#fedora-meeting-1 log

15:58:56 <abadger1999> #startmeeting fpc
15:58:56 <zodbot> Meeting started Thu Aug 14 15:58:56 2014 UTC.  The chair is abadger1999. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:56 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:59:02 <abadger1999> #meetingname fpc
15:59:02 <zodbot> The meeting name has been set to 'fpc'
15:59:06 <abadger1999> #topic Roll Call
15:59:12 * RemiFedora here
15:59:12 <abadger1999> Who all is here this week?
15:59:25 * abadger1999 thinks geppetto has said he'll be absent
15:59:47 <abadger1999> #chair RemiFedora
15:59:47 <zodbot> Current chairs: RemiFedora abadger1999
16:00:35 <abadger1999> spot, tibbs|w, SmootherFrOgZ: Any of ya'll around for FPC meeting?
16:01:27 <tibbs|w> I'm here.
16:02:01 <abadger1999> #chair tibbs|w
16:02:01 <zodbot> Current chairs: RemiFedora abadger1999 tibbs|w
16:02:07 <abadger1999> I'll give it a few more minutes.
16:02:59 <abadger1999> We had some talks at flock about possible ways to help FPC work more efficiently since I'm leaving and spot wants to not be sole chair.
16:03:33 <abadger1999> #chair Rathann
16:03:33 <zodbot> Current chairs: Rathann RemiFedora abadger1999 tibbs|w
16:04:01 <abadger1999> One idea was to separate out the legislative and the judicial portions of FPC...
16:04:44 <tibbs|w> Seems reasonable.
16:04:44 <abadger1999> have someone(s)  from (maybe docs) that does the work of polishing drafts and getting feedback from both us and the original submitters.
16:05:07 <abadger1999> then the FPC job is only to evaluate those drafts and give feedback about things that still have to be changed.
16:05:29 <abadger1999> Of coure, that depends on finding docs people who want to fill that sort of role.
16:05:47 <abadger1999> Another idea was to increase the number of people who can edit the Packagin: portion of hte wiki.
16:06:09 <abadger1999> that way we wouldn't bottleneck on finished and approved drafts in trac not getting added to the wiki.
16:06:13 <RemiFedora> this could mak sense for language part with a SIG
16:07:06 <abadger1999> RemiFedora: yeah -- note that for most recent language guidelines, the FPC already is pretty much doing that.
16:08:23 <Rathann> abadger1999: I seem to have missed both you and those talks while at Flock... :(
16:08:29 <abadger1999> We don't know enough about go, for instance, to write the guidelines ourselves... but we do make decisions about whether the draft is suitable and give feedback as to what changes we want to see.
16:08:36 <abadger1999> Rathann: Yeah :-(
16:09:12 <abadger1999> Rathann: the talks were mostly hallway conversations.
16:09:22 <abadger1999> I'm sad to have missed meeting you, though :-(
16:11:36 <abadger1999> Okay, looks like we aren't going to make quorum today.
16:12:04 <abadger1999> #topic Open Floor
16:12:32 <Rathann> by the way, could you check if I have edit rights to the Packaging: portion of the wiki? Last time I checked a couple of months back, I didn't
16:12:35 <abadger1999> Anyone want to bring anyhting up?  Tickets to start discussing or start voting on?
16:12:52 <abadger1999> Rathann: I can't but we can ask nirik to
16:12:57 <Rathann> ok
16:12:59 <abadger1999> Rathann: what's your fas username?
16:13:03 <RemiFedora> racor: ?
16:13:10 <Rathann> same as my nick, but lowercase
16:13:13 <Rathann> rathann
16:13:19 <abadger1999> k
16:14:11 <abadger1999> Anyone else I should ask nirik to look into?
16:14:25 <racor> bla bla
16:14:37 <nirik> I can look
16:14:44 <abadger1999> thanks
16:14:50 <racor> for some reasons I wasn't able to talk
16:14:57 <abadger1999> ah okay.
16:14:59 <abadger1999> #chair racor
16:14:59 <zodbot> Current chairs: Rathann RemiFedora abadger1999 racor tibbs|w
16:15:04 <abadger1999> That makes five.
