<@jflory7:fedora.im>
15:01:06
!startmeeting Fedora Council - 2025-12-03
<@meetbot:fedora.im>
15:01:07
Meeting started at 2025-12-03 15:01:06 UTC
<@meetbot:fedora.im>
15:01:07
The Meeting name is 'Fedora Council - 2025-12-03'
<@jflory7:fedora.im>
15:01:10
!meetingname council
<@meetbot:fedora.im>
15:01:12
The Meeting Name is now council
<@dcantrell:fedora.im>
15:01:23
!hi
<@zodbot:fedora.im>
15:01:24
Dave Cantrell (dcantrell) - he / him / his
<@churchyard:fedora.im>
15:01:25
!hi
<@zodbot:fedora.im>
15:01:26
Miro Hrončok (churchyard) - he / him / his or they / them / theirs
<@t0xic0der:fedora.im>
15:01:27
!hi
<@zodbot:fedora.im>
15:01:29
Akashdeep Dhar (t0xic0der) - he / him / his
<@jflory7:fedora.im>
15:01:30
!topic Roll Call
<@jflory7:fedora.im>
15:01:31
!hi
<@zodbot:fedora.im>
15:01:33
Justin Wheeler (jflory7) - he / him / his
<@jspaleta:fedora.im>
15:03:39
!hi
<@zodbot:fedora.im>
15:03:40
Jef Spaleta (jspaleta) - he / him / his
<@jonatoni:fedora.im>
15:04:19
!hi
<@zodbot:fedora.im>
15:04:20
Jona Azizaj (jonatoni) - she / her / hers
<@churchyard:fedora.im>
15:04:40
the next meeting agenda seems a bit outdated
<@jflory7:fedora.im>
15:04:46
Indeed it does.
<@jflory7:fedora.im>
15:04:53
This is my first day back at work after two weeks.
<@jflory7:fedora.im>
15:05:01
So I am not quite sure what is triaged for discussion today.
<@jflory7:fedora.im>
15:05:06
Do we have specific topics to go through?
<@jflory7:fedora.im>
15:05:13
Or should I do my own live-triaging of ticket topics?
<@bookwar:fedora.im>
15:05:24
!hi
<@zodbot:fedora.im>
15:05:26
Aleksandra Fedorova (bookwar) - she / her / hers
<@t0xic0der:fedora.im>
15:05:42
I see a couple of ticket associated with trademarks stuff and $(something_else)
<@jflory7:fedora.im>
15:06:34
!info Present: @jflory7, @dcantrell, @churchyard, @t0xic0der, @jspaleta, @jonatoni, @bookwar
<@jflory7:fedora.im>
15:06:43
!topic Today's Agenda
<@jflory7:fedora.im>
15:06:59
So, from past experience, three tickets is sort of the sweet spot
<@jflory7:fedora.im>
15:07:16
Especially when the agenda preparation is happening live in the meeting
<@jflory7:fedora.im>
15:07:20
I am going to pitch three tickets to discuss
<@jflory7:fedora.im>
15:07:43
Ticket 1: https://pagure.io/Fedora-Council/tickets/issue/549
<@jflory7:fedora.im>
15:07:53
Ticket 2: https://pagure.io/Fedora-Council/tickets/issue/552
<@jflory7:fedora.im>
15:07:59
Ticket 3: https://pagure.io/Fedora-Council/tickets/issue/553
<@jflory7:fedora.im>
15:08:25
Surely there are other topics, but would be good to give the Initiative ticket the time and attention before holidays take us all away, and the two last tickets are just new, and we should ACK them at least.
<@jflory7:fedora.im>
15:08:54
I really _want_ to discuss this ticket, but without advance prep and the lack of urgency on it, I think it can be deferred to another time. https://pagure.io/Fedora-Council/tickets/issue/550
<@jflory7:fedora.im>
15:09:17
Any other suggestions or opposition to this ad-hoc agenda? To be clear, I am proposing, in this order, tickets #349, #552, and #553
<@jflory7:fedora.im>
15:09:26
!group members council
<@zodbot:fedora.im>
15:09:29
Members of council: Aoife Moloney, Aleksandra Fedorova, Miro Hrončok, Dave Cantrell, jflory7 (@jflory7:fedora.im, @fca:fedoraproject.org), Jona Azizaj, Jef Spaleta, Petr Bokoč, pboy, Ryan Lerch, Akashdeep Dhar
<@jflory7:fedora.im>
15:09:36
All in favor, say aye, all opposed, say nay?
<@jflory7:fedora.im>
15:10:04
I'll give it 30 seconds and then bombs away 🙂
<@jflory7:fedora.im>
15:10:26
Well, I hope these are not bombs. We don't need any fires this close to the end of the year.
