13:02:37 <jzb> #startmeeting
13:02:37 <zodbot> Meeting started Fri Aug  1 13:02:37 2014 UTC.  The chair is jzb. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:02:37 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
13:02:51 <dgilmore> .hellomynameis ausil
13:02:52 <zodbot> dgilmore: ausil 'Dennis Gilmore' <dennis@ausil.us>
13:03:00 <jzb> #chair dgilmore walters geppetto KidProton smooge
13:03:00 <zodbot> Current chairs: KidProton dgilmore geppetto jzb smooge walters
13:03:29 <jzb> .hellomynameis jzb
13:03:30 <zodbot> jzb: jzb 'Joe Brockmeier' <jzb@zonker.net>
13:03:31 <walters> a quick status  update: been working on some code and planning more for https://bugzilla.gnome.org/show_bug.cgi?id=729388
13:03:39 <oddshocks> Hey
13:03:55 <jzb> #chair oddshocks
13:03:55 <zodbot> Current chairs: KidProton dgilmore geppetto jzb oddshocks smooge walters
13:03:57 <walters> the main ugly thing is chaining SSL from the metalink server to the ostree checksum
13:04:10 * stickster here
13:04:30 <walters> .hellomynameis walters
13:04:31 <zodbot> walters: walters 'Colin Walters' <walters@redhat.com>
13:04:50 <stickster> :-)
13:04:56 <stickster> .hellomynameis stickster
13:04:57 <zodbot> stickster: Sorry, but you don't exist
13:04:59 <stickster> haha
13:05:02 <stickster> .hellomynameis pfrields
13:05:02 <walters> ouch
13:05:04 <zodbot> stickster: pfrields 'Paul W. Frields' <stickster@gmail.com>
13:05:04 <dgilmore> walters: one thing we need to take into account, content will not be pulled via ssl at all. only the metalink from mirrormanager
13:05:07 <jzb> stickster: denied by a bot
13:05:11 <KidProton> .hellomynameis KidProton
13:05:12 <zodbot> KidProton: Sorry, but you don't exist
13:05:14 <walters> dgilmore, that's what i mean, yeah
13:05:22 <KidProton> Agh
13:05:22 <dustymabe> jzb: hmm. I guess I misread the times?
13:05:27 <jzb> dustymabe: perhaps?
13:05:40 <oddshocks> .hellomynameis oddshocks
13:05:41 <zodbot> oddshocks: oddshocks 'David Gay' <dgay@redhat.com>
13:06:07 <dustymabe> jzb: 9:00:00 AM - 9:30:00 AM GMT ??
13:06:17 <geppetto> .hellomynameis james
13:06:20 <zodbot> geppetto: james 'James Antill' <james.antill@redhat.com>
13:06:25 <walters> for agenda: where are we on official composes/mirroring?
13:06:45 <KidProton> .hellomynameis bkp
13:06:45 <zodbot> KidProton: Sorry, but you don't exist
13:06:53 <dgilmore> dustymabe: the timezone of teh request was US EDT
13:07:09 <dgilmore> KidProton: fas account name
13:07:30 <dustymabe> dgilmore: ahh I think I get it now "Friday, August 1, 2014, 9:00:00 AM - 9:30:00 AM GMT -05:00 US/Canada Eastern"
13:07:30 <KidProton> K, whatevs. I am content to live in nonexistence.
13:07:51 <jzb> walters: is that to dgilmore specifically, or...?
13:07:54 <dustymabe> I should read it "Friday, August 1, 2014, 9:00:00 AM - 9:30:00 AM (GMT -05:00) US/Canada Eastern"
13:08:20 <dustymabe> dgilmore: jzb: thanks
13:08:26 <dgilmore> walters: i have the tree being built for TC's and RC's i need to setup apache on the compose box so that we can make the tree available for the images
13:08:28 <stickster> dgilmore: walters: Reminder, oddshocks is here to help wrt. MirrorManager -- I think he (and maybe pingou) have questions about what needs to specifically happen there
13:08:35 * bochecha_ is here too
13:08:42 <walters> jzb, yeah
13:08:48 <walters> dgilmore, cool!
