarnoldcpaelzer: hah, I see I forgot the word 'binary' in there15:46
cpaelzerdoing that here is much smaller maintenance effort than keeping a huge delta splitting the source15:46
cpaelzeroh15:46
cpaelzeryeah, that "splitting the binaries to just keep what we want in main" would be a good next step then15:47
eslerm+115:47
slyon+115:48
cpaelzerI added a comment on the bug15:48
eslerma rust vendored version of dbus-broker-session is also needed, right?15:48
slyonI also just synced the dbus-broker package15:48
cpaelzerthank you for the discussion15:48
cpaelzeryes eslerm, that is one of the known required todos15:48
eslermdbus-broker-session is still in PR iiuc15:48
cpaelzerinteresting15:49
eslermhttps://github.com/bus1/dbus-broker/pull/32115:49
-ubottu:#ubuntu-meeting- Pull 321 in bus1/dbus-broker "session: implement dbus-broker-session" [Open]15:49
cpaelzerwow15:49
cpaelzernext incomplete is https://bugs.launchpad.net/ubuntu/+source/gnome-snapshot/+bug/205265215:49
-ubottu:#ubuntu-meeting- Launchpad bug 2052652 in gnome-snapshot (Ubuntu) "[MIR] gnome-snapshot" [Undecided, Incomplete]15:49
slyonbut bluca mentions we could keep using dbus-run-session (if it is split into an separate binary anyway)15:49
cpaelzergot a review by slyon15:49
cpaelzerack slyon, that is how I understood it too15:49
eslermah, ack15:50
cpaelzerSo I guess this is just back to the requesting team to resolve required TODOs15:50
slyongnome-snapshot has quite some TODOs for jbicha. I wonder if we should already get this into security-queue, as it seems time sensitive?15:50
cpaelzerit will go to the security reivew15:50
cpaelzerso you might want to add that to the queue already despite being back for open tasks15:50
cpaelzerhehe15:50
cpaelzerwe thought alike slyon15:50
slyonhehe15:50
cpaelzersarnold: eslerm: WDYT?15:50
sarnoldyeah, we should be pulling things forward as we can15:51
eslermI prefer things hitting our queue early15:51
jbichaI'll forward this conversation to Seb but I believe he won't be able to respond this week15:51
cpaelzerok, do it!15:51
cpaelzerjbicha: thank you, feel free to respond in his name or pull in others as you see appropriate (or don't - really up to you)15:52
cpaelzernext recent incomplete is https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/205191615:52
-ubottu:#ubuntu-meeting- Launchpad bug 2051916 in libtraceevent (Ubuntu) "[MIR] promote libtraceevent as a trace-cmd dependency" [Undecided, Incomplete]15:52
cpaelzeryet another review done, thanks didrocks15:52
cpaelzeragain having lots of required and some recommended TODOs15:52
cpaelzerthat is back on Paul for now15:52
eslermshould security review this while others are working on TODOs?15:52
cpaelzera bit symbols, plenty of testing .- just like bpfcc actually15:52
cpaelzerthis again was called to need a review15:53
cpaelzerso yes, to bring things forward I think it would be great to add that to the queue already as well15:53
slyonupils: is working on this actively15:53
cpaelzerI need to keep time in mind, so I'll go on15:53
cpaelzerbut this section was very worthwhile today15:53
cpaelzerbringing a lot of things forwards15:54
cpaelzer#topic Process/Documentation improvements15:54
cpaelzerMission: Review pending process/documentation pull-requests or issues15:54
cpaelzer#link https://github.com/canonical/ubuntu-mir/pulls15:54
cpaelzer#link https://github.com/canonical/ubuntu-mir/issues15:54
cpaelzernothing new15:54
cpaelzer#topic MIR related Security Review Queue15:54
cpaelzerMission: Check on progress, do deadlines seem doable?15:54
cpaelzerSome clients can only work with one, some with the other escaping - the URLs point to the same place.15:54
cpaelzer#link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir15:54
cpaelzer#link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir15:54
cpaelzerInternal link15:54
slyonwe fixed the graph last week with dviererbe :)15:54
cpaelzer- ensure your teams items are prioritized among each other as you'd expect15:54
cpaelzer- ensure community requests do not get stomped by teams calling for favors too much15:54
cpaelzer#link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/59415:54
cpaelzerwe just said we will add two15:54
cpaelzerawesome slyon and dviererbe15:54
eslermI added a comment to https://bugs.launchpad.net/ubuntu/+source/fdk-aac-free/+bug/197761415:54
-ubottu:#ubuntu-meeting- Launchpad bug 1977614 in fdk-aac-free (Ubuntu) "[MIR] fdk-aac-free" [Undecided, Confirmed]15:54
sarnoldslyon woo! :) thanks15:54
