16:01:17 <geppetto> #startmeeting fpc
16:01:17 <zodbot> Meeting started Thu Apr 30 16:01:17 2015 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:17 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:01:17 <geppetto> #meetingname fpc
16:01:17 <zodbot> The meeting name has been set to 'fpc'
16:01:17 <geppetto> #topic Roll Call
16:03:22 <geppetto> geppetto limburgher mbooth orionp racor Rathann SmootherFr0gZ tibbs|w tomspur: FPC ping
16:03:33 * Rathann here
16:03:42 <geppetto> #chair Rathann
16:03:42 <zodbot> Current chairs: Rathann geppetto
16:04:43 * dwmw2 looks in
16:05:00 <geppetto> hey, waiting for ppl to show up
16:09:24 <tibbs|w> Dang it.
16:09:24 <geppetto> hey tibbs
16:09:29 <geppetto> #chair tibbs
16:09:29 <zodbot> Current chairs: Rathann geppetto tibbs
16:09:42 <geppetto> Still only 3 of us … is something exciting happening today?
16:10:01 <tibbs|w> Nothing here but traffic.
16:10:13 * geppetto nods
16:12:03 <geppetto> Well it's not looking good for a real meeting :(
16:12:06 <Rathann> we're looking forward to a "long weekend" due to Labour Day
16:12:10 * geppetto nods
16:12:10 <Rathann> ;)
16:12:14 * orionp Is only letting his irc client log the meeting - is leaving in 3 minutes
16:12:23 <geppetto> Yeh, I know all my (non-US) co-workers are off tomorrow
16:12:30 <tibbs|w> Ah.
16:12:35 <tibbs|w> Right, May Day.
16:13:21 <tibbs|w> So there were four "not attending" notes on the list.
16:13:34 <geppetto> oh, I only saw orc_emac_
16:13:38 <geppetto> orionp even
16:14:07 <geppetto> ahh, nevermind … manual refresh is your friend
16:14:29 <geppetto> This is probably it then
16:14:35 <geppetto> #topic Open Floor
16:14:38 <tibbs|w> Does anyone recall what's up with limb?
16:14:49 <geppetto> I think he's just busy a lot
16:14:53 <tibbs|w> He hasn't been around for a while, and I wonder if the time just doesn't work for him.
16:15:13 <geppetto> He pops in every now and again … he's never mentioned the time specifically
16:16:01 <dwmw2> so https://fedorahosted.org/fpc/ticket/480 ...
16:16:23 <tibbs|w> I guess it's prudent to see who is and isn't making it to meetings or commenting on tickets and at least think about whether we need to change things up.
16:16:29 <dwmw2> tibbs|w: you mentioned a tracker in comment 12. I have one of those already, in fact.
16:16:36 <tibbs|w> Cool.
16:17:01 <dwmw2> https://bugzilla.redhat.com/showdependencytree.cgi?id=1173546&hide_resolved=1
16:17:22 <tibbs|w> Really, the theme here is that if nobody on FPC can understand what's being proposed, there's little chance that most packagers or package reviewers will understand it easier.
16:17:25 <dwmw2> I've just fixed some of this in f20, actually
16:17:38 <tibbs|w> So if you dumb it down to the point where we can get it, then there's at least a chance.
16:17:59 <tibbs|w> And if you dumb it down to where _I_ can understand it, then things will work out great.
16:18:03 <dwmw2> hehe
16:18:47 <tibbs|w> So really that's what we're getting at when we ask for things like examples.
16:18:57 <dwmw2> basically: If your program can use a SSL certificate from a file (like your ~/.fedora.cert) then it *also* ought to be able to a cert if you import it into GNOME keyring with seahorse, and then just give the corresponding pkcs11:... URI for it.
16:19:05 <tibbs|w> If examples aren't the best way to go about it, that's fine.
16:19:37 <dwmw2> I'll try to write up some docs on how to test that.
16:19:55 <tibbs|w> Just a dumb question: is GNOME keyring something GNOME specific?
16:20:17 <dwmw2> kind of, but it's just an *example* of a test module, that's easy to use without real crypto hardware.
16:20:56 <dwmw2> we have others. NSS is entirely based on it and you can use your firefox cert store. And we have SoftHSM too.
