19:05:10 <DavidWHodgins> #startmeeting 19:05:11 <Inigo_Montoya`> Meeting started Thu Oct 10 19:05:10 2013 UTC. The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:05:11 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:05:32 <DavidWHodgins> Hi everyone 19:05:43 <Kernewes> hi 19:05:53 <DavidWHodgins> #topic Who's new? 19:06:21 <DavidWHodgins> Anyone here who has not participated in a qa irc meeting before? 19:07:08 <DavidWHodgins> #topic Testing updates 19:07:45 <wilcal> I wasn't quite sure how much testing was needed to ok glibc 19:07:58 <DavidWHodgins> Everyone please test glibc, and indicate in bug 11059 what hardware you've tested it on. Like the kernel, it should be tested on as many systems as possible. 19:08:00 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=11059 major, Normal, qa-bugs, qa-bugs, ASSIGNED , glibc new security issues CVE-2012-4412 CVE-2012-4424 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788, glibc 19:08:24 <lewyssmith> I need to know how to revert it from the update 19:08:43 <wilcal> Are there problems lew? 19:08:50 <DavidWHodgins> There are pocs for two of the cves. One of those only affects 32 bit systems. I'll try them both, right after the meeting. 19:09:11 <lewyssmith> I applied the update & found problems with LXterm 19:09:22 <lewyssmith> Don't know if they were there previously... 19:10:25 <DavidWHodgins> should be able to manually download the older packages, and install them with rpm -i --force 19:10:57 <lewyssmith> I will try that 19:10:58 <DavidWHodgins> Check /var/log/syslog, or journalctl, to confirm which packages were installed 19:11:23 <lewyssmith> What is journalctl? 19:11:35 <DavidWHodgins> For libtar, no poc provided, so just need to confirm tar can create and read tar files 19:11:52 <DavidWHodgins> journalctl is the comand to read the systemd version of syslog 19:12:14 <DavidWHodgins> journalctl -a will show all logs 19:12:34 <DavidWHodgins> on Mageia 3 and later, journalctl -b will show the logs since bootup 19:12:43 <DavidWHodgins> see man journalctl for more info 19:13:23 <DavidWHodgins> for nmap, again no poc, so just has to be tested that it works 19:13:32 <lewyssmith> I got into deep water with that bug which cited remote login to test it 19:13:53 <DavidWHodgins> lewyssmith: In what way? 19:14:08 <lewyssmith> Installed the daemon & client, but MCC did not offer to start the service etc 19:14:36 <lewyssmith> Just said 'start on demand', & I did not know how 19:14:55 <DavidWHodgins> Which daemon? 19:15:08 <lewyssmith> I'll look at th ebug now 19:16:21 <DavidWHodgins> For chromium-browser, testing is done, but we are still waiting for the advisory 19:16:25 <wilcal> So glibc could cause problems anywhere, big and small? 19:16:54 <DavidWHodgins> glibc is one level up from the kernel. It's used all over the place 19:17:18 <wilcal> Is it more likely to crash the system then doing something subtile? 19:17:23 <DavidWHodgins> YEs 19:17:28 <lewyssmith> It has gone! Another iffy though: how does one get lightdm as the login manager? 19:17:46 <wilcal> It looks relitively small 19:17:53 <DavidWHodgins> Once it's installed, mcc/boot/setup display manager 19:18:13 <lewyssmith> I should be able to manage that 19:18:16 <spiky> I,m working on that with jani 19:18:25 <spiky> version 1.18 19:18:48 <DavidWHodgins> Yes, but this is for the Mageia 3 update, not the cauldron version 19:18:56 <spiky> ok 19:19:28 <DavidWHodgins> torque, I haven't looked at yet, to see if there is a poc 19:20:24 <DavidWHodgins> Same with quaqqa. Never even heard of that one before. 19:21:02 <DavidWHodgins> clamav still needs testing on Mageia 2 x86_64, and both arches on Mageia 3 19:21:34 <lewyssmith> I looked at that, & wondered whether a stand-alone machine can test it 19:21:57 <DavidWHodgins> I'll go through each bug after the meeting, to ensure the advisories are in svn 19:22:05 <lewyssmith> Claire cited a special virus test 19:22:46 <DavidWHodgins> eicar is a standard non-virus, that all virus scanners will detect as a virus, for testing purposes 19:23:03 <DavidWHodgins> A google search should easily find it. It's a text file 19:23:28 <lewyssmith> Repeat: can I use clamav stand-alone? 