(10:02:36 AM) jjohansen: cboltz, rlee287, georgiag, mbelair, sarnold, sbeattie, iskunk, anyone else interesteed: meeting time
(10:02:59 AM) ***cboltz hides
(10:03:28 AM) jjohansen: I need to keep the meeting as short as possible, so we are going to punt on most topics until the February meeting.
(10:03:32 AM) rlee287: Hello
(10:04:41 AM) jjohansen: So a quick update on releases:
(10:04:41 AM) jjohansen: 4.1 is stuck in beta hell. -beta3 is bad, we will cut a beta4 as soon as we have patches that address its issues
(10:05:24 AM) jjohansen: 4.0, 3.x, 2.13: releases will be looked at in turn after the next 4.1-beta
(10:05:57 AM) roddhjav [~roddhjavm@2001:470:1af1:101::7b2e] entered the room.
(10:05:58 AM) roddhjav: felctfucndrgjtbltitnvkchdndftdhu
(10:06:03 AM) cboltz: I guess that includes looking at possibly backporting patches you picked into the 4.1 branch?
(10:06:19 AM) cboltz: roddhjav: you shouldn't post your password ;-)
(10:07:06 AM) roddhjav: sorry, keyboard issue, my password are more complex than this...
(10:08:22 AM) jjohansen: cboltz: yeah, still have a few patches to pick into 4.1 too
(10:08:36 AM) jjohansen: like the fix for flake8 ...
(10:09:08 AM) jjohansen: release plans are to get 4.1 out asap, that is looking more and more like early february
(10:09:19 AM) jjohansen: and then get a first 5.0 alpha1 out
(10:09:40 AM) jjohansen: and stable releases of the rest of the supported series
(10:09:48 AM) jjohansen: support for 4.0 will drop soon
(10:10:19 AM) jjohansen: soon is not well defined, feedback on that is welcome
(10:11:09 AM) cboltz: depends if 4.1 arrives fast enough to get it into Leap 16 ;-)
(10:11:10 AM) jjohansen: 5.0 for the next major release as we plan on having more larger policy changes
(10:11:39 AM) jjohansen: cboltz: I recognize that, and all the more reason to get 4.1 out the door asap
(10:12:05 AM) jjohansen: does anyone have anything they would like to bring up today?
(10:12:21 AM) cboltz: Can we please finally merge aa-notify support for lastlog2? I'm not against a future, possibly better, implementation - but _having an implementation_ is better than being broken on Tumbleweed ;-)
(10:15:27 AM) jjohansen: ughhh, cboltz I really do not like the current approach. But if you really want to merge it, I uhmmm, I uhhhh, well I might not loudly object
(10:16:12 AM) cboltz: ok :-)
(10:16:19 AM) roddhjav: It is a bit out of topic for today, but does anyone know if an AppArmor play machine similar to Coker's SELinux play machine (https://doc.coker.com.au/computers/se-linux-play-machine/) has ever existed?
(10:17:58 AM) jjohansen: roddhjav: the closest I am aware of is when apparmor was used in some ctf competitions
(10:18:15 AM) jjohansen: so no
(10:19:34 AM) roddhjav: Ok, I am thinking of making one as a demo of apparmor.d.
(10:20:24 AM) jjohansen: It is something that would be interesting, so many interesting things to do ...
(10:21:57 AM) jjohansen: do we have anythng else?
(10:22:12 AM) cboltz: who will be at FOSDEM?
(10:24:40 AM) roddhjav: cboltznot this year for me
(10:25:49 AM) jjohansen: not /me either
(10:26:01 AM) rlee287: cboltz: Thoughts on minimum Python version for AppArmor utils? The utils currently use some Python 3.7 library features and the question arises as to whether we want to polyfill e.g. datetime.datetime.fromisoformat for systems with Python older than 3.7
(10:26:20 AM) jjohansen: maybe something for the container dev room next year
(10:26:27 AM) rlee287: Asking this one as something you (cboltz) might be willing to look at, and punting on the other items I had listed for the agenda today
(10:26:56 AM) rlee287: (context being we had previously tentatively settled on Python 3.5 as the minimum)
(10:28:29 AM) cboltz: for new feature releases, I don't think we need to keep python 3.5 since it's EOL since quite a while
(10:29:05 AM) cboltz: the main "problem" is that we should keep compability in the maintenance branches
(10:30:43 AM) rlee287: Well, Python 3.9 is the oldest non-EOL official release, but some systems like OpenSUSE Leap use Python 3.6
(10:31:21 AM) cboltz: right, but 15.6 also ships a newer python (IIRC 3.11) which we can use
(10:31:49 AM) cboltz: and Leap 16 will for sure include a newer python
(10:32:41 AM) jjohansen: we need to support older releases, how old? At least 5 years, maybe more
(10:34:35 AM) jjohansen: that is current new apparmor should be compatible with a distro release that is supported, LTS type release on the ubuntu side are 5 years
(10:35:06 AM) jjohansen: at least for free support ...
