20:06:07 <MrsB> #startmeeting 20:06:07 <Inigo_Montoya`> Meeting started Thu Feb 25 20:06:07 2016 UTC. The chair is MrsB. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:06:07 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic. 20:06:12 <tjandrews> Two strings/bale. Bales are about 3 feet long and 50-60 lb. each. There's more than enough twine for that much, but you always have problems that use extra. 20:06:29 * MrsB learns 20:06:42 <MrsB> Morning everybody, welcome to another meeting 20:06:52 <MrsB> all still awake? 20:06:59 <tarazed> zzzz 20:07:14 <lewyssmith> Busy with that Wiki.... 20:07:16 <tjandrews> Snacking on an orange. 20:07:23 <hviaene> Hi all 20:07:36 <MrsB> hi herman, thomas 20:07:43 <MrsB> WHo's going to be Dave today? 20:07:49 <tmb> hi all 20:08:19 <MrsB> #chair wilcal lewyssmith 20:08:19 <Inigo_Montoya`> Current chairs: MrsB lewyssmith wilcal 20:08:29 <MrsB> Bill you're it 20:09:15 <MrsB> #topic Who's new? 20:09:26 * MrsB does Dave 20:09:35 <MrsB> Is there anybody new here today? 20:10:09 <MrsB> doesn't look like it 20:10:18 <lewyssmith> #topic Mageia 6 - We ask what progress there is :) 20:10:25 <MrsB> #topic Mageia 6 20:10:33 <MrsB> tmb ennael :) 20:10:51 <MrsB> I saw some good news from Anne earlier 20:11:42 <MrsB> <ennael> [12:19:34] we should have finally a fix for that boot pb, tonight <ennael> [12:19:53] tv will provide it. I'll test it and if it's ok I'll rebuild isos 20:12:01 <MrsB> It's not much of a meeting if I'm on my own :\ 20:12:32 <wilcal_> back laptop hikcup 20:12:33 * tjandrews holds breath 20:12:44 <MrsB> #chair wilcal_ 20:12:44 <Inigo_Montoya`> Current chairs: MrsB lewyssmith wilcal wilcal_ 20:12:53 <MrsB> you're Dave btw Bill 20:12:58 <wilcal_> lol 20:13:09 <tarazed> Managed to boot a 32bit system - installed from hard disk. 20:13:15 <tmb> Unfortunately, I haven't tried anything since last meeting since my health toke a dive... but as I seem to get better, hopefully I can build some stuff after tv/ennael have confirmed the fixed stuff 20:13:59 * tjandrews doesn't want tmb to overdo 20:14:04 <MrsB> glad you're feeling better, sad you felt worse though :( 20:14:22 <tarazed> Are we still on dev1? 20:14:33 <MrsB> almost yes 20:15:18 <MrsB> #info There is progress with Isolinux so ISOs may be imminent 20:15:30 <wilcal_> weekend for sure i hope 20:15:31 <MrsB> let's move on then as everyone is sleeping 20:15:38 <wilcal_> boot.iso too? 20:15:42 <MrsB> #topic Testing updates & backports 20:16:19 <MrsB> boot.iso is always current wilcal_ 20:16:32 <wilcal_> if there ever was a golden backport it's mpv 20:16:36 <MrsB> http://madb.mageia.org/tools/updates 20:16:38 <[mbot> [ Mageia App Db - Current Update candidates ] 20:16:45 <wilcal_> that's one nice package 20:16:48 <tmb> wilcal_, yeah, boot*.iso + classical isos use same build process 20:16:59 <MrsB> #info we have a number of backports ready to be pushed. Sysadmins are aware. 20:17:05 <tjandrews> I just noticed the vlc update before coming here, but I see it's already had several tests. Need more? 20:17:29 <wilcal_> multiple people should test vlc 20:17:33 <MrsB> #info We had around 10 new updates added today 20:17:39 <tarazed> It is hard to know what all the plugins are for. 20:17:56 <wilcal_> can be used lots of different ways 20:17:59 <tjandrews> I use it a LOT for watching mp4 videos. 