15:01:10 <decathorpe> #startmeeting Stewardship SIG Meeting (2019-08-06)
15:01:10 <zodbot> Meeting started Tue Aug  6 15:01:10 2019 UTC.
15:01:10 <zodbot> This meeting is logged and archived in a public location.
15:01:10 <zodbot> The chair is decathorpe. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:10 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:01:10 <zodbot> The meeting name has been set to 'stewardship_sig_meeting_(2019-08-06)'
15:01:15 <decathorpe> #meetingname stewardship-sig
15:01:15 <zodbot> The meeting name has been set to 'stewardship-sig'
15:01:23 <decathorpe> hey guys :)
15:13:32 <cipherboy> \o
15:13:44 <cipherboy> decathorpe:  Did I miss the pagure issue or was that not sent out with the email yesterday?
15:14:07 <cipherboy> decathorpe:  Ah never mind, found it.
15:14:24 <decathorpe> hi!
15:14:27 <decathorpe> #chair cipherboy
15:14:27 <zodbot> Current chairs: cipherboy decathorpe
15:14:47 <decathorpe> sorry, I was pretty busy, I created the pagure ticket only a short time ago
15:15:32 <cipherboy> decathorpe:  Not a problem. I'll try to spend some time today reviewing the open PRs.
15:15:37 <decathorpe> #link https://pagure.io/stewardship-sig/issue/44 Agenda
15:16:08 <decathorpe> that would be great! they should be fine, as I did test rebuilds for all of them
15:16:09 <cipherboy> decathorpe: I think the one I want to deal with that's not there yet is jackson-databind. There's been a few CVEs against it, so I *hope* rebasing to the newest upstream release will address that.
15:16:45 <decathorpe> oof okay that one is still orphaned
15:16:54 <cipherboy> jackson-databind is?
15:16:58 <decathorpe> yes
15:17:02 <cipherboy> I thought we previously claimed it a while back.
15:17:12 <decathorpe> nope
15:17:13 <decathorpe> https://src.fedoraproject.org/rpms/jackson-databind
15:17:51 <cipherboy> decathorpe:  So what's the difference between jackson and jackson-databind?
15:18:27 <decathorpe> looks like databind is an extension of jackson
15:18:34 <cipherboy> Yeah, looks like it.
15:18:58 <cipherboy> I was confused, jackson mentions "data binding" so it sounded like jackson package might include core jackson + jackson-databind, but I guess not.
15:19:00 <sillebille> hello! \o
15:19:00 <decathorpe> also, it's on the list of orphans we depend on. so we'll probably pick it up soon
15:19:08 <decathorpe> hi! :)
15:19:25 <cipherboy> decathorpe: Yeah, we (RHCS) maintain/depend on it in RHEL, so we should pick it up in Fedora as well.
15:19:31 <decathorpe> #chair sillebille
15:19:31 <zodbot> Current chairs: cipherboy decathorpe sillebille
15:19:49 <sillebille> I apologize for being been sloppy for past couple of meetings. I have reserved some cycles to get into SIG work this month.
15:20:16 <decathorpe> no problem, I'm glad for any help I get :)
15:20:51 <decathorpe> cipherboy: do you see any other packages on the "orphans list" that you know we will need anyway?
15:21:10 <decathorpe> we can request ownership of these right away and don't have to wait for further cleanups
15:22:10 <cipherboy> decathorpe:  Give me a sec to pull up the doc, I had a list at one point..
15:23:13 <sillebille> cipherboy, is this the list that you were looking for? https://paste.fedoraproject.org/paste/7X70X4D3D~uTW-qQvF6LVA
15:23:47 <cipherboy> decathorpe:  Not sure this is the right list, but I have jackson-databind, glassfish-fastinfoset, glassfish-jaxb, istack-commons, jackson, javassist, jboss-annotations-1.2-api, jboss-logging, slf4j, xalan-j2, and xsom?
15:24:19 <decathorpe> ok, we akready have some of these, but some are missing
15:24:33 <cipherboy> Right, I need to intersect that with our packages already.
15:25:37 <decathorpe> can you comment on this ticket once you have the list? it's where we're tracking which orphans we need to adopt.
15:25:39 <decathorpe> https://pagure.io/stewardship-sig/issue/40
15:25:45 <cipherboy> decathorpe:  Sure, will do.
15:25:50 <decathorpe> thanks!
15:26:11 <cipherboy> decathorpe:  I think I had wanted to see if jboss-annotations-1.2-api and jboss-logging could be dropped, but I haven't had time to look into that yet.
15:26:21 <cipherboy> I think I decided it wasn't an easy conditional flag in the spec file, but.
15:26:55 <decathorpe> yeah not every optional feature is already switchable with a spec flag
15:28:28 <cipherboy> Agreed.
15:28:34 <cipherboy> I'll take a look at that sometime.
15:29:02 <decathorpe> 👍
15:29:18 * cipherboy files tickets so I remember to look at it
15:29:58 <decathorpe> that's my strategy as well ;)
15:30:37 <decathorpe> with everything that's going on, it's hard to keep on top of things as it is
15:30:48 <cipherboy> decathorpe:  Agreed.
