20:58:19 #startmeeting Fedora Marketing meeting (2016-08-10) 20:58:19 Meeting started Wed Aug 10 20:58:19 2016 UTC. The chair is jflory7. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:58:19 Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:58:19 The meeting name has been set to 'fedora_marketing_meeting_(2016-08-10)' 20:58:20 #meetingname marketing 20:58:21 The meeting name has been set to 'marketing' 20:58:28 #topic Agenda 20:58:33 #link https://fedoraproject.org/wiki/Meeting:Marketing_meeting_2016-08-10 20:58:45 #topic Roll Call 20:58:46 #info Name; Timezone; Other sub-projects / interest areas 20:59:17 #info Justin W. Flory; UTC-4; Marketing / Magazine, CommOps, Ambassadors, Diversity Team, Join SIG, Infrastructure-fi, and more 21:01:19 .fasinfo mailga 21:01:20 mailga: User: mailga, Name: Gabriele Trombini, email: g.trombini@gmail.com, Creation: 2011-09-14, IRC Nick: mailga, Timezone: Europe/Rome, Locale: en, GPG key ID: 8F9E2C0F, Status: active 21:01:23 mailga: Approved Groups: famsco @marketing commops fedorabugs docs @fedora-join cla_fpca cla_done ambassadors web gitfedora-web @magazine 21:01:48 Evening, mailga o/ 21:01:51 hello 21:02:03 #chair mailga cprofitt 21:02:03 Current chairs: cprofitt jflory7 mailga 21:02:06 cprofitt: o/ 21:02:21 We'll wait a couple more minutes for some more folks 21:02:26 jflory7: thanks. It's a long time I'm not able to make it.... 21:02:28 .fasinfo x3mboy 21:02:30 x3mboy: User: x3mboy, Name: Eduard Lucena, email: eduardlucena@gmail.com, Creation: 2011-11-28, IRC Nick: x3mboy, Timezone: America/Santiago, Locale: en, GPG key ID: DCDC2FFE, Status: active 21:02:33 x3mboy: Approved Groups: marketing magazine ambassadors cla_fpca cla_done 21:02:56 mailga: Hopefully this will be one of the last times we keep you up so late :) 21:02:59 x3mboy: o/ 21:03:02 #chair x3mboy 21:03:02 Current chairs: cprofitt jflory7 mailga x3mboy 21:03:04 jflory7, o/ 21:06:57 Alrighty! Let's get started. 21:07:09 * jflory7 has been changing contexts today a lot today 21:07:09 #topic Announcements 21:07:14 #info === Flock 2016 ended last week === 21:07:19 #link https://communityblog.fedoraproject.org/flock-update-day-1/ 21:07:23 #link https://communityblog.fedoraproject.org/flock-update-day-2/ 21:07:27 #link https://meetbot.fedoraproject.org/sresults/?group_id=flock2016&type=team 21:07:34 #info Flock, the annual Fedora contributor conference, ended last Friday. There were several talks and workshops on various topics, teams, and projects in Fedora. Watch the Community Blog for more updates and read the transcripts of some talks / workshops in Meetbot to stay current. Thanks to all organizers and sponsors for helping make this year's Flock successful! 21:07:43 #info === Ultimate Women's Fedora t-shirt === 21:07:47 #link https://www.unixstickers.com/tshirts-and-hoodies/t-shirts/the-ultimate-fedora-woman-tshirt 21:07:52 #info Unixstickers just released a women's fit version of their ultimate Fedora t-shirt. Pick one up for yourself or a friend! More on this coming soon on the Community Blog! 21:07:58 #info === "Fedora Account System (FAS) security issue" === 21:08:02 #link https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org/thread/3GQR7CKGKM5TZCCH7FHFW55HSZE72VEL/ 21:08:07 #info There was a security vulnerability identified and fixed in FAS this week. No known exploits at this time, but Infrastructure team is monitoring and investigating further. If more information is found later, it will be shared. 21:08:12 #info === FAS group clean-up === 21:08:18 #info The Magazine FAS group (and soon, the Marketing FAS group) was reviewed and inactive members removed. All people removed received a personal, 1x1 email explaining why they were removed and detailing how they could become more involved with either team to later become sponsored. 21:08:20 eof 21:08:29 That's all the announcements I had. Anyone else have anything to share? 21:08:44 ! 21:09:37 mailga: Go ahead! 21:09:47 in order to keep clean the mktg group from inactive members, we should define the rules of approvals. One release work? 21:10:17 mailga: Didn't we do this last release for reevaluating our approval rules? 21:10:20 I think jzb handled that 21:10:52 jflory7: true, but I haven't read any feedback on this, my fault? 