20:18:31 <MrsB> Don't get carried away with it though, test it, if it seems ok, validate and move on 20:18:46 <lewyssmith> bug17770 steam: I think it warrants a 32-bit test if possible, because it is apparently a 32-bit pkg. 20:18:49 <tarazed> Yes there was a lull but it is growing. 20:19:10 <MrsB> We've done really well reently and with ISOs expected soon we really have to keep on top of things 20:20:15 <MrsB> https://bugs.mageia.org/show_bug.cgi?id=17770 20:20:17 <[mbot> Bug 17770: major, Normal, qa-bugs, NEW , steam : crash launch libGL error, steam-1.0.0.51-1.mga5.nonfree.noarch 20:20:41 <MrsB> #info Lewis has uploaded his first advisory :) Well done! 20:20:56 <tjandrews> It's a bit easier to keep up when the isos aren't coming thick and fast. 20:21:01 <tarazed> Good man. 20:21:10 <lewyssmith> MrsB: Thanks for your comments. Missing th -m .... 20:21:31 <tarazed> Will try steam on ancient 32bit laptop. 20:21:34 <MrsB> Yeah, it's important we keep the updates list to a minimum ready for more ISOs tj 20:22:07 <MrsB> it's probably easier than you think when you get going lewis 20:22:26 <MrsB> goo dman len 20:22:41 <lewyssmith> tarazed: Yes, thanks Len. 20:23:11 <MrsB> I haven't looked since we had the influx but are there any there which look scary? 20:23:59 <wilcal_> i'd like to see someone familiar with drupal really take a look at that proceedure 20:24:22 <MrsB> procedure for webapps is pretty much the same for all of them 20:24:39 <MrsB> create a database and supply the details to the web app during installation 20:24:54 <wilcal_> but taking the drupal proceedure step by step is not successful and assumes db familiarity 20:25:02 <lewyssmith> I think I have Drupal installed. Can try the update. 20:25:35 <wilcal_> thks lewys 20:25:54 <MrsB> It's good if we can test mysql & postgresql for that one 20:25:57 <lewyssmith> wilcal_: The procedure should specifiy the DB commands necessary. 20:26:18 <wilcal_> should and does are two different things 20:26:30 <lewyssmith> I only have it for PG, someone else will need to do MariaDB. 20:26:40 <MrsB> i'll do mysql 20:26:50 <MrsB> mariadb 20:27:32 <lewyssmith> And its advisory? 20:27:34 <MrsB> you can sue phpmyadmin to create the database btw and not mess around with cli 20:27:39 <MrsB> use 20:28:01 <MrsB> you go ahead with the advisory, good practise 20:28:10 <lewyssmith> What I thought. 20:28:30 <MrsB> i'll watch for the emails 20:28:43 <lewyssmith> Hopefully. 20:29:00 <MrsB> Any other updates that look scary? 20:29:14 <lewyssmith> Good old xen... 20:29:32 <MrsB> yeah I'm scared of that one :) 20:29:35 <tarazed> Dunno but there is a PoC for xerces-c which should help. 20:29:55 <MrsB> i think it's an mxl thing isn't it len? 20:29:58 <MrsB> xmml 20:30:05 <MrsB> good grief, typo night 20:30:09 <MrsB> xml 20:30:24 <MrsB> should be past updates IINM 20:30:26 <tarazed> Haven't had a close look yet - later. 20:30:54 <tarazed> Yes you did something with it some time ago. 20:31:12 <MrsB> xdelta3 is a new one i think, don't recall seeing it before 20:31:30 <MrsB> who's going to take samba? 20:31:53 <lewyssmith> I don't have the necessary infrastructure. 20:32:07 <MrsB> anyone with a VM 20:32:19 <wilcal_> oooo no samba here only nfs 20:32:27 <MrsB> test, not use 20:32:51 <wilcal_> i should learn how to use the Vbox internal network thingy 20:33:22 <MrsB> Just set it to bridged in the vm settings and it appears as a normal machine on the lan 20:33:41 <lewyssmith> wilcal_: Bill, I did a wiki (material supplied by others), but it looks mysterious. 