<@conan_kudo:matrix.org>
15:10:29
the tickets aren't loading?
<@conan_kudo:matrix.org>
15:10:35
oh there we go
<@jflory7:fedora.im>
15:10:38
Conan Kudo: Pagure is loading for me?
<@jflory7:fedora.im>
15:10:52
nimbinatus: Around?
<@jflory7:fedora.im>
15:11:18
!topic #549: Renewal of the Fedora Image Mode Initiative
<@jflory7:fedora.im>
15:11:21
!link https://pagure.io/Fedora-Council/tickets/issue/549
<@conan_kudo:matrix.org>
15:11:32
Justin Wheeler: it's more that this is the tail end of the window in which I get timeouts every day on fedora infra
<@jflory7:fedora.im>
15:11:48
OK, so this one is a bit old, but it is our last pending Initiative for the year, and we have some important Council planning activities in February, so this one is quite urgent IMHO
<@jflory7:fedora.im>
15:12:32
I am crawling through this a bit to get up to speed
<@jflory7:fedora.im>
15:12:49
!link https://docs.google.com/document/d/1XnifSMYT2hnpBKAxpp-bMjpNc3XYIJ5soq5Ngs-hriA/edit?tab=t.0
<@jflory7:fedora.im>
15:13:05
Erm, it is a Google Doc, which is forgivable, but we should definitely get this Wiki-ified later.
<@jonatoni:fedora.im>
15:13:27
btw we did discuss this initiative during our last meeting
<@jflory7:fedora.im>
15:14:20
Oh. Oops. I was using ticket comments as recency bias. Did we vote?
<@jonatoni:fedora.im>
15:14:52
we didn't vote, but we just discussed about it
<@jflory7:fedora.im>
15:14:57
This initiative renews the effort to make bootc-derived OCI artifacts first-class citizens in Fedora, aiming to solve ecosystem fragmentation. Targeting production readiness by F45, it proposes a sustainable pipeline for base images and subprojects.
<@jflory7:fedora.im>
15:14:58
- Thread: https://discussion.fedoraproject.org/t/renewing-the-fedora-bootc-now-image-mode-initiative/167131
<@jflory7:fedora.im>
15:14:58
- Proposal: https://docs.google.com/document/d/1XnifSMYT2hnpBKAxpp-bMjpNc3XYIJ5soq5Ngs-hriA/edit?usp=sharing
<@jonatoni:fedora.im>
15:15:02
and had time to ask questions
<@churchyard:fedora.im>
15:16:06
I am a bit surprised this is so tightly coupled with Konflux.
<@jflory7:fedora.im>
15:16:13
So, given that we have high quorum for today, and in two weeks, we are right before year-end holidays, I think it is worth trying to get a vote on this
<@jspaleta:fedora.im>
15:17:12
Justin Wheeler: i'm already syncing with nimbinatus regularly to stay informed on blockers, and she's herdng the stakeholders. The actual work is is sort of already ongoing really. The benefit to formalizing this is to ensure is nimbinatus on council so we can stay ahead of anything that might need policy adjustments before they become hard blockers on anything.
<@jflory7:fedora.im>
15:17:25
Also, looking at the proposal, I think it is worth focusing on the proposed outcomes and success criteria, in terms of the role of the Council voting.
<@jflory7:fedora.im>
15:18:24
!info 7. A collection of feature requests, bug reports, and experimental results for upstream bootc and Konflux.
<@jflory7:fedora.im>
15:18:24
!info 6. A formal recommendation for a new, permanent SIG or structure to own and maintain the base images and extensions, with community members identified to kick off
<@jflory7:fedora.im>
15:18:24
!info 5. (Stretch) A potential universal installer for bootc switch
<@jflory7:fedora.im>
15:18:24
!info 4. A designated space to host the base images and other artifacts
<@jflory7:fedora.im>
15:18:24
!info 3. A sustainable, documented Konflux pipeline for generating OCI artifacts
<@jflory7:fedora.im>
15:18:24
!info 2. Production-ready subproject artifacts (CoreOS, IoT, etc.) derived from those base images
<@jflory7:fedora.im>
15:18:24
!info 1. Official, production-ready Fedora base images
<@jflory7:fedora.im>
15:18:24
!info === Expected Outcomes ===
<@jflory7:fedora.im>
15:18:24
!info 8. A proposal or framework for an "experimentation" or "sandbox" SIG within Fedora, modeled after concepts from CNCF or Kubernetes.