21:11:02 We agreed that sponsorship in the FAS group required at least activity for the past two Fedora releases, I think. 21:11:11 I don't recall us acting on at the time 21:11:17 But I believe that was the agreement. 21:11:40 We were debating using the scripts / automatic tools for that, but with the number of people in the Marketing FAS group, I think it would be better off done manually at this point. 21:11:51 mailga: Do you think you could file a ticket for FAS group cleanup? 21:12:32 jflory7: manually it works, for me. I thinks we should file a ticket asking the approval of the active members. 21:13:10 ! 21:13:21 I have a question in this point 21:13:33 jflory7: once the ticket is closed, I will edit the main mktg page with this statement. 21:13:39 mailga: Sounds good to me. Want an action for that? 21:13:43 x3mboy: Sure, go ahead. 21:13:44 Magazine is a subgroup of mktg? 21:13:50 jflory7: yes please. 21:13:55 x3mboy: Hmmm... sort of. That's how I've always viewed it. 21:14:11 #action mailga File ticket for looking at active / inactive members in Marketing FAS group 21:14:20 in Ubuntu we used an automatic expiration script 21:14:34 people had 14 days to take action to 'renew' their membership 21:14:49 Because if that is the case, so we have a lot of people working (or wishing to work) with the magazine, that are not aware about mktg. They are going directly to write articles 21:14:51 cprofitt: I think something like that exists in Fedora, but it was a matter of adapting it for Marketing... I could try to find the links for that later on. 21:14:52 x3mboy: magazine is born from the mktg group, but its increase at the moment means it is a parallel group. 21:15:06 * cprofitt nods 21:15:24 An idea I've had for a while was talking about breaking them off, but I'd like to cover that a little closer to open floor, after all other business. :) 21:15:47 jflory7, +1 21:15:57 #topic Action items from last meetings 21:16:02 #link https://meetbot.fedoraproject.org/fedora-meeting-1/2016-07-27/marketing.2016-07-27-20.58.html 21:16:07 x3mboy: I'm fighting for let the magazine fly on its way, outside the mktg... :-) 21:16:10 #info How This Works: We look at past #action items from the last meeting for quick follow-up. If a task is completed, we move on to the next one. If it isn't, we get an update and re-action it if needed. If no status, we'll try to get a quick update and move forward. 21:16:17 #info === [COMPLETE] jflory7 File a ticket on the Infrastructure Trac for creating a private git repository for us to store passwords with pass, CC bkp, downey === 21:16:21 #link https://fedorahosted.org/fedora-infrastructure/ticket/5423 21:16:29 ^ some discussion needs to happen on this during the ticket 21:16:33 (our ticket) 21:16:37 #info === [IN PROGRESS] jflory7 At Flock, take notes and work on compiling talking points / ideas for the story of Fedora 25 from a non-technical angle (notes, notes, and lots of notes) === 21:16:41 #info Many notes transcribed / taken from Flock, but need to be compiled and reviewed to help create the story / direction (/me feels like there is a good one to be uncovered outside of editions / spins too) 21:16:52 #info === linuxmodder Ask mailing list about possible co-located talking points in wiki and Pagure with weekly syncing === 21:16:54 linuxmodder: ping? 21:16:54 jflory7: Ping with data, please: https://fedoraproject.org/wiki/No_naked_pings 21:17:26 jflory sounds like we need a FOSS Cyberark solution per that ticket 21:17:35 http://www.cyberark.com/ 21:18:13 cprofitt: *nods* That's about where we're at. 21:18:21 * jflory7 isn't sure if linuxmodder is around, so will re-action that for now 21:18:23 #nick linuxmodder 21:18:31 #action linuxmodder Ask mailing list about possible co-located talking points in wiki and Pagure with weekly syncing 21:18:40 #info === [IN PROGRESS] bkp Work on reaching out to the Spin SIGs and Cloud WG for what's coming in F25 to help generate talking points === 21:18:46 #link https://lists.fedoraproject.org/archives/list/spins@lists.fedoraproject.org/thread/E436PZK4RBJPYRQO56UT3R4TZVREQSBX/ 21:18:50 #nick bkp 21:19:08 bkp opened the communication, but no responses have been received, so we might need to do some follow-up there. 