| === paride0 is now known as paride | ||
| === cpaelzer_ is now known as cpaelzer | ||
| === JanC is now known as Guest3236 | ||
| slyon | o/ | 15:30 |
|---|---|---|
| cpaelzer | o/ | 15:30 |
| joalif | o/ | 15:30 |
| cpaelzer | #startmeeting Weekly Main Inclusion Requests status | 15:31 |
| meetingology | Meeting started at 15:31:02 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology | 15:31 |
| meetingology | Available commands: action, commands, idea, info, link, nick | 15:31 |
| cpaelzer | Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( eslerm dviererbe ) | 15:31 |
| jamespage | o/ | 15:31 |
| cpaelzer | I consier 4 critical mass in the week of thanksgiving - IIRC sarnold mentioned he might not be around? | 15:31 |
| cpaelzer | let us go through the lists what actions we have | 15:32 |
| cpaelzer | #topic current component mismatches | 15:32 |
| cpaelzer | Mission: Identify required actions and spread the load among the teams | 15:32 |
| cpaelzer | #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg | 15:32 |
| cpaelzer | #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg | 15:32 |
| cpaelzer | jemalloc is now a proper stub | 15:32 |
| cpaelzer | jpeg-xl still waiting, butthen good | 15:32 |
| slyon | ouch, sequoia | 15:32 |
| cpaelzer | the openstack python bits also have proper stubs now | 15:32 |
| slyon | there's an ongoing discussion about it in Foundations channels | 15:32 |
| cpaelzer | mysql-8.4 needs a promotion, same source new version | 15:32 |
| cpaelzer | there was a debian devel post about sequoia | 15:33 |
| cpaelzer | also too many vowels think about if we added "sequoia in eoan" | 15:33 |
| cpaelzer | is rust-nettle also related to that slyon? | 15:34 |
| slyon | most probably yes. | 15:34 |
| cpaelzer | in there I see libpfm4 hiding for llvm19, but that is a proper bug already | 15:34 |
| liushuyu | sequoia uses libnettle for crypto operations on non-Windows systems | 15:34 |
| slyon | Looks like gnupg2 pulls in some sequoia (camelaeon) bits, which depends on all sort of non-vendored rust dependenceis | 15:35 |
| cpaelzer | ok, we leave that until you have concluded how you want to handle that | 15:35 |
| cpaelzer | background https://www.mail-archive.com/debian-devel@lists.debian.org/msg382884.html | 15:36 |
| cpaelzer | for the MIR context we can move on today | 15:36 |
| cpaelzer | #topic New MIRs | 15:36 |
| cpaelzer | Mission: ensure to assign all incoming reviews for fast processing | 15:36 |
| cpaelzer | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir | 15:36 |
| cpaelzer | two cases there | 15:36 |
| liushuyu | The idea was to use the gpgv-compatible command-line tool but with sequoia implementation (since GnuPG now uses an implementation that diverges from the OpenPGP standards) | 15:36 |
| cpaelzer | slyon: https://bugs.launchpad.net/ubuntu/+source/mmdebstrap/+bug/2087937 | 15:37 |
| -ubottu:#ubuntu-meeting- Launchpad bug 2087937 in mmdebstrap (Ubuntu) "[MIR] mmdebstrap" [Undecided, New] | 15:37 | |
| slyon | adding a comment.. | 15:38 |
| cpaelzer | this is juliank wanting to revisit - which is fine but not yet putting this to the MIR team discussion | 15:38 |
| cpaelzer | how about unsubscribing mir-team until this is somewhere we need to look? | 15:38 |
| liushuyu | Yes, I was about to bring the http-parser vs llhttp discussion, since http-parser was MIR'ed together with Rust toolchain | 15:38 |
| cpaelzer | we get to that next liushuyu | 15:38 |
| liushuyu | sorry | 15:39 |
| cpaelzer | np at all | 15:39 |
| slyon | for mmdebstrap: Status: Incomplete should be fine until the MIR is filed? | 15:40 |
| cpaelzer | yep | 15:40 |
| cpaelzer | I saw your comment | 15:40 |
| cpaelzer | also removed us until it is ready | 15:40 |
| cpaelzer | as it might or might not become a MIR again | 15:40 |
| cpaelzer | let us get to https://bugs.launchpad.net/ubuntu/+source/node-undici/+bug/2080872 now | 15:40 |
| -ubottu:#ubuntu-meeting- Launchpad bug 2080872 in node-undici (Ubuntu) "libgit2: replace unmaintained http-parser dependency with llhttp" [Undecided, New] | 15:40 | |
| slyon | I think node-undici can be dropped from the MIR list, too. | 15:41 |
| cpaelzer | liushuyu: so you got the ack by security to use the vendored one | 15:41 |
| cpaelzer | I do not even see node-undici ?! | 15:42 |