20:33:59 <wilcal_> i think theres a way to do an internal lan without going external ( bridged ) 20:34:11 <lewyssmith> what Claire said. 20:34:27 <MrsB> yes, it can be set to talk just between the host and vm 20:35:07 <wilcal_> I'm talking about something like 15.0.0.1 and 15.0.0.2 on an internal Vbox LAN 20:35:37 <wilcal_> A Virtual LAN 20:35:51 <hviaene> I have a samba setup on my main PC, so I could setup one on a test PC, no problem 20:35:55 <MrsB> those are external ip's IINM 20:36:07 <lewyssmith> wilcal_: https://wiki.mageia.org/en/Virtual_Machine_networking 20:36:42 <hviaene> but I glanced over the bug and am not sure whet to test (Win client or ????) 20:36:42 <MrsB> thanks herman. It only has to be able to mount and access the remote filesystem 20:37:19 <MrsB> do it one way as the client, then the other way as the server and if ok then it's ok 20:37:21 <hviaene> So, it is only the client side??? 20:37:37 <hviaene> Ok both 20:37:41 <MrsB> yes 20:38:44 <MrsB> A quick word on backports 20:39:14 <MrsB> When we test backports we have to be aware that a backported package should be pretty self contained 20:40:22 <MrsB> If a package adds a lib version that it needs to be able to work, then it must install that lib with the main package without needing to manually do so 20:40:51 <MrsB> just something to be aware of whilst testing them 20:41:44 <MrsB> https://wiki.mageia.org/en/Backports_policy 20:41:54 <lewyssmith> Is that not just a normal 'requires'? 20:42:03 <tarazed> So, if we find that a lib is needed then we should flag that as a problem? 20:42:25 <lewyssmith> tarazed: Yes. 20:43:14 <hviaene> I have to go, good night all 20:43:21 <wilcal_> nite 20:43:27 <MrsB> https://wiki.mageia.org/en/Backports_policy#Version_and_dependencies_Policy 20:43:49 <MrsB> It's similar to normal requires but is versioned requires 20:44:43 <MrsB> The aim is that anybody selecting the main package will get any other bits they need to be able to use it, including any newer libs 20:45:18 <MrsB> without strict versioned requires, the requirement could be filled by the existing lib, which may not fulfill the actual requirement 20:45:30 <MrsB> does that make sense? 20:45:45 <tarazed> Yes, indeed. 20:45:49 <lewyssmith> Do not most requires specify >=version ? 20:46:05 <MrsB> not necessarily 20:46:15 <lewyssmith> Ah. 20:46:42 <Luigi12_work> library requires are automatically generated and do not specify a version 20:46:50 <MrsB> it basically means if you urpmi the main package alone, it should work 20:46:51 <Luigi12_work> for backports the packager has to add it manually, which they don't usually do 20:47:12 <lewyssmith> Even if they should? 20:47:24 <MrsB> it's not normally necessary 20:47:32 <Luigi12_work> but also if a backport is updating a lib, it pretty much should only be used by that package. If other things use it then upgrading it could cause problems and that's not allowed. 20:47:39 <Luigi12_work> lewyssmith: no they normally *shouldn't* 20:48:30 <lewyssmith> It looks complicated, -> static libraries. 20:48:41 <Luigi12_work> we're not talking about static libraries 20:48:46 <lewyssmith> For backports. 20:48:51 <Luigi12_work> we're not talking about static libraries 20:48:53 <tjandrews> I once installed a Firefox backport in Mandriva that broke something else. Can't remember details, now. 20:49:34 <MrsB> these are our first few steps with backports so it's important we're all on the same page 20:49:50 <MrsB> everybody understand what we're saying here? 20:50:05 <MrsB> anybody not understand 20:50:22 <wilcal_> ok here 20:50:52 <lewyssmith> How do you confine a more recent library to just the backport? 