14:59:08 <h01ger> #startmeeting 14:59:08 <MeetBot> Meeting started Thu Jul 30 14:59:08 2020 UTC. The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:59:08 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:59:14 <h01ger> hello everyone 14:59:20 <lamby> o/ 14:59:23 <Beuc> oi 14:59:24 <bhe[m]> Hey 14:59:36 <buxy> hi 15:00:04 <h01ger> #topic please say hi or somesuch / review & amend agenda at https://pad.riseup.net/p/lts-meeting-agenda 15:00:06 <apo> hello 15:01:15 <lamby> hey 15:01:36 * h01ger shuffles the agenda order around 15:03:36 <h01ger> there we go 15:03:56 <h01ger> #topic meeting dates 15:04:33 <h01ger> so for better or worse i've went ahead and decided we'll always gonna have the meeting on the last thursday of the month at 15 UTC 15:04:46 <h01ger> as this was the date+time chosen in 3 dudle polls 15:05:12 <h01ger> i'm unhappy that its also the time brian couldnt make in all 3 pools 15:05:27 <h01ger> i'm unsure whether we should setup a forth poll and count via condorcet 15:05:46 <h01ger> what do you think? 15:06:35 <bhe[m]> We can do a 4th dudle. Let see 15:06:48 <buxy> I don't see the need. 15:06:54 <buxy> Did you talk to Brian or not? 15:07:08 <h01ger> i only mailed him via the list 15:07:34 <Beuc> Maybe we can make an exception once in a while to include Brian at least sometimes. 15:08:16 <lamby> (That would work for me.) 15:08:24 <buxy> IMO we should keep the fixed schedule unless he would like to be able to attend regularly, in which case we should have 2 fixed times and switch between those. One at the start of the day in the EU time, one at the end of the day in EU time. 15:08:25 <apo> I'm fine with last thursday of the month, we could also try to move the meeting to 20 UTC, that should work for Brian and (hopefully) for all the people in India 15:09:06 * h01ger could do 20 utc but would strongly dislike it in european summertime 15:09:37 <h01ger> that said, might work *this* summer :/ 15:09:40 <pochu> o/ 15:10:12 <apo> yeah, 19 UTC in summer time should work too I guess but I suggest to talk with Brian first 15:10:15 * h01ger mail brian explicitly and then see 15:10:23 <Beuc> I don't think we ever got brian's PoV though, so it's not really worth making a decision without. 15:10:45 <h01ger> https://wiki.debian.org/LTS/Meetings has the times and dates etc of the our meetings btw 15:10:54 <h01ger> lets move on 15:11:03 <h01ger> #topic next meeting with video 15:11:11 <h01ger> buxy: ? 15:11:28 <buxy> Yeah? 15:11:36 <utkarsh2102> I suppose we can give this a shot during BoF! 15:11:47 <h01ger> utkarsh2102: hah! 15:11:52 <utkarsh2102> That'd be a good chance for a video-meet. 15:12:04 <h01ger> buxy: i thought you were going to propose some other tool?> 15:12:15 <utkarsh2102> So we'll know if that'd work (hoping it will!). 15:12:32 <h01ger> utkarsh2102: right. 15:12:48 <h01ger> for those who dont know, we'll have an lts bof during online dc20 15:12:53 <buxy> My experience with jitsi has not been good last time. I don't know why. I do have a zoom account and we can use that. I feel reluctant imposing it because not everybody likes it... 15:12:57 <utkarsh2102> Also, I proposed 15 UTC for the BoF for now. 15:13:09 <utkarsh2102> Please let me know if I should change. 15:13:36 <utkarsh2102> I'm a part of the content team as well, so can shift. But better if we know the time in advance. 15:14:18 * bhe[m] likes to see only free tools in development of LTS. So zoom 15:14:28 <buxy> But we should definitely retry the video meeting. 15:14:31 <h01ger> buxy: i dislike zoom for several reasons indeed but would join a zoom meeting if jitsi proves unusable at dc20 for us again. i do think video meetings would be good 15:14:35 <bhe[m]> no* zoom 15:15:10 <h01ger> bhe[m]: we use this non-free tool called the internet to communicate too. so shrugs ;) 15:15:12 <apo> last resort could always be Mumble 15:15:14 <buxy> bhe[m]: you just need a web browser, you don't have to install anything, how is that problematic? 15:15:43 <h01ger> lets not get into this discussion please. at least not during the meeting. after or via mail, fine 15:16:12 <h01ger> (there's also big blue button if someone wants to research that) 15:16:48 <h01ger> #info video conference tooling still unclear, we will try dc20 bof with jitsi and afterwards decide what to use for our next meeting at the end of august. 15:17:04 <h01ger> lets move on? 15:17:19 <h01ger> we want to finish this meeting after 60min and still have some topics.. 