#fedora-meeting log

16:09:23 <threebean> #startmeeting messaging_sig
16:09:23 <zodbot> Meeting started Tue Apr 17 16:09:23 2012 UTC.  The chair is threebean. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:09:23 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:09:26 <threebean> #topic roll call
16:09:32 <threebean> Anyone in for the messaging SIG meeting?
16:09:38 * nirik is lurking around.
16:12:12 <ianweller> hi!
16:12:17 <threebean> :)
16:12:41 <ianweller> sorry, lost my concentration on irc for a minute or two there
16:12:57 <threebean> usual agenda sound good?  1) reports, 2) next steps
16:13:43 <threebean> #topic reports
16:14:08 <ianweller> go for it
16:14:20 <threebean> Over the last month I got the fedmsg codebase into what I think is pretty good shape.
16:14:51 <threebean> We've got sending hooks in place in branches for bodhi1, bodhi2, fas, and tagger -- plus a git post-update hook waiting to be used.
16:15:12 <threebean> j_dulaney reported he was working on sending hooks for AutoQA too, but I haven't heard from him in ~2 weeks.
16:15:35 <threebean> For the past week I've been working on getting everything into RPMs for F17 and el6 and learning the ropes along the way.
16:16:01 <threebean> F17 packaging is 100% (minus all the package reviews) and el6 is 75% done.  Should be done by the end of the day.
16:16:32 <threebean> nirik: I wrote up a little description of how to test out the fedmsg tools in the README too, btw.  https://github.com/ralphbean/fedmsg/blob/develop/README.rst
16:17:06 <nirik> nice
16:17:25 * nirik will try it out at some point.
16:17:33 <threebean> ianweller: getting something into stg from which you can start consuming messages hinges on getting these RPMs finished.  We could be doing that in the next couple days, I hope.
16:17:51 <ianweller> threebean: ping me on IRC when you have some ready for review
16:17:58 <ianweller> (i should probably finish lmacken's reviews i need to do then today...)
16:18:17 <threebean> ianweller: I'll even trade reviews ;)
16:18:28 <ianweller> dunno if i even have anything up for review right now, but i'll check
16:19:15 <threebean> ianweller: anything happen with statistics++ lately?
16:19:28 <ianweller> threebean: not really :( midterms suck
16:19:38 <ianweller> i poked around a bit with census as potentially replacing dataviewer in the spec
16:19:43 <ianweller> i need to poke around quite a bit more
16:19:47 <threebean> cool
16:20:20 * ianweller should edit the wiki and push all the deadlines back by a month
16:20:45 <threebean> ianweller: can you post that link?  I always have trouble finding it.
16:20:51 <ianweller> https://fedoraproject.org/wiki/User:Ianweller/statistics_plus_plus
16:20:57 <threebean> thnx.
16:21:03 <threebean> #topic next steps
16:21:33 <threebean> nirik: When I finish all these el6 rpms, can we move ahead with trying stuff in stg before all the package reviews are done?
16:21:43 <threebean> Or is that a no-no on the policy front?
16:22:02 <nirik> threebean: we can... it's not ideal tho... would be better to have them in epel-testing at least.
16:22:18 <nirik> oh, that selinux update should fix that sync issue you ran into the other day, but you do need to reboot.
16:22:33 <threebean> nirik: yeah! i'll try it out right after the meeting
16:22:53 <nirik> also, I might need to do some poking at staging this week...
16:23:07 <ianweller> here's a question: when the fedmsg stuff is in staging, will publictest machines have access to that?
16:23:09 <nirik> we still have a few rhel5 boxes there that need to be redone and I am going to nuke our staging branch.
16:23:30 <nirik> depends... what port(s) does it use?
16:23:36 <threebean> nirik: ok, i'll definitely hold off
16:24:14 <threebean> right now it's in the 4000 range, configurable in /etc/fedmsg-config.py
16:24:24 <nirik> we really only have 80/443 going into staging from the outside I think...