20:51:11 <Luigi12_work> generally that's not the idea 20:51:18 <tjandrews> Excellent question. 20:51:29 <Luigi12_work> it's more a case of one SRPM generating multiple subpackages which include libraries 20:51:52 <Luigi12_work> they just need to make sure the main package will pull in those libraries as needed with strict version-release requirements to match 20:51:57 <MrsB> once it's there then it can *in theory* be used by other backports, but those other packages need to have strict versioned requires on that library too 20:52:11 <Luigi12_work> updating some 3rd party library to a new major is what they should not be doing 20:52:23 <lewyssmith> Understood. 20:52:50 <MrsB> yep. backports should be only leaf packages 20:53:02 <Luigi12_work> yeah that's a good way to put it 20:53:45 <MrsB> We'll find our ay as we go but it pays to talk this through and all at least understand the problem and be aware of this when testing them 20:54:10 <lewyssmith> On to David's corner? 20:54:12 <MrsB> Also please treat them as our lowest priority 20:54:12 <tarazed> Aye, a very useful discussion 20:54:26 <MrsB> yep, go ahead boss :) 20:54:42 <wilcal_> unless extremely useful :-)) 20:54:47 <lewyssmith> #topic Luig's roundup 20:54:51 <MrsB> thanks Dave 20:55:04 <MrsB> png Luigi12_work 20:55:05 <MrsB> i 20:55:15 <Luigi12_work> woohah 20:55:23 <MrsB> you've been a busy bunny 20:55:35 <Luigi12_work> yeah doing two things at once at work today 20:55:55 <MrsB> ten things I counted :P 20:56:16 <Luigi12_work> lol, well that's all in one track 20:56:38 <Luigi12_work> I'm also replacing the computers in our classrooms and putting a fresh coat of Mageia on them, 64-bit this time 20:57:02 <Luigi12_work> I also convinced my boss to order Mageia stickers for them to put over the Ubuntu stickers that came on the front :D 20:57:11 <MrsB> ahh cool 20:57:15 <MrsB> I have one on mine 20:57:21 <Luigi12_work> http://www.unixstickers.com/stickers/linux_os_distribution_stickers/mageia-linux-distribution-badge-sticker 20:57:21 <wilcal_> u using a common management tool like puppet 20:57:23 <[mbot> [ Mageia Linux Badge Sticker | Unixstickers ] 20:57:31 <Luigi12_work> wilcal_: nah, ssh and custom scripts 20:57:37 <Luigi12_work> I'd like to learn ansible as it'd probably help 20:57:49 <Luigi12_work> but I only have so much time and too much work to do :o( 20:57:51 <MrsB> yes me too 20:57:54 <Luigi12_work> anyway, roundup 20:58:00 <MrsB> ansible looks simpler than most 20:58:38 <Luigi12_work> I *really* need packagers to cooperate and step up and help. I can't be expected to do everything. Many updates are not going to happen if things continue as they are now. 20:58:45 <Luigi12_work> yeah ansible does sound simpler than puppet and chef 20:59:10 <Luigi12_work> as for new security issues reported in the past week that haven't been packaged yet, I have two 20:59:19 <MrsB> #info *** IMPORTANT: David is still not receiving the support from paclagers he requires **** 20:59:25 <MrsB> oops 20:59:28 <MrsB> #undo 20:59:28 <Inigo_Montoya`> Removing item from minutes: <MeetBot.items.Info object at 0xb699630c> 20:59:35 <MrsB> #info *** IMPORTANT: David is still not receiving the support from packagers he requires **** 20:59:37 <Akien> And