20:00:11 #startmeeting 20:00:12 (switch it) 20:00:49 #topic Who's here? 20:00:51 * ricky 20:01:00 * nirik is here in the cheap seats in the back. 20:01:04 * sijis is here. 20:01:11 * dgilmore is here 20:01:18 * nb 20:01:37 * dgilmore pulls nirik out of teh cheap seats 20:01:37 K, lets get started with the tickets 20:01:42 #topic Infrastructure -- Tickets 20:02:24 .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority 20:02:30 Ok, so the only one there is on abadger1999 20:02:33 .ticket 1503 20:02:35 abadger1999: around? 20:02:41 meeting 20:02:44 here 20:02:44 Yep. 20:02:46 * f13 20:03:02 **davivercillo is here 20:03:14 phew. So I've been busy and haven't done on anything again. I'll take this off the meeting for now. 20:03:25 I'll go ahead with relicensing python-fedora first. 20:03:34 Then I think we'll do FAS or pkgdb. 20:04:18 * ianweller is here 20:04:23 abadger1999: ok 20:04:28 abadger1999, do we have a list of apps we write? 20:04:34 After we see that it seems prettystraightforward to do that we can go ahead with everything else. 20:04:52 smooge: Unfortunately no -- I go off of memory/what's in puppet/what's running on the app servers. 20:05:03 abadger1999, and do you have an idea on how we will publish local changes to meet AGPL needs. 20:05:10 hello all 20:05:11 You can get a decent list in appRhel.pp 20:05:15 But not totally complete either. 20:05:32 Hi everybody, I'm new here ! I'm from Brazil and I would like to help you with something... try at lest... 20:05:33 smooge: That's a good point. So I made several proposals in the wiki page. 20:05:34 ricky, ok thanks.. 20:05:40 * johe here, late but here 20:05:41 davivercillo: Welcome! 20:05:51 abadger1999: thanks ! =D 20:05:52 jeff_hann, davivercillo: Hey, welcome! 20:05:59 smooge: We can do several things... 20:06:20 i'm here too :) 20:06:25 1) Not hotfix. Everything has to be released as a tarball which we can link to. 20:06:32 Pro: simple. Con: limiting 20:06:53 'released as a tarball'? 20:07:04 2) thanks to our new policy, hotfixes have tickets. 20:07:39 f13: Well.... I suppose we can point people to a revision/branch in revision control... But it needs to be the source that we're running on the server. 20:07:46 f13: So it can't be HEAD. 20:07:51 f13: released as a tarball that can be packaged 20:07:59 f13: It would have to be a branch dedicated to mirror produciton. 20:08:37 sorry I think I'm not quite following the discussion 20:08:47 So baack to #2 -- If we have a patch to the hotfixes in the tickets we can probably link to tarball + list of tickets. 20:08:48 I thought the no hotfix policy meant that fixes have to be in rpm form in the repo 20:08:50 or in puppet 20:08:59 but not just modified directly on the box in question 20:09:10 f13: This is a different policy.... licensing Guideline. 20:09:11 f13: they should be yes 20:09:20 f13: We're going to try to switch to the AGPLv3. 20:09:30 ah right, nuance there 20:09:34 f13: (In part because moksha/ fedora community is) 20:10:01 f13: So we have to figure out how to provide the code that we're running on the servers to people at all times. 20:10:35 smooge: Other options that aren't so painful? 20:10:59 imho we are either running rpm code, or running signed tagged checkouts 20:11:13 I am wondering if a git archive meets the AGPL need. 20:11:15 and thus we can either point to the srpm, or to the source repo we're running a checkout from 20:11:17 i think we should always use rpms 20:11:41 f13: Early on in infrastructure I proposed that we use checkouts from revision control. 