#fedora-meeting log

17:00:23 <jds2001> #startmeeting FESCo meeting 20091120
17:00:23 <zodbot> Meeting started Fri Nov 20 17:00:23 2009 UTC.  The chair is jds2001. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:23 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:26 <jds2001> #chair dgilmore dwmw2 notting nirik sharkcz jds2001 j-rod skvidal Kevin_Kofler
17:00:26 <zodbot> Current chairs: Kevin_Kofler dgilmore dwmw2 j-rod jds2001 nirik notting sharkcz skvidal
17:00:39 <jds2001> nirik: gimme 2 seconds past 17:00 :D
17:00:40 * nirik is here.
17:00:40 <Kevin_Kofler> #meetingname fesco
17:00:40 <zodbot> The meeting name has been set to 'fesco'
17:00:41 * skvidal is here
17:00:47 <Kevin_Kofler> Present.
17:00:50 <nirik> jds2001: sorry. ;)
17:00:57 <jds2001> np
17:01:21 * notting is here
17:02:03 <jds2001> i think we can get started....
17:02:15 <jds2001> #topic linville provenpackager membership
17:02:19 <jds2001> .fesco 274
17:02:20 <zodbot> jds2001: #274 (Linville requests "provenpackager" membership) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/274
17:02:22 <jds2001> +1
17:02:24 <skvidal> +1
17:02:29 <Kevin_Kofler> +1
17:02:36 <nirik> +1 from me. He does good work and has a good rationale.
17:02:37 * sharkcz is here
17:02:37 <notting> feedback was positive on the list - +1
17:02:40 <sharkcz> +1
17:02:41 <Kevin_Kofler> He clearly knows what he's doing. :-)
17:02:41 <j-rod> +1
17:02:43 * j-rod here now
17:03:12 <jds2001> #agreed Linville provenpackager membership is approved
17:03:23 <jds2001> #topic packagekit fiasco
17:03:26 <jds2001> .fesco 277
17:03:27 <zodbot> jds2001: #277 (what to do about the default user-can-install-pkgs policy kit setting for package kit) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/277
17:03:37 <jds2001> this has been pretty much decideded
17:03:41 <nirik> do we need to do anything here?
17:03:43 <jds2001> anything else on this topic?
17:03:47 <jds2001> dont think so.
17:03:47 <skvidal> yes
17:03:50 <skvidal> I think a lot more
17:03:57 <skvidal> it impacts critpath pkgs and changes
17:04:08 <nirik> right. I would say we should try and get a secuity policy in place that would have things like this reviewed
17:04:44 <skvidal> we need to determine what happens when a package makes a significant change to its behavior and we  are uninformed about it - when the pkg is critpath or default-install critpath
17:04:48 <jds2001> if you look at my blog post, from a security pov i dont see an issue. maybe im being too literal.
17:05:11 <notting> well, i think the ticket itself can be closed. or the subject changed.
17:05:11 <skvidal> jds2001: if you really want to be debate the security impacts of this - we can - but I think I can suffice to say I disagree with you
17:05:20 <Kevin_Kofler> If your argument is that local users can just boot into single user mode anyway, then let's do away with all the password prompts and just run everything as root.
17:05:29 <Kevin_Kofler> There's a reason we don't do that.
17:05:42 <skvidal> let's not debate security impact
17:05:43 <jds2001> Kevin_Kofler: that of course is absurd :D
17:05:51 <nirik> I think there are risks, all be them small.
17:05:57 <skvidal> let's only discuss significant behavior change
17:06:03 <jds2001> sounds good.
17:06:07 <Kevin_Kofler> jds2001: But it follows from your argument, ergo your argument is wrong. :-)
17:06:07 <skvidal> does anyone disagree that this is a significant behavior change?
17:06:08 <nirik> skvidal: so, what can we do?
17:06:26 * nirik does not. It clearly is.
17:06:45 <skvidal> nirik: I think we may need to talk about eval'ing changes to critpath pkgs independent of their association with a feature
17:06:57 <jds2001> skvidal: nope, no disagreement here
17:07:05 <Kevin_Kofler> I think the decision which they made is the right one (though what about updates? Are those still allowed without password prompts? Is that a good or a bad thing?)
17:07:08 <skvidal> and - to be clear -  I think we may want to consider making it law that owners of critpath pkgs have to hold themselves to a much different standard
17:07:11 <nirik> skvidal: ok, how can we do that though? there are lots of them.
17:07:21 <jds2001> Kevin_Kofler: updates never have been.
17:07:30 <nirik> Kevin_Kofler: they are allowed.
17:07:37 <nirik> jds2001: ?
17:07:40 <jds2001> nirik: they are?
17:07:42 <skvidal> nirik: the only way we can do anything. Hold them back until we get a sign off by the maintainer
17:07:54 <jds2001> i was under the impression they werent. my bad.
17:08:00 <skvidal> nirik: the biggest problem we ran into here was insufficient documentation and communication
17:08:02 <notting> sorry, be back in ~2 minutes
17:08:16 <jds2001> skvidal: 1000% agreed.
17:08:20 <skvidal> and after that
17:08:22 <Kevin_Kofler> That said, I really don't see why the PolicyKit and PackageKit folks don't want to support "remember authorization" anymore, IMHO that was the best solution.
17:08:22 * nirik is pretty sure they are. But I think they were in f11 as well, so thats not really a behavior change.
17:08:24 <skvidal> too little responsibility taken
17:08:29 <Kevin_Kofler> Now we're at the other extreme, where people have to enter the password all the time.
17:08:48 <nirik> skvidal: agreed on that.
17:08:51 <Kevin_Kofler> It's definitely better than "blanket allow", but I don't think it's the best ultimate goal.
17:09:05 <skvidal> the purpose of having the maintainer signoff that there are no significant behavior changes - is so we have a paper trail and, ultimately, an incident path
17:09:06 <basr> The flag that was allowing that has been removed from policykit
17:09:11 <nirik> how can we get maintainers to note these things, without massive slowdown to the entire distribution?
17:09:24 <skvidal> okay - let's stop discussing the technical specifics of the pk
17:09:26 <Kevin_Kofler> basr: Right, that's what I'm complaining about.
17:09:37 <Kevin_Kofler> That said, PackageKit could support this without PolicyKit support if it really wanted to.
17:09:43 <Kevin_Kofler> (I outlined a way to do this.)
17:09:46 * nirik nods. We should look at this in general. Nothing specific can help right now.
17:09:46 <jds2001> Kevin_Kofler: i think we're done talking about this specific thing, and have moved on to more general "large behavioral changes in critpath packages by surprise"
17:10:09 <skvidal> nirik: I don't want them to talk deeply - I just want them to submit a notice of behavior changes
17:10:13 <Kevin_Kofler> Another problem I've seen is the maintainer's initial attitude.
17:10:28 <Kevin_Kofler> Well, "the maintainers'" attitude, really.