13:09:12 <stickster> I invited pingou but not sure he'll be here
13:09:31 <dgilmore> walters: ive not yet looked at making trees nightly, but once we have a TC i will and it will be trivial
13:10:26 <dgilmore> stickster: yeah, we need to work out what exactly we are going to do there. thats more to do with walters and what content he needs to put in to be able to verify things
13:10:37 * stickster looks at walters :-)
13:11:01 <stickster> walters: Please provide braindump -> oddshocks :-)
13:11:05 <walters> that's what's in the bug
13:11:16 <dgilmore> i think the closer it looks to what yum does the easier it will be
13:11:26 <stickster> https://bugzilla.gnome.org/show_bug.cgi?id=729388 ?
13:11:26 <jzb> stickster: is that a text or conversation braindump?
13:11:39 <jzb> stickster: maybe braindump -> mailing list + oddshocks
13:11:40 <jzb> ?
13:11:44 <stickster> jzb: +1
13:11:48 <oddshocks> yep, anything that needs doing to mirrormanager along the lines of code fixes, I can help out :)
13:12:32 <walters> currently MM just looks for a file named repomd.xml, but does not parse it?  (just checksums it?)
13:12:47 <stickster> https://bugzilla.gnome.org/show_bug.cgi?id=729388#c3 <-- basic plan?
13:13:01 * stickster parrots bug
13:14:05 <dgilmore> walters: i believe its just checksuming it and putting the chacksums in the metalink data
13:14:07 <walters> dgilmore, ok, i'm a bit worried about waiting much longer to work out the imagefactory side - agrimm did get it to work locally at least
13:14:41 * agrimm reads scrollback
13:14:45 <dgilmore> walters: yeah, its the same as any anaconda install of a tree
13:15:03 <dgilmore> walters: testing in a vm would be sufficient
13:15:11 <jzb> #info support metalinks bug https://bugzilla.gnome.org/show_bug.cgi?id=729388#c3
13:16:03 <jzb> #action walters provide oddshocks (and mailing list?) w/ 'braindump' on mirrormanager issue(s)
13:16:38 <oddshocks> jzb: thanks :) I could definitely use some more info on what challenges we're facing, so that will be very helpful
13:16:54 <walters> the bug should be enough no?
13:18:12 <dgilmore> walters: if we did go with something other than xml for repomd we should name the file appropriately
13:18:17 <dgilmore> repomd.json
13:18:19 <dgilmore> etc
13:18:31 <walters> on the mirroring, did we have any sense for whether all mirrors would take the content?  i know that was a previous concern
13:18:49 <dgilmore> it would mean teaching mm about it but it shouldnt be a big deal and id rather it be clean
13:19:08 <dgilmore> walters: it really depends on where in the tree we put it
13:19:14 <dgilmore> we have two options
13:19:16 <oddshocks> Not sure what sort of stuff happens with repomd, but if we have a choice, JSON or YAML would seem more preferrable to XML just based on human readability
13:19:53 <jzb> oddshocks: do you have the info you need from the bug?
13:20:00 <dgilmore> we can put it in /pub/alt or /pub/fedora in /pub/fedora most mirrors should take it but some use extensive exclude/include lists
13:20:19 <dgilmore> oddshocks: well yum uses xml
13:20:30 <dgilmore> we are kinda mirroring what yum has done
13:20:30 <oddshocks> dgilmore: ah well in that case :P
13:20:34 <dgilmore> thanks geppetto :P
13:20:36 <oddshocks> makes sense for sure
13:20:42 <geppetto> dgilmore: :p
13:21:16 <geppetto> repomd.xml was designed years and years ago, by a committee of people … when people thought xml solved problems
13:21:18 <stickster> geppetto: Like violence, if the XML you're using isn't working, add more.
13:21:24 <dgilmore> oddshocks: the idea was that if we just used a repomd.xml file mm should recognise it as a repo and we can set things up somewhat more easily
13:21:51 <oddshocks> jzb: if you're referring to https://bugzilla.gnome.org/show_bug.cgi?id=729388#c3, then I think so. it looks pretty straightforward
13:22:01 <jzb> oddshocks: yep. Woot
13:22:34 <oddshocks> jzb: I might need to ping folks about where certain things live or to clarify behaviour since I haven't dealed with these systems yet, but that comment makes full sense to me
13:22:41 <jzb> geppetto: XML solves problems. It just may create new ones.
