[09:25] apologies - I missed the meeting [09:25] 12:30 AM to 1:30 AM, it was for me [09:26] generally i'm awake but i decided i'll fix my sleep schedule [09:26] what a day to pick, oof, sorry :) [15:30] o/ [15:30] prepping ... [15:30] o/ [15:30] o/ [15:31] #startmeeting Weekly Main Inclusion Requests status [15:31] Meeting started at 15:31:15 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology [15:31] Available commands: action, commands, idea, info, link, nick [15:31] Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe ) [15:31] #topic current component mismatches [15:31] o/ [15:31] Mission: Identify required actions and spread the load among the teams [15:31] #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg [15:31] #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg [15:31] good morning [15:31] in the normal mismatches we see a bunch of ruby [15:31] renanrodrigo is here today, we will discuss this in AOB [15:31] o/ [15:31] it's still on my todo to drop the fonts-inter dependency [15:32] o/ [15:32] then we have the x1e settings which is https://bugs.launchpad.net/ubuntu/+source/ubuntu-x1e-settings/+bug/2095536 [15:32] -ubottu:#ubuntu-meeting- Launchpad bug 2095536 in ubuntu-x1e-settings (Ubuntu) "[MIR] ubuntu-x1e-settings" [Undecided, Fix Committed] [15:32] ready to promote [15:32] I'll queue this for tomorrow morning [15:32] x1e-settings: Yes, at least the version in -proposed [15:32] proposed mismatches are not so different [15:32] going on [15:33] #topic New MIRs [15:33] Mission: ensure to assign all incoming reviews for fast processing [15:33] #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir [15:33] OK, feature freeze frenzy it seems [15:33] let us start at the top - papers [15:33] is this more than usual? heh [15:33] curl vs nghttp3 is new IIRC? dviererbe can you carry that to Foundations? [15:33] yes [15:33] https://bugs.launchpad.net/ubuntu/+source/papers/+bug/2097727 [15:33] -ubottu:#ubuntu-meeting- Launchpad bug 2097727 in papers (Ubuntu) "[MIR] papers" [Undecided, New] [15:33] sure :) [15:34] this is towards coming releases [15:34] so if in doubt we might skip that for other cases today AFAICS [15:34] https://bugs.launchpad.net/ubuntu/+source/ruby-sinatra/+bug/2095497 [15:34] -ubottu:#ubuntu-meeting- Launchpad bug 2095497 in ruby-sinatra (Ubuntu) "[MIR] ruby-base64" [Undecided, New] [15:34] at review last week, we decided that Papers is actually a 25.04 goal. It is a fork of evince, to replace evince [15:34] dviererbe: maybe create a placeholder bug: https://launchpad.net/ubuntu/+source/nghttp3/+filebug?field.title=%5BMIR%5D+nghttp3&field.status=Incomplete&field.tags=plucky (& subscribe ~ubuntu-mir) [15:34] that is one example of what renanrodrigo will bring to AOB [15:34] slyon: ack [15:34] oh, thanks jbicha [15:34] i was going by the text [15:34] - The package papers is required in Ubuntu main no later than August 2025 due to Ubuntu 25.10 Feature Freeze and a desire to make this swap before Ubuntu 26.04 LTS [15:35] sorry I just updated the text now [15:35] thanks [15:35] ok so this one looks for a reviewer [15:35] I'm out as reviewer for many others, so I'm gonna take this one [15:35] out because I'm opart of the team driving them [15:35] ack [15:36] next we have https://bugs.launchpad.net/ubuntu/+bug/2072561 [15:36] -ubottu:#ubuntu-meeting- Launchpad bug 2072561 in Ubuntu Plucky "[MIR] rust-hwlib" [Undecided, New] [15:36] which is almost a new qeue review and MIR at once [15:36] which is fine, we recommended them to get it in shape before uploading - because then SRU rules do not apply [15:36] but since I was so involved in guiding them I consider myself a bad reviewer [15:36] yeah, it's special, because not yet in universe... I could take it, not sure about the NEW review part, though. [15:36] at the core it is a rust based packcage that wants to be in main in all releases [15:37] thanks slyon [15:37] you do not have to do literal NEW queue slyon [15:37] okay [15:37] just any packaging issue you spot, you might report as well to help them [15:37] libsass-python is not new, actually I'll post the review within the hour [15:37] thanks joalif [15:38] let me assign you on the case for correctness [15:38] did it [15:38] which leaves two more [15:38] https://bugs.launchpad.net/ubuntu/+source/python-observabilityclient/+bug/2095359 which seems to be a normal python dep for openstack [15:38] -ubottu:#ubuntu-meeting- Launchpad bug 2095359 in python-observabilityclient (Ubuntu) "[MIR] python-observabilityclient" [Undecided, New] [15:39] joalif: could this be your next one? [15:39] I can but "is required in Ubuntu main no later than Feb 20" is that even doable ? [15:39] if the