17:00:07 <mhayden> #startmeeting FESCO (2023-10-05) 17:00:07 <zodbot> Meeting started Thu Oct 5 17:00:07 2023 UTC. 17:00:07 <zodbot> This meeting is logged and archived in a public location. 17:00:07 <zodbot> The chair is mhayden. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 17:00:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 17:00:07 <zodbot> The meeting name has been set to 'fesco_(2023-10-05)' 17:00:11 <mhayden> #meetingname fesco 17:00:11 <zodbot> The meeting name has been set to 'fesco' 17:00:17 <mhayden> #chair nirik, decathorpe, zbyszek, sgallagh, mhroncok, dcantrell, mhayden, Conan_Kudo, Pharaoh_Atem, Son_Goku, King_InuYasha, Sir_Gallantmon, Eighth_Doctor, tstellar 17:00:17 <zodbot> Current chairs: Conan_Kudo Eighth_Doctor King_InuYasha Pharaoh_Atem Sir_Gallantmon Son_Goku dcantrell decathorpe mhayden mhroncok nirik sgallagh tstellar zbyszek 17:00:23 <mhayden> #topic init process 17:00:26 <mhayden> .hello2 17:00:27 <zodbot> mhayden: mhayden 'Major Hayden' <mhayden@redhat.com> 17:00:30 <dcantrell> .hello2 17:00:33 <Son_Goku> .hello ngompa 17:00:33 <zodbot> dcantrell: dcantrell 'David Cantrell' <dcantrell@redhat.com> 17:00:36 <zodbot> Son_Goku: ngompa 'Neal Gompa' <ngompa13@gmail.com> 17:00:46 <zbyszek> .hello2 17:00:47 <zodbot> zbyszek: zbyszek 'Zbigniew Jędrzejewski-Szmek' <zbyszek@in.waw.pl> 17:00:52 <mhayden> in other news, my phone would like us to rename this to the Fresco Meeting 🍂 17:01:04 <zbyszek> Wine? 17:01:11 <nirik> morning 17:01:24 <dcantrell> not Fresca? https://www.fresca.com/ 17:01:25 <mhayden> zbyszek: if you've got a red, i'll take it 🍷 17:01:34 <mhroncok_web> hey hey 17:01:40 <dcavalca> .hi 17:01:41 <zodbot> dcavalca: dcavalca 'Davide Cavalca' <davide@cavalca.name> 17:01:46 <mhroncok_web> .hello churchyard 17:01:47 <zodbot> mhroncok_web: churchyard 'Miro Hrončok' <mhroncok@redhat.com> 17:01:54 <mhayden> ah, it's the web version of mhroncok! 17:02:19 <dcantrell> I've heard of the web before 17:02:21 <mhroncok_web> yep. I am using web.libera.chat and I didn't want to bother with logins and things 17:02:32 <mhayden> i'm using the super minimal libera webchat doodad 17:02:35 <mhroncok_web> I forgot how to IRC 17:02:35 <mhayden> gamja? 17:02:48 <decathorpe> .hi 17:02:49 <zodbot> decathorpe: decathorpe 'Fabio Valentini' <decathorpe@gmail.com> 17:02:55 <mhayden> mhroncok_web: you and me both 🤣 17:03:12 <mhayden> i think we've got 7 if i am able to count on my fingers properly 17:03:32 <mhayden> we're so ready 17:03:34 <mhayden> let's go 17:03:49 <mhayden> #topic #3080 Retiring 5 packages without a Python 3.12 rebuild from Fedora 39+40 17:03:52 <mhayden> .fesco 3080 17:03:53 <zodbot> mhayden: Issue #3080: Retiring 5 packages without a Python 3.12 rebuild from Fedora 39+40 - fesco - Pagure.io - https://pagure.io/fesco/issue/3080 17:03:53 <michel-slm> .hello salima 17:03:55 <zodbot> michel-slm: Sorry, but user 'salima' does not exist 17:03:56 <michel-slm> .hello salimma 17:03:58 <zodbot> michel-slm: salimma 'Michel Lind' <michel@michel-slm.name> 17:04:26 <mhayden> 👋 michel-slm 17:04:34 <mhayden> mhroncok_web: you want to kick this one off? 17:05:02 <mhroncok_web> well 17:05:03 <mhayden> i think we have 5 +1's in the ticket, no -1's 17:05:06 <zbyszek> This already had a bunch of votes in the ticket, but didn't get +7 despite the fast-track request. 17:05:10 <dcavalca> michel-slm and I are still working to unfuck the mathics packages, so we'd like to request a stay of execution for those 17:05:16 <mhroncok_web> I want to get this approved, so I can proceed tmrw 17:05:23 <michel-slm> the ticket does say the retirement will happen tomorrow 17:05:24 <dcantrell> I just added a +1 to the ticket 17:05:34 <mhroncok_web> dcavalca: ack 17:05:35 <michel-slm> so ... we can still fix this today 17:05:45 <mhroncok_web> please do 17:05:46 <mhayden> so we are +6, but dcavalca brings up a point there 17:06:04 <mhroncok_web> I won't retire the 2 mathics packages 17:06:19 <dcavalca> thanks mhroncok_web 17:06:20 <mhroncok_web> not this week anyway 17:06:24 <michel-slm> thanks