16:21:05 <dwmw2> it's just that in a default install, gkr is already there and running.
16:21:28 <tibbs|w> Just wondering how the KDE folks would test, I guess.
16:21:44 <Rathann> or MATE folks ;)
16:21:51 <tibbs|w> I don't install gnome at all, for example.
16:22:21 <dwmw2> the firefox store is probably the easiest then
16:23:13 <dwmw2> to a large extent though, I do accept that I might have to do a fair amount of the gruntwork myself
16:23:34 <dwmw2> the guideline is partly in the *hope* that others will do it right, and partly to justify intervening when they don't :)
16:23:41 <tibbs|w> I understand.
16:24:02 <tibbs|w> Really it's sort of like legal stuff.  We don't really expect everyone to understand it.
16:24:13 <tibbs|w> So if there's a question, just block FE-Legal and move on.
16:25:03 <dwmw2> well, I *do* hope that people will be able to get it right for themselves. I'm not entirely giving up on that. But I'll accept that approach :)
16:25:28 <geppetto> :)
16:25:29 <tibbs|w> I know, but if we want things to be reviewed at all, we have to make things easy.
16:25:35 <dwmw2> I will probably tweak the documentation in response to the ways in which people get it wrong :)
16:25:58 <tibbs|w> Also note that it's OK to link to pages outside the guidelines that talk about this stuff more.
16:26:18 <tibbs|w> Even other wiki pages that can be edited with more and changing "HOWTO" information.
16:26:29 <dwmw2> yeah. Is there a recommended location for said HOWTO?
16:26:29 <tibbs|w> And just leave the stricture for the guidelines pages.
16:26:50 <tibbs|w> Somewhere in the wiki.  Personal pages; it doesn't much matter, really.
16:26:59 <dwmw2> I'll put something in place which I can improve in response to actual users, and a reference to that in the proposed guidelines.
16:27:24 <tibbs|w> There is a PackageMaintainers hierarchy, I guess, which would be good for things like that.
16:28:30 <dwmw2> ok
16:28:58 <Rathann> Rationale section seems to be empty
16:29:11 <Rathann> other than that, it looks fine as it is to me
16:29:37 <Rathann> though beginner packagers may have trouble finding you, dwmw2 ;)
16:29:53 <dwmw2> hm, there was a rationale in the first draft at https://fedoraproject.org/w/index.php?title=PackagingDrafts/PKCS11&oldid=398435
16:30:13 <dwmw2> although it was a bit random. I'll write a new one :)
16:31:16 <tibbs|w> Rathann: I think the point is that they find him through the tracker.
16:31:29 <tibbs|w> And personally I dislike rationale sections in guidelines.
16:32:02 <dwmw2> it's kind of self-explanatory
16:32:10 <dwmw2> "make stuff work consistently"
16:32:15 <Rathann> tibbs|w: I assume it won't end up in the final guidelines
16:32:19 <Rathann> right
16:32:23 <tibbs|w> I preference is that it be summed up in a sentence or two at the beginning.
16:32:47 <tibbs|w> Otherwise I don't think you need to convince us much here.
16:33:34 <Rathann> or how about we put the summary into main guidelines and link to the separate page for details
16:33:52 <Rathann> dwmw2: there's still one FIXME in the Help section, too
16:34:03 <dwmw2> I *just* hit 'save' to get rid of that :)
16:34:11 * Rathann reloads
16:34:32 <Rathann> got it
16:35:17 <Rathann> +1 from me
16:36:30 <Rathann> dwmw2: how do I know that for yubikey certificate the URI is "pkcs11:manufacturer=piv_II;id=%01" ?
16:38:30 <dwmw2> I'm going to lift some of the answer to that qusetion out of my OpenConnect documentation at http://www.infradead.org/openconnect/pkcs11.html
16:38:43 <dwmw2> short answer 'run p11tool --list-all and select the one you want'
16:39:10 <dwmw2> I think I have an RFE open for seahorse to *tell* you the URI when browsing
16:39:11 <dwmw2> that would be useful
16:40:24 <geppetto> dwmw2: One minor-ish question … does everyone agree with your "GnuTLS is probably the best choice if your package supports it, unless your package has specific requirements" statement?
