2024-07-17 16:02:02 <@davide:cavalca.name> !startmeeting CentOS Hyperscale SIG
2024-07-17 16:02:05 <@meetbot:fedora.im> Meeting started at 2024-07-17 16:02:02 UTC
2024-07-17 16:02:05 <@meetbot:fedora.im> The Meeting name is 'CentOS Hyperscale SIG'
2024-07-17 16:02:38 <@davide:cavalca.name> morning everyone
2024-07-17 16:02:42 <@conan_kudo:matrix.org> Yo!
2024-07-17 16:02:44 <@davide:cavalca.name> !topic Roll call
2024-07-17 16:02:49 <@conan_kudo:matrix.org> !hi
2024-07-17 16:02:51 <@zodbot:fedora.im> Neal Gompa (ngompa) - he / him / his
2024-07-17 16:03:51 <@daandemeyer/:matrix.org> !hi
2024-07-17 16:03:53 <@zodbot:fedora.im> Daan De Meyer (daandemeyer)
2024-07-17 16:06:47 <@davide:cavalca.name> let's get started
2024-07-17 16:06:48 <@davide:cavalca.name> !topic Followups
2024-07-17 16:07:00 <@davide:cavalca.name> do we have any followups from the last meeting?
2024-07-17 16:07:58 <@conan_kudo:matrix.org> I don't think so?
2024-07-17 16:08:05 <@conan_kudo:matrix.org> we didn't have any action items or anything
2024-07-17 16:08:45 <@conan_kudo:matrix.org> the only thing from me is that the kernel is tricky because of openssl engine API being dropped in c10s
2024-07-17 16:09:11 <@conan_kudo:matrix.org> I have a solution I wound up using for fedora asahi and I'll probably pull that over to hyperscale kernel builds too
2024-07-17 16:09:47 <@daandemeyer/:matrix.org> Ah yes that's a thing
2024-07-17 16:09:52 <@daandemeyer/:matrix.org> I wonder why the systemd builds didn't blow up
2024-07-17 16:10:00 <@daandemeyer/:matrix.org> I guess we check the necessary defines
2024-07-17 16:10:31 <@daandemeyer/:matrix.org> Yup we do
2024-07-17 16:10:34 <@conan_kudo:matrix.org> it broke, of all things, the ability to sign kmods
2024-07-17 16:10:55 <@conan_kudo:matrix.org> since that's how we get access to secured cert backends and stuff
2024-07-17 16:12:14 <@davide:cavalca.name> alright, let's move to
2024-07-17 16:12:15 <@davide:cavalca.name> !topic Announcements
2024-07-17 16:12:35 <@davide:cavalca.name> flock is in a few weeks, and then devconfus
2024-07-17 16:12:43 <@davide:cavalca.name> should probably start planning talks and stuff
2024-07-17 16:13:25 <@conan_kudo:matrix.org> yes
2024-07-17 16:13:43 <@conan_kudo:matrix.org> we don't have a lot of time left, so we should definitely start working on those
2024-07-17 16:15:59 <@conan_kudo:matrix.org> I can probably start prepping our Hyperscale update talk, and then we should go through our list of talks and start working on those
2024-07-17 16:16:25 <@davide:cavalca.name> I'm off tomorrow and fri but can start taking a look next week
2024-07-17 16:16:34 <@daandemeyer/:matrix.org> We have c10s CI upstream now for the hyperscale spec
2024-07-17 16:16:48 <@daandemeyer/:matrix.org> It runs on stock centos 10, but builds using the hyperscale spec
2024-07-17 16:17:40 <@conan_kudo:matrix.org> awesome
2024-07-17 16:18:03 <@daandemeyer/:matrix.org> And also systemd-cd does c10s builds now, though I think nobody outside of Meta is using it
2024-07-17 16:20:04 <@daandemeyer/:matrix.org> And I guess what we just discussed in the matrix channel is also an announcement, we'll start shipping the Fedora selinux policy in hyperscale to get all the systemd fixes we need
2024-07-17 16:21:13 <@davide:cavalca.name> next up
2024-07-17 16:21:14 <@davide:cavalca.name> !topic Tickets
2024-07-17 16:21:52 <@davide:cavalca.name> I think the only pending one here is getting a kernel branched for c10s
2024-07-17 16:23:37 <@conan_kudo:matrix.org> yeah, and I'm working through that
2024-07-17 16:23:44 <@conan_kudo:matrix.org> my hope is that it will be part of me shipping the next rebase
2024-07-17 16:24:06 <@conan_kudo:matrix.org> I guess the only bit for me to think about is whether I want to do 6.9 still or 6.10
2024-07-17 16:24:25 <@conan_kudo:matrix.org> I'm leaning toward 6.10 because there's no fedora-6.10 branch yet and I generally like to have fedora stabilization first for hyperscale
2024-07-17 16:24:38 <@conan_kudo:matrix.org> err
2024-07-17 16:24:47 <@conan_kudo:matrix.org> I'm leaning toward 6.9 because there's no fedora-6.10 branch yet and I generally like to have fedora stabilization first for hyperscale
2024-07-17 16:25:48 <@davide:cavalca.name> sounds good to me
2024-07-17 16:26:01 <@davide:cavalca.name> !topic Membership
2024-07-17 16:26:15 <@davide:cavalca.name> nothing here this week I think
2024-07-17 16:26:31 <@conan_kudo:matrix.org> should we close the ticket about the pending membership request?
