20:00:15 <tdawson> #startmeeting EPEL (2022-04-13) 20:00:15 <zodbot> Meeting started Wed Apr 13 20:00:15 2022 UTC. 20:00:15 <zodbot> This meeting is logged and archived in a public location. 20:00:15 <zodbot> The chair is tdawson. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 20:00:15 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:00:15 <zodbot> The meeting name has been set to 'epel_(2022-04-13)' 20:00:16 <tdawson> #meetingname epel 20:00:16 <tdawson> #chair nirik tdawson pgreco carlwgeorge salimma dcavalca 20:00:16 <tdawson> #topic aloha 20:00:16 <zodbot> The meeting name has been set to 'epel' 20:00:16 <zodbot> Current chairs: carlwgeorge dcavalca nirik pgreco salimma tdawson 20:00:20 <rsc> .hello robert 20:00:21 <zodbot> rsc: robert 'Robert Scheck' <redhat@linuxnetz.de> 20:00:21 <carlwgeorge> .hi 20:00:22 <pgreco> .hi 20:00:25 <zodbot> carlwgeorge: carlwgeorge 'Carl George' <carl@redhat.com> 20:00:28 <zodbot> pgreco: pgreco 'Pablo Sebastian Greco' <pablo@fliagreco.com.ar> 20:00:46 <tdawson> Hi SSmoogen 20:00:49 <tdawson> Hi rsc 20:00:52 <tdawson> Hi carlwgeorge 20:00:57 <tdawson> Hi pgreco 20:01:48 <pgreco> hey, I'm back physically, mentally not so much 20:02:07 <tdawson> Well, it's always good to have you physically here. 20:03:25 <salimma> .hi 20:03:26 <zodbot> salimma: salimma 'Michel Alexandre Salim' <michel@michel-slm.name> 20:03:32 <tdawson> Hi salimma 20:03:39 <salimma> howdy all 20:04:40 <SSmoogen> hello-p 20:05:05 <nirik> morning 20:05:09 <tdawson> SSmoogen: I already said hi to you 20:05:10 <tdawson> :) 20:05:17 <tdawson> #topic EPEL Issues https://pagure.io/epel/issues 20:05:17 <tdawson> https://pagure.io/epel/issues?tags=meeting&status=Open 20:05:38 <tdawson> The only thing there is the CVE's, and we still have a couple weeks before that comes around ... 20:05:52 <tdawson> #topic Old Business 20:06:10 <tdawson> ImageMagic CVE's - 20:06:10 <tdawson> - we got 82 reported on bugzilla 20:06:10 <tdawson> https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=ImageMagick&list_id=12543908&product=Fedora%20EPEL&query_format=advanced 20:06:48 <tdawson> Oh ... I forgot to get the email link, does anyone have that handy? 20:06:48 <salimma> whew, that's a lot 20:06:59 <nirik> it's often that way with it. ;( 20:07:51 <SSmoogen> its magick if it doesn't have CVE's 20:08:19 <tdawson> *laughs* 20:08:24 <nirik> I did an update to it in fedora years ago and it was 100's of cves 20:09:01 <nirik> anyhow, I guess we should let it update. 20:09:12 <carlwgeorge> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/CY7W5INN46INTBEGNXTAJVWWIPBWIJD2/ 20:09:22 <SSmoogen> honestly it is a package that I would say should have the policy that if there is an update it MUST be done in EPEL no matter what the rebuilds needed 20:09:25 <tdawson> Thanks carlwgeorge 20:09:39 <carlwgeorge> actually, let me do it right for the minutes 20:09:46 <carlwgeorge> #link https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/CY7W5INN46INTBEGNXTAJVWWIPBWIJD2/ 20:10:28 <salimma> should this be documented? I agree that having a list of packages where we recommend 'always stick to the RH version' would be useful 20:10:45 <tdawson> Oh ... no wonder I couldn't find it, I was in the wrong archives. 20:11:02 <nirik> this work should be done in a side tag. 20:11:26 <carlwgeorge> the maintainer set one up, but didn't go through the normal incompat upgrade process 20:11:48 <nirik> ah, ok. 20:12:03 <tdawson> They've been waiting for us. 20:13:01 <tdawson> Well, they sent the email, carlwgeorge told them to stop. let us know what cve's there were and wait until they heard from us. But they didn't give the CVE's until last friday. 20:13:17 <tdawson> Anyway, I'm +1 for letting them proceed. 