#fedora-meeting log

18:00:21 <thozza> #startmeeting FESCO (2015-11-25)
18:00:21 <thozza> #meetingname fesco
18:00:21 <zodbot> Meeting started Wed Nov 25 18:00:21 2015 UTC.  The chair is thozza. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:21 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:00:21 <zodbot> The meeting name has been set to 'fesco_(2015-11-25)'
18:00:21 <zodbot> The meeting name has been set to 'fesco'
18:00:21 <thozza> #chair ajax dgilmore hguemar jwb nirik paragan rishi thozza sgallagh
18:00:21 <thozza> #topic init process
18:00:21 <zodbot> Current chairs: ajax dgilmore hguemar jwb nirik paragan rishi sgallagh thozza
18:00:33 <nirik> morning
18:00:39 <thozza> hi all :)
18:00:49 <paragan> Hi
18:00:59 <number80> o/
18:01:44 <rishi`> .hello rishi
18:01:45 <zodbot> rishi`: rishi 'Debarshi Ray' <debarshir@redhat.com>
18:01:56 <number80> .hello hguemar
18:01:57 <zodbot> number80: hguemar 'Haïkel Guémar' <karlthered@gmail.com>
18:02:21 <thozza> that's 5 of us.... I'll give the rest a minute and start
18:02:32 <number80> ok
18:03:40 <thozza> #topic #1500 Deactivate accounts that infra could not contact for 7 days.
18:03:40 <thozza> .fesco 1500
18:03:42 <zodbot> thozza: #1500 (Deactivate accounts that infra could not contact for 7 days.) – FESCo - https://fedorahosted.org/fesco/ticket/1500
18:04:19 <thozza> nirik: so my question is, if it would make sense not to run the script every hour?
18:04:37 <thozza> every hour is too often IMHO - for the emails
18:04:56 <nirik> sure, but then people will complain that they don't have the privs they should have quickly enough.
18:05:02 <paragan> yes every hour looks too ofter
18:05:40 <thozza> I'm not expert on spam filters, but I'm afraid that after 2nd or 3rd email, it would fall info SPAM
18:05:40 <nirik> I'm not sure it's as important as it once was.
18:06:02 <nirik> personally I don't know spam filters that do that, although it's not implausable.
18:06:36 <nirik> it used to be people needed the privs to set fedora-cvs on their package review, since they no longer need that I guess we could move it to once a day or something.
18:08:30 <thozza> Proposal: Request from ticket #1500 is approved, however please consider longer period than 1 hour between the emails.
18:08:52 <number80> +1
18:09:01 <paragan> +1
18:09:04 <nirik> sure, like I said we can move it up. +1
18:09:19 <thozza> I think jwb's vote can be counted for this as well
18:09:27 <thozza> I'm +1 for the record
18:09:44 <rishi`> +1
18:10:13 <thozza> #agreed Request from ticket #1500 is approved, however please consider longer period than 1 hour between the emails. (+6, 0, -0)
18:10:25 <thozza> #topic #1501 F24 System Wide Change: Systemd package split
18:10:25 <thozza> .fesco 1501
18:10:26 <zodbot> thozza: #1501 (F24 System Wide Change: Systemd package split) – FESCo - https://fedorahosted.org/fesco/ticket/1501
18:10:58 <number80> +1
18:11:01 <paragan> +1
18:11:02 <thozza> I'm ok with the change. Does anyone has any questions/objections?
18:11:09 <thozza> +1 for the record
18:11:19 * zbyszek is here, just in case
18:11:28 <number80> This one was discussed on the devel list and systemd list so it's fine
18:11:32 <number80> zbyszek++
18:11:32 <zodbot> number80: Karma for zbyszek changed to 1 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
18:11:39 <thozza> +1 from jwb in the ticket
18:11:42 <nirik> I guess I am +1
18:12:09 <sgallagh> Sorry, I'm here now.
18:12:22 <rishi`> +1
18:12:27 <thozza> sgallagh: np, we are discussing the .fesco 1501
18:12:36 <thozza> https://fedorahosted.org/fesco/ticket/1501
18:12:48 <sgallagh> Right, I have no problems with this.
18:12:57 <sgallagh> +1
18:13:15 * thozza counting
18:13:39 <number80> 7
18:13:39 <thozza> #agreed F24 System Wide Change: Systemd package split is approved (+7, 0, -0)
18:13:43 <thozza> right :)
18:13:59 <thozza> #topic #1502 F24 System Wide Change: Systemd file triggers
18:13:59 <thozza> .fesco 1502
18:14:00 <zodbot> thozza: #1502 (F24 System Wide Change: Systemd file triggers) – FESCo - https://fedorahosted.org/fesco/ticket/1502
18:14:54 <nirik> sure, +1 triggers are nice.
