20:07:00 <ansgar> #startmeeting
20:07:00 <MeetBot> Meeting started Fri Jul 13 20:07:00 2018 UTC.  The chair is ansgar. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:07:00 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:07:25 <waldi> hey!
20:07:39 <ansgar> The bot is still here :)
20:08:12 <ansgar> The bot can take minutes too. So one question done.
20:08:48 <ansgar> #topic present
20:08:54 * ansgar is here.
20:08:59 * ta is here
20:09:03 <waldi> here
20:09:17 <ginggs> would someone please process nvidia-graphics-drivers/396.18-1 from NEW? it blocks #900300
20:09:34 <ansgar> I saw lfaraone somewhere else too ;)
20:09:41 <lfaraone> Hiya
20:10:17 <ansgar> #topic old action items
20:10:38 <ansgar> ftp-master now uses the YubiKey for signatures.
20:10:49 <ansgar> I still need to forward the PIN to other ftpmasters.
20:11:01 <waldi> yeah
20:11:08 <ta> great
20:11:22 <ansgar> Ancient keys are revoked, revocation pushed to keyservers. Want to add them to the webpage too, then delete the secret keys.
20:11:36 <Mithrandir> nice!
20:12:12 <ansgar> (The YK has done 44k+ signatures now, incluyding test use)
20:12:28 <waldi> let's hope it does not break on rollover
20:13:32 <ansgar> For the "move to ports" item: powerpc already moved and is no longer on ftp-master. So no need to write a mail for that any longer (just hurd, kfreebsd)
20:14:06 <ansgar> Also still open: DktrKranz to implement accept-with-bug; importing stuff into archive.d.o
20:14:19 <ansgar> I think that covers all items.
20:14:35 <waldi> yep
20:14:54 <ansgar> Can we go to secure boot next given lfaraone is here? :)
20:15:05 <waldi> please
20:15:08 <lfaraone> If it does break, do we have a spare we can fall back onto? From talking with colleagues, behaviour here is mildly undefined.
20:15:12 <ansgar> #topic secure boot
20:15:32 <ansgar> lfaraone: Yes, there are two YK4 in ftp-master for use by dak (and one more for codesigning).
20:15:59 <ansgar> So, Secure Boot misses the code-signing service to be set up. I'm not sure what the state is. lfaraone was working on it.
20:16:22 <lfaraone> The status is broadly: the service works, I need to configure it to run as not-me.
20:16:47 <Mithrandir> lfaraone: can people outside of -ftp help with that?
20:16:53 <lfaraone> I
20:17:14 <lfaraone> I'm planning on working on it this weekend. I suspect so? It's mostly going to be config management changes.
20:17:34 <lfaraone> I also (believe I) need to actually create the relevant certificate in the Yubikey and export it. (I'm not on a computer with access to fasolo)
20:18:29 <ansgar> There should already be a user (codesign? not quite sure) that has access to the right yubikey.
20:19:05 <ansgar> It would be nice if the service works so packages can upload the -signed-template packages and we just have to switch to the production key later.
20:19:34 <ansgar> #action lfaraone to setup the codesigning service
20:19:40 <Mithrandir> lfaraone: cool, if you know what there is to do and are planning on just doing it, don't block on help from me, but likewise, if you need something, just ping. (I'll be at a wedding tomorrow, though)
20:20:01 <Mithrandir> and if there is something I/others can do to help, shout. :-)
20:20:10 <lfaraone> Yep. Goal is to have it running as a service by Monday. (apologies, May/June was unexpectedly busy)
20:20:34 <adsb> please don't break the archive tomorrow ;)
20:21:23 <ansgar> Next topic?
20:21:34 <lfaraone> hm, do I have rights to `sudo -iu codesign`?
20:22:41 <ansgar> Hmm, no. We might need to ask DSA.
20:23:26 <Mithrandir> lfaraone: no, I'll fix that.
20:23:34 <lfaraone> thanks Mithrandir
20:24:46 <ansgar> #topic How much do we care about copyright holders in d/copyright
20:25:06 <ansgar> The person who put this on the agenda is not here, so I suggest to adjourn it?
20:25:18 <mfv> +1
20:25:19 <ta> yes
20:25:54 <ansgar> #info adjourned.
20:26:09 <ansgar> #topic CUPS license change (GPL -> Apache); OpenSSL
20:26:46 <ansgar> That one might be easier to discuss at Debconf which isn't so far away.  If enough people are there?
20:27:39 <ta> yes, though I won't be there
20:28:48 <ansgar> #info discuss at debconf before moving forward
20:29:02 <ansgar> #topic Influx of node-related packages (waldi)
20:29:35 <ansgar> I think a large bunch of node packages are the oldest currently in the queue?
20:29:46 <waldi> yeah
20:29:48 <ta> yep
20:29:52 <waldi> noone really wants to handle all the tiny, tiny node packages
20:30:08 <ansgar> I'm a bit split about it: tiny packages are not nice, but "bundle" packages are not nice either :/
20:31:19 <ta> what about embedding those tiny things in packages that use them?
