19:13:11 <nthykier> #startmeeting
19:13:11 <MeetBot> Meeting started Wed Jan 25 19:13:11 2017 UTC.  The chair is nthykier. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:13:11 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:15:30 <nthykier> okay - seems like there are not a lot of people around, so perhaps we can keep it short
19:16:17 <nthykier> #topic State of secure boot
19:16:44 <nthykier> I have spent the last 30 minutes probing the status of secure boot
19:17:26 <nthykier> The number of blockers of #820036 are basically unchanged since last time
19:19:18 <nthykier> koike is working on an update for the dak patches, but this is probably a not a true blocker as the FTP masters can manually do the signing in the interrim
19:20:16 <nthykier> jcristau has said he would be looking at granting the FTP masters the necessary permissions to perform the manual signing during the BSP this weekend
19:21:02 <nthykier> #action jcristau to grant ftp-masters permissions to perform the signing (during the BSP)
19:21:49 <nthykier> Mithrandir reported the 19/1 that Microsoft had got back to him with some follow up questions, which he answered.  No news since that
19:22:09 <nthykier> That is all I have for secure boot for now
19:23:39 <nthykier> #topic Openssl transition
19:23:52 <nthykier> The openssl transition is unfortunately still not finished
19:24:14 <nthykier> by the looks of it, we got about 70 packages remaining to deal with (hopefully most of them will be binNMUs)
19:24:18 <jcristau> oh, there's a meeting?
19:24:23 <nthykier> :)
19:25:22 <jcristau> the openssl stuff looks very messy to me and looks like it'll be a pain for stretch users
19:25:39 <jcristau> if half the -dev packages in the archive is not co-installable with the other half
19:25:44 <nthykier> Sebastian sent me a list of 10 packages along with instructions for them (mostly binNMUs) and I got some rdeps of net-snmp to file bugs for
19:25:49 <nthykier> jcristau: that is true
19:26:03 <jcristau> my opinion is we should go back to just 1.0.2
19:26:12 <jcristau> i realize that is contentious
19:26:18 <jcristau> </>
19:27:05 <jmw> istr getting to this stage in november, but being talked out of it
19:27:36 <jcristau> well
19:27:49 <jcristau> no, i said </>. scratch that.
19:28:01 <nthykier> indeed - we proposed that in November with the security team being unhappy with that idea
19:28:26 <jcristau> the security team isn't who owns the release
19:28:27 <jcristau> if it
19:29:04 <jcristau> if we think this isn't working, we're the ones owning this
19:33:33 * nthykier has flacky internet
19:33:36 <nthykier> #char jmw
19:33:39 <nthykier> #char jcristau
19:33:42 <nthykier> #chair jcristau
19:33:42 <MeetBot> Current chairs: jcristau nthykier
19:33:44 <nthykier> #chair jmw
19:33:44 <MeetBot> Current chairs: jcristau jmw nthykier
19:33:51 <nthykier> (just in case it dies completely)
19:34:18 <nthykier> jcristau: true
19:35:37 <jcristau> (and fwiw i'm perfectly ok if you disagree, we'll roll with it, just thought i'd give my pov)
19:36:14 <nthykier> jcristau: I don't disagree - I am just unhappy with the prospect of having to undo the changes (notably I fear some packages are now ssl1.1 only have to undo their changes)
19:36:43 <jcristau> yeah, i'm starting from the assumption there won't be many of those
19:36:47 <nthykier> that would have been a lot easier if we had done it way earlier
19:36:48 <jcristau> that may be overoptimistic
19:37:16 <nthykier> That may have been a re-occuring theme of this transition :)
19:37:46 <aurel32> nthykier: you can schedule the binNMUs for mips64el, everything should be back to normal - or at least similar to other architectures
19:37:59 <helmut> .oO(having curl use openssl1.0 makes the security argument rather strange)
19:38:08 * KiBi waves
19:38:22 <jcristau> judging from Sources, cfengine3, libapache2-mod-auth-openid, libopkele
19:38:33 <jmw> #unchair jmw
19:38:33 <MeetBot> Current chairs: jcristau nthykier
19:38:33 <jcristau> have 'libssl (>= 1.1' in build-depends
19:38:36 <jmw> (dinner)
19:38:53 <jcristau> in sid
19:41:10 <nthykier> ok
19:41:14 <nthykier> that is not a lot
19:41:40 <bunk> libopkele might need fix-openssl-1.1.0.diff removed, which would also allow libapache2-mod-auth-openid to go back to 1.0.2
19:41:57 <jcristau> (it's possible some packages depend on 1.1, but implicitly)
19:42:26 <bunk> cfengine3 also just needs 0011_build_with_openssl_1.1.patch removed
19:43:21 <jcristau> bunk: i don't doubt they're easy changes, it's just that any source change is going to be orders of magnitude more work than just binNMU the world :)
19:43:51 <jcristau> i *think* it's still a better course than unentangling the current mix, but i might be wrong
19:43:58 <bunk> jcristau: likely less source changes than what is still ahead for dual 1.0.2/1.1 ...
19:45:08 <nthykier> jcristau: can I convince you to bring up the prospect of reverting?
19:46:08 <nthykier> I admit I am mixing on this proposal and possibly a bit biased on continuing (most likely for the wrong reasons)
19:46:47 <jcristau> if it can be saturday, yes
19:46:54 <nthykier> fine with me
19:47:11 * h01ger waves
19:47:16 <nthykier> #action jcristau will bring up reverting the ssl transition to 1.0.2
19:47:46 <nthykier> Thanks
19:48:04 <nthykier> Any last remarks to the openssl transition?
19:48:09 <jcristau> now, dinner
19:48:48 <nthykier> ok
19:49:04 <nthykier> Guess that marks the end up it then :)
19:49:13 <nthykier> #topic Next meeting
19:49:43 <nthykier> #info Next meeting is scheduled for 2017-02-22, 19:00 UTC
19:50:29 <nthykier> #info Consider importing https://release.debian.org/release-calendar.ics so it appears in your calendar :)
19:50:33 <nthykier> #endmeeting