16:00:20 <geppetto> #startmeeting fpc
16:00:21 <zodbot> Meeting started Thu Oct 16 16:00:20 2014 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:21 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:21 <geppetto> #meetingname fpc
16:00:21 <geppetto> #topic Roll Call
16:00:21 <zodbot> The meeting name has been set to 'fpc'
16:00:46 <geppetto> abadger1999 tibbs|w limburgher Rathann SmootherFr0gZ racor spot: FPC ping
16:00:54 * racor is here
16:01:01 <geppetto> orionp: FPC ping
16:01:07 <geppetto> #char racor
16:01:11 <geppetto> #chair racor
16:01:11 <zodbot> Current chairs: geppetto racor
16:01:22 <geppetto> guess who's been doing C code again recently ;)
16:01:28 <orionp> sorry, awfk for  a bit - here
16:01:39 <geppetto> #chair orionp
16:01:39 <zodbot> Current chairs: geppetto orionp racor
16:06:39 <geppetto> abadger1999 limburgher Rathann SmootherFr0gZ spot tibbs|w: FPC ping
16:06:51 <geppetto> limburgher: hey
16:06:56 <geppetto> #chair limburgher
16:06:56 <zodbot> Current chairs: geppetto limburgher orionp racor
16:07:10 <limburgher> yo.  sorry I'm late.
16:07:23 <geppetto> no problem
16:07:36 <limburgher> Looks like we're not quorified yet.
16:07:43 <geppetto> yeh, not yet
16:07:52 <geppetto> this week isn't so bad as there are no new tickets anyway
16:07:57 <limburgher> k, I'll nuke my lunch. . .
16:10:45 * Rathann here
16:10:48 <geppetto> cool
16:10:51 <geppetto> #chair Rathann
16:10:51 <zodbot> Current chairs: Rathann geppetto limburgher orionp racor
16:10:51 <Rathann> sorry for being late
16:10:55 <geppetto> no problem
16:10:58 <Rathann> was making coffee
16:11:02 <geppetto> Not much to discuss this week anyway
16:11:30 * Rathann sends out new the announcement about the new members, finally
16:11:34 <geppetto> cool
16:11:50 <geppetto> #topic Wiki editting backlog
16:12:02 <geppetto> Anyone manage to do any edits in the last week?
16:12:14 <limburgher> Not a one.
16:12:45 <Rathann> terribly sorry, but none, either
16:13:26 <geppetto> yeh, I might have time to do one this week.
16:15:05 <geppetto> #topic Open Floor
16:15:26 <Rathann> I've just created a report in our trac showing tickets awaiting writeup
16:15:28 <geppetto> Actually …
16:15:31 <Rathann> https://fedorahosted.org/fpc/report/14
16:15:36 <geppetto> #topic #452     Crypto policies packaging guideline
16:15:41 <geppetto> https://fedorahosted.org/fpc/ticket/452
16:15:45 <geppetto> Rathann: coool, thanks
16:16:09 <geppetto> Can you put that on the wiki page, maybe https://fedoraproject.org/wiki/Packaging_Committee_Meeting_Process#On_the_day_of_the_meeting ?
16:16:17 <geppetto> or https://fedoraproject.org/wiki/FPC_meeting_process
16:16:35 <geppetto> #chair tibbs|w
16:16:35 <zodbot> Current chairs: Rathann geppetto limburgher orionp racor tibbs|w
16:16:44 <tibbs|w> Sorry, folks; I got pulled away before I even made it to the office.
16:17:19 <geppetto> that's cool
16:17:30 <geppetto> prob. short/simple meeting anyway
16:17:48 <geppetto> tibbs|w: You do any wiki editing?
16:18:19 <tibbs|w> I did not.  I fixed something previous to the last meeting, but nothing in the previous week.
16:18:24 * geppetto nods
16:19:09 <geppetto> Ok … so crypto policy … anyway want to talk about it more? Give more feedback, Remi replied on the mailing list saying that PHP now complies with the proposed policy
16:19:40 <geppetto> so does that make anyone feel like approving it?
