15:02:52 <decathorpe> #startmeeting FESCO (2020-05-04)
15:02:52 <zodbot> Meeting started Mon May  4 15:02:52 2020 UTC.
15:02:52 <zodbot> This meeting is logged and archived in a public location.
15:02:52 <zodbot> The chair is decathorpe. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:52 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:02:52 <zodbot> The meeting name has been set to 'fesco_(2020-05-04)'
15:02:57 <decathorpe> #meetingname fesco
15:02:57 <zodbot> The meeting name has been set to 'fesco'
15:03:02 <decathorpe> #chair nirik, ignatenkobrain, decathorpe, zbyszek, bookwar, sgallagh, contyk, mhroncok, dcantrell
15:03:02 <zodbot> Current chairs: bookwar contyk dcantrell decathorpe ignatenkobrain mhroncok nirik sgallagh zbyszek
15:03:09 <decathorpe> #topic Init Process
15:03:10 <bcotton> .hello2
15:03:11 <zbyszek> .hello2
15:03:11 <zodbot> bcotton: bcotton 'Ben Cotton' <bcotton@redhat.com>
15:03:13 <zodbot> zbyszek: zbyszek 'Zbigniew Jędrzejewski-Szmek' <zbyszek@in.waw.pl>
15:03:16 <nirik> morning
15:03:47 <bookwar> .hello2
15:03:48 <zodbot> bookwar: bookwar 'Aleksandra Fedorova' <alpha@bookwar.info>
15:03:55 <mhroncok> hi
15:04:25 <decathorpe> good evening
15:04:41 <sgallagh> .hello2
15:04:42 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
15:06:26 <decathorpe> ignatenkobrain won't make it today. should we wait for contyk? dcantrel / dcantrell doesn't seem to be online.
15:07:08 <sgallagh> contyk is on PTO
15:07:22 <sgallagh> decathorpe: dcantrell was just giving a tech talk; he might still show up
15:07:32 <zbyszek> FWIW, I didn't have time to study up on the one ticket we have on the agenda
15:07:44 <sgallagh> But I wouldn't necessarily wait for him
15:07:48 <decathorpe> okay, then let's start
15:07:59 <decathorpe> #topic #2372 F33 Self-contained Change: Network Time Security
15:08:04 <decathorpe> .fesco 2372
15:08:07 <zodbot> decathorpe: Issue #2372: F33 Self-contained Change: Network Time Security - fesco - Pagure.io - https://pagure.io/fesco/issue/2372
15:08:44 <decathorpe> oh, hello dcantrell :)
15:08:48 <decathorpe> #chair dcantrell
15:08:48 <zodbot> Current chairs: bookwar contyk dcantrell decathorpe ignatenkobrain mhroncok nirik sgallagh zbyszek
15:08:50 <dcantrell> .hello2
15:08:52 <zodbot> dcantrell: dcantrell 'David Cantrell' <dcantrell@redhat.com>
15:08:56 <dcantrell> hi
15:09:43 <decathorpe> doesn't look like much has happened here since last week
15:10:02 <sgallagh> So, I have a proposal:
15:11:00 <sgallagh> Proposal: "FESCo approves Network Time Security support for Fedora 33, but does not approve it to be enabled by default. Please write up instructions for enabling it that we can include in release notes."
15:11:50 <zbyszek> Hmm, but is an approval necessary to enable an non-default feature?
15:12:15 <sgallagh> If I read it correctly, it still involves replacing some of the innards.
15:12:38 <bcotton> i'd argue it's not generally required, but sgallagh's proposal makes FESCo's position clear about what is permitted for this release
15:13:16 <bcotton> (and the technical details of this specific proposal may or may not fall under the "still needs a change proposal" category)
15:13:25 <bookwar> "introduce new smth" can still be filed as a change, and change should be approved by fesco
15:13:32 <decathorpe> I like the proposal ... and I think this is how other changes have been introduced in the past? make optional in one release, possibly enable in the next one if it works?
15:13:41 * nirik would rather here more details...
15:14:48 <zbyszek> OK, if we treat the change as "Update to 4.0 and enable NTS while at it", it makes sense to have this is as a change, and it makes sense for us to approve it.
15:15:57 <nirik> well, the questions are all still around 'enable NTS' no?
15:16:03 <nirik> like, pointing to what?
15:16:19 <zbyszek> Also, what about the anaconda parts?
15:16:36 <nirik> chrony is already updated and supports nts in rawhide.
