14:59:08 <h01ger> #startmeeting
14:59:08 <MeetBot> Meeting started Thu Jul 30 14:59:08 2020 UTC.  The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:08 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:14 <h01ger> hello everyone
14:59:20 <lamby> o/
14:59:23 <Beuc> oi
14:59:24 <bhe[m]> Hey
14:59:36 <buxy> hi
15:00:04 <h01ger> #topic please say hi or somesuch / review & amend agenda at https://pad.riseup.net/p/lts-meeting-agenda
15:00:06 <apo> hello
15:01:15 <lamby> hey
15:01:36 * h01ger shuffles the agenda order around
15:03:36 <h01ger> there we go
15:03:56 <h01ger> #topic meeting dates
15:04:33 <h01ger> so for better or worse i've went ahead and decided we'll always gonna have the meeting on the last thursday of the month at 15 UTC
15:04:46 <h01ger> as this was the date+time chosen in 3 dudle polls
15:05:12 <h01ger> i'm unhappy that its also the time brian couldnt make in all 3 pools
15:05:27 <h01ger> i'm unsure whether we should setup a forth poll and count via condorcet
15:05:46 <h01ger> what do you think?
15:06:35 <bhe[m]> We can do a 4th dudle. Let see
15:06:48 <buxy> I don't see the need.
15:06:54 <buxy> Did you talk to Brian or not?
15:07:08 <h01ger> i only mailed him via the list
15:07:34 <Beuc> Maybe we can make an exception once in a while to include Brian at least sometimes.
15:08:16 <lamby> (That would work for me.)
15:08:24 <buxy> IMO we should keep the fixed schedule unless he would like to be able to attend regularly, in which case we should have 2 fixed times and switch between those. One at the start of the day in the EU time, one at the end of the day in EU time.
15:08:25 <apo> I'm fine with last thursday of the month, we could also try to move the meeting to 20 UTC, that should work for Brian and (hopefully) for all the people in India
15:09:06 * h01ger could do 20 utc but would strongly dislike it in european summertime
15:09:37 <h01ger> that said, might work *this* summer :/
15:09:40 <pochu> o/
15:10:12 <apo> yeah, 19 UTC in summer time should work too I guess but I suggest to talk with Brian first
15:10:15 * h01ger mail brian explicitly and then see
15:10:23 <Beuc> I don't think we ever got brian's PoV though, so it's not really worth making a decision without.
15:10:45 <h01ger> https://wiki.debian.org/LTS/Meetings has the times and dates etc of the our meetings btw
15:10:54 <h01ger> lets move on
15:11:03 <h01ger> #topic next meeting with video
15:11:11 <h01ger> buxy: ?
15:11:28 <buxy> Yeah?
15:11:36 <utkarsh2102> I suppose we can give this a shot during BoF!
15:11:47 <h01ger> utkarsh2102: hah!
15:11:52 <utkarsh2102> That'd be a good chance for a video-meet.
15:12:04 <h01ger> buxy: i thought you were going to propose some other tool?>
15:12:15 <utkarsh2102> So we'll know if that'd work (hoping it will!).
15:12:32 <h01ger> utkarsh2102: right.
15:12:48 <h01ger> for those who dont know, we'll have an lts bof during online dc20
15:12:53 <buxy> My experience with jitsi has not been good last time. I don't know why. I do have a zoom account and we can use that. I feel reluctant imposing it because not everybody likes it...
15:12:57 <utkarsh2102> Also, I proposed 15 UTC for the BoF for now.
15:13:09 <utkarsh2102> Please let me know if I should change.
15:13:36 <utkarsh2102> I'm a part of the content team as well, so can shift. But better if we know the time in advance.
15:14:18 * bhe[m] likes to see only free tools in development of LTS. So zoom
15:14:28 <buxy> But we should definitely retry the video meeting.
15:14:31 <h01ger> buxy: i dislike zoom for several reasons indeed but would join a zoom meeting if jitsi proves unusable at dc20 for us again. i do think video meetings would be good
15:14:35 <bhe[m]> no* zoom
15:15:10 <h01ger> bhe[m]: we use this non-free tool called the internet to communicate too. so shrugs ;)
15:15:12 <apo> last resort could always be Mumble
15:15:14 <buxy> bhe[m]: you just need a web browser, you don't have to install anything, how is that problematic?
15:15:43 <h01ger> lets not get into this discussion please. at least not during the meeting. after or via mail, fine
15:16:12 <h01ger> (there's also big blue button if someone wants to research that)
15:16:48 <h01ger> #info video conference tooling still unclear, we will try dc20 bof with jitsi and afterwards decide what to use for our next meeting at the end of august.
15:17:04 <h01ger> lets move on?
15:17:19 <h01ger> we want to finish this meeting after 60min and still have some topics..