15:17:29 <bhe[m]> buxy: If you package a wrapper around zoom, will it be in main or contrib ? 15:17:38 <buxy> I believe video meeting is important but I don't have time to spend on testing tools, I'm happy to use whatever works and I have some confidence in zoom due to real-life usage lately. 15:18:10 <buxy> bhe[m]: contrib 15:18:10 * h01ger nods 15:18:45 * h01ger takes a note to revisit the situation on august 20th 15:18:52 <h01ger> #topic stretch LTS 15:19:05 <h01ger> is everything going fine with the new stretch LTS? 15:19:18 <bunk> One question: 15:19:21 <pochu> as far as I know :) 15:19:39 <bunk> Are binNMUs possible in any way? 15:20:01 <utkarsh2102> I've got one important pointer for this topic (though it's better via mail but never got around to doing that!!) 15:20:20 <pochu> bunk: not. maybe if an ftp-master copies packages to security-master though 15:20:32 <bunk> Go became more popular in stretch... 15:20:33 <pochu> s/not/they're &/ 15:20:33 <buxy> bunk: yes, but it's only possible with shell access on the server 15:20:58 <h01ger> buxy: you are asking because of a specific package? 15:20:58 <buxy> ah sorry I am confused, my answer applies for Extended LTS 15:21:16 <h01ger> s#buxy#bunk#, sorry too 15:21:33 <lamby> I think most of the s/jessie/stretch/ changes have been made to scripts, templates, etc. by now. (Although I fixed another today.) 15:21:43 <pochu> h01ger: golang rdeps are statically linked, so a fix in golang or a golang module needs rebuilds 15:22:10 <h01ger> at its only golang or also haskell and? 15:22:15 <bunk> h01ger: in general, but also specifically looking at golang-github-seccomp-libseccomp-golang 15:22:33 <utkarsh2102> so, when qemu was uploaded on last Saturday, I got: 15:22:34 <utkarsh2102> qemu-user-static_2.8+dfsg-6+deb9u10_amd64.deb: Built-Using refers to non-existing source package glib2.0 (= 2.50.3-2+deb9u2) 15:22:40 <h01ger> bunk: that was something like 400 packages? 15:23:04 <pochu> utkarsh2102: known dak limitation 15:23:15 <utkarsh2102> Salvatore mailed the FTP masters to inject the needed source packages on security-master and reproceess the rejected packages. 15:23:31 <utkarsh2102> pochu: I am still in midst of completing my point :) 15:23:35 <bunk> h01ger: Wat is the 400 referring to? 15:23:46 <h01ger> bunk: amount of binnmus needed 15:24:03 <utkarsh2102> So although that got happened really quickly, but here's this thing which Salvatore pointed out: 15:24:54 <utkarsh2102> #823820 should be implemented. In the past, it was not so much of a problem, but that will become more frequent in future. 15:25:28 <utkarsh2102> although, it's not frequent *now*, but it'd be great if FTP master can implement this. 15:25:32 <bunk> h01ger: Haskell libraries are static libraries, Go libraries are source code. For Go it is at least an option to just make an upload for the leaf packages that use it. 15:25:34 <utkarsh2102> (maybe with some LTS funding?) 15:26:16 <buxy> utkarsh2102: definitely! 15:26:48 <utkarsh2102> buxy: okay, should I initiate this discussion further then? 15:26:57 <h01ger> utkarsh2102: is #823820 on our todo? or rather: could you please add it if its not there? :) 15:27:42 <h01ger> then, AFAICS the only open and untracked question are binNMUs for stretch 15:27:46 <utkarsh2102> h01ger: sure! (I'll find out where's the TODO and shall add the same) 15:27:50 <buxy> utkarsh2102: let's see what we say in point about project funding later, but it's good idea for a first try 15:28:20 <utkarsh2102> buxy: yeah, of course. I'll just ask for this implementation for the starters. 15:28:32 <utkarsh2102> I'll CC our private list? 15:29:00 <h01ger> why not the public list? 15:29:17 <buxy> bin-nmu for LTS looks like another feature to request, it's clearly a "not possible right now" AFAIK 15:29:34 <utkarsh2102> sure. I don't have any problem and was indecisive. So public list it is \o/ 15:29:59 <h01ger> great 15:30:08 <buxy> h01ger: offering funding? 15:30:09 <pochu> btw I started to look at that back in March, but very briefly and didn't get too far 15:30:22 <h01ger> great was a comment on public list 15:30:45 <buxy> I believe utkarsh2102 wants to look if some ftpmasters is willing to be paid to implement #823820 15:30:49 <h01ger> is binNMUs for LTS on our todo 15:30:51 <h01ger> ? 