20:11:44 releasing tarballs is a bit of a hassle and redundant in today's scm days 20:11:45 then they are always available via the infra repo 20:11:55 I would prefer if we used RPMS so we can do the worlds easiest tripwire (rpm -V) 20:12:00 I stil think that's nice... but I don't think mixing rpms and checkouts for a single app is good. 20:12:11 if we go with scm checkouts, the process to get it checked out and deployed has to be in puppet 20:12:16 * ricky agrees with what abadger1999 says 20:12:19 We'd either want rpms always (with hotfixes) or checkouts always for any given app. 20:12:20 so using a tag is somewhat necessary 20:12:26 * nirik wonders also if there couldn't be a wiki page or something noting why something is in infrastructure and not just EPEL. ;) 20:12:28 f13 I would like it to be the following: 20:12:34 Luke always manages to get hotfixes into RPMs - maybe we can aim for the same? 20:12:50 abadger1999: does the direct link to the source need to be on each web page 20:12:56 heh, last time he complained about it though ;-) 20:13:06 spot: ping 20:13:12 he's at LS 20:13:15 in canadia 20:13:18 Yeah... 20:13:22 git pull, make changes, git commit, git whatevermakes branches, git push; make rpm; make push-to-repo; puppet do your thing 20:13:34 I hear they have internet there ;-) 20:13:42 don't even have to do that 20:13:43 abadger1999, barely generally... 20:13:52 git pull/ chnage/ commit/ tag push ; push --tags 20:14:07 puppet config would always be pulling from a given tag in the repo 20:14:11 mmcgrath: care to go over why you'd rather have rpms than checkouts again? 20:14:22 * mmcgrath might be missing something too 20:14:54 abadger1999, for the same reason we don't install everything into /usr/local? 20:14:58 abadger1999: you're talking about packages right? 20:15:00 like fas? 20:15:10 mmcgrath: correct 20:15:35 mdomsch: But -- we'd be able to track what's installed because the code is in the scm. either HEAD of a specific branch or a tag. 20:15:53 rpm -V, package dependencies and puppet's facilties for managing packages are nice 20:15:55 using puppet to pull it will give us repeatablity. 20:15:55 f13: id like to know why you think pulling from scm is better? 20:15:57 HEAD is bad 20:15:57 abadger1999: so now we have 2 pkging systems? 20:15:59 abadger1999: IIRC it's part of our freesoftware policy. And for the same functionality and ease of updates as why Fedora doesn't ship tarballs. 20:16:03 It's also pretty consistent between apps 20:16:05 That's why I like RPMs 20:16:15 skvidal: That's one strike against it, sure. 20:16:21 abadger1999: it's a big strike, imo 20:16:25 dgilmore: during development of an app, its moving quite a lot faster than what we can push through creating tarball, building rpm, stuffing tha trpm into a repo somewhere, and then updating the host 20:16:27 abadger1999: what benefit do we get? 20:16:44 dgilmore: I'm not sure if we need a direct link on every page. Fedora community I believe links to the fedorahosted web page which links to the source repo. 20:17:05 it's far easier and smoother to cherry pick a hot fix into the "live" tag, and push that change set, letting the server pick up the live tag at the next puppet run 20:17:27 f13: not sure it is easier for anyone else looking to replicate what we do 20:17:28 once things get more stable, I definitely agree that rpms are the way to go 20:17:35 abadger1999: ok, just curious as to how we meet the requirement thatthe live code is available 20:17:37 mmcgrath: It's nice from a developer's standpoint. Gets the most benefits when it's an app that runs at a single location. 20:17:39 f13: nor does it provide the unity of system 20:17:50 skvidal: correct, it is not a perfect solution. There are none 20:17:51 could we ship them as conaries? 20:18:08 I think we'd end up making our very own 'stow' type of system 20:18:25 abadger1999: you can do that in the test environment if you want :) but not in production 20:18:30 which is just implementing another package system 20:18:30 f13: i have to say its maybe easier from a developer standpoint but not from a sysadmin perspective 20:18:40 mmcgrath: Allows the developer to not have to deal with making a release (update versions, make tarball, make rpm, deploy) instead they can deploy using (the developer's) normal scm tool. 20:18:46 Those are the benefits. 20:18:53 dgilmore: from a sysadmin perspective, does it matter much when its entirely driven by puppet? 20:18:56 (as I see them). But there's definitely cons. 20:19:02 abadger1999: but once it's in production it's not about them 20:19:04 f13: i think so 20:19:17 Even in puppet, it would add a good deal of complexity. 