16:01:51 #startmeeting fpc 16:01:51 Meeting started Thu Jun 25 16:01:51 2015 UTC. The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:01:51 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:01:51 #meetingname fpc 16:01:52 #topic Roll Call 16:01:52 The meeting name has been set to 'fpc' 16:02:29 sitting in the back row today 16:02:49 tibbs: I've seen you this morning, you can't hide ;) 16:02:59 Howdy. 16:03:07 Hi 16:03:07 I know orion was around, too. 16:03:14 hello 16:03:16 #chair tibbs 16:03:16 Current chairs: geppetto tibbs 16:03:19 #chair orionp 16:03:19 Current chairs: geppetto orionp tibbs 16:03:23 #chair tomspur 16:03:23 Current chairs: geppetto orionp tibbs tomspur 16:04:28 limburgher mbooth racor Rathann SmootherFr0gZ: FPC ping 16:04:42 * geppetto aware mbooth said he couldn't make it 16:05:12 * SmootherFrOgZ here 16:05:26 #chair SmootherFrOgZ 16:05:26 Current chairs: SmootherFrOgZ geppetto orionp tibbs tomspur 16:06:04 #topic Schedule 16:06:08 https://lists.fedoraproject.org/pipermail/packaging/2015-June/010749.html 16:06:35 I actually did some things last week, but not enough. 16:06:35 Ok, can the people not here quickly vote on 281, 541, 542 16:06:48 That's orionp and SmootherFrOgZ … I think 16:06:52 I mostly wrapped up my project for the moment, so I do have some more time. 16:06:59 #topic #281 New Python Macros for Easier Packaging 16:07:00 .fpc 281 16:07:00 https://fedorahosted.org/fpc/ticket/281 16:07:02 geppetto: #281 (New Python Macros for Easier Packaging) – fpc - https://fedorahosted.org/fpc/ticket/281 16:07:47 see the diff. in comment 24: 16:07:55 https://fedoraproject.org/w/index.php?title=User%3ATomspur%2FPackaging%3APython&diff=cur&oldid=414855 16:08:38 I recall of this one and still +1 16:08:38 Though, remember, the big chunks of that diff are already applied. 16:09:07 The first two bits and the last one are all gone from the guidelines already. 16:09:44 ahh 16:10:19 orionp: vote? 16:10:59 Shoulldn't we document py_shbang? 16:11:22 We should, but we're sort of doing an incremental thing. 16:11:51 So another round of cleanup/clarifications coming? 16:12:00 "another". 16:12:09 More like three or four. 16:12:32 I'm batching the announcements so as to not have packagers on a treadmill. 16:13:11 Since this wholly bones EPEL at the moment, too, I'm working with them to get these macros down into their packaging as well. 16:13:34 * tomspur thought we can push it to the epel-macros package? 16:13:47 Yes, maybe. 16:13:50 So I don't quite follow this partcular update - we're voting on the python macros, but not actually documenting using them except for in an admonition? 16:14:13 I don't think we really have to fully expand them in the guideline. 16:14:55 Yeah, I should really add them into an admonition. Yet it would be nice to get this trough, so that I'm able to push a new python package with the macros (this will also quite some time to set everything up) 16:14:57 But, yeah, once this all gets settled, doing a documentation block for all of them will be a good idea. 16:15:12 tomspur: I don't think getting these pushed should wait on FPC. 16:15:15 hi, sorry for being late 16:15:22 #chair Rathann 16:15:23 Current chairs: Rathann SmootherFrOgZ geppetto orionp tibbs tomspur 16:15:24 no problem 16:15:24 I mean, we don't disagree on the macros themselves. 16:15:45 tibbs|w: I thought if the macros are not approved, they should not get pushed 16:15:45 Rathann: starting out getting the remaining votes on the couple of tickets from last week 16:15:59 Rathann: So not much to do for another 5-10 mins. 16:16:01 Rathann: scrollback at http://fpaste.org/236636/52489531/ 16:16:12 thanks 16:16:35 Yeah, the macros are fine, as are the changes to the guidelines. But we have approved some macros, but have no documentation on how they are used 16:17:55 Except the sample spec. 16:17:56 oh, wait, bad searching 16:18:20 For now that's sufficient documentation for me but you're right that we should probably expand on it a bit once things settle down. 16:18:33 Sorry, I'm +1 16:19:03 god, there's so much to clean up here.... 16:19:03 #action New Python Macros for Easier Packaging, py2_build/py2_install/etc. (+1:6, 0:1, -1:0) 16:19:22 #topic #541 Package Naming Guidelines - Clarification Required 16:19:23 .fpc 541 16:19:23 https://fedorahosted.org/fpc/ticket/541 16:19:24 geppetto: #541 (Package Naming Guidelines - Clarification Required) – fpc - https://fedorahosted.org/fpc/ticket/541 16:19:54 This one seemed trivial … can put packages into Fedora all lowercase when upstream uses mixedcase. 