2025-07-03 16:00:14 <@james:fedora.im> !startmeeting fpc

2025-07-03 16:00:15 <@meetbot:fedora.im> Meeting started at 2025-07-03 16:00:14 UTC
2025-07-03 16:00:16 <@meetbot:fedora.im> The Meeting name is 'fpc'
2025-07-03 16:00:18 <@james:fedora.im> !topic Roll Call
2025-07-03 16:01:01 <@james:fedora.im> Hey
2025-07-03 16:01:32 <@limb:fedora.im> !hi
2025-07-03 16:01:32 <@zodbot:fedora.im> Gwyn Ciesla (limb) - she / her / hers
2025-07-03 16:03:30 <@decathorpe:fedora.im> !hi
2025-07-03 16:03:31 <@zodbot:fedora.im> Fabio Valentini (decathorpe) - he / him / his
2025-07-03 16:03:49 <@salimma:fedora.im> !hi
2025-07-03 16:08:23 <@james:fedora.im> !topic Open Floor
2025-07-03 16:08:40 <@james:fedora.im> So nothing happened this week, and I am completely well rested
2025-07-03 16:08:49 <@james:fedora.im> 🤡
2025-07-03 16:09:07 <@james:fedora.im> Anything anyone wants to talk about?
2025-07-03 16:09:44 <@smooge:fedora.im> pppfffffftttt 
2025-07-03 16:10:01 <@limb:fedora.im> Oy.
2025-07-03 16:10:13 <@smooge:fedora.im> i didn't sleep more than 2 hours a night for a month on the last move
2025-07-03 16:10:45 <@tibbs:fedora.im> Sorry, I thought we weren't doing a meeting today.
2025-07-03 16:10:59 <@smooge:fedora.im> oh wait this is fpc and not infra. sorry
2025-07-03 16:11:11 <@james:fedora.im> I was thinking at some point yesterday ... if we do this two more times, and by the third one it might be pretty easy
2025-07-03 16:11:39 <@james:fedora.im> Stephen J Smoogen: Which is to say, thank you for your sacrifice to make my life a bit easier this week ;)
2025-07-03 16:11:57 <@james:fedora.im> Jason ティビツ: I wasn't sure either.
2025-07-03 16:13:56 <@decathorpe:fedora.im> I'm fine with "let's forget this meeting ever happened" 
2025-07-03 16:13:56 <@tibbs:fedora.im> I don't have anything to talk about, but it's so dead here that I might take a little time to look at things in a bit.
2025-07-03 16:14:15 <@limb:fedora.im> What happens in Matrix, stays in Matrix
2025-07-03 16:14:56 <@tibbs:fedora.im> Right now I'm trying to figure out what to do about sudo.
2025-07-03 16:16:32 <@salimma:fedora.im> run0 !
2025-07-03 16:17:07 <@limb:fedora.im> 🎶We don't talk about sudo...
2025-07-03 16:17:18 <@james:fedora.im> I recently found out about `sudo --list` which I'm not sure why I was surprised to see.
2025-07-03 16:18:17 <@decathorpe:fedora.im> which sudo thing?
2025-07-03 16:18:22 <@decathorpe:fedora.im> sorry I've been kind of out of the loop
2025-07-03 16:19:00 <@tibbs:fedora.im> Any local user gets root for free.
2025-07-03 16:19:21 <@decathorpe:fedora.im> oh shiny
2025-07-03 16:19:23 <@james:fedora.im> CVE-2025-32463
2025-07-03 16:19:56 <@tibbs:fedora.im> RHEL was fixed instantly but no commits to Fedora for some time now.
2025-07-03 16:20:31 <@tibbs:fedora.im> And dnf doesn't let you uninstall sudo once it's been installed.
2025-07-03 16:20:40 <@salimma:fedora.im> woof
2025-07-03 16:21:04 <@salimma:fedora.im> MITRE says 9.3 critical, fun
2025-07-03 16:21:46 <@tibbs:fedora.im> I guess many people don't care because the "every local user is already admin" model is quite prevalent.
2025-07-03 16:21:48 <@james:fedora.im> Jason ティビツ: You are proven, right? I don't think anyone would complain if you did it.
2025-07-03 16:21:57 <@decathorpe:fedora.im> well, you *can* edit or (re)move the /etc/dnf/protected.d/sudo.conf file to make it removable
2025-07-03 16:22:06 <@decathorpe:fedora.im> I just wouldn't recommend doing that :D
2025-07-03 16:22:17 <@james:fedora.im> I know a bunch of releng people were ping'd ... but terrible timing.
2025-07-03 16:22:32 <@salimma:fedora.im> if it makes you feel better I can do a review on a PR to update sudo
2025-07-03 16:22:50 <@tibbs:fedora.im> Problem with an update is that Fedora's sudo is about 18 months behind upstream, so it's either update across a couple of versions or backport a patch.
2025-07-03 16:22:50 <@salimma:fedora.im> looks like there's none yet - there's an old zbyszek PR that was not merged in 10 months :(
2025-07-03 16:23:16 <@limb:fedora.im> Yikes. That's a package that really should be kept current.
2025-07-03 16:23:18 <@salimma:fedora.im> there's a bunch of us in FESCo here, if you file a request to fast track I think we'll likely approve
2025-07-03 16:23:37 <@salimma:fedora.im> also I see mattdm is a sudo committer :P
2025-07-03 16:23:47 <@limb:fedora.im> I'm a proven as well if you need more hands at any point.
2025-07-03 16:24:33 <@james:fedora.im> How much can Fedora steal from CentOS stream?
2025-07-03 16:24:52 <@tibbs:fedora.im> Probably a lot but I'm so out of the loop I don't even know where to look for that.
2025-07-03 16:25:22 <@salimma:fedora.im> gitlab.com/redhat/centos-stream/rpms/sudo
2025-07-03 16:26:09 <@james:fedora.im> Also https://mirror.stream.centos.org/10-stream/BaseOS/...
2025-07-03 16:26:19 <@tibbs:fedora.im> No commits there for this either.  Actually when I look at the red hat advisory, I see it was only for EL8 and EL9.
2025-07-03 16:26:30 <@james:fedora.im> But it doesn't look like they've done an update yet either?
2025-07-03 16:27:37 <@james:fedora.im> Anyway ... unless anyone has anything I'm going to close the meeting in a couple of minutes
2025-07-03 16:28:03 <@tibbs:fedora.im> The EL9 patch should be good but it makes me wonder if there's something I'm missing.
2025-07-03 16:28:24 <@tibbs:fedora.im> Like some EL10 choice of compiler flags or something renders it not vulnerable.
2025-07-03 16:28:31 <@decathorpe:fedora.im> yeah looks like the patches are in c9s and c8s but not c10s branches 
2025-07-03 16:30:33 <@james:fedora.im> !endmeeting