19:06:34 <MrsB> #startmeeting 19:06:34 <Inigo_Montoya> Meeting started Thu Jun 5 19:06:34 2014 UTC. The chair is MrsB. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:06:34 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:06:45 <MrsB> Hi all welcome to another one. 19:07:17 <MrsB> I noticed malo gave a meeting number if the packagers meeting, we should maybe have a count up too 19:07:42 <MrsB> #chair DavidWHodgins wilcal 19:07:42 <Inigo_Montoya> Current chairs: DavidWHodgins MrsB wilcal 19:07:44 <DavidWHodgins> #topic Who's new? Are you new? Come and say hello. 19:07:57 <MrsB> Is there anybody new here today? 19:08:00 <MrsB> thanks Dave :) 19:08:31 <MrsB> doesn't look like it 19:08:33 <DavidWHodgins> #topic Mageia 4.1 - Status update from Anne/Thomas please 19:08:39 <DavidWHodgins> ennael: ping 19:08:40 <MrsB> Ahaa 19:08:45 <MrsB> tmb ping 19:08:46 * ennael hides 19:08:52 <ennael> hi there 19:08:56 <tmb> hi 19:08:56 * MrsB rattles matches at ennael 19:08:57 <DavidWHodgins> ☺ 19:09:02 <ennael> :) 19:09:03 <wilcal> I've tried all the Live-media in Vbox and didn't find any problems 19:09:09 * ennael is late on isos 19:09:12 <MrsB> yep 19:09:14 <ennael> will do it tonight 19:09:33 <ennael> tmb: see the last openssl sec advisory ? 19:09:37 <wilcal> The Classic Installers we are still waiting for right? 19:09:42 <ennael> yep 19:09:42 <MrsB> yeah 19:10:23 <tmb> ennael, yep, and a couple of hours ago a local priv escalation on kernel dropped out of embargo too :/ 19:10:33 <MrsB> ohh noo 19:10:34 * ennael is tired :) 19:10:53 <MrsB> gnutls is probably important too if you're thinking of updating again 19:11:17 <DavidWHodgins> So will there be new live iso images too? 19:11:24 <ennael> well we have to take a decision at one moment 19:11:31 <ennael> we can wait ages for more updates 19:11:39 <MrsB> seem to have been a run on kernels recently 19:11:47 <MrsB> hi Bill W 19:12:04 <wilcal> More kernel updates coming? 19:12:08 <wrw105> Hi MrsB! One of my rare non-square weeks! 19:12:28 <MrsB> yes, welcome to the world of the there's 19:12:49 <ennael> tmb: wdyt ? 19:12:58 <wilcal> Good thing there's lots of baseball games on TV 19:13:15 <MrsB> it'll soon be world cup time too 19:13:27 <MrsB> football/soccer 19:14:08 <wilcal> Yes 19:14:30 <tmb> yeah, I have mixed feelings... it's a pain to start re-spinning kernels + isos again, but otoh releasing isos with somewhat high-profile security issues sucks too.. 19:14:37 <wilcal> It takes me a good full day and more to go through my proceedure of Vbox and real hardware testing of kernels 19:15:05 <tmb> not to mention killing QA in the process... 19:15:15 <wilcal> Mostly waiting for installs and reboots 19:15:20 <DavidWHodgins> I think it's worth waiting for, from what I've read about the bug. 19:15:29 <MrsB> Let's remember the reason for the ISOs though, it's more a bugfix for syslinux than a maintenance release 19:16:11 <MrsB> if we wait then let's not build new until everything is ready 19:17:18 <MrsB> shall we vote? 19:17:28 <ennael> is kernel update ready ? 19:17:31 <DavidWHodgins> I say wait 19:18:26 <tmb> I can re-spin kernel tonight.. 19:18:39 <wrw105> If I'm gathering right and there's a big kernel bug coming down the pike, that would be worth waiting, especially since that should be it for isos until MGA5, correct? 