Miro 17:06:56 <mhroncok_web> the pyside+freecad thing seem to be acked by the maintainers and the last one probbaly is 17:06:59 <nirik> +1 also 17:07:14 <mhroncok_web> thanks 17:07:29 <mhroncok_web> let's declare this approved as +7 now? 17:08:01 <mhayden> nirik makes 7 for sure 17:08:10 * mhayden needs to refresh his policy knowledge on fast track tickets 17:08:24 <mhroncok_web> +7, -0 in ticket makes is approved 17:08:28 <decathorpe> fast track doesn't apply when we're voting in meeting, I think 17:08:34 <mhroncok_web> but we are in a meeting 17:08:42 <decathorpe> but either way it's approved now 17:08:48 <neil> .hi 17:08:49 <mhroncok_web> so unless somebody tosses a -1 now, we can declare it approved +7,0,-0 17:08:49 <zodbot> neil: neil 'Neil Hanlon' <neil@shrug.pw> 17:08:52 <zbyszek> I think it's approved as soon as the meeting ends. 17:08:54 <mhayden> haha okay let me remember the incantations for the bot 17:09:12 <dcantrell> in this timeline we're in a meeting, but in another timeline we're not 17:09:18 <zbyszek> mhayden: #agreed APPROVED (+7, 0, 0) 17:09:19 <mhayden> #agreed Proceed with Python package retirements in #3080 except the mathics packages (+7,0,0) 17:09:31 <mhayden> thanks zbyszek 17:09:42 <zbyszek> mhayden: you wrote it better than my suggestion :) 17:09:51 <mhayden> zbyszek: i'm too verbose 🙃 17:09:54 <mhroncok_web> yay \o/ 17:10:04 <mhayden> okay, anything else on this one? 17:10:20 <mhayden> sweet, moving right along 17:10:23 <mhayden> #topic #3072 Change: Passim Peer-to-Peer Metadata 17:10:28 <mhayden> .fesco 3072 17:10:29 <zodbot> mhayden: Issue #3072: Change: Passim Peer-to-Peer Metadata - fesco - Pagure.io - https://pagure.io/fesco/issue/3072 17:10:31 <mhroncok_web> I need to go afk for a minute 17:10:43 <mhayden> "Passim is a local caching server that broadcasts specific shared metadata to other clients on your local network to reduce the amount of duplicate data downloaded from the internet." 17:11:16 <mhayden> seems like the main concerns are about enabling this by default since it's network service 17:11:41 <dcantrell> yeah, so I'm ok with this change but would not want it on by default. users would need to explicitly enable it. 17:11:56 <mhayden> this would reduce the load on the firmware servers that fwupdmgr uses, if i read this right 17:12:27 <zbyszek> Yeah. From what I have seen, this daemon is implemented well, but OTOH, the proposal is to enable-by-default a network service that is freshly written. I would feel better it was opt-in at least for a release. 17:12:47 <mhayden> i could be persuaded to bring it in but not enabled by default 17:12:53 <decathorpe> well, doesn't this only save server bandwidth if there are actually >= 2 Fedora devices with this enabled on the same network? 17:13:10 <zbyszek> decathorpe: yes 17:13:30 <mhayden> yes, the testing instructions specify 2+ machines 17:13:31 <decathorpe> that somewhat limits the usefulness to large deployments, and "punishes" single users with an additional networked service 17:13:50 <zbyszek> mhayden: it's already "in", in the sense that you can do 'dnf install passim' today. 17:15:06 <dcavalca> would this Change apply to all editions? 17:15:22 <nirik> well, it's dbus activated right? 17:15:46 <mhayden> i don't see editions specified there 17:15:53 <mhayden> this wouldn't give much value in cloud, for example 17:16:34 * mhroncok_web is back 17:16:48 <mhayden> mhroncok_web: welcome back -- talking about 3072 17:17:22 <mhayden> would our feedback here be 1) not on by default and 2) please specify the editions it would apply to? 17:17:34 <dcavalca> yeah, that's why I was asking, it really feel like something that would make sense for workstation and server, and only if one has 2+ systems on the same network 17:18:06 <Son_Goku> mhayden: I don't know about that 17:18:17 <Son_Goku> private cloud networks with gateway servers are a thing 17:18:55 <mhayden> i can see your point, Son_Goku 17:19:17 <mhayden> but for the average fedora instance in aws or azure or digitalocean, there's likely