20:01:20 <waldi> #startmeeting
20:01:20 <MeetBot> Meeting started Fri Apr 12 20:01:20 2019 UTC.  The chair is waldi. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:01:20 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:01:31 <ta> hi everybody
20:01:32 <waldi> welcome everyone
20:01:45 <waldi> please speak up
20:01:58 <ansgar> Hi :-)
20:02:32 <Ganneff> moo
20:03:13 <waldi> loops like i'm not alone
20:03:22 <waldi> #topic Check action items from last meeting
20:03:57 <ansgar> I think all the secure boot stuff is done for now.
20:04:20 <waldi> the signing service is still unstable?
20:04:52 <ansgar> It has a db connection leak which makes it unhappy.  And probably not nice error handling (no reports when something fails).
20:05:27 <waldi> #info secure boot stuff is done, signing service still unstable
20:05:40 <ansgar> There is also a problem with backports (request to sign comes in while the template package is still in the policy queue)
20:06:55 <waldi> what does it currently take to clear this up? will it work for security uploads or fail the same way?
20:07:09 <jcristau> ansgar: does that mean pu-new will have the same issue?
20:07:59 <ansgar> waldi: It should work for security (there uploads go already to the buildd queue while they are in the policy queue; that's what I though of when writing it).
20:08:06 <ansgar> jcristau: Hmm, possible.
20:08:46 <ansgar> It works once the upload is accepted for -backports.  For p-u-new that is less good.
20:09:05 <ansgar> (As there it usally takes longer for packages to get accepted)
20:10:37 <ansgar> Any other action items?
20:10:57 <waldi> something about removed packages
20:11:17 <waldi> err, out-of-date packages
20:11:31 <ansgar> Ah, that can come when talking about kfreebsd, hurd.  I didn't do much, but look a bit yesterday or so.
20:11:47 <waldi> okay
20:12:14 <waldi> #topic Generating new key for Buster
20:12:19 <waldi> ansgar: please
20:12:34 <ansgar> We are behind with generating new keys.  They should be included in the next point release.
20:12:41 <ansgar> So current plan:
20:13:10 <ansgar> primary key + signing subkey (which will get on the YK); primary key can also be used for signing should subkey need to be revoked.
20:13:47 <ansgar> We had 3/5 shares for key recovery the last time.  I suggest to do the same this time and give each ftp-master one share.
20:14:02 <Ganneff> ay
20:14:15 <ta> ok
20:14:27 <Ganneff> who is doing the keys?
20:14:32 <ansgar> (An encrypted version of the primary key will also stay on ftp-master; it's at least needed when signing the new key)
20:15:00 <ansgar> We can also (finally) use the current key on sec-master.
20:15:25 <ansgar> (Well, ftp-master or sec-master. The host where it was generated on and for)
20:15:51 <ansgar> I can do them again; there is still the script in dak/scripts/debian for generating them.
20:16:27 <ansgar> Will also sign them with the old key (same as last time)
20:16:40 <Ganneff> and some of us masters?
20:17:07 <ansgar> That too.  People who want to sign the key can look on ftp-master, sec-master and/or call me.
20:17:18 <Ganneff> gut
20:17:25 <ansgar> Ah, ftp-master will also be designated revokers again.
20:17:32 <Ganneff> sounds good.
20:17:46 <Ganneff> .oO(so we can do most damage when we suddenly want to resign :) )
20:18:17 <ansgar> Well, that problem already exists when one has access to the key...
20:18:39 <Ganneff> sure
20:18:56 <ansgar> Users also won't get the revocation automatically, but that's a different problem.
20:19:45 <ansgar> #action ansgar to generate new keys
20:20:18 <Ganneff> thats for waldi chair.
20:20:27 <waldi> #chair ansgar
20:20:27 <MeetBot> Current chairs: ansgar waldi
20:20:44 <waldi> and no, action can be done by everyone
20:21:07 <Ganneff> hrm
20:21:14 <Ganneff> next?
20:21:17 <waldi> okay
20:21:33 <waldi> #topic kfreebsd, hurd
20:22:01 <ansgar> So, some time ago we sent a mail about the state of kfreebsd & hurd.
20:22:05 <MTecknology> action burn 'em :)
20:22:43 <ansgar> I'm not sure if we got useful discussion from it?
20:22:44 <Ganneff> hurd is in a bad state for as long as im master, if not longer.
20:23:03 <highvoltage> sad
20:23:04 <Ganneff> i think we should just decide and be done and stop talking
20:23:18 <Ganneff> it wont get magically better anytime soon
20:23:27 <ansgar> I noticed that they have much more out-of-date binaries (15% for kbsd, 10% for hurd; vs 0.5% for release arch)
20:23:32 <Ganneff> and kfreebsd doesnt seem to have any real support behind it either
20:23:41 <ansgar> That is sometimes a bit annoying when dealing with cruft.
20:24:03 <Ganneff> so time for us to get loved again, and declare em out
20:24:28 <Ganneff> anyone really wanting to keep them?
20:24:34 <Ganneff> (from us, i mean)
20:24:35 <ansgar> (Arch:all also has lots of cruft, 6.9%, but that might be due to kbsd, hurd cruft; not sure)
20:25:06 <ta> if it is in the way than away with it
20:25:35 <waldi> the ports people will cry again, but well
20:25:39 <Ganneff> so noone in favor.
