14:58:18 <h01ger> #startmeeting 14:58:18 <MeetBot> Meeting started Thu Jan 28 14:58:18 2021 UTC. The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:58:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:58:24 <h01ger> hello :) 14:58:28 <apo> hello 14:58:33 * utkarsh2102 waves 14:58:37 <h01ger> the agenda is at https://pad.riseup.net/p/lts-meeting-agenda 14:58:47 <h01ger> #topic greetings 14:58:56 <h01ger> happy new year! :-) 14:59:10 <lamby> :) 14:59:15 <h01ger> as usual, please indicate your presence and review/append the agenda 14:59:22 * buxy is here 14:59:26 * lamby is Chris Lamb 14:59:29 * utkarsh2102 waves o/ 14:59:31 <apo> ahoi 14:59:41 <Beuc> hi 15:00:01 <bunk> hi 15:00:11 * h01ger will wait 2-3 more minutes before starting 15:01:35 <h01ger> seems you have nothing else for the agenda(?) 15:02:09 <utkarsh2102> we can probably start, if somebody has anything, they can add as we go! 15:02:44 <h01ger> right, lets got 15:02:47 <h01ger> #topic 2. unbound 15:03:14 <h01ger> i think this has mostly been discussed on the mailinglist? (and brought it here just in case, happy to move on quickly) 15:03:19 <h01ger> Beuc: buxy: ^ 15:03:57 <buxy> Looks like beuc doesn't feel confident trying to push forward the idea of resurrecting support while switching to 1.9.x 15:04:48 <buxy> So we need to find someone else to step up or you need to collectively tell me that I'm wrong and that we should not accept the sponsor's request. 15:05:28 <h01ger> <b2fe7e91-f912-60f9-fedf-2814da5b85e5@beuc.net> in Beuc wrote "best if someone else takes over" 15:05:58 <buxy> But given unbound is basic infrastructure, I believe that we should aim to support it, but maybe it needs some discussion at the upstream level too. 15:06:11 <Beuc> (my mail from ~1h ago at deblts-team@freexian.com) 15:06:27 <h01ger> Beuc's evalution was rather pessimistic (the msg id i just put here) 15:06:38 <h01ger> https://lists.debian.org/b2fe7e91-f912-60f9-fedf-2814da5b85e5@beuc.net 15:07:37 <buxy> h01ger: hum, that message is not on the public list 15:08:00 <h01ger> sigh, right. too many lts lists 15:08:07 <h01ger> "too many" 15:08:32 <h01ger> buxy: i tend to trust Beuc's assessment, meaning if noone else steps up (to reevaluate first and then do the work, maybe), i think this already means "we should not accept the sponsor's request" 15:08:52 <h01ger> (tend to trust=it looks good/correct/etc ;) 15:09:20 <apo> why can't we just backport the buster version and let the sponsor test it? 15:10:29 <buxy> apo: that was my initial suggestion, but apparently the buster has some stability issues, that are unfixed and clerly the maintainer has no time to deal with it properly 15:10:55 <buxy> I suggested to try to bump buster to the latest upstream release in 1.9.x and I suggested Beuc to start with this step 15:12:15 <apo> what kind of stability issues? I use unbound myself and it works well. There is only one unfixed issue in Buster but the other two open stretch CVE are fixed there, so I would just find out if the sponsor can work with this version and then we can try to upgrade the package or try to find a targeted fix for the remaining issue 15:12:49 <buxy> see the discussion on the public list: https://lists.debian.org/debian-lts/2021/01/msg00012.html 15:13:01 <h01ger> apo: do you want to look into this and see whether you come to a different conclusion as Beuc ? 15:13:28 <buxy> +1, that would be great, yes 15:13:52 <apo> ok, I have a look and report back tomorrow 15:13:58 <h01ger> \o/ 15:14:12 <h01ger> apo: also check the thread on the internal lts list.. 15:14:19 <apo> will do 15:14:38 <h01ger> #action apo will look into supporting unbound, Beuc's thread and report back on the list 15:14:44 <h01ger> apo: yay & thank you! 15:14:54 <h01ger> #topic 3. PTS nodsa handling 15:15:04 <h01ger> https://salsa.debian.org/freexian-team/project-funding/-/issues/4 15:15:11 <h01ger> is the issue for this topic 15:15:18 <buxy> apo: I assigned you https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/18 15:15:26 <apo> just got the email, thanks 15:15:41 * h01ger is sorry to be bit too quick here 15:16:23 * h01ger also has nothing much to add to PTS nodsa handling besides that i really like to see the proposed change itself as well as this process seems to be working (funding more work) 15:17:45 <buxy> It's a nice first try, but it's not representative. 15:17:52 * h01ger nods 15:18:16 <buxy> I mean I'm involved with my freexian hat and my distro-tracker hat. Sebastien is involved as member of the security team but he works for freexian part time too. 15:18:19 <h01ger> btw, for those who havent looked at it yet, https://salsa.debian.org/freexian-team/project-funding/-/issues/4 also has screenshots of the proposed change 15:19:03 <h01ger> buxy: but Carles wasnt involved before or did i just not notice? 