17:10:29 <skvidal> nirik: if they've kept to the api and not broken things - then it is easy - they submit 'no changes' and sign off
17:10:51 <nirik> skvidal: ok, so in stable releases we could add a checkbox to bodhi. However, what happens for rawhide?
17:10:56 <skvidal> nirik: until they've signed off - we don't go anywhere
17:10:58 <jds2001> skvidal: submit to where? do we have infrastructure for this?
17:10:58 <Kevin_Kofler> davidz's "it's not my fault, leave me alone" reaction (when he was the one who removed the option from PolicyKit 1) was no good either.
17:11:04 <nirik> (which is the only place really that it should be breaking abi/behavior)
17:11:12 <dgilmore> skvidal: significant behavioural changes in any package should be well documented
17:11:21 <skvidal> jds2001: it's the same thing we're talking about for keeping rawhide  and the distro unbroken
17:11:23 <dgilmore> crit-path more so than the rest
17:11:36 <skvidal> jds2001: critpath pkgs require extra dilligence
17:12:02 <skvidal> if the maintainers don't want to do that work, then they need to find other pkgs to maintain
17:12:15 <skvidal> and if no one wants to do that work for that pkg then I think fedora is better off w/o that pkg
17:12:18 <jds2001> sure, of course they do - I'm just wondering how to enforce the signoff of "the behavior didnt change"
17:12:24 <nirik> perhaps we could have maintainers note in changelog: "- ABI or Significant behavior change in this version"
17:12:26 <jds2001> is that part of rel-eng or QA?
17:12:41 <Kevin_Kofler> skvidal: What if nobody wants to do that work for the kernel? ;-)
17:12:42 <skvidal> jds2001: it's a little of both - but, ultimately, it is probably part of  autoqa
17:12:43 <Kevin_Kofler> Or glibc?
17:12:46 <notting> the way you do this is with autoqa
17:12:55 <skvidal> Kevin_Kofler: we'll cross that bridge if/when we come to it
17:12:57 <skvidal> notting: right
17:13:01 <notting> which can tell you if new suid binaries are added, the policy for polkit changes, or similar things
17:13:04 <abadger1999> Kevin_Kofler: Can I sum up that concern as -- we have a paper trail but, how do we use that to change the behaviour of the person who is accountable in the end?
17:13:04 <nirik> would autoqa have caught the specific thing in this case?
17:13:13 <skvidal> nirik: no.
17:13:22 <jds2001> how can autoqa catch a behavior change?
17:13:22 <notting> well, it didn't exist at the time :)
17:13:30 <jds2001> it catches config file changes i guess.
17:13:45 <skvidal> jds2001: it can't - but it can say 'pkg X changes, are these changes stated to be non-behavioral'
17:13:46 <jds2001> but that's useless if you change the behavior of the code
17:13:46 <nirik> config files change all the time...
17:13:57 <notting> jds2001: there was no code change here
17:14:01 <skvidal> jds2001: what we're looking for is the maintainer saying "No, this is not going to break your stuff"
17:14:19 <dgilmore> autoqa could trigger a extra check if we tracked file changes and the file layout changed greatly
17:14:21 <skvidal> jds2001: or "yes, this could be a big deal"
17:14:28 <dgilmore> or even if files were added and removed
17:14:30 <skvidal> let's not worry about automating the checks.
17:14:33 <notting> but i'm still not sure how this helps if there aren't some sort of guidelines as to how to organize things by default
17:14:55 <Kevin_Kofler> Changing a PolicyKit default policy doesn't require adding or removing any file.
17:15:00 <Kevin_Kofler> Your check won't catch this.
17:15:12 <dgilmore> skvidal: :) the maintainers need to speak up when behaviour changes greatly
17:15:19 <nirik> wouldn't it be easier to make it a negative default?
17:15:29 <skvidal> nirik: it would be.
17:15:29 <Kevin_Kofler> Moreover, in this case, it'd just have caught that things got ported to PolicyKit 1, the related behavior changes would have went unnoticed.
17:15:31 <notting> given the check hasn't been written yet, i don't think you can conclusively state what it won't do
17:15:32 <jds2001> Kevin_Kofler: it catches md5 changes in the config files :)
17:15:32 <nirik> ie, anytime behavior _does_ change, note it.
17:15:35 <jds2001> go look at the code :)
17:15:54 <skvidal> nirik: anytime the pkg is updated. yes
17:15:55 <Kevin_Kofler> People already knew that things were being ported.
17:16:03 <notting> jds2001: <bikeshed> wrong hash! </bikeshed>
17:16:03 <Kevin_Kofler> But nobody expected such a big change in the default policy.
17:16:06 <skvidal> hell, we could do it in cvs if we desperately needed to
17:16:08 <basr> I think part of the problem is that this developer /did/ know this would change behavior and didn't care
17:16:09 <drago01> can someone define "significant behavior changes" ?
17:16:18 <nirik> the questions I have are: how do they note this? who do they note it to? We should make it easy so as not to slow down things with red tape.
17:16:20 <skvidal> drago01: doesn't matter
17:16:22 <jds2001> notting: :)
17:16:31 <skvidal> nirik: I WANT to slow things down
17:16:39 <skvidal> nirik: this problem is due to lack of communication and haste
17:16:51 <drago01> skvidal: sure it does ... if you need this process for almost every change it does not scale
17:16:56 <jds2001> for critpath i agree with skvidal
17:16:57 <nirik> skvidal: no. this change was made long ago... not really last minute and hasty
17:17:03 <skvidal> drago01: for critpath changes
17:17:06 <Kevin_Kofler> basr: That, and almost nobody else knew about it.
17:17:18 <skvidal> nirik: haste is what caused no one to mention it or bring it up
17:17:18 <EvilBob> basr: one could say they did know, knew what the response would be so they kept quiet about it?
17:17:26 <notting> the maintainer is already giving his implicit seal of approval by building the package. i'm not sure an additional 'are you sure' is help
17:17:33 <Kevin_Kofler> Maybe some of the GNOME people from the RH Desktop Team knew, but they didn't tell anybody.
17:17:37 <notting> EvilBob: well, if you want to match your nickname, sure
17:17:41 <skvidal> notting: the additional 'are you sure' is not about will it build
17:17:56 <nirik> skvidal: it was not very apparently until after release. I don't think it was haste. ;)
17:17:59 <skvidal> notting: the 'are you sure' is about is this going to surprise people
17:18:04 <jds2001> EvilBob: i dont attribute this at all to malice.
17:18:36 <Kevin_Kofler> skvidal: But it won't help.
17:18:42 <nirik> anyhow, I think it's a good idea to get maintainers of critpath packages to note when exactly they make significant behavior changes in their packages.
17:18:44 <Kevin_Kofler> Because the maintainer WAS sure about what he was doing.