15:17:34 <decathorpe> so this is already implemented, minus the "enabled by default" part? lovely
15:19:02 <nirik> well, the chrony part. No idea on installer... and it's not enabled in the default config.
15:19:30 <nirik> proposal: invite change owners to next weeks meeting to answer questions and/or ping them to answer questions in ticket/list?
15:19:42 <zbyszek> +1 to nirik
15:20:13 <decathorpe> +1 to nirik. some clarifications would be good ...
15:20:21 <mhroncok> +1 to nirik
15:21:38 <decathorpe> bookwar, sgallagh, dcantrell : vote?
15:22:07 <sgallagh> 0
15:22:20 <bookwar> i think clarification at the meeting would be hard, i'd rather have discussion in the ticket
15:22:36 <bookwar> it seems change owner is ready to talk, but we need our questions
15:23:31 <bookwar> so +1, but let's make sure we start the conversation then, rather then just postpone it for one more week
15:23:36 <dcantrell> +1 to nirik
15:23:58 <decathorpe> bookwar: good point
15:24:01 <nirik> I guess re-reading it they want us to answer that...
15:24:09 <nirik> ie, should it be default or not.
15:24:16 <nirik> and pointing to what
15:25:01 <decathorpe> I guess we answered that already, don't enable it by default ... but I don't think users would be thrilled to rely on Cloudflare for this
15:25:52 * nirik is now reconsidering sgallagh's proposal. :)
15:26:02 <bookwar> so, relying on cloudflare on default system seems to be a "no go" for me
15:26:27 * nirik agrees.
15:26:37 <decathorpe> ++ if that's the only option, it must be opt-in
15:26:45 <nirik> so, we really don't have anything to point it to... so this is most 'if you want to enable it it's available now'
15:26:55 <bookwar> if we can not make it default in some other way - then we can just approve it as sgallagh said
15:27:46 <sgallagh> It does say "best option seems to be Cloudflare" which implies other options exist.
15:28:19 <sgallagh> But in general, I think I'd rather see us spend a cycle figuring this out. So I'm still in favor of my earlier proposal
15:28:24 <nirik> I don't personally want to get into the business of running nts servers. That seems... not alined with the fedora infrastructure goals/mission.
15:28:37 <bookwar> i believe that "no change" changes are important too, they need a place in release notes, and discussion on mailing lists and tracking, so i am for +1 on he change with no defaults
15:29:04 <decathorpe> so you want to vote on sgallagh's original proposal?
15:29:09 <nirik> yeah, +1 to sgallagh's proposal... seems the best we can do.
15:29:23 * decathorpe resetting my vote count
15:29:33 <zbyszek> It may come to this, but then I think the Change page needs to be adjusted to clearly describe what is happening and what is not happening. So either way, we're back to discussion with the Change owners.
15:30:00 <mhroncok> I agree with zbyszek
15:30:04 <zbyszek> So I'm -1 to approving the change right now, because the descripition is confusing/unclear.
15:30:09 <mhroncok> I don't like us to vote on something that is not the change
15:30:18 <nirik> ok, so lets ask them to adjust ?
15:30:19 <mhroncok> not if the change proposal is not updated
15:30:25 * sgallagh nods
15:30:27 <mhroncok> works for me
15:30:49 <bookwar> proposal: ask change owners to update the change to the "no changing defaults" variant and vote in the ticket as soon as the update is done
15:31:14 * decathorpe resets vote count again
15:31:18 <decathorpe> +1
15:31:45 <dcantrell> +1
15:32:02 <nirik> +1
15:32:57 <sgallagh> +1
15:33:02 <mhroncok> +1 to bookwar
15:33:33 <decathorpe> zbyszek: vote?
15:33:47 <zbyszek> -0, I think this could use some more discussion.
15:35:00 <zbyszek> E.g. PEERNTP=, is this a thing? I cannot find the documentation anywhere.
15:35:22 <decathorpe> #agree Ask change owners to update the Change proposal to not change the default configuration (+6, 1, -0)
15:35:31 <bookwar> zbyszek: will you ask that in the ticket?
15:35:46 <zbyszek> bookwar: yep
15:36:09 <decathorpe> hm. did I mess up the zodbot syntax?
15:36:24 <mhroncok> decathorpe: should be good, there is no response
15:36:39 <decathorpe> good. moving on
15:36:44 <nirik> it doesn't respond to agree, but it works fine.