<@churchyard:fedora.im>
15:18:44
the proposed outcomes all seem agreeable to
<@jflory7:fedora.im>
15:19:14
!info 4. Beta/nightly rolling releases of subproject artifacts (44)
<@jflory7:fedora.im>
15:19:14
!info 5. Fully supported production pipeline (45)
<@jflory7:fedora.im>
15:19:14
!info 6. Production (rolling) base images (45)
<@jflory7:fedora.im>
15:19:14
Dissolved initiative with retro and documentation published (post-45)
<@jflory7:fedora.im>
15:19:14
Permanent owners identified with clear documentation (post-45)
<@jflory7:fedora.im>
15:19:14
SIG creation (post-45)
<@jflory7:fedora.im>
15:19:14
Universal installer (stretch, 45)
<@jflory7:fedora.im>
15:19:14
!info 7. Production quality (rolling) artifacts from subprojects (45)
<@jflory7:fedora.im>
15:19:14
!info 2. A sustainable image hosting service (44)
<@jflory7:fedora.im>
15:19:14
!info === Success Criteria ===
<@jflory7:fedora.im>
15:19:14
!info 1. A clean development pipeline (44)
<@jflory7:fedora.im>
15:19:14
!info 3. Beta/nightly rolling releases of base images (44)
<@jflory7:fedora.im>
15:19:21
Oops,that was incomplete
<@jflory7:fedora.im>
15:19:40
!info 10. Permanent owners identified with clear documentation (post-45)
<@jflory7:fedora.im>
15:19:40
!info 8. Universal installer (stretch, 45)
<@jflory7:fedora.im>
15:19:40
!info 9. SIG creation (post-45)
<@jflory7:fedora.im>
15:19:40
!info 11. Dissolved initiative with retro and documentation published (post-45)
<@jflory7:fedora.im>
15:20:39
Well, ideally the Council would move more nimbly before work begins, but we should consider this context when taking a vote.
<@jflory7:fedora.im>
15:20:54
Does anyone have questions or things that feel necessary to bring up?
<@jflory7:fedora.im>
15:21:19
I admit that I am still wrapping my head around this a bit, but given the past context that this is a follow-up Initiative to a previous Initiative, and the scope seems well-defined, I feel positive to this
<@jflory7:fedora.im>
15:21:29
and Image Mode (or whatever we name it) is important for Fedora IMHO
<@jflory7:fedora.im>
15:21:53
Me too
<@t0xic0der:fedora.im>
15:21:59
Looks good from a 10k ft perspective - As long as they know what work entails as a part of this, we should be good 👍️
<@jflory7:fedora.im>
15:22:13
Did we have an Executive Sponsor identified yet?
<@jflory7:fedora.im>
15:22:21
Jef Spaleta: Is that you, given you have already been working with nimbinatus?
<@jonatoni:fedora.im>
15:22:45
yes, it is Jef Spaleta
<@jflory7:fedora.im>
15:23:10
Super. Then let's put this to a vote now. Knowing y'all did discuss this last time anyways, it doesn't feel like rushing
<@jflory7:fedora.im>
15:23:17
I have some catching up to do, but that is on me.
<@jflory7:fedora.im>
15:23:20
Let me write a proposed:
<@conan_kudo:matrix.org>
15:24:30
is Jef always the executive sponsor for initiatives?
<@conan_kudo:matrix.org>
15:24:44
because it's kind of weird to me that he is the sponsor for this
<@jflory7:fedora.im>
15:24:55
!proposed The Fedora Council approves the renewal of the bootc Initiative with @nimbinatus as the Initiative Lead and @jspaleta as the Council Executive Sponsor. The Initiative is projected to conclude by the end of F45 release cycle, thereby concluding around December 2026.
<@jspaleta:fedora.im>
15:24:56
no
<@jflory7:fedora.im>
15:24:58
+1
<@jflory7:fedora.im>
15:25:00
!group members council
<@zodbot:fedora.im>
15:25:02
Members of council: Aoife Moloney, Aleksandra Fedorova, Miro Hrončok, Dave Cantrell, jflory7 (@jflory7:fedora.im, @fca:fedoraproject.org), Jona Azizaj, Jef Spaleta, Petr Bokoč, pboy, Ryan Lerch, Akashdeep Dhar
<@jonatoni:fedora.im>
15:25:06
+1
<@jflory7:fedora.im>
15:25:23
Outside of his fill-in role on the git forge Initiative for Aoife, this would technically be his first that he is sponsoring
<@jspaleta:fedora.im>
15:25:25
In fact I'm not taking another one on... Just 1 at a time for me.
<@conan_kudo:matrix.org>
15:25:48
mmm
<@t0xic0der:fedora.im>
15:25:51
+1
<@churchyard:fedora.im>
15:25:54
+1
<@t0xic0der:fedora.im>
15:26:04
+1
<@pbokoc:fedora.im>
15:26:04
+1
<@jspaleta:fedora.im>
15:26:33
+1
<@jflory7:fedora.im>
15:28:00
bookwar, dcantrell: I believe y'all are the last two in quorum that we are looking for votes from.