17:18:44 <skvidal> won't help WHAT? the point is notification
17:19:01 <skvidal> it's not about them being SURE
17:19:05 <skvidal> it's about behavior changes
17:19:09 <nirik> skvidal: would you be willing to write up a proposal for us? I don't think there is anything we can agree on right now without details?
17:19:09 <jds2001> Kevin_Kofler: notification to ppl other than the maintainer, to be clear.
17:19:17 <skvidal> even the maintainer acknowldges that this is a significant change
17:19:17 <notting> skvidal: no frozen rawhide intends to work via bodhi. so, we already have a mechanism for this, more or less
17:19:27 <skvidal> notting: indeed
17:19:36 <dgilmore> I think that they looked at one target thought it would be o for that and did not consider any target market outside if that.  but i dont think it was malicious in intent
17:19:37 <nirik> notting: thats only later in the cycle tho isn't it? or is that always?
17:19:56 <notting> nirik: it's after the feature freeze, as it's currently written
17:20:10 <nirik> notting: right, so it could change a bunch before that and not use that method.
17:20:13 <Kevin_Kofler> dgilmore: Of course not, rhughes is not out to backdoor our machines! ;-)
17:20:54 <Kevin_Kofler> The intent isn't the problem, the result and the initial reactions to the complaints are.
17:20:59 <skvidal> nirik: I can write up something, yes.
17:21:01 <notting> nirik: that's why i'd like an autoqa mechanism better. note the changes, log them, publish them
17:21:13 <jds2001> skvidal: cool
17:21:20 <nirik> notting: yeah, we shouldn't have a window where it's not noted.
17:21:22 <skvidal> all I really want to bring up here
17:21:48 <skvidal> is that fesco is comfortable that critpath and desktop-critpath pkg maintainers  will require more work
17:22:02 <dgilmore> skvidal: im fully ok with that
17:22:09 <jds2001> #action skvidal will write up a proposal for notification of major behaviroal changes in critical path packages
17:22:12 <jds2001> skvidal: i am too
17:22:14 <nirik> skvidal: I think thats reasonable. We might also ask them to sign up more co-maintainers if they feel the work is more.
17:22:22 <notting> well, obviously depends on what that 'more work' is, but sure
17:22:45 <notting> jds2001: should we close the original ticket?
17:22:51 <jds2001> anyhow, anything more here or shall we move on? I think we've exhausted this topic for now.
17:22:54 * nirik thinks so.
17:23:04 <dgilmore> jds2001: i think its exhausted
17:23:05 <jds2001> notting: yeah
17:23:08 <skvidal> one more thing
17:23:14 <skvidal> I'd like to take a straw poll on something
17:23:25 <jds2001> go for it
17:23:33 <Kevin_Kofler> jds2001: I think we really need to discuss the attitude issue.
17:23:48 <skvidal> if the pkg had not been patched today. Who here would have been in favor of patching to require root auth to install signed pkgs?
17:23:51 <Kevin_Kofler> The initial reactions to the complaints were outright arrogant.
17:23:52 <skvidal> +1
17:24:05 <dgilmore> skvidal: +1
17:24:06 <EvilBob> +1
17:24:08 <jds2001> 0
17:24:08 <sharkcz> +1
17:24:11 <nirik> skvidal: I would have voted to revert the behavior.
17:24:24 <basr> +1
17:24:33 <skvidal> EvilBob, basr: you're not on fesco, please don't do that
17:24:40 <basr> Sorry
17:24:43 <jds2001> Kevin_Kofler: not much we can change about that.
17:24:53 <Kevin_Kofler> skvidal: +1, I'd have voted for that too.
17:25:02 <skvidal> notting:?
17:25:14 <nirik> Kevin_Kofler: yeah, what would you expect to be done there?
17:25:18 <skvidal> j-rod:? dwmw2?
17:25:19 <abadger1999> jds2001: really, there is... but fesco would have to be willing to do it.
17:25:19 <notting> skvidal: i don't think it's necessarily appropriate behavior for the package collection as a whole. i'm fine with it as a spin-specific configuration
17:25:31 * dwmw2 here
17:25:39 <skvidal> notting: would you have voted to change the behavior?
17:25:48 <skvidal> dwmw2: ?
17:25:55 <skvidal> would you have voted to change the behavior?
17:25:58 <dwmw2> I'd have voted to change the behaviour
17:26:01 <dwmw2> sorry I'm late
17:26:07 <skvidal> dwmw2: it's okay
17:26:10 <notting> skvidal: did i not just say so?
17:26:11 <Kevin_Kofler> That said, IMHO there needs to be a way to remember authorizations, I don't care if it's done in PolicyKit, in the auth agent or in PackageKit. I think that feature addressed the "single user desktop" usecase (which this ill-fated policy tried to address) perfectly.
17:26:17 * nirik thinks that they were bad attitude on many folks part here.
17:26:21 <jds2001> abadger1999: fesco can change personalities?
17:26:24 <dwmw2> anyway, it's done now
17:26:32 <skvidal> okay. we have a quorum - that's what I wanted to check on
17:26:33 <jwb> well, it's getting done
17:26:33 <skvidal> thanks
17:26:37 <jwb> it's not available yet
17:26:37 <notting> Kevin_Kofler: that's an issue for policykit upstream, and i think *very* irrelevant for fesco
17:26:41 <abadger1999> jds2001: reprimands, forced takeover of package, stripping of package maintainer rights... the problem is that fesco doesn't have a lot of middle ground options, only big gun options.
17:26:53 <jds2001> yeah :(
17:27:00 <Kevin_Kofler> notting: PackageKit can remember policies on its own.
17:27:07 <notting> and, well, if we did that every time someone showed bad attitude, we'd have a lot of FESCo members missing packages
17:27:12 <dwmw2> we _do_ have middle ground options. We can express a sternly worded opinion. But people will just ignore it :)
17:27:14 <jwb> i think you guys are focusing a bit too much on the specifics
17:27:20 <notting> Kevin_Kofler: again, an upstream discussion, IMO.
17:27:21 <Kevin_Kofler> It can be done at application level, in the privileged helper.
17:27:25 <jds2001> anyhow, let's move on
17:27:32 <adamw> +1 for jwb - i think what needs to be discussed here is an appropriate process/policy level response
17:27:33 <nirik> abadger1999: right.
17:27:41 <adamw> what needs to be changed in fedora policies + processes so this doesn't happen again
17:27:50 <jwb> right
17:27:51 <nirik> abadger1999: basically nothing (yelling at them) and then removing privs... nothing in the middle
17:28:06 <nirik> adamw: we just discussed that... ;)
17:28:08 <jds2001> adamw: and skvidal is going to be drafting something to that effect.
17:28:09 <dwmw2> adamw: I don't think it's something that can be "fixed" in that way.
17:28:13 <adamw> nirik: well i read it, but it seems to have petered out
17:28:24 <adamw> i can wait for skvidal to draft something though. :)
17:28:34 <jds2001> #topic intellij IDEA
17:28:39 <jds2001> .fesco 272
17:28:40 <zodbot> jds2001: #272 (Intellij IDEA - https://fedoraproject.org/wiki/Features/IntelliJ_IDEA) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/272
17:28:42 <abadger1999> dwmw2: I was thinking more like: mandatory "getting along with customers" training sessions, etc.
