#mageia-dev log

19:08:21 <ennael> #startmeeting
19:08:21 <Inigo_Montoya`> Meeting started Wed Sep  7 19:08:21 2011 UTC.  The chair is ennael. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:08:21 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:08:22 <erzulie> [ MeetBot - Debian Wiki ]
19:08:34 <ennael> hi all
19:09:22 <ennael> be kind tonight as misc will not be able to attend :)
19:09:51 <ennael> I will add a topic on list about pending todo list for sysadmin team regarding packaging team
19:10:26 <ennael> #topic feedbacks on backport policy
19:10:34 <ennael> ok this one may be fast
19:10:45 <ennael> so we mailed url about backport policy
19:11:01 <ennael> of course everybody went to read it and know it by heart now
19:11:09 <ennael> is there any comment on it ? pb ?
19:11:47 <Remmy> Not from me.
19:12:03 <pasmatt> ok for me
19:12:14 <Stormi> it's ok for me for a start, provided we can review it in 6 months as planned
19:12:20 <ennael> sure
19:12:35 <AL13N> good enough for now
19:12:42 <ennael> boklm: do we have everything ready to submit backports ?
19:13:05 <boklm> hmm, not sure, we need to check
19:13:26 <boklm> but it should be quick to do
19:13:43 <ennael> ok can you check it and mail -dev when it's done ?
19:13:50 <boklm> ok
19:14:05 <boklm> so policy is done, and backports ready to be open ?
19:14:13 <ennael> #action bokklm will check bs and backports submit
19:14:17 <ennael> yep
19:14:22 <AL13N> -k
19:14:25 <Stormi> #fakeaction boklm read backports policy :)
19:14:59 <ennael> ok anything else to add ?
19:15:11 <Stormi> regarding the tools
19:15:16 <AL13N> ennael: typo in last #action
19:15:18 <ennael> of course this will have to be added to policies for mentors
19:15:26 <Stormi> we need to be able to submit of course, but maybe also to move from backports_testing to backports
19:15:35 <boklm> yes
19:15:52 <Stormi> it would be great to be able to do so without having to ping a sysadmin :)
19:16:00 <anaselli> just a questiom
19:16:19 <anaselli> could a leaf pacakge considered as update instead of backport?
19:16:38 <anaselli> if it fixes bugs for instance?
19:16:39 <boklm> Stormi: for qa team members ?
19:17:21 <boklm> or any packager ?
19:17:22 <Stormi> boklm: I don't know, maybe for all packagers too
19:17:30 <boklm> ok
19:17:49 <Stormi> we haven't enforced a "validate by QA team" rule for now
19:18:03 <boklm> ok, so we need to have some tools to do this
19:18:03 <ennael> maybe it's time for it then
19:18:22 <Stormi> maybe yes, I wouldn't be against
19:19:02 <ennael> could you make some proposals ?
19:19:48 <Stormi> yes, but concerning what points precisely ?
19:20:10 <Stormi> process from submit to validation and move to backports ?
19:20:27 <ennael> yep adding process on policy page
19:20:36 <ennael> to know who is doing what and how
19:20:43 <Stormi> ok
19:21:06 <ennael> #action Stormi will add QA process for backports submission
19:22:16 <ennael> anything else to add ?
19:22:51 <Remmy> Unrelated, I wanted to compliment the QA team on all the work done in the past few weeks... updates are really moving now and nice to see some action there :-)
19:23:12 <ennael> hey don't jump on next topic :)
19:23:27 <ennael> ok next one
19:23:31 <Remmy> :)
19:23:40 <ennael> #topic review of pending updates
19:24:04 <ennael> could we have a short review on it ?
19:24:27 <Stormi> there was an acceleration in update candidates submission to QA
19:24:42 <Stormi> it looks like more packagers are working on bugs and security issues :)
19:24:54 <Stormi> so the QA team has been very busy this week
19:25:09 <ennael> do we still have some pending one that needs to kick packagers or testers ?
19:25:11 <Stormi> thankfully, there are some very active testers
19:25:33 <Stormi> some of pending because of the dependency installation problem
19:25:56 <Remmy> Claire and David really are on a role :)
19:25:57 <doktor5000> maybe a general question: if there is no exploit/poc for some security issues, how to handle the update? just apply the patch and be done?
