Log: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.log.html Minutes (text): http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.txt Minutes: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.html Minutes: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.html Adding your name to an agenda point saves time by showing who knows something about the topic! LTS meeting agenda 2023-10-26 14:00 UTC [Location: Jitsi: https://jitsi.debian.social/LTS-monthly-meeting] 2023-09-28 14:00 UTC [Location: #debian-lts on IRC] * Reminder: LTS Extra Tasks (roberto) * There are issues which are not directly packaging/security updates which are available to be worked on * Generally, these issues are found in the lts-team/lts-extra-tasks project in Salsa * Up to 25% of your assigned LTS/ELTS hours can be dedicated to tasks in this project (i.e., LTS hours for tasks that are LTS specific and a mix of LTS/ELTS hours for tasks that support both) * You can use more than 25% of your assigned hours towards these tasks with LTS coordinator approval * New LTS contributor report guidelines, https://freexian.gitlab.io/services/deblts-team/documentation/lts/LTS-contributor-report-guidelines.html (roberto) * Example of good report: https://lists.debian.org/debian-lts/2023/09/msg00008.html * Reminder: Please take a look at packages needing an upload since a long time ago (santiago) * imagemagick: Handle it with an upload fixing a subset of open CVEs? (santiago) Apologies: * Roberto * Sean Whitton Minutes: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.html Minutes (text): http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.txt Log: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-09-28-13.58.log.html 2023-08-24 14:00 UTC [Location: Jitsi] * Linux kernel LivePatch support? * LTS workflow (ML discussion here: https://lists.debian.org/msgid-search/ZNpXSv6MmlW64q7U@connexer.com): * Create tickets to nag about missing LTS contributor monthly reports, or continue with direct emails? (roberto) * Thoughts about criteria for LTS contributor monthly reports (roberto) * Starting to experiment with issue based workflow, example: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28 (roberto) * New LTS coordinator email alias: lts-coordinator@freexian.com (roberto) * Status of specific package: * libreoffice package in ELTS: EOL or backport (rouca) * stretch is more than 35k commit before buster. Massive internal library changes * stretch if not EOL maybe introduce https://snapshot.debian.org/package/libreoffice/1%3A6.1.5-3%2Bdeb10u4~bpo9%2B1/ * jessie ? * be proactive for buster. For now backporting fix not too hard due to 6.4 version semi supported upstream even after EOL https://github.com/LibreOffice/core/tree/distro/collabora/cp-6.4 * runc package in LTS feasability of backport (rouca) * need 4 news packages: golang-github-opencontainers-selinux, golang-github-mrunalp-fileutils, golang-github-containerd-console, golang-github-pkg-errors + a patched golang-github-sirupsen-logrus * Only for builddeps. No build attempted * samba update in LTS/ELTS (ML discussion here: https://lists.debian.org/msgid-search/394d1ff5-5ec7-ecbc-5172-0af25ba978ba@rocketjump.eu) (petn-randall) * (not sure this (monthly video meeting) is the best place to discuss package states with much technical info and attempting to decide on the spot; I'd switch to the mailing list) (Beuc) * +1, absolutely. (utkarsh) * Fast-tracking CVE using RedHat RootCNA-Coordination (rouca) Present: * Roberto * Sean Whitton * tobi * Balint Reczey * Beuc * Ben Hutchings * Raphael Hertzog * Lee Garrett * Jochen Sprickerhof * Thorsten Alteholz * Santiago Ruano Rincon * Utkarsh Gupta * Guilhem * Stefano Not Present: * Emilio * Bastien 2023-07-27 14:00 UTC [Location: #debian-lts on IRC] * Add gbp.conf for common ELTS/LTS gbp repos to point to different upstream branches (that avoids "flip-flopping" of upstream branch and potential source of confusion) * carnil/mjt want to EOL samba for oldstable, does freexian want to EOL that too or continue supporting it? * Need more info on which samba setups are used by customers. AD DC setup unsupported with DSA-5015-1 * Dealing with stale hours (roberto) Apologies: * Beuc (probably won't be able to make it) 2023-06-22 14:00 UTC [Location: Jitsi] * Request for feedback about (E)LTS related features that could be needed in salsa-ci's pipeline (Santiago) * We need to disable crossbuilds by default. * Pending changes regarding policy for hours backlog and max hours (Roberto) Present: * Roberto C. Sánchez * Utkarsh Gupta (~utkarsh) * rouca * Chris Lamb (lamby) * tobi * David Peacock (picklino) * Raphael Hertzog * Thorsten Alteholz * Scarlett Moore * Santiago Ruano Rincon * Sylvain Beucler * Guilhem Moulin * Jochen Sprickerhof * Helmut Grohne * Stefano Rivera Not present: * Ben Hutchings 2023-05-25 14:00 UTC [Location: #debian-lts on IRC] * FD discussion (Roberto) * Reminder about being responsible for using package-operations and populating packages.yml * Addition of periodic {d,e}la-needed.txt clean-up * https://lts-team.pages.debian.net/wiki/Development.html#id35 * Transition from email pings for missing announcements/tags to issues in Salsa under lts-team/lts-updates-tasks (Roberto) * Make stable-security build logs public on package release (Beuc) * https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51 * Who can we contact to make this happen? / Which teams need to be involved? 