21:19:24 #action jflory7 bkp Follow up on email requesting info in Spins mailing list 21:19:33 #info === linuxmodder Check in with Server WG for what's new in Fedora 25 to help generate talking points === 21:19:43 #action linuxmodder Check in with Server WG for what's new in Fedora 25 to help generate talking points 21:20:07 Okay, that's all the previous action items. We can move to the tickets now. 21:20:12 about tic.229 :for social media accounts in a secure environment - fas is a good way 21:20:16 #topic Tickets 21:20:19 #link https://fedorahosted.org/marketing-team/report/12 21:20:24 #info === Ticket #229 === 21:20:29 #link https://fedorahosted.org/marketing-team/ticket/229 21:20:34 #info "Shared, secure password distribution" 21:20:44 Ah, hey, mythcat o/ 21:21:00 mythcat: Unfortunately, FAS isn't an option we have available for managing this right now. 21:21:18 ok 21:21:24 cprofitt: We were looking at tools we could use to manage secure passwords earlier. There was RatticDB, but it seems like a dead project. 21:21:42 * cprofitt nods 21:21:52 jflory7: I can do some digging about with regards to that. 21:22:08 nirik noted some possible limitations about using pass (https://www.passwordstore.org/) in the Infrastructure ticket, but I think they were all things we were already aware of. 21:22:13 #link https://fedorahosted.org/fedora-infrastructure/ticket/5423 21:23:06 puiterwijk has also encouraged us to try to look for other solutions to this ticket other than having a repository for shared passwords 21:23:34 has bugs RatticDB? 21:23:42 One of the few passwords we'd need to store in such a repository would be the Twitter account password, for example 21:23:56 And there might be other ways we can distribute privileges to that account, e.g. a token ID for a client 21:24:05 * mailga agreed with puiterwijk, doesn't know how but agreed... 21:24:06 But I'm not currently aware of any tools off the top of my head 21:24:27 mythcat: Well, it hasn't had any new commits since September 2015, if I remember. So there's concerns about its stability. 21:24:32 jflory7: so this is mostly for controlling shared accounts for social media, etc? 21:24:52 mailga: I think the thing we could do to help identify which route to go towards is exactly what passwords we'd be storing in this repository from Day 1 21:25:05 cprofitt: It could be expanded beyond that in the future, but for now, yes. 21:25:11 yes, knowing what the target is would be good... 21:25:55 The key is having multiple people access a resource that has a single password -- but it would be nice to be able to track 'who' actually used that resource. 21:26:00 jflory7: Day 1? 21:26:11 jflory7: if you find me an open source twitter client, I'm pretty sure I can figure something out 21:26:25 +1 puiterwijk 21:26:35 (an open source twitter client you guys are happy with using instead of web UI*) 21:26:38 puiterwijk, turpial 21:26:40 that is what I was thinking -- FAS front end and twitter API on the back end 21:26:54 cprofitt: As far as tracking who would have access to this repository, we have a FAS group for notating who would have access (fedorasocial-media) 21:27:14 mailga: I mean to say, what passwords we would need to store from the beginning when this repository was created. 21:27:24 jflory7: read my last message. I can get you a version of the client that would work as if by magic, 99% sure I can get that within a couple of days 21:27:27 jflory7: I mean per each use -- so if an offending post is made it would be known who did it vs. knowing ## people could have. 21:27:38 puiterwijk: I think we can probably dig something up. I'd definitely like to ping bkp for ideas too since this might be something he's aware of. 21:27:45 jflory7: understood. 21:28:04 cprofitt: Ahh, yeah. That would be a nice feature to have... 21:28:24 jflory7: well, I have an idea for implementing this in a secure fashion. So, just get me an open source client that you would like to standardize on, and I'll see what I can get you 21:28:41 #idea Identifying what passwords / accounts would need to be stored in a repository like this (e.g. Twitter / Diaspora?) 21:28:43 django is not easy 21:29:00 #idea Finding an open source Twitter client and trying to add in a more secure way to use it as a group other than using a shared password 21:29:04 puiterwijk: would you be able to merge FAS login with a web based interface to post to twitter? 