#debian-release log

19:03:12 <nthykier> #startmeeting
19:03:12 <MeetBot> Meeting started Wed Feb 22 19:03:12 2017 UTC.  The chair is nthykier. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:03:12 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:03:25 <nthykier> Ok, time for meeting :)
19:04:03 <jmw> this meeting thing is contagious
19:04:40 <nthykier> #topic Transitions
19:05:00 <nthykier> So, to my knowlegde we have two transitions left for stretch
19:05:15 <nthykier> MySQL -> MariaDB which should now be complete
19:05:20 <jmw> it is
19:05:29 <nthykier> #info MySQL -> MariaDB is now complete
19:05:31 <jmw> mysql left stretch some weeks ago
19:05:57 <nthykier> And the other one is OpenSSL 1.1
19:06:24 <nthykier> That is nearly completely, I just want to rebuild wget in testing so we don't get surprises in stable
19:06:35 <jmw> that is good news indeed
19:06:42 <nthykier> #info OpenSSL transition is nearly complete
19:06:58 <jmw> any reason not to rebuilt it in sid and let it migrate?
19:07:14 <nthykier> #action nthykier to ensure wget gets rebuilt against openssl 1.1 in testing
19:07:28 <nthykier> new upstream version in sid and I am not sure it qualifies
19:07:38 <jmw> right
19:08:27 <nthykier> but admittedly it is a possible solution to that - I just wanted to keep it simple and do a t-p-u so KiBi could review and test it in his own time :)
19:08:49 <nthykier> Any thing else for transitions?
19:08:59 <jmw> yum it ships __pycache__ and stuff
19:09:12 <nthykier> (wget?)
19:09:14 <jmw> yeh
19:09:16 <adsb> eww
19:09:25 <ivodd> the diff is horrible
19:09:53 <nthykier> and thus my choice :)
19:10:03 <jmw> and /tmp... I can't even work out how that's possible
19:10:05 <jmw> anyway
19:10:46 <nthykier> #topic Secure Boot
19:10:59 <nthykier> this is a bit less positive
19:11:36 <nthykier> Unless there has been some recent development I have not been aware of, Secure Boot is not really progressing
19:11:52 <Mithrandir> that is blocking on me and/or vorlon jumping through the necessary hoops to get it signed by MS.
19:12:06 <nthykier> That is one of the blockers
19:12:08 <Mithrandir> we jumped through the first set of hoops, then the hooping changed and the new hoops are
19:12:19 <Mithrandir> (let me find the link)
19:12:43 <Mithrandir> https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit
19:13:27 <nthykier> The other blocker is that we have not setup signing yet - to my knowledge, jcristau is waiting for the FTP-masters to confirm the "API" between DSA and FTP-masters
19:16:25 <nthykier> I am not convinced that we are progressing at a rate where I am comfortable to declare this a blocker for stretch
19:17:54 <nthykier> (which may have been "British" for "can-defer")
19:18:16 <jmw> we probably don't need to make a decision on that at this stage
19:18:31 <nthykier> that is true
19:18:54 <jmw> we're realistically not going to be in that position for a month yet - we can probably await the to-dos for now
19:18:57 <nthykier> at the same time, I feel the need to say that I don't think it will make it at this time
19:19:18 <nthykier> at this rate*
19:19:59 <nthykier> jmw: the issue for me is that once the signing on our side (not MS) is done, we still have some outstanding items after that
19:20:08 <jmw> yeh
19:21:04 <jmw> well, there's not much we can do about it right now
19:21:07 <nthykier> true
19:21:23 <nthykier> If there are no questions for Secure Boot then I will move on
19:21:43 <jmw> Mithrandir: do you need anything else from us for getting the shim signed?
19:22:12 <nthykier> The code needs to be rebased on the github repository (currently in bzr)
19:22:19 <nthykier> and then resubmitted as I recall
19:22:28 <nthykier> (rebased as in converted to git)
19:22:55 <jmw> we should have some infos
19:23:05 <nthykier> true
19:23:07 <Mithrandir> we just need to provide a git repo which corresponds to the source package (as per the document).  Anybody can do that, I'll do it if vorlon doesn't, when I get around to it, but I'd be very happy for somebody else to take it and run with it.
19:23:42 <nthykier> #info shim signing need us to convert our packaging repo from bzr to git and resubmit (per https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit)
19:23:46 <jmw> Mithrandir: where are the repos to be found?
19:23:59 <jmw> then they will show up in the minutes and someone might have tuits
19:24:00 <nthykier> Vcs-header of shim, right?