2023-04-27 14:00 UTC [Location: Jitsi] * CANCELLED: this meeting was cancelled Present: 2023-03-23 14:00 UTC [Location: #debian-lts on IRC] * gbp workflow (Lee) * It seems like at least for apache2 `gbp push` is broken, due to "upstream" branch being both used by stretch and jessie * Note: investigation in progress (IRC) but it's rather a workflow conflict: existing apache2 branches used Anton's workflow (no fork), while new buster branch attempts to fork the apache team's repo to carry over its history. (Beuc) * The use of the 'upstream' branch for both stretch and jessie is my fault. I pushed the jessie commit/tag on that branch and thought that it was fine since 'gbp buildpackage' looks for the tag. However, I don't use 'gbp push' so I was not aware it would cause a problem. (Roberto) * "[debian-lts-sponsors] Debian 10 Buster package list" was sent 2023/01/13 (by ta). Any feedback from sponsors? Working on obsolete lists of supported packages brings various issues. E.g. for buster ./find-work would give priority to python3.5 (if it were still available) but marks python3.7 as low-priority/unsupported. (Beuc) * It was already mentioned on deblts-team@f.c "[...] we started to ask buster package list to our old LTS sponsors at the start of the year and we now have a much better list to rely on. I have just pushed an updated packages-to-support." [Raphaël, 2023-03-17] so this probably can be skipped, unless there's further activity to report (Beuc) 2023-02-23 14:00 UTC [Location: Jitsi] * Revamping of the documentation (both public LTS doc and private paid contributor doc: clarify target audience/scope, follow https://documentation.divio.com/)? (raphael) * Raphael proposes re-thinking/re-structuring the documentation to make things easier to find, especially for new contributors * Roberto proposes a "quick reference card" that provides useful links to contributors * Tobias/Helmut raise the issue that the differences in documentation for LTS and ELTS create a difficulty or complication in presenting the correct content to the right people * Roberto/Anton will be responsible for documentation restructuring as part of larger LTS/ELTS process improvements * procurement of patches per project? (Lee) * it's difficult to find the correct patches for CVEs for different projects, and how to make those steps easier * first idea: add notes attached to the project, like "you'll find the patches by search the CVE number in the bug tracker at X", or "Forget the bug tracker, you'll find those patches on this mailing list", Especially if there are follow-up patches that need to be applied * Helmut: sometimes part of the LTS/ELTS work is to figure out the right source for the patches or even to develop the patches * Helmut: suggested making package-specific notes in a file like debian/README.Debian-LTS, where experiences can be documented regarding the best approach for finding patches for that particular package, things like upstream follow-ups to previous CVE fixes, etc. (Can also be used to document hints about efficient updating, like approaches how to best to test the package, limitations what to expect e.g due to dependencies not supporting $features…) * Sylvain warned against splitting information between a new LTS-specific README file and the existing set of "TestSuites" pages from https://lts-team.pages.debian.net/wiki/TestSuites.html * Raphael pointed out that this makes the README versioned and associated with a specific branch; a possible alternative is a per-package README hosted somewhere with the public LTS content (for the public information) and another in an area where private information can be maintained * Roberto will document the decision process concerning which information belongs with the package (i.e., in a public place) and which information is not meant to be public and where non-public information is to be kept * Lee's original goal: minimize the time to bootstrap or get up to speed for a new contributor working on a package for the first time * Implementation of Package Owner role (roberto) * Documentation in draft and nearly ready for publication * Management will make a general call for volunteers to take ownership of packages * After that, management will make specific invitations for any packages which still require owners and for which nobody volunteers * AOB: * Tobias: issues with the package generation script, which creates a fresh repository rather than forking when the package is already available in Salsa * Tobias will document the process/steps for evaluating an existing Salsa repo for compatibility with our team workflow and then the process/steps for creating a proper fork in Salsa so that we have the package in the lts-team space with the benefit of prior history from the upstream Debian maintainer * Audit existing packages in the lts-team space to see which should possibly forks rather than unconnected new repositories * Helmut suggests the possibility of using dgit as a uniform approach to having package development history * Would require a custom dgit server for us * Requires checking in the actual upstream source, which can take ages for e.g. thunderbird * Integration with salsa-ci non-obvious * Uses patches-applied, but most contributors are used to patches-unapplied * Raphael: How to fix LTS processes around packages lingering around for a long time? Present: roberto, raphael, utkarsh, helmutg, tobi, sylvain, guilhem, lee 2023-01-26 14:00 UTC [Location: #debian-lts on IRC] * git-workflow: please add tags to all uploads. * long lasting issues in {e,d}la-needed.txt * package owner discussion (roberto) * Who would be interested in eventually joining the security team? Having more members paid by Freexian would allow for releasing DSAs or making SPUs corresponding to patches/updates prepared and tested by LTS contributors. 