17:28:42 * lkundrak here
17:28:50 <Kevin_Kofler> Maybe at least the "yelling at them" part should be tried? ;-)
17:28:56 <dwmw2> abadger1999: "How to avoid promoting an attitude of violence" ?
17:29:08 <j-rod> sorry, got distracted...
17:29:15 <abadger1999> (When thinking of thingswe don't have the ability to do) -- yep.  as a training session :-)
17:29:19 <notting> dwmw2: i think you'd have to write that
17:29:35 <abadger1999> Would attend the dwmw2 class for sure :-)
17:29:36 <notting> *anyway*, IDEA.
17:29:38 <jds2001> anyhow....
17:29:39 * lkundrak has a cheatsheet, sort of https://fedoraproject.org/wiki/Talk:Features/IntelliJ_IDEA
17:30:17 <jds2001> cool :)
17:30:23 <jds2001> open sourcing closed stuff is good
17:30:42 <jds2001> but I searched for IDEA and found that I could pay $600 or so for it.
17:31:03 <lkundrak> the community edition is licensed under ASL 2.0 license
17:31:07 <jds2001> is this more like a "core/enterprise" type business model.
17:31:08 <jds2001> ?
17:31:13 <Kevin_Kofler> Looking at the polls, it appears to be the third most popular Java IDE despite having been proprietary and expensive so far.
17:31:21 <Kevin_Kofler> So it does have potential.
17:32:40 <Kevin_Kofler> I think promoting this as a feature, emphasizing the fact that it's newly Free Software ("Freedom") and that we're right there to ship it ("First"), is a good idea.
17:32:56 <jds2001> if we're the first major distro to ship IDEA, it's a good feature
17:33:02 <dgilmore> i think im +1 for this,  in part to maybe attract new users and in part to say look its great when you open source your code base
17:33:03 <Kevin_Kofler> On the other hand, is the Community Edition fully featured or is it some sort of crippleware?
17:33:20 <notting> so, essentially, this is like the old mysql?
17:33:34 <Kevin_Kofler> (I hate those "open source releases" which are basically demo versions for the proprietary "enterprise" version.)
17:33:49 <jds2001> old? I thought mysql still had that business model.
17:34:10 <dwmw2> demo for oracle? :)
17:34:13 <nirik> I think I am +1 as well... first and helping distribute newly freed stuff is part of our mission. I think advertising it as a feature is good as it will get notice that it's out there and that Fedora is bringing it along first.
17:34:14 <notting> oracle has many business models :)
17:34:38 <nirik> lkundrak: adding a Whiteboard "Featurereview" or something (coordinate with tibbs ?) might be good. That can make sure they all get reviewed in time.
17:34:56 <Kevin_Kofler> lkundrak: How fully featured is the Community Edition?
17:34:59 <dgilmore> Kevin_Kofler: http://www.jetbrains.com/idea/nextversion/editions_comparison_matrix.html
17:34:59 <notting> "Briefly, in the free Community Edition you’ll get all the Java code support — various refactorings and code inspections, coding assistance; debugging, TestNG and JUnit testing; CVS, Subversion and Git support; Ant and Maven build integration; and Groovy and Scala support (through a separate plugin)."
17:34:59 <lkundrak> nirik: you mean in bugzilla?
17:35:02 <jds2001> or have a master bug for the feature
17:35:15 <nirik> lkundrak: yes
17:35:32 <notting> that sounds reasonable enough to me. +1
17:35:40 <jds2001> +1
17:35:42 <sharkcz> +1
17:35:54 <nirik> a common term for whiteboard that marks any reviews needed for features would be better than a blocker, IMHO
17:35:55 <dwmw2> +1
17:35:56 <Kevin_Kofler> dgilmore: Hmmm, that looks a lot like crippleware. :-(
17:35:58 <tibbs> Some observations from a package review guy:
17:36:04 <Kevin_Kofler> Do we really want to promote this business model?
17:36:07 <skvidal> +1, provided the feature set doesn't diminish after it gets in
17:36:16 <tibbs> Blocker bug is good; I can generate a separate report from it.  Whiteboard is OK as well.
17:36:33 <notting> hm
17:36:33 <tibbs> I don't know how many packages there are, but it's in java and that means two things:
17:36:40 <lkundrak> Kevin_Kofler: it's obviously targetted at JVM developers, mostly the "poor open source developer" ones I'd guess. fully featured are scala/groovy/java support. what's missing is support for rails and other frameworks, which is rather popular, to admit
17:36:46 <dwmw2> the community edition is better than the "ultimate" one. It doesn't work with VSS
17:36:47 <tibbs> The review pool for java is much smaller.
17:36:48 <dwmw2> or Perforce
17:36:53 <dgilmore> +1 from me. but we should keep tabs that it doesnt lose features
17:37:02 <lkundrak> Kevin_Kofler: lots of useful open source plugins available though
17:37:02 <notting> however, whatever we ship shouldn't have things like "go here to upgrade now"
17:37:04 <notting> etc.
17:37:05 <tibbs> Java packages tend to be difficult to review because of all the embedding of other code that goes on.
17:37:25 <lkundrak> Kevin_Kofler: it might be that jetbrains open source some more, or community adds ones, but I'd rather not rely on it
17:37:30 <tibbs> So please give us as much time as possible, and if you want to cram 40 packages through the review process you almost certainly won't make it before F13.
17:37:41 <Kevin_Kofler> -1, the community edition appears to be intentionally crippled, IMHO we shouldn't advertise that stuff.
17:37:50 <jds2001> #agreed IntelliJ IDEA feature is accepted for F13
17:38:31 <jds2001> #topic better hostname
17:38:32 <nirik> lkundrak: there isn't any nagware junk in it is there?
17:38:41 <jds2001> .fesco 278
17:38:41 <lkundrak> tibbs: we the core is mostly packaged, and feature team of more than one person guarrantees that there's someone to review. moreover the java packages seem to be pretty demanded, so people grab those reviews quickly
17:38:44 <zodbot> jds2001: #278 (Better Hostname - https://fedoraproject.org/wiki/Features/BetterHostname) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/278
17:38:48 <lkundrak> nirik: what's nagware?
17:38:59 <skvidal> lkundrak: "you should upgrade"
17:39:01 <notting> lkundrak: "please buy the Enterprise Edition!"
17:39:02 <Kevin_Kofler> The big problem with that sort of crippleware is that if the community wants to implement those features, they'll get rejected because they're intentionally not supported. :-/
17:39:02 <skvidal> every 10 minutes
17:39:05 <nirik> lkundrak: it doesn't pop up or say "please download the pay version"
17:39:11 <notting> although i think there's already a guideline for that
17:39:20 <tibbs> lkundrak: Your definition of "quickly" must differ from mine, given the java packages that sit around for months with no reviewer.
