#mageia-qa log

19:01:21 <lewyssmith_> #startmeeting
19:01:21 <Inigo_Montoya> Meeting started Thu Aug 11 19:01:21 2016 UTC.  The chair is lewyssmith_. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:21 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:01:28 <wilcal> Done whew
19:01:48 <lewyssmith_> #topic Who's new? - If you are then come and say hello.
19:02:41 <lewyssmith_> Is ther anyone her who has not been to a QA IRC session before? If so, please speak up!
19:03:34 <lewyssmith_> Looks like not, so on we go!
19:03:41 <lewyssmith_> #topic Mageia 6 - How's it looking?
19:04:05 <wilcal> Note: new CI isos are due in the next day or so
19:04:10 <rindolf> Well, I still have a problem that my / and /usr partitions are mounted readonly.
19:04:47 <rindolf> It may be a systemd problem, but Colin Guthrie has been non-responsive.
19:04:48 <lewyssmith_> I am stuck in a Radeon rut with the Classic at present. Cannot boot fully.
19:05:06 <lewyssmith_> Hello
19:05:08 <wilcal> hello tj
19:05:15 <tjandrews> Hi.
19:05:30 <lewyssmith_> We are on 'mageia 6'.
19:05:36 <wilcal> Yes
19:06:31 <tjandrews> Taking a short break with a fan and a lemonade. Tropical weather here today, and I'm not used to it.
19:06:33 <wilcal> I have 5 working and updating copies. Plasma x86_64 on real hardware, Gnome i586 & x86_64, Plasma i586 & x86_64 as Vbox client
19:06:51 <lewyssmith_> Since there have not been new ISOs for some time, there should be little new to report.
19:06:56 <wilcal> all are running fine and updating
19:06:59 <lewyssmith_> tjandrews: How hot?
19:07:16 <wilcal> yes, people are coming off Holiday
19:07:31 <tjandrews> Around 92F, but dew points are in the 70's
19:07:44 <Luigi12_work> it's quite disgusting
19:07:46 <wilcal> ahh weather
19:07:55 <lewyssmith_> tjandrews: Too hot for comfort.
19:07:58 <ca-on-adam> Does "CI" stand for "Classical Installer"?
19:08:05 <wilcal> since last rain here there's been two earthquakes
19:08:10 <tjandrews> An understatement.
19:08:12 <wilcal> yes
19:08:23 <lewyssmith_> ca-on-adam: Yes - it is Bill's notation.
19:08:59 <tjandrews> 1.3 inches of rain yesterday. A BIG help to the crops.
19:09:18 <tjandrews> But we are here to talk Mageia, not weather.
19:09:20 <wilcal> so this is a good thing as the CI's have been a little behind the Live media
19:10:01 <lewyssmith_> Anything more on mageia 6? Especially what has *not* been aired on the milList.
19:10:25 <wilcal> best for everyone to look at the release blocker list
19:10:43 <lewyssmith_> That has been much discussed.
19:10:59 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=15527
19:11:00 <[mbot> Bug 15527: normal, release_blocker, bugsquad, NEW , [Tracker] Mageia 6 release critical
19:11:20 <wilcal> what's really a release blocker, or not
19:11:51 <wilcal> things like no auto log-in are a release blocker IMO
19:12:03 <lewyssmith_> But not mine.
19:12:24 <lewyssmith_> And is it specific to sddm?
19:12:40 <tjandrews> It would be for my brother, and annoys me, too.
19:12:47 <Luigi12_work> no there are more general issues
19:13:03 <Luigi12_work> the switch from wmsession.d files to xsessions broke chksession
19:13:03 <wilcal> IMO the Plasma desktop is settling down
19:13:10 <lewyssmith_> tjandrews: But the previous question?
19:13:48 <lewyssmith_> In other words, if you use a different display manager, is auto-login always screwed?
19:13:51 <tjandrews> I was talking about the no autologin being a release blocker.
19:14:19 <Luigi12_work> there's still plenty of serious issues
19:14:32 <lewyssmith_> BTW Welcome David.
19:14:37 <Luigi12_work> yo
19:14:55 <wilcal> hello luigi
19:15:06 <wilcal> do you need to do your report ASAP?
19:15:55 <lewyssmith_> I think Bill means - if so, we can give you the topic now.
19:16:08 <Luigi12_work> might as well knock it out I guess
19:16:17 <wilcal> i think we are done with M6
19:16:23 <lewyssmith_> #topic Luigi's roundup - Security news & expected updates
19:16:47 <Luigi12_work> been a while since we did a roundup actually, since I was on vacation last week and I don't think I did one the week before either
19:17:04 <wilcal> list is under control
19:17:18 <wilcal> anything(s) coming down the pipe?
19:17:44 <Luigi12_work> oh yeah
19:17:59 <tjandrews> That sounds ominous.
19:18:10 <ca-on-adam> dun dun dun
19:18:11 <lewyssmith_> Bill's "under control" screens a long list....