| slyon | We have the security team agreement. And it's now in the Foundations team's hand to make the switch from (deprecated) http-parser to vendored llhttp | 15:42 |
| liushuyu | so we had some discussions about the situation and the idea was to use the vendored llhttp | 15:42 |
| cpaelzer | and it is assigned so schopin | 15:42 |
| cpaelzer | yes liushuyu | 15:42 |
| cpaelzer | and security said two things | 15:42 |
| cpaelzer | 1. yes as it is the best bad option available right now | 15:42 |
| liushuyu | ... because we can't afford maintaining llhttp by pulling in Node.js | 15:42 |
| cpaelzer | 2. do something really good so we do not forget revisiting and updating that in the future | 15:42 |
| * schopin didn't want any part of this but wasn't at that meeting... | 15:43 | |
| cpaelzer | once llhttp is split apart. | 15:43 |
| cpaelzer | oO sorry schopin | 15:43 |
| cpaelzer | mayb liushuyu wants to do that for you? | 15:43 |
| schopin | you're not the one who assigned it to me ;) | 15:43 |
| cpaelzer | so you can not be part of it | 15:43 |
| liushuyu | I don't know if we track vendored dependencies using `Static-Built-Using` binary package tags? | 15:44 |
| slyon | I think the approach is clear (and has been tested, but rejected for now, in Debian). Vendoring llhttp probably needs a new .orig tarball, though. | 15:44 |
| cpaelzer | yep, I updated the bug state | 15:45 |
| cpaelzer | this does not need the MIR team | 15:45 |
| slyon | ACK, MIR can be dropped | 15:45 |
| cpaelzer | and you can internally sort out who is allowed to not deal with it | 15:45 |
| cpaelzer | #topic Incomplete bugs / questions | 15:45 |
| cpaelzer | Mission: Identify required actions and spread the load among the teams | 15:45 |
| cpaelzer | #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir | 15:45 |
| schopin | Well, we did need MIR's ACK on the vendoring but afterwards it's indeed not your problem. | 15:45 |
| cpaelzer | indeed, but that was given now by the rule slyon quoted and security saying ok as well | 15:46 |
| cpaelzer | in this list only some openstack dependencies got recent updtes, we've seen them above as stubs | 15:46 |
| cpaelzer | nothing to act on this one either | 15:47 |
| cpaelzer | #topic MIR related Security Review Queue | 15:47 |
| cpaelzer | Mission: Check on progress, do deadlines seem doable? | 15:47 |
| cpaelzer | Some clients can only work with one, some with the other escaping - the URLs point to the same place. | 15:47 |
| cpaelzer | #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir | 15:47 |
| cpaelzer | #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir | 15:47 |
| cpaelzer | Internal link | 15:47 |
| cpaelzer | - ensure your teams items are prioritized among each other as you'd expect | 15:47 |
| cpaelzer | - ensure community requests do not get stomped by teams calling for favors too much | 15:47 |
| cpaelzer | #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 | 15:47 |
| cpaelzer | without sarnold around there is not much but staring at the lists | 15:47 |
| cpaelzer | even a usual suspect like eslerm seems not to be around | 15:47 |
| cpaelzer | so let me go on for today | 15:47 |
| cpaelzer | #topic Any other business? | 15:47 |
| liushuyu | oh wait, I would like to ask about https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2015538 | 15:48 |
| -ubottu:#ubuntu-meeting- Launchpad bug 2015538 in dbus-broker (Ubuntu) "[MIR] dbus-broker" [Undecided, Incomplete] | 15:48 | |
| cpaelzer | I have a special case raised by utkarsh, but let us discuss the case of liushuyu first | 15:48 |
| liushuyu | so the situation with dbus-broker is a bit strange, because it's co-owned by both Foundations and Desktop | 15:48 |
| cpaelzer | yeah, let me answer to that post on the bug | 15:49 |
| slyon | strictly speaking, it's still in universe, so not owned by anyone. But both teams had some attempts at enabling it in the past.. | 15:49 |
| liushuyu | ... and the trouble is, from the LP bug, I can't see what's blocking the task | 15:49 |
| slyon | src:dbus is owned by Foundations, so in theory dbus-broker would be a good fit to be owned by Foundations, too. | 15:50 |
| slyon | liushuyu: the blocker is having dbus and dbus-broker installed in parallel | 15:51 |
| slyon | gdm needs dbus-run-session (https://gitlab.gnome.org/GNOME/gdm/-/blob/main/daemon/gdm-session.c#L2973) which is tightly coupled with src:dbus | 15:51 |