15:31:34 <decathorpe> also I don't know how productive the next few days will be for me, since I'm at flock till Sunday
15:32:07 <cipherboy> Cool! Good luck on your presentation!
15:33:16 <decathorpe> thanks :) I hope it'll be interesting
15:34:26 <decathorpe> ah, there's one topic I wanted to bring up as well.
15:35:30 <decathorpe> #link https://pagure.io/releng/issue/8522  F30: Retire FTBFS packages on 2019-08-06
15:36:23 <decathorpe> this will probably happen in a few days, or after flock
15:36:45 <decathorpe> so just a heads-up that some Java packages might start to FTBFS because of this
15:37:10 <cipherboy> Are any of our packages besides potentially gradle affected by it?
15:37:11 <decathorpe> once we know which packages we need, we can start to un-retiring them
15:37:24 <decathorpe> I don't know ... that's the thing
15:37:30 <cipherboy> :D
15:38:37 <decathorpe> it's not really easy to tell which packages are affected
15:39:26 <cipherboy> Yeah, gradle is the only obvious one.
15:39:26 <decathorpe> so my thoughts were ... let's see which things break and fix them afterwards.
15:39:31 <cipherboy> heh, works for me.
15:39:41 <cipherboy> Will this cause the packages to get removed from F30?
15:40:13 <decathorpe> no, they will only get removed from rawhide and what will become f31, since it should happen before the branch point
15:40:38 <cipherboy> Good, so nothing stable will be affected.
15:40:43 <decathorpe> yes
15:40:59 <decathorpe> my goal was that we should keep things working as best as we can in F31
15:41:07 <decathorpe> and start to really mess with things for F32 ;)
15:41:32 <cipherboy> I should update CI to start testing on the newer images when they're available so we'll catch failures sooner too.
15:41:51 <cipherboy> jss builds on rawhide, but I don't think we do pki-core images. sillebille could correct me if I'm wrong though.
15:42:16 <decathorpe> you can also look at koschei, it tells you which packages have missing dependencies or fail to build
15:42:17 <sillebille> we do with pki-core
15:42:23 <sillebille> and it passes.
15:42:29 <cipherboy> sillebille: \o/ cool
15:42:48 <sillebille> https://travis-ci.org/dogtagpki/pki/builds/568172768
15:42:53 <decathorpe> cipherboy: you know about this page right? https://apps.fedoraproject.org/koschei/user/cipherboy
15:43:10 <cipherboy> decathorpe: Yeah, I think I signed up to get notifications, but I get so many that they all get filtered :?
15:43:22 <decathorpe> oof
15:43:26 <cipherboy> decathorpe: I need to unfilter some :D
15:43:33 <decathorpe> yeah notifications really are a firehose
15:43:46 <sillebille> hmmm. pki-core fails started to fail in rawhide, recently. ugh. I'll take a look in a while...
15:43:48 <decathorpe> but right now everything's green
15:44:15 <cipherboy> decathorpe: Yeah. \o/
15:45:30 <decathorpe> I hope that after all the non-responsive maintainer processes I went through we can make sure the remaining Java stack will be in better shape
15:45:53 <cipherboy> I just worry we'll be stuck with most all of the stack.
15:46:32 <decathorpe> well ... I'm still hoping that Modularity will be abandoned ;)
15:46:46 <decathorpe> and people maintaining the modules will take their old packages back
15:47:26 <cipherboy> I keep wondering what will happen if modularity gets abandoned in Fedora (or, defacto abandoned)... RHEL will have to support it at least through RHEL 8...
15:47:36 <decathorpe> yeh
15:47:37 <decathorpe> I know
15:47:46 <decathorpe> it's all a huge mess
15:48:01 * cipherboy wonders what will happen if he asks for a few ursine versions of modular packages...
15:48:21 <decathorpe> you can always ask. which packages are you thinking of?
15:49:26 <cipherboy> Well, the obvious one would be the rest of the Java ones (maven, ant, and javapackages-tools). I think we have most of the dependencies we care about though, so the difference should be minimal.
15:50:03 <decathorpe> we basically maintain "ursine" branches of these three already
15:50:11 <cipherboy> decathorpe: What really annoys me is that we spend time maintaining usrine versions of some of these and they only get used in the BUILDROOT since the default module stream wins.
15:50:34 <decathorpe> yeah that's an obvious design flaw in my opinion
15:50:45 <decathorpe> (which is why I disable modular repos on all my systems)
15:51:04 <cipherboy> Oh! I can disable just the modular repos?
15:51:07 <decathorpe> yep
15:51:16 <cipherboy> \o/ cool, I'll have to look at that and see what breaks.
15:51:41 <decathorpe> this way I also wasn't affected by the libgit2 mess
15:51:51 <cipherboy> Hm, I never saw that.
15:52:09 <cipherboy> I guess I am on f30 anyways.