15:19:28 <buxy> h01ger: he was not, that's true, I guess he read it on planet debian, which is nice 15:19:44 <h01ger> then i think its pretty great 15:20:01 <h01ger> next topic? 15:20:35 <buxy> sure, I have nothing to add on this one 15:21:00 <h01ger> #topic 4. Why did no LTS contributor submit a project to be funded? 15:21:15 <h01ger> buxy: i guess you added this? 15:22:15 <buxy> Yes. When we decided this, it was also motivated by the fact that some things that we wanted to do in the LTS scope were too big for the 20% of your time that you can spend on other things than security updated 15:22:49 <buxy> so I was expecting you to submit project but so far nobody did 15:23:16 <buxy> Emilio said me once he might submit something related to the security tracker but that's about it and it did not happen yet. 15:23:42 <h01ger> well, its only been two months, or? and most of us are already quite busy... 15:24:41 <utkarsh2102> I have a follow-up question here but that's somewhat a different topic, so I'll put this into the "AOB" section. 15:24:41 <buxy> it depends on when you start counting, we communicated only recently, it's true but I have no sign of any activity, not even sign of interest 15:25:33 <h01ger> utkarsh2102: please /msg me the question, maybe it fits better here than at AOB? 15:26:45 <utkarsh2102> h01ger: I asked the same thing last meeting in November but couldn't write to the list. now that buxy is here, it'd be good to ask it here again, I believe. Last time he wasn't. 15:26:53 * h01ger is not surprised about this slow start. this is something completly new, there was no example yet, plus maybe also xmas etc 15:27:10 <utkarsh2102> h01ger: you have the question. 15:27:34 <h01ger> i'd repeat the question from topic in 3-4 months and try to spread the word further until then. having these in the monthly report on top is a good thing 15:28:07 <utkarsh2102> okay, asking now as h01ger says :) 15:28:24 <utkarsh2102> buxy: last meeting (in November) I asked: 15:28:25 <utkarsh2102> 15:36:38 <utkarsh2102> hey, should we kind of have a limit on where to stop saving the hours/money for funding projects? 15:28:36 <buxy> Please help spread the project too. I have been mentioning it from time to time when I have seen deadlocks where money could help. 15:28:51 <h01ger> buxy: good point 15:29:01 <utkarsh2102> for eg: we've saved a bunch of hours atm, should we now stop at some limit and use those hours for regular work? 15:29:24 <utkarsh2102> and when we have a project proposal, we'll add hours to the pool again. 15:29:46 <utkarsh2102> let's say, we keep a limit of 50 or 75 hours and then if it exceeds, we dispatch that for regular LTS work. 15:29:47 <h01ger> #info https://salsa.debian.org/freexian-team/project-funding has different small projects which wil improve LTS and which could mean paid work for $you. please apply! 15:30:14 <buxy> utkarsh2102: My interest is to build Freexian to help it fund more general Debian work so I don't see any reason to stop. If this current process doesn't work 15:30:50 <buxy> I will find some other way to spend it in useful ways (for example hiring someone and telling him what to work on) 15:30:51 * h01ger thinks utkarsh2102 meant if too much has been piled up. i can see how we want to avoid this and the best way to do so, is to spend it :) 15:30:58 <utkarsh2102> buxy: I am totally on board with that, but instead of just piling those hours up, it's better to use them for now, don't you think? 15:31:17 <utkarsh2102> h01ger: exactly! 15:31:17 <h01ger> utkarsh2102: but only one person has claimed interest so far 15:31:58 <buxy> Not really. Some projets cost way more than what we have on the side. 15:32:11 * h01ger is sure buxy will not 500h pile up and thinks we should indeed concentrate on spending it, by "taking" it 15:32:34 <utkarsh2102> well, sure then. If you have plans, then that's perfect. 15:32:44 <utkarsh2102> I was just afraid about the number of hours piling up. 15:33:15 <buxy> Someone suggested me to fund "PPA for Debian" and mentionned some 20+ KEUR figure needed... 15:33:39 <h01ger> thats a fancy castle for PPAs 15:33:42 <utkarsh2102> oh wow! 15:33:47 <utkarsh2102> for real :P 15:33:54 <h01ger> i agree PPAs would be super useful for many things 15:34:03 <lamby> :) 15:35:04 <buxy> I agree too but I'm just not convinced by the bikeshed proposed implementation. 