19:24:14 <Mithrandir> AFAIK, yes.
19:24:21 <nthykier> #undo
19:24:21 <MeetBot> Removing item from minutes: <MeetBot.items.Info object at 0x20a6110>
19:24:40 <jmw> https://github.com/rhinstaller/shim is one
19:24:49 <nthykier> #info shim signing need us to convert our packaging repo from bzr to git and resubmit (per https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit)
19:25:00 <nthykier> #info From lp:~ubuntu-core-dev/shim/trunk to https://github.com/rhinstaller/shim
19:25:09 <jmw> https://code.launchpad.net/~ubuntu-core-dev/shim/trunk
19:25:24 <jmw> (for people like me who'll forget in five minutes time)
19:25:42 <jmw> ok I'm done being awkward now :)
19:26:09 <nthykier> #info We are missing signing support for the bootloader, kernel modules (etc.) on ftp-master.d.o (even manual signing).  Waiting for feedback from FTP-masters
19:26:17 <nthykier> I think that should cover it
19:26:33 <jmw> yes
19:26:34 <jmw> next
19:26:41 <nthykier> #topic PIE rebuilt or not
19:26:57 <nthykier> We enabled PIE by default but have a number of packages that did not get rebuilt
19:27:13 <nthykier> There was a proposal to rebuild them before the stretch release
19:27:50 <jmw> what's the number?
19:28:45 <nthykier> 3404 source packages (where it actually caused the package to get PIE enabled plus 81 that did not fix it - at least not fully)
19:29:28 <nthykier> For me, the concern is that if we do not do it now, we may do it post-release (e.g. in via pu or security upload)
19:29:32 <jmw> that's quite a lot
19:29:40 <nthykier> indeed
19:30:11 <nthykier> jcristau was on the other hand concerned about the churn + risk + work not outweighing the benefits of doing the rebuild
19:30:45 <jmw> we could be weeks rebuilding that many, especially on slower buildds
19:32:04 <nthykier> should we look at selecting a subset or just drop it completly then?
19:32:32 <ansgar> Rebuild only on some architectures?
19:32:47 <nthykier> (ftr, https://lintian.debian.org/tags/hardening-no-pie.html has list of /binary/ packages affected by this)
19:32:51 <jmw> nthykier: arches or packages?
19:32:56 <nthykier> packages
19:33:20 <nthykier> only doing some architectures would break Multi-Arch: same and make people sad
19:33:27 <jmw> ah yes
19:33:28 <nthykier> (unless we exclude those)
19:33:44 <jrtc27> and also the slow (less popular) architectures are probably more likely to have issues?
19:33:56 <jmw> we could do required+standard, and not optional+extra, but the benefit is getting slimmer and slimmer then
19:34:10 <nthykier> but if we have issues, I prefer fixing them now rather than leaving it to the SRMs to clean it up
19:34:29 <ivodd> we could start with a subset and see how well that goes
19:35:32 <jmw> nthykier: do you have rapid l33t sk1llz to get a quick idea of how many are in each section?
19:35:54 <nthykier> jmw: unfortunately no
19:36:18 <nthykier> (key packages may also be another selection criteria)
19:36:46 <jmw> in some ways I'd rather start with leaf packages, but again risk/benefit
19:36:52 <nthykier> or that
19:37:05 <nthykier> Any takers for selecting a subset to pilot this ?
19:37:26 <nthykier> Remember, do'ers decide! ;)
19:38:02 <ivodd> I'm happy to start with a subset (if you point me at the list again)
19:38:02 <nthykier> #info At least 3404 source packages would enable PIE after a no-change rebuild
19:38:34 <nthykier> #action ivodd to select a subset to build
19:38:36 <jmw> identifying a subset with a good risk/reward balance is probably the first thing
19:38:52 <nthykier> #undo
19:38:52 <MeetBot> Removing item from minutes: <MeetBot.items.Action object at 0x20349d0>
19:39:08 <nthykier> #action ivodd to select a subset to build with a good risk/reward balance
19:39:14 <nthykier> there, fancy wording included! :)
19:39:17 <jmw> ha
19:39:17 <ivodd> :)
19:39:24 <jmw> ok it's a plan
19:40:00 <nthykier> ivodd: https://people.debian.org/~rbalint/pie-mass-rebuild/sources-rebuild-works.txt
19:40:20 <jmw> https://people.debian.org/~rbalint/pie-mass-rebuild/sources-rebuild-works.txt is the master list
19:40:28 <jmw> (for the minutes' benefit)
19:40:53 <nthykier> :)
19:41:18 <nthykier> #topic RC bug fixing
19:41:28 <nthykier> The rate has declined!
