#fedora-meeting log

17:00:21 <decathorpe> #startmeeting Stewardship SIG Meeting (2019-04-17)
17:00:21 <zodbot> Meeting started Wed Apr 17 17:00:21 2019 UTC.
17:00:21 <zodbot> This meeting is logged and archived in a public location.
17:00:21 <zodbot> The chair is decathorpe. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:21 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:21 <zodbot> The meeting name has been set to 'stewardship_sig_meeting_(2019-04-17)'
17:00:30 <decathorpe> #meetingname stewardship-sig
17:00:30 <zodbot> The meeting name has been set to 'stewardship-sig'
17:00:36 <decathorpe> #chair mhroncok
17:00:36 <zodbot> Current chairs: decathorpe mhroncok
17:00:43 <mhroncok> hey
17:01:24 <mizdebsk> .hello2
17:01:25 <zodbot> mizdebsk: mizdebsk 'Mikolaj Izdebski' <mizdebsk@redhat.com>
17:01:39 <mhroncok> mizdebsk: hey. thanks for coming!
17:01:41 <decathorpe> hey, glad you could make it!
17:02:11 * nirik waves. Somewhat here, but also trying to catch up on things after a full morning of meetings.
17:02:41 <decathorpe> no pressure ;)
17:03:18 <decathorpe> should we start? anybody who shows up "late" should be able to catch up
17:03:46 <mhroncok> also, I don't think more people were planning to attend today
17:03:55 <decathorpe> right
17:04:29 <decathorpe> #topic Review package build status
17:04:38 <decathorpe> #link https://apps.fedoraproject.org/koschei/groups/stewardship-sig?
17:04:47 <mhroncok> I see aqute-bnd, gradle and maven
17:04:56 * mizdebsk looks
17:05:28 <decathorpe> maven has been broken since December
17:05:38 <mhroncok> I don't really know what aqute-bnd is, but gradle FTBFsing blocks other things, like dropping checkstyle and CVEs of sorts
17:05:58 <mizdebsk> aqute-bnd and maven have fixes available
17:06:08 <decathorpe> I think all missing build dependencies have been restored at least
17:06:17 <mizdebsk> fixing gradle requires developing a patch, see my comment in bugzilla
17:06:43 <mizdebsk> patch for aqute-bnd: https://src.fedoraproject.org/fork/mbi/rpms/aqute-bnd/c/9dc6e1b
17:06:46 <decathorpe> mizdebsk: so aqute-bnd and maven have patches in your arbitrarily-named branches?
17:06:48 <mhroncok> I've seen it, but I have no capacity of doing that
17:07:09 <mizdebsk> patch for maven: https://src.fedoraproject.org/fork/mbi/rpms/maven/c/512a4dd
17:07:19 <mizdebsk> decathorpe, no, they are in forks in dist-git, not merged yet
17:07:30 <decathorpe> I see, thanks
17:07:53 <decathorpe> #link https://src.fedoraproject.org/fork/mbi/rpms/aqute-bnd/c/9dc6e1b aqute-bnd patch
17:08:01 <decathorpe> #link https://src.fedoraproject.org/fork/mbi/rpms/maven/c/512a4dd maven patch
17:08:15 <mhroncok> https://src.fedoraproject.org/rpms/aqute-bnd/pull-request/1
17:08:20 <decathorpe> I should have some time over the Easter holidays to check this
17:09:12 <mhroncok> https://src.fedoraproject.org/rpms/maven/pull-request/1
17:09:15 <mhroncok> untested
17:09:59 <mhroncok> simple-koji-ci might not even srpm, due to undefined macros in java packages (not required by redhat-rpm-config)
17:10:29 <mizdebsk> java srpms should not be using any custom macros
17:10:48 <mizdebsk> building binary rpms does, but these macros are pulled by BuildRequires
17:11:48 <mhroncok> oh, it was prep that didn't work
17:12:00 <mhroncok> sorry about that
17:12:29 <decathorpe> well, at least now we have something to work with
17:13:07 <decathorpe> the other issue: non-64bit builds for some packages are broken on f30+
17:13:15 <decathorpe> because eclipse dropped 32bit arch support
17:13:45 <mhroncok> I suppose we should just do the same
17:14:20 * mhroncok would only solve FTBFS bugz when it blocks other things, such as CVE fixes
17:15:01 <decathorpe> I'm not sure that's a good idea since it will cause a huge cascade of packages which will have to drop 32bit versions
17:15:59 <mizdebsk> not that many packages require eclipse; most of java packages are noarch and should continue to work on 32-bit arches
17:16:16 <mizdebsk> those that do require eclipse can be patched to use alternative components instead
17:16:27 <mizdebsk> (osgi api, jpa api etc.)
