#debian-lts log

13:58:26 <santiago> #startmeeting LTS monthly meeting. Agenda, https://pad.riseup.net/p/lts-meeting-agenda
13:58:26 <MeetBot> Meeting started Thu Sep 28 13:58:26 2023 UTC.  The chair is santiago. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:58:26 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:58:31 <utkarsh2102> just #startmeeting
13:58:40 <utkarsh2102> no?
13:58:52 <santiago> utkarsh2102, indeed. thanks
13:58:59 <jochensp> o/
13:59:16 <santiago> hi everyone! Please say hi if you are here
13:59:19 <lamby> hey all
13:59:21 <jochensp> hi
13:59:24 <buxy> hi
13:59:26 <Beuc> hey
13:59:27 <guilhem> hello
13:59:27 <pochu> hi
13:59:29 <ta> hi
13:59:37 <bhe[m]> hi
13:59:39 <utkarsh2102> (#topic rollcall)
13:59:41 <utkarsh2102> hey!
13:59:50 <rouca> hey
13:59:51 <petn-randall> hi
13:59:59 <bunk> hi
14:00:07 <santiago> #topic rollcall
14:00:23 <rouca> hi
14:00:38 <ta> hi again
14:00:43 <santiago> as you can see, this is my first time hosting an IRC meeting :-)
14:00:56 <lamby> You're doing great. :)
14:01:09 <helmut> hi
14:01:12 <santiago> and thanks I have help from utkarsh2102
14:01:18 <bhe[m]> Hi again.
14:01:32 <santiago> Roberto is on VAC, so I am hosting the meeting
14:01:48 <utkarsh2102> hello
14:01:57 <santiago> we have four items in the agenda, and I think we can start
14:02:16 <santiago> #topic Reminder: LTS Extra Tasks
14:03:00 <santiago> the first topic is a about LTS extra tasks. This is actually well described in the agenda, so I invite you to read it. In any case, Roberto wanted to remind there are non-security-update tasks to be done, e.g. those listed in:
14:03:12 <santiago> https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/
14:03:32 <santiago> and that we can spend up to 25% of our time on them
14:04:07 <santiago> so, please, don't hesitate to look at them, and pick any issue interesting for you
14:04:56 <lamby> Nice - looks like this has expanded a lot since the last time I looked
14:05:10 <santiago> it could be useful to make sure to get notifications from https://salsa.debian.org/lts-team/lts-extra-tasks
14:05:46 <utkarsh2102> absolutely!
14:06:09 <santiago> I personally set my notifications in Watch. Otherwise, you only get notified when you are mentioned/assigned/whatever
14:06:28 <santiago> any questions or comments regarding those tasks?
14:06:31 <buxy> some are straightforward and can be implemented straight away, other require more thoughts and coordination and it's then good to get some approval before spending many hours on them
14:06:51 <buxy> if you are unsure please ask
14:07:06 <santiago> indeed!
14:07:47 <santiago> more comments?
14:08:05 <rouca> no thanks santiago
14:08:13 <santiago> it seems we can go ahead with next topic
14:08:29 <santiago> #topic New LTS contributor report guidelines
14:08:55 <santiago> this is also a topic brought by Roberto, that I acknowledge
14:09:11 <helmut> one late question. should autopkgtest failures be -update-tasks or -extra-tasks? roberto let me file them in -update-tasks
14:09:53 <santiago> helmut, I would say -update-tasks too
14:10:27 <buxy> Same here, as the net result will likely be a package update.
14:10:29 <santiago> I understand -update-tasks covers tasks related to the packages and their uploads
14:11:00 <santiago> so it makes sense to file the autopkgtest-related issues there
14:11:12 <helmut> Now I get the difference. Thank you
14:11:23 <santiago> great. you are welcome!
14:12:07 <santiago> #undo
14:12:07 <MeetBot> Removing item from minutes: <MeetBot.items.Topic object at 0x159da10>
14:12:12 <santiago> grrr
14:12:19 <santiago> #topic Reminder: LTS Extra Tasks
14:12:35 <santiago> #info autopkgtest-related issues to be filled in -update-tasks
14:12:40 <santiago> sorry for the noise
14:12:49 <santiago> #topic New LTS contributor report guidelines
14:13:25 <santiago> so, the monthly team report is partly made from the individual reports
14:13:44 <santiago> I am thinking especially to the content of "Evolution of the situation" section, which is a narrative news section
14:14:26 <santiago> to make the writing of the report easier, it would be great it we all follow those new guidelines, so it will be easier for us (Roberto and/or myself) to identify topics worth mentioning in the news :-)
14:14:51 <santiago> the goal of the report is to make (reading) sponsors know we are making good use of their money, and the news could give them important insights of our work
14:15:24 <rouca> thanks santiago for this normative text
14:15:42 <santiago> I remember tobi's report from last month was useful, and it is a good example
14:16:09 <santiago> any question?
