18:58:48 <stappers> #startmeeting
18:58:48 <MeetBot> Meeting started Wed Sep 30 18:58:48 2020 UTC.  The chair is stappers. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:58:48 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:59:25 <stappers> #topic  Welcome
18:59:40 <capitol> thanks
19:01:17 <stappers> https://salsa.debian.org/rust-team/debcargo-conf/-/wikis/IRC-Meeting-Agenda  has currently these 3 items
19:01:25 <stappers> * Mailinglist
19:01:34 <stappers> * Next meeting date
19:01:41 <stappers> * your topic
19:03:34 <capitol> maybe this irc room, seems people have trouble connecting?
19:03:35 <stappers> Actucaly  your topicssss    (plural)
19:06:13 <stappers> Yes, at least 1 person did it on the Alioth mailinglist.    FWIW: this  IRC-room has currently 42 nicks.
19:06:30 <stappers> Yes, at least 1 person did report it on the Alioth mailinglist.    FWIW: this  IRC-room has currently 42 nicks.
19:07:46 <capitol> it also seems like it's just we two here, and I don't really have that more to say :)
19:08:44 <stappers> #action stappers contacts the person on the mailinglist about getting into this IRC Room
19:09:35 <capitol> if it's a systematic error that people who uses matrix have, then maybe we should remove the registrered nicks only rule
19:09:36 <hntourne> capitol I am there too, but mostly passive reader thus far as I am barely a debcargo user, probably not part of the solution that was discussed before
19:09:51 <capitol> hntourne: :)
19:10:03 <hntourne> (ie: referring to feature colapsing and so on)
19:10:23 <stappers> #idea  remove the registered nicks only rule
19:12:02 <capitol> in other news I can report that I wrote a small program to detect what security problems that had been reported to rust-sec that wasn't tracked in debian: https://github.com/alexanderkjall/deb-rust-sec
19:12:16 <capitol> and I reported in those as bugs in debian
19:14:47 * stappers can't grasp the 'and I reported in those as bugs in debian',  probably due a typo
19:16:16 <capitol> i meant that i opened bugs in debian for those rust-sec advisories that didn't have a CVE number (and was therefore missed by debian security process)
19:16:52 <stappers> Nice.
19:17:11 <capitol> the debian-security process is very much centered around CVE numbers, and not all rust advisories have them
19:17:42 <stappers> Are the people of DSA,  Debian Security Advisory,  aware of deb-rust-sec?
19:17:50 <capitol> next step would be to submit patches for the libraries, so that the security problems gets fixed
19:18:22 <capitol> they are now I think, I talked to them in their irc channel
19:18:31 <stappers> capitol++
19:19:07 * stappers is about to switch topic
19:19:08 <capitol> and I talked to the rust people and explained that their stuff gets missed if they don't apply for CVE numbers, and they would look at that
19:19:33 <stappers> capitol^2
19:19:47 <stappers> 
19:19:57 <stappers> #topic mailinglist
19:20:15 <nikos> I guess another thing to look into would be a tool to rebuild the dependency tree for security vulnerabilities
19:20:31 <nikos> If we don't already have that
19:20:41 <stappers> #idea tool to rebuild the dependency tree for security vulnerabilities
19:21:44 <stappers> #action non_taker_yet  Find out if 'tool to rebuild the dependency tree for security vulnerabilities' exist
19:21:54 <stappers> 
19:22:45 <capitol> I don't have anything to report regarding the mailing list
19:23:05 <stappers> mailing admins are asking us for moderators of debian-rust@l.d.o.   or if we are OK that it will be an open mailinglist.
19:23:42 <nikos> Does a moderated list mean that all messages have to be approved?
19:23:54 <nikos> Or just that there's some team-managed moderation?
19:24:10 <stappers> AFAIK only the non-subscribers need to be approved.
19:25:56 <nikos> Since that list will be the point of contact for the rust team, I guess there will be a lot of non-subscriber traffic so I'd vote for an open list
19:26:06 <nikos> I haven't see that much spam in Debian MLs either way
19:26:38 <stappers> Proposal:   Have the ML started as an open ML to find out what signal/noise ratio will be.
19:26:48 <capitol> sounds good to me
19:27:29 * stappers waits for some further input /  votes
19:28:26 <hntourne> sounds good to me too, agreed that spam is reasonably low on other Debian ML
19:32:48 <stappers> #agreed Ask mailinglist-master to create  debian-rust@lists.d.o.  as an open mailinglist.
