#meeting-1:fedoraproject.org log

<@james:fedora.im>

16:00:14

!startmeeting fpc

<@meetbot:fedora.im>

16:00:15

Meeting started at 2025-07-03 16:00:14 UTC

<@meetbot:fedora.im>

16:00:16

The Meeting name is 'fpc'

<@james:fedora.im>

16:00:18

!topic Roll Call

<@james:fedora.im>

16:01:01

Hey

<@limb:fedora.im>

16:01:32

!hi

<@zodbot:fedora.im>

16:01:32

Gwyn Ciesla (limb) - she / her / hers

<@decathorpe:fedora.im>

16:03:30

!hi

<@zodbot:fedora.im>

16:03:31

Fabio Valentini (decathorpe) - he / him / his

<@salimma:fedora.im>

16:03:49

!hi

<@james:fedora.im>

16:08:23

!topic Open Floor

<@james:fedora.im>

16:08:40

So nothing happened this week, and I am completely well rested

<@james:fedora.im>

16:08:49

🤡

<@james:fedora.im>

16:09:07

Anything anyone wants to talk about?

<@smooge:fedora.im>

16:09:44

pppfffffftttt

<@limb:fedora.im>

16:10:01

Oy.

<@smooge:fedora.im>

16:10:13

i didn't sleep more than 2 hours a night for a month on the last move

<@tibbs:fedora.im>

16:10:45

Sorry, I thought we weren't doing a meeting today.

<@smooge:fedora.im>

16:10:59

oh wait this is fpc and not infra. sorry

<@james:fedora.im>

16:11:11

I was thinking at some point yesterday ... if we do this two more times, and by the third one it might be pretty easy

<@james:fedora.im>

16:11:39

Stephen J Smoogen: Which is to say, thank you for your sacrifice to make my life a bit easier this week ;)

<@james:fedora.im>

16:11:57

Jason ティビツ: I wasn't sure either.

<@decathorpe:fedora.im>

16:13:56

I'm fine with "let's forget this meeting ever happened"

<@tibbs:fedora.im>

16:13:56

I don't have anything to talk about, but it's so dead here that I might take a little time to look at things in a bit.

<@limb:fedora.im>

16:14:15

What happens in Matrix, stays in Matrix

<@tibbs:fedora.im>

16:14:56

Right now I'm trying to figure out what to do about sudo.

<@salimma:fedora.im>

16:16:32

run0 !

<@limb:fedora.im>

16:17:07

🎶We don't talk about sudo...

<@james:fedora.im>

16:17:18

I recently found out about `sudo --list` which I'm not sure why I was surprised to see.

<@decathorpe:fedora.im>

16:18:17

which sudo thing?

<@decathorpe:fedora.im>

16:18:22

sorry I've been kind of out of the loop

<@tibbs:fedora.im>

16:19:00

Any local user gets root for free.

<@decathorpe:fedora.im>

16:19:21

oh shiny

<@james:fedora.im>

16:19:23

CVE-2025-32463

<@tibbs:fedora.im>

16:19:56

RHEL was fixed instantly but no commits to Fedora for some time now.

<@tibbs:fedora.im>

16:20:31

And dnf doesn't let you uninstall sudo once it's been installed.

<@salimma:fedora.im>

16:20:40

woof

<@salimma:fedora.im>

16:21:04

MITRE says 9.3 critical, fun

<@tibbs:fedora.im>

16:21:46

I guess many people don't care because the "every local user is already admin" model is quite prevalent.

<@james:fedora.im>

16:21:48

Jason ティビツ: You are proven, right? I don't think anyone would complain if you did it.

<@decathorpe:fedora.im>

16:21:57

well, you *can* edit or (re)move the /etc/dnf/protected.d/sudo.conf file to make it removable

<@decathorpe:fedora.im>

16:22:06

I just wouldn't recommend doing that :D

<@james:fedora.im>

16:22:17

I know a bunch of releng people were ping'd ... but terrible timing.

<@salimma:fedora.im>

16:22:32

if it makes you feel better I can do a review on a PR to update sudo

<@tibbs:fedora.im>

16:22:50

Problem with an update is that Fedora's sudo is about 18 months behind upstream, so it's either update across a couple of versions or backport a patch.

<@salimma:fedora.im>

16:22:50

looks like there's none yet - there's an old zbyszek PR that was not merged in 10 months :(

<@limb:fedora.im>

16:23:16

Yikes. That's a package that really should be kept current.

<@salimma:fedora.im>

16:23:18

there's a bunch of us in FESCo here, if you file a request to fast track I think we'll likely approve

<@salimma:fedora.im>

16:23:37

also I see mattdm is a sudo committer :P

<@limb:fedora.im>

16:23:47

I'm a proven as well if you need more hands at any point.

<@james:fedora.im>

16:24:33

How much can Fedora steal from CentOS stream?

<@tibbs:fedora.im>

16:24:52

Probably a lot but I'm so out of the loop I don't even know where to look for that.

<@salimma:fedora.im>

16:25:22

gitlab.com/redhat/centos-stream/rpms/sudo

<@james:fedora.im>

16:26:09

Also https://mirror.stream.centos.org/10-stream/BaseOS/...

<@tibbs:fedora.im>

16:26:19

No commits there for this either. Actually when I look at the red hat advisory, I see it was only for EL8 and EL9.

<@james:fedora.im>

16:26:30

But it doesn't look like they've done an update yet either?

<@james:fedora.im>

16:27:37

Anyway ... unless anyone has anything I'm going to close the meeting in a couple of minutes

<@tibbs:fedora.im>

16:28:03

The EL9 patch should be good but it makes me wonder if there's something I'm missing.

<@tibbs:fedora.im>

16:28:24

Like some EL10 choice of compiler flags or something renders it not vulnerable.

<@decathorpe:fedora.im>

16:28:31

yeah looks like the patches are in c9s and c8s but not c10s branches

<@james:fedora.im>

16:30:33

!endmeeting