#mageia-qa log

19:00:09 <wilcal> #startmeeting
19:00:09 <Inigo_Montoya`> Meeting started Thu Apr 17 19:00:09 2014 UTC.  The chair is wilcal. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:09 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:29 <lewyssmith> Good!
19:00:34 <wilcal> Hi ya david
19:00:39 <DavidWHodgins> HiYa
19:00:46 <wilcal> #chair DavidWHodgins
19:00:46 <Inigo_Montoya`> Current chairs: DavidWHodgins wilcal
19:00:50 <tmb> hi all
19:00:51 <wilcal> there you're in charge too
19:00:58 <wilcal> Glad you are here
19:01:07 <wilcal> MrsB does not think she can attend
19:01:33 <lewyssmith> Now we are at least 4.
19:01:48 <DavidWHodgins> Saw the msg a few minutes ago. Standard topics, I guess then.
19:01:53 <DavidWHodgins> #topic Who's new? If you are new then come & meet the team
19:02:04 <wilcal> Yes, well go by the standard format
19:02:23 <DavidWHodgins> So, anyone here who has not been to a qa irc meeting before?
19:03:03 <DavidWHodgins> Doesn't look like it.
19:03:06 <wilcal> Sounds pretty quiet
19:03:08 <DavidWHodgins> #topic Testing updates
19:03:31 <wilcal> I think between us there are a few issues we can "talk" about here
19:03:47 <DavidWHodgins> Go ahead
19:03:58 <wilcal> There are some in the list that have been there a long time
19:04:22 <wilcal> I just gave lightdm a try again and ran into the same thing I saw last time
19:04:30 <lewyssmith> Repeat: they are mostly very obscure.
19:04:59 <wilcal> the NTFS partitions thing has been there way too long
19:05:26 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=12977
19:05:27 <[mbot> Bug 12977: critical, Normal, qa-bugs, ASSIGNED , audit initscript causes ordering cycles at boot leading to dbus+NetworkManager failure incl. KDE plasma applet crashes, auditd
19:05:29 <wilcal> way too long
19:06:11 <DavidWHodgins> As bugfix updates, they've had to take a backseat to all of the security updates.
19:06:42 <wilcal> I've been trying to contribute as best I can to the security stuff
19:06:49 <wilcal> knocked a couple off last weekend
19:07:13 <lewyssmith> The KDE plasma one is wierd because it changes its nature from beginning to end. I looked at it, & was not sure what to actually test.
19:07:27 <wilcal> I'm happy to see you back David as you can help coach me on how to do advisories
19:07:44 <wilcal> A lot of them are that way lewy
19:08:04 <wilcal> we've gotta formulate a plan on how to handle these
19:08:28 <wilcal> Some of these are not bugs their careers
19:08:29 <DavidWHodgins> Which bug is the kde plasma one?
19:08:43 <lewyssmith> 12670
19:09:10 <lewyssmith> Sorry, 12977
19:09:59 <lewyssmith> It is all about 'audit'.
19:10:37 <DavidWHodgins> Ah. I remember that one now.
19:11:05 <lewyssmith> I would do it if I knew what to try.
19:11:28 <DavidWHodgins> Would be good if we can get Albert to help testing that one.
19:12:05 <wilcal> I would accept it if Albert said it was fixed
19:12:11 <wilcal> even though he reported it
19:13:06 <lewyssmith> I think this is a good principle.
19:13:35 <DavidWHodgins> If he confirms it fixes the problem on his system, we still have to test the other arch, to ensure it installs cleanly, and starts ok.
19:14:10 <DavidWHodgins> He reported it for x86_64, so it will still need some testing on i586.
19:14:44 <lewyssmith> Thomas Spuhler has tried it, but his tests had nothing in common with the original complaint.
19:16:07 <DavidWHodgins> systemd startup dropping jobs, really depends on what else you have installed, which does make it harder to duplicate.
19:17:07 <wilcal> Is this a widely used function? Critical to basic operation of M4/KDE?
19:17:27 <DavidWHodgins> When there is a bug we cannot duplicate, we just test that the package installs cleanly, and starts normally.
19:17:31 <DavidWHodgins> no
19:17:50 <lewyssmith> 13014: setup the mail system using amavisd and clamd for virus
19:17:54 <wilcal> Then we should just make sure it installs and starts normally and push it
19:18:09 <DavidWHodgins> audit doesn't actually have anything to do with kde.