20:13:27 <carlwgeorge> i'm fine with waiving the full week due to the number of cves 20:13:41 <salimma> yeah, same 20:13:52 <carlwgeorge> i just want people to start following the process, mainly the epel-announce emails 20:13:53 <SSmoogen> +1 20:14:12 <nirik> +1, hopefully everything can be rebuit nicely. 20:15:02 <tdawson> What do we mean "waiving the full week"? it's been on the email list for over two weeks. 20:15:26 <carlwgeorge> thankfully i only see 4 packages that buildrequire it 20:15:55 <salimma> slightly OT, epel-announce is moderated right? who has access to approve posts 20:16:26 <carlwgeorge> tdawson: the way the policy is written, it should be open for discussion with the list of cves for a week on epel-devel 20:16:48 <tdawson> carlwgeorge: Ahh ... ok. It hasn't been a week since they gave the CVE's. 20:17:07 <carlwgeorge> yeah that's the part i'm talking about waiving 20:17:20 * nirik does 20:17:26 <tdawson> OK. I'm fine with that. 20:17:50 <carlwgeorge> no one else raised concerns in the two weeks it was mentioned on the list, despite the lack of cve details 20:17:58 <SSmoogen> I am all for waiving it. Most imagemagick CVE's end up in the 8-9 category 20:18:20 <SSmoogen> I didn't raise concerns for that reason. 20:18:41 <SSmoogen> I probably should have said 'Please for the sake of the children.. do it' 20:18:47 <tdawson> Yep. imagemagick is on the top 10 packages I don't want to ever maintain. 20:19:17 <tdawson> Do we have any negative votes? 20:19:41 <pgreco> I'm a bit out of the loop, so I'll defer to you guys 20:20:36 <carlwgeorge> if the maintainer does the builds in a side tag, how do they follow the steps related to bodhi updates? 20:21:02 <nirik> which steps? 20:21:14 <carlwgeorge> https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/#process_for_incompatible_upgrades 20:21:24 <carlwgeorge> steps 5, 6, and 7 20:21:28 <tdawson> #info Incompatable Upgrade of ImageMagick passed; For: 5 Against: 0 Non-Vote: 1 20:21:45 <nirik> yes, they should do that... 20:21:48 <tdawson> I think step 6 was written back when we had 2 weeks bodhi time for epel 20:21:59 <carlwgeorge> yeah it was 20:22:01 <nirik> yeah, true 20:22:11 <tdawson> But I agree that they shouldn't "karma it out" 20:22:46 <carlwgeorge> what i'm asking is, with side tags aren't the builds merged without bodhi updates? i'm not really familiar with how side tags work in practice. 20:23:08 <salimma> no, you cut an update as normal but select a side tag as the source 20:23:10 <tdawson> No, the side-tags all get put onto one update ... don't they? 20:23:10 <carlwgeorge> or is that just merging into the buildroot, and the bodhi updates are a separate thing to get them into the repos? 20:23:24 <nirik> no 20:23:32 <salimma> what's "fun" is that you can have two side tags with overlapping packages and not get warned, while with individual package updates the updates will get merged 20:23:36 <nirik> it makes an update with all of them 20:23:58 <salimma> sidetags are separate repos, when you cut an update all the packages get queued up like a normal multi-package update 20:24:05 <salimma> but without having to use buildroot override 20:24:08 <nirik> do all work/builds in side tag, make update from side tag (will contain all builds), etc 20:24:41 <carlwgeorge> ok so there's no conflict with side tags and the steps related to bodhi, good 20:24:53 <nirik> salimma: sometimes they will get merged, it depends. ;( There's a bunch of corner cases. 20:25:31 <nirik> like if the existing update is in a push and locked. Or the existing update has foo and bar in it and you are only adding an update for foo. 20:25:37 <salimma> yeah... there's a split second warning saying there's a conflicting update, that I wish require more confirmation before proceeding 20:25:38 <carlwgeorge> i understood side tags from the build system perspective, but not with what came next to publish 20:25:52 <tdawson> Are we ok moving on? 20:25:57 <carlwgeorge> yup 20:26:14 <carlwgeorge> tdawson are you going to reply on list with approval or should i? 20:26:20 <salimma> but anyway, that's a digression. yeah, we're good 20:26:23 <nirik> IMHO bodhi should reject new updates when there's an update for that package already in progress... but shrug. 