19:26:16 <doktor5000> like for libxfont or openjdk or others
19:27:13 <Stormi> ennael: 25 updates are pending now, I don't know the proportion waiting for packagers / testers / sysadmin
19:27:18 <ennael> then it means initial report is not complete enough
19:27:30 <Stormi> I think we can give ourselves a week more to see how it goes
19:27:45 <Stormi> and solve the dependency installation problem
19:27:55 <Stormi> by copying deps from release to update
19:28:03 <ennael> ok I spoke for tv about that point
19:28:25 <ennael> we may find solution in cauldron but adding it in stable will ask time and may be risky
19:28:47 <ennael> so copying for now deps in updates repo should be the solution
19:28:53 <Stormi> yes
19:28:55 <doktor5000> ennael: some CVE's have no exploit or proof-of-concept, how to handle those?
19:29:02 <ennael> we just need to ensure QA team will check it
19:29:13 <Stormi> ideally, maybe boklm could provide to packagers a command to copy packages from release to updates_testing ?
19:29:26 <doktor5000> should our security team write some exploits for those? sounds not doable ...
19:29:26 <Stormi> otherwise we will have to ask the sysadmins all the time
19:29:31 <boklm> to qa team members ?
19:29:37 <Stormi> boklm: to packagers
19:29:52 <boklm> ok
19:29:53 <ennael> too large in my opinion
19:30:04 <Stormi> well, it's the same as submit
19:30:09 <Stormi> but without a submit :)
19:30:18 <Stormi> only targetting updates_testing
19:30:31 <ennael> we need to keep repos clean
19:30:40 <ennael> and this could end up in a big mess
19:31:01 <AL13N> it depends on who does the fixing, it would be better to have packagers who make updates actually do the copying when submitting
19:31:21 <ennael> boklm: wdyt ?
19:31:35 <AL13N> (to updates_testing ; so that qateam can do other more important stuff)
19:31:37 <boklm> I think qa team could move the package after validating the update
19:32:06 <Stormi> boklm: are we speaking of the move to updates or the copying of deps from release to updates_testing ?
19:32:34 <boklm> ah, I was talking about move to updates
19:33:33 <ennael> we need to fix both I guess
19:33:47 <ennael> QA team should be able to handle it
19:34:09 <AL13N> i think update could be qateam and submitters can do the copy deps to updates_testing
19:34:11 <boklm> for copy from release to updates_testing, it needs to be done at the same time as submit to updates_testing, so by the packager submitting
19:36:47 <ennael> what about package move from updates_testing to updates ??
19:37:00 <boklm> for this, I think it could be done by qa team
19:37:37 <ennael> yep so packager handle submit to updates-testing and add needed deps
19:37:48 <ennael> QA team handle move to updates repos + needed deps ?
19:37:53 <boklm> yes
19:38:12 <ennael> Stormi ? others ?
19:38:15 * boklm is not sure copying of needed deps to updates is a good solution
19:38:30 <ennael> at least short term solution
19:38:31 <Stormi> we'll see if "QA team" means the whole team or just some members
19:38:38 <boklm> as we may have to add half the distribution in updates
19:38:41 <Stormi> I think we'll start with a few members first
19:38:56 <ennael> boklm: well this was done for years
19:39:14 <ennael> it's not a good reason but while we do not have proper solution
19:39:16 <boklm> ennael: but we were not adding new packages, only updates
19:39:17 <Stormi> ennael: the need to support updates from mandriva increases the need for dependencies copying
19:39:28 <rindolf> I think copying needed deps to updates if they didn't change is silly, as well.
19:39:32 <ennael> boklm: yes missing deps for updates
19:39:57 <boklm> adding new packages from mandriva missing in mageia 1 adds a lot of dependencies
19:40:10 <ennael> rindolf: this is silly but unless you can fix it we do not have better solution
19:40:11 <Stormi> I think we can start copying, and set a number of packages that would raise a "this is too much" alert ?
19:40:21 <rindolf> ennael: OK, fair enough.
19:40:55 <ennael> this will be added in todo list for sure
19:41:17 <ennael> #action add to specs a way to better handle updates dealing with deps
19:41:41 <ennael> Stormi: wdyt about having a limited number of people in QA team to push updates ?