cpaelzerthanks eslerm15:55
cpaelzerthat was jbicha requesting that, he might know if that is of current priority or not15:55
cpaelzerI'll go on in the agenda ...15:56
cpaelzer#topic Any other business?15:56
eslermI have one more question15:56
cpaelzerI had all mine above already15:56
cpaelzershoot eslerm15:56
eslermhttps://bugs.launchpad.net/ubuntu/+source/wsl-pro-service/+bug/205249515:56
-ubottu:#ubuntu-meeting- Launchpad bug 2052495 in wsl-pro-service (Ubuntu Noble) "[MIR] wsl-pro-service" [Undecided, Confirmed]15:56
cpaelzernot to be considered an order15:56
eslermis any special consideration needed for promoting to older LTS'15:56
cpaelzerok, I know a bit of that context15:57
jbichayes, we'd like to get fdk-aac-free into main for Noble. I will ping my Fedora contacts today about the fork being outdated15:57
slyoneslerm: so far the package is not even available on older series... so I would ignore it for now?15:57
eslermthanks jbicha15:57
eslermack, thanks slyon15:57
eslermso, our review would not be acking old LTS then ?15:57
cpaelzerthe consideration we had in the past15:57
slyonthe owning team should request MIR for the older series once it's ready15:57
eslermsounds good to me15:58
cpaelzerslyon: but here they requested it right away15:58
cpaelzerthey did spell out that this will immediately go back to older releases15:58
cpaelzerwhat we have done in that case in the past15:58
slyoneslerm: yes. We'll probably have the same version backported to older LTS (I assume)... so an follow-up MIR for older LTS should be easy15:58
cpaelzerwas looking if that adds any special issues15:58
sarnoldcpaelzer: wsl currently plays no part in any of the testing anywhere in the companym, as far as I can tell: there's no britney, none of the security team tests have ever been tested in wsl, etc. it's always felt like a "well, if it works, that's neat" sort of thing15:58
cpaelzerlike, dependencies or the context no more working15:58
sarnoldcpaelzer: it's weird to me to be considering selling pro for wsl without having the basic testing story covered15:59
cpaelzerand then we have said "this is ok, also for those releases"15:59
cpaelzersarnold: this is for pro in wsl as you say, and that is actually tested daily and on any change by the Desktop team owning this agent and by the pro team it is tested as well from the other POV to this15:59
cpaelzerpro on wsl, does not make this story any different16:00
cpaelzerwe could also say we need tests on each cloud, each container stack, ... then16:00
cpaelzerbut we do not16:00
eslermI believe security can proceed with only Nobel in mind (a conditional ack for just 24.04 if needed) while this is all worked out16:00
sarnoldcan windows execute systemd yet?16:00
sarnoldas far as I know, the clouds can, and some of the containers do, some do not..16:01
cpaelzerto be clear, you can have a lot of things in WSL already, even pro works there. But it isn't called that way and this makes it able to enable it more smoothly.16:01
slyonsarnold: I remember helping with systemd support for wsl in the past, so probably yes16:01
cpaelzeryes, it can in some environments16:01
sarnoldI seem to recall lucy making it work, but does the thing that we or microsoft ship work?16:02
cpaelzerit isn't as bad as you might think :-)16:02
sarnoldI think comparing it to a new architecture is perhaps the better comparison16:02
cpaelzerbut again, this request is only for an agent that makes enabling pro possible in smoother ways16:02
sarnoldsure16:02
cpaelzerit is not "let us create Ubuntu for WSL, what should we do"16:03
sarnoldI'm asking the larger question16:03
cpaelzerthose are questions to be asked, but not as part of this MIR16:03
sarnoldcpaelzer: just promise me that someone is asking these questions of the right people16:03
cpaelzersarnold: you send me a mail summarize with what you want to be asked and I make it happen16:04
sarnoldcpaelzer: awesome, thanks :)16:04
cpaelzerI have quite some ties to many people, probably all that need to hear that16:04
cpaelzerok16:04
cpaelzerthank you all, I need to close16:04
cpaelzerI'm too late already ...16:04
sarnoldthanks cpaelzer, all :)16:04
cpaelzerthanks++16:04
eslermthanks everyone o/16:04
cpaelzer#endmeeting16:04
meetingologyMeeting ended at 16:04:50 UTC.  Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2024/ubuntu-meeting.2024-02-20-15.31.moin.txt16:04
slyonthanks! o/16:05
=== ppisati is now known as flag

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!