2022-12-22 14:00 UTC [Location: Jitsi] * Is it time to open discussions with secteam to go further in terms of shared workflow between both teams? The idea is to make it easier for members of each team to handle a given package in all supported Debian releases. (With the long term plan to maybe merge both teams with different seniority status within the same team?) * roberto: the preliminary survey analysis indicates that this idea has broad support among DDs; it is likely to take time to figure out how this will work in practice, so opening the conversation now makes sense before we get to close to the bookworm release Decision: - Draft of the proposal to merge teams - Contact active security team members - Issue * git-workflow, starting from January 2023, monitoring. * 1-1 Meetings 2023 * Frontdesk, please use package-oepration script to add entrues into the {e,d}la-needed.txt * "Package owner" idea (roberto) 2022-11-24 14:00 UTC [Location: #debian-lts on IRC] Apologies: Chris Lamb (lamby), Roberto C. Sánchez (roberto) * Why some packages are so long in the queue? * imagemagick - too many opened CVEs in different releases * kopanocore - not fixed CVEs by upstream (also no sponsors hence lower priority) * mbedtls - too many opened CVEs * Project Funding changes. * LTS money is no longer used to grow the funding, but there is LTS money left in the "project funding" pool. * Wants to move approval of projects to "Freexian collaborators" instead of all paid LTS contributors. Are there objections? * roberto: assuming this refers to changing the eligible voters as described under "How will project proposals be approved?" in Rules-LTS.md, then I agree with this change * What about https://salsa.debian.org/freexian-team/project-funding/-/blob/master/proposed/2022-11-debian-reimbursements.md ? * Planet Debian and LTS reports. How can we continue to put our LTS reports on Planet Debian now that they moved to https://www.freexian.com/tags/debian-lts/ instead of Raphael's personal blog? Raphael would like to add a "planet-debian" tag in the company blog and subscribe the associated RSS feed to Planet Debian. Is it OK? Do we need to ask permission? If yes, how and where? * Is it time to open discussions with secteam to go further in terms of shared workflow between both teams? The idea is to make it easier for members of each team to handle a given package in all supported Debian releases. (With the long term plan to maybe merge both teams with different seniority status within the same team?) * roberto: the preliminary survey analysis indicates that this idea has broad support among DDs; it is likely to take time to figure out how this will work in practice, so opening the conversation now makes sense before we get to close to the bookwork release * --> moved to next month, no time to discuss it properly * DD Survey Analysis: no significant progress on my part since the last meeting, as my time has been consumed with Freexian internal tasks and ELTS work (roberto) * Meetings 2023. Schedule 2022-10-27 14:00 UTC [Location: Jitsi] * Where do we want to place all scripts? Pyxian? * Pyxian should stay public -> no confidential data * Maybe create one more Repo, accessable by paid {E,L}TS-contributors * Customer contact. Any volunteers? * [utkarsh] can do. However, I'd like to know what needs to be done (and other necessary details, et al) before I sign up. :) * [roberto] can help with this (maybe later ;) * pyxian - how to use * CI - possible use without importing full upstream sources in the tree * Do we completely remove wiki pages? * Keep all the pages (because we have many URL pointing there) but remove the content and keep the banner only (or use the Redirect pragma to have auto redirect -- http://moinmo.in/HelpOnProcessingInstructions#A.23redirect) * For the LTS/Development page, keep sub-sections with direct links to the corresponding section in the new documentation * Maintain copyright information about pre-migration contributors (page history/"informations") * Survey Analysis/Report status - Actions todo * Roberto wants to finish it * Need review from other team members * Report should probably be public 2022-09-22 14:00 UTC [Location: #debian-lts on IRC] Apologies: Anton * How to make sure that people in charge of FrontDesk do not forget it? What's our expectation during their FD week? * gladk shall extend his weekly reminder to ping FD * note: https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/47 * FD needs to ack that ping, otherwise someone else will do FD * Daily CVE triage expected Mo-Fr * FD can be bypassed on weekends for urgent issues * Issues with a DSA and remote code execution are considered urgent. They're rare and embargos usually don't expire on weekends. * Beuc will expand the documentation on lts-team.pages.debian.net to document