16:02:40 <decathorpe> #startmeeting Stewardship SIG Meeting (2020-02-18)
16:02:40 <zodbot> Meeting started Tue Feb 18 16:02:40 2020 UTC.
16:02:40 <zodbot> This meeting is logged and archived in a public location.
16:02:40 <zodbot> The chair is decathorpe. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:02:40 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:02:40 <zodbot> The meeting name has been set to 'stewardship_sig_meeting_(2020-02-18)'
16:02:53 <decathorpe> #meetingname stewardship-sig
16:02:53 <zodbot> The meeting name has been set to 'stewardship-sig'
16:03:01 <decathorpe> #topic Knock Knock
16:03:20 <sillebille> hello decathorpe \o
16:03:26 <decathorpe> hello!
16:03:29 <decathorpe> #chair sillebille
16:03:29 <zodbot> Current chairs: decathorpe sillebille
16:04:08 <cipherboy> Lurking as always
16:04:13 <cipherboy> But I need to talk in this other meeting soon.
16:04:53 <decathorpe> hi! no problem
16:04:57 <decathorpe> #chair cipherboy
16:04:57 <zodbot> Current chairs: cipherboy decathorpe sillebille
16:09:13 <decathorpe> #link https://pagure.io/stewardship-sig/issue/74 Agenda
16:09:51 <decathorpe> #topic Review Open BugZillas
16:09:57 <decathorpe> #link https://bugzilla.redhat.com/buglist.cgi?bug_status=__open__&email1=stewardship-sig%40lists.fedoraproject.org&emailassigned_to1=1&emailcc1=1&emailtype1=substring&list_id=10849360&product=Fedora&query_format=advanced
16:10:18 <decathorpe> I think the only interesting ones are the snakeyaml CVE (which we'll close as WONTFIX, IIRC), and the netty CVEs
16:10:36 <sillebille> i was working on netty yesterday
16:10:40 <sillebille> i had few queries
16:11:38 <decathorpe> yeah, I'm pretty sure I can't help with netty :(
16:12:03 <sillebille> I posted it last night on #fedora-stewardship.. So, basically I tried to modify the existing patch to work with latest rebase.. It didn't work.
16:12:11 <decathorpe> yeah I saw
16:12:28 <sillebille> I was not even able to do a `mvn package`. Probably i am missing a small piece somewhere..
16:13:11 <sillebille> No worries. But, I might need some more time to dig deeper...
16:13:20 <decathorpe> I'm wondering whether we can orphan netty.
16:13:46 <decathorpe> I mean, we can't fix it, so maybe somebody who needs it should ...
16:14:08 <decathorpe> (I'm running the repoqueries now)
16:14:15 <sillebille> PKI doesn't use netty. So, I'm ok with it
16:15:53 <sillebille> cipherboy, ^^
16:16:08 <decathorpe> good. good. let's come back to that after the queries are done.
16:16:27 <decathorpe> any other bugs worth mentioning?
16:16:42 <sillebille> slf4j-2.0.0-alpha1
16:16:54 <sillebille> Can we close this as WONTFIX? This is an alpha version
16:17:07 <decathorpe> yeah
16:17:08 <sillebille> and moreover, we just rebased (and broke) to latest stable version
16:17:18 <sillebille> *on
16:17:19 <sillebille> cool
16:17:19 <decathorpe> why broken?
16:17:31 <sillebille> i mean, the module vs ursine thing
16:17:35 <decathorpe> lol
16:17:40 <decathorpe> not our fault :)
16:17:47 <sillebille> LOL +1
16:18:44 <decathorpe> #action cipherboy will close snakeyaml CVE as WONTFIX in accordance with upstream decision
16:19:07 <decathorpe> #action sillebille will close slf4j-2.0.0-alpha1 release bug as WONTFIX since it's an alpha release
16:19:30 <decathorpe> #topic Review Open Pull Requests
16:19:39 <decathorpe> #link https://fedora-stewardship.github.io/pr-report/ Open Pull Requests
16:19:51 <decathorpe> ^ this is the new and improved site
16:21:19 <sillebille> this looks super cool! decathorpe++
16:21:48 <decathorpe> thanks! I hope to have this finished by tonight or tomorrow, so updating the various pages becomes almost automatic
16:22:10 <sillebille> that's perfect! :)
16:22:19 * cipherboy looks here.
16:22:33 <decathorpe> o/
16:22:49 <sillebille> speaking of PRs, are we good to merge Log4j PR? It seems to have ACKs?
16:22:49 <decathorpe> I didn't have time to look at your PRs yet, but I can run the test rebuilds later, if you want.
16:23:00 <cipherboy> Topics look good.
16:23:07 <decathorpe> sillebille: I think so. I'll do it later today
16:23:16 <cipherboy> decathorpe: Very nice new website!
16:23:35 <decathorpe> thanks!
16:23:41 <cipherboy> I can run COPR builds on my PRs.
16:23:54 <cipherboy> Just need to set up a Docker container again.. :)
16:24:27 <decathorpe> if you want to. otherwise I can just start the script and let it run ...
16:24:34 <cipherboy> decathorpe: Ah go for it then :)
16:24:38 <cipherboy> But I'll need to do it sometimes.