19:41:41 <jmw> you shock me :p
19:41:57 <jmw> it is 214 as of 18:00 though, which is actually good progress
19:42:29 <nthykier> The last few days, key packages have been stuck at ~100 RC bugs and the number of bugs fixed in unstable has dropped to ~30 (from 50-60)
19:43:53 <jmw> I make key packages 85, according to udd
19:44:00 <nthykier> While it could be that we are filing bugs as fast as we are fixing them, I suspect that we have weeded out most of the "easy" RC bugs in the key packages
19:44:07 <nthykier> jmw: https://udd.debian.org/bugs/?release=stretch_and_sid&merged=ign&keypackages=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&crttags=1&sortby=id&sorto=asc&format=html#results ?
19:44:26 <nthykier> (the default view ignores stuff with patches)
19:44:38 <jmw> ah patches right
19:45:01 <nthykier> well, tagged patch - which may or may not be useful
19:45:13 <jmw> true
19:45:20 <anarcat> if i may - couldn't it be also that autoremoval cleaned up a lot of packages as well? or that doesn't matter because autoremoval was already in place before the freeze?
19:45:34 <nthykier> anarcat: Only looking at key packages atm
19:45:57 <jmw> I propose we stretch-ignore bugs like #704303
19:46:19 <jmw> on the basis it will be fixed in the next policy release
19:46:30 <nthykier> Of these 101 RC bug only one is currently tagged will-remove; nothing got any other "releasy" tags (can-defer/ignore, or is-blocker)
19:46:40 <nthykier> fine with me
19:46:54 <jmw> please info
19:47:08 <nthykier> jmw: which one of them?
19:47:22 <jmw> that we will stretch-ignore missing mpl text
19:47:39 <nthykier> #action jmw will -ignore #704303
19:47:41 <nthykier> :P
19:48:11 <nthykier> #undo
19:48:11 <MeetBot> Removing item from minutes: <MeetBot.items.Action object at 0x2075790>
19:48:32 <jmw> hm seems to be the only one actually
19:48:39 <nthykier> #agreed We will ignore #704303 on the basis of it being fixed in the next release
19:49:30 <jrtc27> returning to PIE, I believe http://paste.debian.net/916265/ is a summary of all the binary packages on amd64
19:49:34 <jrtc27> which is 2813 out of the 3324 in the file
19:50:00 <jmw> nthykier: much else about bugs, or lets talk unblocks?
19:50:24 <nthykier> #info The RC bug list for key packaes could use a review and get proposals for "will-remove", "is-blocker" or "can-defer" tags
19:50:29 <nthykier> jmw: nope that was it
19:50:41 <nthykier> #topic Unblocks
19:51:06 <nthykier> First of, we are much better off than we were during jessie! \o/
19:51:37 <nthykier> jmw: want to take this? :)
19:51:50 <jmw> I have specific queries on some of them, so sure
19:52:04 <nthykier> (jrtc27: Thanks - please follow up with ivodd after the meeting)
19:52:13 <jmw> shotwell: dear mr release manager, how much do you care about epoch vs. really, and am I being too obstinate about it?
19:52:39 <jmw> tl;dr: I don't mind +really-blah versions temporarily, but not in a release because they are a lie
19:52:59 <jmw> and there is maintainer resistance to an epoch
19:53:08 <nthykier> ugh
19:53:13 <jmw> quite
19:53:55 <jmw> on the basis that we hope not to have to touch it in stable, the proposed version string will be 0.25.4+really0.24.5-0.1 for the next five years
19:54:14 <nthykier> that is sad
19:54:23 <jmw> I don't mind climbing down, but I don't know how strongly anyone else feels about it
19:54:31 <nthykier> but on the flip side, we already got packages with "really" in testing
19:54:36 <jmw> it's true
19:55:13 <jmw> (we could fix that too, but that's a different discusion)
19:55:56 <ivodd> jmw: you could do an nmu with an epoch, and that would be the end of the argument
19:56:04 <nthykier> I don't feel we can mandate it if we don't enforce it all the way through (which would just start a "different" discussion)
19:56:10 <nthykier> ivodd: be nice! :P
19:56:14 <jmw> ivodd: not sure that will make me any more popular :p
19:56:29 <ivodd> jmw: that wasn't your question...