20:19:26 mmcgrath: so we're only talking about once in production? 20:19:36 but a test instance in development wouldn't have to play by the same rules? 20:19:36 well I'm talking a minimum of once it's in production. 20:19:43 I'd prefer it in staging. 20:19:53 agpl doesn't seem to note any difference 20:19:54 mmcgrath: Well... that depends... what are you going to want to do to fas or packagedb that you wouldn't toss at a developer and would benefit from an rpm? 20:19:56 on the publictest servers I don't have a preference since so much actual development goes on there. 20:20:12 abadger1999: I'd hope they'd be developing on their workstation, not in production is all. 20:20:23 mmcgrath: If we're sticking with rpms over scm, I definitely want rpms in staging. 20:20:50 abadger1999: right do same thing across the board 20:20:52 just so I'm clear who's advocating the tarball method, who's advocating rpms and who has no preference? 20:21:05 +1 rpm 20:21:07 * ricky likes RPMs in staging/production 20:21:07 public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version 20:21:15 +0 20:21:18 mmcgrath: i think tarballs should lead to rpms and we should use rpms 20:21:21 I'm advocating checkouts from a specific tag in scm at least during the time where changes are rapid. 20:21:23 quoth agpl 20:21:42 +1 rpm 20:21:54 whether that time is restricted to pre-staging or not, I don't really care 20:21:55 mdomsch, what difference 20:21:56 I think the argument here is that changes should be rapid in testing/development, not in staging/prod 20:21:56 * mdomsch uses staging as a test platform 20:22:09 rpm + patches from scm 20:22:16 Currently, people are free to go from SCM on publictest machines though 20:22:25 ricky: and typically do 20:22:32 mdomsch, nm.. figured it out 20:22:34 * ianweller certainly does :) 20:22:34 mdomsch: what does '+patches' mean? 20:22:45 mdomsch: do you mean patching the fs itself - or do you mean %patches? 20:23:03 skvidal, most often, git-format-patch HEAD^; scp 0001-foobar.patch app1.stg 20:23:09 mdomsch: nod 20:23:10 No preference -- as long as we do it across the board. 20:23:27 so, lets propose that once an app goes to staging, all modifications to the app must happen through rpms 20:23:28 test; fix; repeat; cut version 20:23:33 if we go RPMs are we going to require that on pt servers 20:23:37 ok stupid question time.. do changes to configuration files count as patches that need to be publci. 20:23:40 since one can easily generate a rpm with patches from git 20:23:46 before one does the actual full release 20:23:50 f13: I'd make an exception for emergency patches that require a ticket. 20:23:50 smooge: I don't think so 20:24:10 mmcgrath: why make an exception? It takes only a few minutes to generate a patched rpm 20:24:11 * abadger1999 agrees with mdomsch's use of staging 20:24:20 skvidal, I just want to get that dealt with before the "Red Hat breaks the AGPL by not publishing their passwords" slashdot fest 20:24:26 I don't want to have to respin the RPM just to test a fix on staging 20:24:27 :) 20:24:37 mmcgrath: What is the policy on testing hotfixes on staging? 20:24:39 mdomsch: apparently it isn't about your wants though. 20:24:48 mmcgrath: Like when we were doing FAS testing there, I ran it off of a patched wsgi file somtimes. 20:24:54 smooge: I agree with skvidal. configs are managed via puppet 20:25:04 mdomsch: if we go strict to just rpms in production, it seems that we want the same thing in staging 20:25:06 it's been my experience that in our environment, requireing a full rebuild of an rpm is a pretty high cost. 20:25:12 not everyone has access to the signing key for one thing. 20:25:16 f13, fair enough; but I do want a place to test things before production. Staging has been that so far. if staging isn't going to be that, fine; but something else needs to be. 20:25:16 mdomsch, mmcgrath are we using staging for devepment or for integration.. or both 20:25:28 next you'll have to make sure that the next release of the rpm (whatever it is) is at least higher then what yours is. 20:25:51 smooge: a little of both. It's really supposed to be for integration/staging. 