outcome is no-security review needed - possibly [15:40] ok, I'll take it [15:40] I've done MIR reviews hours before the FeatureFreeze deadline in the past :P [15:40] These python libs often are quite straight forward and sometimes go that path [15:40] but I'm not pre-determiniing the outcome of your judgement [15:40] from our docs: > For a MIR to be considered for a release, it must be assigned to the Security team (by the MIR team) before Beta Freeze. This does not guarantee that a security review can be completed by Final Release. Ask the director of Security for exceptions. [15:40] just saying what is likely needed to make Feb 20th [15:40] yep sarnold [15:40] it can be promoted after FF [15:40] libsass it's gonna have a problem but I'll elaborate later [15:41] I think jamespage wanted to be extra correct and prep it even before FF [15:41] last is https://bugs.launchpad.net/ubuntu/+source/libimobiledevice-glue/+bug/2074086 [15:41] -ubottu:#ubuntu-meeting- Launchpad bug 2074086 in libimobiledevice-glue (Ubuntu) "MIR libimobiledevice-glue" [Undecided, New] [15:41] but that got checked [15:41] security has done ... [15:41] ack [15:41] what did we demand ... [15:41] no required TODOs [15:41] sarnold had comments with this one [15:42] indeed on august 2024 [15:42] sarnold: are you ok with the ack Frederico has given? [15:43] cpaelzer: I really don't know what we ought to do with the embedded crypto :( on the one hand, probably this isn't unique [15:43] it isn't :-/ [15:43] I remember tomcrypt in some places [15:43] it's just so easy to embed, heh [15:44] I think it is ok, but call to the honor of seb128 to stick to " .... goal to work over the next cycles to try to improve things" [15:44] because it is also easy to keep things as-is [15:44] I know, I'm guilty of it myself sometimes :-/ [15:44] heh, me too. so much. [15:45] ok, so we are giving it an ok then [15:45] updating the case [15:45] updated the case [15:46] let us hurry, AFAICS two bigger topics in AOB [15:46] #topic Incomplete bugs / questions [15:46] Mission: Identify required actions and spread the load among the teams [15:46] #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir [15:46] 1 stub https://bugs.launchpad.net/ubuntu/+source/nghttp3/+bug/2098769 [15:46] -ubottu:#ubuntu-meeting- Launchpad bug 2098769 in nghttp3 (Ubuntu) "[MIR] nghttp3" [Undecided, Incomplete] [15:46] as discussed above [15:46] https://bugs.launchpad.net/ubuntu/+source/automake-1.17/+bug/2098750 [15:47] -ubottu:#ubuntu-meeting- Launchpad bug 2098750 in automake-1.17 (Ubuntu) "[MIR] automake-1.17 re-review" [Low, Incomplete] [15:47] is one of the "let us try to be better" [15:47] it needs a review but each of us got one already [15:47] It is waiting for the foundations team to opt in and file the paperwork anyway [15:47] yes, dviererbe FYI ^ tagged rls-pp-incoming for foundations [15:47] it's probably our first case of a "regular" re-review [15:47] I'd drop the mir approval team until it is ready [15:47] slyon: I did so too [15:47] so it can come back fresh when we need to look [15:47] wfm [15:48] what is the last state on https://bugs.launchpad.net/ubuntu/+source/rust-gst-plugin-gtk4/+bug/2097804 [15:48] -ubottu:#ubuntu-meeting- Launchpad bug 2097804 in rust-gst-plugin-gtk4 (Ubuntu) "[MIR] rust-gst-plugin-gtk4" [Undecided, Incomplete] [15:48] there are a few TODOs for jbicha ^ [15:48] reviewed and back from slyon to jbicha [15:48] ok [15:48] no action right now then [15:48] #topic Process/Documentation improvements [15:48] Mission: Review pending process/documentation pull-requests or issues [15:49] #link https://github.com/canonical/ubuntu-mir/pulls [15:49] mostly looking good (no sec-review), still lacking the Rust vendoring story, which first needs to be implemented in the packaging [15:49] #link https://github.com/canonical/ubuntu-mir/issues [15:49] ack @slyon [15:49] heh, when the review looks like a stacktrace.. [15:49] nothing new here in the PRs/Issues [15:49] jbicha: give me a ping once rust-gst-plugin-gtk4 is ready from the packaging side [15:49] #topic MIR related Security Review Queue [15:49] Mission: Check on progress, do deadlines seem doable? [15:49] Some clients can only work with one, some with the other escaping - the URLs point to the same place. [15:49] #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir [15:49] #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir [15:49] Internal link [15:49] - ensure your teams items are prioritized among each other as you'd expect [15:49] - ensure community requests do not get stomped by teams calling for favors too much [15:49] #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 [15:49] ok sarnold, we've