16:40:59 <dwmw2> you can interpret the second clause as "unless it isn't", and then it's a tautology. If you really must :)
16:41:17 <dwmw2> from the PKCS#11 point of view, GnuTLS is the best choice.
16:41:36 <dwmw2> if you have specific requirements of an SSL library, perhaps you might make a different choice
16:41:50 <dwmw2> IF you require an odd GPL-incompatible licence and badly maintained code, go for OpenSSL
16:41:50 <tibbs|w> Which is funny given all of that effort to switch everything to NSS a few years back.
16:42:02 <geppetto> Right … I was just wondering if random NSS or govt. cert. people are going to come to us at some point and be all "wtf did you recommend this for"
16:42:07 <dwmw2> we didn't have GnuTLS in its current form back then
16:42:15 <dwmw2> but I am also going to fix NSS
16:42:24 <dwmw2> NSS is all based around PKCS#11.
16:42:27 <dwmw2> It's *all* PKCS#11 there.
16:42:47 <geppetto> Ok … so why is GnuTLS still a better choice?
16:42:49 <dwmw2> not like OpenSSL where PKCs#11 support is a horrid bolt-on via an ENGINE
16:42:55 * geppetto nods
16:43:04 <dwmw2> because NSS is almost as hard as OpenSSL to actually get stuff fixed
16:43:29 <geppetto> Fair enough
16:44:03 <dwmw2> we can always tell the NSS folks "we'll stop recommending they migrate away from NSS when NSS supports RFC7512 properly" :)
16:44:33 <dwmw2> the recommendation isn't in the guidelines, is it? We can move that to the howto page perhaps
16:44:38 <geppetto> cool … can I hide behind you when I say that ;)
16:44:40 <dwmw2> it doesn't need to be an official recommendation.
16:44:47 <dwmw2> absolutely you can :)
16:45:24 <geppetto> ok … well I'm +1 on the bits that I understand
16:45:39 <geppetto> Hopefully next week we'll have enough people to get to 5
16:45:49 <dwmw2> cool
16:45:57 <dwmw2> and I'll flesh out that dummy howto page
16:46:17 <tibbs|w> We can also vote in the ticket.  Not sure why we don't do that more often.
16:46:43 <geppetto> yeh, can try … but I'll bet $5 it's not at +5 by next week :)
16:46:57 <tibbs|w> I certainly won't take that bet.
16:47:23 <tibbs|w> Sadly I don't think many of us read the ticket traffic until Wednesday.
16:47:34 <dwmw2> that early?
16:47:50 <geppetto> I often read it in my email
16:48:03 <tibbs|w> Really not that many tickets left now.
16:48:30 <geppetto> yeh, it's been going really well this year
16:48:46 <tibbs|w> I mean, 12 total, many of them still needinfo.
16:48:52 <geppetto> I think this is only the second time we'v not had 5 (at least when I've been here :-o)
16:49:58 <tibbs|w> BTW, I think we're just going to have to take action on scintilla.  Nobody seems to care except rdieter.
16:50:14 <geppetto> define take action?
16:50:29 <tibbs|w> I can go in and at least add the Provides: bits to the packages.
16:50:35 * geppetto nods
16:50:51 <geppetto> Doing that seems … better than nothing
16:50:52 <tibbs|w> But we do have the question of what on earth we can actually do.
16:51:19 <geppetto> It's a pretty good rebuttal of Matt Miller's "We'll just let the first package bundle, and then split when there are two" proposal
16:51:36 <tibbs|w> In the long term, for any issue like this.
16:51:43 <tibbs|w> Yeah, that's why I wrote that.
16:52:13 <tibbs|w> I think that everything that bundles scintilla has been in long before we had an unbundling policy.
16:52:34 <tibbs|w> I really do understand the problem, but there's just no easy way to balance things.
16:52:41 * geppetto nods
16:53:01 <tibbs|w> There's grumbling now that unbundling javascript is hard.
16:53:13 <tibbs|w> And, I mean, really?  That's the easiest possible thing.
16:53:31 <geppetto> are people altering the JS they bundle slightly though?
16:53:50 <geppetto> Or maybe just not keeping upto date … which is the same thing
16:53:50 <tibbs|w> I don't know, honestly.
16:54:08 * geppetto nods
16:54:21 <tibbs|w> In my short experience with javascript, I had to modify the things I sucked in.