20:25:56 staging has been mostly for staging deployments and debugging issues (like FAS 500s) in an environment with close-to-prod data 20:25:58 mdomsch: +1 20:26:00 but we don't have a fully functional development environment. 20:26:09 so we need some .devel. boxes for everything? 20:26:11 mdomsch: isn't that what publictest instances are for? 20:26:23 The policy on staging has been -- okay to break it for a short period... but by the time it is deployed it has to be right. 20:26:23 f13: we don't have enough pt boxes though 20:26:26 ah. 20:26:29 many of them are being used for proof of concepts and things. 20:26:33 smooge: devel mostly happens on pt machines or home machines right now 20:26:50 So rpm + patch hotfix in staging seems to fit that idea -- but it becomes an rpm by the time it goes to production. 20:26:54 * smooge starts to look up .pt. boxes to figure out how many are needed 20:26:55 this is one of those instances where we see the flaws in our process, but fixing the process isn't that feasible at the moment because of man hours and hosting space 20:27:13 in theory, for a full environment, we'd need 20:27:15 1 db server 20:27:17 2 app servers 20:27:19 1 proxy server 20:27:22 1 bapp server 20:27:24 1 releng box 20:27:26 1 koji box 20:27:28 1 cvs host 20:27:29 abadger1999, right. code running in staging doesn't have to be published in a downloadable fashion per agpl as it's not public. 20:27:41 so that's a minimum 8 per environment. 20:27:47 mdomsch: that's a very strange interpretation of "public" 20:27:51 so if we do a full staging and devel environment that's 16 new boxes 20:27:53 err new hosts. 20:27:59 mdomsch: I wonder if they assume "staging" isn't on the internet 20:28:01 where ours is 20:28:21 "It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. " 20:28:25 so if we're going to allow rpms + patches with tickets in production, then rpms + patches (without tickets) should be OK in staging 20:28:27 the only "users" of the staging server is us 20:28:44 abadger1999: are we discussing this for legal obligations or just to get our policy figured out? 20:28:48 mdomsch: except that the staging servers are accessable by the entire world. 20:28:49 i missed something. how did agpl get involved here? 20:28:59 therefore: rpms only in production; rpms + patches in staging. 20:28:59 mmcgrath, can we compress a little? i.e. using a db server for both dev and stg? or is it needed for stg to be on its own? maybe we need less machines 20:29:02 jwb: we're talking about re-licensing all of Fedora web apps as agpl 20:29:10 f13, they are? 20:29:12 thekad: not reliably 20:29:14 jwb: and if we do, there are things we have to consider 20:29:26 ok.... 20:29:27 mdomsch: Hrm, I was under the impression that they were. 20:29:30 technmeg: We usually don't want real data on development 20:29:36 why agpl? 20:29:39 abadger1999: if this time next year no one is using fedoracommunity, can we get rid of it and go back to GPL? 20:29:41 thekad: staging is supposed to be more secure than devel. So separate db servers. 20:29:42 :) 20:29:46 jwb: moksha alreasy is agpl 20:29:49 abadger1999, gotcha 20:29:57 mmcgrath, app1.stg isn't reachable outside FI, right? 20:29:59 jwb: Largely because moksha/community switched to it. 20:30:05 mdomsch: correct 20:30:10 mdomsch: It isn't, but the staging proxy server is 20:30:13 jwb: Here's some additional justification: https://fedoraproject.org/wiki/Infrastructure_Licensing 20:30:16 So it's similar to the prod setup 20:30:16 mdomsch: I stand corrected 20:31:02 lets take a step back and look at the hot fix we did for mirrormanager last week. 20:31:07 Proposal: Production env is ran by rpms, plus hotfixes with associated tickets with code available. staging is ran from rpms and code patches. 20:31:08 Pretend mirrormanager was AGPL. 20:31:29 abadger1999: would we have not been able to do what we did? 20:31:39 f13, lets table that for mmcgrath's stuff then we will discuss proposal 20:31:44 mmcgrath: Where's the ticket for that? 20:32:01 abadger1999, thanks 20:32:01 Let's look at it and see what we might need to do differently. 