<@dcantrell:fedora.im>
15:28:20
I thought I already voted
<@dcantrell:fedora.im>
15:28:24
well, +1 from me
<@jflory7:fedora.im>
15:28:38
Maybe you did, but I am going to make sure everything gets logged and recorded in the ticket this time
<@jflory7:fedora.im>
15:28:58
I didn't know y'all discussed this last time 🙂
<@bookwar:fedora.im>
15:29:11
+1 from me too
<@jflory7:fedora.im>
15:29:21
!info Recorded votes: `+8`/`0`/`-0`
<@jflory7:fedora.im>
15:29:21
!info Council members with recorded votes: @jflory7, @jonatoni, @churchyard, @t0xic0der, @pbokoc, @jspaleta, @dcantrell, @bookwar
<@jflory7:fedora.im>
15:29:32
!agreed The Fedora Council approves the renewal of the bootc Initiative with @nimbinatus as the Initiative Lead and @jspaleta as the Council Executive Sponsor. The Initiative is projected to conclude by the end of F45 release cycle, thereby concluding around December 2026.
<@bookwar:fedora.im>
15:29:37
Though my concern of Konflux does stay, I don't want to block on it
<@jflory7:fedora.im>
15:29:50
OK, great. nimbinatus will be on-boarded to the Council soon.
<@jflory7:fedora.im>
15:30:07
This is important, because we have a hackfest, or newly-named Strategy Summit, to be planning 🙂
<@jflory7:fedora.im>
15:30:18
and the summit could be a great venue for the bigger concerns that I missed last meeting
<@jspaleta:fedora.im>
15:30:23
that's not to say the exec sponsor can't change. If we come to a point where nimbinatus would prefer a different exec sponsor, or there's a good reason for me to fledge this and pick up a different initiative, horse trading in the future as long as nimbinatus is cool with the change will be fine with me. But i'm not going to pretend like I have the capacity to exec sponsor multiple things.
<@jflory7:fedora.im>
15:30:23
OK. We are tight on time.
<@jflory7:fedora.im>
15:30:29
30 minutes remaining. Let's go to the next two tickets.
<@jflory7:fedora.im>
15:30:33
Thanks folks for the quick vote!
<@jflory7:fedora.im>
15:30:50
!topic #552: Trademark Usage Approval Request for FedoraCVE.org
<@jflory7:fedora.im>
15:30:56
!link https://pagure.io/Fedora-Council/tickets/issue/552
<@jflory7:fedora.im>
15:31:02
Not sure if y'all discussed this one too last time.
<@jflory7:fedora.im>
15:31:08
I need a minute to review.
<@jspaleta:fedora.im>
15:31:20
noted. I think the only way to start addressing those concerns is to start engaging and finding the specific problems.
<@churchyard:fedora.im>
15:31:50
I don't have a problem with the trademark request. presumably, the domain name should probably owned by Fedora/Red Hat if it isn't already
<@bookwar:fedora.im>
15:31:51
This is new
<@jflory7:fedora.im>
15:32:40
!link https://github.com/FedoraCVE/fedora-cve-dashboard
<@bookwar:fedora.im>
15:32:44
mhroncok: the original disclaimer on that site was that it is not affiliated with Red Hat
<@jflory7:fedora.im>
15:32:46
Source code for the thing looks like GPL-3.0
<@jspaleta:fedora.im>
15:32:47
hmm. Do we have any mechanism for that? Definitely not a strong tie to the trademark usage right?
<@t0xic0der:fedora.im>
15:33:15
Not a problem with the trademark stuff but just like it was brought up internally, I think that the list could use some curation before it is shared in the open.
<@t0xic0der:fedora.im>
15:33:15
<@t0xic0der:fedora.im>
15:33:15
QA folks mentioned that a bunch of these reports are either very specific to the package maintainers or are something that we can't do much about as downstream.
<@jflory7:fedora.im>
15:33:17
So, who is actually _responsible_ for this though?
<@jflory7:fedora.im>
15:33:32
"We recently launched FedoraCVE.org, a community driven, non profit initiative built by two experienced security engineers from Red Hat Product Security"
<@jflory7:fedora.im>
15:33:39
Is there a nonprofit actually running this thing?
<@churchyard:fedora.im>
15:33:44
it's not a blocker for the trademark thing. more like: yes, let's use the Fedora brand here, but we allow it for a project of Fedora
<@conan_kudo:matrix.org>
15:33:46
No.
<@t0xic0der:fedora.im>
15:33:52
The Red Hat PSIRT
<@jflory7:fedora.im>
15:33:54
Or is it being produced by Red Hat engineers as part of their dayjob work, therefore putting some responsibility on Red Hat?