19:33:26 <stappers> #topic next meeting date
19:34:26 <capitol> I propose same time, last wednesday next month
19:34:36 <stappers> Proposal:  Have a regular meeting,  stick to
19:35:28 <stappers> Proposal:  Have a regular meeting,  stick to last wednesday of month for the rest of 2020  and have a poll in December.
19:35:28 <nikos> Agreed, I'd rather have a stable date I can plug as a repeating event in my calendar
19:36:04 <stappers> OK
19:36:16 <hntourne> Agreed too - sounds good
19:36:55 <stappers> #agreed  2020 last wednesday of month 19:00   IRC meeting
19:37:31 <stappers> #topic  your topics
19:38:43 <stappers> What may people expect that created merge requests?
19:39:40 <stappers> https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests
19:40:38 <capitol> hmm, we seem to lack skilled people who can review and give feedback on those
19:42:06 <stappers> ed_: are you ed neville from https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests/117  ?
19:42:15 <capitol> i'm not a DD, so i can't upload packages that people send in as MR's
19:43:28 <stappers> Approve / Merge   a MR  doesn't require  DD status,  have Salsa privilege for it is enough.
19:43:31 <hntourne> Same here - although the MR could get reviewed and merged pending future upload. silwol did so for me once before I got developper permission on debcargo-conf
19:44:38 <stappers> (Uploading  updated debian package does require DD or DM  status)
19:45:36 <hntourne> Right, capitol and myself are both DM but no uploading rights on those packages (at least as far as I am concerned)
19:47:09 <hntourne> One might also wonder if uploading in the current situation is a good idea or not? I am not sure but it seems that new crates / bin-NEW packages are mostly piling up in NEW ?
19:48:04 <stappers> My plan:  Close this meeting to become regular member (not being "chair")  and then merge  MR 117  as learning expriment.
19:48:05 <hntourne> I mean: should we have feature colapsing capabilities in debcargo first and "hold" till then or upload anyway ?
19:48:40 <capitol> the feature colapsing would be nice to have
19:49:34 <silwol> hi, chiming in here :-)
19:49:47 <nikos> What's the progress on that? Is there a WIP merge request? Or it hasn't been picked up yet?
19:49:47 <silwol> i managed to read along aside my other activities.
19:50:14 <stappers> OK that seems to answer me "what wil break if I merge?" question:  "re-entering NEW"
19:50:20 <stappers> hi silwol
19:50:26 <silwol> f_g wrote he would attempt to work on it, but I didn't see any information since then.
19:50:41 <silwol> I think he is - just like me - very busy.
19:51:23 <silwol> I'd like to throw the idea into space that we could ask for help in the public, maybe we can gather some resources that way.
19:51:47 <silwol> (e.g. some related mailing lists, reddit, mastodon…)
19:51:55 <stappers> We all are busy, we all agree on "some body should do it" and "those who do are the real heroes"   8^)
19:51:59 <nikos> How about filing an RFH for debcargo?
19:52:39 <nikos> I will take a look as I have some time, but haven't worked with debcargo internals at all so no guarantees
19:52:55 <silwol> I took a quick shot at it some weeks ago, but got stuck soon with autopkgtests in our debcargo.toml files.
19:53:36 <capitol> the problem space is very "debian-centric", it can be a bit hard to even understand why it's a problem if you don't know why debian works the way it works
19:54:57 <silwol> true.
19:55:16 <silwol> ok, gotta leave now, just wanted to drop this idea.
19:55:24 <silwol> cu all
19:55:37 <capitol> did we write a some document about the proposed solution?
19:56:01 <capitol> would be nice to read again
19:56:33 <hntourne> capitol : I think f_g wrote this https://salsa.debian.org/rust-team/debcargo-conf/-/issues/17
19:56:36 <stappers> #idea ask for help on debcargo
19:57:06 <stappers> #note debcargo problem is "debian-centric"
19:58:42 <stappers> #topic closing the meeting
19:59:04 <stappers> Thank you all for expressing that you do care
19:59:31 <hntourne> Thank you for facilitating this meeting @stappers
19:59:38 <stappers> :-)
19:59:51 <stappers> Yes, we have common interrests
20:00:11 <stappers> #endmeeting