20:32:02 .ticket 1524 20:32:40 So mirrormanager --- we have a base of an rpm that's available from the repo on http://infrastructure.fedoraproject.org/ 20:32:55 include srpm 20:32:58 We don't have a patch in the ticket... 20:33:06 I think might have had to generate a patch file that does the revert, and attached the patch file to the ticket 20:33:09 abadger1999, you have a pointer to the patch 20:33:16 (and then have something on MM that points to the ticket queue to look for changes) 20:33:27 Right. Partial instructions on how to generate a patch 20:33:31 you have a pointer to the patch that was reversed. 20:33:42 20:33:59 now, I don't think anybody would sue us over the minor nit pick 20:34:18 abadger1999: ok, now take this same scenario 20:34:20 especially as the patch is public 20:34:28 and lets say that it wasn't a revert. But I had to add a line of code. 20:34:39 mmcgrath: you'd generate a patch file, attach it to the ticket 20:34:47 Attaching the patch sounds reasonable to me. 20:34:52 and that alone, would make me legally compliant? 20:34:56 (or reference the commit upstream) 20:34:57 or commit the patch to MM upstream, with a pointer to the commit 20:35:08 mmcgrath: provided that the mirrormanager site has some link to the ticket queue 20:35:14 mdomsch: it dawns on me that I actually have commit access in MM and should have done that ;-) 20:35:25 mmcgrath: I'd say that we need a patch, rather than just hte line of code pasted in the ticket. 20:35:33 (as the patch tells where in the code to apply it). 20:36:21 (side note, using git am would be perfect here, as it also contains info about the author, and has the commit message) 20:36:27 We'd also need to point people at the patch. 20:36:33 .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&keywords=%7EHOTFIX&order=priority 20:36:37 an dhas the shasum of the patch which won't change when applied upstream 20:36:44 I thought that would do us... but it's not quite enough :-( 20:36:54 We need two keywords per hotfix. 20:37:01 Hotfix Appname 20:37:03 So the one bit there that's confusing to me is that mirrormanager would have to link to my hosted ticket some how? 20:37:28 mmcgrath: right. MirrorManager would have to have a link to wherever the patch is posted. 20:37:36 holy fuck do I hate AGPL 20:37:44 :-( 20:37:49 be it the infra ticket queue, the MM ticket queue, or the MM upstream repo 20:37:49 That way mirrormanager can say infrastructure.fedoraproject.org rpm/srpm + URL that finds just mirrormanager hotfixes. 20:37:50 :P 20:37:59 mmcgrath, heh. and i thought i was the only one 20:38:09 mmcgrath: hate or not, it's actually making us be much better about our patch management. 20:38:13 mmcgrath: well, we haven't relicensed anything yet -- now's the time to holler if it's not going to fly. 20:38:38 the infrastructure ticket could have been moved to MM"s trac instead 20:38:40 how will the actual implementation of this "linking to bug fixing" work? 20:38:52 f13: That makes them harder for us to track though :-( 20:39:03 mdomsch: Re: or commit the patch to MM upstream, with a pointer to the commit 20:39:07 MM is the upstream project. It doesn't need a link to all the downstream implementations thereof. 20:39:07 mdomsch: I don't think that's enough. 20:39:13 f13, having moved to MM's trac and referencing that trac on f-i's trac would work? 20:39:15 ricky: rather, a ticket with the patch could have been filed at MM site. 20:39:18 A central web area where we store current patches to our apps? 20:39:20 is that a legal question? 20:39:24 mdomsch: Unless there's a branch dedicated to what we deploy. 20:39:25 mine I mean. 20:39:38 The downstream implementations need a link to the code they're running: that can be "pointer to upstream version" plus patches 20:39:39 mdomsch: ie, a patch against HEAD might not apply to what we have in production. 