19:03:12 #startmeeting 19:03:12 Meeting started Wed Feb 22 19:03:12 2017 UTC. The chair is nthykier. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:03:12 Useful Commands: #action #agreed #help #info #idea #link #topic. 19:03:25 Ok, time for meeting :) 19:04:03 this meeting thing is contagious 19:04:40 #topic Transitions 19:05:00 So, to my knowlegde we have two transitions left for stretch 19:05:15 MySQL -> MariaDB which should now be complete 19:05:20 it is 19:05:29 #info MySQL -> MariaDB is now complete 19:05:31 mysql left stretch some weeks ago 19:05:57 And the other one is OpenSSL 1.1 19:06:24 That is nearly completely, I just want to rebuild wget in testing so we don't get surprises in stable 19:06:35 that is good news indeed 19:06:42 #info OpenSSL transition is nearly complete 19:06:58 any reason not to rebuilt it in sid and let it migrate? 19:07:14 #action nthykier to ensure wget gets rebuilt against openssl 1.1 in testing 19:07:28 new upstream version in sid and I am not sure it qualifies 19:07:38 right 19:08:27 but admittedly it is a possible solution to that - I just wanted to keep it simple and do a t-p-u so KiBi could review and test it in his own time :) 19:08:49 Any thing else for transitions? 19:08:59 yum it ships __pycache__ and stuff 19:09:12 (wget?) 19:09:14 yeh 19:09:16 eww 19:09:25 the diff is horrible 19:09:53 and thus my choice :) 19:10:03 and /tmp... I can't even work out how that's possible 19:10:05 anyway 19:10:46 #topic Secure Boot 19:10:59 this is a bit less positive 19:11:36 Unless there has been some recent development I have not been aware of, Secure Boot is not really progressing 19:11:52 that is blocking on me and/or vorlon jumping through the necessary hoops to get it signed by MS. 19:12:06 That is one of the blockers 19:12:08 we jumped through the first set of hoops, then the hooping changed and the new hoops are 19:12:19 (let me find the link) 19:12:43 https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit 19:13:27 The other blocker is that we have not setup signing yet - to my knowledge, jcristau is waiting for the FTP-masters to confirm the "API" between DSA and FTP-masters 19:16:25 I am not convinced that we are progressing at a rate where I am comfortable to declare this a blocker for stretch 19:17:54 (which may have been "British" for "can-defer") 19:18:16 we probably don't need to make a decision on that at this stage 19:18:31 that is true 19:18:54 we're realistically not going to be in that position for a month yet - we can probably await the to-dos for now 19:18:57 at the same time, I feel the need to say that I don't think it will make it at this time 19:19:18 at this rate* 19:19:59 jmw: the issue for me is that once the signing on our side (not MS) is done, we still have some outstanding items after that 19:20:08 yeh 19:21:04 well, there's not much we can do about it right now 19:21:07 true 19:21:23 If there are no questions for Secure Boot then I will move on 19:21:43 Mithrandir: do you need anything else from us for getting the shim signed? 19:22:12 The code needs to be rebased on the github repository (currently in bzr) 19:22:19 and then resubmitted as I recall 19:22:28 (rebased as in converted to git) 19:22:55 we should have some infos 19:23:05 true 19:23:07 we just need to provide a git repo which corresponds to the source package (as per the document). Anybody can do that, I'll do it if vorlon doesn't, when I get around to it, but I'd be very happy for somebody else to take it and run with it. 19:23:42 #info shim signing need us to convert our packaging repo from bzr to git and resubmit (per https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit) 19:23:46 Mithrandir: where are the repos to be found? 19:23:59 then they will show up in the minutes and someone might have tuits 19:24:00 Vcs-header of shim, right? 19:24:14 AFAIK, yes. 19:24:21 #undo 19:24:21 Removing item from minutes: 19:24:40 https://github.com/rhinstaller/shim is one 19:24:49 #info shim signing need us to convert our packaging repo from bzr to git and resubmit (per https://docs.google.com/document/d/1gHFkhMmn6VVvVQim5YcjJ8uc3xf1JHQnA9f8KSE6qqY/edit) 19:25:00 #info From lp:~ubuntu-core-dev/shim/trunk to https://github.com/rhinstaller/shim 19:25:09 https://code.launchpad.net/~ubuntu-core-dev/shim/trunk 19:25:24 (for people like me who'll forget in five minutes time) 19:25:42 ok I'm done being awkward now :) 19:26:09 #info We are missing signing support for the bootloader, kernel modules (etc.) on ftp-master.d.o (even manual signing). Waiting for feedback from FTP-masters 19:26:17 I think that should cover it 19:26:33 yes 19:26:34 next 19:26:41 #topic PIE rebuilt or not 19:26:57 We enabled PIE by default but have a number of packages that did not get rebuilt 19:27:13 There was a proposal to rebuild them before the stretch release 19:27:50 what's the number? 