19:08:21 <ennael> #startmeeting 19:08:21 <Inigo_Montoya`> Meeting started Wed Sep 7 19:08:21 2011 UTC. The chair is ennael. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:08:21 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:08:22 <erzulie> [ MeetBot - Debian Wiki ] 19:08:34 <ennael> hi all 19:09:22 <ennael> be kind tonight as misc will not be able to attend :) 19:09:51 <ennael> I will add a topic on list about pending todo list for sysadmin team regarding packaging team 19:10:26 <ennael> #topic feedbacks on backport policy 19:10:34 <ennael> ok this one may be fast 19:10:45 <ennael> so we mailed url about backport policy 19:11:01 <ennael> of course everybody went to read it and know it by heart now 19:11:09 <ennael> is there any comment on it ? pb ? 19:11:47 <Remmy> Not from me. 19:12:03 <pasmatt> ok for me 19:12:14 <Stormi> it's ok for me for a start, provided we can review it in 6 months as planned 19:12:20 <ennael> sure 19:12:35 <AL13N> good enough for now 19:12:42 <ennael> boklm: do we have everything ready to submit backports ? 19:13:05 <boklm> hmm, not sure, we need to check 19:13:26 <boklm> but it should be quick to do 19:13:43 <ennael> ok can you check it and mail -dev when it's done ? 19:13:50 <boklm> ok 19:14:05 <boklm> so policy is done, and backports ready to be open ? 19:14:13 <ennael> #action bokklm will check bs and backports submit 19:14:17 <ennael> yep 19:14:22 <AL13N> -k 19:14:25 <Stormi> #fakeaction boklm read backports policy :) 19:14:59 <ennael> ok anything else to add ? 19:15:11 <Stormi> regarding the tools 19:15:16 <AL13N> ennael: typo in last #action 19:15:18 <ennael> of course this will have to be added to policies for mentors 19:15:26 <Stormi> we need to be able to submit of course, but maybe also to move from backports_testing to backports 19:15:35 <boklm> yes 19:15:52 <Stormi> it would be great to be able to do so without having to ping a sysadmin :) 19:16:00 <anaselli> just a questiom 19:16:19 <anaselli> could a leaf pacakge considered as update instead of backport? 19:16:38 <anaselli> if it fixes bugs for instance? 19:16:39 <boklm> Stormi: for qa team members ? 19:17:21 <boklm> or any packager ? 19:17:22 <Stormi> boklm: I don't know, maybe for all packagers too 19:17:30 <boklm> ok 19:17:49 <Stormi> we haven't enforced a "validate by QA team" rule for now 19:18:03 <boklm> ok, so we need to have some tools to do this 19:18:03 <ennael> maybe it's time for it then 19:18:22 <Stormi> maybe yes, I wouldn't be against 19:19:02 <ennael> could you make some proposals ? 19:19:48 <Stormi> yes, but concerning what points precisely ? 19:20:10 <Stormi> process from submit to validation and move to backports ? 19:20:27 <ennael> yep adding process on policy page 19:20:36 <ennael> to know who is doing what and how 19:20:43 <Stormi> ok 19:21:06 <ennael> #action Stormi will add QA process for backports submission 19:22:16 <ennael> anything else to add ? 19:22:51 <Remmy> Unrelated, I wanted to compliment the QA team on all the work done in the past few weeks... updates are really moving now and nice to see some action there :-) 19:23:12 <ennael> hey don't jump on next topic :) 19:23:27 <ennael> ok next one 19:23:31 <Remmy> :) 19:23:40 <ennael> #topic review of pending updates 19:24:04 <ennael> could we have a short review on it ? 19:24:27 <Stormi> there was an acceleration in update candidates submission to QA 19:24:42 <Stormi> it looks like more packagers are working on bugs and security issues :) 19:24:54 <Stormi> so the QA team has been very busy this week 19:25:09 <ennael> do we still have some pending one that needs to kick packagers or testers ? 