17:39:23 <lkundrak> there's none, I'm quite sure, I've run that thing for some time.
17:39:45 <nirik> lkundrak: great.
17:39:59 <dwmw2> BetterHostName seems like a good idea, but can we please make sure that we don't lose the ability to look at the login screen and know the machine's IP address?
17:40:00 <jds2001> cool
17:40:13 <Kevin_Kofler> And people are also not motivated to write code which exists and is just being withheld for political/business reasons.
17:40:17 <dwmw2> I often look at the login prompt and then ssh in.
17:40:23 <Kevin_Kofler> So those features are likely to never come.
17:40:30 <tibbs> I'll go ahead and add a separate report for packages marked with FeatureReview in the whiteboard.
17:40:33 <dwmw2> jds2001: is the cacert thing on the agenda, btw?
17:40:45 <jds2001> dwmw2: i thought so
17:40:52 <jds2001> maybe i forgot
17:40:59 <Kevin_Kofler> Re BetterHostname, this thing calls itself "xdg", but is very much GNOME-specific.
17:41:08 <Kevin_Kofler> I see no effort to integrate it with KDE whatsoever in the feature plan.
17:41:11 <jds2001> i guess not :(
17:41:16 * dgilmore doesnt understand this feature at all
17:41:24 <nirik> yeah, it's very gnome specific it seems.
17:41:25 <dgilmore> maybe because i use KDE and not gnome
17:41:36 <dgilmore> but i dont get what it is trying to achieve
17:41:42 <notting> dgilmore: 'being able to present a hostname to the user that's not dhcp241124.az.rr.com, without breaking thigns'
17:41:46 <nirik> it's a way to display a nice "My computer named Bob" in your file manager, etc it seems
17:42:15 <wwoods> AFAICT none of it is actually GNOME-specific. The KDE implementation/changes are left out, for the KDE SIG/devs to fill in.
17:42:22 * nirik notes Thunar (Xfce file manager) should be going to GIO, so in theory it could use this, but that will be in 4.8
17:42:40 <dgilmore> notting: like a secondary name for a computer?
17:43:01 <jds2001> something of the sort, yeah
17:43:01 <Southern_Gentlem> sorry one word for this is bloat
17:43:07 <dgilmore> "Dennis's Desktop"
17:43:12 <notting> dgilmore: a persistent name, if you will
17:43:12 <dgilmore> or something like that?
17:43:15 <wwoods> there's a *plan* to support the (DE-neutral) service in GNOME. Nothing about that excludes there being a KDE implementation.
17:43:38 <nirik> it also seems to plan to write to /etc/hostname, etc... so you could use it for other things command line, etc.
17:43:42 <dgilmore> notting: we have that now.  its stored in /etc/sysconfig/network
17:43:46 <wwoods> so the plan as listed is "GNOME-specific", yes, but the service/feature is desktop-neutral
17:43:46 <Kevin_Kofler> I see this as a pretty much pointless gimmick.
17:44:11 <skvidal> notting: help me understand something
17:44:24 <skvidal> when I set my hostname in anaconda to 'mylaptop'
17:44:34 <skvidal> it says that when I login and at the prompt
17:44:44 <skvidal> independent of what my ip address/hostname  is
17:44:51 <skvidal> where is this otherwise?
17:45:02 <dgilmore> grep HOST /etc/sysconfig/network
17:45:02 <dgilmore> HOSTNAME=pegasus.ausil.us
17:45:28 <jds2001> yeah im not sure what this is.
17:45:30 <Kevin_Kofler> KDE doesn't really display a hostname outside of KDM at all.
17:45:40 <jds2001> does it somehow expose this other hostname outside the local machine?
17:45:48 <nirik> so this replaces the network / hosts version?
17:45:58 <wwoods> it would probably help if you bothered to actually read the documentation.
17:45:59 <nirik> or its alongside it?
17:46:08 <skvidal> wwoods: can the attitude. thanks.
17:46:11 <dgilmore> right now im -1 on this feature.  we can revisit if they have some tangiable useful extra information to provide
17:46:12 <wwoods> "It is important to understand that the display hostname and hostname are different on a conceptual level; many of the the observations in section 4.4 of the DNS-SD Draft applies here."
17:46:18 <Kevin_Kofler> I don't quite see the point of saying "Tony's Computer" instead of "My Computer" or "This Computer" on the machine itself.
17:46:34 <notting> "Compared to the traditional hostname (which normally conforms to section 3.5 of RFC 1034  with the hostname being a label: 7 bit ASCII without special characters, whitespace or dots) the display hostname is UTF-8. "
17:46:53 <dwmw2> can't the traditional hostname be IDN now?
17:47:01 <dwmw2> we should make sure we get _that_ right
17:47:20 <Kevin_Kofler> dwmw2: Right.
17:47:31 <Kevin_Kofler> I'm pretty sure there are many issues lurking with that.
17:47:33 <dwmw2> that would seem to be sufficient to render this feature unnecessary, right?
17:47:37 <Kevin_Kofler> And they should be fixed.
17:47:45 <wwoods> okay but now you're drafting an *alternate* specification to implement this feature
17:47:46 <dwmw2> IDN is a bit of a clusterfuck all round really.
17:48:00 <dwmw2> wwoods: nah, we're just saying "no" :)
17:48:01 <abadger1999> wwoods: Where does the mapping get done?  Locally or is it advertised by the remote computer?
17:48:01 <dwmw2> -1
17:48:10 <dgilmore> -1
17:48:34 <notting> +1
17:48:36 <wwoods> abadger1999: both.
17:48:43 * nirik is not against the idea, but is still trying to see the impacts.
17:48:44 <jds2001> so i guess we need to clarify what '-1' means in this context.
17:49:07 <jds2001> generally, it means that we dont advertise it as a feature
17:49:09 <dwmw2> jds2001: I mean it as "I don't see the point. If we fix stuff so that IDN works, now tell me what the point is"
17:49:23 <skvidal> abadger1999: In the hostname editing dialog, change the display hostname and icon. Verify that this change is reflected in services that advertised via DNS-SD such as file sharing, remote desktop sharing and DAAP music sharin
17:49:24 <wwoods> dwmw2: I don't think you actually understand the point of the feature.
17:49:40 <dwmw2> wwoods: you're right.
17:49:44 <wwoods> "Hostname data is defined to include more than just the regular hostname, it also includes a display hostname, an icon and possibly more items in the future. Hostname data is usually a user preference and is stored in a persistent local database."
