#mageia-qa log

20:06:07 <MrsB> #startmeeting
20:06:07 <Inigo_Montoya`> Meeting started Thu Feb 25 20:06:07 2016 UTC.  The chair is MrsB. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:06:07 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:06:12 <tjandrews> Two strings/bale. Bales are about 3 feet long and 50-60 lb. each. There's more than enough twine for that much, but you always have problems that use extra.
20:06:29 * MrsB learns
20:06:42 <MrsB> Morning everybody, welcome to another meeting
20:06:52 <MrsB> all still awake?
20:06:59 <tarazed> zzzz
20:07:14 <lewyssmith> Busy with that Wiki....
20:07:16 <tjandrews> Snacking on an orange.
20:07:23 <hviaene> Hi all
20:07:36 <MrsB> hi herman, thomas
20:07:43 <MrsB> WHo's going to be Dave today?
20:07:49 <tmb> hi all
20:08:19 <MrsB> #chair wilcal lewyssmith
20:08:19 <Inigo_Montoya`> Current chairs: MrsB lewyssmith wilcal
20:08:29 <MrsB> Bill you're it
20:09:15 <MrsB> #topic Who's new?
20:09:26 * MrsB does Dave
20:09:35 <MrsB> Is there anybody new here today?
20:10:09 <MrsB> doesn't look like it
20:10:18 <lewyssmith> #topic Mageia 6 - We ask what progress there is :)
20:10:25 <MrsB> #topic Mageia 6
20:10:33 <MrsB> tmb ennael :)
20:10:51 <MrsB> I saw some good news from Anne earlier
20:11:42 <MrsB> <ennael> [12:19:34] we should have finally a fix for that boot pb, tonight <ennael> [12:19:53] tv will provide it. I'll test it and if it's ok I'll rebuild isos
20:12:01 <MrsB> It's not much of a meeting if I'm on my own :\
20:12:32 <wilcal_> back laptop hikcup
20:12:33 * tjandrews holds breath
20:12:44 <MrsB> #chair wilcal_
20:12:44 <Inigo_Montoya`> Current chairs: MrsB lewyssmith wilcal wilcal_
20:12:53 <MrsB> you're Dave btw Bill
20:12:58 <wilcal_> lol
20:13:09 <tarazed> Managed to boot a 32bit system - installed from hard disk.
20:13:15 <tmb> Unfortunately, I haven't tried anything since last meeting since my health toke a dive... but as I seem to get better, hopefully I can build some stuff after tv/ennael have confirmed the fixed stuff
20:13:59 * tjandrews doesn't want tmb to overdo
20:14:04 <MrsB> glad you're feeling better, sad you felt worse though :(
20:14:22 <tarazed> Are we still on dev1?
20:14:33 <MrsB> almost yes
20:15:18 <MrsB> #info There is progress with Isolinux so ISOs may be imminent
20:15:30 <wilcal_> weekend for sure i hope
20:15:31 <MrsB> let's move on then as everyone is sleeping
20:15:38 <wilcal_> boot.iso too?
20:15:42 <MrsB> #topic Testing updates & backports
20:16:19 <MrsB> boot.iso is always current wilcal_
20:16:32 <wilcal_> if there ever was a golden backport it's mpv
20:16:36 <MrsB> http://madb.mageia.org/tools/updates
20:16:38 <[mbot> [ Mageia App Db - Current Update candidates ]
20:16:45 <wilcal_> that's one nice package
20:16:48 <tmb> wilcal_, yeah, boot*.iso + classical isos use same build process
20:16:59 <MrsB> #info we have a number of backports ready to be pushed. Sysadmins are aware.
20:17:05 <tjandrews> I just noticed the vlc update before coming here, but I see it's already had several tests. Need more?
20:17:29 <wilcal_> multiple people should test vlc
20:17:33 <MrsB> #info We had around 10 new updates added today
20:17:39 <tarazed> It is hard to know what all the plugins are for.