16:24:39 <ianweller> can we set up a junk VM inside staging?
16:24:44 <nirik> so, external hosts probibly won't be able to access it.
16:24:56 <nirik> we could add a fedmsg01.stg host or something...
16:25:57 <nirik> ianweller: for testing stats gathering? or ?
16:26:29 <ianweller> nirik: partially for developing datanommer and friends
16:26:47 <nirik> ok, in real production that would probibly live on log02?
16:26:54 <ianweller> most ilkely
16:26:56 <ianweller> likely*
16:27:00 <nirik> we could make a log.stg I suppose.
16:27:04 <ianweller> or even in real staging, once it's past the develop process
16:28:06 <nirik> we can work something out... or if nothing else use a app*.stg for testing.
16:29:03 <ianweller> ten four.
16:29:43 <threebean> since we'll be holding off with pushing stuff until packages get reviewed.. any suggestions on which apps to hit up next for sending hooks?
16:30:00 <ianweller> i have something marginally related to that question but not completely related ;)
16:30:11 <threebean> ianweller: shoot!
16:30:33 <ianweller> i've been trying to work my head around the legal ramifications of me wanting to put anonymized httpd logs into datanommer
16:30:46 <ianweller> so that we can automate the "unique IPs" queries that are on the statistics wiki page right now
16:30:52 <nirik> threebean: many to choose from. ;) koji? or, perhaps httpd logs or a generic syslog->message translator
16:31:12 <ianweller> do either of you know about what we can/can't do with the privacy policy or whatnot or should i go ping spot/legal list
16:31:43 <threebean> nirik: (I'm avoiding koji intentionally....  the generic syslog->message translator beta is done.  It's that fedmsg-logger command.)
16:32:06 <threebean> ianweller: yeah, I haven't thought about it at all.  I'd go with spot/legal.
16:32:08 <nirik> ianweller: well, if we hash or otherwise change the ip's so they are not identifyable I would think it would be ok.
16:32:15 <nirik> but best to run that by legal.
16:32:20 <ianweller> i'll do that today then
16:32:48 <nirik> if ip's were in there, someone could look up what OS/version someone was running potentially.
16:33:36 <nirik> if hashed we should be able to still uniq them without revealing which ones have what...
16:33:44 <threebean> sounds solid to me
16:33:53 <ianweller> nirik: the other fun thing is user agents
16:34:06 <ianweller> and i feel like hashing the IP address and dropping the user agent is enough
16:34:12 <ianweller> and doesn't really hamper any of our use cases
16:34:18 <ianweller> but i will definitely ask legal
16:34:20 <nirik> hum... yeah, or hash the useragent too. ;)
16:34:57 <nirik> I suppose if you had access to the data tho, you could figure out the hash by doing custom useragents...
16:36:21 <threebean> hmm.. I guess I'm not sure why we need to conceal the user agent?
16:36:48 <ianweller> i think it falls under personally identifiable information
16:36:49 <nirik> well, it could reveal you have an old vulnerable browser... but I don't know how big a deal that really is.
16:37:13 <threebean> hmm.  If it's dissociated from the IP though...
16:37:44 * ianweller starts writing that email
16:38:10 <nirik> true... although if you have access you could hit with various user-agents and figure out the hash of your ip?
16:39:29 <threebean> if you have one (ip, hash) pair, how much does that help you figure out the others?
16:39:54 <nirik> yeah, not much (provided the hash is a reasonable one)
16:40:02 <nirik> so, yeah, I don't guess it's a big deal
16:40:44 <threebean> hey, well I'm intentionally avoiding koji for now (since it's so tough to stand up locally).  I'll try and hit sending hooks in a plugin for the wiki by next week after these el6 packages get finished.
16:40:51 <threebean> any other business before we close?
16:40:59 * ianweller has none
16:41:10 <nirik> nothing here.
16:41:21 <threebean> cool.  thanks!
16:41:24 <threebean> #endmeeting