15:52:21 <decathorpe> yeah, that's where the problem was
15:53:37 <decathorpe> but to come back to an earlier point: the goal of most of the package updates I've been working on is to try to keep rawhide and Java modules from diverging too far (which will only lead to issues)
15:54:07 <cipherboy> Yeah, it'd be nice if we could automatically pull in updates from the java module streams.
15:54:34 <cipherboy> pull in == open a PR, sorry.
15:54:57 <decathorpe> it won't be that easy since there's stuff specific to modularity happening there, but backporting the major changes is pretty straightforward
15:55:41 <cipherboy> decathorpe:  The other thing we're missing is a .spec file rountripper. Something to let us programatically change them in a little safer way than sed.
15:56:07 <decathorpe> ugh don't get me started
15:56:16 <decathorpe> programmatically modifying .spec files is a nightmare
15:56:17 <cipherboy> :D
15:56:38 <cipherboy> What do you think of something like https://packit.dev/ ?
15:56:50 <cipherboy> It feels like we'd need to push those to the upstream though to take advantage of it.
15:56:59 <decathorpe> yes
15:57:09 <decathorpe> my thoughts are: interesting, but not what we really need
15:57:39 <decathorpe> (I've been trying to work on something in my spare time, but got sidetracked with Stewardship stuff)
15:57:43 <cipherboy> And we really want to do as little upstream work as we can. We don't really have the resources to do more than file issues I guess.
15:57:55 <decathorpe> absolutely :(
15:58:01 <cipherboy> :/
15:58:21 <decathorpe> which is why I'm trying to reduce our package set every way I possibly can
15:58:50 <decathorpe> so we can focus the little resources we have on the stuff we really need
15:59:38 <cipherboy> Yeah agreed. And thanks for all your work :)
15:59:59 <decathorpe> heh. thanks for your help :)
16:00:08 <cipherboy> That's all I really have. I'll check out the open PRs now and see what I can approve.
16:00:23 <decathorpe> awesome
16:00:32 <decathorpe> do you want a list of PRs with successful test rebuilds?
16:00:32 <sillebille> 1 question before we break:  can't we just steal stuff from the stream branches
16:00:46 <decathorpe> sillebille: we can, and I've started to do exactly that
16:01:00 <cipherboy> sillebille:  See about 30 messages ago, but the answer is "we can, just not in an automated fashion"
16:01:12 <decathorpe> exactly
16:01:13 <sillebille> so, we just rebase f30, f29 and master to <stream branch>
16:01:34 <decathorpe> I'd stick to branched and rawhide for now
16:01:56 <decathorpe> everything else would be risky
16:01:59 <sillebille> i think I worked on a script to automatically do builds. I have the design somewhere in my local but I hadn't had the chance to implement the design
16:02:03 <cipherboy> decathorpe: So with a lot of these, I see you're reordering the spec file. Is this for your later automation?
16:02:31 <sillebille> automatically == minimize the manual effort. Not complete automation.
16:02:51 <sillebille> I can share the design with the SIG once I get consultation from cipherboy ;)
16:02:52 <decathorpe> not really ... I'm just used to the standard formatting / style
16:03:02 <cipherboy> decathorpe: ACK
16:03:15 <cipherboy> decathorpe:  If we have a standard, makes it easier to automate though, so I'm all for it.
16:03:26 <decathorpe> cipherboy: I know, it's probably a bad habit to mix formatting changes in :(
16:03:43 <decathorpe> but I don't want to "pollute" commits with "formatted spec file" commits either
16:04:09 <cipherboy> decathorpe:  Eh, commits will get polluted either way tbh.
16:04:48 <decathorpe> right. I just try to keep my garbabe contributions low ;)
16:04:50 <cipherboy> I've had my share of 4 commit "forgot to do this, forgot to do that, this doesn't actually build, oh here we go" when it could've been a single version bump commit.
16:05:01 <decathorpe> :D sure. we've all been there
16:06:03 <decathorpe> by the way - before we close the meeting - I've started collecting some data about our packages (it's in the /data/ folder in our pagure project)
16:06:54 <sillebille> how do I acces that?
16:07:04 <decathorpe> pagure.io/stewardship-sig
16:07:26 <sillebille> oh! ~facepalm~ yeah. That! Thank you! :)
16:07:50 <decathorpe> I've collected package adoption and removal dates, upstream releases, and downstream updates.
16:07:57 <cipherboy> decathorpe:  :o wow! Cool
16:08:13 <decathorpe> that way I can generate statistics about update delays, update backlogs, etc.
16:08:38 <decathorpe> output in textual format is here: https://decathorpe.fedorapeople.org/stewardship-sig-stats.html
16:09:20 <cipherboy> decathorpe:  Cool, I'll have to take a look at that some more.
16:09:39 <decathorpe> don't look too long, it gets rather depressing
16:09:43 <cipherboy> :D
16:09:51 <sillebille> that's a quite a cool collection of info. I'd be handy
16:09:52 <sillebille> :)
16:09:59 <decathorpe> well, that's everything from my side
16:11:57 <cipherboy> decathorpe:  Thanks!
16:12:24 <decathorpe> thanks for showing up!
16:12:27 <decathorpe> #endmeeting