19:13:11 <nthykier> #startmeeting 19:13:11 <MeetBot> Meeting started Wed Jan 25 19:13:11 2017 UTC. The chair is nthykier. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:13:11 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:15:30 <nthykier> okay - seems like there are not a lot of people around, so perhaps we can keep it short 19:16:17 <nthykier> #topic State of secure boot 19:16:44 <nthykier> I have spent the last 30 minutes probing the status of secure boot 19:17:26 <nthykier> The number of blockers of #820036 are basically unchanged since last time 19:19:18 <nthykier> koike is working on an update for the dak patches, but this is probably a not a true blocker as the FTP masters can manually do the signing in the interrim 19:20:16 <nthykier> jcristau has said he would be looking at granting the FTP masters the necessary permissions to perform the manual signing during the BSP this weekend 19:21:02 <nthykier> #action jcristau to grant ftp-masters permissions to perform the signing (during the BSP) 19:21:49 <nthykier> Mithrandir reported the 19/1 that Microsoft had got back to him with some follow up questions, which he answered. No news since that 19:22:09 <nthykier> That is all I have for secure boot for now 19:23:39 <nthykier> #topic Openssl transition 19:23:52 <nthykier> The openssl transition is unfortunately still not finished 19:24:14 <nthykier> by the looks of it, we got about 70 packages remaining to deal with (hopefully most of them will be binNMUs) 19:24:18 <jcristau> oh, there's a meeting? 19:24:23 <nthykier> :) 19:25:22 <jcristau> the openssl stuff looks very messy to me and looks like it'll be a pain for stretch users 19:25:39 <jcristau> if half the -dev packages in the archive is not co-installable with the other half 19:25:44 <nthykier> Sebastian sent me a list of 10 packages along with instructions for them (mostly binNMUs) and I got some rdeps of net-snmp to file bugs for 19:25:49 <nthykier> jcristau: that is true 19:26:03 <jcristau> my opinion is we should go back to just 1.0.2 19:26:12 <jcristau> i realize that is contentious 19:26:18 <jcristau> </> 19:27:05 <jmw> istr getting to this stage in november, but being talked out of it 19:27:36 <jcristau> well 19:27:49 <jcristau> no, i said </>. scratch that. 19:28:01 <nthykier> indeed - we proposed that in November with the security team being unhappy with that idea 19:28:26 <jcristau> the security team isn't who owns the release 19:28:27 <jcristau> if it 19:29:04 <jcristau> if we think this isn't working, we're the ones owning this 19:33:33 * nthykier has flacky internet 19:33:36 <nthykier> #char jmw 19:33:39 <nthykier> #char jcristau 19:33:42 <nthykier> #chair jcristau 19:33:42 <MeetBot> Current chairs: jcristau nthykier 19:33:44 <nthykier> #chair jmw 19:33:44 <MeetBot> Current chairs: jcristau jmw nthykier 19:33:51 <nthykier> (just in case it dies completely) 19:34:18 <nthykier> jcristau: true 19:35:37 <jcristau> (and fwiw i'm perfectly ok if you disagree, we'll roll with it, just thought i'd give my pov) 19:36:14 <nthykier> jcristau: I don't disagree - I am just unhappy with the prospect of having to undo the changes (notably I fear some packages are now ssl1.1 only have to undo their changes) 19:36:43 <jcristau> yeah, i'm starting from the assumption there won't be many of those 19:36:47 <nthykier> that would have been a lot easier if we had done it way earlier 19:36:48 <jcristau> that may be overoptimistic 19:37:16 <nthykier> That may have been a re-occuring theme of this transition :) 19:37:46 <aurel32> nthykier: you can schedule the binNMUs for mips64el, everything should be back to normal - or at least similar to other architectures 19:37:59 <helmut> .oO(having curl use openssl1.0 makes the security argument rather strange) 19:38:08 * KiBi waves 19:38:22 <jcristau> judging from Sources, cfengine3, libapache2-mod-auth-openid, libopkele 19:38:33 <jmw> #unchair jmw 19:38:33 <MeetBot> Current chairs: jcristau nthykier 19:38:33 <jcristau> have 'libssl (>= 1.1' in build-depends 19:38:36 <jmw> (dinner) 19:38:53 <jcristau> in sid 19:41:10 <nthykier> ok 19:41:14 <nthykier> that is not a lot 19:41:40 <bunk> libopkele might need fix-openssl-1.1.0.diff removed, which would also allow libapache2-mod-auth-openid to go back to 1.0.2 19:41:57 <jcristau> (it's possible some packages depend on 1.1, but implicitly) 19:42:26 <bunk> cfengine3 also just needs 0011_build_with_openssl_1.1.patch removed 19:43:21 <jcristau> bunk: i don't doubt they're easy changes, it's just that any source change is going to be orders of magnitude more work than just binNMU the world :) 19:43:51 <jcristau> i *think* it's still a better course than unentangling the current mix, but i might be wrong 19:43:58 <bunk> jcristau: likely less source changes than what is still ahead for dual 1.0.2/1.1 ... 19:45:08 <nthykier> jcristau: can I convince you to bring up the prospect of reverting? 19:46:08 <nthykier> I admit I am mixing on this proposal and possibly a bit biased on continuing (most likely for the wrong reasons) 19:46:47 <jcristau> if it can be saturday, yes 19:46:54 <nthykier> fine with me 19:47:11 * h01ger waves 19:47:16 <nthykier> #action jcristau will bring up reverting the ssl transition to 1.0.2 19:47:46 <nthykier> Thanks 19:48:04 <nthykier> Any last remarks to the openssl transition? 19:48:09 <jcristau> now, dinner 19:48:48 <nthykier> ok 19:49:04 <nthykier> Guess that marks the end up it then :) 19:49:13 <nthykier> #topic Next meeting 19:49:43 <nthykier> #info Next meeting is scheduled for 2017-02-22, 19:00 UTC 19:50:29 <nthykier> #info Consider importing https://release.debian.org/release-calendar.ics so it appears in your calendar :) 19:50:33 <nthykier> #endmeeting