20:32:32 <mfv> what if a tiny thing could be used by another package someday?
20:32:49 <ansgar> It's (possible) code duplication, but it might work better than gazillions of packages.  If multiple packages need one node module, it should probably get its own package?
20:32:51 <ta> than this tiny thing is twice in the archive
20:32:52 <mfv> but it's bundle
20:33:10 <mfv> oh ok.
20:33:31 <ansgar> And if you include dependencies in a package, they should be in a package-specific directory I guess?
20:33:38 <waldi> ansgar: stuff like babel, which contains hundred tightly coupled node packages, just don
20:33:46 <waldi> 't need debian package for each of them
20:34:37 <ta> yes
20:34:56 <mfv> it makes sense.
20:35:04 <ansgar> How stable is the node ecosystem?  Do all these modules have incompatible changes often?
20:35:04 <waldi> okay. so what do we want to do with the current things in NEW?
20:35:20 <waldi> REJECT them and ask the node people to come up with a plan?
20:35:33 <ta> ansgar: I think so
20:35:36 <mfv> +1 for me
20:36:00 <ta> waldi: maybe the other way round
20:36:03 <waldi> ansgar: well, a single line module can hardly break it's interface
20:36:19 <ansgar> Ask which packages would still be needed if dependencies of applications are bundled, if they are okay with the idea (of bundling), and then reject the others?
20:36:26 <ta> waldi: if it is a function that gets a new parameter?
20:37:26 <ta> ansgar: +1
20:37:49 <waldi> ansgar: do you really think they still have any overview on the packages? this was a mass-package project without too much thinking
20:38:02 <ansgar> (Bundling is probably the only possible way to package, for example, gitlab as everything will need updates in stable...)
20:38:36 <ansgar> waldi: I think it would be friendlier if we contact them before rejecting everything.
20:38:44 <waldi> ansgar: sure
20:40:11 <ansgar> #agreed node applications might need to bundle dependnecies; likely not managable with lots of very tiny packages
20:41:05 <mfv> my fear of bundling could be that there would be mixed versions (up-to-date and outdated) of libs without control... but probably this could be worked out somehow.
20:41:12 <ansgar> Anyone colunteering to communicate with the packagers?
20:42:05 <ta> mfv: node packages often depend on specific versions, so they need old ones
20:42:25 * ta can write a node email
20:42:41 <ansgar> #action ta to contact node maintainers
20:43:05 <ansgar> #topic Rename (public) suites on security-master (old question from ansgar)
20:43:20 <ansgar> Okay, this one is probably too late for buster :/
20:43:47 <ansgar> The idea is to have `buster-security` instead of `buster/updates`.
20:43:54 <waldi> it is not possible to make them compatible?
20:44:45 <ta> it is always that way, so one more release should not matter
20:44:52 <ansgar> We have two names (codename, suite) and both are used for buster/updates, testing/updates.
20:45:02 <ansgar> (Well, without the /updates internally...)
20:45:33 <ansgar> There is not nice hacking to append that /updates to the suite names and component names (it's main/updates, not main)
20:45:45 <ansgar> Or updates/main.
20:46:15 * mfv has drained phone battery... gotta leave \o
20:46:23 <ansgar> I'm not quite sure how to best migrate away from that as it needs to still work for the older suites.
20:46:38 <ansgar> Probably more ugly hacking (which can then in 5+ years be dropped...)
20:47:15 <ansgar> We should try to get this done for bookworm at least.
20:47:30 <ta> ok, that is a plan
20:48:06 <waldi> okay
20:48:08 <ansgar> #agreed have bookworm-security instead of bookworm/updates
20:48:29 <ansgar> #topic Rename (database) suites on ftp-master (old question from ansgar)
20:49:18 <ta> what does that mean?
20:49:19 <ansgar> This is mostly to use codenames as the primary method to refer to suites.
20:49:35 <ta> ah, ok
20:49:51 <ansgar> So use stretch instead of stable in most places.  But I'm not sure what currently would be useful to do here.
20:50:13 <waldi> it's already done for the secondary dists, stretch-backports
20:50:22 <ansgar> I think the topic was just taken from a very old meeting agenda.  So nothing to really do here for now?
20:50:34 <ansgar> Well, stretch-backports has only stretch-backports I think?
20:51:08 <ansgar> There is no stable-backports (well, a symlink, but it's not in the Release file; though maybe in the database)
20:52:01 <ansgar> #info Nothing specific to do right now.
20:52:12 <ansgar> #topic Next meeting
20:52:51 <ansgar> Next meeting according to the plan is Friday 2018-08-10, 20:00 UTC.
20:52:58 <waldi> yes
20:52:58 <ta> yep
20:52:59 <ansgar> #topic any other business
20:53:02 <ansgar> Anything else?
20:53:11 <ta> not from my side
20:53:24 <waldi> nope
20:54:09 <ansgar> Great. Then we are done for today :)
20:54:13 <ansgar> #endmeeting