15:30:57 <h01ger> buxy: thats also great :) 15:31:52 <utkarsh2102> ta: can you take a look though? :) 15:32:25 <h01ger> ta, sunweaver and el_cubano said they would miss the meeting for $reasons 15:32:40 <utkarsh2102> aw :/ 15:32:57 * h01ger will check whether binNMUs for LTS are on our todo and add it if not 15:33:03 <h01ger> so next topic i suppose? 15:33:09 <utkarsh2102> yep. 15:33:45 <buxy> there's nothing about bin-nmu in https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues 15:34:09 <h01ger> which brings me to a problem: while reshuffling the agenda i was forced to disconnect and then Abhijith's entry (i believe) was gone 15:34:28 <h01ger> i only remember it said something about open CVE in jessie & stretch. 15:34:36 <h01ger> does anyone know this topic? 15:34:46 <bhe[m]> h01ger: I will 15:35:26 <h01ger> bhe[m]: please go ahead 15:36:44 <bhe[m]> h01ger: I see jruby in dla-needed with comment all open CVEs were fixed in jessie. So what will be doing with such packages ? 15:37:13 <utkarsh2102> bhe: we fix those for stretch as well? 15:37:31 <Beuc> that's a comment from me I think 15:37:53 <Beuc> meaning we can study the jessie update when working on the stretch one 15:38:04 <h01ger> sure. but this is just business as usual 15:38:09 <Beuc> so yeah, like utkarsh2102 said 15:38:13 <h01ger> s#but## 15:38:23 <bhe[m]> utkarsh2102: but that is huge load. 15:38:46 <h01ger> so next topic, i'd say 15:38:49 <bhe[m]> there are many things we fixed in jessie which at the time stretch didn't. 15:39:42 <Beuc> bhe[m], in this cas 6/10 are also fixed in buster, so we gotta work on those anyway 15:39:59 <utkarsh2102> bhe: yeah, that's there. There are a lot of issues pending but it's very nice to fix them all. In case the CVE is not worth fixing, mark it as ignored or no-dsa or whatever s appropriate. 15:40:28 <utkarsh2102> qemu's recent upload had around 12-14 fixes. Because those weren't fixed earlier. 15:40:33 * h01ger decides to move on. if something is still unclear here this can be resolved after the meeting 15:40:39 <h01ger> #topic survey 15:41:08 <h01ger> according to utkarsh2102 on tuesday, we had 1764 submissions 15:41:27 <lamby> Wow. :) 15:41:33 <utkarsh2102> yep, till 1100, the feedback was good! 15:41:38 <utkarsh2102> really good! 15:41:45 <h01ger> utkarsh2102: do you have a summary already? 15:41:55 <h01ger> utkarsh2102: then it got worse, or did you stop reading? 15:42:07 <utkarsh2102> h01ger: yep, it got too much 15:42:14 <h01ger> :) 15:42:23 <utkarsh2102> h01ger: it'll take me a little while to compile everything 15:42:28 * h01ger nods 15:42:31 <utkarsh2102> (a little too much work) 15:42:37 <h01ger> utkarsh2102: take your time and thank you very much for doing so 15:42:47 <h01ger> i guess for now we can move on then 15:42:47 <utkarsh2102> \o/ 15:42:59 * h01ger is really excited and happy about so many results too 15:43:03 <utkarsh2102> yep. 15:43:13 <h01ger> #topic project funding 15:43:35 <h01ger> * Are we happy with https://salsa.debian.org/freexian-team/project-funding/-/blob/master/Rules-LTS.md#how-will-the-winning-bid-be-selected ? 15:43:35 <h01ger> * Shall we start? aka communicate on it and solicit projects from core teams 15:44:27 <buxy> The email discussion didn't generate many comments. Does that mean that the proposal is good enough or that nobody took the time to review it entirely? 15:44:47 <lamby> It wfm 15:45:07 <h01ger> same here 15:45:08 <buxy> Beuc: I saw some blog post of you where you shared some doubts... what's your point of view? 15:47:36 <buxy> We do have 73h in the LTS pocket and 39h in the ELTS pocket, so we could start to fund some first test projects. 15:48:14 <h01ger> i think we should 15:48:19 <lamby> nod 15:48:22 <Beuc> Sorry this is a bit broad. I shared several concerns in blogs and I voiced some concerns over the text at last meeting but I've been busy with updates since. 15:50:02 <h01ger> Beuc: if you'd also send a copy of such blog posts to the lts list, that would be really nice, as then we could reply easily 15:50:06 <buxy> So how shall we communicate that we are ready to fund some infrastructure work? Shall we start with direct emails to various core teams? 15:50:52 <buxy> Or be more public and make some blog post? 15:50:52 <h01ger> i think mailing -project to inform about the general plan would also be good 15:51:45 <utkarsh2102> yep. 15:53:27 <h01ger> we have 6min left. if useful, i'd be happy to extend a bit but right now not much discussion is going on ;) 15:53:27 <buxy> We have two approaches to projects: either we create a project and look for people to implement it, or we let people propose projects that they wan to implement.. 