Akien still hasn't pinged them :-/ 20:59:43 <MrsB> naughty 20:59:52 <Luigi12_work> libssh2 has basically the same issue as libssh that we just pushed yesterday, but the upstream fix has generated some discussion on its correctness and completeness, so I'm waiting to see where that discussion goes or get further fixes 20:59:53 <Akien> Been quite busy releasing a game engine :p 20:59:59 * MrsB pokes Akien for not pinging 21:00:19 <Luigi12_work> squid has a security advisory, but they've only released patches for squid 3.5, and it's not quite trivial to backport to 3.4, so waiting to see what to do with that 21:00:28 <Luigi12_work> that's all 21:00:57 <MrsB> #info libssh2 is due an update similar to libssh recently but upstream debating the correct fix. 21:01:47 <MrsB> #info Squid is due an update but only patches for squid 3.5 and we have 3.4 - not trival - help please :) 21:02:07 <MrsB> really, all? 21:02:14 <lewyssmith> Thanks David, as usual. 21:02:21 <lewyssmith> #topic Anything else? 21:02:36 <MrsB> Is there anything else? 21:02:42 <MrsB> thanks David too 21:02:42 <wilcal_> i wanted some lite discussion on what happened to Mint the last few days 21:02:42 <lewyssmith> Not here. 21:02:50 <lewyssmith> Tell us. 21:03:02 <wilcal_> The mint repos got hacked 21:03:06 <Luigi12_work> no, not the repos 21:03:09 <wilcal_> really bad 21:03:11 <Luigi12_work> the repos are fine 21:03:12 <MrsB> not sure that's true wilcal 21:03:17 <wilcal_> tell us then 21:03:19 <Luigi12_work> just their web site 21:03:33 <wilcal_> the isos got compromised 21:03:36 <MrsB> the website was 'hacked' and redirected people downloading their isos to fake ones 21:03:36 <Luigi12_work> so Mint users are fine as far as their computers 21:03:44 <Luigi12_work> nope, their isos didn't get compromised either 21:03:55 <Benmc> forum also- user detals etc 21:03:56 <wilcal_> new users are only effected 21:04:02 <MrsB> It was only for one day. The forums were also affected and they're advising users to reset passwords etc. 21:04:17 <wilcal_> what part of Mageia is similiar 21:04:28 <Luigi12_work> just their website. So the download link was temporarily changed to point to a rogue server with a rogue ISO for a few hours, but their own upstream repository of ISOs were not affected, so their mirrors are fine 21:04:28 <MrsB> we have a website 21:04:52 <wilcal_> is that where our isos are? 21:04:54 <Luigi12_work> the biggest issue with the Mint hack is not the rogue ISOs it's the fact that their forum sql database was stolen 21:05:08 <Luigi12_work> so the attackers made off with (badly) hashed passwords and some other personal information 21:05:16 <MrsB> ISOs are on the mirrors, links from the mirrors are displayed on the website 21:05:37 <wilcal_> can the same thing be done to Mageia? 21:05:51 <Luigi12_work> certainly our infrastructure could get compromised 21:05:57 <MrsB> the mint attackers changed the download links to point to somewhere else that they controlled where they hosted false ISOs with an IRC bot 21:06:07 <Luigi12_work> I especially worry about the old unsupported Mageia versions some of it has been running on with known unpatched vulnerabilities 21:06:14 <Luigi12_work> fortunately the sysadmins are almost done upgrading everything to mga5 21:06:29 <Luigi12_work> but Mint also set themselves up for this by running multiple things on their wordpress blog server 21:06:39 <MrsB> alot of ours is behind a revers proxy