19:01:21 <lewyssmith_> #startmeeting 19:01:21 <Inigo_Montoya> Meeting started Thu Aug 11 19:01:21 2016 UTC. The chair is lewyssmith_. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:21 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:01:28 <wilcal> Done whew 19:01:48 <lewyssmith_> #topic Who's new? - If you are then come and say hello. 19:02:41 <lewyssmith_> Is ther anyone her who has not been to a QA IRC session before? If so, please speak up! 19:03:34 <lewyssmith_> Looks like not, so on we go! 19:03:41 <lewyssmith_> #topic Mageia 6 - How's it looking? 19:04:05 <wilcal> Note: new CI isos are due in the next day or so 19:04:10 <rindolf> Well, I still have a problem that my / and /usr partitions are mounted readonly. 19:04:47 <rindolf> It may be a systemd problem, but Colin Guthrie has been non-responsive. 19:04:48 <lewyssmith_> I am stuck in a Radeon rut with the Classic at present. Cannot boot fully. 19:05:06 <lewyssmith_> Hello 19:05:08 <wilcal> hello tj 19:05:15 <tjandrews> Hi. 19:05:30 <lewyssmith_> We are on 'mageia 6'. 19:05:36 <wilcal> Yes 19:06:31 <tjandrews> Taking a short break with a fan and a lemonade. Tropical weather here today, and I'm not used to it. 19:06:33 <wilcal> I have 5 working and updating copies. Plasma x86_64 on real hardware, Gnome i586 & x86_64, Plasma i586 & x86_64 as Vbox client 19:06:51 <lewyssmith_> Since there have not been new ISOs for some time, there should be little new to report. 19:06:56 <wilcal> all are running fine and updating 19:06:59 <lewyssmith_> tjandrews: How hot? 19:07:16 <wilcal> yes, people are coming off Holiday 19:07:31 <tjandrews> Around 92F, but dew points are in the 70's 19:07:44 <Luigi12_work> it's quite disgusting 19:07:46 <wilcal> ahh weather 19:07:55 <lewyssmith_> tjandrews: Too hot for comfort. 19:07:58 <ca-on-adam> Does "CI" stand for "Classical Installer"? 19:08:05 <wilcal> since last rain here there's been two earthquakes 19:08:10 <tjandrews> An understatement. 19:08:12 <wilcal> yes 19:08:23 <lewyssmith_> ca-on-adam: Yes - it is Bill's notation. 19:08:59 <tjandrews> 1.3 inches of rain yesterday. A BIG help to the crops. 19:09:18 <tjandrews> But we are here to talk Mageia, not weather. 19:09:20 <wilcal> so this is a good thing as the CI's have been a little behind the Live media 19:10:01 <lewyssmith_> Anything more on mageia 6? Especially what has *not* been aired on the milList. 19:10:25 <wilcal> best for everyone to look at the release blocker list 19:10:43 <lewyssmith_> That has been much discussed. 19:10:59 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=15527 19:11:00 <[mbot> Bug 15527: normal, release_blocker, bugsquad, NEW , [Tracker] Mageia 6 release critical 19:11:20 <wilcal> what's really a release blocker, or not 19:11:51 <wilcal> things like no auto log-in are a release blocker IMO 19:12:03 <lewyssmith_> But not mine. 19:12:24 <lewyssmith_> And is it specific to sddm? 19:12:40 <tjandrews> It would be for my brother, and annoys me, too. 19:12:47 <Luigi12_work> no there are more general issues 19:13:03 <Luigi12_work> the switch from wmsession.d files to xsessions broke chksession 19:13:03 <wilcal> IMO the Plasma desktop is settling down 19:13:10 <lewyssmith_> tjandrews: But the previous question? 19:13:48 <lewyssmith_> In other words, if you use a different display manager, is auto-login always screwed? 19:13:51 <tjandrews> I was talking about the no autologin being a release blocker. 19:14:19 <Luigi12_work> there's still plenty of serious issues 19:14:32 <lewyssmith_> BTW Welcome David. 19:14:37 <Luigi12_work> yo 19:14:55 <wilcal> hello luigi 19:15:06 <wilcal> do you need to do your report ASAP? 19:15:55 <lewyssmith_> I think Bill means - if so, we can give you the topic now. 19:16:08 <Luigi12_work> might as well knock it out I guess 19:16:17 <wilcal> i think we are done with M6 19:16:23 <lewyssmith_> #topic Luigi's roundup - Security news & expected updates 19:16:47 <Luigi12_work> been a while since we did a roundup actually, since I was on vacation last week and I don't think I did one the week before either 19:17:04 <wilcal> list is under control 19:17:18 <wilcal> anything(s) coming down the pipe? 19:17:44 <Luigi12_work> oh yeah 19:17:59 <tjandrews> That sounds ominous. 