17:16:30 <decathorpe> yes, most things that broke were due to osgi components
17:16:33 <mhroncok> I'm not sure we have the capacity to do so
17:16:34 <decathorpe> and jpa
17:17:00 <decathorpe> how did you solve this for your modules?
17:17:06 <mhroncok> I mean, I'm happy to backport upstream commits, but I forgot all Java years ago
17:17:17 <mizdebsk> my modules don't have any dependency on eclipse
17:17:36 <mizdebsk> several packages have "%bcond_without eclipse" that can be toggled to disable features that depend on eclipse
17:17:58 <mhroncok> #action mhroncok to grep sig packages for eclipse bcond
17:18:03 <mhroncok> that's easy at least
17:18:40 <mhroncok> decathorpe: let's go trough bzs?
17:18:52 <decathorpe> just a sec
17:19:04 <decathorpe> I added x86_64 arch overrides to koschei for the following packages:
17:19:21 <decathorpe> avalon-framework, avalon-logkit, log4j, xbean
17:19:28 <decathorpe> but there are probably more that are affected
17:20:01 <mhroncok> what does an x86_64 arch override do in koschei?
17:20:30 <decathorpe> it makes sure noarch packages don't hit i686 builders AFAICT
17:20:51 <mizdebsk> mhroncok, scratch builds will be done on x86_64 builders only
17:20:59 <mizdebsk> you can provide more than one arch, separeted by space
17:21:15 <mizdebsk> or you can exclude arches - build on all arches except some
17:21:38 <mizdebsk> decathorpe, due to koji bug builds can be still ran in i686 chroots
17:21:52 <mizdebsk> https://pagure.io/koji/issue/789
17:22:02 <decathorpe> okay 😂️
17:22:06 <decathorpe> well, at least I tried
17:22:12 <decathorpe> moving on?
17:22:28 <mhroncok> yes
17:22:39 <decathorpe> #topic Review Open RHBZ issues
17:22:53 <decathorpe> #link https://bugzilla.redhat.com/buglist.cgi?email1=stewardship-sig%40lists.fedoraproject.org&emailassigned_to1=1&emailcc1=1&emailtype1=substring&list_id=10107571&product=Fedora&query_format=advanced
17:23:28 <mhroncok> so... all CVEs are handled for now, thanks to mizdebsk I guess. except gradle, becasue that's blocked by the FTBFS
17:23:33 <decathorpe> yes
17:23:41 <decathorpe> I'd say that we ignore new version bugs for now, unless they fix other issues as well
17:23:45 <mizdebsk> gradle can be fixed by using a buildroot override
17:24:09 <mizdebsk> add an older build to override and submit a build fixing cve
17:24:10 <mhroncok> mizdebsk: you mean by rebuilding it with older gradle?
17:24:17 <mizdebsk> yes
17:24:28 <decathorpe> interesting 🤔️
17:24:38 <mhroncok> wow, I got that idea, but I considered it cheeting
17:24:39 <mhroncok> :D
17:24:43 <decathorpe> do buildroot overrides work in rawhide?
17:24:49 <mhroncok> do I just tag it, or can I use bodhi for rawhide?