20:17:56 <wilcal_> can be used lots of different ways
20:17:59 <tjandrews> I use it a LOT for watching mp4 videos.
20:18:31 <MrsB> Don't get carried away with it though, test it, if it seems ok, validate and move on
20:18:46 <lewyssmith> bug17770 steam: I think it warrants a 32-bit test if possible, because it is apparently a 32-bit pkg.
20:18:49 <tarazed> Yes there was a lull but it is growing.
20:19:10 <MrsB> We've done really well reently and with ISOs expected soon we really have to keep on top of things
20:20:15 <MrsB> https://bugs.mageia.org/show_bug.cgi?id=17770
20:20:17 <[mbot> Bug 17770: major, Normal, qa-bugs, NEW , steam : crash launch libGL error, steam-1.0.0.51-1.mga5.nonfree.noarch
20:20:41 <MrsB> #info Lewis has uploaded his first advisory :) Well done!
20:20:56 <tjandrews> It's a bit easier to keep up when the isos aren't coming thick and fast.
20:21:01 <tarazed> Good man.
20:21:10 <lewyssmith> MrsB: Thanks for your comments. Missing th -m ....
20:21:31 <tarazed> Will try steam on ancient 32bit laptop.
20:21:34 <MrsB> Yeah, it's important we keep the updates list to a minimum ready for more ISOs tj
20:22:07 <MrsB> it's probably easier than you think when you get going lewis
20:22:26 <MrsB> goo dman len
20:22:41 <lewyssmith> tarazed: Yes, thanks Len.
20:23:11 <MrsB> I haven't looked since we had the influx but are there any there which look scary?
20:23:59 <wilcal_> i'd like to see someone familiar with drupal really take a look at that proceedure
20:24:22 <MrsB> procedure for webapps is pretty much the same for all of them
20:24:39 <MrsB> create a database and supply the details to the web app during installation
20:24:54 <wilcal_> but taking the drupal proceedure step by step is not successful and assumes db familiarity
20:25:02 <lewyssmith> I think I have Drupal installed. Can try the update.
20:25:35 <wilcal_> thks lewys
20:25:54 <MrsB> It's good if we can test mysql & postgresql for that one
20:25:57 <lewyssmith> wilcal_: The procedure should specifiy the DB commands necessary.
20:26:18 <wilcal_> should and does are two different things
20:26:30 <lewyssmith> I only have it for PG, someone else will need to do MariaDB.
20:26:40 <MrsB> i'll do mysql
20:26:50 <MrsB> mariadb
20:27:32 <lewyssmith> And its advisory?
20:27:34 <MrsB> you can sue phpmyadmin to create the database btw and not mess around with cli
20:27:39 <MrsB> use
20:28:01 <MrsB> you go ahead with the advisory, good practise
20:28:10 <lewyssmith> What I thought.
20:28:30 <MrsB> i'll watch for the emails
20:28:43 <lewyssmith> Hopefully.
20:29:00 <MrsB> Any other updates that look scary?
20:29:14 <lewyssmith> Good old xen...
20:29:32 <MrsB> yeah I'm scared of that one :)
20:29:35 <tarazed> Dunno but there is a PoC for xerces-c which should help.
20:29:55 <MrsB> i think it's an mxl thing isn't it len?
20:29:58 <MrsB> xmml
20:30:05 <MrsB> good grief, typo night
20:30:09 <MrsB> xml
20:30:24 <MrsB> should be past updates IINM
20:30:26 <tarazed> Haven't had a close look yet - later.
20:30:54 <tarazed> Yes you did something with it some time ago.
20:31:12 <MrsB> xdelta3 is a new one i think, don't recall seeing it before
20:31:30 <MrsB> who's going to take samba?
20:31:53 <lewyssmith> I don't have the necessary infrastructure.