19:18:32 <Luigi12_work> shadow-utils is looking at an issue upstream
19:18:50 <Luigi12_work> binutils has several issues that have been fixed in newer versions (than even what we have in Cauldron) upstream
19:19:04 <wilcal> we need to turn the two kernel bugs loose i think
19:19:29 <Luigi12_work> there's an issue that may affect jenkins-remoting, owasp-java-html-sanitizer, and tiger-types (java crap), and there's an issue in apache-poi (more java crap)
19:19:45 <Luigi12_work> perl-DBD-mysql has a couple of security issues fixed in the latest upstream
19:19:51 <lewyssmith_> wilcal: Bill, validate them if you are confident.
19:20:01 <wilcal> will do after this meeting
19:20:12 <lewyssmith_> Thanks.
19:20:15 <Luigi12_work> perl has a security issue with loading things from the cwd, a couple of perl modules may be affected too
19:20:43 <Luigi12_work> there's a security issue affecting kdelibs4 and karchive (from KF5)
19:21:08 <lewyssmith_> Much of this looks intelligable for once.
19:21:36 <Luigi12_work> there are issues in flex, gdf-pixbuf2.0, imagemagick (again), golang, lighttpd, tor, redis, mongodb, stunnel, pdns, nodejs-minimatch, perl-CGI-Emulate-PSGI
19:21:55 <lewyssmith_> Coo...
19:21:58 <Luigi12_work> postgresql updates are coming today
19:22:18 <Luigi12_work> will have a libpng update at some point
19:22:25 <brian> ok - back
19:22:44 <Luigi12_work> got that bsdiff issue in QA right now, there will be another update for that coming later, as a more complete patch is being developed
19:22:56 <Luigi12_work> there are related issues in libarchive being looked at upstream right now, I patched one in Cauldron already
19:23:19 <lewyssmith_> #info There are loads of security updates on the way...
19:23:29 <tjandrews> Uh-oh. Just got the call... Stand needs more sweet corn, and I'm elected to go after it. Next week...
19:23:38 <wilcal> bye
19:23:41 <Luigi12_work> see ya
19:23:48 <Luigi12_work> I guess that's all I have for now
19:23:59 <lewyssmith_> All?
19:24:05 <Luigi12_work> some other packages awaiting updates too, been waiting for longer though
19:24:08 <wilcal> cool
19:24:09 <Luigi12_work> all previously mentioned
19:24:22 <lewyssmith_> Thanks anyway David.
19:24:33 <Luigi12_work> we won't have complete coverage of security updates anymore
19:24:43 <Luigi12_work> I can't do it all myself, will have less time in the future, and not enough are stepping up to help
19:25:04 <lewyssmith_> You have siad this before. It is worrying...
19:25:12 <wilcal> consul is committed to finding help
19:25:56 <lewyssmith_> Luigi12_work: Do *you* know of anyone who could help in this field?
19:27:42 <lewyssmith_> Silence is golden. Move on?
19:27:47 <wilcal> move on
19:27:51 <lewyssmith_> #topic Testing updates - Any difficulties, problems, issues?
19:28:14 <wilcal> tmb is stepping down for now
19:28:38 <lewyssmith_> Should this come later?
19:28:39 <Luigi12_work> it'd be nice if someone could figure out how to use AddressSanitizer to test bug 17536
19:28:40 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=17536 normal, Normal, qa-bugs, NEW , openjpeg2 new security issues CVE-2016-192[34], CVE-2016-318[1-3], and CVE-2016-479[67], openjpeg2-2.1.0-3.2.mga5.src.rpm
19:28:46 <wilcal> sorry
19:29:04 <Luigi12_work> we really need to get back to testing
19:29:05 <wilcal> I thougt we were anything else
19:29:09 <Luigi12_work> it'd been a ghost town in QA
19:29:24 <wilcal> summer time
19:29:24 <Luigi12_work> that django update has a test procedure and has been sitting for weeks
19:29:34 <wilcal> but that's coming to an end
19:30:04 <lewyssmith_> 17536: Len thought this was impossible to test; & if *he* is baffled there is no hope for the rest of us.
19:30:27 <Luigi12_work> it's been *tested*, the issue is I don't know if the first two CVEs are fixed or not
19:30:44 <lewyssmith_> I stand corrected.
19:30:51 <Luigi12_work> they're not easy ones where the PoC crashes something, you need this AddressSanitizer thing to sense the invalid memory accesses
19:31:26 <Luigi12_work> so I'm not sure if I can put those two CVEs in the advisory or not
19:31:32 <Luigi12_work> otherwise we could release it
19:32:05 <lewyssmith_> Can we push updates with just one OK?
19:32:11 <Luigi12_work> yes
19:32:15 <wilcal> yes
19:32:24 <lewyssmith_> I will see to it.
19:32:32 <wilcal> especially security updates
19:32:52 <lewyssmith_> [We scarcely get other sorts].
19:33:24 <asirris> I can look into using AddressSanitizer for bug 17536
19:33:42 <lewyssmith_> That would be great.
19:34:00 <Luigi12_work> I think the way it's used is you have to recompile the package with it added/enabled/whatever
19:34:04 <brian> I may have missed it  	ctdb new regression caused by CVE-2015-8543 fix in kernel
19:34:15 <brian> anybody attacking that one?