not much benefit enabling passim there by default 17:19:17 <Son_Goku> and I used to work in a place that did in fact do private cloud stuff where this would be useful 17:19:44 <Son_Goku> only because nobody wrote a dnf plugin for it yet :) 17:19:57 <mhroncok_web> however, useful does not imply "let's enable this for everybody by default" 17:20:05 <dcavalca> even on a public cloud, it'd probably work if the instances are on the same VPC and the security groups are wired up right but... that's a lot of assumptions 17:20:09 <zbyszek> nirik: It's dbus-activated, but it would generally be started always whenever fwupdmgr refresh is done. 17:21:01 <mhroncok_web> Stephen said he'd ask some questions on the list 17:21:05 <nirik> right, and it's a suggests in fwupdmgr currently right? 17:21:32 <nirik> yeah 17:22:07 <mhroncok_web> and the thing being on discuss.fp.o makes me unable to see if those questions were split to a different topic or if they never happened 17:22:31 <Son_Goku> dcavalca: I think it's a lot more common to see that kind of stuff in public cloud deployments 17:22:37 <mhroncok_web> there is https://discussion.fedoraproject.org/t/f40-change-proposal-passim-peer-to-peer-metadata-self-contained/89608/9 17:22:39 <Son_Goku> even smaller clouds do a lot of that "by default" now (e.g. Linode) 17:23:19 <zbyszek> mhroncok_web: when things are split out, discourse leaves a pointer. So it's not "invisible". 17:23:31 <mhroncok_web> oh 17:23:43 <Son_Goku> it's a pain to find, but it's there 17:23:53 <mhroncok_web> "I’d be fine with just workstation for F40." says the change owner 17:24:06 <Son_Goku> I would prefer to see this everywhere fwupd is installed 17:24:36 <zbyszek> Yeah, Stephens' point about the firewall is important: without a hole in the firewall, the service cannot work. 17:24:49 <Son_Goku> and in the future, I expect that someone will write a DNF plugin to fetch repodata this way too 17:24:53 <mhayden> sorry folks, web chat locked up and i was the last to know (thanks mhroncok_web!) 17:25:44 <nirik> that could be tricky given the different caches for users/root with dnf... but yeah 17:26:03 <decathorpe> how would that work with zchunk? 17:26:13 <Son_Goku> it's just http range downloading 17:26:21 <Son_Goku> so it would just do range requests across passim 17:26:30 <decathorpe> ah 17:26:41 <Son_Goku> that's what makes zchunk awesome 17:26:46 <Son_Goku> it's very light on requirements to work 17:26:57 <Son_Goku> so you can "double up" and "scale out" easily 17:27:32 <mhroncok_web> I am worried that the dnf plugin thing is probably a bit off topic for this change 17:27:47 <dcantrell> mhroncok_web: agreed 17:29:28 <Son_Goku> it is, but I'm saying that passim is generally useful enough that I don't find a reason to block it 17:29:41 <Son_Goku> right now, passim change is oriented around being installed where fwupd is 17:29:43 <Son_Goku> and I'm fine with that 17:30:16 <mhayden> so i might have missed it when i dropped, but did we solve the firewall open port question for passim? 17:30:17 <mhroncok_web> how much network traffic fwupd generally uses? 17:30:27 <mhroncok_web> as in, is this really the practical use? 17:30:42 <mhroncok_web> no, the firewall thing has not been answered here 17:30:58 <nirik> well, for workstation it would just work right? 17:31:16 <nirik> but other editions would need to open that port it uses if they block it by default 17:31:30 <nirik> 27500/tcp is the port to be clear 17:31:52 <Son_Goku> do we have the port registered as a firewalld service? 17:32:41 <zbyszek> Son_Goku: I don't think so. There's no firewalld config in the package. 17:33:04 <Son_Goku> so we can ask them to do that and get the firewalld presets configured 17:33:37 <Son_Goku> nirik: workstation has a firewall preset, passim needs to be allowed there 17:33:42 <Son_Goku> it's not default-open 17:34:18 <zbyszek> Son_Goku: the firewall is not enabled by default on Workstation. 