which mitigates things somewhat 21:06:41 <wilcal_> i just worry that whomever did this will go from distro to distro 21:06:44 <Luigi12_work> hopefully our blog is on its own VM isolated from the other parts of our web and infrastructure 21:06:55 <MrsB> don't give them ideas wilcal_ 21:07:06 <MrsB> trolls love fame 21:07:10 <Luigi12_work> also our forum users are backed by the LDAP database rather than using local phpbb users in mysql, so our setup is more secure there 21:07:58 <Benmc> I also asked this on the forum 21:08:06 <Benmc> https://forums.mageia.org/en/viewtopic.php?f=4&t=10802 21:08:07 <[mbot> [ Mageia forum View topic - Wordpress - Linux MINT ] 21:08:50 <Luigi12_work> unfortunately pretty much any CMS is gaping security hole 21:08:57 <wilcal_> so we're kinda watch'n out for this 21:09:01 <MrsB> Anything you put on the internet is vulnerable to some degree 21:09:05 <Luigi12_work> yep 21:09:15 <Luigi12_work> but more thought was put into our infrastructure setup than Mint's 21:09:22 <Luigi12_work> not to say it couldn't be better still 21:09:30 <MrsB> it's why we always treat webappas and flash etc as critical sec updates 21:09:35 <MrsB> -a 21:10:21 <Luigi12_work> things like mod_security can help if you're hosting a public web site 21:10:23 <MrsB> Is there anything else else? 21:10:37 <Luigi12_work> it'd be nice if Mageia had a usable MAC thing too. We have Tomoyo but I don't think anybody knows how to use it. 21:10:56 <Luigi12_work> it'd probably be better to integrate AppArmor but we'd need another kernel specialist to help with that. 21:11:01 <MrsB> don't thinkanybody apart from mageia users ever heard of it 21:11:11 <Luigi12_work> yeah just Mageia and Turbolinux users 21:11:32 <MrsB> we have the beginnings of selinux 21:11:42 <Luigi12_work> selinux will probably never be useful for us 21:11:50 <Luigi12_work> too labor-intensive both on the packaging and sysadmin side 21:12:10 <MrsB> i hope not, all these are great in theory but no fun for forums team 21:12:49 <lewyssmith> Would any of the tools mentioned have saved Mint? 21:13:02 <Luigi12_work> some form of MAC certainly would have 21:13:12 <Luigi12_work> don't know if they use mod_security or if not if it would have helped 21:13:19 <MrsB> possibly, if used on their webserver and correctly/tightly configured 21:13:32 <lewyssmith> MAC in this context? 21:13:40 <Luigi12_work> yeah, it would have prevented their wordpress exploitation from being leveraged into other things 21:13:45 <MrsB> mandatory access control 21:13:45 <Luigi12_work> Mandatory Access Controls 21:13:56 <Luigi12_work> aka SELinux, AppArmor, Tomoyo, etc 21:14:08 <lewyssmith> Thanks. 21:14:26 <Luigi12_work> RSBAC, whatever grsecurity's MAC thing is... 21:14:33 <MrsB> Anything else else? 21:14:37 <Luigi12_work> Solaris Trusted Extensions, Mac OS X sandboxing 21:14:53 <Luigi12_work> but those last two aren't for Linux :o) 21:15:01 <MrsB> showoff :P 21:15:13 <MrsB> countdown? 21:15:15 <Luigi12_work> heh, I talk briefly about it in the class I teach 21:15:34 <lewyssmith> -5 21:15:34 <MrsB> we'll have to virtually sit in on one one day 21:15:39 <wilcal_> i'm done 21:15:46 <lewyssmith> -4 21:15:46 <Luigi12_work> not allowed unfortunately 21:15:48 <MrsB> T - 5 then, thanks guys 21:15:56 <wilcal_> thanks for the mint discussion 21:15:56 <MrsB> 4 21:16:00 <MrsB> 3 21:16:01 <lewyssmith> Goodbye everyone. 21:16:02 <MrsB> 2 21:16:04 <MrsB> 1 21:16:07 <MrsB> #endmeeting