2024-07-17 16:26:45 <@conan_kudo:matrix.org> iirc, it's from intel, so maybe we need to poke Ali Erdinç Köroğlu about it again?
2024-07-17 16:27:10 <@davide:cavalca.name> yeah, if we don't hear back I'd say we can close it
2024-07-17 16:27:30 <@davide:cavalca.name> we should also think about announcing a membership roll cleanup like we discussed in the past
2024-07-17 16:28:22 <@conan_kudo:matrix.org> yeah
2024-07-17 16:28:40 <@conan_kudo:matrix.org> I like us being the biggest SIG, but a big ghost town is still a ghost town 😛
2024-07-17 16:29:00 <@davide:cavalca.name> yup
2024-07-17 16:29:20 <@davide:cavalca.name> alright, that leaves us with
2024-07-17 16:29:21 <@davide:cavalca.name> !topic Miscellaneous
2024-07-17 16:29:27 <@davide:cavalca.name> anything else folks want to discuss?
2024-07-17 16:29:30 <@salimma:fedora.im> !hi
2024-07-17 16:29:31 <@zodbot:fedora.im> Michel Lind (salimma) - he / him / his
2024-07-17 16:29:36 <@salimma:fedora.im> sorry, my errands ran super late
2024-07-17 16:30:07 <@salimma:fedora.im> speaking of kernel... if/when we get into linux-distros how do we plan to handle kernel CVEs?
2024-07-17 16:30:38 <@conan_kudo:matrix.org> whoo boy, I don't know
2024-07-17 16:31:02 <@conan_kudo:matrix.org> normally CVEs are fixed in upstream Linux with a patch landing and being released, I believe
2024-07-17 16:31:13 <@salimma:fedora.im> presumably we'll have to be more serious about it :). IIRC to get in normally they require security issues to be patched within 10 days
2024-07-17 16:31:32 <@salimma:fedora.im> so yeah since the kernel normally patches quite fast... good thing we plan to track the upstream / Fedora kernel and not the CentOS one huh
2024-07-17 16:31:35 <@conan_kudo:matrix.org> err, CVEs are announced with patches in line
2024-07-17 16:31:41 <@salimma:fedora.im> we'll just have to be ready to release more often, I guess
2024-07-17 16:31:49 <@salimma:fedora.im> right. but being close to the latest means patching should be easier
2024-07-17 16:31:50 <@conan_kudo:matrix.org> the kernel CNA rules indicate they don't make CVEs for unfixed vulnerabilities
2024-07-17 16:32:05 <@conan_kudo:matrix.org> which... I'm of mixed feelings about
2024-07-17 16:32:13 <@salimma:fedora.im> whereas if we're tracking an older CentOS kernel with all the frankenpatches... we might have to wait for them to backport
2024-07-17 16:32:19 <@conan_kudo:matrix.org> yeah
2024-07-17 16:32:30 <@salimma:fedora.im> true.. but not all CVEs might get announced via the kernel CNA right?