19:25:11 <Stormi> thankfully, there are some very active testers 19:25:33 <Stormi> some of pending because of the dependency installation problem 19:25:56 <Remmy> Claire and David really are on a role :) 19:25:57 <doktor5000> maybe a general question: if there is no exploit/poc for some security issues, how to handle the update? just apply the patch and be done? 19:26:16 <doktor5000> like for libxfont or openjdk or others 19:27:13 <Stormi> ennael: 25 updates are pending now, I don't know the proportion waiting for packagers / testers / sysadmin 19:27:18 <ennael> then it means initial report is not complete enough 19:27:30 <Stormi> I think we can give ourselves a week more to see how it goes 19:27:45 <Stormi> and solve the dependency installation problem 19:27:55 <Stormi> by copying deps from release to update 19:28:03 <ennael> ok I spoke for tv about that point 19:28:25 <ennael> we may find solution in cauldron but adding it in stable will ask time and may be risky 19:28:47 <ennael> so copying for now deps in updates repo should be the solution 19:28:53 <Stormi> yes 19:28:55 <doktor5000> ennael: some CVE's have no exploit or proof-of-concept, how to handle those? 19:29:02 <ennael> we just need to ensure QA team will check it 19:29:13 <Stormi> ideally, maybe boklm could provide to packagers a command to copy packages from release to updates_testing ? 19:29:26 <doktor5000> should our security team write some exploits for those? sounds not doable ... 19:29:26 <Stormi> otherwise we will have to ask the sysadmins all the time 19:29:31 <boklm> to qa team members ? 19:29:37 <Stormi> boklm: to packagers 19:29:52 <boklm> ok 19:29:53 <ennael> too large in my opinion 19:30:04 <Stormi> well, it's the same as submit 19:30:09 <Stormi> but without a submit :) 19:30:18 <Stormi> only targetting updates_testing 19:30:31 <ennael> we need to keep repos clean 19:30:40 <ennael> and this could end up in a big mess 19:31:01 <AL13N> it depends on who does the fixing, it would be better to have packagers who make updates actually do the copying when submitting 19:31:21 <ennael> boklm: wdyt ? 19:31:35 <AL13N> (to updates_testing ; so that qateam can do other more important stuff) 19:31:37 <boklm> I think qa team could move the package after validating the update 19:32:06 <Stormi> boklm: are we speaking of the move to updates or the copying of deps from release to updates_testing ? 19:32:34 <boklm> ah, I was talking about move to updates 19:33:33 <ennael> we need to fix both I guess 19:33:47 <ennael> QA team should be able to handle it 19:34:09 <AL13N> i think update could be qateam and submitters can do the copy deps to updates_testing 19:34:11 <boklm> for copy from release to updates_testing, it needs to be done at the same time as submit to updates_testing, so by the packager submitting 19:36:47 <ennael> what about package move from updates_testing to updates ?? 19:37:00 <boklm> for this, I think it could be done by qa team 19:37:37 <ennael> yep so packager handle submit to updates-testing and add needed deps 19:37:48 <ennael> QA team handle move to updates repos + needed deps ? 19:37:53 <boklm> yes 19:38:12 <ennael> Stormi ? others ? 19:38:15 * boklm is not sure copying of needed deps to updates is a good solution 19:38:30 <ennael> at least short term solution 19:38:31 <Stormi> we'll see if "QA team" means the whole team or just some members 19:38:38 <boklm> as we may have to add half the distribution in updates 19:38:41 <Stormi> I think we'll start with a few members first 19:38:56 <ennael> boklm: well this was done for years 19:39:14 <ennael> it's not a good reason but while we do not have proper solution 19:39:16 <boklm> ennael: but we were not adding new packages, only updates 19:39:17 <Stormi> ennael: the need to support updates from mandriva increases the need for dependencies copying 19:39:28 <rindolf> I think copying needed deps to updates if they didn't change is silly, as well. 19:39:32 <ennael> boklm: yes missing deps for updates 19:39:57 <boklm> adding new packages from mandriva missing in mageia 1 adds a lot of dependencies 19:40:10 <ennael> rindolf: this is silly but unless you can fix it we do not have better solution 19:40:11 <Stormi> I think we can start copying, and set a number of packages that would raise a "this is too much" alert ? 19:40:21 <rindolf> ennael: OK, fair enough. 