(07:00:01 AM) dholbach: #startmeeting (07:00:01 AM) MootBot: Meeting started at 12:00. The chair is dholbach. (07:00:01 AM) MootBot: Commands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE] (07:00:04 AM) dholbach: Welcome everybody to another MOTU Meeting! (07:00:11 AM) dholbach: We have an agenda at: https://wiki.ubuntu.com/MOTU/Meetings (07:00:31 AM) dholbach: and we have persia and pitti (just pinged him) presenting the first item on it (07:00:34 AM) pitti: hi (07:00:38 AM) dholbach: Updates to the universe SRU policy. See TB review from [WWW] https://lists.ubuntu.com/archives/ubuntu-devel/2007-November/024776.html (07:00:47 AM) persia: The Technical Board recently discussed the SRU policy for Universe, due to questions on the part of the archive administrators. The results were published to the ubuntu-devel mailing list, and a decision was requested from MOTU. I've raised this item to the agenda for discussion and selection between the two choices presented by the technical board. (07:00:49 AM) persia: [LINK] https://lists.ubuntu.com/archives/ubuntu-devel/2007-November/024776.html (07:00:50 AM) MootBot: LINK received: https://lists.ubuntu.com/archives/ubuntu-devel/2007-November/024776.html (07:00:53 AM) persia: After informal discussion in various media, I'd like to encourage the restoration of ~motu-sru as an approval body. With sufficient staffing, I believe that a single ACK should not be a significant delay. (07:00:56 AM) persia: Further, I'd like to propose that the members of ~motu-sru be directly appointed by the MOTU Council, and that any issues with the membership of the team be raised to MC for dispute resolution. (07:01:13 AM) persia: Additionally, I'd like to request review of the policy by the newly restored ~motu-sru, with an eye towards explaining any variation from main. (07:01:16 AM) ***persia is done flooding (07:01:34 AM) TheMuso: heh (07:01:38 AM) TheMuso: No argument from me. (07:01:52 AM) TheMuso: Sounds pretty clear cut. (07:02:03 AM) sistpoty|work: +1 on all points from me :) (07:02:16 AM) dholbach: What about the following plan? The MC will ask for people to join ~motu-sru and appoint say 4 members among them. (07:02:21 AM) soren: Someone suggested at some point that the UVF team and the SRU team should be the same. (07:02:45 AM) persia: dholbach: That sounds good to me: I'm not concerned with how MC appoints, I just don't think we should vote for wisdom. (07:02:51 AM) pitti: yeah, both is about enforcing freeze policies and review (07:03:04 AM) dholbach: Having experienced this to be a bottle-neck and it not being easy to find those people, we could still fallback to 2b to decide and move forward. (07:03:06 AM) sistpoty|work: dholbach: maybe rather 5 ppl? (07:03:07 AM) persia: soren: I'm not sure about that: that might mean a lot of work after FF (07:03:16 AM) \sh: I want to see people in the SRU team, who knows very well, that it's vital that those updates are really fixing bugs and not introducing strange new behaviours to our software (07:03:23 AM) pitti: really, two or three people should be enough (07:03:31 AM) dholbach: sistpoty|work: works for me... my main point is trying to avoid the situation where we don't get the team staffed and the process is stalling (07:03:36 AM) pitti: NB that we don't want a lot of SRUs in the first place (07:03:42 AM) persia: pitti: Not with current MOTU activity: we need volume to ensure we don't block on missing people. (07:03:49 AM) ***\sh wonders who pushed azeureus through -updates yesterday with a backports number (07:04:04 AM) sistpoty|work: dholbach: sure, let's just say 5 is ideal, but the team could start working with less members as well ;) (07:04:12 AM) ***persia agrees with sistpoty (07:04:22 AM) dholbach: Ok. (07:04:23 AM) \sh: +1 for sistpoty|work (07:05:03 AM) dholbach: [ACTION] dholbach to send out request for people interested in ~motu-sru. (07:05:04 AM) MootBot: ACTION received: dholbach to send out request for people interested in ~motu-sru. (07:05:08 AM) dholbach: thanks (07:05:14 AM) pitti: \sh: that was sort of a special case; it was tested in backports, and since it is completely broken in feisty we copied it to -updates (07:05:45 AM) pitti: \sh: https://bugs.edge.launchpad.net/ubuntu/+source/azureus/+bug/57875 (07:05:46 AM) persia: So, does the adoption of this require further discussion, or should it be AGREED ? (07:05:46 AM) ubotu: Launchpad bug 57875 in azureus "Azureus hangs or crashes showing splash screen at start" [High,Fix released] (07:05:54 AM) sistpoty|work: pitti, soren: not too sure if having uvf team the same as sru team, as the review process is different (single patches vs. diffstats), shrug (07:06:13 AM) TheMuso: I don't think further discussion is needed. (07:06:14 AM) TheMuso: c/ (07:06:18 AM) \sh: pitti, well, on gutsy it was just crashing when opening the torrent link tab...not at the splash (07:06:27 AM) soren: sistpoty|work: I'd *really* like to change the policy about UVF this time, too, actually. diffstats mean *nothing* to me. (07:06:29 AM) \sh: pitti, anyways...not important here ,-) (07:06:32 AM) pitti: sistpoty|work: really? people read diffstats? what's the purpose of that? (07:06:47 AM) pitti: soren++ (07:06:50 AM) dholbach: pitti: to get an idea of how big the changes are, to see if they are only doc/ changes, etc (07:06:54 AM) persia: soren: pitti: It's one of the ways to identify the volume of change. (07:06:54 AM) soren: pitti: That's the UVF policy. It says to submit diffstat's. Go figure. (07:06:59 AM) sistpoty|work: pitti: don't know... have never been a member of motu-uvf (07:07:25 AM) soren: persia: I can make completely crackful patches in just one line and really good patches in 10000 lines. (07:07:25 AM) pitti: persia: right, but you still need to review the actual changes, and filterdiff'ing the debdiff is more useful IMHO (07:07:28 AM) dholbach: let's separate the uvf discussion from the current ont for now (07:07:34 AM) pitti: right, sorry (07:07:36 AM) persia: pitti: I use both, but yes. (07:07:41 AM) Lutin: dholbach: on the other hand, you can break APIs with tiny changes (speaking about the diffstat size) (07:07:46 AM) soren: dholbach: Right, sorry. (07:07:47 AM) dholbach: Lutin: sure (07:07:58 AM) dholbach: ok, shall we discuss merging the two teams now? (07:08:02 AM) pitti: ok, seems there is no real discussion about the new SRU policy? (07:08:21 AM) persia: dholbach: Could we have a MootBot AGREED on the policy choice before discussing team merge? (07:08:24 AM) dholbach: the SRU policy decision seems to be fine as it is, I just hope we get the team together quickly (07:08:41 AM) sistpoty|work: persia: +1 (07:08:53 AM) dholbach: [AGREED] https://lists.ubuntu.com/archives/ubuntu-devel/2007-November/024776.html proposed change (2a) (07:08:53 AM) MootBot: AGREED received: https://lists.ubuntu.com/archives/ubuntu-devel/2007-November/024776.html proposed change (2a) (07:09:22 AM) dholbach: [TOPIC] Shall we merge ~motu-sru and ~motu-uvf? (07:09:23 AM) MootBot: New Topic: Shall we merge ~motu-sru and ~motu-uvf? (07:09:36 AM) dholbach: Opinions? (07:09:52 AM) sistpoty|work: I'd rather not do this... (07:09:53 AM) persia: I'll argue against this: they are different tests of suitability, and it makes for a possible high volume of review (even for a high reject rate) between FF and release. (07:09:59 AM) TheMuso: Having never been on either team, I can't speak for the workload, but I think it may make sense. (07:09:59 AM) DktrKranz: I think they focus on two separate worlds (07:10:14 AM) DktrKranz: so, merge them could not be a good choice, IMHO (07:10:15 AM) dholbach: "it's all about patches..." (07:10:17 AM) dholbach: ;-) (07:10:40 AM) \sh: there is a difference between UVF and SRU at distro level....SRUs are more difficult to decide, so we need people who know what they are doing...UVF for universe is just a bit more harmless (07:10:42 AM) soren: The skillset required is pretty much the same: Evaluate proposed changes based on policies for the given point in the release cycle, but if it's going to be a blocker for finding volunteers, it's not that important to me. (07:10:44 AM) TheMuso: But I'm willing to defer to those with more experience. (07:11:00 AM) persia: soren: The skillset is the same, but the criteria are different. (07:11:07 AM) soren: persia: Sure. (07:11:08 AM) dholbach: but I agree, it might make sense to keep them separate as the workflow is different and it might turn out to be a bottleneck (07:11:11 