19:23:32 <DavidWHodgins> It's probably attached to one of the older clamav update bug reports 19:23:35 <DavidWHodgins> Yes 19:24:12 <DavidWHodgins> Install it, ensure fresclam runs to update it's virus definitions, then scan a file containging the eicar text file 19:25:29 <lewyssmith> Does clamav work on-demand like Win anti-viruses? 19:26:07 <DavidWHodgins> No, it's a command line scanner, often invoked by mail programs to scan attachments, but can also be run manually 19:26:39 <lewyssmith> On-demand = command line! 19:26:48 <DavidWHodgins> Yep 19:27:04 <DavidWHodgins> Or, by a gui 19:27:10 <DavidWHodgins> Not a daemon 19:27:18 <Kernewes> clamtk is a gui for it 19:28:21 <DavidWHodgins> clamav does have a deamon that will check for updates to the virus database, but the scanning is only done by running commands 19:29:41 <lewyssmith> Dave: your various comments have clarified things; thanks 19:29:46 <DavidWHodgins> For apache-mod_nss, See the comment in the bug reports 19:29:51 <DavidWHodgins> You're welcome. 19:30:35 <DavidWHodgins> Any questions or comments on the testing? 19:31:05 <wilcal> I'm good 19:31:10 <wilcal> do'n what I can 19:31:18 <DavidWHodgins> Thanks! 19:31:47 <DavidWHodgins> Remember not to mark a bug as validated, before the advisory has been added to svn 19:32:08 <DavidWHodgins> #topic Luigi's Roundup 19:32:12 <wilcal> The libraw was kinda fun 19:32:33 <DavidWHodgins> Luigi12: ping 19:32:58 <Luigi12> hello 19:33:08 <wilcal> Hi there Luigi 19:33:10 <lewyssmith> No 'boo' tonight! 19:33:37 <DavidWHodgins> HiYa. Just went through all the bugs already assigned to qa, so basically just need to know what's likely to show up soon. 19:34:41 <Luigi12> ok 19:34:59 <Luigi12> you might have heard of quagga before BTW, as we've issued an update for it before (don't remember who tested it) 19:35:43 <Luigi12> I've been getting chromium advisories from Debian lately, but they still haven't updated theirs 19:36:20 <wilcal> Be happy your not in charge of IE security this week 19:36:25 <Luigi12> The torque maintainer (chris denice, aka eatdirt) has actually tested the torque update or is in the process of doing that. He's e-mailed me directly, but not commented on the bug yet. 19:37:39 <lewyssmith> Dare I ask what it is? 19:38:37 <DavidWHodgins> Oh yes, I remember quagga now. We ended up just testing that it installs cleanly. 19:39:10 <Luigi12> that should be sufficient this time too 19:39:26 <DavidWHodgins> Makes it easy to test. :-) 19:39:29 <Luigi12> Oden reported an x11-server vuln this morning, not sure when/if tv will update it https://bugs.mageia.org/show_bug.cgi?id=11428 19:39:31 <[mbot> Bug 11428: normal, Normal, thierry.vignaud, thierry.vignaud, NEW , xorg-x11-server - use-after-free flaw when handling ImageText requests (CVE-2013-4396), x11-server 19:39:51 <Luigi12> I reported a qemu issue yesterday, no patches are available for the versions we have yet https://bugs.mageia.org/show_bug.cgi?id=11422 19:39:52 <[mbot> Bug 11422: critical, Normal, bugsquad, bugsquad, NEW , qemu new security issue CVE-2013-4344, qemu-1.2.0-8.2.mga3.src.rpm 19:40:00 <Luigi12> that's all that's new since last week 19:40:03 <DavidWHodgins> #info update for xorg-x11-server likely soon 19:40:24 <DavidWHodgins> #info new qemu security issue found. No update yet. 19:40:29 <DavidWHodgins> Thanks Luigi12 19:40:47 <DavidWHodgins> #topic Anything else? 19:40:52 <Luigi12> For the python-oauth2 thing I've mentioned before, it's a dependency of something else. Philippe is working on updating that something else to a newer version which doesn't depend on it anymore. 19:41:06 <Kernewes> I'm taking alpha 3 for a spin 19:41:12 <wilcal> Has there been any major wrinkles to M4 since A3 got released? 