2024-07-17 16:32:40 <@conan_kudo:matrix.org> they have to
2024-07-17 16:32:46 <@salimma:fedora.im> or is that a requirement that once there is a CNA they have to process a potential CVE? ah ok
2024-07-17 16:32:50 <@conan_kudo:matrix.org> that's the reason the kernel is a CNA
2024-07-17 16:32:57 <@conan_kudo:matrix.org> nobody else can declare CVEs anymore on that thing
2024-07-17 16:33:15 <@salimma:fedora.im> that makes things easier for downstreams, but yeah I could also see how this can be abused
2024-07-17 16:33:33 <@salimma:fedora.im> then again the whole CVE process is so disappointing and I trust kernel devs more than rando security outfits out for glory :P
2024-07-17 16:33:34 <@conan_kudo:matrix.org> I think one consequence is that we will need to rebuild automation for building kernels... my stuff is all broken from the churn in ARK
2024-07-17 16:33:46 <@salimma:fedora.im> (mind you I don't put legit ones like Qualys in that bucket)
2024-07-17 16:33:54 <@conan_kudo:matrix.org> so it needs to be remade, probably this time not in really crappy bash
2024-07-17 16:34:02 <@salimma:fedora.im> yeah.. being downstream of things like ARK has that issue
2024-07-17 16:34:21 <@conan_kudo:matrix.org> thankfully the ARK stuff has stabilized in the past year
2024-07-17 16:34:43 <@salimma:fedora.im> if there's something really bad, we can just have a failsafe plan to temporarily rebuild the Fedora kernel, no?
2024-07-17 16:34:49 <@conan_kudo:matrix.org> yes
2024-07-17 16:34:49 <@salimma:fedora.im> or is there something there that does not work for us
2024-07-17 16:35:11 <@conan_kudo:matrix.org> really our delta is largely configs applied to make fedora stuff show up on centos
2024-07-17 16:35:46 <@conan_kudo:matrix.org> it's going to be slightly more substantial for a bit as you literally can't build the kernel on f41+ and c10s and I have to pull non-upstream fixes for that, but _generally_ it should be very minute
2024-07-17 16:35:58 <@conan_kudo:matrix.org> the most substantial backport I'm even considering is sched_ext
2024-07-17 16:36:17 <@salimma:fedora.im> speaking of oss-security, oh fun the Python infra access token got leaked
2024-07-17 16:36:27 <@conan_kudo:matrix.org> I'm very excited to try it out for improving workstation and gaming workloads
2024-07-17 16:36:33 <@conan_kudo:matrix.org> but it will have an impact on things
2024-07-17 16:37:02 <@salimma:fedora.im> we can just ... rebase to a kernel that has sched_ext right?
2024-07-17 16:37:24 <@conan_kudo:matrix.org> once it's merged and a 6.11 release is out, yes
2024-07-17 16:37:29 <@conan_kudo:matrix.org> I believe sched_ext is merging in 6.11
2024-07-17 16:37:36 <@salimma:fedora.im> yeah, I see it's still in -next
2024-07-17 16:37:53 <@salimma:fedora.im> so should be in less than 3 months
2024-07-17 16:38:13 <@salimma:fedora.im> we can probably rope in some Meta kernel people for advice if there's an issue backporting it
2024-07-17 16:38:19 <@conan_kudo:matrix.org> that would be great
2024-07-17 16:38:31 <@salimma:fedora.im> what's the issue on f41+ and c10s? more Rust changes?
2024-07-17 16:38:38 <@conan_kudo:matrix.org> openssl and rust
2024-07-17 16:38:57 <@conan_kudo:matrix.org> openssl I just fixed last week
2024-07-17 16:39:07 <@conan_kudo:matrix.org> I need to decide whether I'm going to care about rust yet or not
2024-07-17 16:39:23 <@conan_kudo:matrix.org> I keep poking at it every cycle because people keep asking me about turning it on in fedora and hyperscale kernels
2024-07-17 16:39:52 <@conan_kudo:matrix.org> I think the answer is going to be "no" for now
2024-07-17 16:40:18 <@conan_kudo:matrix.org> for openssl, I'm going to need to poke the author of the non-upstream patches to find out the timeline for upstreaming