19:34:37 <lewyssmith_> asirris: If you do, note all you can on the bug for future refrence.
19:34:44 <Luigi12_work> don't think anybody's looked at the ctdb one
19:35:15 <wilcal> i've done the openssh before so i'll look at that
19:35:16 <rindolf> asirris: thanks!
19:35:21 <asirris> lewyssmith_ ok sounds good. I'll get to working at it and note everything. :)
19:35:38 <lewyssmith_> That will be much appreciated.
19:36:36 <lewyssmith_> Anything else on current updates?
19:37:06 <wilcal> not from me
19:37:12 <lewyssmith_> David?
19:37:43 <lewyssmith_> Implicit 'no'; so
19:37:46 <lewyssmith_> #topic Anything else?
19:38:00 <wilcal> tmb is taking a break
19:38:37 <wilcal> so lots of discussion on how too pick up the tasks he was doing at the council meeting today
19:38:48 <lewyssmith_> This implies no new M6 ISOs.
19:39:16 <wilcal> anne will be generating new CI isos by the weekend. She did these in the past
19:39:29 <lewyssmith_> Fingers crossed.
19:39:38 <wilcal> tmb did the live media and someone was suggested to pick those up
19:39:40 <ca-on-adam> Will the new isos be called sta2?
19:40:09 <lewyssmith_> We are already on (prematurely) release candistae...
19:40:11 <Luigi12_work> rc1 I believe
19:40:11 <wilcal> IMO the most vulnerable are the kernels/VirtualBox rpms
19:40:18 <Luigi12_work> yeah it's definitely premature
19:40:23 <Luigi12_work> should have just gone with sta2
19:40:35 <ca-on-adam> hmm
19:40:42 <lewyssmith_> We usually agree.
19:40:54 <lewyssmith_> (me & David)
19:41:00 <Luigi12_work> back in the beginning days of Mageia I maintained my own local version of the virtualbox package.  Assuming I'm not too strapped for time, I might be able to help with that.
19:41:04 <Luigi12_work> the kernel package is pretty complicated
19:41:23 <rindolf> Luigi12_work: should we upgrade to 4.8-rc*?
19:41:32 <Luigi12_work> rindolf: I don't think so
19:41:34 <rindolf> Luigi12_work: or is 4.7 longterm
19:41:36 <wilcal> hopefully a team will pick up the Kernel/Vbox stuff
19:41:55 <Luigi12_work> rindolf: 4.4 is the newest longtimer at this point
19:42:08 <lewyssmith_> 'Team' is the key word. We need another for yourself.
19:42:14 <Luigi12_work> rindolf: whenever the next one is designated, we can look at upgrading again
19:42:15 <rindolf> Luigi12_work: yes, but cauldron is already on 4.7
19:42:46 <Luigi12_work> rindolf: I know.  Of course if it is maintained for as short a time as some other ones, we may have to upgrade from it anyway, but we'll see what happens.
19:42:54 <lewyssmith_> Benmc: Hello Ben. We are finishing!
19:43:04 <Benmc> QA, Good morning
19:43:05 <Benmc> ok
19:43:08 <Luigi12_work> I just updated all the supporting packages for kernel 4.7, so let's try to stabilize that first
19:43:11 <wilcal> if we can get m6 out maybe we leave M5 kernel/vbox alone for now
19:43:52 <lewyssmith_> If these work, best to leave them alone.
19:43:59 <Luigi12_work> well, mga5 kernel will stay on 4.4, so I or someone may be able to figure out how to update that
19:44:10 <Luigi12_work> again, assuming time
19:44:31 <Luigi12_work> I don't know how tmb knew what CVEs were fixed in which kernels though
19:45:02 <lewyssmith_> A quickie from me: How do I change my name to back without the trailing _ ?
19:45:28 <Luigi12_work> do /nick
19:45:33 <wilcal> say "/nick" and the new handle
19:45:52 <wilcal> success :-)))
19:45:58 <lewyssmith> Thanks. Back to myself.
19:46:13 <Luigi12_work> lewyssmith: actually you need to switch it back again
19:46:19 <Luigi12_work> only you with the _ can end the meeting
19:46:27 <lewyssmith> Oh...
19:46:36 <wilcal> computers they'll never last
19:47:03 <Luigi12_work> I guess we're done here
19:47:09 <wilcal> I'm done
19:47:15 <lewyssmith_> Anything else else (as Claire puts it)?
19:47:21 <wilcal> lots of meetings today for me
19:47:28 <wilcal> not from me
19:47:41 <lewyssmith_> -5
19:47:42 <wilcal> count down time
19:47:46 <lewyssmith_> -4
19:47:50 <lewyssmith_> -3
19:47:54 <wilcal> bye alll
19:48:10 <lewyssmith_> Goodbye to all who came, & thanks.
19:48:15 <lewyssmith_> -2
19:48:19 <lewyssmith_> -1
19:48:19 <ca-on-adam> -1.5
19:48:26 <lewyssmith_> #endmeeting