#debian-lts log

14:58:18 <h01ger> #startmeeting
14:58:18 <MeetBot> Meeting started Thu Jan 28 14:58:18 2021 UTC.  The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:58:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:58:24 <h01ger> hello :)
14:58:28 <apo> hello
14:58:33 * utkarsh2102 waves
14:58:37 <h01ger> the agenda is at https://pad.riseup.net/p/lts-meeting-agenda
14:58:47 <h01ger> #topic greetings
14:58:56 <h01ger> happy new year! :-)
14:59:10 <lamby> :)
14:59:15 <h01ger> as usual, please indicate your presence and review/append the agenda
14:59:22 * buxy is here
14:59:26 * lamby is Chris Lamb
14:59:29 * utkarsh2102 waves o/
14:59:31 <apo> ahoi
14:59:41 <Beuc> hi
15:00:01 <bunk> hi
15:00:11 * h01ger will wait 2-3 more minutes before starting
15:01:35 <h01ger> seems you have nothing else for the agenda(?)
15:02:09 <utkarsh2102> we can probably start, if somebody has anything, they can add as we go!
15:02:44 <h01ger> right, lets got
15:02:47 <h01ger> #topic 2. unbound
15:03:14 <h01ger> i think this has mostly been discussed on the mailinglist? (and brought it here just in case, happy to move on quickly)
15:03:19 <h01ger> Beuc: buxy: ^
15:03:57 <buxy> Looks like beuc doesn't feel confident trying to push forward the idea of resurrecting support while switching to 1.9.x
15:04:48 <buxy> So we need to find someone else to step up or you need to collectively tell me that I'm wrong and that we should not accept the sponsor's request.
15:05:28 <h01ger> <b2fe7e91-f912-60f9-fedf-2814da5b85e5@beuc.net> in Beuc wrote "best if someone else takes over"
15:05:58 <buxy> But given unbound is basic infrastructure, I believe that we should aim to support it, but maybe it needs some discussion at the upstream level too.
15:06:11 <Beuc> (my mail from ~1h ago at deblts-team@freexian.com)
15:06:27 <h01ger> Beuc's evalution was rather pessimistic (the msg id i just put here)
15:06:38 <h01ger> https://lists.debian.org/b2fe7e91-f912-60f9-fedf-2814da5b85e5@beuc.net
15:07:37 <buxy> h01ger: hum, that message is not on the public list
15:08:00 <h01ger> sigh, right. too many lts lists
15:08:07 <h01ger> "too many"
15:08:32 <h01ger> buxy: i tend to trust Beuc's assessment, meaning if noone else steps up (to reevaluate first and then do the work, maybe), i think this already means "we should not accept the sponsor's request"
15:08:52 <h01ger> (tend to trust=it looks good/correct/etc ;)
15:09:20 <apo> why can't we just backport the buster version and let the sponsor test it?
15:10:29 <buxy> apo: that was my initial suggestion, but apparently the buster has some stability issues, that are unfixed and clerly the maintainer has no time to deal with it properly
15:10:55 <buxy> I suggested to try to bump buster to the latest upstream release in 1.9.x and I suggested Beuc to start with this step
15:12:15 <apo> what kind of stability issues? I use unbound myself and it works well. There is only one unfixed issue in Buster but the other two open stretch CVE are fixed there, so I would just find out if the sponsor can work with this version and then we can try to upgrade the package or try to find a targeted fix for the remaining issue
15:12:49 <buxy> see the discussion on the public list: https://lists.debian.org/debian-lts/2021/01/msg00012.html
15:13:01 <h01ger> apo: do you want to look into this and see whether you come to a different conclusion as Beuc ?
15:13:28 <buxy> +1, that would be great, yes
15:13:52 <apo> ok, I have a look and report back tomorrow
15:13:58 <h01ger> \o/
15:14:12 <h01ger> apo: also check the thread on the internal lts list..
15:14:19 <apo> will do
15:14:38 <h01ger> #action apo will look into supporting unbound, Beuc's thread and report back on the list
15:14:44 <h01ger> apo: yay & thank you!
15:14:54 <h01ger> #topic 3. PTS nodsa handling
15:15:04 <h01ger> https://salsa.debian.org/freexian-team/project-funding/-/issues/4
15:15:11 <h01ger> is the issue for this topic
15:15:18 <buxy> apo: I assigned you https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/18
15:15:26 <apo> just got the email, thanks
15:15:41 * h01ger is sorry to be bit too quick here
15:16:23 * h01ger also has nothing much to add to PTS nodsa handling besides that i really like to see the proposed change itself as well as this process seems to be working (funding more work)
15:17:45 <buxy> It's a nice first try, but it's not representative.
15:17:52 * h01ger nods
15:18:16 <buxy> I mean I'm involved with my freexian hat and my distro-tracker hat. Sebastien is involved as member of the security team but he works for freexian part time too.
