21:00:48 <tdawson> #startmeeting EPEL (2020-05-15)
21:00:48 <zodbot> Meeting started Fri May 15 21:00:48 2020 UTC.
21:00:48 <zodbot> This meeting is logged and archived in a public location.
21:00:48 <zodbot> The chair is tdawson. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:00:48 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
21:00:48 <zodbot> The meeting name has been set to 'epel_(2020-05-15)'
21:00:49 <tdawson> #meetingname epel
21:00:49 <zodbot> The meeting name has been set to 'epel'
21:00:51 <tdawson> #chair nirik tdawson bstinson Evolution pgreco carlwgeorge
21:00:51 <zodbot> Current chairs: Evolution bstinson carlwgeorge nirik pgreco tdawson
21:00:52 <tdawson> #topic aloha
21:00:54 <tdawson> #info Meeting is run from https://board.net/p/epel
21:01:16 * nirik waves
21:01:28 <tdawson> Hi nirik
21:01:47 <bstinson> hey all
21:01:54 <tdawson> Hi bstinson
21:01:56 <pgreco> hi hi, sorry I'm a bit late :)
21:02:03 <carlwgeorge> howdy y'all
21:02:22 <tdawson> Hi pgreco and carlwgeorge
21:03:17 * tdawson waits two more minutes for anyone else to show up.
21:05:22 <tdawson> #topic Old Business
21:05:23 <tdawson> #info What to do with epl8-playground, postponed until next week - 2020-05-22
21:05:37 <tdawson> I guess the title says it all
21:05:51 <tdawson> #info Retire zstd from epel8/epel8-playground - Done
21:05:53 <tdawson> .ticket 9442
21:06:01 <zodbot> tdawson: An error has occurred and has been logged. Please contact this bot's administrator for more information.
21:06:14 <tdawson> https://pagure.io/releng/issue/9442
21:06:27 <tdawson> I wanted to say thank you to those who did this.
21:06:37 <tdawson> I also wondered if the other packages were removed as well.
21:07:48 <tdawson> I think there were 6 packages that were now in RHEL8.2
21:08:06 <nirik> probibly need to check and file bugz on it. ;(
21:08:17 <tdawson> But, I believe zstd was the only one where the EPEL version was higher than the RHEL version.
21:10:19 <tdawson> Looks like, as of last week, it was dwarves lmdb perl-Convert-ASN1 perl-LDAP python-psutil python3-pyxattr pyxattr whois zstd
21:10:31 <carlwgeorge> python-psutil was also higher than the rhel version
21:11:36 <tdawson> Yep
21:11:52 <tdawson> And pyxattr was the exact same version.
21:12:03 <smooge> is here now
21:12:07 <tdawson> I guess zstd got all the attention, because everyone has to have it.
21:12:09 <tdawson> Hi smooge
21:12:09 <nirik> it might be worth trying to see where the internal process is not right around this. At one point when adding packages they were supposed to check for epel ones, etc
21:12:48 <tdawson> I believe for this list, they were in EPEL to begin with, and then RHEL 8.2 the packages were added.
21:13:01 <carlwgeorge> pyxattr was newer too, 0.7.1 in epel before being retired, vs 0.5.3 in rhel 8.2
21:14:08 <carlwgeorge> psutil was actually added in 8.1 and no one noticed
21:14:10 <tdawson> Ohh ... that's right. But it had a different name in EPEL, it's source was python3-pyxattr.
21:14:23 <nirik> yeah, but it seems very haphazard if bugs are filed or versions / upgrade path is checked
21:15:22 <carlwgeorge> lmdb was also an 8.1 addition
21:16:04 <tdawson> So, looks like we've missed this for a little bit.
21:17:41 <nirik> huh, I don't see the rhel lbdb
21:17:52 <carlwgeorge> only lmdb-libs is shipped
21:18:44 <nirik> of course.
21:18:47 * nirik sighs
21:19:05 <carlwgeorge> fun fact, pyxattr should have never been shipped, it's been in rhel8 from the beginning
21:20:19 <nirik> huh, whats the source package there?
21:20:33 <tdawson> But python3-pyxattr wasn't there at the begining
21:20:57 <nirik> there's no epel8 branch for pyxattr
21:21:18 <tdawson> EPEL8 branch is python3-pyxattr
21:21:24 <carlwgeorge> rhel: source pyxattr, python3-pyxattr subpackage
21:21:33 <carlwgeorge> epel: both python3-pyxattr
21:23:02 <nirik> yeah, that one is already blocked in epel8
21:23:45 <carlwgeorge> it went down here https://bugzilla.redhat.com/show_bug.cgi?id=1818713
21:26:27 <tdawson> OK, so that's two that were properly retired.
21:26:51 <tdawson> Anyone want to take the rest of the list?
21:27:56 <tdawson> OK, I'll take the list and make sure bugs and issues are filed for the retirement of them.
21:28:45 <tdawson> OK, I'll take the list and make sure bugs and issues are filed for the retirement of them.
21:29:24 <tdawson> #assign tdawson will follow up on the duplicate packages in EPEL8 / RHEL8
21:29:36 <tdawson> Moving on.
21:29:44 <tdawson> #info EPEL-6 is End of Life in 2020-11. It will be moved to archives in 2020-12
21:29:45 <tdawson> #info THIS IS NOT A DRILL.