19:18:15 <wilcal> "setup the mail system using amavisd and clamd for virus" that's a career not a test
19:18:34 <lewyssmith> Easier said than done. Why it has waited.
19:18:55 <DavidWHodgins> It's because it's causing systemd to drop various jobs, due to dependency loop, that causes the problems to show up in kde.
19:19:11 <DavidWHodgins> :-)
19:19:24 <wilcal> Sometimes not all the time
19:20:47 <lewyssmith> 13014: Again, I would have a go if I knew what it is about.
19:21:33 <DavidWHodgins> Leave that one to me. I'll try and have a go at it over the next couple of days.
19:22:34 <lewyssmith> Or advise me by e-mail.
19:22:58 <lewyssmith> 12496: Still being debated, it seems to me. Can it be greyed?
19:23:00 <wilcal> Are we in good shape to test:
19:23:01 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=13219
19:23:03 <[mbot> Bug 13219: major, Normal, qa-bugs, NEW , systemd stack-based buffer overflow in systemd-ask-password, systemd-208-14.mga5.src.rpm
19:23:22 <DavidWHodgins> I've looked at amavisd in the past, but it's been a long time, and I'll have to research it a bit.
19:23:54 <DavidWHodgins> Does it have a proof of concept? I haven't looked at that one yet.
19:24:26 <lewyssmith> The fix is really simple, so I think just general stability tests are sufficient (ideally booting in a range of different setups - especially on MGA4 where various other "stable release" patches are included
19:24:33 <wilcal> I see a new systemd rpm in my core_testing repo this morning
19:24:54 <lewyssmith> I cited Clin.
19:24:57 <wilcal> so just update to it, reboot and make sure things are working?
19:24:58 <lewyssmith> Colin.
19:25:11 <lewyssmith> wilcal: Seems so.
19:25:31 <wilcal> I should be able to give that a go tomorrow morning for me
19:25:46 <lewyssmith> Me too, or Saturday.
19:26:00 <wilcal> All the others are bugfixes and I try them as best I can contribute
19:26:27 <wilcal> Lets move on and see if Luigi is here
19:26:53 <wilcal> Luigi12_lappy: ping
19:26:53 <DavidWHodgins> #topic  Luigi's Roundup
19:26:55 <tmb> I can try to hammer on the systemd one too as I have both mga3 and mga4 live systems here
19:27:07 <wilcal> thks tmb
19:27:50 <wilcal> The number of security bugs is pretty low
19:28:03 <DavidWHodgins> Luigi12_work: ping
19:28:24 <wilcal> As you probably know I have all the active archs in Vbox and updated
19:28:33 <DavidWHodgins> Finally. Thanks for taking care of them while I've been mostly inactive.
19:28:42 <wilcal> Your the best David
19:28:58 <wilcal> I do as best I can surrounded by geniuses
19:29:18 <wilcal> Hello Luigi
19:29:38 <DavidWHodgins> wilcal: Good. If you have the space, it's also a good idea to have all 4 in real installs, seperate from what you use for normal day to day use.
19:30:11 <wilcal> I'm in love with Vbox on M4 it's really nice
19:30:41 <wilcal> blow up the installs as needed  :-))
19:30:52 <DavidWHodgins> On my system, with 16GB of ram, I've had as many as 7 vb guests running all at the same time.
19:30:55 <wilcal> Luigi is pretty quiet
19:31:13 <DavidWHodgins> Doesn't look like he's around today.
19:31:25 <tmb> speaking ov vbox, there vill be a vbox security update on mga4, and I'll fix up the mga3 one too
19:31:42 <wilcal> thks for the heads up tmb
19:32:01 <wilcal> Vbox in Vbox don't work so good :-((
19:32:01 <DavidWHodgins> Hopefully, it'll work with m3 i586 guests.
19:32:22 <DavidWHodgins> It isn't expected to. :-)
19:32:22 <wilcal> Last Vbox update I built new systems
19:32:24 <tmb> and then there will land full sets of kernel updates on both mga3 and mga4... I already have them built, but I wnat to verify some stuff before handing them over to qa
19:32:40 <wilcal> Removable HD systems make it eas but time consuming
19:32:47 <wilcal> easy
19:33:19 <wilcal> the kernel stuff can be tested in Vbox for me
19:34:05 <DavidWHodgins> I have 4 installs on real hardware, I use for testing things like kernels, vbox, etc. And use a script to backup/restore each, as needed, similar to vbox snapshots.
