#mageia-qa log

20:05:01 <DavidWHodgins> #startmeeting
20:05:01 <Inigo_Montoya> Meeting started Thu Jan 18 20:05:01 2018 UTC.  The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:05:01 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:05:05 <lewyssmith> Good group tonight.
20:05:05 <DavidWHodgins> #topic * Who's new? - If you are then come and say hello.
20:05:23 <DavidWHodgins> So, anyone here who hasn't been to a qa team irc meeting before?
20:05:48 <DavidWHodgins> #topic * Spectre and Meltdown hardware flaws and kernel status
20:05:55 <DavidWHodgins> tmb: Are you here?
20:06:04 <wilcal> I still here lots of uncertainty over this
20:06:24 <DavidWHodgins> Yes. Especially the microcode updates
20:06:37 <DavidWHodgins> Apparently causing problems on some hardware
20:06:38 <tmb> yep
20:06:51 <wilcal> Still no real exploits in the wild yet, correct?
20:06:55 <DavidWHodgins> What's your take on the status?
20:07:01 <DavidWHodgins> wilcal: Nope
20:07:30 <tmb> DavidWHodgins, what status ?
20:07:55 <DavidWHodgins> Of the spectre updates, especially the microcode packages
20:08:16 <wilcal> Explain how microcode will effect us
20:08:35 <tmb> DavidWHodgins, you mean RH pulling the microcodes ?
20:08:41 <DavidWHodgins> Yes
20:10:05 <tmb> Well, I havent seen/heard any problems on Mga yet... so I was thinking of waiting out the new set of microcodes that should land next week...
20:10:26 <DavidWHodgins> Ok.
20:10:35 <wilcal> So the "microcode" is part of the kernel updates?
20:10:37 <DavidWHodgins> Btw, no problems so far on my systems
20:11:00 <DavidWHodgins> wilcal: It's often included with the kernel updates, but is a seperate package.
20:11:45 <DavidWHodgins> It's very hardware dependent, so needs a wide variety of testers
20:12:06 <wilcal> If everyone has to reflash their bios or such that'll turn into a nightmare
20:12:07 <tmb> I mean since the "workaround" is easy if needed: urpme microcode && dracut -f && reboot
20:12:40 <DavidWHodgins> That's provided the user can get into the system to run those commands
20:13:29 <DavidWHodgins> wilcal: Yes, especially since it can brick a system (been there, done that).
20:14:07 <DavidWHodgins> With a soldered on bios chip, that meant replacing the motherboard.
20:14:10 <wilcal> Lots and lots of legacy platforms running critical applications
20:14:41 <tjandrews> And how many of our users are running systems considered obsolete that won't be updated?
20:14:50 <wilcal> Intel can't just condem 15 years of motherboards
20:14:51 <tmb> DavidWHodgins, well so far most issues I've seen is when systems are heavy loaded, so most should be able to boot
20:15:03 <DavidWHodgins> Ah. Ok.
20:15:11 <brian__> well - two of mine at least
20:15:25 <brian__> but no issues so far
20:15:32 <wilcal> So the last kernel update contained some "fixes" right?
20:16:08 <DavidWHodgins> My understanding is that it includes fixes for variant 2 of spectre (meltdown was variant 3).
20:16:32 <wilcal> I have'nt seen any slowdown that I can notice
20:16:59 <brian__> on my i3 I thought I did, but thankfully it was a bad extension in firefox
20:17:12 <brian__> x extension, life better
20:17:50 <DavidWHodgins> I've noticed a few, for example loading opera where my mail storage has over 180,000 msgs stored in it. Roughly a 20% increase in loading time.
20:18:16 <tjandrews> Mageia 8 in vbox seems a bit slower on my Core2Duo.
20:18:27 <DavidWHodgins> Any application that opens a large number of files is noticeably affected.
20:18:30 <tjandrews> Mageia 8= Mageia 6
20:18:32 <wilcal> That's a database function and as I understand it that's where performance will be effected
20:18:39 <tjandrews> Fumble fingers.
20:18:43 <DavidWHodgins> :-)
20:18:56 <tmb> No, we patched for Meltdown, as that one is the easiest exploited one...
20:19:47 <tjandrews> Maybe I need a microcode patch for my fingers... ;)
20:19:48 <DavidWHodgins> The new patches are for Varient 2, are they not?