17:50:05 <wwoods> the hostname of my system can stay whatever the DHCP admin wants it to be - dhcp-xxx-yyy
17:50:25 <dwmw2> so it's a pretty UTF-8 "Computer Name", not hostname
17:50:26 <wwoods> but this service allows me to change e.g. the machine name used in DNS-SD queries
17:50:35 <jds2001> +1
17:50:47 <jds2001> and you also get an icon and things like that :)
17:51:07 <dwmw2> doesn't sound entirely insane, when you explain it like that. Is it really a _feature_
17:51:10 <dgilmore> wwoods: i find that to be in bad taste. what if 10 janes on a corporate network set there machine to be "Jane's Computer"
17:51:11 <skvidal> so this is appletalk name broadcast
17:51:24 <dgilmore> skvidal: seems so
17:51:27 <Kevin_Kofler> I'm unhappy with the way the "xdg" namespace is being abused here, but I guess that's an issue for upstream fd.o, not for us.
17:51:33 <wwoods> skvidal: similar, but it's the DNS-SD specification
17:51:59 <wwoods> see e.g. http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt
17:52:02 <skvidal> nod
17:52:06 <notting> skvidal: you know, i've tried to bury what knowledge i have of zones
17:52:18 <skvidal> if we reject this feature
17:52:23 <wwoods> so this is an IETF-targeted standardized form of that sort of nicety
17:52:23 <skvidal> are we just going to get it stuck in anyway
17:52:24 <Kevin_Kofler> dgilmore: You have a good point there.
17:52:27 <skvidal> without any approval?
17:52:40 <Kevin_Kofler> There's a reason DCHP hostnames are autogenerated to be unique.
17:52:42 <skvidal> wwoods: "nicety" is hardly the word I used for appletalk broadcasts
17:52:43 <jds2001> skvidal: that's why i said we need to define what '-1' means
17:52:44 <abadger1999> wwoods: How does the service keep a mapping consistent?  For instance if two remote locations decide to advertise as "Secure Network Storage"  Is there conflict resolution or what?
17:52:47 <rdieter> Kevin_Kofler: +1 the xdg thing, but it does reflect poorly on fedora by promoting it
17:52:55 <wwoods> they aren't hostnames, is the point
17:52:57 <dwmw2> skvidal: probably. The feature process has always been a bit odd like that; we're deciding whether it's something to shout about in the release notes, not whether we should _do_ it or not
17:53:02 <notting> skvidal: is there really strong objection on the grounds of 'you should not do this'?
17:53:05 <sharkcz> using hostname in this context is confusing, "Computer Name" would be IMHO better, but +1 to the feature
17:53:07 <wwoods> they act more like TXT records
17:53:10 <skvidal> notting: I have a couple, yes.
17:53:21 <nirik> abadger1999: good point.
17:53:30 <skvidal> wwoods: and for purposes of 'browsing' cause the ambiguity
17:53:31 <wwoods> there's a further mapping for doing service-hostname to .local namespace hostname
17:53:44 <wwoods> which IIRC does its own magic to avoid duplicate hostnames
17:53:48 <wwoods> but again this is all in the docs
17:53:49 <Kevin_Kofler> wwoods: They'll be shown to users instead of hostnames.
17:53:49 <dgilmore> notting: i think we should not do this period
17:54:21 <wwoods> it's all well-documented IETF-tracked standards with long-discussed implementations by people much smarter and beardier than me
17:54:31 <dgilmore> wwoods: doesnt mean its good
17:54:35 <nirik> wwoods: can you point to the conflict resolution methods in this? I can't see it off hand...
17:54:36 <Kevin_Kofler> So if there's a shared file server called "Shared File Server" and I call my machine "Shared File Server" too, people are going to accidentally trust their files to me.
17:54:38 <wwoods> so probably you should trust the docs for implementation details
17:54:44 <skvidal> wwoods: to be clear the IETF has ratified all sorts of crazy
17:54:51 <wwoods> rather than trying to pick apart the feature based on my quick reading thereof
17:55:11 <skvidal> wwoods: and "trust what this other group has done" gets us in a lot of trouble, typically.
17:55:14 <skvidal> okay
17:55:15 <skvidal> so
17:55:18 * nirik would like to defer, and ask about conflict resolution and ability for other desktops to use this.
17:55:27 <notting> nirik: it's a d-bus service
17:55:38 <notting> nirik: that's fairly desktop-neutral
17:55:43 <wwoods> the display hostname is AFAIK only used for service browsing
17:55:56 <jds2001> just because there's no frontend for KDE doesn't mean there *can't* be.
17:56:11 <wwoods> and there's no requirement for unique names there
17:56:11 <notting> jds2001: what's the current tally?
17:56:15 <nirik> yeah, but I thought it used GIO ?
17:56:30 <abadger1999> I'm just worried about security in this setup.
17:56:32 <jds2001> notting: id have to go through scrollback, gimme a sec
17:56:35 <Kevin_Kofler> wwoods: There is if you want your users to know what machine they're trusting their data to.
17:56:43 <notting> nirik: they are adding a gio interface to the dbus service
17:56:52 * dgilmore proposes that until this is fully evaluated we ban it from fedora. it seems to be a road to insanity
17:57:00 <jds2001> 2 +1, 2 -1
17:57:01 <dgilmore> until we can be sure its not we should play it safe
17:57:05 <abadger1999> We talk about DNS poisoning at times... this seems like it would be subject to the same issue.
17:57:08 <nirik> notting: ok.
17:57:16 <wwoods> ...
17:57:21 <jds2001> yeah
17:57:26 <Kevin_Kofler> +1 to dgilmore
17:57:40 <jds2001> let's defer this until we can read it more thouroughly, and figure out about conflicts.
17:57:49 <wwoods> perhaps I wasn't clear. the feature specifies that the "display hostname" is not. used. as. a. hostname.
17:57:55 * nirik is -1 then i guess without more info.
17:57:55 <jds2001> any objections to that?
17:58:02 <wwoods> so any mention of DNS problems here is completely my mistake
17:58:11 <wwoods> this feature has no impact on actual network hostnames.
17:58:16 <Kevin_Kofler> wwoods: But users still get confused.
17:58:18 <nirik> wwoods: correct.
17:58:21 <jds2001> right
17:58:27 <Kevin_Kofler> Because the UI is showing them the display hostname instead of the real one.
17:58:28 <nirik> but it does change advertised services.
17:58:34 <notting> Kevin_Kofler: no.
17:58:35 <jds2001> but what if there are to "Jane's Computer"
17:58:35 <skvidal> wwoods: umm in the testing
17:58:40 <Kevin_Kofler> So social engineering is trivial.
17:58:42 <notting> it shows them the hostname *the other machine advertises*
17:58:49 <skvidal> it says it checks to make sure it is consistent in the DNS-SD advertised information
17:58:55 <notting> that social engineering attack exists today whether or not we do this
17:58:59 <notting> this changes that *not one bit*
17:59:21 <jds2001> anyhow
17:59:32 <jds2001> can we just defer this and move on?
17:59:35 <nirik> notting: what does it do when 2 people advertise the same name?
