17:00:56 <mboddu> #startmeeting RELENG (2019-02-14)
17:00:56 <zodbot> Meeting started Thu Feb 14 17:00:56 2019 UTC.
17:00:56 <zodbot> This meeting is logged and archived in a public location.
17:00:56 <zodbot> The chair is mboddu. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:56 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:56 <zodbot> The meeting name has been set to 'releng_(2019-02-14)'
17:00:56 <mboddu> #meetingname releng
17:00:56 <mboddu> #chair nirik tyll sharkcz masta pbrobinson pingou puiterwijk maxamillion mboddu Kellin dustymabe
17:00:56 <zodbot> The meeting name has been set to 'releng'
17:00:56 <zodbot> Current chairs: Kellin dustymabe masta maxamillion mboddu nirik pbrobinson pingou puiterwijk sharkcz tyll
17:00:56 <mboddu> #topic init process
17:01:23 <sharkcz> hi, /me is here
17:02:17 <nirik> morning
17:02:19 * dustymabe waves
17:03:09 * relrod waves
17:03:16 <mboddu> Hello Everyone
17:03:25 <mboddu> Lets get started
17:03:39 <mboddu> #topic #7793 Implement new Fedora Security policy for retiring packages with security bugs
17:03:45 <mboddu> #link https://pagure.io/releng/issue/7793
17:04:19 * cverna waves
17:04:29 <mboddu> So, FESCo asked us to do this work
17:04:56 <nirik> yeah. Which doesn't magically mean we have cycles to do so. ;)
17:05:15 <mboddu> Yeah, but now we have Tomas for doing these sort of automation work
17:05:25 <mboddu> Although he is on PTO this week :)
17:06:10 <nirik> cool. Is this something he is willing to work on?
17:06:21 <nirik> note that we can possibly reuse some of the FTBFS scripting
17:06:32 <mboddu> nirik: Yes and yes
17:07:19 <nirik> excellent
17:07:44 <mboddu> nirik: But, I want to understand the proposal here a bit more
17:08:09 <nirik> it's been a long time since I looked at it. ;)
17:08:47 <mboddu> nirik: Okay, I am not able to understand the time related information
17:10:39 <nirik> re-reading it, I am not sure why we tied it to branching.
17:11:28 <mboddu> As I understand it, we start looking at security issue bugs opened against a pkg for 6 months 4 weeks before mass branching, and then file ftbfs (which I dont know why, since they might be buildable) and send weekly notification for 8 weeks and orphan them?
17:11:55 <nirik> basically we want to file bugs against everything with those critera like a FTBFS bug.... but instead a "Outstanding security bug" and then nag for 8 weeks one per week, and retire if the bug isn't fixed at the end
17:12:16 <nirik> "like" FTBFS.
17:12:29 <mboddu> So, its a continuous thing? not 4 weeks before branching?
17:12:34 <mboddu> nirik: Okay
17:12:43 <nirik> well, the timing seems odd.
17:13:03 <nirik> perhaps we should ask for clarification from fesco
17:13:47 <mboddu> Yeah, that was the other question, since 8 weeks of notifications starting 4 weeks before branching means, we will be branched by the end of 8 weeks and we orphan/retire them both on branched and rawhide?
17:14:08 <nirik> yeah, that seems less than ideal.
17:14:44 <nirik> It would make more sense to me to do right after branching (but rawhide only), and orphan, then retire before the next branch
17:15:27 <mboddu> But that would be a lot of weeks of nagging :) (if sent every week)
17:15:51 <nirik> well, nag for N weeks, then orphan, then N weeks and retire?
17:16:14 <nirik> but I am not sure why 8 is the number there... I guess to allow for people being on vaacation or something.
17:16:49 <nirik> and the orphan and retire can be done as part of the retire orphans process...
17:17:16 <cverna> it would be nice to leverage some of pagure in all of this automation, ie try to see if we can had some the branch info in pagure
17:17:43 <mboddu> nirik: Okay +1
17:17:51 <nirik> all this stuff is pretty manual... it would be nice to automate it
17:17:56 <mboddu> cverna: I didnt get you
17:17:59 <cverna> and the state of a package, for example we could have archived repo in pagure for retired
17:18:07 * nirik points to cverna's releng automation page. ;)
17:18:36 <cverna> mboddu: I mean a lot of of the info you need might already be available in pagure's db
17:18:49 <nirik> so, shall we ask fesco for clarification? if we do, we should propose something more clear at the start.
17:18:59 <cverna> just not displayed or available via an api
17:19:23 <mboddu> cverna: Yeah, my plan is to automate this stuff totally, I dont want RelEng to sit down and do it manually :)
17:19:31 <cverna> nirik: good point
17:19:52 <mboddu> nirik: Yup, I will file a ticket with FESCo and also ping Miro on the ticket
17:20:50 <nirik> ok. I'd suggest proposing we change it to start after branching in rawhide only and confirm 8 weeks is the nagging time before orphaning.
