15:32 #startmeeting Weekly Main Inclusion Requests status 15:32 Meeting started at 15:32:19 UTC. The chair is cpaelzer. Information about MeetBot at https://wiki.ubuntu.com/meetingology 15:32 Available commands: action, commands, idea, info, link, nick 15:32 Ping for MIR meeting - didrocks joalif slyon sarnold cpaelzer jamespage ( dviererbe ) 15:32 o/ 15:32 hi everyone 15:32 #topic current component mismatches 15:32 Mission: Identify required actions and spread the load among the teams 15:32 #link https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg 15:32 #link https://people.canonical.com/~ubuntu-archive/component-mismatches.svg 15:33 I expected more due to autp-sync doing so much 15:33 a lot is approved or worked on already 15:33 new is frr, hmm I've seen that but lua5.3 ... 15:33 let me check which version is where 15:33 good morning 15:34 https://bugs.launchpad.net/ubuntu/+source/lua5.4/+bug/2026608 15:34 should use 5.4 15:34 ahasenack unexpected side effect of the merge of frr 15:35 https://launchpad.net/ubuntu/+source/freeradius/3.2.6+dfsg-3 15:35 brought in changelog: " * freeradius-utils: add wtmpdb needed for radlast" 15:36 https://tracker.debian.org/pkg/wtmpdb is orphaned and depends on orphaned, I doubt we want to promote that 15:36 hrm 15:37 orphaned already? it looks brand new :/ 15:39 it is, and deps it has too 15:39 and yes it is rather new, in no old release 15:39 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092022 15:40 interesting "I preemptively decline to state reasons for this action." now I'm even more curious :-) 15:40 anyway, going on 15:40 #topic New MIRs 15:40 Mission: ensure to assign all incoming reviews for fast processing 15:40 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&assignee_option=none&field.assignee=&field.subscriber=ubuntu-mir 15:40 three cases 15:41 I can do https://bugs.launchpad.net/ubuntu/+source/python-legacy-cgi/+bug/2089244 15:41 that already seems to have some discussions, will look what that was about 15:41 two more to grab 15:41 https://bugs.launchpad.net/ubuntu/+source/flexparser/+bug/2089037 15:41 https://bugs.launchpad.net/ubuntu/+source/glycin/+bug/2093182 15:42 I can do flexparser 15:42 nice 15:42 the other one also asks for security review 15:42 " 15:42 see this "We are putting this package in the MIR review queue with some known TOFIX items (lack of autopkgtest, rust craft not vendored yet). We don't need the package promoted this cycle and have tasks in our backlog to resolve those points but we expect it to need a security review and would like to get the package in the queue already so it has a chance to be ready for Qcycle." 15:43 so essentally while they fix the known "TOFIX" they'd like to enqueue in seucrity 15:43 sarnold: can you make that happen? 15:43 "Flexparser is required in Ubuntu main no later than February 20, 2025 due to Plucky Puffin feature freeze" .. omg, here it is, as predicted, once on this side of the holidays the deadlines feel so very very close 15:43 hehe 15:44 yes, out of PTO into the urgentinator 15:44 All assigned her 15:44 e 15:44 #topic Incomplete bugs / questions 15:44 Mission: Identify required actions and spread the load among the teams 15:44 #link https://bugs.launchpad.net/ubuntu/?field.searchtext=&orderby=-date_last_updated&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.subscriber=ubuntu-mir 15:44 lol 15:45 we cover a lot of distance 15:45 all after the tue before christmas 15:45 24 -7 => 17 15:45 so the two cases of rust-sequia-sq and nbd-client are worth looking at 15:46 https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2054480 15:46 I asked to be nice to them as they worked on doing all we asked for 15:46 with our harder requirements of today 15:46 let me see what is the last update here 15:46 ah 15:46 the conversation between sarnold and pragyansh 15:48 rust-sequia-sq looks to just be boring status update, not ready for our input yet 15:48 agreed 15:49 and nbd is actually on a good way - only asking for some better reasons than "to fix the test" to the appamror handling 15:49 Seth made a good comment there 15:49 https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2078255/comments/8 15:49 after which is should be no more unclear what he asks for 15:49 oo :) thanks 15:50 since they add