21:30:01 cprofitt: I would not have time to implement a twitter client by myself, but if you guys can find one that you like (desktop one), I can most likely adapt it so that it authenticates via FAS, which will then get the application a real twitter token 21:30:19 #action jflory7 Ping bkp with regards to finding a Twitter client that might work well for alternate authentication (for shared access without the shared password) 21:30:36 jflory7: don't worry abotu the auth. I'll take care of that part. 21:30:38 puiterwijk++ That would be *awesome* 21:30:43 puiterwijk: cool. 21:30:44 jflory7: you just get a desktop client you would like to use. 21:31:02 Sounds good. I'll see what we can dig up. 21:31:08 puiterwijk++ 21:31:14 Turpial is some old, but is a good client, written in python. And still works in F24 21:31:14 so we can avoid the password store issues? 21:31:32 x3mboy: Have a link to the project page? 21:31:37 mailga: Correct. 21:31:42 I'm looking for it 21:31:50 jflory7: same for other things: if you want others, just try to find a desktop client and I can see what I can do, as long as it supports any kind of revocable tokens 21:31:51 puiterwijk++ 21:31:51 mailga: Karma for puiterwijk changed to 33 (for the f24 release cycle): https://badges.fedoraproject.org/tags/cookie/any 21:32:40 mailga: Part of this would also block on making sure that there's no other tools / services that could require the use of a shared password (and if they do, if we could try to find a tool where we could add an authentication layer like puiterwijk has offered to do). 21:32:57 https://github.com/satanas/Turpial 21:33:01 * jflory7 clicks 21:33:14 In some point, this was packaged to fedora 21:33:25 My implementation would be: make a very tiny web application that auths users against FAs, and where you store the actual passwords in securely. But rather than giving the password to anyone, it would instead just be the oauth2 endpoint for the desktop client of choice. Then this web application will do the actual twitter authentication and get a token, which it registers under the username and also 21:33:27 passess on to the desktop app 21:33:28 jflory7: so we will stay on rattic solution with django 21:34:04 jflory7: this would also mean that even though everyone is using the same account, we still keep track of who has an active token, and a way to terminate user tokens when they no longer should have access 21:34:26 jflory7: having tha same access for both the tools (FAS and social media) is the best way to do imho 21:35:03 area of used of this tokens / 21:35:05 ? 21:35:15 x3mboy: Okay, cool, this is one we'll have to dig into some. Nice find. x3mboy++ I'll try to poke around with it a bit. 21:35:30 jflory7: it should be reasonably easy to do with most applications, but the reason I ask you to standardize is so that I don't get 10 people asking me to implement it for their favorite client 21:35:35 puiterwijk: That would absolutely be the most convenient way of managing all of this, hahah. I'm all for it! 21:35:37 Oh, absolutely 21:35:49 puiterwijk++ 21:35:58 puiterwijk ++ 21:36:05 will be restrictons ? 21:36:07 To expect you to do that would be... slightly unreasonable. ;) 21:36:31 jflory7: note: I will see myself forgetting the exact implementation idea, so if I ever sound confused, just send me the link to this meeting logs. 21:36:31 mythcat: Well, Rattic won't be a viable solution anymore, I think. I really think it would be a great solution for us, but it's too risky in terms of the future of the project. 21:36:44 cprofitt: It's very possible you already gave him a cookie this cycle already ;) 21:36:55 puiterwijk: I will dig to see if there is anything else like Rattic 21:37:14 puiterwijk: Ack. I'll try to transcribe this to the ticket too, just so it's easily referrable. 21:37:15 cprofitt: -1 to that idea. I really don't like the idea of giving passwords if we don't need to 21:37:36 oh, Rattic gives the password -- I do not like that either 21:37:43 I thought it was like Cyberark 21:37:46 cprofitt: as said, the advantage of this layer in between is also that we keep track of who gets tokens, and we can revoke tokens. 