20:32:07 <MrsB> anyone with a VM
20:32:19 <wilcal_> oooo no samba here only nfs
20:32:27 <MrsB> test, not use
20:32:51 <wilcal_> i should learn how to use the Vbox internal network thingy
20:33:22 <MrsB> Just set it to bridged in the vm settings and it appears as a normal machine on the lan
20:33:41 <lewyssmith> wilcal_: Bill, I did a wiki (material supplied by others), but it looks mysterious.
20:33:59 <wilcal_> i think theres a way to do an internal lan without going external ( bridged )
20:34:11 <lewyssmith> what Claire said.
20:34:27 <MrsB> yes, it can be set to talk just between the host and vm
20:35:07 <wilcal_> I'm talking about something like 15.0.0.1 and 15.0.0.2 on an internal Vbox LAN
20:35:37 <wilcal_> A Virtual LAN
20:35:51 <hviaene> I have a samba setup on my main PC, so I could setup one on a test PC, no problem
20:35:55 <MrsB> those are external ip's IINM
20:36:07 <lewyssmith> wilcal_: https://wiki.mageia.org/en/Virtual_Machine_networking
20:36:42 <hviaene> but I glanced over the bug and am not sure whet to test (Win client or ????)
20:36:42 <MrsB> thanks herman. It only has to be able to mount and access the remote filesystem
20:37:19 <MrsB> do it one way as the client, then the other way as the server and if ok then it's ok
20:37:21 <hviaene> So, it is only the client side???
20:37:37 <hviaene> Ok both
20:37:41 <MrsB> yes
20:38:44 <MrsB> A quick word on backports
20:39:14 <MrsB> When we test backports we have to be aware that a backported package should be pretty self contained
20:40:22 <MrsB> If a package adds a lib version that it needs to be able to work, then it must install that lib with the main package without needing to manually do so
20:40:51 <MrsB> just something to be aware of whilst testing them
20:41:44 <MrsB> https://wiki.mageia.org/en/Backports_policy
20:41:54 <lewyssmith> Is that not just a normal 'requires'?
20:42:03 <tarazed> So, if we  find that a lib is needed then we should flag that as a problem?
20:42:25 <lewyssmith> tarazed: Yes.
20:43:14 <hviaene> I have to go, good night all
20:43:21 <wilcal_> nite
20:43:27 <MrsB> https://wiki.mageia.org/en/Backports_policy#Version_and_dependencies_Policy
20:43:49 <MrsB> It's similar to normal requires but is versioned requires
20:44:43 <MrsB> The aim is that anybody selecting the main package will get any other bits they need to be able to use it, including any newer libs
20:45:18 <MrsB> without strict versioned requires, the requirement could be filled by the existing lib, which may not fulfill the actual requirement
20:45:30 <MrsB> does that make sense?
20:45:45 <tarazed> Yes, indeed.
20:45:49 <lewyssmith> Do not most requires specify >=version ?
20:46:05 <MrsB> not necessarily
20:46:15 <lewyssmith> Ah.
20:46:42 <Luigi12_work> library requires are automatically generated and do not specify a version
20:46:50 <MrsB> it basically means if you urpmi the main package alone, it should work
20:46:51 <Luigi12_work> for backports the packager has to add it manually, which they don't usually do
20:47:12 <lewyssmith> Even if they should?
20:47:24 <MrsB> it's not normally necessary
20:47:32 <Luigi12_work> but also if a backport is updating a lib, it pretty much should only be used by that package.  If other things use it then upgrading it could cause problems and that's not allowed.
20:47:39 <Luigi12_work> lewyssmith: no they normally *shouldn't*
20:48:30 <lewyssmith> It looks complicated, -> static libraries.
20:48:41 <Luigi12_work> we're not talking about static libraries
20:48:46 <lewyssmith> For backports.
20:48:51 <Luigi12_work> we're not talking about static libraries
20:48:53 <tjandrews> I once installed a Firefox backport in Mandriva that broke something else. Can't remember details, now.