our expectations for the FrontDesk role. * Are there LTS contributors who could work more and do ELTS work too? * Vague commitments by various contributors to increase their focus on ELTS. * Quick update on the DD survey analysis by Roberto (if available) * Roberto is 3/4 done, draft in google doc, link see mail to deblts-team@ * Any other topic * Discussion about reclaiming DLAs 2022-08-25 14:00 UTC [Location: Jitsi] Apologies: Chris Lamb, Markus Koschany * Buster as LTS: problems, ideas, opinions * Script to add packages into dla-needed.txt * gladk: Interactive demo * /knowledge-base/$source/ * How to handle the Pyxian dependency for LTS scripts? * buxy: Build package from git and publish it via some internal repository. * Package statistics in {e,d}la-needed.txt * roberto: why? -> support management decisions * buxy: use the find-work script to implement customer priorities * Ask customers via debian-lts-sponsors@freexian.com to send an updated list of packages for buster (Anton) * AOB * roberto did more analysis of the developer-survey * roberto proposes doing a market-place for debian-related tasks 2022-07-28 14:00 UTC [Location: #debian-lts on IRC] * Buster as LTS. August 2022. What should be prepared? * Drop armel from the release list * pochu filed (?) a bug against ftp.debian.org with needed information, please check * https://wiki.debian.org/LTS/Development#Switching_to_the_next_LTS_release * bwh: contact with FTP masters about enabling signing of a linux-5.10 package * Jessie and Stretch as ELTS. Problems? Ideas? Suggestions? * gladk: monitor stailed packages in ela-needed.txt https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/42 * ask ELTS contributors to test new kernels in their own test environment -> done already? * How to minimize regressions? * More tests * Double eye check for the critical updates: apache2, bind9 etc. * Be more willing to decide that an issue is minor and not worth the risk? * Debian LTS BoF & Meeting with some members of the (E)LTS teams * Debconf23? * All slides in one place? * Git workflow. Opinions. * Maybe adding a repo information along with the programming language * packages which we don't have under our umbrella (push updates to main repo) * YAML file where we record "special" packages. Where "special" could mean "needs second review of patches" (like we discussed a few moments ago), "use the maintainer's git repo for LTS/ELTS work", "special testing considerations", * https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/43 * Funding projects. * Any other business. * Create a ticket for DD survey analyze. Maybe exist already. https://salsa.debian.org/freexian-team/project-funding/-/issues/6 - closed * https://salsa.debian.org/freexian-team/project-funding/-/issues/23 - I think, it can be used. 2022-06-23 14:00 UTC [Location: Jitsi] * Prepare for the buster→LTS and stretch→ELTS * ELTS switch date is July 1st. This date has been on the website for some time and has been communicated to customers. * LTS switch date not yet fixed. Discussions ongoing with Security Team re. changing their oldstable support schedule. oldstable was historically maintained for one year after the release of a new stable release, but *may* switch to up-front designation of a three year support window for a stable release. * Need to talk to FTP team about enabling code signing for linux-5.10 in buster-security. * Introducing Helmut Grohne (helmutg). * Review and feedback git-workflow for the (E)LTS packages https://lts-team.pages.debian.net/git-workflow-lts.html * Was short discussion on dgit. * Anton to write script to determine which new updates are not using the Git workflow. * First report from the Tryton funded project available -- https://salsa.debian.org/freexian-team/project-funding/-/issues/24#note_309113 * AOB * New logo demonstration * DebConf attendees * Attendees: * Chris Lamb (lamby) * Roberto C. Sánchez * Raphael Hertzog * Andreas Rönnquist (gusnan) * Anton * Ben Hutchings (bwh) * Markus Koschany (apo) * Utkarsh Gupta (utkarsh) * Apologies: * Dominik George (nik) 2022-05-26 14:00 UTC [Location: #debian-lts on IRC] * Prepare for the buster->LTS and stretch->ELTS * Issues will be revised and reassigned. Due dates will be set https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues . Please take a look regularly as part of your contribution. * Git-workflow for the (E)LTS packages https://lts-team.pages.debian.net/git-workflow-lts.html * Documentation * First report from the Tryton funded project available -- https://salsa.debian.org/freexian-team/project-funding/-/issues/24#note_309113 2022-04-28 14:00 UTC [Location: Jitsi] * Administrative changes - Anton to take over a number of responsibilities from Jeremiah in the near future. In particular LTS team lead/coordinator. * dla-needed.txt, put programming language in notes, saves the time? (Anton) * Yes (ack from Markus and Roberto) * Documentation, new repo? (Anton) * We should ask new contributors for feedback and decide based on this. * Ubuntu has https://github.com/canonical/ubuntu-maintainers-handbook * Change in the hourly rate with introduction of Freexian collaborator status (Raphael) * DD survey - do we _really_ need to send a reminder? (Utkarsh & Raphael) * over 200 participants, ~190 completed surveys by DD * one need to find somebody to send a friendly reminder via