19:41:27 <Luigi12> AL13N is working on Xen updates for Mageia 2 and Mageia 3 19:41:32 <Luigi12> the Mageia 3 update is actually already built 19:41:34 <Kernewes> with the classical installer my keyboard and mouse went dead 19:41:43 <Kernewes> the lives were ok 19:41:52 <lewyssmith> EFI: is there anyone actually working on this (development)? 19:41:55 <wilcal> Keyboard/Mouse wireless? 19:41:58 <Luigi12> There hasn't been movement on any other security bugs 19:41:58 <DavidWHodgins> #info xen updates to be tested soon too 19:42:05 <Kernewes> wilcal: no 19:42:13 <Luigi12> ok now i'm done 19:42:21 <DavidWHodgins> Ok. Thanks 19:42:21 <Kernewes> wilcal: I found a bug on Bugzilla and added my experiences to that 19:42:49 <wilcal> M4A3 seems pretty solid except for the Gnome thingy 19:42:53 <Kernewes> wilcal: the bug's now marked as closed so hopefully will be OK in beta 1 19:43:07 <DavidWHodgins> lewyssmith: I think tmb is the primary developer for efi, but he's been too busy on other stuff. 19:43:21 <Kernewes> I'm surprised how good MATE is considering it's its first appearance in Mageia 19:43:22 <lewyssmith> EFI: Tony Blackwell & I would like to talk to him - or whoever 19:43:38 <DavidWHodgins> And the various desktop managers where mcc will not start 19:43:50 <lewyssmith> True... 19:44:42 <lewyssmith> Kernewes: Agree with you about Mate - nimble, too 19:44:52 <Kernewes> lewyssmith: yes, it is 19:45:56 <DavidWHodgins> Ah for quagga, we did figure out how to at least ensure the services start. See bug 5108 19:45:57 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=5108 normal, Normal, qa-bugs, qa-bugs, RESOLVED FIXED, quagga new security issues CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, quagga-0.99.18-1.1.mga1.src.rpm 19:46:17 <lewyssmith> DavidWHodgins: Is there any commitment to make EFI work natively for M4? 19:46:59 <Kernewes> lewyssmith: did you see MrsB's reply to a comment on the alpha 3 release blog post? 19:47:20 <lewyssmith> Possibly; but no memeory of same 19:47:45 <DavidWHodgins> It was very close to working in m3, except for a problem in the installer, getting grub2-efi to install. Unfortunately installer changes always seem to get left till the last minute, and it looks like that may happen again. 19:47:47 <Kernewes> lewyssmith: it was along the lines that it means big changes in the installer and we're a community of volunteers 19:47:58 <Kernewes> but we'll get it going as soon as possible 19:48:28 <DavidWHodgins> There are very few people who know perl, and the drakx* tools, who can fix it, and they are all overloaded with other things. 19:49:05 <lewyssmith> My 64-bit box only works EFI, & I would like to test Mageia on it/with it 19:50:05 <lewyssmith> More honestly, migrate to it 19:51:01 <wilcal> Hold a sec lew I have a suggestion 19:51:21 <lewyssmith> I agree with the sentiment that (classic installed) M4 A3 was promising 19:51:42 <wilcal> Three of my machines have this in them: 19:51:44 <wilcal> http://www.newegg.com/Product/Product.aspx?Item=N82E16817121 19:51:45 <DavidWHodgins> I once got my system to boot in efi mode, using an install from a Mageia 3 live dvd 19:51:46 <[mbot> [ Newegg.com - Computer Parts, PC Components, Laptop Computers, LED LCD TV, Digital Cameras and more! ] 19:52:02 <wilcal> I've a selection of a dozen drives I swap in and out 19:52:41 <DavidWHodgins> See bug 9730 19:52:41 <lewyssmith> wilcal: Up to you! 19:52:42 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=9730 major, Normal, tmb, tmb, NEW , Mageia 3 beta4 LiveDVD-KDE does not boot from pendrive in EFI environment, dracut draklive 19:53:04 <Luigi12> BTW I think python-twitter is the thing that will be updated to obsolete python-oauth2 19:55:22 <DavidWHodgins> Ok, anyone have anything else before I end the meeting? 19:55:29 <wilcal> I'm good 19:55:31 <lewyssmith> No 19:55:31 <Kernewes> not here 19:55:55 <wilcal> I should be here next week 2 19:56:00 <DavidWHodgins> Thanks everyone. Same time next week 19:56:04 <wilcal> Yep 19:56:08 <lewyssmith> Hwyl 19:56:08 <Kernewes> wilcal: how did your Opentech thing go? 19:56:11 <DavidWHodgins> #end meeting 19:56:19 <DavidWHodgins> #endmeeting