20:49:34 <MrsB> these are our first few steps with backports so it's important we're all on the same page
20:49:50 <MrsB> everybody understand what we're saying here?
20:50:05 <MrsB> anybody not understand
20:50:22 <wilcal_> ok here
20:50:52 <lewyssmith> How do you confine a more recent library to just the backport?
20:51:11 <Luigi12_work> generally that's not the idea
20:51:18 <tjandrews> Excellent question.
20:51:29 <Luigi12_work> it's more a case of one SRPM generating multiple subpackages which include libraries
20:51:52 <Luigi12_work> they just need to make sure the main package will pull in those libraries as needed with strict version-release requirements to match
20:51:57 <MrsB> once it's there then it can *in theory* be used by other backports, but those other packages need to have strict versioned requires on that library too
20:52:11 <Luigi12_work> updating some 3rd party library to a new major is what they should not be doing
20:52:23 <lewyssmith> Understood.
20:52:50 <MrsB> yep. backports should be only leaf packages
20:53:02 <Luigi12_work> yeah that's a good way to put it
20:53:45 <MrsB> We'll find our ay as we go but it pays to talk this through and all at least understand the problem and be aware of this when testing them
20:54:10 <lewyssmith> On to David's corner?
20:54:12 <MrsB> Also please treat them as our lowest priority
20:54:12 <tarazed> Aye, a very useful discussion
20:54:26 <MrsB> yep, go ahead boss :)
20:54:42 <wilcal_> unless extremely useful :-))
20:54:47 <lewyssmith> #topic Luig's roundup
20:54:51 <MrsB> thanks Dave
20:55:04 <MrsB> png Luigi12_work
20:55:05 <MrsB> i
20:55:15 <Luigi12_work> woohah
20:55:23 <MrsB> you've been a busy bunny
20:55:35 <Luigi12_work> yeah doing two things at once at work today
20:55:55 <MrsB> ten things I counted :P
20:56:16 <Luigi12_work> lol, well that's all in one track
20:56:38 <Luigi12_work> I'm also replacing the computers in our classrooms and putting a fresh coat of Mageia on them, 64-bit this time
20:57:02 <Luigi12_work> I also convinced my boss to order Mageia stickers for them to put over the Ubuntu stickers that came on the front :D
20:57:11 <MrsB> ahh cool
20:57:15 <MrsB> I have one on mine
20:57:21 <Luigi12_work> http://www.unixstickers.com/stickers/linux_os_distribution_stickers/mageia-linux-distribution-badge-sticker
20:57:21 <wilcal_> u using a common management tool like puppet
20:57:23 <[mbot> [ Mageia Linux Badge Sticker | Unixstickers ]
20:57:31 <Luigi12_work> wilcal_: nah, ssh and custom scripts
20:57:37 <Luigi12_work> I'd like to learn ansible as it'd probably help
20:57:49 <Luigi12_work> but I only have so much time and too much work to do :o(
20:57:51 <MrsB> yes me too
20:57:54 <Luigi12_work> anyway, roundup
20:58:00 <MrsB> ansible looks simpler than most
20:58:38 <Luigi12_work> I *really* need packagers to cooperate and step up and help.  I can't be expected to do everything.  Many updates are not going to happen if things continue as they are now.