16:15:42 * racor is lacking time, I'll have to quit in ca. 15 mins
16:17:27 <abadger1999> #topic Update to untouchable directories
16:17:28 <abadger1999> https://fedorahosted.org/fpc/ticket/451
16:17:40 <abadger1999> I'm hoping this ones pretty simple.
16:19:44 <tibbs|w> +1 to the concept, though it is a little confusing to say "nothing under /opt" and then later "limited usage of /opt".
16:20:45 <Rathann> +1 from me, change what tibbs|w mentioned to "nothing under /opt except as specified below"
16:20:46 <abadger1999> tibbs|w: Good point.
16:20:48 * abadger1999 edits that title
16:21:36 <abadger1999> I'll change it to /srv/, /usr/local/, or /home/$USER
16:21:43 <racor> +1, same as reservations as tibbs|w, esp. because I can't imagine any reason for anything under /opt/ in Fedora.
16:22:08 <RemiFedora> +1
16:22:58 <abadger1999> +1
16:23:02 <tibbs|w> +1 for the record.
16:23:30 <abadger1999> #info Update to untouchable directories section APPROVED: (+1:5, 0:0, -1:0)
16:24:08 <abadger1999> #topic Crypto policies packaging guideline
16:24:11 <abadger1999> https://fedorahosted.org/fpc/ticket/452
16:25:09 <tibbs|w> I'm not entirely sure about this.
16:25:13 <abadger1999> I'm not either.
16:25:27 <abadger1999> The part about config file seems like it may be FPC territory.
16:25:27 <racor> 0, it requires to a crypto expert to be able to have an opinion
16:25:39 <abadger1999> The part about modifying code... I'm not sure if we get into that much.
16:25:48 <tibbs|w> I agree with the concept, but I'm not sure we necessarily want to make packagers or reviewers do that much.
16:26:02 <tibbs|w> Essentially none of them are going to understand this.
16:26:21 <abadger1999> yeah.  In some ways it's just magic strings that we add.
16:26:58 <tibbs|w> I have no problem with flagging such reviews for some security team to inspect more closely, but just saying "nothing using crypto gets in unless you do something you probably don't understand" isn't really helpful.
16:27:31 <tibbs|w> I guess what I'm saying is that some things are simply too esoteric to enforce through packaging guidelines.
16:27:39 <abadger1999> <nod>
16:29:17 <abadger1999> So... what should we write into the ticket?
16:30:04 <abadger1999> We'd be amenable to flagging certain package reviews for security team sign off.  But please find out if hte security team is willing to do that work.  ?
16:30:11 <RemiFedora> ask for a proposal about bugzilla flag which involves new "fedora security team" (after asking them of course)
16:30:51 <racor> Ok, folks, I've got to go ...
16:30:53 <RemiFedora> (different words... mostly same goal)
16:30:57 <abadger1999> racor: See you later!
16:31:29 <Rathann> What we could add is something like: "packages depending on openssl/gnutls/... (list of crypto libs here) must be vetted by security team for correct selection of allowed ciphers"
16:32:04 <Rathann> it's fairly easy to check if package depends on a listed crypto lib
16:32:09 <abadger1999> <nod>
16:35:26 <abadger1999> Okay, http://paste.fedoraproject.org/125616/40803412/
16:35:59 <abadger1999> I'll post that to the ticket if it looks like what we're imagining.
16:36:49 <RemiFedora> hte => the, else seems ok
16:38:56 * abadger1999 posts
16:39:04 <abadger1999> #topic Open floor
16:39:11 <abadger1999> Okay, anything else people want to bring up?
16:39:22 <tibbs|w> Ugh; so many people at my door.
16:39:51 <tibbs|w> abadger1999: +1 to posting that.
16:40:59 <abadger1999> Alright I'll close the meeting in 60s
16:41:04 <Rathann> abadger1999: there's also NSS
16:41:17 <Rathann> that's why I wrote (list of crypto libs here)
16:41:38 <Rathann> let's not limit ourselves to openssl and gnutls
16:41:53 <Rathann> someone may package libressl ;)
16:43:13 <abadger1999> Rathann: <nod>  I'd think we'd update the list whenever another library has the capability to modify the allowed ciphers systematically.
16:43:19 <abadger1999> #endmeeting