17:34:36 <nirik> it allows high ports (or at least it used to) 17:35:32 <neil> nirik: it seems to, on my machine, anyways 17:35:38 <nirik> ports: 1025-65535/udp 1025-65535/tcp 17:35:49 <nirik> so, this would just work there. 17:35:52 <Son_Goku> zbyszek: it is, but as nirik points out, high ports are open by default: https://src.fedoraproject.org/rpms/firewalld/blob/rawhide/f/FedoraWorkstation.xml 17:35:59 <nirik> but other editions/images would need something yeah. 17:36:05 <mhayden> oh yes, good call on that nirik 17:37:23 <nirik> well, cloud would just work too. 17:38:01 <Son_Goku> yes, cloud has no firewall by default 17:38:13 <mhroncok_web> any suggestions on how to proceed on this one? 17:38:30 <nirik> unclear to me on what default the other's would have. 17:38:36 <mhayden> so the change proposes moving passim from Suggests: to Recommended:, which makes it a weak dep and installed along with fwupdmgr 17:40:55 <nirik> I guess I am +1, but it would be good to make it so other spins/labs/images could also opt in easily... which I think would mean it would need a service firewalld could enable... 17:41:33 <Son_Goku> yup 17:41:46 <Son_Goku> I think that's the only other thing we need to ask of them 17:43:05 <nirik> so does this have enough votes to pass? or go back to vote in ticket? 17:43:35 <mhayden> i could go +1 on this after the discussion, but i'd like to see that firewalld service in there too 17:44:06 <zbyszek> I think this is too risky to enable by default. -1 for now. 17:44:18 <mhroncok_web> I don't have an opinion. On one hand this is a nice thing to have and might as well establish a good precedence for dnf metadata. On the other hand, I am not sure saving 2 MB a day if and only if there are multiple Fedoras on the network is worth to be enabled by default for every insatllation 17:44:35 <mhroncok_web> I'm 0 17:44:42 <Son_Goku> +1 from me 17:44:49 <mhayden> zbyszek: would you have feedback you'd like to provide back to rhughes? 17:45:14 <zbyszek> mhayden: we're in communication, he even merged my pull request for passim today. 17:45:17 <dcantrell> My big concern is the risk of a new network service for everyone. The idea seems nice for certain use cases, but overall as a default I am -1 17:45:23 <mhayden> zbyszek: 🎉 17:46:17 <mhayden> so it seems like we have (+3, 1, -2) right now? 17:46:19 <decathorpe> I'm torn between ±0 and -1 but leaning ±ß 17:46:37 <mhayden> ßeautiful 17:46:38 <decathorpe> argh, can't type. count me as ±0 17:46:51 <zbyszek> The scenario I'm afraid of is that we enable this, F39 rolls out, and somebody discovers that there's a buffer overrun or missing locking for concurrent access or something like that, that allows execution of code, and then Fedora Workstations start running a bitcoin miner whenever you visit an untrusted network. 17:47:00 <mhayden> okay, so that's (+3, 2, -2) 17:47:16 <zbyszek> I think that according to the new rules, that passes. 17:47:17 <dcantrell> zbyszek: yeah, exactly 17:47:32 <mhayden> valid concerns, zbyszek 17:47:41 <mhroncok_web> 2 zeros mean the total number of voters is 7 17:47:44 <Son_Goku> yes 17:47:52 <Son_Goku> and they follow the +3 17:47:56 <nirik> note that this is a 40 change. ;) 17:47:56 <mhroncok_web> +3 is not over 50% of 7 17:48:13 <zbyszek> I would prefer that we let users opt-in, figure out if there are any issues, and then maybe enable it by default later. 17:48:35 <dcantrell> yes, save the default decision for later 17:48:54 <mhayden> hmm, is there a proposal we throw out there as a path to yes? zbyszek has a suggestion there 17:49:25 <mhroncok_web> users can already opt-in it seems 17:50:21 * nirik nods. 17:50:46 <nirik> just install the package and make sure the port it uses is otherwise open... 17:51:51 <nirik> (well, I guess you need the rawhide packages) 17:52:55 <mhayden> so it appears we're deadlocked on votes here 17:53:06 <Son_Goku> opt-in has been a thing for a while now 17:53:16 <decathorpe> so ... back to ticket with the questions we have? 17:53:19 <Son_Goku> this is effectively "kill the Change" if we don't accept it for F40 17:54:25 <mhayden> could someone own bringing the concerns and questions to the ticket? 