19:40:55 <ennael> this will be added in todo list for sure 19:41:17 <ennael> #action add to specs a way to better handle updates dealing with deps 19:41:41 <ennael> Stormi: wdyt about having a limited number of people in QA team to push updates ? 19:41:54 <Stormi> ennael: I agree with it 19:42:15 <ennael> ok then please give all names to boklm 19:42:20 <ennael> and add it on wiki 19:42:27 <Stormi> ok 19:42:33 <ennael> so that we know who is able to do it 19:42:42 <Stormi> can you #action it so that I remember ? :) 19:42:53 <boklm> we can use an ldap group to store this list 19:43:00 <ennael> #action Stormi will give QA members able to push updates in repo 19:43:03 <ennael> boklm: yep 19:44:18 <ennael> Stormi: are you still planning weekly report on security issues 19:44:44 <Stormi> hmm, seems I have forgotten about those 19:44:52 <ennael> :) 19:45:10 <ennael> let say from next week then 19:45:28 <Stormi> I have to check whether I promised to do it or if someone else did :) 19:45:37 <ennael> hum 19:45:39 <ennael> ok :) 19:45:47 <ennael> anything else to add on update ? 19:45:52 <Remmy> Could have been me'ish 19:46:57 <Stormi> Looking at the logs, it was Remmy or leuhmanu 19:47:05 <Stormi> on behalf of triage team 19:47:53 <Remmy> I still plan to work on a weekly triage update, but didn't get to it yet... and part of it should be security related reports. 19:48:36 <Remmy> And with stewb disappearing / taking a time out, we are short on people with a security hat on 19:48:51 <ennael> ok I will try to contact stew 19:49:21 <ennael> but still we need this report to focus on it 19:50:28 <Remmy> Agreed 19:50:48 <ennael> ok I let you decide then who is doing it 19:51:11 <Remmy> I do think we were the first distribution after debian to have a fix for the apache dos attack though, thanks to AL13N and QA team. 19:51:36 <Remmy> I have it on my to do list, but happy to have anyone with more time for it take it from me :-) 19:52:01 <AL13N> Remmy: and debian did get a wrong one, cause they introduced a regression 19:52:04 <ennael> Stormi: can you handle this? 19:52:08 <Remmy> Ya, I saw that :) 19:52:54 <Stormi> ennael: I'm not sure I know what to handle :) The weekly reports ? 19:53:54 <ennael> about security issues 19:54:17 <Remmy> I've had a cold, family matters and the new month always is a peak load at work for me... but I agreed with Stormi that as part of my padawanship I'd also have a closer look at security issues. 19:54:28 <ennael> it means listing them from bugzilla request and sort the one which were forgottent of waiting for tester or packager 19:54:46 <Stormi> ennael: ok I'll see with the triagers how we can do 19:54:53 <ennael> ok thanks 19:55:13 <ennael> #action Stormi and triage team will have a look on weekly review for security updates 19:55:23 <ennael> anything else to add ? 19:55:34 <Stormi> yes, who wants to pay me fulltime on mageia ? :) 19:55:39 <ennael> :) 19:56:09 <AL13N> :) 19:56:13 <Remmy> I'll chip in a hundred a month :) 19:56:26 <ennael> looks like andre is not around 19:56:37 <ennael> shall we postpone mentoring topic ? 19:56:51 <AL13N> ok 19:56:58 <AL13N> i noticed his email though 19:57:00 <Remmy> He wrote a mail to the list... would be nice if these guys found a mentor 19:57:01 <AL13N> about 2 packagers 19:57:25 <Remmy> They both sound like too promising to let slip through the cracks 19:57:48 <ennael> yep ok we will look for somebody unless we have volunteer here 19:58:50 <Stormi> usually this is when the meeting becomes very calm 19:58:51 <ennael> ok 19:58:56 <ennael> :)) 19:59:13 <ennael> #topic triage review: mageia1 and cauldron 19:59:21 <ennael> anything to add on this topic ? 20:00:49 <Stormi> Remmy: ? 20:01:06 <Remmy> It looks like leuhmanu isn't around, but I've noticed a real improvement on the bugs being triaged 20:01:15 <Remmy> Mostly thanks to a few people 20:01:32 <Remmy> As with the security thing, I don't have the numbers yet I said I'd work on 20:02:03 <ennael> ok let's wait for it then 20:02:09 <ennael> it's hard to work on impression :) 20:02:17 <Remmy> We still have a bit of a backlog to work through 20:02:22 <ennael> sure 20:02:24 <Remmy> but I think most new bugs are being picked up 20:02:34 <ennael> good news indeed 20:02:44 <ennael> what about blog post ? 