13:22:58 <oddshocks> dgilmore: that sounds like a good plan.
13:23:00 <jzb> oddshocks: good deal.
13:23:37 <smooge> dgilmore, put it under /pub/fedora/linux/atomic?
13:23:54 <dgilmore> smooge: maybe
13:24:06 <stickster> or .../releases/atomic.
13:24:13 <dgilmore> stickster: can't
13:24:23 <walters> if we were starting fresh i would have liked to avoid parsing XML *before* verifying GPG signatures, but I don't think that's going to be easily possible now
13:24:25 <stickster> ok
13:24:32 <dgilmore> stickster: issue is alot of mirrors only sync releases at release time
13:24:38 <dgilmore> updates will go to the same place
13:24:41 <stickster> ah, makes sense
13:24:50 * oddshocks nods
13:25:07 <walters> (which does take us to the detached signatures issue that's still outstanding)
13:25:24 <dgilmore> walters: we really dont do detatched
13:25:42 <dgilmore> walters: RC's and updates will be signed at compose time
13:25:54 <walters> dgilmore, are there any references/rationale for this?
13:26:46 <walters> Red Hat Enterprise Linux's signing infrastructure does detached, and that plan was approved by SRT, for what it's worth
13:26:56 <walters> so if there is some concern, maybe they should be made aware?
13:28:31 <dgilmore> walters: there is a very small chance that detached could be tampered with and still pass checks afaik. We decided awhile ago not to do detatched at all. we would need a compelling case to change that
13:28:44 <walters> is there any online record of that discussion?
13:29:30 <dgilmore> I forget where it was. but i think IRC
13:29:40 <dgilmore> so likely not a record of it
13:30:20 <jzb> dgilmore: does lack of detached sigs also affect other cloud products?
13:30:28 <jzb> I'm looking at #5808
13:30:33 <jzb> https://fedorahosted.org/rel-eng/ticket/5805
13:31:44 <walters> the core issue with inline signatures is they effectively form a new file format for whatever they're signing
13:32:04 <walters> e.g. if you try to inline sign XML, you no longer have XML
13:32:19 <dgilmore> jzb: its not an issue for anything
13:32:26 <walters> this then affects automated verification
13:33:11 <walters> #action walters to put together a followup discussion on this
13:33:19 <jzb> walters: thanks!
13:33:23 <dgilmore> walters: fedup uses the .treeinfo file, we provide a .treeinfo.signed file and a .treeinfo
13:33:44 <stickster> ISTM that if SRT is doing this for commercial product and satisfied with the assurance level, we should take that into account... but just my $0.02
13:33:44 <dgilmore> we wanted to leave the unmodified unsigned version
13:34:15 <stickster> No idea whether there are add'l technical wrinkles that make it difficult
13:34:35 <jzb> stickster: +1
13:35:00 <jzb> well, I'm wondering why maybe we couldn't have a middle path where we do detached until we can work out the problems
13:35:05 <jzb> and simply give warning to users
13:35:24 <dgilmore> stickster: would they have the same assurance if they did not control the delivery network
13:35:28 <jzb> "we don't think this is the safest, most 100% way to verify images, but it's better than not having a product or having it completely unsigned."
13:35:46 <stickster> dgilmore: No idea -- bears discussion though
13:36:02 * oddshocks has to go, will read any remaining logs
13:36:13 <jzb> oddshocks: have a good weekend
13:36:20 <stickster> Thanks oddshocks
13:36:22 * oddshocks actually has 5-10 more mins turns out
13:36:25 <stickster> :-)
13:36:26 <walters> we can follow up on this later
13:36:27 <dgilmore> walters: would providing both signed and unsigned copies help you?
13:36:29 <oddshocks> but thanks :)
13:36:29 <geppetto> jzb: That warning seems way too scary
13:36:29 <walters> i'll send an email
13:38:33 <jzb> OK what other items do we need to get through this morning?