15:36:51 <decathorpe> #topic #2381 F33 System-Wide Change: systemd-resolved
15:36:55 <decathorpe> .fesco 2381
15:36:59 <zodbot> decathorpe: Issue #2381: F33 System-Wide Change: systemd-resolved - fesco - Pagure.io - https://pagure.io/fesco/issue/2381
15:37:20 <zbyszek> BTW, https://bugzilla.redhat.com/show_bug.cgi?id=809367 is for PEERNTP.
15:37:33 <decathorpe> sgallagh: you tagged this with meeting, I guess because of the -1 vote?
15:37:52 <sgallagh> Right, anything with a -1 goes to the meeting.
15:38:14 <decathorpe> I count (+2, 1, -1) from votes in the ticket.
15:38:25 <decathorpe> do we want to discuss this during the meeting?
15:38:40 <sgallagh> I reached out today to some of the folks on the Red Hat Security Team to get their opinions on systemd-resolved because I have been out of that space long enough to be unsure of the state of my understanding.
15:39:07 <sgallagh> The responses that I got back were largely not in favor, so I'm effectively proxying that opinion.
15:39:34 <nirik> huh... thats somewhat vuage. :(
15:39:34 <mhroncok> sgallagh: is that somehting that should be dicussed on the devel list rather than a fesco meeting?
15:39:47 <dcantrell> I'm with sgallagh on this one.  The idea to me sounds fine for Fedora, but the implementation seems clunky
15:39:50 <mhroncok> with details and time to read the information asynchronously
15:39:52 * nirik switched to it a while back and the only thing I have hit so far is https://bugzilla.redhat.com/show_bug.cgi?id=1823480
15:40:54 <sgallagh> The major concern is the modifications to nsswitch.conf which are not trivially reversible.
15:41:11 <sgallagh> (e.g. by simply doing `systemctl disable systemd-resolved.service`
15:41:38 <decathorpe> Proposal: post feedback on the devel list and restart discussion
15:41:45 <dcantrell> +1
15:41:47 <mhroncok> decathorpe: +1
15:42:53 <sgallagh> +1
15:43:11 <zbyszek> sgallagh: actually doing 'systemctl disable systemd-resolved.service' will effectively disable the changes to nsswitch.conf.
15:43:17 <nirik> sgallagh: it uses a user one I thought?
15:43:19 <sgallagh> I'm leaving my -1 on the ticket for now in the interests of not having it get auto-approved.
15:43:28 <sgallagh> nirik: What do you mean?
15:43:31 <nirik> +1 to more discussion in any case.
15:43:50 <zbyszek> +1 to more disucssion, that is always good
15:43:51 <nirik> "(a) modifying authselect's user-nsswitch.conf template, if authselect is in use, or (b) directly modifying /etc/nsswitch.conf otherwise. "
15:44:29 <decathorpe> bookwar: vote?
15:44:32 <sgallagh> we can take this elsewhere
15:44:37 <bookwar> +1
15:44:48 <nirik> oh, thats the template. sure.
15:45:16 <decathorpe> #agree Post feedback on the devel list and restart discussion (+7, 0, -0)
15:45:33 <decathorpe> #topic Next week's chair
15:45:46 <decathorpe> Igor has volunteered to chair next week's meeting since he couldn't make it today, any objections?
15:45:47 <mhroncok> ignatenkobrain
15:45:55 <dcantrell> fine by me
15:46:34 <mhroncok> (I don't think we need to ack or vote on next week's chair)
15:46:38 <decathorpe> #action ignatenkobrain will chair next meeting
15:46:40 <mhroncok> (at least we never did)
15:46:51 <decathorpe> #topic Open Floor
15:46:53 <mhroncok> .
15:47:48 <mhroncok> should we discuss how to handle the new fesco elections question changes not to select the questions ourselves in a fesco ticket?
15:48:00 <nirik> I can give a short datacenter move update.
15:48:23 <mhroncok> (I also have something about the security policy update.)
15:49:34 <decathorpe> nirik: short update sounds good
15:49:44 <decathorpe> mhroncok can give longer updates after that :)
15:49:45 <bookwar> mhroncok: where do you propose to brainstorm the questions?
15:49:52 <bcotton> decathorpe: unless it's "everything's on fire" ;-)
15:50:08 <mhroncok> bookwar: on the devel mailing list, in the thread where we ask people to chip in
15:50:14 <decathorpe> bcotton: well, it's short and non-actionable, so we could just move on
15:50:22 <nirik> RDU2 datacenter: we had a dead switch, hopefully replaced soon. Hopefully communishift will be able to come back up later this week. IAD2 (new virgina datacenter): We finally have network access. We spent the weekend configuring management interfaces for new hardware. There's some more to go and then we will start bringing up instances there. So, currently, we are on schedule still to move the week of june 8th hopefully.