15:17:29 <bhe[m]> buxy: If you package a wrapper around zoom, will it be in main or contrib ?
15:17:38 <buxy> I believe video meeting is important but I don't have time to spend on testing tools, I'm happy to use whatever works and I have some confidence in zoom due to real-life usage lately.
15:18:10 <buxy> bhe[m]: contrib
15:18:10 * h01ger nods
15:18:45 * h01ger takes a note to revisit the situation on august 20th
15:18:52 <h01ger> #topic stretch LTS
15:19:05 <h01ger> is everything going fine with the new stretch LTS?
15:19:18 <bunk> One question:
15:19:21 <pochu> as far as I know :)
15:19:39 <bunk> Are binNMUs possible in any way?
15:20:01 <utkarsh2102> I've got one important pointer for this topic (though it's better via mail but never got around to doing that!!)
15:20:20 <pochu> bunk: not. maybe if an ftp-master copies packages to security-master though
15:20:32 <bunk> Go became more popular in stretch...
15:20:33 <pochu> s/not/they're &/
15:20:33 <buxy> bunk: yes, but it's only possible with shell access on the server
15:20:58 <h01ger> buxy: you are asking because of a specific package?
15:20:58 <buxy> ah sorry I am confused, my answer applies for Extended LTS
15:21:16 <h01ger> s#buxy#bunk#, sorry too
15:21:33 <lamby> I think most of the s/jessie/stretch/ changes have been made to scripts, templates, etc. by now. (Although I fixed another today.)
15:21:43 <pochu> h01ger: golang rdeps are statically linked, so a fix in golang or a golang module needs rebuilds
15:22:10 <h01ger> at its only golang or also haskell and?
15:22:15 <bunk> h01ger: in general, but also specifically looking at golang-github-seccomp-libseccomp-golang
15:22:33 <utkarsh2102> so, when qemu was uploaded on last Saturday, I got:
15:22:34 <utkarsh2102> qemu-user-static_2.8+dfsg-6+deb9u10_amd64.deb: Built-Using refers to non-existing source package glib2.0 (= 2.50.3-2+deb9u2)
15:22:40 <h01ger> bunk: that was something like 400 packages?
15:23:04 <pochu> utkarsh2102: known dak limitation
15:23:15 <utkarsh2102> Salvatore mailed the FTP masters to inject the needed source packages on security-master and reproceess the rejected packages.
15:23:31 <utkarsh2102> pochu: I am still in midst of completing my point :)
15:23:35 <bunk> h01ger: Wat is the 400 referring to?
15:23:46 <h01ger> bunk: amount of binnmus needed
15:24:03 <utkarsh2102> So although that got happened really quickly, but here's this thing which Salvatore pointed out:
15:24:54 <utkarsh2102> #823820 should be implemented. In the past, it was not so much of a problem, but that will become more frequent in future.
15:25:28 <utkarsh2102> although, it's not frequent *now*, but it'd be great if FTP master can implement this.
15:25:32 <bunk> h01ger: Haskell libraries are static libraries, Go libraries are source code. For Go it is at least an option to just make an upload for the leaf packages that use it.
15:25:34 <utkarsh2102> (maybe with some LTS funding?)
15:26:16 <buxy> utkarsh2102: definitely!
15:26:48 <utkarsh2102> buxy: okay, should I initiate this discussion further then?
15:26:57 <h01ger> utkarsh2102: is #823820 on our todo? or rather: could you please add it if its not there? :)
15:27:42 <h01ger> then, AFAICS the only open and untracked question are binNMUs for stretch
15:27:46 <utkarsh2102> h01ger: sure! (I'll find out where's the TODO and shall add the same)
15:27:50 <buxy> utkarsh2102: let's see what we say in point about project funding later, but it's good idea for a first try
15:28:20 <utkarsh2102> buxy: yeah, of course. I'll just ask for this implementation for the starters.
15:28:32 <utkarsh2102> I'll CC our private list?
15:29:00 <h01ger> why not the public list?
15:29:17 <buxy> bin-nmu for LTS looks like another feature to request, it's clearly a "not possible right now" AFAIK
15:29:34 <utkarsh2102> sure. I don't have any problem and was indecisive. So public list it is \o/
15:29:59 <h01ger> great
15:30:08 <buxy> h01ger: offering funding?
15:30:09 <pochu> btw I started to look at that back in March, but very briefly and didn't get too far
15:30:22 <h01ger> great was a comment on public list
15:30:45 <buxy> I believe utkarsh2102 wants to look if some ftpmasters is willing to be paid to implement #823820
15:30:49 <h01ger> is binNMUs for LTS on our todo
15:30:51 <h01ger> ?