debian-devel-announce * Deadline is extended. Was 30.04, extended to 07.05. * Deadline for sending an email 29.04 * New lts-cve-triage.py report section "Issues postponed for stretch, but fixed in buster via DSA or point releases"; see https://lists.debian.org/debian-lts/2022/04/msg00011.html (merged); front-desk(s) should check and add pending packages (e.g. mailman, dpdk...) to dla-needed.txt soonish (Beuc) * buster has some missing fixes, which are fixed in stretch. * ELTS/LTS: How do we inform contributors about "special" packages that have their quirks, e.g. bind9 in Jessie. Should it be mandatory to read https://wiki.debian.org/LTS/TestSuites/ before uploading such a package? Should we create "package hints" in a file like packages-to-support for those packages to make it more obvious what contributors should look for? (apo) * Subscribe to the relevant wiki-pages to be notiified about changes * Maybe checklists for new comers * git-hook which checks the package name and notifies. * ELTS/LTS: Should we create documentation how to package updates of major software like the Linux kernel, OpenJDK, etc. to make sure that basically everyone could do the job whenever necessary? (apo) * Documentation update is necessary. Especially for newcomers. * Update on funded projects: * I've heard from Mathias on the Tryton project but there is no update. He hopes to have an update soon after working through a "huge backlog". (Jeremiah) * Gradle in progress: ETA: 2 weeks. * DebConf22 BoF LTS (Anton) * Definitely yes LTS BoF * Project funding project 2022-03-24 14:00 UTC [Location: #debian-lts on IRC] * [Anton] Documentation, one place for everything. We have wikis, readmes etc. Maybe it makes sense to put everything in one place, to have just one source of information. Proposal is to make it of two parts: open (for everybody) and close only for the (E)LTS members * Ensure we are ready to support Debian 8 and Debian 9 in parallel in ELTS * https://gitlab.com/freexian/services/extended-lts/-/issues/10 * We'll need to update the web site and other documentation * Scripts used in ELTS will likely need to be updated as well * [Anton] Possible merge of dla-needed and ela-needed? * Technically possible? * Does it make sense? * https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/blob/07b3aae608ac3bda24c1bbedaa428da368da64f0/data/dsa-needed.txt#L29 * Improve publication of DLAs -- who's responsible? * Who is responsible for publishing a DLA? Is each uploader responsible for updating the web site? * We should put this as policy in an easy to find location debian-www/webwml/english/lts/README perhaps? * https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/6 * [Anton] Progress of "Archiving of ELTS packages" * The branches of all 42 projects in lts-team/packages were migrated this week to match the DEP-14 Schema. * In most of cases it is just debian/stretch, some of them are having debian/jessie. * CI is setup for many projects (stretch only). * Some repositories are outdated. * The documentation is being in preparation. * [utkarsh] Debian Developers' Survey * update on where we are. * and when it's gonna go live. * AOB 2022-02-24 14:00 UTC [Location: Jitsi] - Archiving of ELTS packages, usecases and solution(s) To summarize: * we want a complete solution - "we want clear history of source changes in git, and we want a snapshot service" * because a snapshot solution will take time, let's get what we can into git, including ensuring the current Debian src is in git before making the first (E)LTS upload * consensus for using `gbp import-dsc` * debian/$CODENAME as recommended by DEP-14 * There are exceptions; large packages being one If we have agreement on the above, let's move forward and craft a policy we can put in writing in the README and/or (d|e)la-needed.txt - Anton's Proposal should be discussed https://gitlab.com/freexian-lts/extended-lts/-/issues/4#note_849773139 * Within the next few weeks Anton planning to update all packages in (E)LTS-group according to DEP-14 proposal. (As someone who has worked on a Debian derivative, I greatly appreciate DEP-14 because it gives the derivative a clear path forward and stops endless discussions.) - Documentation for Debian Appliance vendors I've discussed this via email with Markus and on IRC with Roberto. We've created a pad for collaborative editing: https://cryptpad.fr/code/#/2/code/edit/sizdgNszKqNXlYDZL59m+5zt/ Would be really great to expand upon the excellent feedback I've received. I think this would help Debian users quite a bit. - Apologies Markus Thorsten - Attendees Ben Raphaël Roberto Anton Chris Abhijith jeremiah 2022-01-27 14:00 UTC [Location: #debian-lts] - How to join ELTS documentation I've made some updates to the ELTS and LTS documentation. Minor edits that have been reviewed. * Issue: https://gitlab.com/freexian-lts/debian-lts/-/issues/6 * README: https://gitlab.com/freexian-lts/extended-lts/-/blob/master/README - Archiving of ELTS packages, usecases and solution(s) I feel that this issue is not completely resolved. I've outlined the issue a bit further here; * Issue: https://gitlab.com/freexian-lts/extended-lts/-/issues/4 - Enforce git as DVCS in ELTS This issue is closely related to the one above. What kind of policy can we impose or recommend with regard to keeping ELTS packages in git, including large packages? * Issue: https://gitlab.com/freexian/services/extended-lts/-/issues/8 - New Tryton proposals https://salsa.debian.org/freexian-team/project-funding/-/tree/master/proposed * Issue: https://salsa.debian.org/freexian-team/project-funding/-/issues/21 * Issue: https://salsa.debian.org/freexian-team/project-funding/-/issues/22 - Apologies Chris Lamb Emilio Pozuelo Monfort Anton Gladky Ola Lundqvist - Attendees utkarsh2102 jeremiahb codehelp buxy el_cubano bunk bwh ta h01ger 2021-12-30 14:00 UTC [Location: Jitsi] https://jitsi.debian.social/LTS-monthly-meeting - Greetings - Archiving of ELTS packages, usecases and solution(s) - Action items from previous meeting; #action jeremiah to set a reminder that _emails_ need to go out reminding folks to send reports on the 2nd of the month. DONE (https://gitlab.com/freexian-lts/debian-lts/-/commit/c0d6a0e32a7398e36c59ff40dd21a9e5f0b3fa38) #action jeremiah to contact Ben directly re: DLA 2785-1 still unpublished. DONE DLA published (https://www.debian.org/lts/security/2021/dla-2785) - Consensus on Front Desk dispatch changes so far; Open up LTS FD to those who're interested Randomly Sequentially assign FD position for LTS and ELTS Have LTS FD be ELTS FD when possible - How to join ELTS documentation * Issue: https://gitlab.com/freexian-lts/debian-lts/-/issues/6 * README: https://gitlab.com/freexian-lts/extended-lts/-/blob/master/README - Debian LTS Survey (Utkarsh) - Where we're at. - Heads up by Utkarsh. - #Action: Utkarsh to massage the existing questions into Lime Survey (the software used for the survey) so we can see how it fits. The goal is to of course keep the structure of the questions as much as possible to ensure we capture the data we're looking for. We should determine whether we can handle anonymity and tokens in the survey. We will say that we will not publish non-anonymized data This is tracked here: https://salsa.debian.org/freexian-team/project-funding/-/issues/20 - Any other business _ Fixing packages for Stretch that has been fixed in Jessie. (utkarsh) - What should we have for policy regarding packages fixed in Jessie? It's confusing if there is no documentation about fixed Jessie packages in Stretch. - FD should do triage and leave the packaging work for others. - Finding packages that are fixed in Jessie but not in Stretch is not regular FD work however. - We already have a script that manages this, perhaps it could use improvement and this should mitigate problems around FD. - We should make a p-u upload, coordinate with the maintainer, when there are packages fixed in Stretch. We should document this and encourage folks to - spent a week of my FD for looking at some of the packages and a plausible solution. - Confirming meeting schedule/times for 2022. (lamby) - It was confirmed that the fourth Thursday of every month will be the LTS meeting day - Apologies Thorsten Alteholz Roberto Adrian Bunk 2021-11-25 14:00 UTC [Location: #debian-lts] - Greetings - How to avoid having different people working on the same package in LTS and ELTS? (Adrian) - Review of unclaimed packages in dla-needed (Adrian) - Hour dispatch change: Feedback/Questions? Open topics? (Adrian) - Status update: enterprise gradle project Our bidder is conferring with the reviewer to get a better idea of the effort estimation. Reviewer has been positive towards the bid. - Resolution of CVE assignment tooling for related packages (Jeremiah) There is background on this topic here [https://lists.debian.org/debian-lts/2021/08/msg00045.html] and here[https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/12] as well as MR available in Salsa. - Documentation for Debian Appliance vendors (Jeremiah) Various industries, as likely everyone on this list knows, need support for longer than usual. In the automotive industry the support period for a head unit for example is at least 12 years. Addressing the needs of people who need longer support and providing advice on how to select supported components, which packages to avoid, kernel security support would be hugely beneficial. - Do we have consensus that we ought to enforce the use of Git as the DVCS tool for ELTS packages and keep the work in Salsa? (Jeremiah) If so, how do we enforce this? - Any other business 2021-10-28 [Location: Jitsi] - Greetings - Status update: enterprise gradle project (Jeremiah) -- Published Debian Micronews, pushed to social media, sent email to lists; debian-lts, debian-android-tools, debian-java, debian-consultants. -- No response yet. -- Due date is November 5th -- Perhaps someone from LTS is able to make a bid? https://salsa.debian.org/freexian-team/project-funding/-/issues/11 -- Roberto to send out a notice LinkedIn - Change the hour reporting and dispatch deadlines in November as discussed in the last meeting? I can prepare updated documentation for review if we do the change. (Adrian, who will not be at the meeting) - There was clear consensus that we want to move forward with the previously discussed deadlines. - It means someone has to update the scripting logic as well. - Any other business It is possible to build a web bug interface to a bug database, even if the project might be very large. Action items from last meeting; #action jeremiah to share Adrian's proposal for hours dispatch on deblts-team@freexian (done) #action el_cubano to draft Debian Publicity news item regarding funding of gradle project.