=== cpaelzer_ is now known as cpaelzer
[14:30] <sarnold> good morning
[14:31] <cpaelzer> hiho
[14:31] <cpaelzer> getting ready ...
[14:31] <joalif> o/
[14:31] <slyon> l/
[14:31] <slyon> o/*
[14:31] <eslerm> o/
[14:32] <cpaelzer> sorry - 1m
[14:33] <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
[14:33] <meetingology> Meeting started at 14:33:29 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
[14:33] <meetingology> Available commands: action, commands, idea, info, link, nick
[14:34] <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe )
[14:34] <cpaelzer> #topic current component mismatches
[14:34] <cpaelzer> Mission: Identify required actions and spread the load among the teams
[14:34] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
[14:34] <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
[14:34] <cpaelzer> welcome to a new cycle, all the sprinting and stuff made me be late
[14:34] <cpaelzer> I hope you handled all that is caused by syncs last week :-P
[14:35] <cpaelzer> ok
[14:35] <cpaelzer> no MIR bugs, so we need to bring them up
[14:35] <cpaelzer> first: abseil -> googletest
[14:35] <cpaelzer> abseil = desktop
[14:35] <slyon> It's a recommends, sho should probably be dropped to suggests..
[14:35] <cpaelzer> jbicha: didrocks: ^^ would you have a look there?
[14:36] <cpaelzer> https://launchpad.net/ubuntu/+source/abseil/20230802.1-4
[14:36] <cpaelzer> the diff only speaks about build depends
[14:36] <cpaelzer> and it is probably a test dependency
[14:36] <cpaelzer> next
[14:37] <cpaelzer> python-pint -> requirejs and pydata-sphinx-theme
[14:37] <cpaelzer> reads like documentation
[14:37] <cpaelzer> jamespage:  that is openstack
[14:37] <cpaelzer> jamespage: could one of you have a look?
[14:37] <cpaelzer> https://launchpad.net/ubuntu/+source/python-pint/0.23-1
[14:38] <cpaelzer> yep
[14:38] <cpaelzer> it is the doc package
[14:38] <cpaelzer> https://launchpad.net/ubuntu/lunar/amd64/python-pint-doc/0.19.2-1
[14:38] <cpaelzer> vs
[14:38] <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python-pint-doc/0.23-1
[14:39] <cpaelzer> just an exclude rule would be enough
[14:39] <cpaelzer> there is no strict reason for the doc package to be in main
[14:39] <cpaelzer> next
[14:39] <cpaelzer> python-inflect ->python-typeguard
[14:39] <cpaelzer> jamespage: also openstack
[14:40] <cpaelzer> but here it is a new real dependency
[14:40] <cpaelzer> https://launchpad.net/ubuntu/oracular/amd64/python3-inflect/7.2.1-1
[14:40] <cpaelzer> last but not least
[14:40] <cpaelzer> python-arrow -> typeshed
[14:40] <cpaelzer> and another one for openstack jamespage
[14:40] <cpaelzer> I feel you just synced them all :-)
[14:41] <cpaelzer> changed from https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.2.3-1 to https://launchpad.net/ubuntu/oracular/amd64/python3-arrow/1.3.0-1
[14:41] <cpaelzer> python3-typing-extensions -> python3-typeshed
[14:41] <cpaelzer> ok, component mismatches done
[14:42] <cpaelzer> jamespage:  will wake up to a lot of pings ... :-/
[14:42] <cpaelzer> #topic New MIRs
[14:42] <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
[14:42] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
[14:42] <cpaelzer> two for us
[14:42] <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456
[14:42] -ubottu:#ubuntu-meeting- Launchpad bug 1892456 in malcontent (Ubuntu) "[MIR] malcontent" [Medium, New]
[14:42] <cpaelzer> had a MIR and security review in the past
[14:43] <cpaelzer> but the package changed a lot since
[14:43] <cpaelzer> so the ask is for a re-review
[14:43] <cpaelzer> I can take one
[14:43] <cpaelzer> next
[14:43] <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2067373
[14:43] -ubottu:#ubuntu-meeting- Launchpad bug 2067373 in provd (Ubuntu) "[MIR] provd" [Undecided, New]
[14:43] <slyon> I can take one for next week, too