16:20:21 But that's IMO. 16:20:26 It's slightly stronger than "can". The proposal is linked in comment 8. 16:20:39 tomspur: you removed the note about pygtk2 missing a numpy dependency and I see the gnome bug is still open 16:20:57 Rathann: that was me; that bit has been gone for a while. 16:21:01 ah 16:21:01 * Corey84 hangs out in back 16:21:03 He just didn't re-diff. 16:21:20 ok, but the issue in the note is still valid 16:21:23 isn't it? 16:21:50 Rathann: I talked to the people involved and the consensus was that yes, it's still a bug but not worth bloating the guidelines over it. 16:21:59 ok 16:22:10 +1 from me as well, then 16:22:28 It's come up precisely zero times since we added that thing years ago. 16:22:31 +1 here too 16:25:35 orionp: vote? 16:25:52 Rathann: Not sure what your +1 is for … you voted on both of these last week, right? 16:26:00 I think I'm -1 16:26:00 no 16:26:08 geppetto: I was absent last week 16:26:12 Oh, sorry 16:26:29 geppetto: my +1 was for #281 16:26:35 So your +1 is for 541? 16:26:38 Ok 16:26:55 #undo 16:26:55 Removing item from minutes: 16:27:08 * geppetto has no idea what that did :( 16:27:40 orionp: You are -1 on the lowercase naming? 16:27:55 yeah 16:28:02 Why? 16:28:36 Why should they be lower case? 16:28:37 I didn't really intend to change the meaning, just move the bit about case to the front. 16:28:58 Command line user experience is far better with consistent casing. 16:29:09 Yeh, that 16:29:19 I'm +1 to #541 16:29:31 And it's not like it would be sane to have MySQL package and a mysql package. 16:29:39 But we're not consistent - and I don't ever see us there (NetworkManager) 16:30:03 The fact that dumb things have been done in the past is no reason to keep doing dumb things in the future. 16:30:03 yeh, but this is a step in the direction of not being more inconsistent 16:30:23 or what tibbs said 16:30:32 And every bloody time I have to type NetWorKManaGer or whatever, I get slightly more annoyed. 16:30:56 And people used to run into the mysql thing all the time. 16:31:14 Now, there are still huge exceptions. Like Perl will always have mixed-case package names. 16:31:15 Anyway … still a -1 orionp ? 16:31:17 I'm not sold that being inconsistent with upstream is preferable 16:31:26 Ok, fair enough 16:31:36 If you're going to change the guidelines, make it a *MUST* 16:31:39 #action Package Naming Guidelines - Clarification. Lowercase better than mixedcase package names. (+1:6, 0:0, -1:2) 16:31:43 Usually upstream isn't consistent, either. 16:31:47 Which is doubly fun. 16:32:00 yeah, I've run into that plenty 16:32:10 #topic #281 New Python Macros for Easier Packaging 16:32:10 .fpc 281 16:32:10 https://fedorahosted.org/fpc/ticket/281 16:32:12 geppetto: #281 (New Python Macros for Easier Packaging) – fpc - https://fedorahosted.org/fpc/ticket/281 16:32:21 #action New Python Macros for Easier Packaging, py2_build/py2_install/etc. (+1:7, 0:1, -1:0) 16:32:28 #topic #542 Forbid "python -OO" for Python < 3.5 16:32:28 .fpc 542 16:32:28 https://fedorahosted.org/fpc/ticket/542 16:32:30 geppetto: #542 (Forbid "python -OO" for Python < 3.5) – fpc - https://fedorahosted.org/fpc/ticket/542 16:32:49 This one is a bit more complicated 16:32:56 I might actually be +1 for making names lowercase a must, but having it a should is just going to lead to more arguments 16:33:56 We left it at should just in case there was a weird upstream who insisted that the name be mixedcase 16:33:57 orionp: I understand, but I don't think we're going to get away from having arguments regardless of what we put in the guidelines. 