14:16:27 <pochu> ack, will look at it
14:16:28 <lamby> Could you #info tobi's report? :)
14:17:19 <buxy> #info good sample report from tobi: https://lists.debian.org/debian-lts/2023/09/msg00008.html
14:17:32 <santiago> thanks buxy
14:17:33 <utkarsh2102> santiago: I think it'll be really useful if you or/and Roberto could go through everyone's report next month (when it's time) and give private feedback to those who still have $things to fix
14:18:35 <ta> santiago: yes any kind of feedback would be great
14:18:49 <utkarsh2102> this way it'll be better as they would have direct "actionable" feedback
14:19:01 <santiago> utkarsh2102, ta, OK, I'll discuss with el_cubano about this
14:19:03 <guilhem> +1
14:19:07 <utkarsh2102> much better than a simple reminder to adhere to the guidelines.
14:19:30 <santiago> keep in mind that we are ~18 active people currently. so it could take some time to give private feedback
14:19:48 <utkarsh2102> of course, it can be an iterative thing
14:19:49 <lamby> *nod*
14:19:49 <santiago> but it is something to be discussed with him
14:19:59 <utkarsh2102> if you look at a report and have immediate feedback, tell them
14:20:06 <santiago> in any case, I will take care of the report next month
14:20:13 <santiago> ack
14:20:14 <buxy> opposite example to not follow: https://lists.debian.org/debian-lts/2023/09/msg00012.html %-)
14:20:21 <utkarsh2102> otherwise, you can review in batches of 6 or 9 or whatever
14:21:21 <santiago> yeah... it is more difficult of course to go through all the listed packages and CVEs, and see if there is something worth mentioning
14:22:25 <santiago> I ackowledge writing something more verbose could be a burden for some, but we are needind an essay either :-)
14:22:43 <santiago> any other question?
14:22:49 <santiago> or comment
14:24:04 <rouca> no thanks for the work santiago, please add example of good report to LTS-contributor-report-guidelines.html
14:24:24 <santiago> #action everybody to look at the contributor report guidelines
14:24:53 <santiago> #action el_cubano and santiago discuss about giving feedback to individual reports
14:25:47 <santiago> #action santiago: add a good report sample to LTS-contributor-report-guidelines.html
14:25:54 <santiago> so let's move forward
14:26:03 <petn-randall> So where is this linked exactly?
14:26:33 <jochensp> petn-randall: deblts-team/documentation.git
14:27:45 <buxy> #info https://freexian.gitlab.io/services/deblts-team/documentation/lts/LTS-contributor-report-guidelines.html (restricted to LTS contributors paid by Freexian)
14:28:33 <santiago> petn-randall, also, look at the email "New LTS contributor report guidelines" sent by Roberto on Sept 1st
14:29:00 <santiago> no more questions?
14:29:25 <santiago> #topic Reminder: please take a look at packages needing an upload since a long time ago
14:29:27 <petn-randall> santiago: Ah, I missed that mail.
14:29:51 <santiago> this is a gentle ping so we take care of "old packages"
14:30:29 <santiago> there are a set of very old packages, but looking into the details, with the exception of three or four (salt, rails, docker.io), the situation is not catastrophic, actually
14:30:36 <rouca> could this package could be marked specialy under find-work (special color)
14:30:50 <rouca> or have a extra score depending of aging ?
14:30:55 <helmut> how das that reminder interact with find-work?
14:31:11 <helmut> heh. rouca was faster
14:31:33 <rouca> adding sqr(aging) to score seems mathematically resonable
14:31:49 <rouca> or better sqrt(aging)*basescore
14:32:09 <santiago> yes, better sorting them seems reasonable
14:33:08 <santiago> there are especially nova, cinder and co, but we those are "remaining packages", and we are not aware of any user using them (./find-work already classify them/sort them at the bottom of the list)
14:33:30 <rouca> for individual package: docker.io is hard (santiago could comment here)
14:33:35 <santiago> but, in any case, special attention is _really_ needed for salt, rails and docker.io
14:34:05 <santiago> yeah, for docker.io, rouca and I have been working/testing, but it has taking quite some time. I hope to resume my part of the work next week.
14:34:11 <Beuc> I think we had a task for reworking package priority, maybe https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/25
14:34:41 <rouca> for salt it will need a backport and moreover salt is not in stable/testing/unstable
14:34:42 <Beuc> I can do the changes in find-work, maybe with a discussion and testing various score calculation methods
14:35:19 <Beuc> Adding a color for age > 21 is trivial, I could do it after the meeting.
14:35:40 <Beuc> (since we now have the age readily available in the reworked find-work :))
14:35:45 <santiago> Beuc, thanks
14:36:01 <rouca> beuc: use a configurable exponent in ageinday^exponent*basescore
14:36:12 <utkarsh2102> fwiw, I'll take care of rails
14:36:25 <utkarsh2102> within next two weeks
14:36:36 <utkarsh2102> there is some drama involved with that, I just want to get it right
14:37:05 <utkarsh2102> if not within two weeks, at least, I'll add a solid note with the progress, et al
14:37:07 <helmut> can we discuss the specifics of the find-work algorithm elsewhere?