16:19:58 <geppetto> tibbs|w: https://fedorahosted.org/fpc/ticket/452
16:21:06 <tibbs|w> Your last comment there needs a response, I think.
16:21:23 <limburgher> <nods>
16:21:58 <Rathann> I'm basically in favour with current version of https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
16:22:09 <Rathann> *in favour of
16:22:28 <limburgher> Rathann: I'm sure the policies like you. :)
16:22:32 <racor> well, I still can't "grasp" this proposal, i.e. I still do not understand what maintainers/packagers are supposed to do with it.
16:22:48 <geppetto> tibbs|w: yeh, wrote it all out 2 weeks ago but forgot to hit publish, so he's only had it a day or so
16:23:00 <tibbs|w> I do that all the time.
16:23:30 <limburgher> Story of my life.
16:23:33 <geppetto> racor: yeh, that's kind of what the update is for … but AIUI just make sure the given APIs in the proposal are called the way they are specified in the proposal (so use system config. for algo. selection)
16:24:00 <Rathann> racor: if $yourpackage uses openssl or gnutls, you must make sure it uses the system-specified ciphers
16:24:46 <Rathann> that's only possible using those three function calls, so it should be easy to grep for and check in the source
16:25:07 <Rathann> hm now I've noticed that the proposed policy says nothing about non-C code
16:25:35 * Rathann wonders if there are official bindings to other languages for openssl or gnutls
16:25:42 <geppetto> You think they should give examples for python/ruby too?
16:25:44 <limburgher> Doubtless.
16:26:13 <limburgher> I would think the language would handle the calls for the most part unless there's a passthrough for a function in a given language.
16:28:05 <geppetto> eh, I wouldn't assume that … I always think ssl code should be a lot simpler than it is … in any language
16:28:26 <Rathann> gnutls website mentions C++, python, php
16:28:30 <racor> I must be missing something. Which 3 functions and which "updated proposal" are you referring to ?
16:28:34 <geppetto> I know we had piles of mcrypt stuff in el5 yum, when using openssl, just to get cert checking
16:28:50 <geppetto> racor: https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
16:29:22 <Rathann> racor: SSL_CTX_set_cipher_list for openssl and gnutls_priority_set_direct/gnutls_set_default_priority for gnutls
16:30:34 <geppetto> #info Would be helpful for policy to at least mention other languages, Eg. python/ruby, and what any calls there should look like.
16:30:36 <Rathann> ah, there's one more gnutls_priority_init mentioned
16:31:01 <Rathann> it'd be also good to highlight the function names
16:32:07 <geppetto> #action Highlight all function names in a single part of the policy
16:33:25 <geppetto> #action Current policy just says "other crypto. libs. do not adhere." Give some more info. for at least NSS, are changes coming, are packages advise to move away from NSS, something else?
16:33:46 <geppetto> Ok, hopefully that'll help nmav out.
16:34:30 <tibbs|w> I thought there was this effort to move everything _to_ NSS.
16:34:37 <Rathann> me too
16:34:42 <tibbs|w> At least a few years ago that was the case.
16:34:42 <geppetto> yeh
16:35:13 <geppetto> yeh, AIUI they gave up and after everyone declared too much love for openssl
16:35:28 <geppetto> but, I'm also surprised … hence the question :)
16:35:54 <tibbs|w> So, as a package reviewer that doesn't know crap about this, how do I know if an application "provides a configuration file that allows to modify the cipher list string"?
16:36:06 <tibbs|w> (Needs grammar fix there, too.)
16:36:44 <geppetto> not sure
16:36:49 <Rathann> tibbs|w: you need to grep the sources as well
16:36:50 <tibbs|w> I guess you'd have to know the application; there's no standard openssl or gnutls configuration file, is there?
