#ubuntu-meeting log

15:32 <cpaelzer> #startmeeting Weekly Main Inclusion Requests status
15:32 <meetingology> Meeting started at 15:32:19 UTC.  The chair is cpaelzer.  Information about MeetBot at https://wiki.ubuntu.com/meetingology
15:32 <meetingology> Available commands: action, commands, idea, info, link, nick
15:32 <cpaelzer> Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe )
15:32 <jamespage> o/
15:32 <cpaelzer> hi everyone
15:32 <cpaelzer> #topic current component mismatches
15:32 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:32 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
15:32 <cpaelzer> #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg
15:33 <cpaelzer> I expected more due to autp-sync doing so much
15:33 <cpaelzer> a lot is approved or worked on already
15:33 <cpaelzer> new is frr, hmm I've seen that but lua5.3 ...
15:33 <cpaelzer> let me check which version is where
15:33 <sarnold> good morning
15:34 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/lua5.4/+bug/2026608
15:34 <cpaelzer> should use 5.4
15:34 <cpaelzer> ahasenack unexpected side effect of the merge of frr
15:35 <cpaelzer> https://launchpad.net/ubuntu/+source/freeradius/3.2.6+dfsg-3
15:35 <cpaelzer> brought in changelog: "  * freeradius-utils: add wtmpdb needed for radlast"
15:36 <cpaelzer> https://tracker.debian.org/pkg/wtmpdb is orphaned and depends on orphaned, I doubt we want to promote that
15:36 <cpaelzer> hrm
15:37 <sarnold> orphaned already? it looks brand new :/
15:39 <cpaelzer> it is, and deps it has too
15:39 <cpaelzer> and yes it is rather new, in no old release
15:39 <cpaelzer> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092022
15:40 <cpaelzer> interesting "I preemptively decline to state reasons for this action." now I'm even more curious :-)
15:40 <cpaelzer> anyway, going on
15:40 <cpaelzer> #topic New MIRs
15:40 <cpaelzer> Mission: ensure to assign all incoming reviews for fast processing
15:40 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir
15:40 <cpaelzer> three cases
15:41 <cpaelzer> I can do https://bugs.launchpad.net/ubuntu/+source/python-legacy-cgi/+bug/2089244
15:41 <cpaelzer> that already seems to have some discussions, will look what that was about
15:41 <cpaelzer> two more to grab
15:41 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/flexparser/+bug/2089037
15:41 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/glycin/+bug/2093182
15:42 <slyon> I can do flexparser
15:42 <cpaelzer> nice
15:42 <cpaelzer> the other one also asks for security review
15:42 <cpaelzer> "
15:42 <cpaelzer> see this "We are putting this package in the MIR review queue with some known TOFIX items (lack of autopkgtest, rust craft not vendored yet). We don't need the package promoted this cycle and have tasks in our backlog to resolve those points but we expect it to need a security review and would like to get the package in the queue already so it has a chance to be ready for Qcycle."
15:43 <cpaelzer> so essentally while they fix the known "TOFIX" they'd like to enqueue in seucrity
15:43 <cpaelzer> sarnold:  can you make that happen?
15:43 <sarnold> "Flexparser is required in Ubuntu main no later than February 20, 2025 due to Plucky Puffin feature freeze" .. omg, here it is, as predicted, once on this side of the holidays the deadlines feel so very very close
15:43 <cpaelzer> hehe
15:44 <cpaelzer> yes, out of PTO into the urgentinator
15:44 <cpaelzer> All assigned her
15:44 <cpaelzer> e
15:44 <cpaelzer> #topic Incomplete bugs / questions
15:44 <cpaelzer> Mission: Identify required actions and spread the load among the teams
15:44 <cpaelzer> #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir
15:44 <sarnold> lol
15:45 <cpaelzer> we cover a lot of distance
15:45 <cpaelzer> all after the tue before christmas
15:45 <cpaelzer> 24 -7 => 17
15:45 <cpaelzer> so the two cases of rust-sequia-sq and nbd-client are worth looking at
15:46 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2054480
15:46 <cpaelzer> I asked to be nice to them as they worked on doing all we asked for
15:46 <cpaelzer> with our harder requirements of today
15:46 <cpaelzer> let me see what is the last update here
15:46 <cpaelzer> ah
15:46 <cpaelzer> the conversation between sarnold and pragyansh
15:48 <sarnold> rust-sequia-sq looks to just be boring status update, not ready for our input yet
15:48 <cpaelzer> agreed
15:49 <cpaelzer> and nbd is actually on a good way - only asking for some better reasons than "to fix the test" to the appamror handling
15:49 <cpaelzer> Seth made a good comment there
15:49 <cpaelzer> https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2078255/comments/8
15:49 <cpaelzer> after which is should be no more unclear what he asks for
15:49 <sarnold> oo :) thanks
15:50 <cpaelzer> since they add so much e.g. isolation for NBD I'm tempted to treat it the following way
15:50 <sarnold> getting apparmor profiles 'right' can sometimes be a challenge .. so I'm not surprised that one of us might make some suggestions that it ought to be done in a very different way
15:50 <cpaelzer> 1. Go on with the MIR (what they add is better than nothing as we'd have don in the past)
15:50 <cpaelzer> 2. https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2078255 stays open to make it better
15:50 <cpaelzer> WDYT?
