#mageia-dev log

19:06:40 <ennael> #startmeeting
19:06:40 <Inigo_Montoya> Meeting started Wed Sep 12 19:06:40 2012 UTC.  The chair is ennael. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:06:40 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:07:06 <ennael> #topic Secteam and Mandriva contribution
19:07:46 <ennael> So as you may know it if you had a look on council ML, Mandriva proposed to contribute to Mageia
19:07:55 <ennael> as they will base their server product on Mageia2
19:08:13 <sebsebseb> yep :)
19:08:16 <ennael> contribution will be focused on security update
19:08:33 <ennael> it means Oden will work a big part of this time on it
19:08:34 <AL13N> so that's why oden came to help
19:08:46 <ennael> oden: are you around by chance ?
19:09:10 <ennael> well next time maybe :)
19:09:22 <ennael> so this is a big help for secteam
19:09:37 <ennael> he may also contribute on cauldron on packages needed for next server version
19:09:59 <MrsB> it's effectively the start of secteam. Luigi12 has been more or less alone doing security updates so far
19:09:59 <ennael> we may have also a kernel hacker and another guy joining very part-time this effort
19:10:05 <ennael> it means Oden will work a big part of this time on itep
19:10:09 <ennael> oups
19:10:10 <ennael> yep
19:10:28 <ennael> I guess most of you know already Oden
19:10:54 <MrsB> I've spoken with him a couple of times, seems a nice guy
19:11:01 <ennael> there is a meeting planned tomorrow with QA, Luigi and some packagers
19:11:08 <ennael> as it means secteam is created now
19:11:42 <ennael> also Mandriva will bring a way to updates that are under embargo
19:11:59 <ennael> anybody knows about it ? embargo ?
19:12:08 <rindolf> ennael: what is that embargo?
19:12:13 <ennael> ok:)
19:12:16 <sebsebseb> yeah what is it?
19:12:18 <AL13N> ennael: what will we do wrt to that? we don't have private bugzilla
19:12:23 <AL13N> does it mean just chatting in person?
19:12:27 <ennael> wait
19:12:36 <AL13N> ennael: i sometimes have patches under embargo for mariadb
19:12:48 <ennael> when some security holes are discovered
19:13:01 <ennael> some people are warned on a specific ML
19:13:05 <ennael> only these people
19:13:13 <sebsebseb> oh ok
19:13:21 <ennael> it has to be kept confidential until fix is found
19:13:23 <sebsebseb> you mean only very trusted people?
19:13:32 <ennael> and everybody is ready to release it
19:13:35 <ennael> yes
19:14:18 <ennael> it means specific process and a bit of dedicated infrastructure
19:14:32 <ennael> this will be discussed tommorrow
19:14:38 <AL13N> when is this meeting?
19:14:42 <AL13N> can i join in?
19:14:47 <MrsB> is mandriva relevant to gaining access to the security list or is it something we just haven't done yet?
19:14:50 <AL13N> i suppose the meeting would be private
19:14:51 <sebsebseb> I was wondering about that as well, when is the meeting
19:15:19 <sebsebseb> AL13N: I was thinking it would maybe be part of the QA meeting, but I guess not.
19:15:31 <ennael> well we keep meeting restricted to some people as there is no need to have plenty of people
19:15:37 <ennael> it will be too long
19:15:45 <sebsebseb> ok, but will there be a log or something?
19:16:27 <AL13N> ok, at this moment, i have a mariadb embargo patch for in a few days i would like to know how to handle this better
19:16:47 <tmb> MrsB: we are gaining access "bu proxy" through Mandriava and oden.
19:17:04 <ennael> yep
19:17:07 <tmb> *by proxy*
19:17:10 <MrsB> i see, thanks
19:17:10 <ennael> Mandriva has access for years now
19:17:23 <MrsB> just wondering what kind of restrictions there are to access
19:17:25 <ennael> we may have a look also to ask for it for Mageia
19:18:48 <ennael> http://oss-security.openwall.org/wiki/mailing-lists/distros
19:18:59 <ennael> a list of distributions registered
19:19:00 <tmb> yep, but one of the steps to get access is to have a fully organzed security team with an offiial "real" person in charge...