20:26:28 <tdawson> So, all the other old business got approved last week, but I just want to note that the documentation still haven't been update. 20:26:33 <nirik> yeah, sorry to digress. 20:26:48 <tdawson> carlwgeorge: You can do it, as long as you don't take your usuall email time. :) 20:27:12 <carlwgeorge> hehe, will reply today 20:27:23 <tdawson> carlwgeorge: OK, sounds good. Then I'll let you do it. 20:28:01 <tdawson> That's all I have for old business ... amazing enough. 20:28:13 <tdawson> #topic EPEL-7 20:28:13 <tdawson> CentOS 7 will go EOL on 2024-06-30 20:28:55 <nirik> oh, I have one epel7 thing: 20:28:57 <tdawson> carlwgeorge: is the hwinfo thing resolve for epel7? 20:29:22 <tdawson> nirik Go for it 20:29:49 <carlwgeorge> tdawson: yes 20:30:03 <tdawson> carlwgeorge: awesome. Thank you 20:30:11 <nirik> ansible (the 2.9.x 'classic' version) goes EOL in may 2022. I'll retire the epel7 (and epel8) ones after that... 20:30:32 <nirik> ( see https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html ) 20:30:52 <tdawson> #info ansible (the 2.9.x 'classic' version) goes EOL in may 2022. nirik will retire the epel7 (and epel8) ones after that 20:31:03 <tdawson> #link https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html 20:32:19 <tdawson> nirik I seem to remember you sending an email about that ... but I'm not seeing it in my epel list. Was I imaging things or can I just not find it. 20:33:03 <nirik> I thought I did a while back too... but I can send another. 20:33:16 * nirik adds to todo list 20:33:57 <tdawson> Well, I couldn't find the ImageMagick mail either ... so it's possible you did and I just can't find it. 20:34:04 <tdawson> Anything else for EPEL7? 20:34:40 <tdawson> #topic EPEL-8 20:34:41 <tdawson> CentOS Stream 8 goes EOL in 2024-05-31 20:34:50 <nirik> (same ansible note) 20:35:07 * SSmoogen plays sad trombon 20:35:08 <salimma> I'm wondering if anyone has context about why openldap-servers is not shipped 20:35:11 <nirik> although at least el8 will get ansible-core in 8.6 20:35:41 <SSmoogen> salimma, 1) there was a replacement 2) it was a support headache because it wasn't the primary tool people focused on 20:35:42 <salimma> in c8s it's built but the -servers subpackage is not shipped, in c9s it's turned into a conditional (defaulting off) and someone has openldap-epel 20:35:58 <salimma> SSmoogen: gotcha, thanks 20:36:25 <salimma> wait, what's the replacement? maybe I could nudge work people to switch to it 20:36:30 <SSmoogen> 389DS 20:36:42 <tdawson> Ohh ... that's what that is. 20:36:46 <SSmoogen> and if you are going to say that isn't a replacement 20:36:48 <salimma> ah of course 20:37:02 <salimma> yeah, Red Hat acquired that project right? been a while 20:37:11 <SSmoogen> 2003? 20:37:11 <nirik> so very long ago 20:37:23 <tdawson> My mind keeps thinking 389DS is a fancy nintendo handheld. 20:37:37 <SSmoogen> I keep thinking of it as an offbrand 386-DX 20:37:42 <carlwgeorge> salimma: https://bugzilla.redhat.com/show_bug.cgi?id=2030665 20:37:47 <salimma> haha 20:37:57 <salimma> huh, I wonder where the source is on Fedora - https://src.fedoraproject.org/modules/389-ds/tree/master is dead 20:38:02 <salimma> but yeah, moving on 20:38:14 <tdawson> #topic EPEL-9 20:38:20 <SSmoogen> like those franken chips they would sell in magazines that said 'put this CPU in your board and you will have a 386 on your 286 motherboard' 20:38:49 <salimma> oh https://src.fedoraproject.org/rpms/389-ds-base 20:39:05 <salimma> SSmoogen: that's probably the 387 DX (and 487 DX) :) 20:39:45 <tdawson> Anything for epel9? 