16:37:02 <Rathann> no, there isn't
16:37:23 <tibbs|w> I mean, I don't know if the libraries have some call to load some specific type of file.
16:37:45 <Rathann> the part mentioning configuration files is about application-specific configuration files
16:38:09 <Rathann> like httpd.conf for httpd (or actually /etc/httpd/conf.d/ssl.conf in our case)
16:38:11 <tibbs|w> This is the kind of thing that's going to come up in package reviews.  If the guideline doesn't answer the most obvious questions, then it's not really going to be helpful.
16:38:41 <Rathann> postfix has a configuration file option to specify ciphers as well
16:38:50 <Rathann> these could be given as examples
16:39:17 <Rathann> to clarify what "configuration file" the policy talks about
16:40:00 <geppetto> ok, that needs to be cleaered up then … as I didn't assume that meaning
16:40:07 <geppetto> but it explains the confusion
16:41:08 <geppetto> #topic Open Floor
16:41:20 <geppetto> Ok, is there anything else anyone wants to bring up?
16:42:07 <Rathann> I think we should go through the old tickets
16:42:14 <Rathann> not necessarily today
16:42:40 <tibbs|w> Yeah, I think most of it is abandoned stuff but there may be a few things we've neglected to act on.
16:42:47 <tibbs|w> Speaking of poor grammar....
16:46:29 <tibbs|w> I might be able to scrape together some time later today.  I'm getting close to finishing up a couple of projects here at the office.
16:47:22 <geppetto> cool
16:47:36 <geppetto> I know I have a bit more free time this week than last
16:47:51 <geppetto> so if we could all agree to do one backlog ticket, that'd be awesome
16:49:36 <geppetto> the backup plan could be to assign them all to orionp as the newbie ;)
16:49:49 <orionp> gah, I'm awake
16:49:54 <Rathann> speaking of assigning
16:50:06 <Rathann> we need to get the new members permission to edit the packaging wiki
16:50:17 <geppetto> Do you know how we do that?
16:50:51 * nirik can do that. Just tell me who. ;)
16:51:34 <Rathann> nirik: who's your backup, just in case?
16:52:09 <nirik> Rathann: file an infrastructure ticket and someone else could figure it out. ;) several sysadmin main folks should be able to do it.
16:52:15 <Rathann> ok
16:52:28 <nirik> https://fedoraproject.org/w/index.php?title=Special:ListUsers&group=Packaging is the current list of people in packaging
16:53:22 <Rathann> we need to add orionp, tomspur and mbooth, but I don't know their wiki names
16:53:25 <Rathann> yet
16:53:35 <nirik> should be == to their fas named.
16:53:37 <nirik> names
16:53:48 <orionp> my fas name is "orion"
16:54:23 * tomspur_ has the same name in the wiki
16:54:41 <Rathann> so does mbooth, apparently
16:54:43 <nirik> yep.
16:55:17 <nirik> done
16:56:39 <geppetto> cool
16:56:54 <geppetto> tomspur_: Welcome, btw :)
16:57:01 <geppetto> mbooth: Welcome
16:57:15 <tomspur_> geppetto, thanks for the election :)
16:57:32 <tomspur_> And all others of course :)
16:57:49 <geppetto> tomspur_: You always have the _ suffix?
16:57:58 <Rathann> coincidentally, we're approaching the seasonal DST change, so there will probably be another vote for best meeting time soon
16:58:37 <geppetto> Last few times I've just waited until after Europe changed and change the meeting time by 1 hour
16:58:57 <tomspur_> geppetto, no, the other one without is in use at my work desk
16:59:18 <geppetto> tomspur_: Ok, I'll put you in the wiki page without it then
16:59:32 <tomspur_> geppetto, yes, thanks
17:02:18 <geppetto> Ok, I'm going to close now … everyone have a good week, and try to do a wiki update :)
17:02:33 <limburgher> You too!
17:02:40 <tibbs|w> Until next week.
17:02:43 <geppetto> #endmeeting