19:19:32 <ennael> yep
19:19:41 <ennael> we may be able to ask for it later
19:19:52 <MrsB> so it's a sign of growing up :)
19:19:53 <ennael> having a real team for security will help
19:19:56 <ennael> sure
19:19:57 <sebsebseb> eeeee
19:20:13 <ennael> we will post on blog to speak about this contribution
19:20:14 <sebsebseb> whoops hit enter by mistake
19:20:21 <sebsebseb> MrsB: heh heh
19:21:01 <ennael> question, comment ?
19:21:32 <sebsebseb> the security team will be like any other? people voting on who to have as leader and all that, I guess?
19:21:49 <ennael> not fixed yet
19:22:06 <AL13N> ennael: is there some kind of policy wrt to such private things? as i said, i have access to a private mailing list for mariadb and yet-undisclosed security issues
19:22:27 <ennael> no idea it may depend on the ML
19:22:40 <AL13N> ennael: i mean for mageia
19:22:43 <tmb> AL13N: well, thats only one package amongst a gazillion others :)
19:22:47 <AL13N> true
19:22:52 <AL13N> but it's still the same thing
19:23:13 <AL13N> ie: security and nondisclosure until an embargodate
19:23:14 <ennael> I don't understand your question...
19:23:23 <tmb> well, we need to think it over properly how to handle it
19:23:35 <AL13N> well, wrt update validation
19:23:53 <AL13N> for example, for mariadb i am allowed to push the update before, but asked to not use security anywhere
19:24:01 <ennael> same process as other one, the thing changing is while embargo is still active
19:24:10 <AL13N> so, this is wrt to update validation and bugzilla
19:24:14 <tmb> AL13N: and afaik mariadb also send info to the security list regarding embargoed stuff
19:24:26 <AL13N> tmb: really?
19:24:53 <AL13N> tmb: i have no access to that list, so i am unsure, but if it is, i guess it's not a big issue
19:25:01 <tmb> AL13N: atleast they post on oss-sec when some stuff is found...
19:25:51 <tmb> but anyway, we'll get more into the details later
19:26:02 <ennael> yep
19:26:41 <AL13N> k
19:26:54 <ennael> t topic ?
19:27:04 <sebsebseb> next topic ok
19:27:16 <EzKurdistanIm> hi. meeting
19:27:18 <EzKurdistanIm> ?
19:27:22 <sebsebseb> EzKurdistanIm: yep
19:27:31 <ennael> #topic Alpha2 deadline and features
19:27:40 <EzKurdistanIm> okey. meeting logs? want to cash up what I have missed.
19:27:40 <ennael> so Alpha 1 is out
19:27:41 <EzKurdistanIm> thx
19:27:49 <AL13N> tmb: they told me that they sent to oss-sec yesterday (but other mailing list was 2 weeks ago)
19:28:13 <sebsebseb> EzKurdistanIm: will be logged after the meeting is over  http://meetbot.mageia.org
19:28:14 <ennael> as a reminder alpha 2 is planned for 2012 Oct. 04th
19:28:27 <EzKurdistanIm> sebsebseb: thx.
19:28:30 <MrsB> not long
19:28:53 <EzKurdistanIm> when is the deadline for new package arrive?
19:29:00 <ennael> well we were late on alpha1
19:29:19 <ennael> so one comment on last release
19:29:20 <EzKurdistanIm> :) I wanted to at get-sopcast before mga3 freezes
19:29:43 <ennael> we really need people to refrain submits 3 or 4 days before release
19:29:54 <sebsebseb> yep
19:29:55 <ennael> it helps a lot when we make isos
19:30:27 <rindolf> ennael: on all commits?
19:30:35 <rindolf> ennael: or just on core stuff?
19:30:42 <ennael> submit not commits
19:30:46 <AL13N> (tmb: ah, it seems it was disclosed already)
19:30:48 <rindolf> ennael: ah.
19:31:15 <ennael> do not hesitate to ask on -dev if you have any doubt
19:31:41 <AL13N> ennael: are we planning to enforce it? otherwise it likely won't help much
19:31:53 <ennael> not during alpha stage
19:32:04 <AL13N> k
19:32:22 <tmb> of course core stuff should preferably not really get any commits either in case we need to do some quick fix...
19:32:33 <ennael> yep...
19:32:45 <MrsB> are we likely to see livecd's for alpha2?
19:32:54 <tmb> and since it's only ~1 week at the most, such stuff can wait....
19:33:23 <EzKurdistanIm> I read in 3.5.3 changeloog that tmb have droped support for patches for the old way of making livecd
19:33:43 <EzKurdistanIm> do we aldready have switched to the other mentioned or what?