AM) sistpoty|work: I'd rather have these teams separated, because it's more clear then what bugs are sru bugs and what uvf bugs (07:11:18 AM) \sh: soren, one difference is there: with UVF exceptions you don't break older releases (07:11:25 AM) soren: \sh: I know, I know. (07:11:32 AM) dholbach: ok, let's keep them different for now then (07:11:37 AM) persia: If someone wants to do both, I don't see a problem with them being on two teams, I just don't want to confuse things. (07:11:50 AM) dholbach: [AGREED] ~motu-sru and ~motu-uvf will be kept separate for now. (07:11:50 AM) MootBot: AGREED received: ~motu-sru and ~motu-uvf will be kept separate for now. (07:11:52 AM) sistpoty|work: persia: yes (07:11:56 AM) Hobbsee: if -uvf and -sru get merged, i'm not being a part of -uvf (07:12:07 AM) persia: Hobbsee: They won't be: see above :) (07:12:09 AM) dholbach: [TOPIC] Security Fixes for Universe (StephanHermann) (07:12:09 AM) MootBot: New Topic: Security Fixes for Universe (StephanHermann) (07:12:10 AM) pitti: dholbach: both teams can still share members, after all (07:12:13 AM) \sh: yay (07:12:13 AM) dholbach: \sh: your stage (07:12:15 AM) \sh: it's me :) (07:12:17 AM) dholbach: pitti: exactly (07:12:20 AM) Hobbsee: persia: i was lagged. compiz crashed :) (07:12:23 AM) dholbach: more emblems! :) (07:12:30 AM) pitti: but separating the roles might be beneficial indeed, yes (07:12:33 AM) ***persia likes emblems (07:12:40 AM) persia: Anyway: \sh? (07:12:45 AM) soren: s/emblems/pieces of flair/ (07:12:52 AM) ***sistpoty|work looks innocent about the motu-swat icon *g* (07:12:52 AM) \sh: ok, what we need are some more people doing also the non loved security fixes for universe especially for our LTS release (speak dapper) and also for older releases like feisty and gutsy (07:13:23 AM) \sh: when I saw the list of CVEs for universe I was surprised to see more SRUs without really serious bug fixes like vulnerabilities (07:13:28 AM) dholbach: \sh: is there a list of things that need doing? (07:13:30 AM) persia: \sh: Are you recruiting now, or is there something else for discussion? (07:13:38 AM) dholbach: \sh: is there some documentation for those tasks? (07:13:39 AM) \sh: persia, it's something for discussion (07:13:41 AM) Hobbsee left the room (quit: Remote closed the connection). (07:14:09 AM) \sh: dholbach, 1) kees has a list of CVEs which are still not fixed (07:14:21 AM) dholbach: \sh: is this list publically available? (07:14:24 AM) \sh: dholbach, 2) well it's most likley source work (07:14:32 AM) sistpoty|work: \sh: in the past, the security policy was a bit unclear to me, as at least in some cases fixes more than to the actual security fix were accepted. is this still the case? (07:14:33 AM) \sh: dholbach, sure...people.ubuntu.com/~kees/ubuntu-cve (07:14:43 AM) dholbach: \sh: would it help to have a section on http://wiki.ubuntu.com/MOTU/TODO with a link and what's expected of people interested in doing this? (07:15:03 AM) soren: \sh: 404 (07:15:09 AM) dholbach: I'm happy to pimp that section and inform people about it (07:15:11 AM) \sh: soren: moment (07:15:22 AM) ***Fujitsu arrives. (07:15:39 AM) \sh: soren, damn..it's deleted :( (07:15:52 AM) Fujitsu: sistpoty|work: As far as I know that's forbidden and keescook will eat you alive if you try. (07:15:55 AM) Fujitsu: For good reason. (07:15:58 AM) \sh: dholbach, would be nice..I'll provide some infos what to do...mostly it's nothing for starters (07:16:00 AM) dholbach: also maybe it'd help to have public meetings with all the security folks to invite new people and assign tasks (07:16:03 AM) sistpoty|work: Fujitsu: ok, great (07:16:05 AM) Hobbsee [n=Hobbsee@ubuntu/member/hobbsee] entered the room. (07:16:10 AM) DktrKranz: \sh, what about http://people.ubuntu.com/~pitti/ubuntu-cve/ ? (07:16:19 AM) Fujitsu: DktrKranz: That's the CVE tracker spoken of. (07:16:22 AM) \sh: DktrKranz, it's old and not maintained anymore...kees took over (07:16:30 AM) pitti: I'm not sure whether this is still relevant (07:16:30 AM) DktrKranz: ah, ok (07:16:32 AM) pitti: right (07:16:34 AM) sistpoty|work: is http://launchpad.net/~motu-swat/+subscribedbugs current as well? (07:16:40 AM) \sh: dholbach, would be cool...I'll provide some infos about it (07:16:43 