20:19:50 <tmb> microcode takes care of parts of variant 1, and fixes for variant 2 is now starting to land upsream....
20:19:58 <wilcal> So expect another round of kernels in a week or two?
20:20:40 <tmb> I already have a 4.14.14 in testing but it misses some bits so I wont assign to qa yet
20:21:13 <lewyssmith> Just the desktop & server?
20:21:34 <brian__> and tmb I hope as I use that on my lappy
20:21:35 <tmb> compiler part for variant 2 have started to get merged in gcc 8 & 7.3, and will be backported afaik to all active branches...
20:22:19 <tmb> and kernel bits for variant 1 have been posted on lkml for rewview so they will end up in kernel soon-ish
20:22:31 <tjandrews> I considered trying 4.14.14, but decided to wait for the vbox kmods.
20:22:41 <DavidWHodgins> So from the qa teams point of view, we should expect more fixes, but they will not be as urgent as the meltdown fixes were.
20:22:56 <lewyssmith> brian__, I do not think these scares affect anyone but VM type servers.
20:23:24 <lewyssmith> Or servers with shared DB.
20:23:37 <DavidWHodgins> I guess the most severely affected are those companies that run cloud servers.
20:24:02 <brian__> that was my thought.  With browsers adding randomization, makes me think they are concerned with drive-by
20:24:38 <lewyssmith> Most individual or private systems are not vulnerable. You share stuff with yourself.
20:24:48 <wilcal> AWS must be going crazy inside
20:24:50 <tmb> the problem is that no-one really can say so far where all this mess ends
20:25:11 <lewyssmith> Lots of business for Intel next time round.
20:25:12 <brian__> true
20:25:21 <tmb> for every new info that rolls out about this shows way more ways to exploit
20:25:32 <wilcal> People scared into buying a new computer
20:25:41 <lewyssmith> Unjustly.
20:25:48 <brian__> only those of us with tin-foil hats
20:25:53 <tmb> wilcal, that wont help
20:25:55 <DavidWHodgins> Which won't help if the new ones are just as broken
20:26:24 <tmb> we need new hw design... something that usually takes 2-5 years to roll out :)
20:26:26 <brian__> what might be interesting is if cloud vendors may have to adjust rates because of additional cpu load
20:26:39 <DavidWHodgins> Looks like more people will have to learn safe hex, and layered security.
20:27:07 <brian__> it would be nice, but most leave their routers with default admin and password.
20:27:30 <DavidWHodgins> I know. :-(
20:27:38 <wilcal> I heard that the Raspberry Pi is not effected :-))
20:27:41 <brian__> so meltdown might drive people to buy laptop coolers instead.  ;-)
20:28:13 <DavidWHodgins> Anyway, we're really drifting off topic. Let's get back to the meeting. :-)
20:28:17 <DavidWHodgins> #topic * Testing updates - Any other difficulties, problems, issues?
20:28:49 <DavidWHodgins> The graphical stack, bug 22392 is a big one.
20:28:51 <[mbot> Bug: ['Updated graphical stack for mga6', 'NEW', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22392
20:28:54 <wilcal> Sorry my activity testing updates has been quite low as I pack for my move
20:29:11 <brian__> is that across all UI's?
20:29:16 <tjandrews> Not many updates for Mageia 6 that aren't related to the previous topic.
20:29:21 <DavidWHodgins> brian__: Yes
20:29:33 <brian__> ok - that's approachable then
20:29:53 <wilcal> I question the need for the Vbox update in M5. Is that because of Spectre and Meltdown?
20:29:59 <brian__> nextcloud - can someone answer my ?'s?
20:30:04 <DavidWHodgins> As usual, we need people with nvidia hardware to test that update, bug 22410
20:30:06 <[mbot> Bug: ['Update request: nvidia340 340.106', 'NEW', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22410
20:30:31 <brian__> can't help there, I think that's TJ's realm
20:30:36 <tjandrews> I did my part.
20:30:37 <brian__> mine are 304
20:30:38 <tmb> wilcal, there is no vbox for mga5
20:31:18 <lewyssmith> tjandrews, You did indeed, and elsewhere.
20:31:40 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=22408
20:31:42 <[mbot> [ 22408 – Update request: virtualbox 5.2.6 ]
20:32:00 <tjandrews> I tested on an AMD system. We need somebody with an Intel system on the nvidia340 driver.