20:40:00 mmcgrath: probably a legal question 20:40:07 abadger1999, rpmfusion uses MM now too. I'd need a separate branch for them too? 20:40:08 Ok 20:40:13 repeat for other folks wanting to run MM 20:40:16 so I think here's what we generally agree on. 20:40:20 and then give those downstream users commit rights on my repo? 20:40:23 uh, no thanks. 20:40:25 mmcgrath: I'm looking at the Community site right now, and they just have a footer that points to the hosted site for both Fedora COmmunity and Moksha 20:40:28 no other details. 20:40:41 mdomsch: why would they have commit access? 20:40:48 mdomsch: they can post patches in tickets just like everybody else 20:40:56 you can choose to apply them if you want. 20:41:02 but that's not a matter for us 20:41:06 lets forget that MM is done by one of us 20:41:07 f13, for abadger's suggested "FI deployment branch" 20:41:10 so I think we agree, you make a change. Put the patch in fedora-infrastructure trac right? 20:41:12 mdomsch: Yep. So I don't think the "pointer to scm commit" is going to work well. 20:41:25 mmcgrath, I agree. 20:41:32 In /our/ deployment of MM, we need to account for not only the upstream source we use, but also the modifications /we/ make 20:41:41 abadger1999, it _can_ work for apps we own; but none other. 20:41:44 f13: Note that I talked to spot and specifically brought up this point. 20:41:46 Should we ask legal about the "linking app back to bug tracking" bit? 20:41:51 OK, that sounds fine to me, but it's hard to collect them in a central place to link off of the web app pag. 20:41:54 **page 20:41:55 so putting a footer in our deployment of MM that points to not just the upstream source, we can point to say our infra repo where hotfix patches go 20:42:03 f13, right 20:42:06 f13: So it's possible that community is out of compliance -- or is in compliance as long as we don't hotfix it. Or... 20:42:08 It wouldn't be too hard to setup a directory containing all currently applied live patches 20:42:14 abadger1999: did spot say that was a hard requirement? 20:42:17 ricky, we send them to a src.rpm file? 20:42:29 Does oracle ship any products similar but with a less confusing license? 20:42:30 abadger1999: nod. I think it depends on how 'exact' we have to be in offering the source 20:42:40 smooge: Well, I'm just talking about live patches here, not package changes 20:42:44 corresponding == exact 20:43:04 then Fedora Community will be out of compliance the moment we apply a patch 20:43:15 since their pages only point you to fedorahosted, not even the git repo 20:43:23 you have to go somewhere else once you get to fedora hosted to get to the source code 20:43:28 f13: Yeah -- I'm a bit worried about that actually. 20:43:42 OK, so are we basically waiting on legal advice about the linking requirements at this point? 20:43:44 well the page tells you how to get it 20:43:45 f13: my understanding is that it needs to point at what is live. so i could setup the service exactly as it is in our infra 20:43:48 f13: Since even git repo != what we have deployed without additional instructions 20:43:58 Because otherwise, it doesn't seem to be moving forward all that much 20:44:24 make a pi icon that you can click and it just starts spewing the live source 20:44:33 Can we eliminate some things? 20:44:37 IMHO it should be enough to point to A) upstream source, B) any changes we make to it. 20:44:38 like the agpl? 20:44:50 sorry, i should shut up 20:44:56 A) can be the upstream source repo, B) can be a ticket query that shows any active hotfixes 20:44:56 jwb: No that's valid. 20:45:04 abadger1999: and you talked to spot specifically about having our applications point directly to trac? 20:45:14 abadger1999, perhaps. but i have little vested in this 20:45:14 (and I guess hotfixes will have to remain active if they are only in our rpm and not the upstream source) 20:45:16 Proposal #1 -- Don't use AGPL as license. 20:45:39 mmcgrath: No -- just whether we have to provide any hotfixes that go onto our servers. 20:45:46 I really don't want to get into banning software due to it's free license 20:45:50 We didn't talk about how to provide them. 20:45:56 f13, bannign? 