(done) #action el_cubano review automation and tooling around monthly report generation. Implemented a change to the hours validation script that determines whether previous hours are not ignored. (done) - There is still room for automation on generating hours, especially around calculating previous hours. Plan is to put an issue and notify. - Answer questions that are brought by Debian Developers as well and collaborate with the DPL to see if that's an opportunity to communicate with DDs at large. - Front Desk duties: what are the duties of the FD? It's understood that there is info on the wiki regarding this but there's still a question as to whether a developer can add a project on their own? It would be good to limit the amount of bureaucracy . - Utkarsh felt there ought to be communication, Roberto agreed and wondered about the object of the FD is to make sure that nothing is missed or is "equitable work distribution" part of the FD role description. Either way an email ought to be sent. - FD was essentially copied from the Security Team. Although the FD role is somewhat different in the Security Team. When the role was copied it was just a way to organize the work and to ensure that the work gets done. Maybe we ought to change the role and elaborate. There are no strict rules around picking packages, so equity may be hard to achieve. It's non-trivial to dynamically track the hours of those that work on LTS. It can happen that new contributors are unaware of the procedures, or there is no clear record in the git log of accepting the package. Please make a record in the git log. - Maybe we want to say that if you are in the FD role you cannot assign yourself a package for a certain period of time, a delay. Previously there was a limit discussed - Action: discuss the role of Front Desk, additional duties? Better definition of duties and explicitly define implied duties? Limit the amount of bureaucracy. Specifically there is a proposal to create a delay on assigning packages to yourself in FD role. Utkarsh said sometimes the person in the FD role is an expert in a given pacakge so perhaps there's an exception to this. If you add notes that ought to be enough to explain why there is an exception. - How do we expand the number of people who can contribute to FD? - If we have to we can open it up but there is the risk of a good deal more back and forth in finding a time. Roberto suggests an random distribution based on interest in being FD, and if you get a week you cannot or do not want to do you can remove yourself which might open up the opportunity for others to take that week. https://wiki.debian.org/LTS/Development#Frontdesk_duties Present: * Jeremiah * Neil * Markus * Raphael * Roberto S. * Beuc * Anton * Ben Hutchings * Utkarsh Gupta Absent: * Apologies: * Chris Lamb (lamby) — will be ~30 mins late :( :( * Adrian Bunk * Ola Lundquist * Lee Garret 2021-09-30 [This time on IRC] - Greetings - When a package already has notes in dla-needed, please read them before taking the package. (Adrian) - Should reporting deadline and hour dispatch be changed? (Adrian) Reporting: * 1st day of the month: deadline for contributors to report hours for the previous month * 2nd day of the month noon UTC: automatic reminder email to contributors whose hour report is overdue * 3rd day of the month after noon UTC: coordinator dispatches hours for the current month * 10th day of the month: deadline for publishing reports of work done (as before) and adding the URL of the report to the hours reported in ledger Benefits: * accounting for the previous month is finished before accounting for the current month starts, accounting would become easier * hour distribution would know the amount of hours carried over from the previous month, and could be changed to reduce the amount of "dead hours" at (temporarily) not very active contributors by deducting carried over hours from new hours: * working no/few hours in one month will no longer by default double the hours available for that person, increasing the hours available for other contributors * removes the need to give back hours (also in ELTS) or otherwise care about carried over hours, hours will simply be refilled to the desired level (or the maximum allocation for the month, whichever is lower) Notes: * it stays possible to report earlier than the first day of the month * contributors might publish the report of work done at the same time as reporting hours (as before), or report only hours at the earlier deadline * all work done continues to be paid, "punishment" for not reporting hours in time would be no (or few) new hours for the following month * working before hour distribution is possible, while the exact number is unknown it is clear that every active contributor will have some hours available - Publicity, micronews, or something similar to raise awareness of project funding? (Roberto) - We have an accepted funded proposal that is now in the "Request for Bids" stage; https://salsa.debian.org/freexian-team/project-funding/-/issues/11#guidelines-for-prospective-bidders (Jeremiah) -- Which lists do we think are most relevant? My assumption is; * debian-lts * Debian publicity co-ordination * debian-java and debian-android-tools * Other fora? 