19:28:45 3404 source packages (where it actually caused the package to get PIE enabled plus 81 that did not fix it - at least not fully) 19:29:28 For me, the concern is that if we do not do it now, we may do it post-release (e.g. in via pu or security upload) 19:29:32 that's quite a lot 19:29:40 indeed 19:30:11 jcristau was on the other hand concerned about the churn + risk + work not outweighing the benefits of doing the rebuild 19:30:45 we could be weeks rebuilding that many, especially on slower buildds 19:32:04 should we look at selecting a subset or just drop it completly then? 19:32:32 Rebuild only on some architectures? 19:32:47 (ftr, https://lintian.debian.org/tags/hardening-no-pie.html has list of /binary/ packages affected by this) 19:32:51 nthykier: arches or packages? 19:32:56 packages 19:33:20 only doing some architectures would break Multi-Arch: same and make people sad 19:33:27 ah yes 19:33:28 (unless we exclude those) 19:33:44 and also the slow (less popular) architectures are probably more likely to have issues? 19:33:56 we could do required+standard, and not optional+extra, but the benefit is getting slimmer and slimmer then 19:34:10 but if we have issues, I prefer fixing them now rather than leaving it to the SRMs to clean it up 19:34:29 we could start with a subset and see how well that goes 19:35:32 nthykier: do you have rapid l33t sk1llz to get a quick idea of how many are in each section? 19:35:54 jmw: unfortunately no 19:36:18 (key packages may also be another selection criteria) 19:36:46 in some ways I'd rather start with leaf packages, but again risk/benefit 19:36:52 or that 19:37:05 Any takers for selecting a subset to pilot this ? 19:37:26 Remember, do'ers decide! ;) 19:38:02 I'm happy to start with a subset (if you point me at the list again) 19:38:02 #info At least 3404 source packages would enable PIE after a no-change rebuild 19:38:34 #action ivodd to select a subset to build 19:38:36 identifying a subset with a good risk/reward balance is probably the first thing 19:38:52 #undo 19:38:52 Removing item from minutes: 19:39:08 #action ivodd to select a subset to build with a good risk/reward balance 19:39:14 there, fancy wording included! :) 19:39:17 ha 19:39:17 :) 19:39:24 ok it's a plan 19:40:00 ivodd: https://people.debian.org/~rbalint/pie-mass-rebuild/sources-rebuild-works.txt 19:40:20 https://people.debian.org/~rbalint/pie-mass-rebuild/sources-rebuild-works.txt is the master list 19:40:28 (for the minutes' benefit) 19:40:53 :) 19:41:18 #topic RC bug fixing 19:41:28 The rate has declined! 19:41:41 you shock me :p 19:41:57 it is 214 as of 18:00 though, which is actually good progress 19:42:29 The last few days, key packages have been stuck at ~100 RC bugs and the number of bugs fixed in unstable has dropped to ~30 (from 50-60) 19:43:53 I make key packages 85, according to udd 19:44:00 While it could be that we are filing bugs as fast as we are fixing them, I suspect that we have weeded out most of the "easy" RC bugs in the key packages 19:44:07 jmw: https://udd.debian.org/bugs/?release=stretch_and_sid&merged=ign&keypackages=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&crttags=1&sortby=id&sorto=asc&format=html#results ? 19:44:26 (the default view ignores stuff with patches) 19:44:38 ah patches right 19:45:01 well, tagged patch - which may or may not be useful 19:45:13 true 19:45:20 if i may - couldn't it be also that autoremoval cleaned up a lot of packages as well? or that doesn't matter because autoremoval was already in place before the freeze? 19:45:34 anarcat: Only looking at key packages atm 19:45:57 I propose we stretch-ignore bugs like #704303 19:46:19 on the basis it will be fixed in the next policy release 19:46:30 Of these 101 RC bug only one is currently tagged will-remove; nothing got any other "releasy" tags (can-defer/ignore, or is-blocker) 19:46:40 fine with me 19:46:54 please info 19:47:08 jmw: which one of them? 19:47:22 that we will stretch-ignore missing mpl text 19:47:39 #action jmw will -ignore #704303 19:47:41 :P 19:48:11 #undo 19:48:11 Removing item from minutes: 19:48:32 hm seems to be the only one actually 19:48:39 #agreed We will ignore #704303 on the basis of it being fixed in the next release 19:49:30 returning to PIE, I believe http://paste.debian.net/916265/ is a summary of all the binary packages on amd64 19:49:34 which is 2813 out of the 3324 in the file 19:50:00 nthykier: much else about bugs, or lets talk unblocks? 