15:53:56 <utkarsh2102> in that case, I'd vouch for the later. 15:54:08 <buxy> When we have specific suggestions like #823820, how should we proceed? 15:54:16 <h01ger> buxy: i dont think we have to pick any of the two, instead i think we can continue to do and offer both? 15:54:52 <buxy> Inform ftpmasters that a project proposal to fix that bug would likely be well received or shall we create a proposal ourselves and inform them so that they can send a bid? 15:55:17 <utkarsh2102> buxy: we ask the ftp team (unfortuantely I'm only a trainee at this point) to take a look at this and throw in their opinion. 15:55:32 <utkarsh2102> yep, that^^ 15:56:27 <Beuc> Btw it would be nice to add important topics a bit in advance, 15:56:31 <utkarsh2102> I believe this case is a bit different. Here, we know the project/task at hand, so I'd say we can create a proposal ourselves here. 15:56:36 <Beuc> I checked the agenda this morning so I could prepare for points 15:56:50 * h01ger is a bit uncomfortable as he realized what we'll be doing. i hope not, but teams could also see these offers as interfering their work and using money as a tool. so i'd defintily invite the project as a whole and present our plan/model as a whole 15:57:04 <utkarsh2102> However, this is not going to be the case everytime. So we can ask them to propose what they want to implement and so on.. 15:57:09 <Beuc> so it's a bit hard to think on the fly. 15:57:20 <h01ger> Beuc: of course. but sometimes this happens... 15:58:26 <h01ger> buxy: how shall we continue here? official meeting time is over. we could of course do overtime, but... 15:58:30 <buxy> Beuc: agreed, h01ger I do not follow the debian-lts daily (but I do for the private alias) and I was not aware of the meeting until very recently, it would be nice to send a reminder to the private alias a few day before with invitation to add stuff to the agend 15:58:32 <lamby> h01ger: I wonder if we could approach -project with that being an explicit concern of ours. Asking, for example, "we don't want to be or be seen to be using this as a tool, help us not do that?". 15:58:55 <Beuc> h01ger, (re: cc'ing the list, I can do but it requires time to make a blog->mail conversion and I have 0 comments over the blog posts, so...) 15:58:57 <h01ger> the only topics left are 'lts bof at dc20' (which you now know will happen) and 'any other business' 15:59:48 <h01ger> buxy: ack. (another reason why i want a regular schedule) 15:59:58 <h01ger> lamby: sounds like a good plan to me 16:00:16 <utkarsh2102> about BoF at dc20, I suppose we should send a mail if we agree for 15 UTC as the proposed time 16:00:17 <buxy> Beuc: I sought comments by email, if you have comments please share them by mail, it's disturbing to see stuff on your blog and no answer from you on the alias 16:00:31 <h01ger> Beuc: otoh i'm very very unlikely to comment on your (or any) blog 16:01:28 <Beuc> buxy, I thin that was 2 month ago I think, and on the general topic, not on the specific points of the approval workflow 16:02:13 <buxy> right, but you should not be afraid to express your point of view even if the majority doesn't seem to share your point of view 16:02:24 <buxy> that was my feeling when I read your blog post 16:02:56 * h01ger thinks we should wrap this up here and now 16:02:59 <lamby> buxy: FYI, this problem is called the https://en.wikipedia.org/wiki/Abilene_paradox :) 16:03:00 <utkarsh2102> (dissent is important!) 16:03:00 <Beuc> OK, I made regular contributions during the meetings, normally the public-facing blog only recaps what I already shared 16:03:39 <utkarsh2102> lamby: aha, TIL :) 16:03:42 <h01ger> lamby: thanks for the link 16:04:30 <h01ger> #info we want to start project funding soon but are still unclear how. seems to need more discussion 16:04:52 <buxy> Well, I believe I will mail -project as a first step indeed. 16:05:22 <h01ger> great 16:05:27 <h01ger> #topic there will be an debian LTS BoF at the online debconf20. talk to utkarsh2102 for anthing 16:05:44 <h01ger> #topic any other business - skipped due to overtime 16:06:21 <h01ger> #topic next meeting: August 27th 2020, 15 UTC, subscribe to https://wiki.debian.org/LTS/Meetings 16:06:26 <lamby> Thanks all 16:06:32 <h01ger> thank you all! 16:06:40 <bhe[m]> o/ 16:06:42 * utkarsh2102 thanks everyone too 16:06:44 <pochu> thanks 16:06:47 <apo> byebye 16:06:57 <utkarsh2102> h01ger: end meet? :) 16:07:25 <h01ger> #endmeeting indeed