21:37:53 which is like what you are talking about, but with a web interface. 21:38:15 * puiterwijk has never heard of that 21:38:23 http://www.cyberark.com 21:38:28 it is not open source 21:38:38 but it manages passwords and issues tokens 21:38:43 Ah, okay 21:38:45 you can set roles, etc 21:38:55 I don't have many skils , but I saw has many issues on wiki and nothing change 21:39:24 puiterwijk: you and I want the same thing 21:39:46 Anyway, just tell me which client you guys decide on. It should do everything people need to be able to do. 21:40:09 puiterwijk: +1 21:40:10 (I might even be able to limit the issued tokens further to user-specific access, but I'll need to look at that) 21:40:27 So I think we'll have our actions all set for this ticket. I see two things that need to happen: (1) identifying any other services that would need to be handled in a way like this other than Twitter / maybe Diaspora, and then (2) working on finding a FOSS-friendly client we can agree on using for having a FAS authentication method for 21:40:29 Correct? 21:40:30 jflory7: when assessing a client, assume you don't have the web interface 21:40:51 puiterwijk: So a preference towards a desktop client 21:40:54 (since people won't have access to twitter.com) 21:41:03 * jflory7 nods 21:41:18 jflory7: yes, since that's self-hosted, and doesn't require another layer of authentication 21:41:38 Makes sense. I'll go ahead and note this in the logs. 21:41:58 I don't like browser maybe one Fedora application, I read about clang implementation... is to much 21:41:59 And they tend to have more features easily accessible in my very limited experience of desktop apps 21:42:00 ? 21:42:15 #agreed We will need to work on: (1) identifying any other services that would need to be handled in a way like this other than Twitter / maybe Diaspora, and then (2) working on finding a FOSS-friendly client we can agree on using for having a FAS authentication method 21:42:34 mythcat: Hmm, I'm not sure I follow. 21:43:09 I think some developers can do something similar 21:43:26 Anything else that we should cover for this ticket? For now, I think we'll need to do a little bit of looking around 21:43:59 'identifying any other services that would need to be handled in a way like this other than Twitter / maybe Diaspora' 21:44:43 mythcat: Ahh, yeah. We'd need to come up with a list of things that would fall into this category. 21:45:21 few options noww for me 21:45:33 mythcat: if there's something around that is useful, why should be ask to developers? 21:46:02 Anyways, I think we can go ahead and move on from this ticket. We're at 15 minutes left. 21:46:11 #info === Ticket #231 === 21:46:15 #link https://fedorahosted.org/marketing-team/ticket/231 21:46:19 I saw many application over ...anyway 21:46:21 #info "Create Fedora 25 talking points" 21:47:17 I think we'll need to do some individual follow-up with a few people working with the Editions. stickster for Workstation, jzb for Cloud, and then linuxmodder volunteered for Server. 21:47:38 jflory7: that's my opinion too. 21:48:03 jflory7: do we need someone also for spins? 21:48:06 bkp initiated discussion with the Spins mailing list, but it elicited no response. 21:48:15 I would *like* to have something for the Spins :) 21:49:02 I have some thoughts of my own for things that are maybe more of a community side, but I still need some time to really sit down and take apart all of the thoughts and notes that happened during Flock to help write that 21:49:05 jflory7: spins are a very hard ground.... 21:49:16 mailga: Seems like it, but hopefully we can get something. 21:49:25 Anyways, I think a lot of follow-up is really what's needed here 21:49:52 jflory7, maybe we can take this points from the teams meetings??? 21:49:59 #action jflory7 Reach out to stickster, linuxmodder, bkp with regards to Workstation, Server, Cloud (bkp mentioned he was going to query jzb for Cloud) 21:50:07 jflory7: if we include spins, we nedd each spin in the talking points. oef 21:50:12 x3mboy: Actually, bringing it up during their meetings would be a good idea 21:50:22 mailga: Agreed, not including all of them would seem strange. 21:50:35 I know when the KDE SIG meets, so I could probably try to drop in then. 21:51:07 #idea Reaching out to spins during their SIG meetings / contacting leads directly? 