18:15:00 <sgallagh> I haven't followed this discussion too closely
18:15:01 <thozza> zbyszek: I saw sgallagh's comment on the devel list about synchronization with other changes that need the mass rebuild. I think it would be good to use that opportunity, what do you think?
18:15:24 <sgallagh> zbyszek: I assume you're working with FPC to help them build guidelines for triggers?
18:15:28 <thozza> because from what I saw you don't plan to do one, just let the packages be rebuilt when needed
18:15:44 <zbyszek> thozza: it's more or less implemented already, so yeah, any rebuild will be good enough.
18:15:54 <thozza> zbyszek: great
18:16:04 <thozza> +1 from me
18:16:25 <thozza> +1 from jwb in the ticket
18:16:26 <paragan> +1
18:16:38 <number80> +1
18:17:10 <rishi`> +1
18:18:07 <sgallagh> +1
18:18:31 <thozza> #agreed F24 System Wide Change: Systemd file triggers is approved (+7, 0, -0)
18:18:47 <thozza> #topic #1503 F24 System Wide Change: GHC 7.10
18:18:48 <thozza> .fesco 1503
18:18:49 <zodbot> thozza: #1503 (F24 System Wide Change: GHC 7.10) – FESCo - https://fedorahosted.org/fesco/ticket/1503
18:19:01 <thozza> +1 from me
18:19:08 <thozza> +1 from jwb in the ticket
18:19:21 <paragan> +1
18:19:25 <number80> +1
18:19:28 <nirik> +1
18:19:45 <sgallagh> +1 rubber stamp
18:20:30 <thozza> rishi`: ?
18:20:53 * rishi` reads
18:20:57 <rishi`> +1
18:21:15 <thozza> #agreed F24 System Wide Change: GHC 7.10 is approved (+7, 0, -0)
18:21:28 <thozza> #topic Next week's chair
18:21:33 <thozza> that was fast :)
18:22:09 <paragan> I can chair next week
18:22:17 <thozza> paragan: thanks!
18:22:28 <number80> thanks guys :)
18:22:33 <rishi`> Thanks thozza !
18:22:36 <thozza> #info paragan to chair next week
18:22:48 <thozza> #topic Open Floor
18:22:55 <jkurik> There was no plan for mass-rebuild during F24 cycle. However reading through the Changes, it looks like I need to plan one.
18:23:08 <jkurik> ... just a note
18:23:12 <nirik> it just depends on if one is needed, yeah
18:24:54 <thozza> If there is not anything else, I'll end the meeting in 2 minutes
18:25:02 <jkurik> One more note: Elections - we have new nominees to FESCo: https://fedoraproject.org/w/index.php?title=Development/SteeringCommittee/Nominations
18:25:05 <sgallagh> I have something
18:25:14 <thozza> sgallagh: go on
18:25:28 <sgallagh> This is somewhat directed towards zbyszek
18:25:48 <sgallagh> I was just made aware of https://bugzilla.redhat.com/show_bug.cgi?id=1284325
18:26:15 <zbyszek> sgallagh: yeah?
18:26:19 <sgallagh> Which also implies that the systemd package unilaterally added a %post script in Rawhide (and F23?) to add the nss_mymachines to /etc/nsswitch.conf
18:26:37 <sgallagh> This is completely unacceptable behavior without first coming to FESCo.
18:26:53 <sgallagh> (Via a Change Proposal)
18:27:17 <sgallagh> This bypassed the glibc people, the identity management people, etc.
18:28:16 <sgallagh> What I'm hearing from those groups is that this results in unpredictable and broken user/group lookups, particularly when nscd is in play.
18:28:37 <zbyszek> sgallagh: Yes, this wasn't the right way to do it. I hope to clarify the situation / resolve the bugs / fix things as appropriate.
18:29:03 <sgallagh> zbyszek: Until the bugs are addressed, I think you need to push out a systemd update that reverts the nsswitch.conf immediately
18:29:52 <thozza> sgallagh: that seems reasonable
18:30:17 <sgallagh> zbyszek: Also, such changes need to coordinate with authconfig as well, since things like ipa-client-install, realmd, etc. will use that to make changes to nsswitch.conf
18:30:23 <sgallagh> And would overwrite any changes you might make
18:30:46 <thozza> I'm not sure if we need to vote on this. I guess that zbyszek can do it without explicit request from FESCo, right?