<@jflory7:fedora.im>
15:34:08
I like the concept in general, but I want to be clear on who "owns" this and who we are granting trademark approval to
<@conan_kudo:matrix.org>
15:34:11
From what I gather, it's 50/50
<@conan_kudo:matrix.org>
15:34:23
at least the ProdSec leadership is aware and supportive of it
<@churchyard:fedora.im>
15:34:26
maybe it is produced by Red Hat engineers in their free time, hence non profit?
<@conan_kudo:matrix.org>
15:34:50
I would consider it "supported by Red Hat" but not necessarily "sponsored" yet
<@jflory7:fedora.im>
15:34:53
There is one. misc knows a lot about this, and he can offer some tips for the CLE folks on how to do this properly. The secret process involves asking for forgiveness instead of permission 🌚
<@jspaleta:fedora.im>
15:34:55
a project aspiring to have a larger community?
<@conan_kudo:matrix.org>
15:34:57
supported = not shut down
<@conan_kudo:matrix.org>
15:35:12
I don't know about _that_, but it's something
<@bookwar:fedora.im>
15:35:17
This was discussed at FESCo meeting. But also not conclusive. There is some internal Red Hat communication regarding this effort, but it is currently seems to be a local initiative which may potentially grow into something more, but without clear plan at the moment
<@t0xic0der:fedora.im>
15:35:26
"Get things done, ask questions later" ;P
<@jflory7:fedora.im>
15:36:06
Maybe I should be careful about what I write in a logged, public meeting about this 😛 But anyways, it is not so critical to the whole effort.
<@jspaleta:fedora.im>
15:36:44
Something I need to have some friendly chats about? I'm still rebooting my brain from turkey coma. But I may have been aware of this as a project, just not the public website.
<@t0xic0der:fedora.im>
15:36:46
<@t0xic0der:fedora.im>
15:36:46
One of the things that came up was the maintainability of the dashboard entries and the team might have hires with their onboarding done via this action.
<@t0xic0der:fedora.im>
15:36:46
Yeah, it is intended to be opened up slowly to the community with promises of reactivating the Fedora Security SIG while they are at it.
<@jflory7:fedora.im>
15:36:53
Centering back on the topic then, it seems like this is an initiative being worked on by two Product Security engineers at Red Hat, who want to contribute back upstream and make CVE awareness a greater thing in Fedora. I see lots of ways that a tool like this could be helpful, and I have no issue with the Fedora logo appearing on this site.
<@jflory7:fedora.im>
15:37:15
I think having the logo appear on the site adds a lot of legitimacy to it, and given the close connection to Fedora and Red Hat, I think the use of the trademark is both appropriate and fair.
<@bookwar:fedora.im>
15:37:19
I think we can not make decisions on this topic until we understand future plans
<@conan_kudo:matrix.org>
15:37:21
I think this needs to be hosted on Fedora infrastructure though
<@conan_kudo:matrix.org>
15:37:33
I don't know where it is now, but it needs to be here
<@bookwar:fedora.im>
15:37:53
Is it meant to be just a dashboard and nothing more, is it meant to be an initiative to interpret and act on the data on the dashboard?
<@jflory7:fedora.im>
15:38:05
From a trademark perspective, I think the thing we are _usually_ sensitive about is plans for commercial activity. I don't see that here, and even if they were confusing about who owns this, it seems clear to me that making money is not a goal of this site
<@t0xic0der:fedora.im>
15:38:14
This. We have very little information on where it is hosted apart from the source code itself and the folks who are behind it 🤷
<@churchyard:fedora.im>
15:38:22
I don't think this needs to be hosted on Fedora infra at all.
<@jflory7:fedora.im>
15:38:28
This would be good feedback to send upstream, but I don't think this is for the Fedora Council to decide.
<@jflory7:fedora.im>
15:38:31
We are not owning this work
<@jflory7:fedora.im>
15:38:38
We are just approving the use of the Fedora logo here
<@jspaleta:fedora.im>
15:38:44
that would be a great future action. Not sure that's required for trademark approval.