19:50:24 #info The RC bug list for key packaes could use a review and get proposals for "will-remove", "is-blocker" or "can-defer" tags 19:50:29 jmw: nope that was it 19:50:41 #topic Unblocks 19:51:06 First of, we are much better off than we were during jessie! \o/ 19:51:37 jmw: want to take this? :) 19:51:50 I have specific queries on some of them, so sure 19:52:04 (jrtc27: Thanks - please follow up with ivodd after the meeting) 19:52:13 shotwell: dear mr release manager, how much do you care about epoch vs. really, and am I being too obstinate about it? 19:52:39 tl;dr: I don't mind +really-blah versions temporarily, but not in a release because they are a lie 19:52:59 and there is maintainer resistance to an epoch 19:53:08 ugh 19:53:13 quite 19:53:55 on the basis that we hope not to have to touch it in stable, the proposed version string will be 0.25.4+really0.24.5-0.1 for the next five years 19:54:14 that is sad 19:54:23 I don't mind climbing down, but I don't know how strongly anyone else feels about it 19:54:31 but on the flip side, we already got packages with "really" in testing 19:54:36 it's true 19:55:13 (we could fix that too, but that's a different discusion) 19:55:56 jmw: you could do an nmu with an epoch, and that would be the end of the argument 19:56:04 I don't feel we can mandate it if we don't enforce it all the way through (which would just start a "different" discussion) 19:56:10 ivodd: be nice! :P 19:56:14 ivodd: not sure that will make me any more popular :p 19:56:29 jmw: that wasn't your question... 19:56:37 nthykier: I'll try 19:56:55 ivodd: as in, convince the maintainer or do the nmu? 19:57:12 ok, maybe the right thing to do here is follow up to the bug with everything on the table, and see how they want to play it. I'll accept the +really if there's still resistance 19:57:14 I assumed "be nice" 19:57:23 adsb: ah, thanks 19:57:29 I wouldn't bet on it :D 19:57:31 but icbw :) 19:57:58 I'll try to be nice :) 19:58:01 right, next: d and friends (#855229) 19:58:17 hm I thought there was another one to go with that 19:58:45 ah dustmite, but someone has already fixed that while I wasn't looking 19:59:36 ok - any thing in particular? 19:59:51 no, I think that answers that actually 19:59:58 lack of preparation error, sorry 20:00:08 :) 20:00:16 the diff is still pretty big, but better than I recalled 20:01:15 asterisk 20:01:27 that is a fun new-upstream-vs-backports one 20:02:24 I am inclined towards taking the upstream for improved maintenance for that one, if there are no objections 20:02:55 jmw: ok, go ahead 20:02:59 jmw: sounds good to me 20:03:48 and then there is btrfs-progs, which breaks all the no-exceptions precedents in one fell swoop :( 20:04:07 how bad is it if it doesn't match the kernel implementation? 20:04:07 yeah 20:04:22 (possibly a question for the maintainer) 20:04:37 That would be a decent question for the maintainer 20:04:50 I guess the old version should work with a new kernel 20:04:52 ok 20:05:04 so there should be a good reason before we can consider the new version 20:05:18 those are all my question marks, everything else just needs eyes 20:06:46 Ok 20:07:28 jmw: I assume you are following up on these bugs? 20:07:34 I will do later, y es 20:07:39 great thanks :) 20:08:03 Any suggestions on #855137 ? 20:08:25 I am stuck between punting for buster and granting the exception to deal with it 20:09:13 nthykier: if the new package fixes it, I'd accept it 20:09:50 ok, thanks 20:10:27 it sounds straightforward to go with that, yes 20:10:31 If there are no other unblock requests to be brought up, I guess I will move to "closing" 20:10:42 (AOB, next meeting etc) 20:10:55 #topic AOB 20:10:58 Any ? 20:11:00 sprint? 20:12:06 sorry to drop the ball on the spain sprint; if it's still on the cards, I'm still up for it 20:12:18 I think it feel apart - we only had 3 people who could commit to an answer to the poll back in January and progress died there 20:12:28 yeh 20:12:55 if any one is interested in reviving it, I am interested 20:13:13 (although, "this weekend" will be too short notice for me) 20:13:23 tonight! 20:13:24 nthykier: there is a bsp in berlin, we could all go there :) 20:13:26 * jmw ducks 20:13:32 ivodd: when is that again? 20:13:37 nthykier: this weekend 20:13:49 ... 20:13:54 on a more serious note: there are a few bsps planned later 20:13:56 and suncamp 20:14:06 suncamp is a long way out 20:14:12 may I think 20:14:15 jmw: yes 20:14:44 would have loved to, but I can't attend the 17th-19th of March either 20:15:10 I need to go soon, anything else first? 20:15:43 Don't think so 20:15:46 moving on 20:15:50 #topic Next meeting 20:16:46 nthykier: re: rebuild if you do it post release you control which packages and what pace, so you can do targetted testing. a mass rebuild doesn't allow that. 20:17:16 #info Next meeting is 22nd of March at 19:00 UTC (import into your calendar via https://release.debian.org/release-calendar.ics) 20:18:00 #endmeeting