19:56:37 <ivodd> nthykier: I'll try
19:56:55 <nthykier> ivodd: as in, convince the maintainer or do the nmu?
19:57:12 <jmw> ok, maybe the right thing to do here is follow up to the bug with everything on the table, and see how they want to play it. I'll accept the +really if there's still resistance
19:57:14 <adsb> I assumed "be nice"
19:57:23 <nthykier> adsb: ah, thanks
19:57:29 <jmw> I wouldn't bet on it :D
19:57:31 <adsb> but icbw :)
19:57:58 <ivodd> I'll try to be nice :)
19:58:01 <jmw> right, next: d and friends (#855229)
19:58:17 <jmw> hm I thought there was another one to go with that
19:58:45 <jmw> ah dustmite, but someone has already fixed that while I wasn't looking
19:59:36 <nthykier> ok - any thing in particular?
19:59:51 <jmw> no, I think that answers that actually
19:59:58 <jmw> lack of preparation error, sorry
20:00:08 <nthykier> :)
20:00:16 <jmw> the diff is still pretty big, but better than I recalled
20:01:15 <jmw> asterisk
20:01:27 <jmw> that is a fun new-upstream-vs-backports one
20:02:24 <jmw> I am inclined towards taking the upstream for improved maintenance for that one, if there are no objections
20:02:55 <ivodd> jmw: ok, go ahead
20:02:59 <nthykier> jmw: sounds good to me
20:03:48 <jmw> and then there is btrfs-progs, which breaks all the no-exceptions precedents in one fell swoop :(
20:04:07 <jmw> how bad is it if it doesn't match the kernel implementation?
20:04:07 <nthykier> yeah
20:04:22 <jmw> (possibly a question for the maintainer)
20:04:37 <nthykier> That would be a decent question for the maintainer
20:04:50 <ivodd> I guess the old version should work with a new kernel
20:04:52 <jmw> ok
20:05:04 <ivodd> so there should be a good reason before we can consider the new version
20:05:18 <jmw> those are all my question marks, everything else just needs eyes
20:06:46 <nthykier> Ok
20:07:28 <nthykier> jmw: I assume you are following up on these bugs?
20:07:34 <jmw> I will do later, y es
20:07:39 <nthykier> great thanks :)
20:08:03 <nthykier> Any suggestions on #855137 ?
20:08:25 <nthykier> I am stuck between punting for buster and granting the exception to deal with it
20:09:13 <ivodd> nthykier: if the new package fixes it, I'd accept it
20:09:50 <nthykier> ok, thanks
20:10:27 <jmw> it sounds straightforward to go with that, yes
20:10:31 <nthykier> If there are no other unblock requests to be brought up, I guess I will move to "closing"
20:10:42 <nthykier> (AOB, next meeting etc)
20:10:55 <nthykier> #topic AOB
20:10:58 <nthykier> Any ?
20:11:00 <ivodd> sprint?
20:12:06 <jmw> sorry to drop the ball on the spain sprint; if it's still on the cards, I'm still up for it
20:12:18 <nthykier> I think it feel apart - we only had 3 people who could commit to an answer to the poll back in January and progress died there
20:12:28 <jmw> yeh
20:12:55 <nthykier> if any one is interested in reviving it, I am interested
20:13:13 <nthykier> (although, "this weekend" will be too short notice for me)
20:13:23 <jmw> tonight!
20:13:24 <ivodd> nthykier: there is a bsp in berlin, we could all go there :)
20:13:26 * jmw ducks
20:13:32 <nthykier> ivodd: when is that again?
20:13:37 <ivodd> nthykier: this weekend
20:13:49 <nthykier> ...
20:13:54 <ivodd> on a more serious note: there are a few bsps planned later
20:13:56 <ivodd> and suncamp
20:14:06 <jmw> suncamp is a long way out
20:14:12 <jmw> may I think
20:14:15 <ivodd> jmw: yes
20:14:44 <nthykier> would have loved to, but I can't attend the 17th-19th of March either
20:15:10 <jmw> I need to go soon, anything else first?
20:15:43 <nthykier> Don't think so
20:15:46 <nthykier> moving on
20:15:50 <nthykier> #topic Next meeting
20:16:46 <jcristau> nthykier: re: rebuild if you do it post release you control which packages and what pace, so you can do targetted testing.  a mass rebuild doesn't allow that.
20:17:16 <nthykier> #info Next meeting is 22nd of March at 19:00 UTC (import into your calendar via https://release.debian.org/release-calendar.ics)
20:18:00 <nthykier> #endmeeting