19:34:17 <tmb> you can test the kernels right now if you want... (otoh I havent rebuilt the kmods yet)
19:34:27 <DavidWHodgins> wilcal: The kernels should be tested both in vb and on real hardware.
19:34:51 <wilcal> I agree David just need an open weekend with lots of Baseball games on TV  :-))
19:35:22 <DavidWHodgins> Yep. Testing all of the kernels is tedious.
19:35:48 <wilcal> On to anything else???
19:35:55 <DavidWHodgins> tmb: What's the difference between the tmb kernels and the regular kernels?
19:36:26 <wilcal> Specail tmb kernels are not for the feint of heart :-))
19:36:37 <DavidWHodgins> #topic Anything else?
19:36:40 <lewyssmith> QA are perilously few at present.
19:36:52 <wilcal> I've one thing to present here
19:37:01 <tmb> DavidWHodgins, reiser4 support, BFS cpu scheduler, TuxOnIce suspend/resume support, other stuff tested before landing in core kernel
19:37:33 <DavidWHodgins> tmb: Ok. Thanks.
19:37:38 <DavidWHodgins> wilcal: Go ahead
19:37:40 <wilcal> openssl-1.0.1e-8.2.mga4.i586.rpm dated 7 April 2014
19:37:41 <wilcal> openssl-1.0.1e-1.5.mga3.i586.rpm dated 7 April 2014
19:37:43 <wilcal> All included a heartbleed fix backported from openssl-1.0.1g
19:37:44 <wilcal> true or false?
19:37:52 <DavidWHodgins> True
19:38:12 <wilcal> Kool then I think just this simple thing should be in our Blog
19:38:20 <wikigazer> are there plans to make 1.0.1g (or later)?
19:38:27 <wilcal> tmb?
19:38:44 <tmb> not unless we have to
19:38:49 <wikigazer> k
19:39:01 <DavidWHodgins> wilcal: We don't upgrade versions on stable release, unless the fix is too difficult to backport.
19:39:25 <wilcal> Thks but I don't think that needs to be in the blog just the simple statement
19:39:31 <tmb> libs used in a lot of places we dont want to upgrade as they might trigger a lot of needed rebuilds
19:39:45 <wilcal> that for doktor500 to point to on the forum
19:40:15 <tmb> they are supposed to be api/abi stable, but sometimes there are issues
19:40:26 <wikigazer> stable is good
19:40:44 <wikigazer> stick with stable
19:41:06 <wilcal> The heartbleed issue(s) are still screaming through the press over here
19:41:32 <wilcal> David the Canadian Tax department shut down over it???
19:41:37 <wikigazer> yes, it's really huge. It could have effects for years with fallout from certificate issues
19:41:41 <tmb> yeah, and we haven't seen the full fallout of it yet
19:42:00 <wilcal> We just need a simple statement easy to understand to point to
19:42:03 <wikigazer> top marks to mageia for getting the fix out quick
19:42:28 <wilcal> Mageia reacted in about 4-days
19:42:29 <DavidWHodgins> Yes, but they are back up now, and caught the guy who was trying out the exploit on the system.
19:42:34 <tmb> and what many people dont realize is that you can abuse on both server and client side
19:42:44 <wikigazer> yes
19:43:03 <DavidWHodgins> Yes, a malicious server can exploit it.
19:43:47 <wikigazer> https://twitter.com/lennyzeltser/status/455405328260399104
19:43:48 <[mbot> [ Twitter / lennyzeltser: 3 excellent explanations of ... ]
19:44:58 <DavidWHodgins> Ok. Anything else before we close the meeting?
19:45:09 <lewyssmith> Repeat: we are too few.
19:45:14 <wilcal> I'm done thank you all for a very productive meeting
19:45:27 <DavidWHodgins> :-)
19:45:36 <wilcal> waiting bugs list is slowly coming down
19:45:41 <wilcal> few security bugs
19:45:56 <wilcal> I opened it you get to close it David
19:46:06 <DavidWHodgins> #endmeeting