19:41:54 <Stormi> ennael: I agree with it
19:42:15 <ennael> ok then please give all names to boklm
19:42:20 <ennael> and add it on wiki
19:42:27 <Stormi> ok
19:42:33 <ennael> so that we know who is able to do it
19:42:42 <Stormi> can you #action it so that I remember ? :)
19:42:53 <boklm> we can use an ldap group to store this list
19:43:00 <ennael> #action Stormi will give QA members able to push updates in repo
19:43:03 <ennael> boklm: yep
19:44:18 <ennael> Stormi: are you still planning weekly report on security issues
19:44:44 <Stormi> hmm, seems I have forgotten about those
19:44:52 <ennael> :)
19:45:10 <ennael> let say from next week then
19:45:28 <Stormi> I have to check whether I promised to do it or if someone else did :)
19:45:37 <ennael> hum
19:45:39 <ennael> ok :)
19:45:47 <ennael> anything else to add on update ?
19:45:52 <Remmy> Could have been me'ish
19:46:57 <Stormi> Looking at the logs, it was Remmy or leuhmanu
19:47:05 <Stormi> on behalf of triage team
19:47:53 <Remmy> I still plan to work on a weekly triage update, but didn't get to it yet... and part of it should be security related reports.
19:48:36 <Remmy> And with stewb disappearing / taking a time out, we are short on people with a security hat on
19:48:51 <ennael> ok I will try to contact stew
19:49:21 <ennael> but still we need this report to focus on it
19:50:28 <Remmy> Agreed
19:50:48 <ennael> ok I let you decide then who is doing it
19:51:11 <Remmy> I do think we were the first distribution after debian to have a fix for the apache dos attack though, thanks to AL13N and QA team.
19:51:36 <Remmy> I have it on my to do list, but happy to have anyone with more time for it take it from me :-)
19:52:01 <AL13N> Remmy: and debian did get a wrong one, cause they introduced a regression
19:52:04 <ennael> Stormi: can you handle this?
19:52:08 <Remmy> Ya, I saw that :)
19:52:54 <Stormi> ennael: I'm not sure I know what to handle :) The weekly reports ?
19:53:54 <ennael> about security issues
19:54:17 <Remmy> I've had a cold, family matters and the new month always is a peak load at work for me... but I agreed with Stormi that as part of my padawanship I'd also have a closer look at security issues.
19:54:28 <ennael> it means listing them from bugzilla request and sort the one which were forgottent of waiting for tester or packager
19:54:46 <Stormi> ennael: ok I'll see with the triagers how we can do
19:54:53 <ennael> ok thanks
19:55:13 <ennael> #action Stormi  and triage team will have a look on weekly review for security updates
19:55:23 <ennael> anything else to add ?
19:55:34 <Stormi> yes, who wants to pay me fulltime on mageia ? :)
19:55:39 <ennael> :)
19:56:09 <AL13N> :)
19:56:13 <Remmy> I'll chip in a hundred a month :)
19:56:26 <ennael> looks like andre is not around
19:56:37 <ennael> shall we postpone mentoring topic ?
19:56:51 <AL13N> ok
19:56:58 <AL13N> i noticed his email though
19:57:00 <Remmy> He wrote a mail to the list... would be nice if these guys found a mentor
19:57:01 <AL13N> about 2 packagers
19:57:25 <Remmy> They both sound like too promising to let slip through the cracks
19:57:48 <ennael> yep ok we will look for somebody unless we have volunteer here
19:58:50 <Stormi> usually this is when the meeting becomes very calm
19:58:51 <ennael> ok
19:58:56 <ennael> :))
19:59:13 <ennael> #topic triage review: mageia1 and cauldron
19:59:21 <ennael> anything to add on this topic ?
20:00:49 <Stormi> Remmy: ?
20:01:06 <Remmy> It looks like leuhmanu isn't around, but I've noticed a real improvement on the bugs being triaged
20:01:15 <Remmy> Mostly thanks to a few people
20:01:32 <Remmy> As with the security thing, I don't have the numbers yet I said I'd work on
20:02:03 <ennael> ok let's wait for it then
20:02:09 <ennael> it's hard to work on impression :)
20:02:17 <Remmy> We still have a bit of a backlog to work through
20:02:22 <ennael> sure
20:02:24 <Remmy> but I think most new bugs are being picked up
20:02:34 <ennael> good news indeed
20:02:44 <ennael> what about blog post ?