17:25:00 <mizdebsk> just tag a build to f31
17:25:04 <mizdebsk> that works as override
17:25:11 <mhroncok> magic
17:25:13 <mizdebsk> f31-pending*
17:25:17 <mhroncok> ok, can do
17:25:21 <mizdebsk> (autosign will move it to f31)
17:25:39 <mhroncok> #action mhroncok to chaat grdle FTBFS to fix the CVE and remove checkstyle dependency
17:25:44 <mhroncok> #undo
17:25:44 <zodbot> Removing item from minutes: ACTION by mhroncok at 17:25:39 : mhroncok to chaat grdle FTBFS to fix the CVE and remove checkstyle dependency
17:26:09 <mhroncok> #action mhroncok to cheat gradle FTBFS to fix the CVE and remove checkstyle dependency by tagging older version of gradle to build new gradle
17:26:20 <decathorpe> with that I think there are no more CVEs left?
17:26:28 <mhroncok> yes
17:26:32 <decathorpe> perfect
17:26:39 <mhroncok> decathorpe: should we set priority: low to the version bumps?
17:26:50 <decathorpe> yeah, I can do that later
17:27:10 <decathorpe> #action decathorpe will set priority for version updates to "low"
17:27:29 <decathorpe> any other noteworthy bugs?
17:27:42 <mizdebsk> that bz query may not include all bugs
17:27:57 <decathorpe> I know, only those the SIG is either CCd or assigned
17:27:59 <mizdebsk> the script that syncs pagure owners to bugzilla is broken
17:28:17 <mizdebsk> i've re-assigned some bugs to the sig, but others may remain assigned to wrong people
17:28:30 <decathorpe> I don't know enough BugZilla voodoo to query all our packages
17:28:39 <decathorpe> and xmlrpc is horrible
17:28:50 <mizdebsk> i can provide a query for you
17:29:10 <decathorpe> 🙇️ that would be appreciated
17:29:18 <mizdebsk> basically, query for components matching regex
17:29:37 <mhroncok> oh
17:30:02 <mhroncok> decathorpe: I've set the priority, had it open in browser before I read your action item
17:30:06 <mizdebsk> i think i can actually include the query in koschei
17:30:17 <decathorpe> well
17:30:20 <mizdebsk> koschei could have a link to bugzilla query for given package group
17:30:23 <decathorpe> #undo
17:30:23 <zodbot> Removing item from minutes: ACTION by decathorpe at 17:27:10 : decathorpe will set priority for version updates to "low"
17:30:27 <decathorpe> ;)
17:31:03 <decathorpe> any other bugs we should talk about?
17:31:19 * mhroncok doesn't know any
17:31:53 <decathorpe> alright, lets move on then?
17:32:58 <mhroncok> sure
17:33:01 <decathorpe> #topic Review Open Pull Requests
17:33:03 <decathorpe> #link https://decathorpe.fedorapeople.org/stewardship-sig-prs.html
17:34:11 <decathorpe> I merged some minor version updates already, but only where we were sure nothing would break
17:35:14 <decathorpe> also, I was thinking we could try to reduce the number of our packages by giving them to the people who already submit PRs?
17:35:54 <mhroncok> decathorpe: I've tried to ask everybody who sent a PR
17:35:56 <mhroncok> no luck so far
17:36:08 <decathorpe> yeah, me too
17:36:17 <decathorpe> I'll continue to try ;)
17:36:19 * mhroncok goes outside with the laptop, the wifi should be there, but will check
17:37:42 <mizdebsk> do you need any feedback from me regarding these PRs?
17:38:08 <decathorpe> it'd be interesting to know if any version updates are expected to cause issues or not
17:38:42 <decathorpe> but that's probably hard to tell
17:38:58 <mizdebsk> out of these PRs only maven-plugin-tools will break other packages
17:39:14 <mizdebsk> (i'm talking about issues that can't be trivially patched)
17:39:28 <mizdebsk> some of these updates must happen together, like maven-archiver and plexus-archiver
17:39:41 <decathorpe> ok, can I quote you on that? ;)
17:40:16 <mizdebsk> well, you can check my koschei instance where i merged most of them and there was no breakage
17:40:19 <mizdebsk> except for maven-plugin-tools
17:40:39 <decathorpe> that's good to know
17:40:57 <mizdebsk> https://koschei.kjnet.xyz/ - this is where all packages from mbi forks are integrated together
17:41:18 <decathorpe> oooh nice
17:41:30 <decathorpe> whoops, guess the WiFi didn't work outside
17:41:41 <decathorpe> #info maven-plugin-tools update will cause non-trivial issues
17:42:03 <decathorpe> #info maven-archiver and plexus-archiver PRs need to be coordinated
17:42:10 <mizdebsk> google-guice should be updated together with maven 3.6.x
17:42:17 * mhroncok is back, that didn't work
17:42:30 <decathorpe> #info google-guide and maven 3.6.x PRs need to be coordinated
17:43:09 <decathorpe> okay, that's really valuable (and actionable) information. thanks!