17:21:10 <mboddu> #info mboddu will file a ticket with FESCo on more clarification about the timing of this process
17:21:26 <nirik> it's hard to keep in mind all these things... it would be nice to have a page/doc/thing describing them and when
17:21:36 <mboddu> #info suggestion is - proposing we change it to start after branching in rawhide only and confirm 8 weeks is the notification time before orphaning.
17:22:09 <mboddu> nirik: +1, once I get the information, either Tomas or I will create a wiki page
17:22:23 <nirik> so, is this stuff in the FPM schedules?
17:22:37 <mboddu> And the process will be documented in docs.pagure.org/releng
17:22:45 <mboddu> nirik: Not that I know of
17:22:54 <mboddu> As far as I remember
17:22:57 * mboddu checks
17:23:23 <nirik> https://fedorapeople.org/groups/schedule/f-30/f-30-releng-tasks.html
17:23:24 <nirik> it is
17:23:35 <nirik> Retirement process for packages with open security issues 	Tue 2019-01-22 	Mon 2019-03-18
17:23:46 <nirik> Retire Orphaned and Long-Time FTBFS Rawhide Packages 	Tue 2019-02-19 	Tue 2019-02-19
17:24:47 <mboddu> nirik: Yeah, right
17:25:03 <nirik> so I guess another thing to ask is: since we haven't done this this cycle, should we try, or should we punt to f31?
17:25:24 <mboddu> Yes, I will ask it in the ticket
17:25:56 <mboddu> #info PGM schedule already has this scheduled, mboddu will ask if we should try it or punt it to f31
17:26:56 <nirik> cool
17:27:03 <mboddu> Anything else?
17:28:15 <nirik> not on this I don't think
17:29:58 <mboddu> Okay, there is only 1 other thing I wanted to discuss
17:30:04 <mboddu> #topic Change Meeting time
17:30:33 <mboddu> https://framadate.org/fedorarelengmeeting
17:31:11 <mboddu> cverna, dustymabe, relrod : Since you are here, can you please add your vote ^, if you can
17:31:22 <cverna> on it
17:31:50 <mboddu> So, far it looks like Tue 16:00 UTC or Fri 16:00 UTC is the best time
17:32:25 <mboddu> If that seems to be the case, I want to propose Tue as sometimes Fri is a long weekend or people want to take PTO for extended weekend
17:32:26 * relrod looks
17:33:04 <cverna> Tue 16:00 is when the CPE program call happens so that might not be the best
17:33:13 <cverna> or I messed up my UTC time
17:33:34 <nirik> one problem with tuesday...ok, second problem with tuesday: often we have releng things on tue... mass branching, freeze starts, etc.
17:33:47 * nirik filled this out before we had that call I think
17:33:49 <smooge> yep 1600 is cpe time
17:34:15 <mboddu> nirik: Yeah, right, I haven't thought about it at all
17:34:26 <nirik> I guess we could just keep this time...
17:34:27 <mboddu> cverna: Ahhh, you are okay with all the times?
17:34:38 <cverna> no I messed up editing now :P
17:35:14 <mboddu> nirik: Its not working out for me, hence I wanted to propose a new time and couple of people also requested it earlier
17:35:37 <nirik> oh right, reading that an hour eariler would work better for you?
17:36:13 * cverna likes Thursday 1600 so it is just after the infra meeting
17:37:41 <mboddu> cverna: I would like to avoid back to back to meetings since most of the people will attend both of the meetings, but we will see
17:38:00 <nirik> we could do 16:30 and confuse everyone! :)
17:38:12 <relrod> mboddu: I voted for times that work(-ish) with my class schedule, but I'm not too active in releng yet, so don't weigh my vote too heavily.
17:38:34 <mboddu> relrod: Thanks
17:38:38 <mboddu> nirik: Haha :)
17:39:54 <mboddu> How about Mon or Wed 16:00 UTC?
17:40:05 <mboddu> cverna: Didn't say no to them, so he can attend ;)
17:40:09 <nirik> monday I have fesco. ;(
17:40:14 <nirik> wed is fine for me
17:40:49 * cverna double check his calendar
17:41:31 <cverna> monday would work
17:41:51 <mboddu> cverna: Wed? Since nirik got FESCo on Monday
17:42:25 <mboddu> Wed 16:00 UTC seems to be perfect if cverna can make it
17:42:38 <mboddu> Lot of pressure on cverna :P
17:43:00 <cverna> I would be ok but every other week I have a call at this time
17:43:11 <cverna> but I can follow on IRC :)
17:43:19 <mboddu> cverna: Okay, that is awesome
17:43:27 <mboddu> So, wed 16:00 UTC it is
17:43:45 <mboddu> Scheduling is hard :(
17:43:51 <cverna> yep
17:43:59 <nirik> almost as much as naming
17:44:12 <smooge> next up we need to name our new schedule
17:44:23 <mboddu> #info Fedora RelEng meeting will be moved to every Wednesday 16:00 UTC
17:44:38 <mboddu> #info mboddu will send an email to releng list and update the calendar
17:44:42 <nirik> oh, I suppose we can do #fedora-meeting then
17:44:42 <nirik> ?