17:54:45 <zbyszek> Oh, wait, this is for F40? 17:54:57 <nirik> yes 17:55:07 <nirik> it's way way too late for f39 17:55:20 <zbyszek> Hmm, OK, so I can change my vote to +1. 6 months should be enough to figure out if there are problems. 17:55:25 <mhroncok_web> :D 17:55:41 <mhayden> so we're (+4, 2, -1) now? 17:55:43 <mhroncok_web> "nirik 19:47:56: note that this is a 40 change." 17:55:59 <Son_Goku> we don't have any F39 changes to accept anymore :D 17:56:02 <zbyszek> Yes, sorry. Reading is hard. Reading with understanding even more so. 17:56:13 <mhroncok_web> (+4, 2, -1) makes this go 17:56:37 <mhayden> #agreed Proceed with #3072 for F40. APPROVED (+4, 2, -1) 17:57:05 <mhayden> one topic left! 17:57:05 <mhroncok_web> I am happy my 0 votes are finally meaningful :) 17:57:15 <mhayden> #topic #3078 Consider revising package sponsor policy due to possible race condition 17:57:17 <zbyszek> I hope I won't regret this. People should really spend some time kicking the tires on the service. 17:57:20 <mhayden> .fesco 3078 17:57:21 <zodbot> mhayden: Issue #3078: Consider revising package sponsor policy due to possible race condition - fesco - Pagure.io - https://pagure.io/fesco/issue/3078 17:57:49 <Son_Goku> I think this is a no-brainer 17:57:50 <mhroncok_web> should this be approved in ticket? it is a week with +3 17:57:51 <mhayden> i'm not sure i fully understand this one -- can someone else summarize? 17:58:14 <mhayden> seems like we're trying to keep track of who sponsored which packager, which sounds good 17:58:25 <zbyszek> mhayden: we lost the metadata that said who sponsored whom, so we can't expect people to do their sponsorship duties. 17:58:28 <decathorpe> zbyszek: newly written services like these should really be implemented in Rust ;) 17:58:38 <mhayden> zbyszek: thank you 17:58:44 * Son_Goku doesn't particularly feel enthused about rust-based stuff 17:58:54 <decathorpe> 🤣️ I know 17:59:05 <mhroncok_web> cobol ftw 17:59:06 <mhayden> okay, anything to discuss on this one? there's a PR open for that change, too 17:59:08 <decathorpe> still better than C for parsing untrusted input 17:59:13 <mhayden> #link https://pagure.io/fesco/fesco-docs/pull-request/79 17:59:15 <nirik> I'm +1... seems reasonable to adjust 17:59:20 <zbyszek> decathorpe: yeah. Though in this case, it's using various libraries to do most of the heavy lifting, so it's less bad. 17:59:31 <mhroncok_web> I updated firefox and I cannot open new links now 17:59:37 <decathorpe> :D 17:59:49 * nirik notes we have a full backup of the old fas2 db. But that doesn't help new data. 17:59:54 <mhayden> we're running long, can we just finish that one in the ticket? 18:00:00 <decathorpe> there's already a few +1 votes in the ticket, I think this would be approved by the "votes after one week" rule? 18:00:05 <mhroncok_web> yes 18:00:06 <zbyszek> mhroncok_web: it's a security feature. Links are dangerous. 18:00:15 <mhroncok_web> escpecially links in C 18:00:30 <mhroncok_web> *especially 18:00:54 <mhayden> okay, i'll wrap up that ticket 18:00:57 <mhayden> #topic Next week's chair 18:01:34 <mhroncok_web> I won't join next week, my cat has an appointment 18:01:37 <mhayden> 🪑 ❓ 🙋 18:01:56 <mhroncok_web> let me just restart firefox really quickly 18:02:09 <mhayden> now we can talk about mhroncok 18:02:19 <decathorpe> only good things, I hope 18:02:37 <mhayden> anyone want to chair next week? i can take it again if needed 18:02:58 <mhayden> but you had better be prepared for double the emojis 18:03:27 <mhayden> #action mhayden to chair again next week on Oct 12 18:03:38 <mhayden> #topic Open Floor 18:03:39 <zbyszek> mhayden: :) 18:03:47 <mhayden> anything for open floor time? 🕳️ 18:03:58 <mhayden> 👂 18:04:11 <mhayden> 🦗 18:04:41 <mhayden> whew glad we gave mhroncok_web that action item 😅 18:05:05 <mhayden> okay, y'all! thanks for coming and putting up with my meeting antics. i hope y'all have a good week! 18:05:10 <mhayden> 👋 18:05:10 <mhroncok_web> I copied the hole emoji and my Xfce crashed 18:05:12 <mhayden> #endmeeting