19:18:10 <ca-on-adam> dun dun dun 19:18:11 <lewyssmith_> Bill's "under control" screens a long list.... 19:18:32 <Luigi12_work> shadow-utils is looking at an issue upstream 19:18:50 <Luigi12_work> binutils has several issues that have been fixed in newer versions (than even what we have in Cauldron) upstream 19:19:04 <wilcal> we need to turn the two kernel bugs loose i think 19:19:29 <Luigi12_work> there's an issue that may affect jenkins-remoting, owasp-java-html-sanitizer, and tiger-types (java crap), and there's an issue in apache-poi (more java crap) 19:19:45 <Luigi12_work> perl-DBD-mysql has a couple of security issues fixed in the latest upstream 19:19:51 <lewyssmith_> wilcal: Bill, validate them if you are confident. 19:20:01 <wilcal> will do after this meeting 19:20:12 <lewyssmith_> Thanks. 19:20:15 <Luigi12_work> perl has a security issue with loading things from the cwd, a couple of perl modules may be affected too 19:20:43 <Luigi12_work> there's a security issue affecting kdelibs4 and karchive (from KF5) 19:21:08 <lewyssmith_> Much of this looks intelligable for once. 19:21:36 <Luigi12_work> there are issues in flex, gdf-pixbuf2.0, imagemagick (again), golang, lighttpd, tor, redis, mongodb, stunnel, pdns, nodejs-minimatch, perl-CGI-Emulate-PSGI 19:21:55 <lewyssmith_> Coo... 19:21:58 <Luigi12_work> postgresql updates are coming today 19:22:18 <Luigi12_work> will have a libpng update at some point 19:22:25 <brian> ok - back 19:22:44 <Luigi12_work> got that bsdiff issue in QA right now, there will be another update for that coming later, as a more complete patch is being developed 19:22:56 <Luigi12_work> there are related issues in libarchive being looked at upstream right now, I patched one in Cauldron already 19:23:19 <lewyssmith_> #info There are loads of security updates on the way... 19:23:29 <tjandrews> Uh-oh. Just got the call... Stand needs more sweet corn, and I'm elected to go after it. Next week... 19:23:38 <wilcal> bye 19:23:41 <Luigi12_work> see ya 19:23:48 <Luigi12_work> I guess that's all I have for now 19:23:59 <lewyssmith_> All? 19:24:05 <Luigi12_work> some other packages awaiting updates too, been waiting for longer though 19:24:08 <wilcal> cool 19:24:09 <Luigi12_work> all previously mentioned 19:24:22 <lewyssmith_> Thanks anyway David. 19:24:33 <Luigi12_work> we won't have complete coverage of security updates anymore 19:24:43 <Luigi12_work> I can't do it all myself, will have less time in the future, and not enough are stepping up to help 19:25:04 <lewyssmith_> You have siad this before. It is worrying... 19:25:12 <wilcal> consul is committed to finding help 19:25:56 <lewyssmith_> Luigi12_work: Do *you* know of anyone who could help in this field? 19:27:42 <lewyssmith_> Silence is golden. Move on? 19:27:47 <wilcal> move on 19:27:51 <lewyssmith_> #topic Testing updates - Any difficulties, problems, issues? 19:28:14 <wilcal> tmb is stepping down for now 19:28:38 <lewyssmith_> Should this come later? 19:28:39 <Luigi12_work> it'd be nice if someone could figure out how to use AddressSanitizer to test bug 17536 19:28:40 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=17536 normal, Normal, qa-bugs, NEW , openjpeg2 new security issues CVE-2016-192[34], CVE-2016-318[1-3], and CVE-2016-479[67], openjpeg2-2.1.0-3.2.mga5.src.rpm 19:28:46 <wilcal> sorry 19:29:04 <Luigi12_work> we really need to get back to testing 19:29:05 <wilcal> I thougt we were anything else 19:29:09 <Luigi12_work> it'd been a ghost town in QA 19:29:24 <wilcal> summer time 19:29:24 <Luigi12_work> that django update has a test procedure and has been sitting for weeks 19:29:34 <wilcal> but that's coming to an end 19:30:04 <lewyssmith_> 17536: Len thought this was impossible to test; & if *he* is baffled there is no hope for the rest of us. 19:30:27 <Luigi12_work> it's been *tested*, the issue is I don't know if the first two CVEs are fixed or not 19:30:44 <lewyssmith_> I stand corrected. 19:30:51 <Luigi12_work> they're not easy ones where the PoC crashes something, you need this AddressSanitizer thing to sense the invalid memory accesses 19:31:26 <Luigi12_work> so I'm not sure if I can put those two CVEs in the advisory or not 19:31:32 <Luigi12_work> otherwise we could release it 19:32:05 <lewyssmith_> Can we push updates with just one OK? 19:32:11 <Luigi12_work> yes 19:32:15 <wilcal> yes 19:32:24 <lewyssmith_> I will see to it. 19:32:32 <wilcal> especially security updates 19:32:52 <lewyssmith_> [We scarcely get other sorts]. 19:33:24 <asirris> I can look into using AddressSanitizer for bug 17536 19:33:42 <lewyssmith_> That would be great. 