20:07:00 <ansgar> #startmeeting 20:07:00 <MeetBot> Meeting started Fri Jul 13 20:07:00 2018 UTC. The chair is ansgar. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:07:00 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 20:07:25 <waldi> hey! 20:07:39 <ansgar> The bot is still here :) 20:08:12 <ansgar> The bot can take minutes too. So one question done. 20:08:48 <ansgar> #topic present 20:08:54 * ansgar is here. 20:08:59 * ta is here 20:09:03 <waldi> here 20:09:17 <ginggs> would someone please process nvidia-graphics-drivers/396.18-1 from NEW? it blocks #900300 20:09:34 <ansgar> I saw lfaraone somewhere else too ;) 20:09:41 <lfaraone> Hiya 20:10:17 <ansgar> #topic old action items 20:10:38 <ansgar> ftp-master now uses the YubiKey for signatures. 20:10:49 <ansgar> I still need to forward the PIN to other ftpmasters. 20:11:01 <waldi> yeah 20:11:08 <ta> great 20:11:22 <ansgar> Ancient keys are revoked, revocation pushed to keyservers. Want to add them to the webpage too, then delete the secret keys. 20:11:36 <Mithrandir> nice! 20:12:12 <ansgar> (The YK has done 44k+ signatures now, incluyding test use) 20:12:28 <waldi> let's hope it does not break on rollover 20:13:32 <ansgar> For the "move to ports" item: powerpc already moved and is no longer on ftp-master. So no need to write a mail for that any longer (just hurd, kfreebsd) 20:14:06 <ansgar> Also still open: DktrKranz to implement accept-with-bug; importing stuff into archive.d.o 20:14:19 <ansgar> I think that covers all items. 20:14:35 <waldi> yep 20:14:54 <ansgar> Can we go to secure boot next given lfaraone is here? :) 20:15:05 <waldi> please 20:15:08 <lfaraone> If it does break, do we have a spare we can fall back onto? From talking with colleagues, behaviour here is mildly undefined. 20:15:12 <ansgar> #topic secure boot 20:15:32 <ansgar> lfaraone: Yes, there are two YK4 in ftp-master for use by dak (and one more for codesigning). 20:15:59 <ansgar> So, Secure Boot misses the code-signing service to be set up. I'm not sure what the state is. lfaraone was working on it. 20:16:22 <lfaraone> The status is broadly: the service works, I need to configure it to run as not-me. 20:16:47 <Mithrandir> lfaraone: can people outside of -ftp help with that? 20:16:53 <lfaraone> I 20:17:14 <lfaraone> I'm planning on working on it this weekend. I suspect so? It's mostly going to be config management changes. 20:17:34 <lfaraone> I also (believe I) need to actually create the relevant certificate in the Yubikey and export it. (I'm not on a computer with access to fasolo) 20:18:29 <ansgar> There should already be a user (codesign? not quite sure) that has access to the right yubikey. 20:19:05 <ansgar> It would be nice if the service works so packages can upload the -signed-template packages and we just have to switch to the production key later. 20:19:34 <ansgar> #action lfaraone to setup the codesigning service 20:19:40 <Mithrandir> lfaraone: cool, if you know what there is to do and are planning on just doing it, don't block on help from me, but likewise, if you need something, just ping. (I'll be at a wedding tomorrow, though) 20:20:01 <Mithrandir> and if there is something I/others can do to help, shout. :-) 20:20:10 <lfaraone> Yep. Goal is to have it running as a service by Monday. (apologies, May/June was unexpectedly busy) 20:20:34 <adsb> please don't break the archive tomorrow ;) 20:21:23 <ansgar> Next topic? 20:21:34 <lfaraone> hm, do I have rights to `sudo -iu codesign`? 20:22:41 <ansgar> Hmm, no. We might need to ask DSA. 20:23:26 <Mithrandir> lfaraone: no, I'll fix that. 20:23:34 <lfaraone> thanks Mithrandir 20:24:46 <ansgar> #topic How much do we care about copyright holders in d/copyright 20:25:06 <ansgar> The person who put this on the agenda is not here, so I suggest to adjourn it? 20:25:18 <mfv> +1 20:25:19 <ta> yes 20:25:54 <ansgar> #info adjourned. 20:26:09 <ansgar> #topic CUPS license change (GPL -> Apache); OpenSSL 20:26:46 <ansgar> That one might be easier to discuss at Debconf which isn't so far away. If enough people are there? 20:27:39 <ta> yes, though I won't be there 20:28:48 <ansgar> #info discuss at debconf before moving forward 20:29:02 <ansgar> #topic Influx of node-related packages (waldi) 20:29:35 <ansgar> I think a large bunch of node packages are the oldest currently in the queue? 20:29:46 <waldi> yeah 20:29:48 <ta> yep 20:29:52 <waldi> noone really wants to handle all the tiny, tiny node packages 20:30:08 <ansgar> I'm a bit split about it: tiny packages are not nice, but "bundle" packages are not nice either :/ 20:31:19 <ta> what about embedding those tiny things in packages that use them? 20:32:32 <mfv> what if a tiny thing could be used by another package someday? 