20:58:45 <Luigi12_work> yeah ansible does sound simpler than puppet and chef
20:59:10 <Luigi12_work> as for new security issues reported in the past week that haven't been packaged yet, I have two
20:59:19 <MrsB> #info *** IMPORTANT: David is still not receiving the support from paclagers he requires ****
20:59:25 <MrsB> oops
20:59:28 <MrsB> #undo
20:59:28 <Inigo_Montoya`> Removing item from minutes: <MeetBot.items.Info object at 0xb699630c>
20:59:35 <MrsB> #info *** IMPORTANT: David is still not receiving the support from packagers he requires ****
20:59:37 <Akien> And Akien still hasn't pinged them :-/
20:59:43 <MrsB> naughty
20:59:52 <Luigi12_work> libssh2 has basically the same issue as libssh that we just pushed yesterday, but the upstream fix has generated some discussion on its correctness and completeness, so I'm waiting to see where that discussion goes or get further fixes
20:59:53 <Akien> Been quite busy releasing a game engine :p
20:59:59 * MrsB pokes Akien for not pinging
21:00:19 <Luigi12_work> squid has a security advisory, but they've only released patches for squid 3.5, and it's not quite trivial to backport to 3.4, so waiting to see what to do with that
21:00:28 <Luigi12_work> that's all
21:00:57 <MrsB> #info libssh2  is due an update similar to libssh recently but upstream debating the correct fix.
21:01:47 <MrsB> #info Squid is due an update but only patches for squid 3.5 and we have 3.4 - not trival - help please :)
21:02:07 <MrsB> really, all?
21:02:14 <lewyssmith> Thanks David, as usual.
21:02:21 <lewyssmith> #topic Anything else?
21:02:36 <MrsB> Is there anything else?
21:02:42 <MrsB> thanks David too
21:02:42 <wilcal_> i wanted some lite discussion on what happened to Mint the last few days
21:02:42 <lewyssmith> Not here.
21:02:50 <lewyssmith> Tell us.
21:03:02 <wilcal_> The mint repos got hacked
21:03:06 <Luigi12_work> no, not the repos
21:03:09 <wilcal_> really bad
21:03:11 <Luigi12_work> the repos are fine
21:03:12 <MrsB> not sure that's true wilcal
21:03:17 <wilcal_> tell us then
21:03:19 <Luigi12_work> just their web site
21:03:33 <wilcal_> the isos got compromised
21:03:36 <MrsB> the website was 'hacked' and redirected people downloading their isos to fake ones
21:03:36 <Luigi12_work> so Mint users are fine as far as their computers
21:03:44 <Luigi12_work> nope, their isos didn't get compromised either
21:03:55 <Benmc> forum also- user detals etc
21:03:56 <wilcal_> new users are only effected
21:04:02 <MrsB> It was only for one day. The forums were also affected and they're advising users to reset passwords etc.
21:04:17 <wilcal_> what part of Mageia is similiar
21:04:28 <Luigi12_work> just their website.  So the download link was temporarily changed to point to a rogue server with a rogue ISO for a few hours, but their own upstream repository of ISOs were not affected, so their mirrors are fine
21:04:28 <MrsB> we have a website
21:04:52 <wilcal_> is that where our isos are?
21:04:54 <Luigi12_work> the biggest issue with the Mint hack is not the rogue ISOs it's the fact that their forum sql database was stolen
21:05:08 <Luigi12_work> so the attackers made off with (badly) hashed passwords and some other personal information
21:05:16 <MrsB> ISOs are on the mirrors, links from the mirrors are displayed on the website
21:05:37 <wilcal_> can the same thing be done to Mageia?