17:59:45 <dwmw2> jds2001: +1
17:59:49 <sharkcz> jds2001: +1
17:59:51 <wwoods> then you see two things that say "zebes music share"
17:59:59 <notting> nirik: this feature doesn't do anything. i'm fairly sure it's "whatever dns-sd has always done, regardless of this"
18:00:10 <notting> similar to if two netbios servers advertise the same name, etc.
18:00:15 <Kevin_Kofler> wwoods: And then you get confused about which is which.
18:00:25 <dwmw2> jds2001: what's next?
18:00:40 <jds2001> #agreed this feature is deferred until next week, when a more thourough reading of the spec can be accomplished.
18:00:48 <wwoods> Kevin_Kofler: this is already the case, because everyone's systems all say "localhost music share"
18:00:51 <jds2001> dwmw2: i'd like to get to cacert
18:01:00 <dwmw2> jds2001: ok
18:01:01 * nirik nods. ok. Not sure how they can deal with that... but looking and saying 'this is already available, choose another name' might be good.
18:01:09 <jds2001> even though i made a mistake and didnt throw it on the agenda.
18:01:12 <dwmw2> :)
18:01:17 <dwmw2> the cacert thing is relatively simple
18:01:23 <Kevin_Kofler> wwoods: Looks like we need to force getting the hostname from DHCP then.
18:01:24 <jds2001> #topic cacert inclusion in ca-bundle.crt
18:01:24 <dwmw2> we can't ship it enabled by default. not sensibly
18:01:32 <dwmw2> not while cacert themselves are saying "don't"
18:01:33 <Kevin_Kofler> And if they don't assign one, generate one based on the IP.
18:01:35 <jds2001> dwmw2: +1
18:01:40 <dwmw2> but we _should_ be able to do what ubuntu users can
18:01:44 <dwmw2> with update-ca-certificates
18:01:52 <dwmw2> except that ours should actually work
18:01:55 <notting> Kevin_Kofler: you're lolz. anyway, moving on.
18:02:22 <dwmw2> and then we can have a cacert-ca package which is _optionally_ installed and would dtrt.
18:02:25 <dwmw2> job done.
18:02:25 <Kevin_Kofler> notting: Defaulting to "localhost" is just dumb. ;-)
18:02:35 <jds2001> Kevin_Kofler: we've moved on
18:02:42 <nirik> ok, so what action can we take here then?
18:02:45 <nirik> dwmw2: make it so! :)
18:02:46 <tibbs> If only we could actually redistribute the cacert certificates...
18:02:54 <dwmw2> what needs doing?
18:02:59 <Kevin_Kofler> Well, I think we should really ship the CAcert certs, but licensing makes it moot anyway.
18:03:06 <dwmw2> https://bugzilla.redhat.com/show_bug.cgi?id=466626
18:03:07 <buggbot> Bug 466626: medium, medium, ---, jorton, ASSIGNED, Need a simple tool to configure CA certs
18:03:09 * dgilmore thinks having an easy way to add cacerts root cert is good and should be done. we should not include it ourselves
18:03:09 <skvidal> nirik, notting, wwoods: section 3.7 is about name conflict resolution: http://files.dns-sd.org/draft-cheshire-dnsext-nbp.txt
18:03:11 <Kevin_Kofler> So why are we discussing this in the first place?
18:03:13 <jds2001> well, we cant do it as default.
18:03:22 <jds2001> it makes ssl utterly useless if we do.
18:03:36 <jds2001> as joe made very clear.
18:03:38 <Kevin_Kofler> Because you don't have to pay $$$ for your certs? Come on...
18:03:46 <Kevin_Kofler> That SSL cert cartel is a real problem.
18:03:54 <notting> what's the ticket number here?
18:03:57 <jds2001> Kevin_Kofler: would you trust me to say that you are who you say you are?
18:04:00 <dwmw2> Kevin_Kofler: what's the licensing problem
18:04:01 <Kevin_Kofler> But unfortunately, CAcert don't make it easy to provide an alternative with their strange licensing.
18:04:04 <dwmw2> notting: 276 iirc?
18:04:12 <jds2001> .fesco 276
18:04:13 <zodbot> jds2001: #276 (Missing inclusion of CAcert CA certificates into Fedora's ca-bundle.crt) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/276
18:04:13 <jds2001> sorry
18:04:33 <nirik> ok, so -1 to including it from me.
18:04:38 <nirik> (thats what we are voting on, right)
18:04:40 <dwmw2> definitely -1 to including it
18:04:42 <jds2001> -1 here
18:04:43 <sharkcz> -1
18:04:55 <dgilmore> -1 to including cacert
18:05:19 <Kevin_Kofler> Licensing was discussed in https://bugzilla.redhat.com/show_bug.cgi?id=474549
18:05:20 * dgilmore adds he is a cacert assurer and user
18:05:20 <buggbot> Bug 474549: medium, medium, ---, nobody, NEW, Review Request: ca-cacert.org - CAcert.org CA root certificates
18:05:27 <notting> yeah, -1 to including cacert
18:05:31 <skvidal> -1
18:05:32 <dwmw2> proposal: FESCo would like to see bug #466626 fixed, and the new facility proposed as a feature for F13
18:05:32 <jds2001> #agreed CACert root cert will not be included in fedora
18:05:33 <buggbot> Bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=466626 medium, medium, ---, jorton, ASSIGNED, Need a simple tool to configure CA certs
18:05:43 <jds2001> dwmw2: +1
18:05:49 <dwmw2> +1, obviously
18:05:54 <Kevin_Kofler> https://bugzilla.redhat.com/show_bug.cgi?id=474549#c4
18:05:55 <buggbot> Bug 474549: medium, medium, ---, nobody, NEW, Review Request: ca-cacert.org - CAcert.org CA root certificates
18:06:02 <nirik> dwmw2: sure, but that has no enforcement, unless we assign one of us to do the work, right?
18:06:04 <Kevin_Kofler> We aren't allowed to redistribute CAcert.
18:06:24 <Kevin_Kofler> For the record, I'm -1 to redistributing CAcert now, but would be +1 if they fix their license!
18:06:35 <Kevin_Kofler> I think it's a big mistake to lock users into the commercial SSL cartels.
18:06:44 <nirik> +1 to someone working on 466626. I hope it's a nice f13 feature!
18:06:44 <jds2001> i would be -1 in any event. they say they're not ready.
18:06:46 <dgilmore> +1
18:07:00 <jds2001> the user needs to make a choice here.
18:07:15 <dgilmore> to having a tool to configure ca certs
18:07:19 <dwmw2> CAcert say we aren't allowed to distribute it because they aren't ready :)
18:07:24 <Kevin_Kofler> And +1 to dwmw2, we need an easy way to configure those certs.
18:07:30 <dwmw2> I can make it work for openssl.
18:07:31 <notting> i am... trying to figure what saying +1 to bug 466626 means if no one is *actually* working on it.