15:30:57 <h01ger> buxy: thats also great :)
15:31:52 <utkarsh2102> ta: can you take a look though? :)
15:32:25 <h01ger> ta, sunweaver and el_cubano said they would miss the meeting for $reasons
15:32:40 <utkarsh2102> aw :/
15:32:57 * h01ger will check whether binNMUs for LTS are on our todo and add it if not
15:33:03 <h01ger> so next topic i suppose?
15:33:09 <utkarsh2102> yep.
15:33:45 <buxy> there's nothing about bin-nmu in https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues
15:34:09 <h01ger> which brings me to a problem: while reshuffling the agenda i was forced to disconnect and then Abhijith's entry (i believe) was gone
15:34:28 <h01ger> i only remember it said something about open CVE in jessie & stretch.
15:34:36 <h01ger> does anyone know this topic?
15:34:46 <bhe[m]> h01ger:  I will
15:35:26 <h01ger> bhe[m]: please go ahead
15:36:44 <bhe[m]> h01ger: I see jruby in dla-needed with comment all open CVEs were fixed in jessie. So what will be doing with such packages ?
15:37:13 <utkarsh2102> bhe: we fix those for stretch as well?
15:37:31 <Beuc> that's a comment from me I think
15:37:53 <Beuc> meaning we can study the jessie update when working on the stretch one
15:38:04 <h01ger> sure. but this is just business as usual
15:38:09 <Beuc> so yeah, like utkarsh2102 said
15:38:13 <h01ger> s#but##
15:38:23 <bhe[m]> utkarsh2102: but that is huge load.
15:38:46 <h01ger> so next topic, i'd say
15:38:49 <bhe[m]> there are many things we fixed in jessie which at the time stretch didn't.
15:39:42 <Beuc> bhe[m], in this cas 6/10 are also fixed in buster, so we gotta work on those anyway
15:39:59 <utkarsh2102> bhe: yeah, that's there. There are a lot of issues pending but it's very nice to fix them all. In case the CVE is not worth fixing, mark it as ignored or no-dsa or whatever s appropriate.
15:40:28 <utkarsh2102> qemu's recent upload had around 12-14 fixes. Because those weren't fixed earlier.
15:40:33 * h01ger decides to move on. if something is still unclear here this can be resolved after the meeting
15:40:39 <h01ger> #topic survey
15:41:08 <h01ger> according to utkarsh2102 on tuesday, we had 1764 submissions
15:41:27 <lamby> Wow. :)
15:41:33 <utkarsh2102> yep, till 1100, the feedback was good!
15:41:38 <utkarsh2102> really good!
15:41:45 <h01ger> utkarsh2102: do you have a summary already?
15:41:55 <h01ger> utkarsh2102: then it got worse, or did you stop reading?
15:42:07 <utkarsh2102> h01ger: yep, it got too much
15:42:14 <h01ger> :)
15:42:23 <utkarsh2102> h01ger: it'll take me a little while to compile everything
15:42:28 * h01ger nods
15:42:31 <utkarsh2102> (a little too much work)
15:42:37 <h01ger> utkarsh2102: take your time and thank you very much for doing so
15:42:47 <h01ger> i guess for now we can move on then
15:42:47 <utkarsh2102> \o/
15:42:59 * h01ger is really excited and happy about so many results too
15:43:03 <utkarsh2102> yep.
15:43:13 <h01ger> #topic project funding
15:43:35 <h01ger> * Are we happy with https://salsa.debian.org/freexian-team/project-funding/-/blob/master/Rules-LTS.md#how-will-the-winning-bid-be-selected ?
15:43:35 <h01ger> * Shall we start? aka communicate on it and solicit projects from core teams
15:44:27 <buxy> The email discussion didn't generate many comments. Does that mean that the proposal is good enough or that nobody took the time to review it entirely?
15:44:47 <lamby> It wfm
15:45:07 <h01ger> same here
15:45:08 <buxy> Beuc: I saw some blog post of you where you shared some doubts... what's your point of view?
15:47:36 <buxy> We do have 73h in the LTS pocket and 39h in the ELTS pocket, so we could start to fund some first test projects.
15:48:14 <h01ger> i think we should
15:48:19 <lamby> nod
15:48:22 <Beuc> Sorry this is a bit broad. I shared several concerns in blogs and I voiced some concerns over the text at last meeting but I've been busy with updates since.
15:50:02 <h01ger> Beuc: if you'd also send a copy of such blog posts to the lts list, that would be really nice, as then we could reply easily
15:50:06 <buxy> So how shall we communicate that we are ready to fund some infrastructure work? Shall we start with direct emails to various core teams?
15:50:52 <buxy> Or be more public and make some blog post?
15:50:52 <h01ger> i think mailing -project to inform about the general plan would also be good
15:51:45 <utkarsh2102> yep.