2024-07-17 16:40:20 <@salimma:fedora.im> so Hyperscale Asahi is still a way out then
2024-07-17 16:40:29 <@conan_kudo:matrix.org> probably not too far out
2024-07-17 16:40:36 <@salimma:fedora.im> (or if we do that we can just ship it with a bastardized Fedora kernel)
2024-07-17 16:40:45 <@conan_kudo:matrix.org> yeah that's probably what's going to happen
2024-07-17 16:40:47 <@salimma:fedora.im> right... now that they stop chasing nightly features it might be more doable soon
2024-07-17 16:40:54 <@conan_kudo:matrix.org> and the asahi stuff will likely be all in copr
2024-07-17 16:41:23 <@conan_kudo:matrix.org> it doesn't make a lot of sense to do that in CBS given that we need builds for tons of things that aren't present in centos core at all
2024-07-17 16:41:37 <@conan_kudo:matrix.org> and it can't reasonably go into epel either
2024-07-17 16:42:00 <@conan_kudo:matrix.org> so we will likely maintain a sig copr with the necessary overlays
2024-07-17 16:42:10 <@salimma:fedora.im> make sense
2024-07-17 16:42:21 <@salimma:fedora.im> there's already a hyperscale group in COPR, we can just have an Asahi project under it
2024-07-17 16:42:25 <@conan_kudo:matrix.org> yup
2024-07-17 16:42:29 <@salimma:fedora.im> though... can we call it asahi? I also don't mind calling it banana
2024-07-17 16:42:35 <@conan_kudo:matrix.org> we can call it asahi
2024-07-17 16:43:09 <@conan_kudo:matrix.org> unless marcan has a problem with it, we can do that
2024-07-17 16:43:16 <@salimma:fedora.im> Hyperscale Beer
2024-07-17 16:43:21 <@conan_kudo:matrix.org> 🤣
2024-07-17 16:43:30 <@salimma:fedora.im> we're Free as in Beer
2024-07-17 16:43:39 <@conan_kudo:matrix.org> but since we're basically backporting Fedora Asahi to CentOS Hyperscale, I think it should be fine
2024-07-17 16:43:58 <@conan_kudo:matrix.org> we are probably going to have to deal with trademark stuff from the centos side though
2024-07-17 16:44:04 <@salimma:fedora.im> we'll give them a heads up anyway, obviously, so if there's an issue we'll know early
2024-07-17 16:44:08 <@salimma:fedora.im> oh right
2024-07-17 16:44:22 <@salimma:fedora.im> speaking of which who owns the Hyperscale trademark
2024-07-17 16:44:26 <@conan_kudo:matrix.org> I don't expect that to be an issue, but it is something we will need to deal with
2024-07-17 16:44:30 <@salimma:fedora.im> or is that specifically "CentOS Hyperscale"
2024-07-17 16:44:35 <@conan_kudo:matrix.org> "CentOS Hyperscale"
2024-07-17 16:44:48 <@conan_kudo:matrix.org> and I believe it's a common law mark associated with the registered mark for CentOS
2024-07-17 16:47:16 <@salimma:fedora.im> makes sense. Hyperscale itself won't be trademarkable
2024-07-17 16:47:32 <@salimma:fedora.im> so we're reliant on the CentOS project for branding anyway. can probably ask the promo folks on Thursday
2024-07-17 16:47:37 <@conan_kudo:matrix.org> yup
2024-07-17 16:47:39 <@salimma:fedora.im> or whenever we start working on this
2024-07-17 16:48:07 <@conan_kudo:matrix.org> it'll probably be a few months out
2024-07-17 16:48:16 <@conan_kudo:matrix.org> but that doesn't mean we can't start prepping now
2024-07-17 16:48:39 <@conan_kudo:matrix.org> it was not fun rushing through all that stuff for Fedora Asahi at the beginning of last year, so I'd like to not have to repeat that experience again
2024-07-17 16:49:41 <@conan_kudo:matrix.org> I'm also considering that we only offer KDE Plasma until we have Hyperscale GNOME built out for c10s
2024-07-17 16:49:50 <@conan_kudo:matrix.org> both for regular and asahi variants
2024-07-17 16:50:02 <@salimma:fedora.im> specifically for Asahi?