21:51:25 jflory7: first we have to define the spins. 21:51:51 mailga: I'm assuming that would be: KDE, Xfce, LXDE, Mate, Sugar(??) 21:52:25 Oh, and Cinnamon 21:52:50 jflory7: exactly you said "??"... who can say to us which spins are for the next release? Releng? 21:52:56 All listed here: https://spins.fedoraproject.org/ 21:53:21 There are 6 in total 21:53:43 mailga: I believe so. But I don't think the spins have changed in any recent release cycle, outside of the inclusion of Cinnamon in F23 21:54:39 x3mboy: these are the actual and we can assume they are all. But soas? Who knows someone working on soas? And I think the tendency (right word?) is to drop down spins.... 21:54:39 * jflory7 notes we have five minutes left, and still things to cover at open floor like new meeting time 21:54:58 jflory7: let's move on. 21:55:02 If it's alright, I'd like to go ahead and move over to open floor and just take the actions assigned now and follow up next week 21:55:09 Yeah, let's switch over, this is super important 21:55:34 #agreed Will follow up with editions individually, spins will also require revisiting - more discussion can happen in channel or in the mailing list 21:55:37 #topic Open Floor 21:55:42 * jflory7 digs for the whenisgood link 21:55:56 #link http://whenisgood.net/fedora/marketing/2016/fallmeeting/results/iwg9yt8 21:56:23 The time that works for the most amount of people is Tuesdays / Thursdays at 13:00 UTC 21:57:12 The voting is already closed, right? 21:57:15 * jflory7 personally likes the idea of Tuesday? 21:57:19 yes 21:57:22 x3mboy: Well, others could still add a response. 21:57:33 I know that time doesn't work for you, though :( 21:57:45 But we need to closed before setting the time 21:57:52 x3mboy: Would you have any flexibility for either Tuesday or Thursday? 21:58:04 any date 21:58:12 No, it works, it's not my preferred time, but it's ok for me 21:58:26 Both days are ok for me 21:58:32 x3mboy: I think we've probably gathered a response from as many people as we can at this point. I don't think I can "close" the submission on the poll, though. 21:59:20 jflory7, maybe not in the tool but a call to close in the mail: "The voting is tooked until today" or something similar 21:59:24 Okay. So then... starting next week, do we want to start meeting Tuesdays, 13:00 UTC? 21:59:31 +1 21:59:32 jflory7: tuesday is the second day of the week, and usually we are more fresh.... 21:59:34 +1 21:59:54 +1 21:59:59 Bright and early for us in the western hemisphere 22:00:01 +1 too 22:00:28 x3mboy: I did some following up in private, but I think now, we should just go ahead and swap times. 22:00:36 jflory7: which time is in your timezone? 22:00:39 I'd hate to delay it another week after meaning to change it three weeks ago, heheh. 22:00:42 Perfect 22:00:55 Okay, so I will go ahead and work on adjusting the time for all future meetings. 22:00:57 9 am, i think, no? 22:01:46 #agreed NEW MEETING TIME: Tuesdays, 13:00 UTC (9am US EST, 10am Santiago, 3pm Prague/Rome), meeting channel to be determined 22:02:07 #action jflory7 Update Fedocal and mailing list with new meeting time 22:02:51 I think it might be better to discuss the Magazine / Marketing split another time... I can file a ticket so we keep that in discussion too. 22:03:01 #action jflory7 File ticket regarding split between Marketing and Magazine 22:03:09 Any other business we want to cover now? 22:03:34 jflory7: of course, that's a very long discussion.... 22:03:38 :) 22:03:50 ! 22:04:03 This meeting ended up feeling a little more rushed / hurried than I'd like it to have been, but we really do have a lot to cover... 22:04:14 End it 22:04:19 Hopefully things will resume regular pace in coming weeks :) 22:04:25 I can cover my point in the channel or in ML 22:04:27 ical 22:04:30 If nothing else, I will close out in another minute. 22:04:36 And mailga can finally go to sleep :D 22:04:40 .localtime mailga 22:04:41 jflory7: The current local time of "mailga" is: "00:04" (timezone: Europe/Rome) 22:04:54 And is also related to the split mktg/FWM 22:05:06 Oops, looks like I was lagging a bit 22:05:17 Okay, will cover in marketing channel. 22:05:22 Thanks for coming, everyone! 22:05:24 #endmeeting