13:38:58 <jzb> and do we want to keep the normal meeting time for next week w/so many of us @ Flock?
13:39:59 <walters> i think if we have tree composes coming that sounds great!  that will unblock things like MM and image creation testing
13:40:22 <oddshocks> jzb: I'd be fine with 9 AM but based on last year's Flock I'm not sure if people will be seated at that time. Might be in transit to the keynote or stepping down from their hotel room
13:40:48 <oddshocks> whatever time will get us the biggest turnout works for me though
13:41:18 <dgilmore> its 3:41pm in .cz right now
13:41:30 <dgilmore> so this time would be the middle of things
13:41:35 <dgilmore> so it should be skipped
13:41:36 <jzb> well, the regular time is actually afternoon
13:41:40 <jzb> Tuesday
13:41:50 <jzb> thinking about it, it'd probably be like 10 p.m. there
13:42:01 <jzb> so I'm going to propose we do an email check-in
13:42:08 <dgilmore> people will be drinking/sleeping/not paying attention
13:42:10 <stickster> jzb: Makes sense.
13:42:11 <jzb> can we all agree to send a status update Tuesday if we have things on our plate?
13:42:14 <oddshocks> doh. time changes. right
13:42:32 <jzb> I'll also try to send updates from in-person meetings at Flock on any decisions/conversations.
13:42:50 * oddshocks agrees
13:43:13 <jzb> #action jzb to send Flock updates to -devel and infra@. Stakeholders to send status updates Tuesday.
13:43:30 <dustymabe> jzb: as for other items, did we want to discuss the fedora base docker image?
13:43:57 <walters> ah yes
13:43:58 <jzb> dustymabe: is that blocked on any of the Atomic / rpm-ostree stuff?
13:44:26 <dustymabe> jzb: I don't think so but I know it is something that was discussed in some of these meetings before
13:45:05 * stickster notes, we are talking to jreznik @ Flock and may be able to get him to assist with the check-ins so jzb can turn more attention to the marketing + community building side around atomic
13:45:30 <dgilmore> dustymabe: docker base image has moved into the base wg
13:45:35 <oddshocks> I can report in to the list on any MM/MM2 discussions I have with pingou and anyone else
13:45:40 <dgilmore> dustymabe: we have a kickstart in fedora for it
13:45:40 <oddshocks> related to this stuff
13:45:45 <jzb> oddshocks: you rock, thanks
13:45:56 <dgilmore> and am working on integrating it into the compose processes also
13:45:59 <oddshocks> :)
13:46:01 <jzb> #action oddshocks to report on MM/MM2 discussions w/pingou, others.
13:46:29 <jzb> dgilmore: pointer to KS file?
13:46:36 * pingou late
13:46:43 <dustymabe> dgilmore: ok yeah. I was just interested in the status. I know others had mentioned some help might be needed theree
13:46:54 <dustymabe> s/theree/there
13:46:54 <stickster> pingou: You missed all the shouting, but the log will be out there shortly :-)
13:46:57 <dgilmore> https://git.fedorahosted.org/cgit/spin-kickstarts.git/tree/fedora-docker-base.ks
13:47:03 <pingou> stickster: thanks :)
13:47:49 * stickster thankful there really isn't much actual shouting :-)
13:47:56 <jzb> dgilmore: thanks!
13:48:15 <jzb> #info Docker Base image Kickstart File: https://git.fedorahosted.org/cgit/spin-kickstarts.git/tree/fedora-docker-base.ks
13:48:46 * oddshocks has to go for real this time, will be back on the IRCs in a few hours
13:48:49 * oddshocks waves
13:49:17 <jzb> any other items for today? I think we're winding down.
13:50:30 <dgilmore> I do not have anything
13:50:37 <jzb> walters: you good?
13:50:46 <walters> jzb, yeah
13:51:02 <jzb> OK - so no meeting on Tuesday next week, but email checkin on status.
13:51:19 <jzb> thanks very much everybody, have a great weekend. Look forward to seeing many of you in Prague!
13:51:24 <jzb> #endmeeting