16:34:07 but I'm not against using MUST 16:34:26 Anyway … onto 542 16:34:28 Can do another ticket for must if we want to take it up. 16:34:40 I'm not even sure why we're doing 542. 16:34:46 tomspur tibbs: You want to explain this to SmootherFrOgZ orionp and Rathann ? 16:35:07 Uh, well, if you add -OO then things break, so don't do it. 16:35:13 Because stuff stops working in some cases if people use -O0 16:35:19 yeh 16:35:20 Which seems kind of 107% obvious but that's just me. 16:35:29 I know :( 16:35:37 I remember reading about it, and I agree, so +1 to #542 16:35:45 And yet the dnf devs. did it and don't want to change anything to fix things 16:35:53 * geppetto shrugs 16:35:54 IIUC, programs break, if you have some modules using -O and some using -OO we should stick to one version, which is -O 16:37:08 yeh … seemed obvious to me. But then racor also voted against it. So *shrugs* 16:37:08 yup, 16:37:12 +1 16:37:17 orionp: vote? 16:37:21 +1 16:37:24 #action Forbid "python -OO" for all versions of Python, no need for rationale in policy (+1:7, 0:1, -1:0) 16:37:47 Ok, that's it for last weeks need votes. 16:37:49 #topic #543 secure config and log permissions 16:37:49 .fpc 543 16:37:49 https://fedorahosted.org/fpc/ticket/543 16:37:50 geppetto: #543 (secure config and log permissions) – fpc - https://fedorahosted.org/fpc/ticket/543 16:39:28 Seems kind of up in the air still. 16:39:28 I mostly agree with matt 16:39:40 But maybe for selfish reasons 16:39:40 Same here 16:39:56 And I cannot foresee what else this would/could break... 16:40:00 I'm not opposed as long as there's some kind of "log-reading user" that isn't root. 16:40:08 s/user/group 16:40:23 what does the adm group give you? 16:40:34 In what context? 16:40:49 like if you get the adm group now, what privs. does that give you? 16:40:51 With journalctl it gives you access to all of the logs there. 16:41:02 I'm not sure what else in the system might use it. 16:41:18 * geppetto nods 16:41:30 Part of the issue is that many people don't understand ACLs. 16:41:30 I'm happy to restrict all logs to adm, I guess 16:41:51 I just don't think having people go to root every time they view a log is a good idea. 16:41:58 I'd kind of prefer that random config. file changes not be restricted 16:42:14 This is how httpd works now, and it bugs the hell out of me. 16:42:17 but I'm not sure how to do that, without having the problem the ticket was for. 16:42:26 I keep changing the perms, apache updates, and I have to change the perms back. 16:42:36 * geppetto nods 16:43:25 hm, I tend to be +1 on files in /etc not /log. 16:43:32 So, basically, I would happily vote for putting the same ACL on /var/log that we currently have on /var/log/journal. 16:43:48 But that assumes that putting an ACL there actually works. 16:43:49 SmootherFrOgZ: why not the logs? 16:43:53 I'm not sure this is in our scope 16:44:01 tibbs: How does that happen from rpm? 16:44:15 geppetto: Exactly the question to which I have no answer. 16:44:32 geppetto: I don't see potential risk in reading them 16:44:38 My guess is systemd does something "clever" from a scriptlet 16:44:45 orionp: If we wanted to force permissions like that, it should be in the guidelines. 16:45:00 Otherwise how are people going to know what permissions to put on log files? 16:45:08 I mean, yes, currently they do what makes sense. 16:45:11 # Apply ACL to the journal directory 16:45:11 setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ >/dev/null 2>&1 || : 16:45:20 and we talking only about files located at the top level of /var/log 16:45:22 is what systemd does 16:45:25 But the security folks seem to disagree about what makes sense. 16:45:26 Rathann: Thanks for the confirm. 