20:02:51 * ennael has fixed ideas
20:03:01 <Remmy> I made a draft on the pirate pad you made...
20:03:13 <Remmy> http://piratepad.net/gN3X1LmNPh
20:03:14 <ennael> ok will have a look
20:03:14 <erzulie> [ PiratePad: gN3X1LmNPh ]
20:03:26 <Remmy> MrsB added the QA part to it
20:03:39 <Remmy> but I'm not sure if people agree with tone and structure of it
20:03:58 <Remmy> (second half of the document)
20:04:02 <ennael> ok let's have a look on it and we publish it this we ok ?
20:04:56 <Remmy> Yeah, fine with me... not my call :)
20:05:03 <ennael> ok :)
20:05:24 <ennael> #action review blog post for triage/QA before end of the week
20:05:33 <ennael> ok
20:05:54 <ennael> #topic various sysadmin tasks for packaging team
20:06:10 * ennael closes the door so that boklm cannot leave
20:06:25 * boklm exit by the window
20:06:35 <ennael> argh too bad :)
20:06:36 <ennael> ok
20:06:47 <boklm> :)
20:06:57 <ennael> boklm is rewritting a todo list for sysadmins team
20:07:10 <ennael> this does not mean all will be done tomorrow (too bad)
20:07:21 <ennael> but will help to organize things and gives priorities
20:07:22 <leuhmanu> (Hi, sorry, network problem :/)
20:07:34 <boklm> so the list of important items we have now regarding packaging :
20:07:49 <ennael> just one word about data center
20:07:58 <boklm> ok
20:08:03 <ennael> a trip will be planned soon in Marseille (south of France)
20:08:14 <ennael> to add disks in servers, change some broken one
20:08:34 <ennael> and we hope also add backup server and ARM platform for build system
20:09:08 <brianb> can you get access to data centres - i thought they were restricted access?
20:09:44 <ennael> there are indeed but sysadmins can access as they know admins there
20:09:57 <brianb> ok
20:10:03 <boklm> yes
20:10:45 <ennael> ok so imagine it's christmas, think about pending tasks we could offer to sysadmins team
20:11:01 <ennael> included triage and QA team
20:11:12 <boklm> so list of things we have in todo list now :
20:11:28 <boklm> - tool to move packages from updates_testing to updates, for qa team members (so that sysadmin don't have to do it)
20:11:37 <boklm> - tool to move packages from backports_testing to backports
20:11:43 <boklm> - tool to remove a package from updates_testing / backports_testing
20:11:57 <boklm> - security updates database
20:12:21 <Stormi> (is this the one with the advisories that rpmdrake will be able to use ?)
20:12:33 <boklm> yes, it should also generate the files for rpmdrake
20:13:32 <boklm> do you see something else important ?
20:14:11 <Stormi> allow submit to backports_testing, of course
20:14:24 <boklm> yes
20:15:54 <Stormi> don't know if it deserves a place on the todo list, but i'd like to manage to create charts on bugzilla
20:16:01 <Stormi> currently it doesn't seem to work
20:16:16 <boklm> ok
20:16:31 <boklm> I think dmorgan also plans to update bugzilla to a new version
20:16:43 <mikala> boklm: it would be nice also to have a tool to remove a build in the queue list
20:17:18 <mikala> but also to send several packages in a specific order (with build dependency between them)
20:17:43 <boklm> yes, also in TODO list, but less prioritary
20:18:00 <mikala> ok.
20:18:28 <boklm> full todo list is on https://bugs.mageia.org/showdependencytree.cgi?id=859&hide_resolved=1
20:18:30 <erzulie> [ Dependency tree for Bug 859 ]
20:19:01 <Remmy> Perhaps when bored (if that exists :-) , go through the bugs assigned to sysadm on bugzilla?
20:20:40 <Remmy> Wow, that's fast ;-)
20:21:50 <ennael> boklm: anything else to add on that topic ?
20:22:18 <boklm> nothing to add
20:23:01 <ennael> ok guys anything else to add ?
20:23:16 <Stormi> nothing but good night :)
20:23:40 <ennael> ok let close that meeting then
20:23:44 <ennael> thanks for coming
20:23:49 <ennael> #endmeeting