17:44:43 <mboddu> smooge: Noooooooo
17:44:51 <cverna> maybe we should look at merging the infra and releng meeting
17:45:12 * mboddu is thinking about cverna's idea
17:45:13 <cverna> that would be one less thing in the calendar :P
17:45:33 <mboddu> cverna: Well, we have to extend the meeting time though
17:46:00 <mboddu> nirik: +1 on #fedora-meeting
17:46:15 <cverna> mboddu: yes
17:46:30 <nirik> we could... some people might not be interested in one or the other tho
17:46:57 <cverna> if we were going that way we would need an agenda and respect timing
17:47:15 <mboddu> Yup and 2 hours continuous meeting is also hectic
17:47:21 <cverna> true
17:47:29 * nirik isn't sure what he thinks of that... would want to ponder on it more
17:47:37 <cverna> although the infra meeting is often done in 30 min
17:47:42 <mboddu> Anyway, we can push it for later
17:48:02 <cverna> sure it was just me thinking out loud
17:48:09 <mboddu> We will think about it in future if needed
17:48:34 <mboddu> Okay, moving on
17:48:39 <mboddu> #topic Open Floor
17:49:01 <mboddu> I have a question to nirik but I can go last
17:49:31 <nirik> I was just going to mention branching is next week, so we should make sure we are all ready for it.
17:50:40 <mboddu> #info Mass Branching is next week, Feb 19th
17:50:52 <mboddu> nirik: That means, new key and signing the rawhide
17:50:58 <nirik> yep.
17:51:07 <nirik> perhaps we should make those today/tomorrow?
17:51:15 <nirik> and start signing nowish
17:51:16 <mboddu> nirik: That is one thing we need before mass branching
17:51:21 <mboddu> nirik: +1
17:52:14 <mboddu> Oh, I forgot about mass building modules
17:52:18 <nirik> you want to make the key? (we should also send it to msuchy to add to mock)
17:52:44 <nirik> I can add it to autosign (except I may need puiterwijk to do initial setup)
17:52:48 <mboddu> #info Finally I started running mass rebuild on modules but it failed due to some missing permissions on what the token can do
17:52:59 <mboddu> #info Patrick is working on fixing it
17:53:01 <puiterwijk> nirik: for what? What do you need me to do?
17:53:19 <mboddu> nirik: Sure, I can create the key
17:53:21 <nirik> fedora-31 key added to autosign... it has to be bound? or can I do that with the info you provided the other day?
17:53:37 <puiterwijk> Oh, right.
17:53:45 <puiterwijk> I think you can do that with what I provided, yes.
17:54:05 <nirik> can give it a go and yell for help if I get stuck
17:54:16 <puiterwijk> Sure
17:54:43 <mboddu> #info mboddu will create the key and nirik/puiterwijk will work on adding fedora-31 key to autosign
17:54:51 <nirik> hum, so how can we ask it to sign... we need tags created first
17:55:34 <mboddu> nirik: No, we sign f30 tag with f31 key as well and when branched, they will all be signed with f31 key
17:55:37 <nirik> if I add another f30 to f30 section with the f31 key will it work right?
17:55:41 <mboddu> At least thats what I thought we have been doing
17:55:55 <nirik> yes, but I am talking about robosign config.
17:56:25 <mboddu> nirik: I thought you can add two keys within f30 section
17:56:41 <mboddu> Thats what I remember seeing, but I might be wrong
17:57:24 <nirik> well, if that works it will help for new builds, but it won't help for existing ones.
17:58:56 <puiterwijk> nirik: no, two keys for the same source tag won't work. So what we did before was one for the pending tags, and the other just in the destination as best effort
17:59:40 <nirik> that seems non ideal. ;(
18:01:29 <nirik> not sure what else to do tho... you don't want sigul_sign_unsigned to be run anymore. ;)
18:01:34 <mboddu> nirik: I thought you were using sigulsign_unsigned.py to sign the existing builds
18:01:53 <mboddu> Yeah, that is true :)
18:01:55 <nirik> it would be cool if robosign had a 'sign everything in this existing tag, don't worry about fedmsgs'
18:03:10 <mboddu> We have past the meeting time, can we take this to a regular channel?
18:04:04 <nirik> yeah, move on.
18:04:26 <relrod> nirik: depending on when it is needed, and how much background knowledge is needed, maybe I could take a look at adding that option as an entry into releng stuff?
18:04:26 <mboddu> Anybody has any other quick updates?
18:04:51 <nirik> relrod: sure, if you like...
18:04:57 <mboddu> Thanks relrod
18:05:23 <relrod> I'll likely need some handholding for it at first thoguh
18:05:33 <relrod> *though
18:06:07 <mboddu> relrod: Understandable :)
18:06:16 <mboddu> Anyway, thanks for joining everyone
18:06:29 <mboddu> Lets take it to #fedora-releng
18:06:34 <nirik> I suppose I could also stop the hub and run a loop... but that will stop regular stuff... might be ok on weekend nights tho
18:07:06 <mboddu> nirik: Not a big fan of it, but if its the only thing we can do...
18:07:17 <mboddu> #endmeeting