15:18:19 <h01ger> btw, for those who havent looked at it yet, https://salsa.debian.org/freexian-team/project-funding/-/issues/4 also has screenshots of the proposed change
15:19:03 <h01ger> buxy: but Carles wasnt involved before or did i just not notice?
15:19:28 <buxy> h01ger: he was not, that's true, I guess he read it on planet debian, which is nice
15:19:44 <h01ger> then i think its pretty great
15:20:01 <h01ger> next topic?
15:20:35 <buxy> sure, I have nothing to add on this one
15:21:00 <h01ger> #topic 4. Why did no LTS contributor submit a project to be funded?
15:21:15 <h01ger> buxy: i guess you added this?
15:22:15 <buxy> Yes. When we decided this, it was also motivated by the fact that some things that we wanted to do in the LTS scope were too big for the 20% of your time that you can spend on other things than security updated
15:22:49 <buxy> so I was expecting you to submit project but so far nobody did
15:23:16 <buxy> Emilio said me once he might submit something related to the security tracker but that's about it and it did not happen yet.
15:23:42 <h01ger> well, its only been two months, or? and most of us are already quite busy...
15:24:41 <utkarsh2102> I have a follow-up question here but that's somewhat a different topic, so I'll put this into the "AOB" section.
15:24:41 <buxy> it depends on when you start counting, we communicated only recently, it's true but I have no sign of any activity, not even sign of interest
15:25:33 <h01ger> utkarsh2102: please /msg me the question, maybe it fits better here than at AOB?
15:26:45 <utkarsh2102> h01ger: I asked the same thing last meeting in November but couldn't write to the list. now that buxy is here, it'd be good to ask it here again, I believe. Last time he wasn't.
15:26:53 * h01ger is not surprised about this slow start. this is something completly new, there was no example yet, plus maybe also xmas etc
15:27:10 <utkarsh2102> h01ger: you have the question.
15:27:34 <h01ger> i'd repeat the question from topic in 3-4 months and try to spread the word further until then. having these in the monthly report on top is a good thing
15:28:07 <utkarsh2102> okay, asking now as h01ger says :)
15:28:24 <utkarsh2102> buxy: last meeting (in November) I asked:
15:28:25 <utkarsh2102> 15:36:38 <utkarsh2102> hey, should we kind of have a limit on where to stop saving the hours/money for funding projects?
15:28:36 <buxy> Please help spread the project too. I have been mentioning it from time to time when I have seen deadlocks where money could help.
15:28:51 <h01ger> buxy: good point
15:29:01 <utkarsh2102> for eg: we've saved a bunch of hours atm, should we now stop at some limit and use those hours for regular work?
15:29:24 <utkarsh2102> and when we have a project proposal, we'll add hours to the pool again.
15:29:46 <utkarsh2102> let's say, we keep a limit of 50 or 75 hours and then if it exceeds, we dispatch that for regular LTS work.
15:29:47 <h01ger> #info https://salsa.debian.org/freexian-team/project-funding has different small projects which wil improve LTS and which could mean paid work for $you. please apply!
15:30:14 <buxy> utkarsh2102: My interest is to build Freexian to help it fund more general Debian work so I don't see any reason to stop. If this current process doesn't work
15:30:50 <buxy> I will find some other way to spend it in useful ways (for example hiring someone and telling him what to work on)
15:30:51 * h01ger thinks utkarsh2102 meant if too much has been piled up. i can see how we want to avoid this and the best way to do so, is to spend it :)
15:30:58 <utkarsh2102> buxy: I am totally on board with that, but instead of just piling those hours up, it's better to use them for now, don't you think?
15:31:17 <utkarsh2102> h01ger: exactly!
15:31:17 <h01ger> utkarsh2102: but only one person has claimed interest so far
15:31:58 <buxy> Not really. Some projets cost way more than what we have on the side.
15:32:11 * h01ger is sure buxy will not 500h pile up and thinks we should indeed concentrate on spending it, by "taking" it
15:32:34 <utkarsh2102> well, sure then. If you have plans, then that's perfect.
15:32:44 <utkarsh2102> I was just afraid about the number of hours piling up.
15:33:15 <buxy> Someone suggested me to fund "PPA for Debian" and mentionned some 20+ KEUR figure needed...
15:33:39 <h01ger> thats a fancy castle for PPAs
15:33:42 <utkarsh2102> oh wow!
15:33:47 <utkarsh2102> for real :P
15:33:54 <h01ger> i agree PPAs would be super useful for many things
15:34:03 <lamby> :)
15:35:04 <buxy> I agree too but I'm just not convinced by the bikeshed proposed implementation.
15:35:05 <h01ger> so, please properly propose a PPA project ;)
15:36:12 * h01ger thinks this topic has come to an end for the moment. i've also just removed the 'sudo post mortem' topic (because relevant people are not here) and so we only have two topics left: next meeting and AOB.