20:32:49 <ansgar> It's (possible) code duplication, but it might work better than gazillions of packages. If multiple packages need one node module, it should probably get its own package? 20:32:51 <ta> than this tiny thing is twice in the archive 20:32:52 <mfv> but it's bundle 20:33:10 <mfv> oh ok. 20:33:31 <ansgar> And if you include dependencies in a package, they should be in a package-specific directory I guess? 20:33:38 <waldi> ansgar: stuff like babel, which contains hundred tightly coupled node packages, just don 20:33:46 <waldi> 't need debian package for each of them 20:34:37 <ta> yes 20:34:56 <mfv> it makes sense. 20:35:04 <ansgar> How stable is the node ecosystem? Do all these modules have incompatible changes often? 20:35:04 <waldi> okay. so what do we want to do with the current things in NEW? 20:35:20 <waldi> REJECT them and ask the node people to come up with a plan? 20:35:33 <ta> ansgar: I think so 20:35:36 <mfv> +1 for me 20:36:00 <ta> waldi: maybe the other way round 20:36:03 <waldi> ansgar: well, a single line module can hardly break it's interface 20:36:19 <ansgar> Ask which packages would still be needed if dependencies of applications are bundled, if they are okay with the idea (of bundling), and then reject the others? 20:36:26 <ta> waldi: if it is a function that gets a new parameter? 20:37:26 <ta> ansgar: +1 20:37:49 <waldi> ansgar: do you really think they still have any overview on the packages? this was a mass-package project without too much thinking 20:38:02 <ansgar> (Bundling is probably the only possible way to package, for example, gitlab as everything will need updates in stable...) 20:38:36 <ansgar> waldi: I think it would be friendlier if we contact them before rejecting everything. 20:38:44 <waldi> ansgar: sure 20:40:11 <ansgar> #agreed node applications might need to bundle dependnecies; likely not managable with lots of very tiny packages 20:41:05 <mfv> my fear of bundling could be that there would be mixed versions (up-to-date and outdated) of libs without control... but probably this could be worked out somehow. 20:41:12 <ansgar> Anyone colunteering to communicate with the packagers? 20:42:05 <ta> mfv: node packages often depend on specific versions, so they need old ones 20:42:25 * ta can write a node email 20:42:41 <ansgar> #action ta to contact node maintainers 20:43:05 <ansgar> #topic Rename (public) suites on security-master (old question from ansgar) 20:43:20 <ansgar> Okay, this one is probably too late for buster :/ 20:43:47 <ansgar> The idea is to have `buster-security` instead of `buster/updates`. 20:43:54 <waldi> it is not possible to make them compatible? 20:44:45 <ta> it is always that way, so one more release should not matter 20:44:52 <ansgar> We have two names (codename, suite) and both are used for buster/updates, testing/updates. 20:45:02 <ansgar> (Well, without the /updates internally...) 20:45:33 <ansgar> There is not nice hacking to append that /updates to the suite names and component names (it's main/updates, not main) 20:45:45 <ansgar> Or updates/main. 20:46:15 * mfv has drained phone battery... gotta leave \o 20:46:23 <ansgar> I'm not quite sure how to best migrate away from that as it needs to still work for the older suites. 20:46:38 <ansgar> Probably more ugly hacking (which can then in 5+ years be dropped...) 20:47:15 <ansgar> We should try to get this done for bookworm at least. 20:47:30 <ta> ok, that is a plan 20:48:06 <waldi> okay 20:48:08 <ansgar> #agreed have bookworm-security instead of bookworm/updates 20:48:29 <ansgar> #topic Rename (database) suites on ftp-master (old question from ansgar) 20:49:18 <ta> what does that mean? 20:49:19 <ansgar> This is mostly to use codenames as the primary method to refer to suites. 20:49:35 <ta> ah, ok 20:49:51 <ansgar> So use stretch instead of stable in most places. But I'm not sure what currently would be useful to do here. 20:50:13 <waldi> it's already done for the secondary dists, stretch-backports 20:50:22 <ansgar> I think the topic was just taken from a very old meeting agenda. So nothing to really do here for now? 20:50:34 <ansgar> Well, stretch-backports has only stretch-backports I think? 20:51:08 <ansgar> There is no stable-backports (well, a symlink, but it's not in the Release file; though maybe in the database) 20:52:01 <ansgar> #info Nothing specific to do right now. 20:52:12 <ansgar> #topic Next meeting 20:52:51 <ansgar> Next meeting according to the plan is Friday 2018-08-10, 20:00 UTC. 20:52:58 <waldi> yes 20:52:58 <ta> yep 20:52:59 <ansgar> #topic any other business 20:53:02 <ansgar> Anything else? 20:53:11 <ta> not from my side 20:53:24 <waldi> nope 20:54:09 <ansgar> Great. Then we are done for today :) 20:54:13 <ansgar> #endmeeting