15:50:29 <mhroncok> they might have feedback to our proposals, but they are not aware about them,because they don't follow the fesco tracker
15:50:56 <mhroncok> nirik++
15:50:56 <zodbot> mhroncok: Karma for kevin changed to 9 (for the current release cycle):  https://badges.fedoraproject.org/tags/cookie/any
15:50:58 <decathorpe> nirik++
15:51:05 <bookwar> mhroncok: good point, so let's reserve ticket for tracking the change, while keep discussion on a mailing list
15:51:22 <decathorpe> mhroncok: do you want to reply to the devel thread?
15:51:38 <mhroncok> what I don't knwo is how do we select the questions at the end
15:51:49 <mhroncok> I don't think we need to have more and more quations, or do we?
15:52:06 <mhroncok> decathorpe: I'd rataher if the proposals are shared there by their authors
15:52:08 <bookwar> nirik: will you announce communishift on devel mailing list as soon it is up? or where should i look
15:52:31 <nirik> bookwar: yes, can send to devel-announce
15:52:33 <mhroncok> (let's finish nirik's topic first, this is ugly)
15:52:52 <bookwar> mhroncok: i am done, sorry for that
15:52:59 <bookwar> let's focus on questions topic
15:53:21 <mhroncok> sgallagh, decathorpe: please, could you bring your porposals to devel list?
15:53:30 <sgallagh> Will do
15:53:33 <decathorpe> will do
15:53:37 <mhroncok> thanks
15:53:43 <mhroncok> everybody: how will we select the questions and when?
15:53:56 <mhroncok> should be complete by 19 May
15:53:58 <decathorpe> #action decathorpe and sgallagh will respond to the devel list concerning FESCo election questionnaire
15:54:18 <mhroncok> IMHO we need something votable by fesco at least a week in advance
15:54:21 <mhroncok> that is 12 May
15:54:30 <bookwar> so brainstorm on mailing list, summarize the outcome of mailing list discussion some day and post the summary to the ticket, vote on each question separately
15:54:33 <mhroncok> that is basically next week meeting
15:54:46 <mhroncok> bookwar: so basically, just adding more questions?
15:55:00 <bookwar> ~4 questions with most of the votes get into the interview
15:55:17 <decathorpe> I'm all for dropping one of the existing questions, two of them are pretty similar
15:55:31 <mhroncok> bookwar: I'd for example argue that a "Who are you" question should not count
15:56:02 <mhroncok> also "4 questions with most of the votes get into the interview" will likely generate conflicts, do we range vote?
15:56:37 <bookwar> mhroncok: to be honest, i would look into list first, then see where to put a line. I am not sure if we need a strict policy on this
15:56:38 <zbyszek> mhroncok: maybe let's just collect the questions and have someone do de-duplicatio by hand.
15:56:40 <mhroncok> my point is: if we want change, now is the time to decide what the framewrok for the change will be, becasue we have a deadline
15:57:11 <sgallagh> Proposal: Collect questions, bcotton has the final say on which are used
15:57:20 <mhroncok> we can certainly have a volunteer, who would collect the ideas, feedback and than propose a final list as a proposal
15:57:50 <zbyszek> Either option works.
15:58:00 <bookwar> deadline should affect the day when we cut the discussion and do a summary, i think, but the we can just look at it
15:58:02 <mhroncok> sgallagh: if bcotton is able to work on that, I think I like your idea, except that fesco should probably ack it
15:58:18 <bookwar> then*
15:58:23 <mhroncok> it really depends on bcotton's availability
15:58:25 <bcotton> i can do that
15:58:26 * nirik is fine with giving bcotton more work. ;)
15:58:30 <bookwar> sgallagh: assignig volunteers works for me :)
15:58:38 <mhroncok> bcotton++
15:58:38 <zodbot> mhroncok: Karma for bcotton changed to 8 (for the current release cycle):  https://badges.fedoraproject.org/tags/cookie/any
15:58:43 <decathorpe> bcotton++
15:58:43 <zodbot> decathorpe: Karma for bcotton changed to 9 (for the current release cycle):  https://badges.fedoraproject.org/tags/cookie/any
15:58:43 <sgallagh> mhroncok: I disagree on general principle. I don't think FESCo members should get to decide which questions determine if they get to continue holding their seat :)
15:58:52 <bcotton> but definitely agree with having FESCo approve my results
15:59:00 <mhroncok> sgallagh: I see your point and I share the concern
15:59:16 <mhroncok> sgallagh: but I also disgree that one person should get to decide which questions determine...