15:36:26 <h01ger> (so we could discuss here a bit longer too)
15:36:36 <h01ger> or move on and finish a bit early
15:37:45 <h01ger> well then
15:37:55 <h01ger> #topic 5. next meetings
15:38:21 <h01ger> last thursday of the month, 15 UTC is the date, so this is mostly about the format
15:38:57 <h01ger> i'd propose: february 25th 2021, 15 utc, video meeting and march 25th 2021, 15 utc for the next irc meeting
15:39:02 <utkarsh2102> I guess this time we were going to give apo's server a shot, no? apo, is that still on?
15:39:11 <apo> sure
15:39:21 <utkarsh2102> awesome!
15:39:28 <h01ger> that's what techology?
15:39:39 <apo> I have tested it with some friends on new year, works great
15:39:42 <buxy> We could also try jitsi again, I was the one with issues, and I believe I have fixed my (hardware) issue...
15:39:43 <apo> nextcloud talk
15:40:31 <apo> I have a cloud server, so I just increase cpu, ram, etc. when we have our meeting, it should be fine for up to 10 people
15:40:45 * h01ger suggests apo's nextcloud for the next one and then maybe jitsi again, or apo if that worked flawlessly
15:40:58 <buxy> ok
15:41:04 <Beuc> I didn't try that one yet, one more solution to discover :)
15:41:13 <h01ger> #info next meetings: february 25th 2021, 15 utc, video meeting and march 25th 2021, 15 utc for the next irc meeting
15:41:27 <lamby> With all these geeks stuck at home, you would think that we'd have solved video chat by now, indeed. :)
15:41:38 <h01ger> #action apo will send instructions per mail how to join that meeting
15:41:39 <apo> :)
15:41:40 <utkarsh2102> haha
15:42:10 <h01ger> #topic 6. any other business
15:42:26 <lamby> Just to confirm, March 25th is a Sunday?
15:42:42 <utkarsh2102> lamby: February 25th -> meeting day
15:43:03 <h01ger> lamby: no, feb 25 and mar 25 are both thursdays. in 2021
15:43:27 <lamby> Oh I scrolled into May by accident; thanks
15:43:46 <h01ger> any other business? ;)
15:43:59 <lamby> Yes. I'm curious re.  "sudo post mortem"  -- there's something to discuss there beyond that sudo *had* a severe security problem. Happy to read a link / bug number
15:44:56 <h01ger> buxy was unhappy that the elts sudo update was 15h (?) later than the lts one and wants to improve things.
15:45:11 <h01ger> (15 = my estimate)
15:45:22 <lamby> nod, cheers
15:45:48 <utkarsh2102> a quick thing from my end
15:45:51 <utkarsh2102> kind of a news
15:45:54 <buxy> It's just that I find that we did not coordinate well here for ELTS. Thorsten and Ben were aware earlier of the sudo update and it was not released immediately like the others. Also something urgent like this should not be locked to someone while the person went to sleep when we have other contributors working.
15:45:55 <h01ger> it was an embargo'ed issue and some of us were in the loop. but as noone is here now, its pointless to discuss now
15:46:11 <utkarsh2102> on Dec 8, I rolled out a python-certbot update
15:46:20 <utkarsh2102> and then the maintainer told me and I quote
15:46:38 <utkarsh2102> "I just checked with Let's Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn't know LTS was still that used!"
15:46:40 <lamby> ^ thanks; the reference made me curious
15:46:55 <utkarsh2102> so just a good thing that LTS is being very widely used! \o/
15:47:03 <h01ger> utkarsh2102: hehe, very very nice!
15:47:04 <lamby> nice
15:47:13 * h01ger takes a note for the next monthly report
15:48:23 <utkarsh2102> on that note, I have another thing to quote from 4 days ago
15:48:32 <h01ger> utkarsh2102: go go go! :)
15:48:55 <utkarsh2102> "I and my mother (450 km away) run Debian and I like the fact I don't have to upgrade all the time! :) Thank you for Developing Debian" and taking care of LTS.
15:49:12 <utkarsh2102> I got this mail from Mikko, some person who missed the LTS survey and results.
15:49:23 <h01ger> #info on Dec 8 2020, utkarsh2102 rolled out a python-certbot update and then the maintainer told him: "I just checked with Let's Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn't know LTS was still that used!"
15:49:35 <utkarsh2102> he was very thankful for everyone's work! so a thank you to all! :)
15:50:27 <h01ger> \o/
15:51:08 <h01ger> any other business? :)
15:51:18 <buxy> Nice :) Thank you for your time!
15:52:29 <h01ger> alright, let's wrap this up early!
15:52:41 <utkarsh2102> 5 minutes early. heh?
15:52:47 <h01ger> thanks everybody for joining today (or reading backlog later!)
15:52:49 <lamby> Thanks all
15:52:55 <utkarsh2102> \o/
15:53:01 <apo> have a nice day
15:53:11 <Beuc> bye
15:53:42 <h01ger> o/
15:53:49 <h01ger> #endmeeting