19:18:58 <MrsB> Whenever we do continue with ISOs we need you both to be reactive though please, our updates list builds at a rate of 3 or 4 a day at the moment so we can't look the other way for extended periods 19:18:59 <DavidWHodgins> Yes 19:20:33 <tmb> so, do we focus on getting new kernel, and openssl on them and then we dont change anything anymore no matter what ? 19:20:56 <DavidWHodgins> Sounds good to me. 19:21:08 <MrsB> i think we have to do that at some point, it makes sense to include the kernel though. 19:21:42 <MrsB> in the space of 3 days (probably) we could have them tested and released - if nothing goes wrong 19:21:52 <DavidWHodgins> We have to stop at some point, or it will not get released before Mageia 5. 19:23:35 <tmb> ennael, can you build isos tomorrow night at the latest ? so there would be the weekend for testing / flushing them out ? 19:24:01 <wilcal> I've a mostly open Sat/Sun 19:24:15 <MrsB> I don't usually get much time at weekends but if there are people around then it's ok 19:24:28 <tmb> I mean after I have rebuilt the kernels and redone the prepping of the install tree ? 19:24:35 <MrsB> Dave will you be able to help too? 19:24:47 <DavidWHodgins> I hope so 19:25:27 <tmb> I now have hw at home so I can test nvidia, intel and fglrx drivers too 19:26:22 <MrsB> dvg_i: thanks for your email 19:26:54 <dvg_i> MrsB: yw, doesnt help you much though 19:27:23 <MrsB> no worries, mga5 will be beginning of July. 19:27:33 <dvg_i> okay! 19:27:45 <tmb> and the https://bugs.mageia.org/show_bug.cgi?id=13484 needs to be validated (but I can pull it in for iso builds before if needed) 19:27:46 <[mbot> Bug 13484: critical, Normal, qa-bugs, NEW , openssl new security issues CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, openssl-1.0.1e-8.5.mga4.src.rpm 19:28:32 <MrsB> openssl is easy to test so it shouldn't be a problem 19:28:39 <DavidWHodgins> Just installed that update on my main system. Seems to be working ok so far. I'd go ahead and include it. 19:29:33 <MrsB> https://wiki.mageia.org/en/QA_procedure:Openssl 19:30:21 <MrsB> something to keep your mind of beer Dave :D 19:30:27 <MrsB> off* 19:30:41 <DavidWHodgins> lol 19:31:11 <tmb> ok, seems I killed ennael... 19:31:29 <MrsB> So to summarise anyway, we're agreed to rebuilding with new kernel and openssl? Does anybody not agree? 19:31:42 <DavidWHodgins> I agree 19:31:50 <wilcal> I agree 19:32:10 <wrw105> seems reasonable to me. 19:32:17 <tmb> I agree 19:32:40 <RemyServices> ok with me 19:32:53 <MrsB> hi RemyServices 19:33:13 <RemyServices> Hey there MrsB 19:33:27 <MrsB> #agreed ISOs will be rebuilt with new kernel (another one!) and openssl both sec updates 19:33:52 <MrsB> Is there anything more on this at the moment? 19:34:01 <wilcal> Not here 19:34:11 <MrsB> hiya lewis 19:34:21 <DavidWHodgins> #topic Testing updates - What we _need_ more people to do. 19:34:32 <lewyssmith> Better late than never: Evening all. 19:34:36 <wilcal> Hello lewis it wouldn't be an offical meeting without lewis 19:34:38 <MrsB> Ahh yes, thanks Dave 19:34:45 <diogenese> :) 19:34:55 <MrsB> How are we doing with updates, it's gone a bit quiet 19:35:03 <MrsB> the list is growing again :\ 19:35:26 <wilcal> Poking at a few last few days but have been busy editing video 19:35:28 <lewyssmith> I have a looke when I can - but have no time at all letely. 