(10:35:32 AM) jjohansen: so its not just feature wise for backporting fixes, but that is important too
(10:37:19 AM) jjohansen: I suppose the other option is rewrite some of the tooling to be not in python like was done for aa-status
(10:37:57 AM) cboltz: it's not a serious problem to write "old" python
(10:38:17 AM) cboltz: we "just" need an old python in the CI so that too-new constructs get flagged early
(10:38:49 AM) rlee287: The reason I'm bringing it up as a topic is because one of the bigger issues I found last time I looked was datetime.datetime.fromisoformat (Python 3.7)
(10:39:00 AM) jjohansen: right, just clarifying if it is a problem, the option is to rework some of the base tools, but not genprof/logprof
(10:39:14 AM) rlee287: Which would mean either reimplementing it or doing a polyfill
(10:39:25 AM) rlee287: jjohansen: sure, understood
(10:40:05 AM) rlee287: And if we decide on having polyfills then that would also be a way to resolve the cgitb removal
(10:46:06 AM) cboltz: I didn't check the options I listed in https://gitlab.com/apparmor/apparmor/-/issues/447 in detail, so - do you know if some of them work with an older python?
(10:46:58 AM) rlee287: I haven't had a chance to look at those yet, so I don't know
(10:49:07 AM) cboltz: whatever the result is - in worst case, we could fall back to cgitb for older python versions
(10:49:55 AM) rlee287: That would make sense then, to use cgitb for older Pythons and to use one of the replacements you linked for the newer ones
(10:50:42 AM) rlee287: Still leaves unresolved what to do with datetime.datetime.fromisoformat, though it's been long enough that I no longer remember which part of the utils was using this
(10:57:58 AM) cboltz: maybe you considered it as an alternative way for the just-merged !1282 ?
(10:58:23 AM) cboltz: (assuming you know a way to let lastlog2 print iso dates)
(10:58:44 AM) rlee287: Possibly
(10:58:57 AM) cboltz: speaking about this MR - jjohansen, how loud would you cry if I pick it into 4.1? ;-)
(10:59:17 AM) cboltz: (the alternative would be to carry it as a patch in Leap 16)
(10:59:29 AM) rlee287: Though the way I looked at this last time was by running the test suites on a system with an older Python and examining the ImportErrors, etc. for things that looked like they were added by later Pythons
(11:00:09 AM) jjohansen: cboltz: that is asking a lot, I get it can be considered a bug fix
(11:00:50 AM) jjohansen: I suppose if you support it ...
(11:02:21 AM) cboltz: well, I need it, so... ;-)
(11:02:41 AM) cboltz: (also, supporting it upstream is easier than carrying a patch)
(11:07:19 AM) jjohansen: okay anything else to discuss
(11:07:38 AM) cboltz: I'll read the above as "no objections" ;-)
(11:08:32 AM) rlee287: I don't have anything else to bring up
(11:09:54 AM) jjohansen: okay, so I can't do the 2nd week in Feb, so I propose the next meeting be the 3rd week on Feb 18
(11:10:42 AM) cboltz: I'll have a video meeting in parallel on that day, but shouldn't be a real problem
(11:10:52 AM) rlee287: In that case would it be possible to delay the start of the Feb 18 meeting by 15 minutes?
(11:11:23 AM) jjohansen: yes hat is possible
(11:11:46 AM) rlee287: Then I have no objections to the Feb 18 shift
(11:13:05 AM) jjohansen: alright next meeting Feb 18, @18:15 utc
(11:13:17 AM) jjohansen: meeting adjourned
(11:13:17 AM) jjohansen: thanks everyone
Comments
Please register or sign in to add a comment.