20:39:53 <carlwgeorge> speaking of 389, that is one of the module maintainers that wants epel9 modules. but looking at the epel8 modules, the three current streams have basically identical packages in them. 20:40:34 <salimma> seems like you wouldn't want to maintain multiple versions of 389ds anyway 20:40:57 <carlwgeorge> their streams are stable, next, and testing 20:41:28 <salimma> IIRC a similar package came up last week and we reckon COPR is a good fit? 20:41:58 <carlwgeorge> i think that was my suggestion, for the same topic (using modularity to offer testing packages) 20:42:26 * salimma just quoted Carl back to himself 20:42:35 <tdawson> :) 20:42:47 <tdawson> Sounds like we don't have any epel9 ... 20:42:58 <tdawson> #topic General Issues / Open Floor 20:43:23 <carlwgeorge> i missed these during old business.. 20:43:36 <carlwgeorge> #link https://pagure.io/epel/pull-request/168 20:43:48 <carlwgeorge> #link https://pagure.io/epel/pull-request/169 20:44:23 <tdawson> Huh ... I wonder why I didn't see the stalled request pull request. 20:44:35 <carlwgeorge> we voted last week on 169 (it passed), just looking for approval and merging of the pr 20:44:45 <nirik> 168 seems good to me. 20:45:17 <nirik> 169 seems fine. 20:45:31 <salimma> +1 to both 20:45:34 <tdawson> 169 looks good, and it's seems so simiple I shouldn't need to verify it .... 20:45:36 <nirik> Are we going to have a exception request for drbd-whatever? 20:45:41 <salimma> about to do the needinfo ping for https://bugzilla.redhat.com/show_bug.cgi?id=2067485 as a matter of fact 20:45:41 <dherrera> I'm ok with both (hi) 20:46:12 <carlwgeorge> nirik: once the policy is merged i plan to reach out to the drbd maintainer and ask them what they want to do 20:46:30 <nirik> sounds good. 20:46:31 <tdawson> carlwgeorge: Both seem good. 20:46:34 <nirik> hi dherrera 20:47:15 <carlwgeorge> i usually avoid merging my own prs but if these look good i'll merge them now 20:47:30 <salimma> I can hit merge for you if that makes you feel better :) 20:47:35 <carlwgeorge> already doing it 20:48:40 <tdawson> carlwgeorge: Thanks for getting those written up. 20:48:41 <carlwgeorge> we did the formal vote on the stalled one, do we want to do a vote on the dependecies one? 20:49:07 <tdawson> I thought we already did 20:49:33 <tdawson> Last week I thought we all said that if you make the one change that nirik said, then everyone liked it. 20:49:42 <carlwgeorge> works for me 20:49:48 <salimma> it looks like basically what we agreed on, but if it helps, +1 20:50:02 <tdawson> +1 20:50:31 <carlwgeorge> if we # info it, i'll link that for posterity 20:52:12 <tdawson> #info https://pagure.io/epel/pull-request/168 is approved. It was approved last week, on the condition that one change was made. That change was made, and it has been approved again this week. For: 5 Against: 0 20:52:24 <carlwgeorge> thanks tdawson 20:52:57 <tdawson> I forgot to put 2 non-votes ... but, that's ok. 20:53:23 <pgreco> my +1 was gonna be late ;) 20:53:33 <tdawson> Ahh ... there it is. :) 20:53:40 <carlwgeorge> thanks SSmoogen for being the bearer of bad news and saying no in the epel9 modular request issue 20:53:53 <SSmoogen> no problem 20:54:09 <carlwgeorge> which reminds me, i still owe yall a summary of the email responses from the module maintainers in the issue, just for transparency 20:54:43 <carlwgeorge> how open do we want to leave that door for the future? i know we said we want people to step up and maintain it, but they would basically have to be in releng to do that, right? 20:55:16 * carlwgeorge is not arguing in favor of it, just want to be prepared if asked 20:56:37 <nirik> I guess... 20:57:20 <tdawson> Anything else? We might actually end on time this week. 20:58:33 <tdawson> Well, thank you all for comming, and the good discussion this week. And thank ya'll for all your work in the EPEL community. 20:58:41 <tdawson> Talk to ya next week. 20:58:48 <tdawson> #endmeeting