19:35:32 <MrsB> diogenese: (hi!) has agreed to test mediawiki as it's something he's very familiar with 19:36:35 <MrsB> openssl is simple, it basically tests itself. Wilcal could you work with Dave tonight maybe to get that one validated please 19:36:59 <wilcal> I think I've worked on openssl in the past 19:37:10 <MrsB> https://wiki.mageia.org/en/QA_procedure:Openssl 19:37:20 <MrsB> even have that one on the wiki :O 19:37:36 <wilcal> ya 19:37:37 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=12096 19:37:38 <[mbot> Bug 12096: critical, Normal, qa-bugs, RESOLVED FIXED, openssl new security issue CVE-2013-6449, openssl-1.0.1e-1.mga3.src.rpm 19:37:38 <DavidWHodgins> Pretty much, it's just a matter of installing the update, and ensuring https sites work. 19:37:42 <tmb> oh, mediawiki 1.23 is finally released... doc team will be pleased 19:37:48 <RemyServices> I'll work OpenSSL as well, should be able to do mga4 x86 and x64 19:38:00 <MrsB> great, that's a big help guys thanks 19:38:12 <MrsB> any others that look tempting? 19:38:31 <MrsB> wordpress is dead easy. I tested mga4 32 this evening 19:38:33 <wrw105> I started playing with wordpress on mga4, and the install was noarch, so I can try it on mga3 tomorrow --I can hit the library for more bandwidth.... 19:38:53 <wilcal> Why do we have just one kernel 13449 19:39:01 <MrsB> great, thanks, so we can tick two off the list! 19:39:21 <MrsB> it's the one which goes onto the ISOs, the others can be updated separately 19:39:26 <tmb> wilcal, because it was prepped for the mga4.1 isos, and the rest delayed 19:39:31 <wilcal> k 19:39:43 <MrsB> good question tho 19:39:59 <lewyssmith> I have lined up ( & done) the Tor thing for others to try. 19:40:08 <wrw105> Is that the one we've been discussing or is there another build coming (sorry....that's what happens when you're unsquared late!) 19:40:14 <DavidWHodgins> tor is easy, once you learn how to configure your browser to use a socks proxy. 19:40:16 <MrsB> yeah well done, Tor is another relatively simple one 19:40:17 <wrw105> The kernel that is... 19:41:14 <MrsB> the kernel we have in testing will be updated again, and it'll be included on the ISOs. Testing the ISOs tests the kernel anyway so that testing essentially validates it 19:41:27 <wilcal> A question for tmb on https://bugs.mageia.org/show_bug.cgi?id=13450 19:41:37 <[mbot> Bug 13450: normal, Normal, qa-bugs, NEW , Update request: nvidia-current-331.79-1.mga4, nvidia-current-331.79-1.mga4.nonfree.src.rpm 19:41:51 <wilcal> I've tested this thing extensively on my 64-bit platform 19:42:16 <wilcal> can I just run the 32-bit install on the same platform or is that not a valid test 19:42:55 <DavidWHodgins> wilcal: That's a valid test. 19:43:12 <wilcal> Then I'll proceed with that one 19:43:18 <tmb> on real hw it's always a valid test 19:43:18 <MrsB> there will be new nvidia kmod modules (the prebuilt ones) with the new kernel, so again testing the isos will count towards validating that too 19:44:36 <MrsB> Are there any other updates that look scary? 19:44:48 <wilcal> I always want to make sure that my Vbox system with nvidia works after a nvidia update 19:45:05 <wilcal> I remember one time it bounced back to nouveau 19:46:24 <MrsB> We need to do our best to clear the security updates before the ISOs are built 19:46:32 <DavidWHodgins> wilcal: Make sure the mirror you're getting the updates from has finished syncing, so it has all of the kernel module packages. 