16:45:30 or all? 16:45:31 Rathann: that from %post? 16:45:40 Sure, but I don't think we can declare that it's desired - I see that as a FESCO decision and a System Wide change thing 16:45:50 orionp: I can agree with that. 16:45:57 orionp: you're right 16:45:59 yes, in %post 16:46:11 Ok, I'm happy to punt it to FESCO 16:46:17 Yeah, let's table this. 16:46:21 This is big stuff that's going to break a lot 16:46:34 I think this is about what packager should do in %files 16:46:55 #action Seems like too big a change for FPC to just accept it, needs systemwide change and FESCO sign off. 16:47:10 #topic #544 Case of package names 16:47:10 .fpc 544 16:47:11 https://fedorahosted.org/fpc/ticket/544 16:47:12 geppetto: #544 (Case of package names) – fpc - https://fedorahosted.org/fpc/ticket/544 16:47:16 * geppetto is getting deja vu 16:47:21 huh wat 16:47:39 Oh, sorry, we had talked about getting this out of the other ticket. 16:47:53 It's the same diff though I need to fix the typo. 16:48:02 I should close it as a dup. 16:48:13 phew :) 16:48:15 ok 16:48:24 #action DUP of 541 16:48:33 #topic #545 Python guidelines cleanup 16:48:34 .fpc 545 16:48:34 https://fedorahosted.org/fpc/ticket/545 16:48:35 geppetto: #545 (Python guidelines cleanup) – fpc - https://fedorahosted.org/fpc/ticket/545 16:48:40 * geppetto is getting more deja vu 16:49:00 This is just a tracking thing. 16:49:05 ok 16:49:15 There were so many tickets that it's getting tough for everyone to keep up. 16:49:22 yeh, fair enough 16:49:33 #info This isn't a real ticket. 16:49:45 #topic #546 Review/clarity on minor fork of nghttp2; b64.c 16:49:45 .fpc 546 16:49:45 https://fedorahosted.org/fpc/ticket/546 16:49:47 geppetto: #546 (Review/clarity on minor fork of nghttp2; b64.c) – fpc - https://fedorahosted.org/fpc/ticket/546 16:50:04 oh, b64.c again? 16:50:17 is that the one copied from glibc? 16:51:10 I believe so 16:51:11 Have we cared about b64 in the past? 16:51:50 Well I think a lot of people reimplment it, as opposed to md5/etc. where they copy code 16:52:23 It's just crazy that we don't have a library for these things. 16:52:29 I mean 100% nuts. 16:52:36 * This code originally came from here 16:52:36 * 16:52:36 * http://base64.sourceforge.net/b64.c 16:52:45 guess it's not the glibc one then 16:52:46 maybe 16:53:08 the other one is sha1 … and they can use the openssl version 16:53:09 yep 16:53:18 haven't seen this one (b64.c) yet 16:53:34 these things should be in glibc *shrug* 16:54:19 I guess the sha1 isn't what they are talking about as there's a number #3 in the BZ: 16:54:26 3) The code taken from nghttp2 is a trivial amount around correct openssl apis for using alpn, not exported standalone from the original lib. ssl-http2 has this notice with lgpl-compatible terms 16:54:43 That one probably worries me the most. 16:55:04 Without diffs and links to source and stuff it's really hard to make much of a decision. 16:55:12 yeh 16:58:00 I suggest we table until we get the info we need. 16:58:03 Ok, I think this is the ssl bit: 16:58:04 http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/lib/ssl-http2.c#n111 16:58:33 This is the sha1: http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/lib/sha-1.c 16:58:47 And this is b64: http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/lib/base64-decode.c 16:58:55 All three look fine 16:59:16 But it would have been nicer for the ticket to include this info. 17:00:17 ah, found my old bug report about base64 API not being public in glibc: https://sourceware.org/bugzilla/show_bug.cgi?id=14118 17:00:51 it's still in new state 17:00:53 cool 17:00:55 yep 17:01:08 only 3 years old 17:01:26 bugs are like wine 17:01:29 ;) 17:02:25 Left on the shelf so long they're sour when people finally get to them? 17:02:53 If you drink them too long you go all wobbly? 17:03:05 Anyway … I'm +1 on 546 17:04:21 +1 here 17:05:08 hm the base64-decode.c claims to come from that sourceforge project but the code is not the same or even similar 17:05:11 So you're good with the sha1 thing? 