15:51 <sarnold> getting a thing to *work* is different than having ideas of how it ought to work, so there's also room for conversation, but iirc I had some significant concerns on this one
15:51 <cpaelzer> yep
15:51 <cpaelzer> it was mostly "two arches off" as a workaround for fails
15:51 <cpaelzer> which if we'd leave it unexplained as-is forever is just defeat
15:52 <cpaelzer> but I also feel OTOH that we should not chastice the folks that didn't say (like many do often) "can't do isolation" but instead started to add it
15:52 <cpaelzer> hence my gut feeling suggests the above
15:52 <cpaelzer> I wonder if we should get them in the same virtual room to check how close they are to something better
15:53 <cpaelzer> but for now they are all back this week and need some time to read and potentially answer7act on it
15:53 <cpaelzer> so even my "should we allow the current MIR being better than before" suggestion is not for this week
15:53 <cpaelzer> #topic Process/Documentation improvements
15:53 <cpaelzer> Mission: Review pending process/documentation pull-requests or issues
15:53 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/pulls
15:53 <cpaelzer> #link https://github.com/canonical/ubuntu-mir/issues
15:54 <cpaelzer> only old issues
15:54 <cpaelzer> PRs in draft
15:54 <cpaelzer> #topic MIR related Security Review Queue
15:54 <cpaelzer> Mission: Check on progress, do deadlines seem doable?
15:54 <cpaelzer> Some clients can only work with one, some with the other escaping - the URLs point to the same place.
15:54 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:54 <cpaelzer> #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir
15:54 <cpaelzer> Internal link
15:54 <cpaelzer> - ensure your teams items are prioritized among each other as you'd expect
15:54 <cpaelzer> - ensure community requests do not get stomped by teams calling for favors too much
15:54 <cpaelzer> #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594
15:55 <cpaelzer> sarnold: can you add glycin rigth away (https://bugs.launchpad.net/ubuntu/+source/glycin/+bug/2093182)
15:55 <sarnold> exfatprogs is likely to have some progress in the next two weeks, despite rodrigo being the main lead on security team's kernel efforts
15:55 <sarnold> good idea
15:55 <cpaelzer> Other than that I see jpeg-xl, exfatprogs and lenovo-wwan-unlock which probably all want to be in plucky
15:56 <sarnold> reward forward thinking :)
15:56 <sarnold> https://warthogs.atlassian.net/browse/SEC-5570
15:56 <cpaelzer> really those three that are already in should be done by next or the latest by next+1 week - otherwise your feedback will be hard to address in time for feature freeze
15:57 <cpaelzer> thanks for 5570
15:57 <cpaelzer> I wonder about https://bugs.launchpad.net/ubuntu/+source/jemalloc/+bug/2088056
15:57 <sarnold> moment..
15:57 <cpaelzer> that was assigned to joalif a while ago, and would also need to hit security I assume
15:57 <cpaelzer> joalif: are you around and could ensure to have a MIR look
15:57 <cpaelzer> and sarnold I think you should also include that right now as well
15:58 <sarnold> there's no way that's 'easy' code, that's *so old* and is absolutely going to have a thousand tunables ..
15:58 <cpaelzer> this is also plucky which means the Feb 20th above
15:58 <cpaelzer> the only thing called easy in that MIR is the packaging, which is easy
15:58 <cpaelzer> what are you referring to sarnold?
15:58 <sarnold> https://warthogs.atlassian.net/browse/SEC-5571
15:58 <sarnold> jemalloc
15:59 <cpaelzer> no one said it is easy, still it was filed timely and knowing now it is needed in 6 weeks is muhc better than finding out in 5 weeks
15:59 <sarnold> yes :)
15:59 <cpaelzer> TL;DR you should appreciate I put pressure on you now :-P
16:00 <cpaelzer> what a stupid sentence, but you get the positive point :-)
16:00 <sarnold> <3
16:01 <cpaelzer> #topic Any other business?
16:01 <cpaelzer> not me other than, oh no time is up
16:01 <cpaelzer> let me hit some numbers and close this
16:01 <cpaelzer> hurry if you have a topic :-)
16:01 <cpaelzer> 6
16:01 <cpaelzer> 23
16:01 <cpaelzer> 785
16:01 <cpaelzer> 2
16:01 <cpaelzer> done
16:01 <cpaelzer> until next week
16:01 <sarnold> zounds
16:02 <cpaelzer> #endmeeting