19:46:52 <wilcal> I resync automatically every day at 04:05AM 19:47:03 <lewyssmith> DavidWHodgins: How do you know that? 19:47:28 <wilcal> I run a little log file to tell me when it starts and when it starts 19:47:41 <diogenese> This is a helpful link to see if the mirror's are up to date: http://mirrors.mageia.org/status 19:47:47 <DavidWHodgins> lewyssmith: By getting used to what packages are normally included in a kernel update 19:47:50 <wilcal> rsync start M3: 19:47:52 <wilcal> Fri May 2 06:18:40 PDT 2014 19:47:53 <wilcal> rsync start M4: 19:47:55 <wilcal> Fri May 2 06:18:56 PDT 2014 19:47:56 <wilcal> rsync start M5: 19:47:58 <wilcal> Fri May 2 06:19:03 PDT 2014 19:47:59 <wilcal> rsync stop: 19:48:01 <wilcal> Fri May 2 06:36:47 PDT 2014 19:48:07 <wilcal> opps here's todays 19:48:20 <wilcal> rsync start M3: 19:48:21 <wilcal> Thu Jun 5 04:02:13 PDT 2014 19:48:23 <wilcal> rsync start M4: 19:48:24 <wilcal> Thu Jun 5 04:03:06 PDT 2014 19:48:26 <wilcal> rsync start M5: 19:48:27 <wilcal> Thu Jun 5 04:03:41 PDT 2014 19:48:29 <wilcal> rsync stop: 19:48:30 <wilcal> Thu Jun 5 04:46:36 PDT 2014 19:49:06 <Luigi12_work> cool, I'll probably wait until 1.23.1 comes out and the ldapauthentication and math extensions should be updated for 1.23 by then and then update us to that. 1.22 expires in December, so we'll need to move to 1.23 anyway, and 1.23 is an LTS. 19:49:29 <DavidWHodgins> My rsync script runs every hour, useally selecting kernel.org, which appears to sync about 20 minutes into the hour. 19:49:29 <Luigi12_work> MediaWiki I meant, just in case I lost anybody. Hi, BTW :o) 19:49:40 <MrsB> hi Luigi12_work 19:49:46 <diogenese> I'm paying attention ;) 19:49:47 <wilcal> Hello luigi 19:49:47 <MrsB> let's move on to your bit 19:49:55 <DavidWHodgins> #topic Luigi's Roundup - The weekly security updates update 19:49:58 <Luigi12_work> w00t 19:50:00 <MrsB> thanks Dave 19:50:32 <MrsB> #info mediawiki will be updated to 1.23 and diogenese has volunteered to test it \o/ 19:50:41 <Luigi12_work> as far as the things in the pipeline, same as last week, still need lots of help. An apprentice is working on ctdb. I tried updating tomcat but 7.0.54 doesn't build, so that's on hold for the moment. 19:50:43 <diogenese> lol 19:50:51 <Luigi12_work> just to be clear we'll get the current mediawiki update pushed first :o) 19:50:57 <MrsB> oh :( 19:51:09 <MrsB> #undo 19:51:09 <Inigo_Montoya> Removing item from minutes: <MeetBot.items.Info object at 0x869c6ac> 19:51:36 <Luigi12_work> 1.23.0 just came out today. Like I said, I'll wait for 1.23.1 to move us. 19:52:04 <MrsB> #info mediawiki will be updated to 1.23.1 but after the current update has been pushed. diogenese has still volunteered to tes it \o/ 19:52:21 <diogenese> Yes. 19:52:31 <Luigi12_work> so you've already been discussing the latest SSL/TLS update du jour, I'm sure that'll get some press 19:52:31 <MrsB> thanks 19:52:54 <DavidWHodgins> Luigi12_work: Yes 19:52:54 <Luigi12_work> we also have a few other updates in red. It's kind of like a lady in red, but less nice to look at. 19:53:41 <Luigi12_work> would be nice to get php pushed along with file (same CVEs). I'll help test that too. 19:53:41 <MrsB> #info Luigi12_work needs packager help please with tomcat and a raft of other things 19:54:04 <Luigi12_work> tomcat I think I can handle...just have to wait for upstream to fix it or Fedora to update it on their end 19:54:19 <MrsB> ok, won't hurt to leave the info anyway :) 19:54:32 <Luigi12_work> sure, as long as the tomcat doesn't scare anybody away :o) 19:54:52 <Luigi12_work> hopefully it's a nice tomcat 19:54:59 <MrsB> if there are any specific you want to mention, add an info while we're here 19:55:04 <tmb> Luigi12, is there some deps between file and php ? since file is validated but not pushed yet ? 