17:05:23 It would be nice to use openssl sha-1. It seems to be possible 17:05:28 They said they rewrote it pretty much completely. 17:05:36 tibbs: I'm not sure exactly which implementation it is … but it looks a lot like all the other ones I've seen 17:05:46 They said they could add an option to use it 17:05:49 +1 from me 17:05:54 I'm just really concerned because this is really security sensitive code. 17:06:01 gnutls would be nice 17:06:10 Yeh, they said if they build with openssl support then they use openssl SHA1 17:06:49 Everyone does understand that this is basically a web server, right? 17:06:53 yeh 17:07:07 yes, I'm -1 to sha1 part definitely 17:07:18 I'm happy to say they must build with openssl support in Fedora, and thus. not use the sha1 bundling 17:07:18 there's the door.. 17:07:58 I mean the base64 they are decoding will also be coming over the network 17:08:16 but we do already have a blank exception for sha1 implementations 17:08:17 As will all of the HTTP protocol they are decoding manually ;) 17:08:23 Rathann: yeh 17:08:24 should we drop it? 17:08:38 I don't see why 17:08:42 eh 17:08:49 ok then 17:09:21 I guess we should add a blank exception for base64 as well, until that glibc bug gets resolved 17:09:30 so … forever then? 17:09:33 hehe 17:10:27 So I think we are at: +5 for everything but sha1 17:10:39 Is that everyone here today? 17:10:58 Ahh, tomspur: vote? 17:11:34 meh, +1 to everything 17:11:59 but ask that they use sha1 from openssl if possible 17:12:11 What exactly are the changes of nghttp2? 17:12:18 Yeh 17:12:35 tomspur: I think it's this bi: http://git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/lib/ssl-http2.c#n111 17:12:41 A needinfo with a diff would be nice, but I'm leaning towards +0.5 17:12:53 *bit 17:14:52 I don't find any of those functions at https://github.com/tatsuhiro-t/nghttp2/ 17:15:27 :( 17:16:16 Seems small and looks fine. But I kind of hesitate to vote on no diff... :/ 17:17:11 Yeh, I figure that is more copy pasta than actual bundling 17:19:14 +0 sorry... :/ 17:19:18 I agree that a diff for those nghttp2 code fragments against upstream would be nice 17:19:48 #action Bundling of base64/random SSL setup bits. (+1:5, 0:1, -1:0) 17:20:04 #action Bundling of "custom" sha1 implementation. (+1:3, 0:1, -1:2) … just link to the openssl functions, as you have build options for it. 17:21:11 #topic #538 Bundling exception for htmlunit-core-js 17:21:12 .fpc 538 17:21:12 https://fedorahosted.org/fpc/ticket/538 17:21:14 geppetto: #538 (Bundling exception for htmlunit-core-js) – fpc - https://fedorahosted.org/fpc/ticket/538 17:21:22 OK, sorry. 17:22:20 Thius seems confusing 17:22:33 geppetto: please also mention that they should ask nghttp2 upstream to make those apis public so that lws doesn't have to bundle 17:22:33 How important is htmlunit? 17:23:14 I couldn't begin to tell you. 17:23:21 Rathann: AIUI it's not actual APIs but more a chunk of code calling openssl APIs in a specific order 17:23:30 hm 17:23:32 ok 17:24:12 Yeh, I'm not sure if we should encourage 538 to work on getting newer rhino packages he can use 17:24:18 why the changes aren't upstreamable? 17:24:21 Or just be "whatever, drop it then" 17:24:59 As I understand things, rhino is simply a javascript interpreter. Yet another one. 17:25:12 it doesn't seem like a lot of changes 17:25:12 This one written in Java, of course. 17:25:16 of course 17:25:35 Last rhino release was 2015-04-15. 17:26:04 Also, htmlunit-core-js is already in the distro. 17:26:23 Our rhino package is from 2012. 17:26:28 ugh 17:26:34 that doesn't seem useful 17:26:48 It's maintained by some of the core Java people so they probably have a reason. 17:27:01 maybe 17:27:18 it's possible they solved a problem with it and it's now being ignored 17:27:31 Now, at least this is a real github fork, so github tracks exactly far they've diverged. 17:28:13 But rhino is large, security sensitive and actively developed. 17:28:39 They only differ by 45 commits. 