21:05:51 <Luigi12_work> certainly our infrastructure could get compromised
21:05:57 <MrsB> the mint attackers changed the download links to point to somewhere else that they controlled where they hosted false ISOs with an IRC bot
21:06:07 <Luigi12_work> I especially worry about the old unsupported Mageia versions some of it has been running on with known unpatched vulnerabilities
21:06:14 <Luigi12_work> fortunately the sysadmins are almost done upgrading everything to mga5
21:06:29 <Luigi12_work> but Mint also set themselves up for this by running multiple things on their wordpress blog server
21:06:39 <MrsB> alot of ours is behind a revers proxy which mitigates things somewhat
21:06:41 <wilcal_> i just worry that whomever did this will go from distro to distro
21:06:44 <Luigi12_work> hopefully our blog is on its own VM isolated from the other parts of our web and infrastructure
21:06:55 <MrsB> don't give them ideas wilcal_
21:07:06 <MrsB> trolls love fame
21:07:10 <Luigi12_work> also our forum users are backed by the LDAP database rather than using local phpbb users in mysql, so our setup is more secure there
21:07:58 <Benmc> I also asked  this on the forum
21:08:06 <Benmc> https://forums.mageia.org/en/viewtopic.php?f=4&t=10802
21:08:07 <[mbot> [ Mageia forum View topic - Wordpress - Linux MINT ]
21:08:50 <Luigi12_work> unfortunately pretty much any CMS is gaping security hole
21:08:57 <wilcal_> so we're kinda watch'n out for this
21:09:01 <MrsB> Anything you put on the internet is vulnerable to some degree
21:09:05 <Luigi12_work> yep
21:09:15 <Luigi12_work> but more thought was put into our infrastructure setup than Mint's
21:09:22 <Luigi12_work> not to say it couldn't be better still
21:09:30 <MrsB> it's why we always treat webappas and flash etc as critical sec updates
21:09:35 <MrsB> -a
21:10:21 <Luigi12_work> things like mod_security can help if you're hosting a public web site
21:10:23 <MrsB> Is there anything else else?
21:10:37 <Luigi12_work> it'd be nice if Mageia had a usable MAC thing too.  We have Tomoyo but I don't think anybody knows how to use it.
21:10:56 <Luigi12_work> it'd probably be better to integrate AppArmor but we'd need another kernel specialist to help with that.
21:11:01 <MrsB> don't thinkanybody apart from mageia users ever heard of it
21:11:11 <Luigi12_work> yeah just Mageia and Turbolinux users
21:11:32 <MrsB> we have the beginnings of selinux
21:11:42 <Luigi12_work> selinux will probably never be useful for us
21:11:50 <Luigi12_work> too labor-intensive both on the packaging and sysadmin side
21:12:10 <MrsB> i hope not, all these are great in theory but no fun for forums team
21:12:49 <lewyssmith> Would any of the tools mentioned have saved Mint?
21:13:02 <Luigi12_work> some form of MAC certainly would have
21:13:12 <Luigi12_work> don't know if they use mod_security or if not if it would have helped
21:13:19 <MrsB> possibly, if used on their webserver and correctly/tightly configured
21:13:32 <lewyssmith> MAC in this context?
21:13:40 <Luigi12_work> yeah, it would have prevented their wordpress exploitation from being leveraged into other things
21:13:45 <MrsB> mandatory access control
21:13:45 <Luigi12_work> Mandatory Access Controls
21:13:56 <Luigi12_work> aka SELinux, AppArmor, Tomoyo, etc
21:14:08 <lewyssmith> Thanks.
21:14:26 <Luigi12_work> RSBAC, whatever grsecurity's MAC thing is...
21:14:33 <MrsB> Anything else else?
21:14:37 <Luigi12_work> Solaris Trusted Extensions, Mac OS X sandboxing
21:14:53 <Luigi12_work> but those last two aren't for Linux :o)
21:15:01 <MrsB> showoff :P
21:15:13 <MrsB> countdown?
21:15:15 <Luigi12_work> heh, I talk briefly about it in the class I teach
21:15:34 <lewyssmith> -5
21:15:34 <MrsB> we'll have to virtually sit in on one one day
21:15:39 <wilcal_> i'm done
21:15:46 <lewyssmith> -4
21:15:46 <Luigi12_work> not allowed unfortunately
21:15:48 <MrsB> T - 5 then, thanks guys
21:15:56 <wilcal_> thanks for the mint discussion
21:15:56 <MrsB> 4
21:16:00 <MrsB> 3
21:16:01 <lewyssmith> Goodbye everyone.
21:16:02 <MrsB> 2
21:16:04 <MrsB> 1
21:16:07 <MrsB> #endmeeting