15:35:05 <h01ger> so, please properly propose a PPA project ;) 15:36:12 * h01ger thinks this topic has come to an end for the moment. i've also just removed the 'sudo post mortem' topic (because relevant people are not here) and so we only have two topics left: next meeting and AOB. 15:36:26 <h01ger> (so we could discuss here a bit longer too) 15:36:36 <h01ger> or move on and finish a bit early 15:37:45 <h01ger> well then 15:37:55 <h01ger> #topic 5. next meetings 15:38:21 <h01ger> last thursday of the month, 15 UTC is the date, so this is mostly about the format 15:38:57 <h01ger> i'd propose: february 25th 2021, 15 utc, video meeting and march 25th 2021, 15 utc for the next irc meeting 15:39:02 <utkarsh2102> I guess this time we were going to give apo's server a shot, no? apo, is that still on? 15:39:11 <apo> sure 15:39:21 <utkarsh2102> awesome! 15:39:28 <h01ger> that's what techology? 15:39:39 <apo> I have tested it with some friends on new year, works great 15:39:42 <buxy> We could also try jitsi again, I was the one with issues, and I believe I have fixed my (hardware) issue... 15:39:43 <apo> nextcloud talk 15:40:31 <apo> I have a cloud server, so I just increase cpu, ram, etc. when we have our meeting, it should be fine for up to 10 people 15:40:45 * h01ger suggests apo's nextcloud for the next one and then maybe jitsi again, or apo if that worked flawlessly 15:40:58 <buxy> ok 15:41:04 <Beuc> I didn't try that one yet, one more solution to discover :) 15:41:13 <h01ger> #info next meetings: february 25th 2021, 15 utc, video meeting and march 25th 2021, 15 utc for the next irc meeting 15:41:27 <lamby> With all these geeks stuck at home, you would think that we'd have solved video chat by now, indeed. :) 15:41:38 <h01ger> #action apo will send instructions per mail how to join that meeting 15:41:39 <apo> :) 15:41:40 <utkarsh2102> haha 15:42:10 <h01ger> #topic 6. any other business 15:42:26 <lamby> Just to confirm, March 25th is a Sunday? 15:42:42 <utkarsh2102> lamby: February 25th -> meeting day 15:43:03 <h01ger> lamby: no, feb 25 and mar 25 are both thursdays. in 2021 15:43:27 <lamby> Oh I scrolled into May by accident; thanks 15:43:46 <h01ger> any other business? ;) 15:43:59 <lamby> Yes. I'm curious re. "sudo post mortem" -- there's something to discuss there beyond that sudo *had* a severe security problem. Happy to read a link / bug number 15:44:56 <h01ger> buxy was unhappy that the elts sudo update was 15h (?) later than the lts one and wants to improve things. 15:45:11 <h01ger> (15 = my estimate) 15:45:22 <lamby> nod, cheers 15:45:48 <utkarsh2102> a quick thing from my end 15:45:51 <utkarsh2102> kind of a news 15:45:54 <buxy> It's just that I find that we did not coordinate well here for ELTS. Thorsten and Ben were aware earlier of the sudo update and it was not released immediately like the others. Also something urgent like this should not be locked to someone while the person went to sleep when we have other contributors working. 15:45:55 <h01ger> it was an embargo'ed issue and some of us were in the loop. but as noone is here now, its pointless to discuss now 15:46:11 <utkarsh2102> on Dec 8, I rolled out a python-certbot update 15:46:20 <utkarsh2102> and then the maintainer told me and I quote 15:46:38 <utkarsh2102> "I just checked with Let's Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn't know LTS was still that used!" 15:46:40 <lamby> ^ thanks; the reference made me curious 15:46:55 <utkarsh2102> so just a good thing that LTS is being very widely used! \o/ 15:47:03 <h01ger> utkarsh2102: hehe, very very nice! 15:47:04 <lamby> nice 15:47:13 * h01ger takes a note for the next monthly report 15:48:23 <utkarsh2102> on that note, I have another thing to quote from 4 days ago 15:48:32 <h01ger> utkarsh2102: go go go! :) 15:48:55 <utkarsh2102> "I and my mother (450 km away) run Debian and I like the fact I don't have to upgrade all the time! :) Thank you for Developing Debian" and taking care of LTS. 15:49:12 <utkarsh2102> I got this mail from Mikko, some person who missed the LTS survey and results. 15:49:23 <h01ger> #info on Dec 8 2020, utkarsh2102 rolled out a python-certbot update and then the maintainer told him: "I just checked with Let's Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn't know LTS was still that used!" 15:49:35 <utkarsh2102> he was very thankful for everyone's work! so a thank you to all! :) 15:50:27 <h01ger> \o/ 15:51:08 <h01ger> any other business? :) 15:51:18 <buxy> NiceĀ :) Thank you for your time! 15:52:29 <h01ger> alright, let's wrap this up early! 15:52:41 <utkarsh2102> 5 minutes early. heh? 15:52:47 <h01ger> thanks everybody for joining today (or reading backlog later!) 15:52:49 <lamby> Thanks all 15:52:55 <utkarsh2102> \o/ 15:53:01 <apo> have a nice day 15:53:11 <Beuc> bye 15:53:42 <h01ger> o/ 15:53:49 <h01ger> #endmeeting