<@conan_kudo:matrix.org>
15:38:50
not yet anyway :)
<@bookwar:fedora.im>
15:38:56
I want to be careful here, because we should not be hostile to open research
<@churchyard:fedora.im>
15:38:59
in fact, we host one things on github pages and it works :/
<@jflory7:fedora.im>
15:39:00
If someone external made this and called it "The Big Hat Database of CVEs", it would still be cool, but maybe less official feeling
<@churchyard:fedora.im>
15:39:16
in fact, we host some things on github pages and it works :/
<@conan_kudo:matrix.org>
15:39:25
the core reason is that we can keep the infra from blocking it from overpulling
<@conan_kudo:matrix.org>
15:39:35
since we can gate access technically
<@jflory7:fedora.im>
15:39:38
Here, let me try to write a `!proposed` to get a temperature check on where we are feeling on this, and whether we are all on the same page
<@bookwar:fedora.im>
15:39:40
If someone wnats to analyze Fedora project, its data, code, bugs and so on, they should be able to do it independently, and we should not be possessive about it
<@conan_kudo:matrix.org>
15:39:42
and it also forces the deployment to be open too
<@churchyard:fedora.im>
15:39:45
that's why I think the domain name needs to be owned
<@t0xic0der:fedora.im>
15:39:51
But the "unofficial-ness" should be stated explicitly, no?
<@conan_kudo:matrix.org>
15:40:17
that's fine, but then it shouldn't be using the fedora name everywhere and looking like an official site
<@conan_kudo:matrix.org>
15:40:26
it looks like our other sites, and that's an issue
<@jflory7:fedora.im>
15:40:37
(Also, FWIW, us saying "yes" today does not mean it is actually done. We _do_ actually have to talk to Red Hat Legal first about all trademark requests.)
<@bookwar:fedora.im>
15:40:37
That is what disclaimer was supposed to be doing
<@jspaleta:fedora.im>
15:40:40
until its in fedora infra... I think being explicit is good. How the trademark is used in the interface is the question for me.
<@jflory7:fedora.im>
15:41:10
OK, here comes a `!proposed`, because I do want to make sure we leave time for this thorny Weblate ticket that we have yet to cover.
<@bookwar:fedora.im>
15:41:31
This is why I think we need to understand the plan before choosing whether we ask to "not look like Fedora" or to "become a part of Fedora". Both options are perfectly fine and possible.
<@churchyard:fedora.im>
15:41:54
I would assume that such approval can be reverted later if we decide the thing is no longer "proper"
<@jflory7:fedora.im>
15:42:05
absolutely
<@churchyard:fedora.im>
15:42:39
and I think "look like Fedora" is completely OK for presenting Fedora data
<@jflory7:fedora.im>
15:43:05
!proposed The Fedora Council conditionally approves the use of the Fedora logo on the fedoracve.org website, pending final approval from Red Hat Legal trademark experts. The Fedora Council RECOMMENDS the use of a clear disclaimer on the site that the site is not officially managed or run by the Fedora community (to avoid our Fedora Infra team getting support requests when there are issues). The Fedora Council RECOMMENDS transferring ownership of the domain to Red Hat IT so it can be maintained and renewed in perpetuity by those responsible for the Fedora trademark.
<@jflory7:fedora.im>
15:43:07
+1
<@churchyard:fedora.im>
15:43:27
+1
<@t0xic0der:fedora.im>
15:43:47
Ambivalent about the looks here, really. I have (re)written a couple of applications for Fedora Infra in the past couple of quarters and while they have the blue and white tint, nothing else really states the likeness problem 🤷
<@t0xic0der:fedora.im>
15:43:52
+1
<@pbokoc:fedora.im>
15:44:01
+1
<@jspaleta:fedora.im>
15:44:46
+1
<@bookwar:fedora.im>
15:44:52
"look like" meaning blue theme and styling - is fine. "Look like" meaning official fedora statement on the state of CVEs - maybe not.
<@jonatoni:fedora.im>
15:44:56
+1
<@conan_kudo:matrix.org>
15:45:00
changing the color would be enough to make it look unofficial
<@conan_kudo:matrix.org>
15:45:05
just not being fedora blue makes a difference
<@conan_kudo:matrix.org>
15:45:35
it can be a off-brand blue for all I care
<@bookwar:fedora.im>
15:45:59
Blue color is not owned by Fedora.
<@jflory7:fedora.im>
15:45:59
I could make the recommendation for a more clear disclaimer on the state of CVEs stronger. WDYT?
<@jflory7:fedora.im>
15:46:28
It is not, but in the context of our registered trademark, it can be relevant
<@t0xic0der:fedora.im>
15:46:50
Sounds good. They could use the Fedora Project themes for all we care but as long as there is a textual statement of disclaimer that disconnects us from their endeavours - we should be good.
<@jflory7:fedora.im>
15:47:03
!proposed The Fedora Council conditionally approves the use of the Fedora logo on the fedoracve.org website, pending final approval from Red Hat Legal trademark experts. The Fedora Council RECOMMENDS the use of a clear disclaimer on the site that the site is not officially managed or run by the Fedora community (to avoid our Fedora Infra team getting support requests when there are issues), AND does not represent the state or management of CVEs in Fedora Linux. The Fedora Council RECOMMENDS transferring ownership of the domain to Red Hat IT so it can be maintained and renewed in perpetuity by those responsible for the Fedora trademark.