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-08-26 - Greetings - Meet Jeremiah Foster! - Jeremiah will attend the meeting, introduce himself, take notes and try to become more integrated into the team. :-) - My way of working is to try to fit the ways that individuals on the team work, I don't want to impose a process. It may be a wee bit 'noisy' as I get up to speed and as I spam the various communications channels. I try to strike a balance between project insight and being a distraction. - ELTS: going beyond June 2022 for Debian 8 jessie - Progress report on survey and draft content for review. - Discuss what to do with BoF brainstorming results (anton/jeremiah/roberto) - Miscellaneous: (roberto) - These items arose as I prepared for the DebConf BoF, but don't seem especially appropriate for that forum, so I thought to capture them here for discussion by the team - Make available for purchase targeted/specific support-hours package from Freexian for implementation of Debian-wide improvements? - Do we need a brainstorming session on what things can we do to improve the stability of security updates? The 2020 survey revealed that many who like LTS very much appreciate the peace of mind of being able to apply updates without worry of regressions. - Should the advisory template recommend installing debian-security-support? (i.e., to make EOL-related concerns more visible to LTS users.) - Are there ways we can improve or facilitate coordination between LTS, secteam, and package maintainers? - Would it be useful to visualize impacts of possible regressions, like how many rdeps are there? A broken update to a leaf package is potentially much less problematic than an update to a common library, like ICU, which might be nothing compared to something like SSL. - Ways to improve the ability of Debian derivatives to leverage LTS work (jeremiah) I think it would be good if we were to sketch out a proposed workflow for accepting new projects to fund. * Do we expect an application of some kind? * A statement of work? * Do we expect them to report and track progress? * Any particular tool they should use, like Salsa? Refer to existing template Minutes; -- RH: Anything that benefits Debian will benefit LTS eventually, so let's not limit proposals using LTS funding arbitrarily. -- Perhaps there are specific projects that we can use to solicit more funding? -- RH: We currently have funding, if we can demonstrate that we can distribute that funding effectively then we can add specific solicitation. -- RH: ELTS -- at this point it is pretty sure we're going to go further, at least with the set of packages that Civil Infrastructure project is funding. Quotes have been sent. Some details remain to be worked out. It is difficult to make promises on what can be supported and for how long, but so far it appears mostly embedded users with the exception of a whole desktop user. - Any other business - Next meeting 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-07-29 1. Greetings 2. DebConf21 BoF proposal: Funding Projects to Improve Debian (Roberto, Anton) - https://salsa.debian.org/freexian-team/project-funding/-/issues/5 - https://debconf21.debconf.org/talks/103-funding-projects-to-improve-debian/ - Proposed session outline is in the Salsa issue; comments and suggestions are welcome 3. any other business 4. next meeting 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-05-27 1. Greetings 2. How to use the money put aside for project funding? (Raphael) 3. Feedback on the definition of Freexian's LTS coordinator role. Candidates? (Raphael) 4. Moving the meeting to 14 UTC? (Raphael) 6. any other business 7. next meeting(s) 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-04-29 1. Greetings & introductions 2. Revisiting Holger's role now that Lynoure is shifting to it: what should be done differently & what more? 3. 25% time, what would make it more appealing to take 4. Gitlab-CI for the (E)LTS-packages (gladk) 5. Setup shared access to private security repos with more patches (Ubuntu ESM, RHEL, RedHat Fuse/AMQ...) (Beuc) 6. any other business 7. next meeting(s) 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-03-25 1. Greetings 2. pts-no-dsa improvement 3. Future of LTS thread on our list (holger) (if deemed suitable for a logged discussion) 4. Future of Holger's role (holger) 5. next meeting(s) 6. any other business 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-02-25 1. Greetings 2. Improve/automate handling of software with multiple source packages (Beuc) - unbound vs. unbound-1.9 (LTS-only) https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/18#note_227949 - golang (ELTS-only) vs. golang-1.x secteam won't tag ELTS packages (obviously) - golang-1.7/golang-1.8 (LTS) vs golang-1.x (buster & later) sometimes not in sync / missing CVEs, not easy to detect Current tooling/scripts don't handle that. Ideas? 3. Get to know each other. Each of us respond to the following questions: - What are you doing besides LTS to earn money and pay your bills? - What do you like/dislike about the LTS work that you are doing? - Would you like to work even more with Freexian on Debian related projects? X. next meetings X. any other business 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< 2021-01-28 1. Greetings 2. unbound 3. PTS nodsa handling 4. Why did no LTS contributor submit a project to be funded? 5. next meetings 6. any other business 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<