18:31:03 <thozza> but we can if you sgallagh want to ;)
18:31:12 <sgallagh> thozza: If zbyszek is willing to make the change, no vote is needed.
18:31:15 <zbyszek> Removing the %post script is reasoanble. Removing changes from installed systems can be tricky... I didn't have time today to look at the nscd bug yet.
18:33:08 <thozza> sgallagh: do you insist on changing the nsswitch.conf also on existing installations?
18:33:24 <zbyszek> So yeah, I'll remove the %post script. I'd prefer to discuss other changes in the bug.
18:34:34 <sgallagh> thozza: not at this time, though that may change
18:34:52 <thozza> sgallagh: so you are OK with such outcome, right?
18:34:56 <sgallagh> There is some ongoing discussion as to whether there may be a security issue involved.
18:35:48 <thozza> #info zbyszek will remove the %post script from systemd package that modifies the nsswitch.conf
18:36:08 <thozza> anything else?
18:36:13 <sgallagh> Just a sec
18:36:18 <thozza> sure
18:36:48 <sgallagh> simo, one of the IDM guys, wants to chime in
18:36:57 <sgallagh> I just sent him the backscroll
18:37:24 <thozza> np
18:37:34 <thozza> simo: the floor is your :)
18:38:21 <simo> I would remove it but it forcibly if it were f23
18:38:59 <simo> on rawhide .. I mean if you remove it then you may remove it also for someone that put it there intentionally
18:39:44 <simo> although given the problems this module has for user/group perhaps systemd should retire it for user/group purposes sompletely hence just always remove it if there on poasswd/grpup lines
18:39:46 <sgallagh> zbyszek: What is the purpose of nss_mymachines when used with users and groups, exactly?
18:39:55 <simo> and propose a dedicated module
18:40:12 <simo> my_machines doesn't exacly make a lot of sense for an identity module as a name ...
18:40:34 <zbyszek> To resolve names like vu-<machine>-<user> for user namespace containers.
18:41:17 <simo> I do not know of any standard that uses names like that, sounds like some more baking should be done before polluting the user/group namespaces
18:41:24 <zbyszek> simo: yes, removing the user/group part to a separate module might be the best approach.
18:42:09 <zbyszek> This part is not in F23, only in rawhide.
18:42:31 <sgallagh> zbyszek: Was the hosts: line handled by glibc or systemd in F23?
18:42:37 <sgallagh> That, at least, really should be glibc
18:43:16 <sgallagh> (and, again, authconfig)
18:43:42 <simo> that is something that may also warrant discussion if we start having a local resolver by default
18:43:49 <zbyszek> sgallagh: What do you mean by "handled"? 'mymachines' was added to the end of hosts: line in F23 by systemd %post.
18:43:53 <simo> because you could simply have a zone in the resolver and add names there
18:44:27 <simo> but that's an entirely different discussion, and should be deferred until we do have a resolver by default
18:45:06 <sgallagh> zbyszek: That's what I meant. That *should* just be in the default nsswitch.conf and understood by authconfig
18:45:32 <sgallagh> But the user/group stuff definitely needs a rethink, so please remove it with prejudice.
18:45:44 <sgallagh> And let people know they have to add it back manually if they are testing it
18:46:20 <thozza> simo: just a note that tomorrow we will have a discussion with GNOME and NM devels about the default resolver and plan to submit the change proposal to wrangler this week or early next week ;)
18:46:36 <zbyszek> I'm fine with removing it temporarily, but in the long run I want to discuss this this upstream.
18:47:14 <sgallagh> zbyszek: Please do. This isn't meant to be a permanent answer
18:49:13 <sgallagh> OK, so are we agreed here?
18:49:40 <sgallagh> As far as having %post remove my_machines from passwd and group?
18:49:54 <thozza> it sounds so... sgallagh you may want to state #info on the rest of what you agreed on
18:50:10 <simo> thozza: tomorrow is thanksgiving, not a great day if you want participation :)
18:51:32 <thozza> simo: given the 8PM local time for me... sounds like a great combination :)
18:52:19 <thozza> zbyszek: can you please confirm the assumption that you are in agreement with sgallagh? :)
18:52:47 <sgallagh> #action zbyszek to modify systemd %post to remove my_machines from the passwd: and group: lines in nsswitch.conf while the interaction is sorted out between glibc, IDM and systemd upstreams.
18:53:26 <thozza> good.... so unless there is anything else to discuss, I'll close the meeting in 2 minutes
18:53:42 <zbyszek> Yes, I'm ok with '#action zbyszek'.
18:53:49 <sgallagh> zbyszek: Thanks
18:56:03 <thozza> #endmeeting