<@jflory7:fedora.im>
15:47:07
^^ a slight amendment
<@bookwar:fedora.im>
15:47:11
Justin Wheeler: right, my recommendation would be 1) have a disclaimer about ownership, the way that they have it already almost works, but also additionally 2) have a disclaimer about the interpretation of the data.
<@jflory7:fedora.im>
15:47:33
I am assuming mhroncok Jona Azizaj (she/her) Jef Spaleta Petr Bokoc Akashdeep Dhar (Out sick) are still +1
<@t0xic0der:fedora.im>
15:47:44
Yep.
<@pbokoc:fedora.im>
15:47:51
Yes
<@jflory7:fedora.im>
15:47:53
WDYT about the revised recommendation?
<@dcantrell:fedora.im>
15:48:11
correct, we all know blue was created and is owned by Eiffel 65 (https://www.youtube.com/watch?v=epnsRRPtoeU)
<@bookwar:fedora.im>
15:48:17
+1 from me
<@zodbot:fedora.im>
15:48:23
jflory7 gave a cookie to dcantrell. They now have 21 cookies, 1 of which were obtained in the Fedora 43 release cycle
<@t0xic0der:fedora.im>
15:48:44
Jk jk
<@jflory7:fedora.im>
15:48:54
dcantrell: 🤣 🤣
<@jflory7:fedora.im>
15:49:04
dcantrell: WDYT here?
<@dcantrell:fedora.im>
15:49:20
yeah, I'm ok with that. +1
<@jflory7:fedora.im>
15:49:29
!info Recorded votes: `+8`/`0`/`-0`
<@jflory7:fedora.im>
15:49:29
!info Council members with recorded votes: @jflory7, @churchyard, @t0xic0der, @pbokoc, @jspaleta, @jonatoni, @bookwar, @dcantrell
<@jflory7:fedora.im>
15:49:41
!agreed The Fedora Council conditionally approves the use of the Fedora logo on the fedoracve.org website, pending final approval from Red Hat Legal trademark experts. The Fedora Council RECOMMENDS the use of a clear disclaimer on the site that the site is not officially managed or run by the Fedora community (to avoid our Fedora Infra team getting support requests when there are issues), AND does not represent the state or management of CVEs in Fedora Linux. The Fedora Council RECOMMENDS transferring ownership of the domain to Red Hat IT so it can be maintained and renewed in perpetuity by those responsible for the Fedora trademark.
<@jflory7:fedora.im>
15:49:48
OK. Great!
<@jflory7:fedora.im>
15:50:06
Jef Spaleta: Traditionally, the FPL runs the trademark requests to Red Hat Legal. Can I action you for that? Do you know how/where to do this?
<@jflory7:fedora.im>
15:51:04
I am going to quickly action Jef while his attention is elsewhere 🙂
<@jflory7:fedora.im>
15:51:09
Oh, there he is.
<@jspaleta:fedora.im>
15:51:16
action me
<@jflory7:fedora.im>
15:52:19
!action @jspaleta Start a new ticket/email with Red Hat Legal (i.e. Richard Fontana, Jilayne Lovejoy, and Red Hat trademark lawyers) to request review of the use of the Fedora trademark on fedoracve.org
<@jflory7:fedora.im>
15:52:25
I think that's a wrap then.
<@jflory7:fedora.im>
15:52:28
8 minutes left…
<@jflory7:fedora.im>
15:52:34
A third ticket is ambitious.
<@jflory7:fedora.im>
15:52:41
But there was not an open call for other topics.
<@jflory7:fedora.im>
15:52:43
So let's try!
<@bookwar:fedora.im>
15:52:50
I want just to mention also this topic https://discussion.fedoraproject.org/t/fedora-council-tickets-ticket-550-a-new-community-policy-doc-on-what-to-expect-from-the-fedora-community/173152/3
<@jflory7:fedora.im>
15:52:59
!topic #553: translate.fp.org requires legal T&Cs agreement of Fedora contributors
<@jflory7:fedora.im>
15:53:05
!link https://pagure.io/Fedora-Council/tickets/issue/553
<@t0xic0der:fedora.im>
15:53:12
Yeah, I think Justin Wheeler wanted to keep it for later or something
<@jflory7:fedora.im>
15:53:37
bookwar: That link is in the front of my mind for other reasons, but I don't think it is as urgent. I was working with Ankur in another context to open that ticket, and I think it will be a great one for us to work on together
<@t0xic0der:fedora.im>
15:53:42
This.