so much e.g. isolation for NBD I'm tempted to treat it the following way 15:50 getting apparmor profiles 'right' can sometimes be a challenge .. so I'm not surprised that one of us might make some suggestions that it ought to be done in a very different way 15:50 1. Go on with the MIR (what they add is better than nothing as we'd have don in the past) 15:50 2. https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2078255 stays open to make it better 15:50 WDYT? 15:51 getting a thing to *work* is different than having ideas of how it ought to work, so there's also room for conversation, but iirc I had some significant concerns on this one 15:51 yep 15:51 it was mostly "two arches off" as a workaround for fails 15:51 which if we'd leave it unexplained as-is forever is just defeat 15:52 but I also feel OTOH that we should not chastice the folks that didn't say (like many do often) "can't do isolation" but instead started to add it 15:52 hence my gut feeling suggests the above 15:52 I wonder if we should get them in the same virtual room to check how close they are to something better 15:53 but for now they are all back this week and need some time to read and potentially answer7act on it 15:53 so even my "should we allow the current MIR being better than before" suggestion is not for this week 15:53 #topic Process/Documentation improvements 15:53 Mission: Review pending process/documentation pull-requests or issues 15:53 #link https://github.com/canonical/ubuntu-mir/pulls 15:53 #link https://github.com/canonical/ubuntu-mir/issues 15:54 only old issues 15:54 PRs in draft 15:54 #topic MIR related Security Review Queue 15:54 Mission: Check on progress, do deadlines seem doable? 15:54 Some clients can only work with one, some with the other escaping - the URLs point to the same place. 15:54 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=%5BMIR%5D&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:54 #link https://bugs.launchpad.net/~ubuntu-security/+bugs?field.searchtext=[MIR]&assignee_option=choose&field.assignee=ubuntu-security&field.bug_reporter=&field.bug_commenter=&field.subscriber=ubuntu-mir 15:54 Internal link 15:54 - ensure your teams items are prioritized among each other as you'd expect 15:54 - ensure community requests do not get stomped by teams calling for favors too much 15:54 #link https://warthogs.atlassian.net/jira/software/c/projects/SEC/boards/594 15:55 sarnold: can you add glycin rigth away (https://bugs.launchpad.net/ubuntu/+source/glycin/+bug/2093182) 15:55 exfatprogs is likely to have some progress in the next two weeks, despite rodrigo being the main lead on security team's kernel efforts 15:55 good idea 15:55 Other than that I see jpeg-xl, exfatprogs and lenovo-wwan-unlock which probably all want to be in plucky 15:56 reward forward thinking :) 15:56 https://warthogs.atlassian.net/browse/SEC-5570 15:56 really those three that are already in should be done by next or the latest by next+1 week - otherwise your feedback will be hard to address in time for feature freeze 15:57 thanks for 5570 15:57 I wonder about https://bugs.launchpad.net/ubuntu/+source/jemalloc/+bug/2088056 15:57 moment.. 15:57 that was assigned to joalif a while ago, and would also need to hit security I assume 15:57 joalif: are you around and could ensure to have a MIR look 15:57 and sarnold I think you should also include that right now as well 15:58 there's no way that's 'easy' code, that's *so old* and is absolutely going to have a thousand tunables .. 15:58 this is also plucky which means the Feb 20th above 15:58 the only thing called easy in that MIR is the packaging, which is easy 15:58 what are you referring to sarnold? 15:58 https://warthogs.atlassian.net/browse/SEC-5571 15:58 jemalloc 15:59 no one said it is easy, still it was filed timely and knowing now it is needed in 6 weeks is muhc better than finding out in 5 weeks 15:59 yes :) 15:59 TL;DR you should appreciate I put pressure on you now :-P 16:00 what a stupid sentence, but you get the positive point :-) 16:00 <3 16:01 #topic Any other business? 16:01 not me other than, oh no time is up 16:01 let me hit some numbers and close this 16:01 hurry if you have a topic :-) 16:01 6 16:01 23 16:01 785 16:01 2 16:01 done 16:01 until next week 16:01 zounds 16:02 #endmeeting