19:55:07 <Luigi12_work> I see we'll have another kernel coming, yay? 19:55:21 <Luigi12_work> tmb: no, php bundles its own file/libmagic 19:55:49 <Luigi12_work> it's pretty old too :o( 19:55:58 <Luigi12_work> they finally updated it in php 5.6 beta 19:56:01 <wilcal> I have a security question for Luigi before we finish here 19:56:07 <Luigi12_work> go ahead :o) 19:56:17 <wilcal> How does the TrueCrypt thingy effect us, if at all? 19:56:40 <Luigi12_work> DavidWHodgins can probably better answer that...I don't think we use it, but I don't really know anything about it 19:57:05 <MrsB> it's an application isn't it, rather than a method 19:57:21 <wilcal> Yes, I think I tried it once on M3 19:57:32 <DavidWHodgins> wilcal: As far as I know, we don't use it at all. We use luks by default. 19:57:43 <wilcal> It's not in our repos 19:58:04 <wilcal> so whatever goes on there no need for cycles here 19:58:06 <Luigi12_work> so as long as the US government doesn't try to shut down Mageia because we include LUKS, it shouldn't affect us :o) 19:58:16 <MrsB> never say never 19:58:19 <DavidWHodgins> :-) 19:58:23 <wilcal> thanks 19:58:36 <lewyssmith> MrsB: Only you did! 19:58:40 <MrsB> oops :\ 19:58:49 <Luigi12_work> that's all I have for this week (it's nice outside....) 19:58:57 <MrsB> Thanks Luigi12_work 19:59:00 <diogenese> It is at that. 19:59:08 <MrsB> hasn't slowed the pace though 19:59:26 <Luigi12_work> security researchers must sunburn easily 19:59:32 <MrsB> lol 19:59:39 <DavidWHodgins> lol 19:59:43 <diogenese> It's the allergies. 19:59:43 <DavidWHodgins> I do 19:59:57 <DavidWHodgins> I have hayfever too! 20:00:06 <MrsB> you're proper falling to bits 20:00:12 <wilcal> Bad time of year to have hayfever 20:00:14 * Luigi12_work gives DavidWHodgins a hay five 20:00:19 <DavidWHodgins> lol 20:00:36 <MrsB> We're nearly there then 20:00:39 <DavidWHodgins> #topic Anything else? 20:00:43 <MrsB> tah 20:00:50 <MrsB> Is there anything else? 20:01:02 * MrsB glances at wilcal 20:01:09 <wilcal> Florian just passed on 12781 so that should be passed on to QA 20:01:11 <DavidWHodgins> Exceptions to our updates policy, to allow isodumper as an update 20:01:20 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=12781 20:01:21 <[mbot> Bug 12781: normal, High, doktor5000, ASSIGNED , Remote CUPS server not being detected automatically, only when searching for hostname, system-config-printer 20:01:31 <MrsB> we did that Dave I think didn't we 20:02:04 <DavidWHodgins> Not yet, as far as I know, though I've missed some meetings. 20:02:08 <MrsB> sounds like it's not quite ready yet wilcal 20:02:38 <Luigi12_work> DavidWHodgins: did you notice the chkrootkit false positive got fixed for mga3? :o) 20:02:47 <DavidWHodgins> Yes 20:03:06 <wilcal> Makes me nervious to see anything done with CUPS until 12781 gets passed on 20:03:25 <MrsB> #info MrsB to check whether we did isodumper 20:03:31 <MrsB> #undo 20:03:31 <Inigo_Montoya> Removing item from minutes: <MeetBot.items.Info object at 0x866e1ac> 20:03:38 <MrsB> #action MrsB to check whether we did isodumper 20:03:39 <wilcal> like: 20:03:40 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=13273 20:03:41 <[mbot> Bug 13273: critical, Normal, qa-bugs, NEW , cups-filters new security issues fixed upstream in 1.0.53, cups-filters-1.0.52-1.mga5.src.rpm 20:03:48 <Luigi12_work> that's cups-filters, not cups 20:04:01 <DavidWHodgins> Should we start allowing any leaf package to be added, or state that it's only for packages to make upgrading easier? 