20:46:01 banning that is 20:46:02 f13: Not quite what we're saying 20:46:05 sure it is 20:46:06 we ban software based on free licenses already :) 20:46:10 f13: This is about how we license our stuff. 20:46:19 define "our stuff" 20:46:20 f13: Not about third-party stuff. 20:46:26 "Don't use AGPL as license" meaning FAS, mirrormanager, etc. 20:46:26 is Fedora Community "our stuff" or third party? 20:46:29 Proposal #2: Central directory containing all patches linked directly on website footers as well as source? 20:46:31 If we write it 20:46:35 define "we" 20:46:36 (That's if the trac ticket thing doesn't fly) 20:46:37 f13: That's actually a problem 20:46:52 f13: he's saying "don't apply AGPL to our software" not "don't use software that is under AGPL" 20:46:53 my point is, looking at the number of questions and hurdles the AGPL would force on you, why in the name of all things Fedora would you want to use that when it causes so much hassle to just get a damn _fix_ onto your services? 20:46:56 f13: things written with fedoraproject use intended 20:46:58 Fedora Community acts like a third party but wants in-house treatment. 20:47:11 We have to shift that one way or another. 20:47:26 Agreed 20:47:28 jwb: because the AGPL actually ensures that the source code for the web service you're using is actually available 20:47:48 unlike other licenses where you can patch it to hell and back and never be required to provide your changes 20:47:53 * mmcgrath is actually fine with people making changes to fas and not making that code available as long as they're not distributing it 20:48:02 abadger1999: right i view it as third party due to the way that things have been done 20:48:04 f13, i don't think that is really causing Fedora any pain 20:48:05 mmcgrath: define "distribution" 20:48:11 whereas using AGPL seems to... 20:48:12 jwb: What f13 said and that Community is using it -- which means that sharing code with community is harder. 20:48:14 mmcgrath, +1 20:48:17 f13: don't have to, thats for legal to decide 20:48:18 idea: how about a web page that lists the apps we have in deployment, with links to a) their upstream source; b) the live patch queue; for each app. 20:48:25 as well as what day of the week it is ;) 20:48:36 Lets look at koji code 20:49:02 if somebody, like say oracle, took koji code and started using it and made it available to people, but patched it to add functionality 20:49:03 * abadger1999 notes that we're at 46minutes. 20:49:15 mmcgrath: I would be pretty disappointed if somebody added an good OpenID provider to FAS and started running it without it being free :-) Of course, the chances of that happening are almost nine. 20:49:16 we'd want those code changes, particularly as they're a compeditor 20:49:17 f13: they could 20:49:19 **none 20:49:33 f13: as koji is currently licensed 20:49:34 with the way that koji is licensed now, they can do just that, and we have no recourse 20:49:38 yeah, nine are too many 20:49:41 mdomsch, I think in the end we will need to get a legal idea on what is required in the sharing of the code. Do patches count? Or is it the full tree? Do config file changes count if the config file is listed as beign AGPL also. 20:49:47 thekad: :-) 20:50:00 f13: they do have to post there code for there customers 20:50:03 if it were AGPL, they'd be required to make those changes available. 20:50:09 dgilmore: not as a webapp 20:50:27 dgilmore: client code ran on the computer yes, but none of the hub code would be required to be made public to their customers 20:50:28 dgilmore: They're not distributing hte web ap.. only letting people use it. 20:50:35 abadger1999: so before the cost of not moving our apps to AGPL meant sharing code was very nasty. Now, moving our apps to AGPL means doing practical things might be illegal? 20:50:40 f13: right. 20:50:57 mmcgrath: Yes. 20:51:06 mmcgrath: practical very often gets in the way of opensource licensing 20:51:06 we've got some decisions to make. 20:51:08 Although doing practical things has always been illegal. 20:51:11 mmcgrath, burdensome at best. illegal at worst 20:51:19 This just hits us in a place where we haven't considered before. 20:51:32