AM) ***pitti makes a note to talk about this with Kees and remove it if appropriate (07:16:44 AM) dholbach: [ACTION] \sh to add information about security tasks on MOTU/TODO page (07:16:44 AM) MootBot: ACTION received: \sh to add information about security tasks on MOTU/TODO page (07:16:50 AM) Fujitsu: Oops, the *branch* in ~pitti is right, the other stuff isn't. (07:16:59 AM) kraut: moin (07:17:02 AM) \sh: sistpoty|work, yepp...but most actual is the list of our main security team...because all of the sec bugs are listed there (07:17:13 AM) dholbach: \sh: do you think it'd make sense to invite people who are interested to a meeting and discuss the topic there? (07:17:14 AM) \sh: Fujitsu, it's not up2date afaik (07:17:21 AM) Fujitsu: \sh: The branch is. (07:17:23 AM) sistpoty|work: \sh: ah... could we auto-import bugs from that list somehow to lp? (07:17:28 AM) sistpoty|work: (or wouldn't make that sense) (07:17:32 AM) persia: I think kees was planning a new interface in the next week or so (07:17:35 AM) soren: \sh: How does this work? You submit debdiffs for the security team to look at, and if it's good, they upload? (07:17:47 AM) \sh: soren, this is one step... (07:18:01 AM) persia: sistpoty|work: Not everything applies: it requires human intelligence to determine the right set of releases against which to file the bug. (07:18:13 AM) \sh: soren, you have to follow the Security Update rules first, you need to know where to grab the patches etc. (07:18:36 AM) \sh: soren, our security team (named keescook and jdstrand) will review those patches and publishing them to our archives (07:18:39 AM) soren: \sh: Of course. I'm just interested in the technical part of it. (07:18:44 AM) \sh: (right now they are not publicly announced) (07:18:45 AM) soren: \sh: Alright. (07:19:02 AM) dholbach: thanks \sh for documenting this - I guess that's going to be a good first step - what about meetings to invite new people? (07:19:14 AM) \sh: dholbach, sure..we can do that (07:19:40 AM) persia: Do we need meetings? I'd rather see recruiting mail & -classroom sessions on the workflow, personally. (07:19:45 AM) dholbach: \sh: great - if you could collect some ideas about the meeting, I'm happy to announce to various places (07:20:05 AM) dholbach: persia: some people might want to ask questions, I found meetings a good opportunity to meet and talk to those people (07:20:26 AM) \sh: dholbach, will do (07:20:27 AM) ***persia defers, but hopes this does not cause a recruiting delay (07:20:45 AM) \sh: as a note why I wanted to raise this issue (07:20:55 AM) dholbach: [ACTION] \sh and dholbach to work on organising a meeting for people interested in security tasks (07:20:55 AM) MootBot: ACTION received: \sh and dholbach to work on organising a meeting for people interested in security tasks (07:21:13 AM) \sh: I think it's important to our users and audience to show that we also take care about the security of the community driven archive (07:21:25 AM) dholbach: absolutely (07:21:31 AM) dholbach: thanks \sh for bringing this up (07:21:48 AM) \sh: thanks to you for your time :) (07:21:51 AM) sistpoty|work: \sh: yes, and it's great to see the team spamming my inbox lately :) (07:21:52 AM) dholbach: :) (07:21:55 AM) dholbach: [TOPIC] Other Business (07:21:55 AM) MootBot: New Topic: Other Business (07:22:03 AM) \sh: sistpoty|work, you are welcome :) (07:22:17 AM) dholbach: going once... :) (07:22:18 AM) ***Fujitsu notes he has a few more to do tomorrow. (07:22:25 AM) \sh: Fujitsu, wordpress (07:22:30 AM) dholbach: twice (07:22:36 AM) dholbach: no other business? (07:22:36 AM) Fujitsu: \sh: That's more than a few (ie. 42) (07:22:36 AM) ***persia has a quick one (07:22:41 AM) dholbach: persia: fire away (07:23:20 AM) persia: I just want to confirm that nobody has any further planned followup to the ML threads about New Upstream Version reviews and REVU guidelines before I update the wiki. (07:23:52 AM) sladen: hard to confirm an open-ended question. But I haven't... (07:23:53 AM) \sh: Fujitsu, yeah, a new one came yesterday or the day before ,-) (07:24:08 AM) persia: sladen: good point. (07:24:08 AM) Fujitsu: \sh: 6301 or so, yeah. What fun. (07:24:24 AM) dholbach: persia: seems that nobody in #ubuntu-meeting does :) (07:24:49 AM) persia: Thanks. I'll go ahead, as most of the parties with previous concerns appear to be present :) (07:24:55 AM) dholbach: anything else before we move on? (07:25:09 AM) dholbach: [TOPIC] agree on date and time of next meeting (07:25:10 AM) MootBot: New Topic: agree on date and time of next meeting (07:25:22 AM) ***persia proposes 20:00 UTC 7th Dec 2007 (07:25:37 AM) ***TheMuso can do that. (07:25:45 AM) ***DktrKranz too (07:25:53 AM) ***Fujitsu can probably. (07:25:59 AM) ***soren can't. (07:26:05 AM) ***sistpoty|work will try but not promise (07:26:30 AM) persia: We're traditionally skipped the 04:00 UTC in the rotation. Is anyone a big fan of that time? (07:26:40 AM) ***dholbach isn't :) (07:26:46 AM) soren: me neither (07:27:13 AM) TheMuso: I am sorta, but understand that it doesn't suit most people in the states and nobody in Europe. (07:28:21 AM) sistpoty|work: I guess it's hard to find fans for the 04:00 UTC among people currently present ;) (07:28:27 AM) dholbach: at some stage we should discuss that on the list or have a wiki table with the timezones everybody lives in (07:28:31 AM) \sh: hmm...at 13 UTC is motu faq session, right? (07:28:47 AM) persia: Actually, I thought it would be good for people in the Americas, as attendance at the other times seems low, but perhaps it's a demographic issue as to who participates in meetings. (07:29:09 AM) persia: dholbach: Last time we did that, we ended up not having a MOTU meeting for a month. (07:29:10 AM) dholbach: I think it's fine for us to stick to the time suggested, but raise the topic in a different medium than IRC :) (07:29:27 AM) sistpoty|work: make it so (07:29:31 AM) persia: sistpoty|work: There weren't any fans at the last 20:00 session either. I think 04:00 fans just don't come to meetings. (07:29:46 AM) dholbach: alright, let's do 20:00 then (07:29:46 AM) Fujitsu: Are there any 04:00 fans? (07:29:50 AM) sistpoty|work: persia: hehe (07:30:01 AM) dholbach: [AGREED] Next meeting: 20:00 UTC 7th Dec 2007 (07:30:02 AM) MootBot: AGREED received: Next meeting: 20:00 UTC 7th Dec 2007 (07:30:06 AM) TheMuso: Fujitsu: I am, but understand why its not accepted by others. (07:30:13 AM) ***DktrKranz usually sleeps at 04:00 (07:30:22 AM) TheMuso: My point exactly. (07:30:23 AM) dholbach: [ACTION] dholbach to think about MOTU timezones table (07:30:23 AM) MootBot: ACTION received: dholbach to think about MOTU timezones table (07:30:37 AM) dholbach: [ACTION] agree on date and time of next REVU DAY (07:30:37 AM) MootBot: ACTION received: agree on date and time of next REVU DAY (07:30:38 AM) ***persia finds 04:00 convenient, but doesn't have issues with the other times. (07:30:52 AM) TheMuso: REVU days == Mondays? (07:30:56 AM) dholbach: shall we remove that action item from the agenda? we seem to stick to mondays anyway (07:30:58 AM) ***persia proposes 26 November and 3 December (07:31:07 AM) \sh: YAY (07:31:13 AM) Fujitsu: persia: And very subsequent Monday until FF? (07:31:25 AM) Fujitsu: +e (07:31:26 AM) \sh: I just got a mail that I have a day for test working for United Internet ,-) (07:31:28 AM) persia: I'm happy to remove it from the agenda: it's been Mondays for the past six months or so (since we added it to the agenda) (07:31:33 AM) persia: Fujitsu: Sounds good to me. (07:31:40 AM) dholbach: persia: great thanks (07:31:48 AM) dholbach: same goes for "agree on date and time of MOTU Q&A sessions" (07:31:51 AM) TheMuso: I think its a day that all hopefuls knwo that will get a chance at having their work looked at. (07:31:53 AM) dholbach: it's Q&A Friday! (07:32:08 AM) dholbach: ok, looks like we're through our agenda (07:32:17 AM) persia: Sure. I think both of those got added to the agenda because we weren't scheduling them enough. If we do every Monday and Friday, we should be good. (07:32:30 AM) dholbach: persia: great (07:32:37 AM) dholbach: thanks a lot everybody! (07:32:40 AM) dholbach: adjourned (07:32:42 AM) TheMuso: np (07:32:43 AM) sistpoty|work: thanks dholbach for hosting (07:32:53 AM) dholbach: anytime :) (07:32:59 AM) sistpoty|work: (alter! *g*) (07:33:11 AM) persia: (except 04:00 UTC) :) (07:33:14 AM) dholbach: yeah :) (07:33:22 AM) dholbach: #endmeeting (07:33:22 AM) MootBot: Meeting finished at 12:33.