20:25:43 <waldi> nope
20:25:56 <ansgar> Ports has at least one advantage for them: they could use autosigning.
20:26:06 <Ganneff> anyone else who wants to do the job, or should i?
20:26:14 <waldi> #agreed freebsd and hurd will move off of ftp-master
20:26:44 <Ganneff> the job == one mail we remove in 2 weeks. then in 2 weeks do the dance with c-s to get rid of them in unstable and experimental, then s-a rm
20:27:16 <Ganneff> one q: do we archive before removal? ie. import on archive.d.o?
20:27:23 <Ganneff> only has old stable releases as of now.
20:27:47 <Ganneff> one could argue "nope", and historical foo can be found on snapshot, archive.d.o is for released stuff
20:27:49 <ansgar> We didn't do that for other architectures.  And if it is on ports, it is still accessible anyway.
20:28:14 <Ganneff> if they import it soon enough...
20:28:22 <Ganneff> worst case there is snapshot still.
20:28:41 <Ganneff> ok. so, noone else it seems? then its me?
20:28:56 <ta> it doesn't hurt to archive it, does it?
20:29:09 <Ganneff> its a precedent and it takes space.
20:29:35 <ta> space is cheap
20:29:36 <Ganneff> and until now we only ever had released stuff there
20:29:44 <Ganneff> not really.
20:29:47 <ta> ok, so no archive
20:30:16 <Ganneff> right, someone action this and then off to next.
20:30:23 <waldi> #action Ganneff to send mail and remove kfreebsd and hurd
20:30:40 <waldi> #topic any news for OpenSSL
20:31:08 <Ganneff> whats the freebsd porter list?
20:31:30 <ansgar> debian-bsd@
20:31:35 <Ganneff> thanks
20:32:04 <Ganneff> no news for openssl from me. honestly, i just ignored that recently. postpone? (and get to it soonish?)
20:32:29 <ansgar> I think I sent a mail to ftpmaster@.  Only Ganneff replied so far.
20:33:14 <ansgar> We also have a bug against ftp.d.o now (for Postgresql, which itself is fine, but has GPL rdeps)
20:33:50 <ansgar> As a bad person I think we have the same problem much more large-scale too: libgcc1 is not GPL-2-compatible, but lost of GPL-2-only stuff links it...
20:34:52 <ta> so the easiest way would be to declare all of them as system library ...
20:35:19 <ta> Fedora got no problems so far ...
20:37:09 <ansgar> The subject of my mail was "OpenSSL, Git and the GPL"; but we can discuss in more detail by mail.  It probably doesn't work that well in a short meeting.
20:38:50 <waldi> okay, let's discuss that further by mail
20:39:49 <ansgar> Just for the log: the postgres bug is https://bugs.debian.org/924937
20:39:54 <waldi> #agreed we'll discuss that further by mail
20:40:05 <waldi> #info the postgres bug is https://bugs.debian.org/924937
20:40:45 <waldi> anything else on this?
20:41:46 <waldi> okay. let's skip to the last point of the evening
20:41:51 <waldi> #topic Any other business
20:42:24 <ansgar> The next meeting should be at `date -d@1557518400` (2019-05-10 20:00 UTC)
20:42:28 <Ganneff> jftr, wheez is gone from mirrors, jessie backports gone too, jessie lts stays, rest gone.
20:42:54 <Ganneff> jessie lts being the lts architectures, lts otherwise happening on security.
20:43:19 <Ganneff> and by now all the bugs from that removal stuff have been fixxored too, with empty -update suites and installer being back too.
20:44:39 <ansgar> Is there anything to do for buster (besides keys)?
20:44:49 <waldi> #info The next meeting should be at `date -d@1557518400` (2019-05-10 20:00 UTC)
20:44:49 <Ganneff> not until release time, i think
20:45:02 <Ganneff> empty updates suites and buster backports (empty) do exist
20:45:12 <Ganneff> well, no buildd stuff setup yet for that.
20:45:21 <waldi> empty security as well?
20:45:28 <MTecknology> Wow.. I was reading through d/copyright for libgcc1 and all the implications made by the exceptions are making my head spin.
20:45:43 <Ganneff> waldi: existed since 2017
20:45:48 <waldi> okay
20:46:06 <ansgar> waldi: security also has the buildd queue setup.  It should be all ready for buster.
20:46:21 <Ganneff> well. we might want to do the buildd stuff on ftpmaster, but meh :)
20:46:40 <Ganneff> dak admin really needs to get better in adding suites (do the buildd crap automagically, have an option to make it a policy suite using one, etc)
20:46:54 <Ganneff> and removing should also be way easier with less manual action needed
20:46:57 <Ganneff> its orrible.
20:47:26 <ansgar> Ganneff: There is a command to setup a buildd crap.
20:47:39 <ansgar> `dak admin suite add-build-queue`
20:47:43 <Ganneff> why do i need to run an extra command and stuff?
20:47:51 <Ganneff> (and policy queue?)
20:48:02 <Ganneff> anyway. meeting over?
20:48:03 <ansgar> policy queues have no such thing.
20:48:30 <ansgar> Nothing more from me at least.
20:48:35 <ansgar> Also, I'm hungry ;-)
20:48:53 <waldi> if there is nothing more... thank you for attending
20:49:00 <waldi> #endmeeting