15:59:43 <mhroncok> IMHO this should technically be council's decision
15:59:58 <mhroncok> but I am afraid that having that involved, we won't make the deadline
15:59:59 <bookwar> sgallagh: i think we are going too political. do you expect we fight for it to keep our places?
16:00:13 <mhroncok> :)
16:00:21 * sgallagh hides his pistol behind his back. "No?"
16:00:32 <bookwar> I mean if yes, we can certainly do a formal community range vote, but i am not sure we really need that
16:00:37 <zbyszek> The interview may include parts which don't answer one of the specific questions, but talk about other things too. So I don't think we need to overthink this.
16:00:51 <mhroncok> ok, let me summarize this
16:01:06 <sgallagh> I trust bcotton, so consider me an automatic +1 on his proposed questions
16:01:09 <sgallagh> Sufficient?
16:01:23 <bookwar> bcotton: no pressure
16:01:26 <bcotton> :-D
16:01:47 <mhroncok> 1) send proposals to devel. 2) bcotton collects the ideas and feedback, submits a new list for fesco ack. 3) fesco acks, automatically getting a +1 from sgallagh
16:01:49 <bcotton> i think the concerns are valid but also solving for a problem we haven't experienced in my....experience
16:02:10 <zbyszek> mhroncok: sounds good
16:02:10 <decathorpe> +1 for mhroncok's proposal
16:02:14 <sgallagh> mhroncok: +1
16:02:17 <zbyszek> Who does 1?
16:02:30 <mhroncok> zbyszek: anybody, or nobody
16:02:32 <decathorpe> devel list subscribers I guess :)
16:02:38 <mhroncok> zbyszek: have ideas? do share them
16:02:49 <zbyszek> Right, but we need an #action to have somebody start the discussion lest we forget.
16:02:52 <mhroncok> zbyszek: no ideas? bcotton presents the current list
16:02:53 <sgallagh> bcotton: As election coordinator, do you mind starting the thread with the existing suggestions from the ticket?
16:02:58 <zbyszek> +1 to the proposal
16:03:09 <bcotton> i accept the #action
16:03:43 <dcantrell> +1 to the proposal
16:03:51 <decathorpe> alright, let me get this right  ...
16:04:14 <mhroncok> side note: I also trust bcotton but I just deem "one person selects the questions" as not very good idea on principle (sorry bcotton)
16:04:52 <bcotton> mhroncok: no offense taken :-)
16:05:05 <decathorpe> #agree Collect more questions on devel list, ask FPgM to curate, and FESCo will approve questions (+5, 0, -0)
16:05:18 <decathorpe> #action bcotton to ask for questions on the devel list
16:06:02 <decathorpe> any objections to those two ^ items?
16:06:15 * bcotton has no objections
16:06:56 <mhroncok> no objections
16:07:10 <decathorpe> anything else? otherwise I'll close the meeting in a few minutes.
16:07:47 <bcotton> did we get nirik's datacenter update finished?
16:08:03 <nirik> I didn't have anything more, unless there were more questions?
16:08:11 <bcotton> i thought there were some questions that got tabled while we were discussion elections
16:08:26 * nirik reads back
16:08:28 * mhroncok waits until this is calrified
16:09:03 <nirik> I dont see any off hand, but please re-ask if anyone had any
16:09:57 * mhroncok considers that topic clarified now
16:10:06 <decathorpe> I only see bookwar's question and that was answered, so I think we're good
16:10:10 <mhroncok> I just wanted to say that the security policy doesn't seem to have a consensus on devel and the discussions stopped a long time ago. Not sure if we want to just keep the status quo (a policy that we don't follow) or take ay other action
16:10:41 * decathorpe makes a note to read up on that discussion
16:11:36 <nirik> policy on CVE bugs you mean?
16:12:32 <decathorpe> mhroncok: can you open a FESCo ticket for that so we don't lose track of it again?
16:13:45 <mhroncok> decathorpe: roger that, action me
16:13:48 <mhroncok> nirik: yes, that one
16:13:59 <decathorpe> thanks
16:14:14 <decathorpe> #action mhroncok to open fesco ticket about Security Policy
16:14:17 <nirik> yeah, it would be good to do something there.
16:14:50 <decathorpe> anything else for the Open Floor?
16:16:03 <decathorpe> guess not :) thanks everybody.
16:16:06 <decathorpe> #endmeeting