[14:44] <cpaelzer> thanks , assigned
[14:44] <cpaelzer> #topic Incomplete bugs / questions
[14:44] <cpaelzer> Mission: Identify required actions and spread the load among the teams
[14:44] <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
[14:44] <cpaelzer> sysprof is still with jbicha for now
[14:44] <cpaelzer> the others are pre sprint AFAICS
[14:45] <cpaelzer> #topic Process/Documentation improvements
[14:45] <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
[14:45] <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
[14:45] <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
[14:45] <cpaelzer> some older ones that are stuck
[14:45] <cpaelzer> we might mark them as that .. hmm
[14:46] <cpaelzer> we need wording for https://github.com/canonical/ubuntu-mir/issues/51
[14:46] -ubottu:#ubuntu-meeting- Issue 51 in canonical/ubuntu-mir "cargo vendor adds unnecessary crates" [Open]
[14:46] <cpaelzer> eslerm: do you think you could provide a PR that wraps the consensus mentioned by slyon into words
[14:46] <eslerm> I can
[14:46] <cpaelzer> thanks in advance
[14:47] <cpaelzer> https://github.com/canonical/ubuntu-mir/issues/55
[14:47] -ubottu:#ubuntu-meeting- Issue 55 in canonical/ubuntu-mir "end-of-cycle unexpected changes" [Open]
[14:47] <cpaelzer> has tackled the obvious things
[14:47] <cpaelzer> the rest is "looking for volunteers" to tackle more
[14:47] <cpaelzer> speak up if anyone wants to ... :-)
[14:48] <eslerm> possibly, we could add that an owning teams director needs to request late MIRs
[14:48] <eslerm> we had a last second libyuv request, which ended up not beeing needed after ack'd
[14:49] <sarnold> there's a few cases to care for -- one with the "the team didn't plan" and then the "oh upstream or debian has walked away from package foo because they're switching to package bar"
[14:49] <sarnold> i think our "you get to talk to the director of security engineering" is a decent speedbump to discourage the first one, but I wish we could come up with some clever ideas to spot the overlooked packages
[14:50] <cpaelzer> I'm happy with adding "bring high level for late requests"
[14:50] <cpaelzer> bring wording in a PR for that for discussion please
[14:50] <cpaelzer> for the other case let us brainstorm for 3 minutes ...
[14:51] <cpaelzer> It plays into the "re-evaluate things in main" TBH
[14:51] <cpaelzer> which we asked for but got denied for resourcing
[14:51] <eslerm> that's not what I mean with #22
[14:51] <sarnold> storm idea one, look for new Replaces: or maybe dropped Depends: from other packages?
[14:52] <eslerm> it is for cases where there is ack for the MIR, but then owning team goes idle for a long period of time (say 2 years)
[14:52] <eslerm> I am okay dropping issue though
[14:52] <sarnold> storm idea two, look for new packages with small levenstein distances from packages already in main
[14:52] <cpaelzer> sarnold: I think we usually get signal by bugs, the cases I see crashing as where responsibility and ownership is unclear.
[14:52] <cpaelzer> sarnold: which does not mean I'd not like a scanner that provides extra signal
[14:53] <cpaelzer> eslerm: now I got you - like "what is the consequence if they make us busy and then walk away" ?
[14:53] <cpaelzer> eslerm: I'm not sure, but things change - so that can not always be prevented IMHO.
[14:54] <cpaelzer> eslerm: not sure if defining negative consequences would help, or did you have something completely different in mind?
[14:54] <eslerm> mostly, this occured and then a package was added to main, and I believe it should have had a quick re-review first
[14:54] <eslerm> it's not about negative consequences for us doing the work, just that more work is needed if a review has gone "stale"
[14:55] <slyon> so adding something like a timeout on an ACK?