19:34:00 <Luigi12_work> I think the way it's used is you have to recompile the package with it added/enabled/whatever 19:34:04 <brian> I may have missed it ctdb new regression caused by CVE-2015-8543 fix in kernel 19:34:15 <brian> anybody attacking that one? 19:34:37 <lewyssmith_> asirris: If you do, note all you can on the bug for future refrence. 19:34:44 <Luigi12_work> don't think anybody's looked at the ctdb one 19:35:15 <wilcal> i've done the openssh before so i'll look at that 19:35:16 <rindolf> asirris: thanks! 19:35:21 <asirris> lewyssmith_ ok sounds good. I'll get to working at it and note everything. :) 19:35:38 <lewyssmith_> That will be much appreciated. 19:36:36 <lewyssmith_> Anything else on current updates? 19:37:06 <wilcal> not from me 19:37:12 <lewyssmith_> David? 19:37:43 <lewyssmith_> Implicit 'no'; so 19:37:46 <lewyssmith_> #topic Anything else? 19:38:00 <wilcal> tmb is taking a break 19:38:37 <wilcal> so lots of discussion on how too pick up the tasks he was doing at the council meeting today 19:38:48 <lewyssmith_> This implies no new M6 ISOs. 19:39:16 <wilcal> anne will be generating new CI isos by the weekend. She did these in the past 19:39:29 <lewyssmith_> Fingers crossed. 19:39:38 <wilcal> tmb did the live media and someone was suggested to pick those up 19:39:40 <ca-on-adam> Will the new isos be called sta2? 19:40:09 <lewyssmith_> We are already on (prematurely) release candistae... 19:40:11 <Luigi12_work> rc1 I believe 19:40:11 <wilcal> IMO the most vulnerable are the kernels/VirtualBox rpms 19:40:18 <Luigi12_work> yeah it's definitely premature 19:40:23 <Luigi12_work> should have just gone with sta2 19:40:35 <ca-on-adam> hmm 19:40:42 <lewyssmith_> We usually agree. 19:40:54 <lewyssmith_> (me & David) 19:41:00 <Luigi12_work> back in the beginning days of Mageia I maintained my own local version of the virtualbox package. Assuming I'm not too strapped for time, I might be able to help with that. 19:41:04 <Luigi12_work> the kernel package is pretty complicated 19:41:23 <rindolf> Luigi12_work: should we upgrade to 4.8-rc*? 19:41:32 <Luigi12_work> rindolf: I don't think so 19:41:34 <rindolf> Luigi12_work: or is 4.7 longterm 19:41:36 <wilcal> hopefully a team will pick up the Kernel/Vbox stuff 19:41:55 <Luigi12_work> rindolf: 4.4 is the newest longtimer at this point 19:42:08 <lewyssmith_> 'Team' is the key word. We need another for yourself. 19:42:14 <Luigi12_work> rindolf: whenever the next one is designated, we can look at upgrading again 19:42:15 <rindolf> Luigi12_work: yes, but cauldron is already on 4.7 19:42:46 <Luigi12_work> rindolf: I know. Of course if it is maintained for as short a time as some other ones, we may have to upgrade from it anyway, but we'll see what happens. 19:42:54 <lewyssmith_> Benmc: Hello Ben. We are finishing! 19:43:04 <Benmc> QA, Good morning 19:43:05 <Benmc> ok 19:43:08 <Luigi12_work> I just updated all the supporting packages for kernel 4.7, so let's try to stabilize that first 19:43:11 <wilcal> if we can get m6 out maybe we leave M5 kernel/vbox alone for now 19:43:52 <lewyssmith_> If these work, best to leave them alone. 19:43:59 <Luigi12_work> well, mga5 kernel will stay on 4.4, so I or someone may be able to figure out how to update that 19:44:10 <Luigi12_work> again, assuming time 19:44:31 <Luigi12_work> I don't know how tmb knew what CVEs were fixed in which kernels though 19:45:02 <lewyssmith_> A quickie from me: How do I change my name to back without the trailing _ ? 19:45:28 <Luigi12_work> do /nick 19:45:33 <wilcal> say "/nick" and the new handle 19:45:52 <wilcal> success :-))) 19:45:58 <lewyssmith> Thanks. Back to myself. 19:46:13 <Luigi12_work> lewyssmith: actually you need to switch it back again 19:46:19 <Luigi12_work> only you with the _ can end the meeting 19:46:27 <lewyssmith> Oh... 19:46:36 <wilcal> computers they'll never last 19:47:03 <Luigi12_work> I guess we're done here 19:47:09 <wilcal> I'm done 19:47:15 <lewyssmith_> Anything else else (as Claire puts it)? 19:47:21 <wilcal> lots of meetings today for me 19:47:28 <wilcal> not from me 19:47:41 <lewyssmith_> -5 19:47:42 <wilcal> count down time 19:47:46 <lewyssmith_> -4 19:47:50 <lewyssmith_> -3 19:47:54 <wilcal> bye alll 19:48:10 <lewyssmith_> Goodbye to all who came, & thanks. 19:48:15 <lewyssmith_> -2 19:48:19 <lewyssmith_> -1 19:48:19 <ca-on-adam> -1.5 19:48:26 <lewyssmith_> #endmeeting