19:33:43 <tmb> MrsB: we'll know this weekend when I start playing with overlayfs... kernel support is now available, so I just need to check the build and boot chain
19:34:06 <ennael> great
19:34:07 <sebsebseb> EzKurdistanIm: I think your question just got answered ^
19:34:10 <MrsB> ok, thanks. Just so we know how much sleep we're about to lose :)
19:34:15 <EzKurdistanIm> :) okey tmb just answered my question
19:34:36 <sebsebseb> MrsB: heh heh :)
19:34:55 <MrsB> When will be a good time for ISO discussions?
19:36:00 <ennael> let me start an email about it
19:36:11 <ennael> I will sum up discussions we had in council also
19:36:22 <ennael> I should send it tomorrow
19:36:33 <EzKurdistanIm> tmb: you are our kernel/driver etc person, have you decided which kernel will be default for mga3
19:36:46 <MrsB> Ok, thankyou
19:37:04 <sebsebseb> EzKurdistanIm: not really a topic for this meeting, and it will be a rather recent at the time kernel
19:37:07 <sebsebseb> probably
19:37:10 <ennael> anything else to ask ? comment ?
19:37:17 <EzKurdistanIm> and are we going to stick with same version let s�kernel 3.8.* for the mga3 period, like we now have for mga3 (3.3.*)
19:37:33 <tmb> EzKurdistanIm: by the speed kernel.org is going, it will probably be 3.7 - 3.9 something...
19:37:50 <AL13N> lol
19:38:20 <EzKurdistanIm> tmb: :) okey. hope latest stable, good for does with new hardware (laptops) with hybrid card etc.
19:38:48 <EzKurdistanIm> new x-server and kernel have better support and blob driver like nvidia are getting there acts togheter towards optimus
19:39:05 <tmb> yep, we will need atleast 3.7 series for improved hybrid support, but lets get back to the meeting now :)
19:39:19 <ennael> anything else to ask ? comment ?
19:39:22 <EzKurdistanIm> tmb: :) sorry. yeah. you guys go on.
19:39:28 <sebsebseb> ennael: nope
19:39:30 <neoclust> tmb: do you know which one will be the next LTS kernel ? ( i hope nobody already asked )
19:40:14 <k0Do> hi. how can I install mga3 alpha from usb? simply put the image with dd on the stick and boot?
19:40:29 <MrsB> yep
19:40:29 <sebsebseb> k0Do: yeah I guess, and its the packaging meeting at the moment
19:40:39 <neoclust> k0Do: you can use dd to do the copy
19:40:48 <ennael> ok
19:40:53 <ennael> #topic mentoring
19:41:23 <AL13N> k0Do: perhaps you can direct your questions to #mageia channel instead
19:41:26 <ennael> ok
19:41:38 <ennael> as andre is not around at the moment
19:41:46 <ennael> I will have a look on wiki page about mentoring
19:42:10 <ennael> do we have here people without mentor and wishing to start ?
19:42:17 <k0Do> AL13N, so alpha := stable?
19:42:28 <MichalGi> ennael: yes :)
19:42:47 <ennael> too late you cannot leav now
19:42:48 <ennael> leave
19:43:09 <sebsebseb> its ok there is a back door where she isn't blocking it :d
19:43:16 <MrsB> MichalGi: this is for packaging mentoring
19:43:31 <MichalGi> ennael: ohh, I thought it was for QA mentoring, sorry
19:43:36 <ennael> no pb :)
19:43:44 <MrsB> you can do both if you wish to
19:43:54 <sebsebseb> MichalGi: I have a feeling you might want to become a packager later on, but sure start with QA :)
19:44:01 <sebsebseb> and yep you can do both
19:44:07 <ennael> ok anyway I will ping by mail pending people on mentoring
19:44:11 <MichalGi> No, I prefer to focus QA first, maybe later :)
19:44:20 <sebsebseb> ok :)
19:44:28 <ennael> please let me know if there is somebody without mentor and waiting for
19:45:39 <ennael> any people here ready to become mentor?
19:45:55 <rindolf> ennael: I can mentor a few more people.
19:46:11 <rindolf> ennael: at least until I get a job.
19:46:18 <ennael> ok
19:47:00 <neoclust> rindolf: i would prefer you make good review first btw
19:47:20 <rindolf> neoclust: OK.