20:32:02 <wilcal> Ok sorry now i see
20:32:47 <brian__> I still have outstanding questions on https://bugs.mageia.org/show_bug.cgi?id=22026
20:32:49 <[mbot> [ 22026 – Upgrade the nextcloud server in updates to prevent the mess we had in MGA5 with backports. ]
20:33:08 <brian__> 1.  It says it is a major and rejects
20:33:21 <brian__> 2.  straight install results in a new requirement for mariadb
20:33:43 <DavidWHodgins> Been a long time since I looked at nextcloud. It was relegated to backports as the updates often included manual config file changes, so the updates were not "just  installable".
20:33:58 <brian__> hasn't changed
20:34:36 <DavidWHodgins> For not working with sqlite, we'll have to wait to hear back from the packager if that was upstream, or a packagers choice.
20:34:39 <brian__> my concern is if we make 12.03 default, then nextcloud becomes painful to implement
20:34:52 <brian__> yeah - hopefully soon
20:34:55 <tmb> brian__, if it *requires* mariadb (the server part), then it's broken update... we dont force install of db server on same host
20:35:00 <brian__> I'm about to get very busy again
20:35:26 <DavidWHodgins> It should have a requires that includes either mysql, or mariadb, or (if it works) sqlite.
20:36:05 <brian__> it works, as I took 11.03 set it up, moved to 12.03, then reset up users with sqlite
20:36:10 <tmb> no, that will force installing a sql server on a host even if you have a separate sql server already
20:36:18 <DavidWHodgins> tmb: Ah. Good point.
20:36:40 <brian__> default should be light footprint for amateurs like myself.
20:36:48 <DavidWHodgins> I forgot that the db server can be on a seperate host.
20:36:51 <brian__> otherwise we'll have default password maria's all over the place
20:37:41 <DavidWHodgins> brian__: I think that's just a matter of clearer documentation, that a db server must be available.
20:38:13 <brian__> hmm - older version provides sqlite, that's my complaint
20:38:40 <brian__> and I tried getting modules, but it is a task to make it work.  granted, no idea if more than a handful use nextcloud on mageia
20:38:48 <DavidWHodgins> But it probably shouldn't have.
20:39:20 <brian__> possibly, but it sure made it easy and it does warn you about performance, etc.
20:39:22 <DavidWHodgins> The db server to use has to be a choice
20:39:54 <brian__> got it, then 12.03 is fine, just painful to build
20:40:03 <brian__> quite painful
20:40:16 <DavidWHodgins> If I have a mysql server running, I don't want to be forced to install an sqlite server too.
20:40:38 <brian__> and it won't, it just offers that as an option during first startup
20:40:56 <lewyssmith> I thought sqlite was self-contained with its application.
20:41:36 <brian__> you can pick mariadb, mysql in 12.03.  11.03 recommended them, but offered sqlite which is my choice because it is.
20:41:50 <DavidWHodgins> There is a seperate package called nextcloud-sqlite
20:42:12 <brian__> I'll try another round with that included and see what splatters
20:42:35 <brian__> in such case, it is just documentation.
20:43:05 <brian__> thanks for engaging me on this.
20:43:27 <DavidWHodgins> Ok, Other updates. :-)
20:44:04 <DavidWHodgins> I haven't tried running the vb update yet. It installs ok. WIll test it after the meeting.
20:44:27 <DavidWHodgins> bug 22399 I haven't looked at yet.
20:44:29 <[mbot> Bug: ['gdk-pixbuf2.0 new security issue CVE-2017-1000422', 'ASSIGNED', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22399
20:44:46 <lewyssmith> It will be done.
20:44:51 <DavidWHodgins> That's it for updates. :-)
20:44:59 <lewyssmith> Hardly any.
20:45:08 <DavidWHodgins> #topic * Anything else
20:45:18 <wilcal> Not from me
20:45:19 <brian__> nothing here
20:45:26 <lewyssmith> Not here.
20:45:31 <DavidWHodgins> Looks like countdown time then.
20:45:35 <DavidWHodgins> T - 5
20:45:38 <DavidWHodgins> 4
20:45:38 <wilcal> bye all
20:45:41 <DavidWHodgins> 3
20:45:43 <DavidWHodgins> 2
20:45:46 <lewyssmith> Goodbye everyone.
20:45:46 <DavidWHodgins> 1
20:45:55 <DavidWHodgins> Thanks for coming everyone!
20:46:00 <DavidWHodgins> #endmeeting