[14:55] <eslerm> yes, I proposed 2 years
[14:56] <slyon> sounds reasonable to me.
[14:56] <cpaelzer> I'm +1 on timeout on an Ack
[14:56] <slyon> cpaelzer: that would be like our re-review idea, but only for things that didn't make it into "main" yet.
[14:57] <cpaelzer> While we do not get a re-review, if it didn't make it into main it is fine to time out
[14:57] <cpaelzer> slyon: exactly
[14:57] <cpaelzer> anyone willing to provide a wording PR for that?
[14:57] <eslerm> I can propose a PR
[14:57] <cpaelzer> thank you
[14:57] <cpaelzer> uh, time flies
[14:57] <cpaelzer> let us go on ...
[14:57] <cpaelzer> #topic MIR related Security Review Queue
[14:57] <cpaelzer> Mission: Check on progress, do deadlines seem doable?
[14:57] <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
[14:57] <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
[14:57] <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
[14:57] <cpaelzer> Internal link
[14:57] <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
[14:57] <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
[14:57] <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
[14:58] <eslerm> I am stepping down from helping manage MIRs for Security
[14:58] <eslerm> my focus has changed to help coordinate CVEs
[14:58] <eslerm> I've really enjoyed working on MIRs with all of you 🙏
[14:58] <cpaelzer> we have the back to the future simplestreams reviews
[14:58] <eslerm> (I'll of course followup on GH PRs)
[14:58] <cpaelzer> oh no, we have upset eslerm with our back and forth
[14:58] <cpaelzer> eslerm: please know that you will always be welcome to contribute and discuss
[14:58] <slyon> :( Thanks a lot for your awesome work as part of the MIR process!
[14:59] <cpaelzer> sarnold: does that mean it is back to just you, or will you train another security-buddy?
[14:59] <cpaelzer> eslerm: and thanks for your many great contributions
[14:59] <sarnold> cpaelzer: that hasn't been discussed yet, I'm hoping for another buddy, but it will be a real challenge to step into eslerm's shoes
[14:59] <cpaelzer> fair
[14:59] <cpaelzer> ok, the queue looks good
[14:59] <cpaelzer> #topic Any other business?
[14:59] <cpaelzer> see above :-)
[14:59] <cpaelzer> nothing else from me
[15:00] <slyon> I fixed python-pint quickly https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=f9ce523d40c3ec774fc67eac1c0db5e85fc9f186 (cc jamespage)
[15:00] <sarnold> nothing from me
[15:00] -ubottu:#ubuntu-meeting- Commit f9ce523 in ~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu "supported: Avoid python-pint-doc component-mismatch HEAD oracular"
[15:00] <eslerm> I've really enjoyed these meetings :,)
[15:00] <slyon> nothing else :)
[15:00] <cpaelzer> eslerm: you will still do reviews, juts not corodinate - right?
[15:00] <sarnold> slyon: nice :)
[15:00] <eslerm> I will do some reviews, but possibly not many this cycle
[15:00] <cpaelzer> slyon: still needs a demotion I guess
[15:00] <cpaelzer> ok, thanks eslerm
[15:00] <cpaelzer> sorry for the rush, but I need to jump
[15:01] <sarnold> happy hopping :)
[15:01] <cpaelzer> see you next week
[15:01] <cpaelzer> #endmeeting
[15:01] <meetingology> Meeting ended at 15:01:08 UTC.  Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2024/ubuntu-meeting.2024-05-28-14.33.moin.txt
[15:01] <slyon> o/
[15:01] <eslerm> o/
[15:01] <sarnold> thanks cpaelzer, eslerm, all :)
[15:02] <didrocks> cpaelzer: I will forward the abseil case
[15:02] <cpaelzer> thanks didrocks
[15:03] <didrocks> cpaelzer: but yeah, probably a test dep