14:37:09 <santiago> I do wonder however if that (better output from ./find-work) is enough. But I am not sure of having a better plan for the moment
14:37:33 <buxy> https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/33 is somewhat related to find-work (it's about its replacement)
14:38:22 <santiago> utkarsh2102, thanks for taking care of rails!
14:38:35 <santiago> buxy, noted
14:39:21 <santiago> any volunteer to handle salt? :-)
14:40:09 <santiago> rouca, small correction, salt is in unstable, but not in bookworm and testing
14:40:14 <rouca> I can take a look next weeek
14:40:23 <santiago> rouca, awesome, thank you!
14:40:56 <petn-randall> I'd rather not take difficult packages for a change. :)
14:41:18 <santiago> #action Beuc (et al) to improve ./find-work. (please take a look at https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/33 )
14:41:30 <utkarsh2102> I have some leads on salt, I'll send a mail on private list about that shortly
14:41:39 <utkarsh2102> (not today though)
14:41:44 <santiago> #action utkarsh2102 to take care of rails
14:42:13 <santiago> #action rouca will handle salt next week
14:42:22 <santiago> #action santiago will resume docker.io work next week
14:42:29 <santiago> anything else?
14:43:12 <santiago> so let's move forward
14:43:27 <santiago> #topic imagemagick: Handle it with a partial upload?
14:44:00 <santiago> Actually this topic should be: "upload partial DLAs for particular packages"
14:44:01 <rouca> go ahead with partial upload
14:44:14 <rouca> i am still waiting for cve number from redhat
14:44:18 <rouca> about rmagick
14:44:19 <santiago> rouca, yeah, but we need to agree with it :-)
14:44:54 <santiago> just in case, there is no need to wait for a CVE id to upload
14:45:01 <utkarsh2102> right!
14:45:03 <pochu> indeed
14:45:12 <petn-randall> What is the context here?
14:45:28 <pochu> yeah I'm not sure I understand the question
14:45:49 <utkarsh2102> we do partial uploads if there's a specific case. it's not very ideal but it's not bad, too. I am assuming "partial case" is where you have a bunch of CVEs and you'd like to fix in two (or more) batches?
14:45:53 <santiago> I added this topic to the agenda since Roberto mentioned that anywhere during the year, imagemagick seems to have more than a dozen open CVEs
14:46:08 <utkarsh2102> s/partial case/partial upload/
14:46:14 <santiago> utkarsh2102, exactly
14:46:39 <santiago> it is difficult to wait to solve all the open CVEs
14:47:12 <santiago> and it is more difficult too to handle possible regressions
14:47:17 <utkarsh2102> right on
14:47:18 <petn-randall> Like, what's the context here? I'd read "partial upload" as an incomplete file upload. Are we only fixing some of the CVEs? Is it an incomplete fix?
14:47:34 <utkarsh2102> petn-randall: what i mentioned above^^
14:47:38 <santiago> petn-randall, sorry if its not clear enough
14:48:02 <rouca> for imagemagick it means do CVE by batch
14:48:04 <utkarsh2102> santiago: in that case, we're okay in doing the upload in two (or more, but try to keep it to two) batches
14:48:11 <santiago> I mean uploads that solve part of all the open CVEs
14:48:28 <petn-randall> Ah, so we're just fixing some of the open CVEs with the upload, with some remaining open. Yeah, I'd do that. That's what I did with samba, too.
14:49:26 <petn-randall> Especially regarding potential uncaught regressions I'd do it in smaller batches, as it makes debugging easier.
14:49:27 <santiago> OK. maybe I am wrong, but I remember the policy was to cover all the open CVEs
14:49:49 <utkarsh2102> it wasn't really a policy
14:49:51 <santiago> so do we need to document this maybe?
14:49:57 <utkarsh2102> if it were, then we had this as an exception
14:50:10 <utkarsh2102> that it's okay to do it in batches where things don't fit in in a single upload
14:50:24 <utkarsh2102> +1 on having this documented
14:50:38 <santiago> utkarsh2102, are you volunteering for that? :-)
14:51:09 <utkarsh2102> I have some things on my plate but if no one does it by next week or so, I'll do that
14:51:28 <santiago> ok, thank you!
14:52:09 <santiago> #action utkarsh2102 or santiago to document how to handle uploads that fix CVEs by batches
14:52:27 <santiago> more comments or questions?
14:53:13 <santiago> ok. so it seems we are done
14:53:33 <utkarsh2102> JIT
14:53:38 <utkarsh2102> (just in time) :)
14:53:43 <buxy> Thank you Santiago!
14:53:56 <lamby> thanks. :)
14:53:57 <santiago> thank you everyone!
14:54:00 <utkarsh2102> thank you, santiago \o
14:54:08 <pochu> thanks! o/
14:54:12 <ta> thanks
14:54:24 <petn-randall> thanks! o/
14:54:30 <Beuc> thx!
14:54:51 <santiago> Next meeting: October 26th 14:00UTC
14:55:14 <santiago> #info Next meeting: October 26th 14:00UTC on Jitsi
14:55:30 <santiago> see you, and have a good afternoon/evening
14:55:37 <santiago> #endmeeting