15:59:59 <djmitche> #startmeeting weekly
15:59:59 <bb-supy> Meeting started Tue Oct  9 15:59:59 2018 UTC and is due to finish in 60 minutes.  The chair is djmitche. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:59:59 <bb-supy> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:59:59 <bb-supy> The meeting name has been set to 'weekly'
16:00:07 <djmitche> aww, missed by 1 second
16:00:11 <djmitche> #topic Introductions
16:00:16 <tardyp> hi!
16:00:21 <djmitche> http://bit.ly/2rup31x
16:00:33 <djmitche> Time limit is 30 minutes, and anyone is welcome to jump in
16:00:39 <djmitche> #nick tardyp
16:00:44 <djmitche> who else is joining us?
16:01:24 <djmitche> #topic Week in Review
16:01:29 <djmitche> tardyp, what's new?
16:02:05 <tardyp> looking for summary email..
16:02:07 <tardyp> file not found
16:02:44 <tardyp> I was planning to release this week. As this is $begofmonth
16:03:08 <tardyp> release note shows a few fixes and a few features
16:03:09 <djmitche> huh, I got the email, although gmail told me it really wanted to put it in spam
16:03:23 <djmitche> #info New release coming, as it's the beginning of October
16:03:31 <tardyp> there is a regression that worries me https://github.com/buildbot/buildbot/issues/4316
16:03:58 <tardyp> I was hoping to get a patch from p12tic in time, but it didn't happen
16:04:41 <djmitche> hm, that does look bad
16:05:15 <djmitche> #info need to address regression in https://github.com/buildbot/buildbot/issues/4316 for release
16:06:11 <djmitche> anything else?
16:06:14 <tardyp> I think I'll just revert, as this is 'just' for submodule
16:06:44 <djmitche> ++
16:06:50 <tardyp> I think this is it
16:06:54 <djmitche> #topic randomatic vulnerability
16:06:55 <djmitche> https://nvd.nist.gov/vuln/detail/CVE-2017-16028
16:07:14 <djmitche> Is that something that can be easily updated?
16:08:25 <tardyp> why this CVE is relevent to us?
16:08:32 <djmitche> it's used in a few JS libs
16:08:47 <djmitche> base and console_view
16:09:26 <tardyp> react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
16:09:36 <tardyp> is this the right CVE?
16:09:42 <djmitche> yeah, that confuses me too
16:09:47 <djmitche> https://www.npmjs.com/advisories/157
16:09:49 <djmitche> is a better link
16:10:27 <tardyp> ah ok.
16:10:45 <tardyp> well, nodejs is used for the build of coffeescript
16:11:00 <tardyp> I think we really don't care of cryptographic random for that
16:11:03 <djmitche> ok
16:11:13 <djmitche> sounds good :)
16:11:38 <tardyp> basically I mostly just ignore those alerts from github
16:11:40 <djmitche> #agreed not using it for cryptographic purposes, so no big deal
16:11:41 <djmitche> ok
16:11:48 <tardyp> they have all been false positive for us
16:11:50 <djmitche> #topic Removal of coffeescript
16:11:51 <djmitche> yeah
16:11:57 <tardyp> I mean I look at it, but eventually ignore
16:11:59 <djmitche> I think this topic is a holdover from previous meeting?
16:12:19 <tardyp> right. we need to have people interrested in this topic.
16:12:30 <tardyp> I think we need to keep it as an open discussion
16:12:38 <djmitche> ok
16:12:50 <djmitche> is there a discussion going on somewhere?
16:13:46 <tardyp> I guess in the meeting logs.
16:14:11 <djmitche> ok
16:14:18 <tardyp> and https://github.com/buildbot/buildbot/issues/3804
16:14:18 <djmitche> should we keep it on the agenda?/
16:14:40 <tardyp> well maybe not
16:15:30 <djmitche> ok :)
16:15:31 <djmitche> #topic Hardware Repair
16:16:03 <djmitche> So I checked in with Amar
16:16:04 <djmitche> #info drives are removed from vm1 but not yet put into service1. He has emailed them today
16:16:22 <djmitche> Still not real ETA for having service1 back up
16:16:51 <djmitche> #topic Expert Twisted update
16:17:02 <djmitche> #info Our final draft went in a few weeks ago
16:17:07 <tardyp> \o/
16:17:10 <djmitche> I got an email asking for address for royalties (?!)
16:17:24 <djmitche> I assume we'll get to see a proof before it goes to press, but I think we're basically done otherwise
16:17:46 <tardyp> I though this was a fixes $300 per author
16:17:57 <djmitche> oh, I had totally forgotten
16:18:01 <djmitche> you're right
16:18:26 <djmitche> anything else we should discuss?
16:18:56 <tardyp> nope
16:19:16 <djmitche> awesome
16:19:23 * djmitche closes up then
16:19:31 <djmitche> #endmeeting