19:48:45 <ennael> anything else on that topic ?
19:49:09 <neoclust> not for me
19:49:10 <sebsebseb> nope
19:49:24 <MrsB> maybe it's worth a blog post asking for new apprentices
19:49:33 <ennael> yep
19:49:35 <sebsebseb> yeah that could be quite a good idea :)
19:49:36 <rindolf> MrsB: yes, I agree.
19:50:25 <MrsB> we had a good response in QA from the Interview one I did, it could maybe use the same format?
19:50:54 <sebsebseb> something else more interviews should be sorted out :)
19:51:02 <AL13N> MrsB: you mean of rindolf? or someone who's mentor?
19:51:17 <MrsB> rindolf, malo, not sure who the other mentors are
19:52:18 <AL13N> ok, so next topic?
19:52:21 <sebsebseb> yep
19:52:27 <rindolf> next topic is OK by me.
19:52:34 <ennael> no other topic
19:52:39 <ennael> except for build system
19:52:44 <ennael> #topic build system
19:52:57 <ennael> so new servers were installed in datacenter
19:53:14 <ennael> one is for isos building to replace old rabbit
19:53:25 <ennael> and the other one will be a build node
19:53:52 <ennael> we had a nasty pb just after installation
19:54:01 <ennael> those servers have been compromised
19:54:08 <AL13N> O_o
19:54:13 <rindolf> Wow.
19:54:25 <MrsB> ouch
19:54:30 <ennael> so they had to be reinstalled all
19:54:31 <sebsebseb> ah
19:54:44 <AL13N> how did that happen? something like a firmware hack? or something?
19:54:47 <ennael> it will take some more time than expected
19:54:52 <ennael> no details for now
19:54:53 <sebsebseb> yeah I was wondering what happended as well
19:55:01 <AL13N> ok
19:55:04 <tmb> well the buildnode is now up an running
19:55:07 <ennael> yep
19:55:09 <AL13N> ah, nice :-)
19:55:16 <AL13N> a new a faster ecosse
19:55:26 <ennael> yep but still it needs to be configured
19:55:31 <ennael> some more time for ti
19:55:32 <ennael> it
19:55:39 <AL13N> k
19:56:04 <tmb> ennael, nope... it's already activated and added to the build scheduler
19:56:11 <ennael> oh nice :)
19:56:20 <MrsB> was anything built on them which could be affected by the compromise?
19:56:20 * ennael was not fast enough :)
19:56:24 <tmb> so, its only rabbit missing now...
19:56:30 <ennael> ok
19:56:44 <ennael> also rda has been working on improving pkgsubmit page
19:56:48 <ennael> you can have a look here
19:56:49 <ennael> http://pkgsubmit.mageia.org/test_index.php
19:57:18 <rda> actually, it's going to be /index.php in a few minutes (commit already sent)
19:57:20 <tmb> MrsB: nope, it wasn't included in the build process at that time, so no compromized packages
19:57:47 <MrsB> phew!
19:57:50 <ennael> so now you can comment new page and slap rda :)
19:57:52 <ennael> oups
19:57:59 <AL13N> :-)
19:58:02 * rda is used to it
19:58:06 <sebsebseb> ennael: nice that page has pie charts explaining stuff etc :)
19:58:54 <AL13N> ennael: about 2317 and the delay, can anyone help in some way or form?
19:59:14 <ennael> we may go on in coming days
19:59:29 <ennael> sometimes real life does not help :)
19:59:38 <MrsB> Slightly off topic but could this be incorporated at some stage please - https://bugs.mageia.org/show_bug.cgi?id=6965
19:59:39 <ennael> anyway it's still a priority
19:59:42 <AL13N> np
19:59:53 <MrsB> rpmdiff's
20:00:29 <ennael> MrsB: well you could post it on -dev ML and ask for contrib on it
20:01:42 <MrsB> i thought it would be simpler than that
20:03:35 <ennael> everything is simple as soon as you have people with time to do it :)
20:04:09 <ennael> question ? comment ?
20:04:15 <ennael> sleeping ? eating ?
20:04:24 <tmb> (all of it)
20:04:34 <ennael> :)
20:04:45 <ennael> ok let's close this meeting then
20:04:49 <AL13N> nice short meeting, like it's supposed to
20:04:52 <rindolf> OK.
20:04:54 <ennael> #endmeeting