15:53:27 <h01ger> we have 6min left. if useful, i'd be happy to extend a bit but right now not much discussion is going on ;)
15:53:27 <buxy> We have two approaches to projects: either we create a project and look for people to implement it, or we let people propose projects that they wan to implement..
15:53:56 <utkarsh2102> in that case, I'd vouch for the later.
15:54:08 <buxy> When we have specific suggestions like #823820, how should we proceed?
15:54:16 <h01ger> buxy: i dont think we have to pick any of the two, instead i think we can continue to do and offer both?
15:54:52 <buxy> Inform ftpmasters that a project proposal to fix that bug would likely be well received or shall we create a proposal ourselves and inform them so that they can send a bid?
15:55:17 <utkarsh2102> buxy: we ask the ftp team (unfortuantely I'm only a trainee at this point) to take a look at this and throw in their opinion.
15:55:32 <utkarsh2102> yep, that^^
15:56:27 <Beuc> Btw it would be nice to add important topics a bit in advance,
15:56:31 <utkarsh2102> I believe this case is a bit different. Here, we know the project/task at hand, so I'd say we can create a proposal ourselves here.
15:56:36 <Beuc> I checked the agenda this morning so I could prepare for points
15:56:50 * h01ger is a bit uncomfortable as he realized what we'll be doing. i hope not, but teams could also see these offers as interfering their work and using money as a tool. so i'd defintily invite the project as a whole and present our plan/model as a whole
15:57:04 <utkarsh2102> However, this is not going to be the case everytime. So we can ask them to propose what they want to implement and so on..
15:57:09 <Beuc> so it's a bit hard to think on the fly.
15:57:20 <h01ger> Beuc: of course. but sometimes this happens...
15:58:26 <h01ger> buxy: how shall we continue here? official meeting time is over. we could of course do overtime, but...
15:58:30 <buxy> Beuc: agreed, h01ger I do not follow the debian-lts daily (but I do for the private alias) and I was not aware of the meeting until very recently, it would be nice to send a reminder to the private alias a few day before with invitation to add stuff to the agend
15:58:32 <lamby> h01ger: I wonder if we could approach -project with that being an explicit concern of ours. Asking, for example, "we don't want to be or be seen to be using this as a tool, help us not do that?".
15:58:55 <Beuc> h01ger, (re: cc'ing the list, I can do but it requires time to make a blog->mail conversion and I have 0 comments over the blog posts, so...)
15:58:57 <h01ger> the only topics left are 'lts bof at dc20' (which you now know will happen) and 'any other business'
15:59:48 <h01ger> buxy: ack. (another reason why i want a regular schedule)
15:59:58 <h01ger> lamby: sounds like a good plan to me
16:00:16 <utkarsh2102> about BoF at dc20, I suppose we should send a mail if we agree for 15 UTC as the proposed time
16:00:17 <buxy> Beuc: I sought comments by email, if you have comments please share them by mail, it's disturbing to see stuff on your blog and no answer from you on the alias
16:00:31 <h01ger> Beuc: otoh i'm very very unlikely to comment on your (or any) blog
16:01:28 <Beuc> buxy, I thin that was 2 month ago I think, and on the general topic, not on the specific points of the approval workflow
16:02:13 <buxy> right, but you should not be afraid to express your point of view even if the majority doesn't seem to share your point of view
16:02:24 <buxy> that was my feeling when I read your blog post
16:02:56 * h01ger thinks we should wrap this up here and now
16:02:59 <lamby> buxy: FYI, this problem is called the https://en.wikipedia.org/wiki/Abilene_paradox :)
16:03:00 <utkarsh2102> (dissent is important!)
16:03:00 <Beuc> OK, I made regular contributions during the meetings, normally the public-facing blog only recaps what I already shared
16:03:39 <utkarsh2102> lamby: aha, TIL :)
16:03:42 <h01ger> lamby: thanks for the link
16:04:30 <h01ger> #info we want to start project funding soon but are still unclear how. seems to need more discussion
16:04:52 <buxy> Well, I believe I will mail -project as a first step indeed.
16:05:22 <h01ger> great
16:05:27 <h01ger> #topic there will be an debian LTS BoF at the online debconf20. talk to utkarsh2102 for anthing
16:05:44 <h01ger> #topic any other business - skipped due to overtime
16:06:21 <h01ger> #topic next meeting: August 27th 2020, 15 UTC, subscribe to https://wiki.debian.org/LTS/Meetings
16:06:26 <lamby> Thanks all
16:06:32 <h01ger> thank you all!
16:06:40 <bhe[m]> o/
16:06:42 * utkarsh2102 thanks everyone too
16:06:44 <pochu> thanks
16:06:47 <apo> byebye
16:06:57 <utkarsh2102> h01ger: end meet? :)
16:07:25 <h01ger> #endmeeting indeed