20:02:51 * ennael has fixed ideas 20:03:01 <Remmy> I made a draft on the pirate pad you made... 20:03:13 <Remmy> http://piratepad.net/gN3X1LmNPh 20:03:14 <ennael> ok will have a look 20:03:14 <erzulie> [ PiratePad: gN3X1LmNPh ] 20:03:26 <Remmy> MrsB added the QA part to it 20:03:39 <Remmy> but I'm not sure if people agree with tone and structure of it 20:03:58 <Remmy> (second half of the document) 20:04:02 <ennael> ok let's have a look on it and we publish it this we ok ? 20:04:56 <Remmy> Yeah, fine with me... not my call :) 20:05:03 <ennael> ok :) 20:05:24 <ennael> #action review blog post for triage/QA before end of the week 20:05:33 <ennael> ok 20:05:54 <ennael> #topic various sysadmin tasks for packaging team 20:06:10 * ennael closes the door so that boklm cannot leave 20:06:25 * boklm exit by the window 20:06:35 <ennael> argh too bad :) 20:06:36 <ennael> ok 20:06:47 <boklm> :) 20:06:57 <ennael> boklm is rewritting a todo list for sysadmins team 20:07:10 <ennael> this does not mean all will be done tomorrow (too bad) 20:07:21 <ennael> but will help to organize things and gives priorities 20:07:22 <leuhmanu> (Hi, sorry, network problem :/) 20:07:34 <boklm> so the list of important items we have now regarding packaging : 20:07:49 <ennael> just one word about data center 20:07:58 <boklm> ok 20:08:03 <ennael> a trip will be planned soon in Marseille (south of France) 20:08:14 <ennael> to add disks in servers, change some broken one 20:08:34 <ennael> and we hope also add backup server and ARM platform for build system 20:09:08 <brianb> can you get access to data centres - i thought they were restricted access? 20:09:44 <ennael> there are indeed but sysadmins can access as they know admins there 20:09:57 <brianb> ok 20:10:03 <boklm> yes 20:10:45 <ennael> ok so imagine it's christmas, think about pending tasks we could offer to sysadmins team 20:11:01 <ennael> included triage and QA team 20:11:12 <boklm> so list of things we have in todo list now : 20:11:28 <boklm> - tool to move packages from updates_testing to updates, for qa team members (so that sysadmin don't have to do it) 20:11:37 <boklm> - tool to move packages from backports_testing to backports 20:11:43 <boklm> - tool to remove a package from updates_testing / backports_testing 20:11:57 <boklm> - security updates database 20:12:21 <Stormi> (is this the one with the advisories that rpmdrake will be able to use ?) 20:12:33 <boklm> yes, it should also generate the files for rpmdrake 20:13:32 <boklm> do you see something else important ? 20:14:11 <Stormi> allow submit to backports_testing, of course 20:14:24 <boklm> yes 20:15:54 <Stormi> don't know if it deserves a place on the todo list, but i'd like to manage to create charts on bugzilla 20:16:01 <Stormi> currently it doesn't seem to work 20:16:16 <boklm> ok 20:16:31 <boklm> I think dmorgan also plans to update bugzilla to a new version 20:16:43 <mikala> boklm: it would be nice also to have a tool to remove a build in the queue list 20:17:18 <mikala> but also to send several packages in a specific order (with build dependency between them) 20:17:43 <boklm> yes, also in TODO list, but less prioritary 20:18:00 <mikala> ok. 20:18:28 <boklm> full todo list is on https://bugs.mageia.org/showdependencytree.cgi?id=859&hide_resolved=1 20:18:30 <erzulie> [ Dependency tree for Bug 859 ] 20:19:01 <Remmy> Perhaps when bored (if that exists :-) , go through the bugs assigned to sysadm on bugzilla? 20:20:40 <Remmy> Wow, that's fast ;-) 20:21:50 <ennael> boklm: anything else to add on that topic ? 20:22:18 <boklm> nothing to add 20:23:01 <ennael> ok guys anything else to add ? 20:23:16 <Stormi> nothing but good night :) 20:23:40 <ennael> ok let close that meeting then 20:23:44 <ennael> thanks for coming 20:23:49 <ennael> #endmeeting