20:04:11 <Luigi12_work> MrsB: I thought you were going to delegate that when you deleted the action item :o) 20:04:36 <MrsB> it's exceptions only Dave. New packages can be added via backports though. 20:04:38 <Luigi12_work> I'm firmly against allowing adding a bunch of new packages 20:05:26 <MrsB> bug 12766 is nearly there thanks largely to anaselli so backports shouldn't be down for too much longer anyway 20:05:28 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=12766 major, Normal, thierry.vignaud, NEW , Existence of backports packages causes problems in rpmdrake, rpmdrake-6.10-1.mga4.src.rpm 20:05:28 <DavidWHodgins> Luigi12_work: Me too, but I'd like to allow packages like isodumper that make upgrading easier in. 20:05:46 <Luigi12_work> DavidWHodgins: yeah I'm fine with this particular exception 20:06:07 <MrsB> we allowed that one I think anyway Dave, for that reason 20:06:37 <anaselli> MrsB: unfortunately i cannto build a mirror to fix last thing we found in the near future :/ 20:06:41 <anaselli> cannot 20:06:42 <MrsB> IIRC mga3 had some problems and they were going to package the mga4 version fo mga3 too 20:07:01 <MrsB> hi anaselli, didn't realise you were here too \o/ 20:07:10 <DavidWHodgins> Ahh. isodumper is available. I missed seeing that one being added. 20:07:27 <anaselli> quassel woke me up :D 20:07:39 <MrsB> I have a mirror but lacking time at the moment anaselli, sorry :\ 20:08:01 <diogenese> I woke to the ruckus in the next room myself. 20:08:10 <anaselli> next week I'm out of office for job, so maybe next week end 20:08:15 <anaselli> MrsB: 20:08:25 <anaselli> not the incoming 20:08:30 <MrsB> we'll be on ISOs the weekend so next weekend is probably better really 20:08:41 <MrsB> on isos this weekend * 20:09:18 <wilcal> isos & kernels this weekend? 20:09:28 <MrsB> if we get time I'll look at it next week but we're a bit snowed under at the moment again 20:09:50 <MrsB> yes, isos will include the kernels from testing 20:10:23 <wilcal> That makes it easier 20:11:02 <MrsB> openssl is priority and wordpress and then everything else starting from the top and working down 20:11:50 <MrsB> Is there anything else else? 20:11:55 <wilcal> not here 20:12:20 <lewyssmith> Just like to say glad to see Dave back & kicking. 20:12:27 <diogenese> :) 20:12:28 <MrsB> yes, well said lewis 20:12:34 <DavidWHodgins> Hmm. In mga 3, isodumper is still in updates testing, not updates. 20:12:35 <wilcal> Yup nice to see you David 20:12:38 <MrsB> dude :) 20:12:39 <DavidWHodgins> Thanks 20:12:58 <MrsB> yes there were issues with it Dave, they were going to update it to same version as 4 20:13:30 <DavidWHodgins> Ok 20:13:34 <tmb> DavidWHodgins, https://bugs.mageia.org/show_bug.cgi?id=12702 20:13:35 <[mbot> Bug 12702: normal, Normal, qa-bugs, NEW , Update Candidate: isodumper 0.21 for Mageia 3 (new package), isodumper-0.21-1.mga3 20:13:42 <MrsB> thanks tmb 20:14:24 <MrsB> T - 5 then 20:14:33 <MrsB> thanks for coming everbody 20:14:36 <MrsB> 4 20:14:38 <MrsB> 3 20:14:39 <MrsB> 2 20:14:41 <MrsB> 1 20:14:44 <MrsB> #endmeeting