16:24:54 <decathorpe> I'm curious, what's your daily driver OS? RHEL8?
16:24:58 <cipherboy> Oh no.
16:25:04 <cipherboy> Fedora 31
16:25:16 <decathorpe> why do you need a docker container then? :)
16:25:35 * cipherboy talk again
16:25:38 * cipherboy brb
16:25:50 <decathorpe> o/
16:26:04 <decathorpe> alright ... sillebille, anything you want to say about the pending PRs?
16:26:11 <decathorpe> I'll look at them after the meeting, and run the rebuilds.
16:26:30 <sillebille> decathorpe, no. I haven't reviewed any PRs except for log4j
16:26:42 <decathorpe> good, then moving on
16:26:52 <decathorpe> #topic Review (SIG) Leaf Packages
16:27:07 <decathorpe> #link https://decathorpe.fedorapeople.org/stewardship-sig.html#sig-leaves Leaf packages
16:27:56 <decathorpe> netty is listed there, and I'm running a more comprehensive check right now, so if we don't need it, I propose we orphan it and announce on the devel list that it's outdated and insecure if anybody wants to pick it up.
16:28:12 <cipherboy> I thought we decided to keep it because it was rquired by eclipse or something.
16:29:06 <decathorpe> not as far as I can tell.
16:29:25 <decathorpe> or only indirectly, via optional deps.
16:30:54 <decathorpe> yeah I think we can drop netty. my repoquery came back green as well.
16:31:39 <sillebille> phew! That's 1 less thing to worry about
16:32:08 <cipherboy> Cool, let's do that then.
16:32:18 <decathorpe> great.
16:32:55 <decathorpe> I'll open a new "Plz Review this SIG leaf package list" ticket later.
16:33:10 <decathorpe> #topic Open Floor
16:33:58 <decathorpe> I've been working on transitioning our status pages to GitHub pages, and the scripts to generate the data and pages are almost done
16:35:21 <decathorpe> starting with March, I also won't have much time to invest into the SIG due to university :(
16:35:35 <decathorpe> that's why I wanted to streamline some processes now.
16:36:22 <sillebille> understood. Thanks for heavy lifting lot of stuff! :-)
16:38:22 <cipherboy> Yes, thank you!
16:39:15 <decathorpe> hey, I'm only doing this now so I can hand it over to somebody else once everything works ;)
16:39:33 <cipherboy> :D
16:39:42 <sillebille> :P
16:39:50 <cipherboy> Yeah, we're looking at that.
16:40:22 <decathorpe> it also looks like there's increased interest in packaging Java stuff, so maybe that will help as well.
16:40:51 <sillebille> you mean some group is interested in taking over or just contribute?
16:41:21 <decathorpe> possibly both.
16:41:33 <cipherboy> Yeah, we need to try and onboard these people into our SIG.
16:42:14 <decathorpe> it looks like the NeuroFedora people rely on a few Java packages, maybe they can help as well.
16:42:34 <decathorpe> and I still hope that we can transition this stuff back into a functioning Java SIG at some point
16:43:28 <decathorpe> alright. that's all I wanted to say for today
16:43:43 <sillebille> I have nothing else to add. :)
16:44:32 <decathorpe> next meeting will be on the second day of the next semester for me, so I can still run that one, but it would be great if we could figure out some kind of rotating chair for the meetings.
16:45:08 <cipherboy> Sure, works for me.
16:45:17 <cipherboy> Could we get cheat notes? The two of us haven't run a Fedora meeting
16:45:20 <cipherboy> :)
16:45:36 <sillebille> yeah, that'd help
16:45:47 <decathorpe> oh sure. I made a cheat sheet for myself as well :D
16:46:19 <sillebille> we use you as our cheat sheet! :D
16:46:20 <sillebille> jk
16:46:21 <decathorpe> there's some documentation for running fedora meetings, but it's hard to find and a bit old and hard to parse.
16:46:36 <decathorpe> I'll put together a meeting process document somewhere.
16:46:44 <sillebille> sounds good!
16:47:28 <decathorpe> anything else for the open floor? otherwise you'll get 10 minutes of your life back
16:48:46 <sillebille> i don't have anything else
16:49:23 <cipherboy> Nothing here.
16:49:29 <cipherboy> Thanks decathorpe!
16:49:32 <cipherboy> decathorpe++
16:49:37 <decathorpe> ah, before I forget - I'll transition stuff from our pagure.io/stewardship-sig repo into github.com/fedora-stewardship
16:49:37 <cipherboy> Why no cookies? :/
16:49:45 <cipherboy> decathorpe: And add redirects? ;-)
16:49:47 <sillebille> decathorpe++
16:50:01 <decathorpe> I already have too many cookies. zodbot won't give me any more
16:50:22 <decathorpe> can I add redirects from html pages? probably with some JS magic ...
16:50:44 <sillebille> it should. But, doing that will flag as phishing. No?
16:50:58 <decathorpe> idk
16:51:08 <decathorpe> I can figure it out ...
16:51:49 <sillebille> okie dokie
16:51:53 <decathorpe> I'll start removing stuff from the "old" repo, so we see what still needs to be transitioned over.
16:52:25 <decathorpe> alright. that's it
16:52:28 <decathorpe> see you guys :)
16:52:31 <decathorpe> #endmeeting