<@jflory7:fedora.im>
15:53:44
But we don't have the time to cover it today, I think
<@jflory7:fedora.im>
15:53:46
But we will
<@jflory7:fedora.im>
15:53:52
Anyways—
<@jflory7:fedora.im>
15:53:55
This ticket seems a little dicey
<@jflory7:fedora.im>
15:54:09
!link https://pagure.io/fedora-l10n/tickets/issue/45
<@jflory7:fedora.im>
15:54:15
!link https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/ADYMRIYYSIFTTKZBKKYAEOX4S2HLQNRI/
<@jflory7:fedora.im>
15:55:07
I really need to see the T&C's to comment here
<@churchyard:fedora.im>
15:55:11
the terms are... unacceptable
<@jflory7:fedora.im>
15:55:16
It does seem absurd to transfer payment responsibilities to the user?
<@jspaleta:fedora.im>
15:55:52
So just for context... the terms have changed.
<@jspaleta:fedora.im>
15:55:59
So just for context... the terms have changed?
<@conan_kudo:matrix.org>
15:56:30
I just read it, I ain't agreeing to this
<@jspaleta:fedora.im>
15:56:34
The underlying issue here for us, isn't this particular service.. is how we should handle the situation when service terms change.
<@conan_kudo:matrix.org>
15:56:37
I don't want to be responsible for Fedora's payments
<@jflory7:fedora.im>
15:56:39
- "User: means any legal entity or natural person other than the Provider that utilizes the Service;"
<@jflory7:fedora.im>
15:56:39
- "User Account: means a user account with a unique access code and password in the Hosted Weblate web interface. Each User Account can be used by only one User;"
<@jflory7:fedora.im>
15:56:56
"The User is obliged to pay the Price based on the received tax documents (invoices) issued by the Provider. The Price is paid in advance, and the invoice is issued and delivered to the User within 5 working days after the end of each relevant period."
<@jflory7:fedora.im>
15:57:04
Yeah I can see why people don't like this
<@jflory7:fedora.im>
15:57:34
Well, the story behind Weblate is complicated. For a long time, there wasn't a real business behind it. But in 2025, they finally moved to a registered business entity in the Czech Republic
<@jflory7:fedora.im>
15:57:53
So, I assume the timing is related, and probably comes with… all of the annoying legal headaches involved with being a business
<@jflory7:fedora.im>
15:58:11
Realistically, it should be differentiated here from the entity responsible for payment, i.e. Red Hat
<@dcantrell:fedora.im>
15:58:27
time to move back to transifex
<@jflory7:fedora.im>
15:58:44
I have a very hard time seeing Weblate chasing after FOSS contributors for money, but I think this is something we can use our role as advocates to hopefully make this better
<@jflory7:fedora.im>
15:59:03
The uh, tricky situation on how we did not pay Weblate for a really long time adds complexity here, but I think we can resolve this
<@jflory7:fedora.im>
15:59:13
OK, there is probably not much to discuss now that I actually dig into this
<@jflory7:fedora.im>
15:59:25
Since the bills are more in my ownership area, I think this is just an action item for me
<@jflory7:fedora.im>
15:59:38
I don't see much value in discussing this outside of the fact that, yeah, this is not really cool
<@jspaleta:fedora.im>
15:59:44
Are we paying now? If we are paying now, need to figure out how to have a chat with them about this.
<@jflory7:fedora.im>
16:00:10
Siiiiigh. I think we are finally _about_ to pay or we just paid for the year. It is a long story that I cannot explain since we are out of time for this meeting.
<@jflory7:fedora.im>
16:00:20
IT and security policies suck sometimes.
<@conan_kudo:matrix.org>
16:00:33
hilariously weblate is the outgrowth of suse's funded open source translation service
<@jflory7:fedora.im>
16:00:37
!action @jflory7 Engage in existing communications with Weblate about new T&C's and confusion over who is ultimately responsible for paying the cost of Weblate for Fedora
<@conan_kudo:matrix.org>
16:00:42
like how transifex was ours
<@jflory7:fedora.im>
16:00:46
OK, so, we are at time.
<@jflory7:fedora.im>
16:00:50
and we do have to yield the channel.
<@jflory7:fedora.im>
16:00:56
I thought that was Zanata!
<@jflory7:fedora.im>
16:01:03
Thanks folks for your time and attention today!
<@jflory7:fedora.im>
16:01:13
This was a packed meeting and we did a good job at being mostly on time 🙂
<@t0xic0der:fedora.im>
16:01:16
Justin Wheeler++ for chairing
<@t0xic0der:fedora.im>
16:01:16
Coolio, see you folks around!
<@conan_kudo:matrix.org>
16:01:17
Zanata came after Transifex closed their code
<@jflory7:fedora.im>
16:01:23
Maybe we see some of y'all in two weeks or maybe not. If not, have a wonderful year-end!
<@jflory7:fedora.im>
16:01:25
!endmeeting