17:28:42 I don't see any bug filed against rhino in Fedore requesting an update 17:29:11 so... why don't they ask for a rhino update instead of bundling exception? 17:29:20 This is one of those really dumb situations. 17:29:42 The fork probably shouldn't exist at all, but that's not my call. 17:30:29 yeh 17:30:30 One of the things we request is statements from upstream about why the forks exist, and even though gil says that he provided comprehensive information, I don't see anything about that. 17:31:08 I assume he meant that he provided urls to diffs 17:31:38 but also not sure if english is his first language 17:31:51 ofc. I might have just insulted him there 17:32:33 -1 from me for now 17:32:41 yeh, def. -1 17:33:01 So rhino has been pulling at least some things from htmlunit, according to their release notes. 17:33:03 no reason for forking is given 17:33:07 -1 also 17:33:13 -1 this just doesn't make sense. 17:33:46 If someone can point to an essential feature that has been blocked by rhino then I'd reconsider. Otherwise fedora really just needs to update the rhino package. 17:34:41 #action Bundling exception for htmlunit-core-js (+1:0, 0:0, -1:4) 17:34:48 Oh, there's a newer rhino release from eight days ago. 17:34:51 #action Work with the rhino package in Fedora to get it updated. 17:35:15 #action Answer the questions in the bundling exception process about why you can't merge the diffs. into upstream rhino. 17:35:28 tibbs: in testing? 17:35:36 No, I mean released by upstream. 17:35:41 ahh 17:36:28 Our package was last touched about a year ago. 17:36:47 #info rhink is really big, actively maintained and security sensitive. At best you'll get permission to ship a forked copy. 17:37:02 #undo 17:37:02 Removing item from minutes: INFO by geppetto at 17:36:47 : rhink is really big, actively maintained and security sensitive. At best you'll get permission to ship a forked copy. 17:37:06 #info rhino is really big, actively maintained and security sensitive. At best you'll get permission to ship a forked copy. 17:37:22 #topic Open Floor 17:37:54 Ok, anything anyone wants to talk about? 17:38:03 I need to write something up about the distinction between applications and modules/libraries. 17:38:05 no bug was ever filed to update rhino 17:38:06 547 is really new 17:38:26 and something I've personally hit 17:38:32 No diff in the draft, ugh. 17:38:37 which I think is really stupid 17:38:54 I'm here... and tried to clean that up regarding diff 17:38:57 but I can kind of see the "but it can change" POV. 17:39:22 .fpc 547 17:39:23 gholms: #547 (SourceURL addition/clarification - Git Hosting Services) – fpc - https://fedorahosted.org/fpc/ticket/547 17:39:39 I think there's way too much here. 17:40:07 for the change or to discuss at once? 17:40:08 I think I'd rather leave it until next week 17:40:34 Esp. for the people talking on the ML to see/read it 17:40:37 yes, I didn't intend for it to be a discussion item this week... i just put it out early to give time folks to review 17:41:02 it's been discussed on the mailing list since Sunday 17:41:03 I am suspicious of this bit though "I have discovered that this does not apply to commit hash or Git Tag generated archives" 17:41:27 yeh, I've been reading the ML … just didn't want to step in yet. Esp. as I think I'm biased 17:41:28 @geppetto... I tested it...read the link, it spells it out 17:41:57 I would honestly suggest that someone put together a utility that just handles this kind of thing. 17:42:00 I'd heard that github specifically does break that though … it's just that they cache the result for some amount of time 17:42:12 It's unfortunate that we don't have one. 17:42:23 tibbs: you mean like sha1tardata ? 17:42:37 Keep your spec in a specified format, utility pulls the tag you want and gives you a tarball and updates your spec. 17:42:57 where it gives the sha1sum of just the data in the tarfile (so perms/etc. can change without affecting it) 17:43:13 Sorry, my comment was kin of lagged. 17:43:16