seen a sec review complete [15:49] how are the others going [15:49] sarnold: :P that's a "nm" symobls dump [15:49] I see jpeg-xl which I think is for plucky as well right? [15:50] slyon: ah yes :) [15:50] fede has been quite busy with MIRs :D [15:50] oh yeah [15:51] giampaolo also took care of jemalloc, which worried me due to its age, but it sounded pretty solid [15:51] I haven't talked with sudhakar lately, sorry, not sure onjpeg-xl :( [15:51] slyon: thanks, yes I'll let you know once I've got the gst plugin working better [15:51] .. same with noam and glycin :( [15:52] yeah, seen and appreciate jmalloc - thanks [15:52] and provd I think we had some concerns that itwasn't necessary for this cycle. I can't actually recall how those conversations went, though. hmm. [15:52] glycin is a dependency for the loupe app which we'll want for 25.10 [15:52] I didn't have that on extra-urgent either [15:52] (it lives in a repo with a few other things, and something about all the recent work is on the other things in that repo..?) [15:52] but the image supprt stacks I think were meant to be in now [15:53] hence my question on jpeg-xl [15:53] If you could friendly-poke sudhakar? [15:53] will do [15:53] thanks [15:53] going into AOB [15:53] #topic Any other business? [15:53] I know of the ruby things with Renan [15:53] libsass [15:53] and it sounded libsass from joalif [15:53] ruby is simple, but I want a group ack [15:53] so let me raise this first [15:54] the TL;DR (poke renanrodrigo if you need details) is this [15:54] used to be part of the core ruby codebase and was in main [15:54] the code moved to individually packaged elements [15:54] and evolved there [15:54] so it is one of the common "fast paths" of "it was in main already, just now from a new source" [15:55] If you are ok, I'd fast process them when renan has done the paperwork, but I wanted to raise it for a team ack to not appear as preferring our own cases [15:55] opinions? [15:55] FWIW base64, as well as other gems (in the bug description) were converted from default to bundled gems in libruby; more MIR requests will come for those others as they appear in component-mismatches [15:55] sounds like we could apply the deferred re-review rule, to do opt-in MIRs after you fast-path processed them [15:55] (whenever there's capacity left) [15:56] yeah, we can keep the requests in that state [15:56] and pick up in weeks we are not all getting so many already [15:56] exactly [15:56] any objections? [15:56] +1 from me [15:56] nope [15:56] thanks [15:56] nope as in no objections, +1 [15:56] I'd ask joalif to outline the problem with libsass please [15:57] yeah, I think the ruby fast-track with intended re-reviews makes sense [15:57] on my focal machine .. $ apt-file search base64.rb | wc -l [15:57] 9 [15:57] so tldr MIR ack with todos, assigned to james page it needs a sec-review , and before FF [15:57] oh [15:57] so the problem is timing [15:57] yes [15:57] TODOs + security [15:57] I think that is OK [15:57] for sec-team and openstack team [15:58] it isn't needed to upload the change to plucky proposed [15:58] the approval is "only" needed to migrate [15:58] jamespage: do you think that timing (upload now, migrate later) will work for you? [15:58] https://discourse.ubuntu.com/t/plucky-puffin-release-schedule/36461 [15:58] only if the security review fails or the TODOs are not done - then it breaks and needs to be unrolled [15:59] beta freeze is march 24 (a monday, go figure :) [15:59] oh... does the nghttp3 vs. curl MIR issue paperwork need to be done before FF? [16:00] OK, let me summarize again [16:00] the chagne to land things in propsoed needs to be done by FF [16:00] dviererbe: it's already in -proposed, so no. But should the MIR fail, you need to somehow drop the new dependency (or get a FFe) [16:00] slyon: ack [16:00] The reviews and subsequent tasks need to be done in time towards beta [16:00] the later you get the less likely will it work out [16:01] ok [16:01] ok, so we are on time [16:01] and kind of through a lot of topics [16:01] thank you all in MIR and security for the ongoing efforts to keep quaklity up! [16:01] closing for today [16:01] let me give you some numbers as usual [16:02] 5522 [16:02] (head punching my num block) [16:02] bye [16:02] o/ [16:02] thanks cpaelzer, all :) [16:02] #endmeeting [16:02] Meeting ended at 16:02:25 UTC. Minutes at https://ubottu.com/meetingology/logs/ubuntu-meeting/2025/ubuntu-meeting.2025-02-18-15.31.moin.txt [16:02] thanks everyone! o/ [16:02] thanks cpaelzer, all :) [16:02] lol [16:02] ty byebye [20:22] Ah, I missed the MIR team meeting D: [20:22] I re-filed a more complete MIR for nghttp3, dviererbe cpaelzer etc