17:43:28 <mizdebsk> i don't see any PR for maven 3.6, but it's been updated in mbi fork
17:43:38 <decathorpe> I thought so
17:43:47 <mhroncok> https://src.fedoraproject.org/rpms/maven/pull-request/1
17:44:21 <mizdebsk> ah right, but that one dependns on a few other updates, hence the failure due to missing deps
17:44:52 <mhroncok> sure. it was a blind shot
17:45:14 <mizdebsk> maven FTBFS can be fixed by applying the topmost commit "Update to Mockito 2"
17:45:54 <decathorpe> good to know
17:45:55 <mizdebsk> which basically removes a patch that causes it to fail to compile
17:46:22 <decathorpe> any other things about those PRs we need to talk about? I'd like to move on, time is moving faster than I thought it would
17:46:47 * mizdebsk has nothing
17:47:45 <decathorpe> #topic Review SIG leaf packages
17:47:58 <decathorpe> #link https://decathorpe.fedorapeople.org/stewardship-sig.html
17:48:13 <decathorpe> (you'll need to scroll down past the table and the dependency ranking)
17:48:27 <decathorpe> (TODO: I need to add some html anchors to that page)
17:48:58 <decathorpe> basically, no other packages from our group depend on these 5 packages right now:
17:49:14 <decathorpe> apache-commons-discovery, json_simple, nodejs-array-union, nodejs-arrify, nodejs-set-immediate-shim
17:50:27 <decathorpe> my thoughts were: I'll regularly ask packagers who need these packages to take them from us
17:50:42 <decathorpe> (so we can reduce our package set bit by bit, hopefully)
17:53:35 <mhroncok> what happens if we just orphan them?
17:53:55 <decathorpe> we have the same problem we had before we took them
17:54:12 <decathorpe> I think addressing owners of dependent packages is more likely to help
17:54:50 <mhroncok> we should at least try
17:55:20 <decathorpe> I don't mind sending a few e-mails every 2 weeks or so ...
17:55:39 <mizdebsk> note that many maintainers of java packages are de facto unresponsive
17:56:10 <decathorpe> right - but there are also other packages that depend on this stuff
17:56:11 <mizdebsk> i would even say that majority of java packages have de facto unresponsive maintainers
17:56:28 <decathorpe> (which is a sad state of affairs, I agree)
17:56:53 <mizdebsk> sure, i'm just saying
17:57:03 <decathorpe> well, we can try at least
17:57:38 * mhroncok will have to leave in couple minutes
17:57:50 <decathorpe> I'd say let's discuss the future meeting schedule in a ticket on pagure
17:57:57 <decathorpe> and end the meeting here, unless there's something else
17:58:02 <mhroncok> better to include those who didn't make it
17:58:34 <decathorpe> right. this week was sub-optimal, I know
17:59:04 <decathorpe> #topic Meeting Schedule
17:59:16 <mhroncok> decathorpe: thanks for organizing this
17:59:17 <decathorpe> #action to be discussed in a ticket in pagure
17:59:19 <mhroncok> decathorpe++
17:59:20 <zodbot> mhroncok: Karma for decathorpe changed to 4 (for the current release cycle):  https://badges.fedoraproject.org/tags/cookie/any
17:59:25 <mhroncok> mizdebsk: thanks for your help
17:59:26 <decathorpe> sure :)
17:59:30 <mhroncok> mizdebsk++
17:59:32 <mhroncok> bye
17:59:35 <decathorpe> right, thanks a lot, mizdebsk
17:59:37 <mizdebsk> thanks to you too
17:59:40 <decathorpe> bye!
18:00:03 <decathorpe> right, lets close this meeting then
18:00:30 <decathorpe> #endmeeting