21:29:51 <tdawson> #topic EPEL-7
21:29:58 <carlwgeorge> i already filed bugs for the rest of them last week
21:30:29 <tdawson> #info carlwgeorge already filed bugs for the duplicate packages.
21:30:33 <tdawson> carlwgeorge ++
21:30:35 <nirik> cool. thanks carlwgeorge
21:30:58 <tdawson> I'd give you a cookie if I could. :)
21:31:14 <carlwgeorge> it's the thought that counts i guess? :D
21:31:37 <tdawson> Any EPEL7 issues or things to discuss?
21:31:42 <carlwgeorge> i've got an epel7 thing. oniguruma has lots of outstanding cves, and i've proposed an incompatible upgrade on the mailing list.
21:31:48 <carlwgeorge> https://bugzilla.redhat.com/show_bug.cgi?id=1777660
21:33:04 <nirik> sounds good.
21:33:20 <pgreco> not much of a choice, imo
21:33:48 <pgreco> I mean, we don't want open cves
21:34:08 <nirik> there's just over 1000 cves in new or assigned on Fedora EPEL components.
21:34:18 <nirik> 1018
21:34:20 <tdawson> Youch
21:34:21 <smooge> ssssh
21:34:34 <smooge> you aren't allowed to break a board member so quickly
21:34:56 <carlwgeorge> selfishly i actually want that to ship php74 in ius, but the cves also matter of course
21:35:02 <smooge> he needs to gaze into the horror of Bugzilla and have it stare back into him
21:35:28 * tdawson wakes up in a daze ...
21:35:40 <tdawson> huhh ... what ... sure ... carlwgeorge ... go for it.
21:36:18 <pgreco> carlwgeorge: just make sure it builds on armhfp ;)
21:36:19 <carlwgeorge> according to the process page, after a week on the list we can vote on it here, so just a heads up for now
21:36:33 <nirik> perhaps we could try and poke the top ones when we have time. (whenever that is)
21:36:43 <nirik> 41 podofo
21:36:43 <nirik> 37 xpdf
21:36:43 <nirik> 33 asterisk
21:36:43 <nirik> 27 matio
21:36:43 <nirik> 26 nodejs
21:37:12 * smooge saw jamielinux orphaned a lot of nodejs so I think that is going to get cleaned out
21:37:22 <nirik> oh wait, thats not right
21:37:42 <tdawson> carlwgeorge: OK, I've put it on next weeks agenda.
21:37:50 <nirik> thats total bugs.
21:38:08 <nirik> CVES: 37 xpdf 26 nodejs 26 matio 26 LibRaw 25 hdf5
21:39:13 <tdawson> nirik: Do we know of the breakdown by with EPEL? Or is that all of them together?
21:39:15 <pgreco> nirik, is that in general? or epel* versions?
21:39:23 <nirik> thats all.
21:40:26 <nirik> all packages, all active epel versions
21:40:58 <carlwgeorge> i'm curious, where are you pulling that from?
21:41:10 <nirik> just playing with bugzilla command line... :)
21:41:21 <nirik> bugzilla query -p "Fedora EPEL" -s NEW,ASSIGNED -t CVE --outputformat "%{component}" | sort | uniq -c | sort -nr | less
21:42:06 <pgreco> hehe, the sequence " sort | uniq -c | sort -nr" is too damn useful... :)
21:42:06 <carlwgeorge> neat
21:43:21 <nirik> I guess that could be sort -unr ? anyhow...
21:43:38 <nirik> fine to move on, my brain is already on the weekend
21:43:49 <tdawson> OK
21:43:55 <carlwgeorge> one thing to note is that some bugs have more than one cve on them, so that's a bug count, not cve count
21:43:55 <tdawson> #topic EPEL-8
21:44:34 <tdawson> Any new EPEL8 things?
21:44:39 <nirik> true.
21:45:39 <carlwgeorge> rhel 8 ships non-modular haproxy 1.8, and the maintainer declined to ship a 2.0 module. i'm considering if i want to wade into those waters.
21:45:51 <carlwgeorge> as an epel8 module that is
21:46:13 <tdawson> Well, we've opened the gate for that.
21:46:30 <tdawson> I know someone else wants to do a module for cmake
21:46:43 <carlwgeorge> at a minimum i'll need to be a co-maintainer on the fedora package, correct?
21:47:04 <nirik> yep.
21:47:26 <nirik> you could also do a non modular haproxy2 or something (but that could be tricky in other ways)
21:47:46 <carlwgeorge> that may be a fight, i haven't been able to get prs merged for that
21:47:59 <smooge> .whoowns xpdf
21:48:00 <zodbot> smooge: �owner: �spot
21:48:24 <carlwgeorge> yeah, definitely not interested in messing with a parallel package, i do enough of that elsewhere
21:48:37 <nirik> fair
21:49:08 <tdawson> Anything else for EPEL8?
21:49:42 <tdawson> #topic General Issues / Open Floor
21:51:01 <tdawson> Anything before nirik completely succombs to the weekend?
21:51:34 <nirik> b-rrrr--aaaaaa--innnssss
21:51:50 <pgreco> mmm, not here, I need my weekend now!
21:52:00 <tdawson> OK, thanks everyone for coming.
21:52:06 <tdawson> We'll talk to you next week.
21:52:16 <nirik> thanks tdawson
21:52:19 <tdawson> #endmeeting