16:54:33 <geppetto> I've said it before … but we could really do with more than just one giant repo. that pretends to be of the same quality
16:54:39 <tibbs|w> Well, not jquery, but flot.
16:55:02 <tibbs|w> Really, bundling exceptions should be easy.
16:55:18 <tibbs|w> People just don't want to do the work of telling us what was modified.
16:55:36 <tibbs|w> We really just want that and "did they go upstream" and "is someone paying attention to updates".
16:55:50 <tibbs|w> But people would rather grumble that the policy is hard to deal with.
16:56:31 <geppetto> yeh
16:57:30 <tibbs|w> And javascript is indeed kind of weird.
16:57:58 <tibbs|w> Problems there (discounting nodejs and its ilk) don't bother the host machine.  They bother the clients.
16:58:50 <geppetto> well … there's stuff like gnome-shell too
16:59:02 <geppetto> but, yeh, all the web stuff is webby ;)
16:59:44 <tibbs|w> Anyway, I would happily accept proposals for changing the javascript guidelines now that they've put into practice and we know where the pain points are.
17:00:14 <tibbs|w> Plus I've actually learned some full-stack web programming stuff in the meantime, so I personally understand the issues far better.
17:00:47 <geppetto> cool
17:01:53 <tibbs|w> Yeah, better medication has really made a difference for me and I'm getting a whole lot more done.
17:02:18 <tibbs|w> I'll try to clean up 126 and maybe make some movement on that other ticket I proposed ages ago.
17:02:26 <tibbs|w> I wonder what we should do with the SCL ticket.
17:02:34 <tibbs|w> Is that well and truly dead now?
17:02:49 <geppetto> I guess so
17:03:00 <geppetto> I haven't heard anyone shout at me about it since toshio left
17:03:04 <tibbs|w> I've been practicing my happy dance just for that occasion.
17:03:18 <tibbs|w> Oh, that's right, he did leave Red Hat, didn't he?
17:03:33 <tibbs|w> I can't keep track.
17:03:54 <geppetto> yeh
17:03:58 <tibbs|w> I wish they'd offer me a job.
17:03:59 <geppetto> same time he left fpc
17:04:04 <geppetto> really?
17:04:10 <geppetto> Doing what?
17:04:16 <tibbs|w> Not that I would necessarily take it, but I would love the leverage.
17:04:53 <tibbs|w> Admin, probably.  I only have 27 years of experience.
17:06:18 <tibbs|w> Need to get more involved in those python tickets, too.  Is there a Fedora-python specific mailing list I should be on?
17:06:28 <tibbs|w> Guess python-devel.
17:06:59 <geppetto> yeh, I guess
17:07:09 <tibbs|w> Seems low traffic.
17:07:32 <geppetto> Speak to toshio? I'm pretty sure he's on the python ML for Fedora
17:07:41 <tibbs|w> Yeah, I see him posting there.
17:07:48 <misc> he is also on irc
17:07:49 * geppetto nods
17:08:06 <tibbs|w> I kind of get obsessive about things like the FPC ticket list once the count gets low.
17:08:17 <tibbs|w> Which I guess should come as no surprise.
17:08:32 <tibbs|w> I was like that in the early days of package reviews, until burnout kicked in.
17:08:37 <tibbs|w> That's an unstemmable tide.
17:09:04 <geppetto> yeh, it's the same with most people I think … now it's a manageable number, it's possible to get it empty … when it was huge, it was just huge.
17:09:12 <tibbs|w> Yep.
17:10:36 <tibbs|w> I wonder which committee would be involved in approving modifications to the package review process for things like a texlive split or a big SCL import.
17:10:51 <tibbs|w> Since "it takes too long to do package reviews" are the main complaints with those.
17:10:58 <tibbs|w> I guess that wouldn't be us.
17:12:04 <geppetto> fesco or us, I guess
17:12:29 <tibbs|w> I'll ask fesco to clarify, just in case any of those things actually get close.
17:13:23 <Rathann> ok, guys, I have to drop off now
17:13:40 <tibbs|w> Yeah, thanks for chatting.  Hopefully we'll get quorum next week.
17:13:48 <Rathann> take care, bye
17:14:12 * geppetto nods … yeh, see ya then