2024-07-17 16:50:10 <@salimma:fedora.im> oh regular too
2024-07-17 16:50:20 <@conan_kudo:matrix.org> there is no way I want to offer the gnome experience that RHEL 10 is going to ship, as it's devoid of almost everything you'd use
2024-07-17 16:50:27 <@salimma:fedora.im> if we think the experience is sub par (c10s will be the one with really barebone GNOME right?) I agree
2024-07-17 16:50:47 <@conan_kudo:matrix.org> yeah
2024-07-17 16:51:01 <@salimma:fedora.im> yeah... I think once EPEL10 is ready I'll stop work on the GNOME 9 prototype and just start building for 10
2024-07-17 16:51:22 <@conan_kudo:matrix.org> the 9 prototype work is at least useful for figuring out how to do it
2024-07-17 16:51:27 <@salimma:fedora.im> it's good enough exercise already to flush out weird issues, but the issues facing 10 will be different anyway, and we're early enough the rebuilding should be easier
2024-07-17 16:51:30 <@salimma:fedora.im> indeed
2024-07-17 16:51:45 <@salimma:fedora.im> we know we can. let's just focus on landing a working desktop on day 1
2024-07-17 16:51:53 <@conan_kudo:matrix.org> yup
2024-07-17 16:52:15 <@conan_kudo:matrix.org> so at least for my focus, working with Troy Dawson on KDE Plasma for EPEL 10 is important
2024-07-17 16:52:33 <@salimma:fedora.im> I would have prioritized it more if there's interest in deploying it at, say, corporate desktops (cough) but I have not really heard much about that, so we can assume there's not much life left in 9 to justify it now
2024-07-17 16:53:07 <@conan_kudo:matrix.org> and I'm thinking for 10 that we flagship on KDE for Hyperscale as part of aligning things around Asahi and Hyperscale
2024-07-17 16:53:18 <@salimma:fedora.im> so... fedora 41 beta will probably be a good time to start porting whatever GNOME components they have to hs.el10
2024-07-17 16:53:29 <@conan_kudo:matrix.org> probably yeah
2024-07-17 16:53:44 <@salimma:fedora.im> I don't mind that, yeah. purely from manpower effort alone KDE has more people working on it since it comes from EPEL
2024-07-17 16:54:17 <@conan_kudo:matrix.org> yeah, by no means I want to drop gnome, it's just we're not getting much from rhel anymore and it will take time to build a community around hyperscale gnome
2024-07-17 16:54:27 <@salimma:fedora.im> and... we can expose this awkwardness where Fedora insists "KDE does not have enough people working on it to be an edition" whereas we can say "look, in CentOS land GNOME does not have enough people working on it - why is it the default" :P
2024-07-17 16:54:32 <@salimma:fedora.im> nods
2024-07-17 16:54:58 <@conan_kudo:matrix.org> I do think we'll be able to build a community around hyperscale gnome through the various CentOS derivatives that will want it
2024-07-17 16:54:58 <@salimma:fedora.im> That's part of the reason I wanted to do it, I think it's an opportunity to get people working on Hyperscale that actually dogfood it on desktops
2024-07-17 16:55:34 <@salimma:fedora.im> right. esp since hyperscale gnome targets cXs without pulling in the rest of the HS stuff
2024-07-17 16:55:48 <@conan_kudo:matrix.org> and I do want to engage with Fedora Workstation on allowing us to have RHEL conditionals in the fedora packaging
2024-07-17 16:56:14 <@conan_kudo:matrix.org> ultimately, I'd like for us to be "upstream-first" here about it
2024-07-17 16:56:59 <@davide:cavalca.name> we're almost out of time
2024-07-17 16:57:22 <@davide:cavalca.name> fwiw I haven't usually had issues here
2024-07-17 16:57:30 <@davide:cavalca.name> though it's up to the individual maintainers
2024-07-17 16:57:31 <@conan_kudo:matrix.org> I don't think we will have issues either
2024-07-17 16:57:32 <@daandemeyer/:matrix.org> This has been working out great in the systemd spec
2024-07-17 16:57:50 <@conan_kudo:matrix.org> sorry this turned into a bit of a braindump 😅
2024-07-17 16:57:54 <@salimma:fedora.im> the nice thing is with ELN, having RHEL conditionals should be more acceptable
2024-07-17 16:58:00 <@conan_kudo:matrix.org> yup
2024-07-17 16:58:01 <@salimma:fedora.im> eh this is the Misc / Open Floor topic anyway
2024-07-17 16:58:05 <@daandemeyer/:matrix.org> Yup it became acceptable after ELN
2024-07-17 16:58:22 <@salimma:fedora.im> so worse case we can just rebuild from the ELN branch for packages where the maintainer is being difficult
2024-07-17 16:58:33 <@conan_kudo:matrix.org> yup
2024-07-17 16:58:36 <@salimma:fedora.im> s/worse/worst
2024-07-17 16:59:07 <@pboy:fedora.im> Guys, please remember, in 2 minutes server meeting starts here. 
2024-07-17 16:59:28 <@salimma:fedora.im> let's wrap up
2024-07-17 16:59:33 <@davide:cavalca.name> yup, I was just about to close this
2024-07-17 16:59:46 <@pboy:fedora.im> OK, thanks!
2024-07-17 16:59:46 <@davide:cavalca.name> thanks everyone!
2024-07-17 16:59:53 <@davide:cavalca.name> !endmeeting