| liushuyu | slyon: In thoery yes, but you see this kinda breaks GNOME desktop because some components use the legacy `dbus-run-session` thing | 15:51 |
| slyon | so we either need to adopt gdm, or need a drop-in replacement for dbus-run-session | 15:51 |
| liushuyu | but we now have several implementations for that | 15:51 |
| slyon | those implementation need to be packaged, tested & shipped. Then a new case can be made to move the dbus-broker MIR forward. IMO that should be the next step | 15:52 |
| cpaelzer | yes to the above | 15:53 |
| cpaelzer | I answered the open questions on the bug | 15:53 |
| cpaelzer | TL;DR | 15:53 |
| cpaelzer | 1. I really recommend one team | 15:53 |
| liushuyu | slyon: I see, then the issue would be there needs to be some communications between Desktop and Foundations to figure out how to perform the transitions | 15:53 |
| cpaelzer | 2. ubuntu-security is the team to subscribe if it is them | 15:53 |
| cpaelzer | yes liushuyu | 15:53 |
| cpaelzer | it seems like neither can do it alone | 15:53 |
| slyon | yes. liushuyu does that help to clarify the next steps? | 15:54 |
| cpaelzer | I'm so glad it is late 2024 and not late 2025 being in this state | 15:54 |
| liushuyu | slyon: Yes | 15:54 |
| cpaelzer | great | 15:54 |
| liushuyu | ah, sorry, wrong ping | 15:54 |
| cpaelzer | then the case i had in mind | 15:54 |
| cpaelzer | https://bugs.launchpad.net/ubuntu/+source/mdevctl/+bug/1889248 | 15:55 |
| -ubottu:#ubuntu-meeting- Launchpad bug 1889248 in libonig (Ubuntu Focal) "[MIR] mdevctl, jq, libonig" [Undecided, New] | 15:55 | |
| cpaelzer | this is about the request to also promote jq in focal (it is in main in >=Jammy) | 15:55 |
| cpaelzer | I've evaluated the differences and considered it an ack | 15:55 |
| cpaelzer | security had a look as well, also an ack | 15:55 |
| slyon | delta should be relatively small, considering we have 1.6 in foca-updates and jammy-release | 15:56 |
| cpaelzer | as a bonus utkarsh will work on adding autopkgtests of it to devel | 15:56 |
| cpaelzer | this is a "speak now or forever hold your peace" moment in case you disagree | 15:56 |
| liushuyu | cpaelzer: I'm so glad it is late 2024 and not late 2025 being in this state > I think you would wish for that, because systemd people might pull out their new Varlink (tm) technology to replace D-Bus | 15:56 |
| slyon | lgtm | 15:56 |
| cpaelzer | liushuyu: yeah I've read about that | 15:56 |
| cpaelzer | jamespage: joalif: any objections? | 15:56 |
| cpaelzer | and also - any other topic? | 15:57 |
| cpaelzer | nothing more from me | 15:57 |
| slyon | nothing here | 15:57 |
| jamespage | none | 15:57 |
| liushuyu | No at the moment from me, but I might bring up "Rust code in main" situation | 15:58 |
| joalif | nothing from me | 15:58 |
| liushuyu | ... maybe next time? | 15:58 |
| cpaelzer | from experience that blows the session time, but yeah let us go for it | 15:58 |
| liushuyu | (considering we are running out of time) | 15:58 |
| cpaelzer | next time | 15:58 |
| cpaelzer | 2 minutes will not allow for any progress | 15:58 |
| slyon | liushuyu: sure! Feel free to join next time, or create an Issue/PR on https://github.com/canonical/ubuntu-mir in the meantime | 15:58 |
| cpaelzer | please be encouraged to jump in next time | 15:58 |
| cpaelzer | or right PRs | 15:58 |
| cpaelzer | uh | 15:58 |
| cpaelzer | #topic Process/Documentation improvements | 15:59 |
| cpaelzer | Mission: Review pending process/documentation pull-requests or issues | 15:59 |
| cpaelzer | #link https://github.com/canonical/ubuntu-mir/pulls | 15:59 |
| cpaelzer | #link https://github.com/canonical/ubuntu-mir/issues | 15:59 |
| cpaelzer | notihng new | 15:59 |
| cpaelzer | :-) | 15:59 |
| liushuyu | cpaelzer, slyon: will do | 15:59 |
| cpaelzer | but we will have one next time by liushuyu | 15:59 |
| cpaelzer | thanks in advance | 15:59 |
| cpaelzer | ok, that is it for today then | 15:59 |
| cpaelzer | count ing out somehow ... | 15:59 |
| cpaelzer | 1 | 15:59 |
| cpaelzer | 3 | 15:59 |
| cpaelzer | #endmeeting | 15:59 |
| meetingology | Meeting ended at 15:59:54 UTC. Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2024/ubuntu-meeting.2024-11-26-15.31.moin.txt | 15:59 |
| cpaelzer | thanks all! | 16:00 |
| * didrocks back | 16:00 | |
| slyon | thanks cpaelzer, all! o/ | 16:00 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