18:07:36 <dwmw2> would end up asking for some help on the nss side
18:07:43 <dgilmore> dwmw2: nss is clunky
18:07:49 <dwmw2> dgilmore: very :)
18:07:57 <dwmw2> notting: it's an encouragement :)
18:08:06 <jds2001> notting: i think it's the whole maintainer attitude thing from earlier
18:08:11 <dwmw2> we can go put it on F13tracker :)
18:08:15 <jds2001> :)
18:08:31 <nirik> notting: nothing at all really.
18:08:50 <jds2001> notting: we dont have any guns, but we can ask nice :D
18:08:58 * notting is -1 to the proposal, then. i don't see this as something of enough importance to override the maintainers
18:09:07 <nirik> aren't we using a standard /etc/pki/ area now for all of openssl/gnutls/nss?
18:09:17 <dwmw2> nirik: I don't think nss copes with that
18:09:24 <nirik> sad
18:09:33 <tibbs> Even if it did, there's still a monolithic bundle of certs in thhere.
18:10:00 <dwmw2> notting: override?
18:10:16 <notting> dwmw2: as in stating 'you should go do this'
18:10:33 <jds2001> it's more of a polite request than a requirement :D
18:10:33 <dwmw2> it's not as if the maintainers have said we _shouldn't_ do it.
18:10:46 <dwmw2> and it's more a constructive response to the 'include cacert' request.
18:10:57 <dwmw2> "No, but how about you help do this, and then it'll work out for you"
18:12:10 <jds2001> #agreed it would be nice for someone to work on bug 466626
18:12:11 * nirik doesn't think it matters... the thing we were voting on what including cacert.
18:12:11 <buggbot> Bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=466626 medium, medium, ---, jorton, ASSIGNED, Need a simple tool to configure CA certs
18:12:16 <dwmw2> and isn't FESCo _supposed_ to give guidance to maintainers?
18:12:37 <jds2001> alrighty
18:12:50 <nirik> dwmw2: sure, feel free to tell them 'we think it would be nice if we had this'
18:12:54 <jds2001> #topic User account dialog
18:12:58 <jds2001> .fesco 279
18:12:59 <zodbot> jds2001: #279 (User Account Dialog - https://fedoraproject.org/wiki/Features/UserAccountDialog) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/279
18:13:08 <dwmw2> I'll put it on F13tracker :)
18:13:17 <dwmw2> not tracker, what's it called?
18:13:25 <jds2001> target
18:13:29 <dwmw2> thank you
18:13:42 <jds2001> this seems to be the natural conclusion of having different types of user accounts.
18:14:00 <jds2001> oops
18:14:08 <jds2001> wrong thing :)
18:14:36 <jds2001> or maybe not
18:14:38 <nirik> ok, several things on this one: lack of gdmsetup is a big issue to a lot of our users. They would welcome something with that functionality back.
18:14:56 <jds2001> PolicyKit: We want the dialog to be able to assign privileges/roles to users, for which we will rely on PolicyKit. PolicyKit 1.0 in F12 already provides the necessary framework for group-based policies (see the polkit-desktop-policy package), but minor adjustments might be necessary.
18:15:17 <nirik> does this remove system-config-users? it seems not, just replaces some of it's functionality
18:15:49 <notting> i would suspect it would replace s-c-users on the desktop spin. whether s-c-users goes away entirely is probably up to its maintainer
18:15:53 <nirik> which is fine, as other DE's/etc might still wish to use system-config-users.
18:15:56 <nirik> right.
18:16:24 <dgilmore> this must have a plan for XFCE, KDE, as well.  even if that plan is just making sure that there are .desktop files to launch things.  sinces its looking to replace core parts
18:16:29 * nirik isn't sure how much gdmsetup functionality it will have... better than the none now tho.
18:16:32 <Kevin_Kofler> IMHO they need to decide whether this ought to be a Fedora GNOME feature or a general Fedora feature.
18:16:39 <dgilmore> system-config-users was teh tool for creating users for all DE's
18:16:40 <notting> dgilmore: the hell?
18:16:45 <Kevin_Kofler> If it's the latter, integrating GDM support unconditionally is a mess.
18:16:51 <notting> dgilmore: see above
18:17:10 <Kevin_Kofler> If it's the former, replacing generic system-config tools with it is not a good idea.
18:17:21 <dgilmore> notting: fair enough.
18:17:32 <dgilmore> the feature reads as replacing and making it go away
18:17:49 <Kevin_Kofler> dgilmore: We have kuser in kdeadmin.
18:18:03 <nirik> Kevin_Kofler: doesn't the kde spin use kdm?
18:18:09 <nirik> or does it use gdm still?
18:18:15 <Kevin_Kofler> It uses KDM, that's the point.
18:18:25 <Kevin_Kofler> So having the same tool configure GDM and tons of other things is a bad idea.
18:18:35 <jds2001> halfline: you around?
18:19:04 <nirik> Kevin_Kofler: but you wouldn't ship this thing would you?
18:19:12 <notting> given the mockups, i suspect the gdm bits can just not do anything if there's no gdm
18:19:20 <Kevin_Kofler> nirik: I guess not...
18:19:32 <Kevin_Kofler> Which means it should be clearly advertised as a GNOME-specific feature.
18:19:34 * notting is +1. i'm concerned about the amount of dependencies and the schedule
18:19:36 <dgilmore> Kevin_Kofler: having it support plugins for kdm/gdm etx is a good thing though
18:19:45 <halfline> jds2001: i'm here
18:19:50 <nirik> Kevin_Kofler: yeah.
18:19:57 <jds2001> halfline: does this replace s-c-users?
18:19:59 * nirik is also +1.
18:20:02 <jds2001> or just supplement it?
18:20:12 <Kevin_Kofler> And which also means we can't blindly just throw out generic system-config tools for it (but we do have a KDE solution for user setup, it's called kuser and it's in kdeadmin).
18:20:41 <halfline> jds2001: would replace s-c-users in the desktop spin
18:20:48 <Kevin_Kofler> For PolicyKit, we'll probably get something in PolicyKit-KDE too, though it's not started so far.
18:21:12 <nirik> halfline: right, but s-c-users would still be there if someone wanted it?
18:21:22 <halfline> actually, not even sure we have s-c-users in the desktop spin right now...
18:21:24 <nirik> s/there/in the repos to install/
18:22:02 <notting> halfline: i think we kept -users, dropped -rootpassword (because, well, you have -users)
18:22:13 <halfline> nirik: right
18:22:25 <halfline> different people involved in each app
18:22:51 <nirik> halfline: just as a datapoint, I think we get about 1 user every day or two in #fedora that wants gdmsetup... it's pretty in demand...
18:23:04 <halfline> yea we get a lot of stirr upstream too
18:23:11 <Kevin_Kofler> I'm OK with this feature in principle, but I think it should be advertised as a GNOME feature as that's what it is.
18:23:14 <notting> nirik: but the old gdmsetup was... gah.
18:23:24 <halfline> gnome bug 587750
18:23:24 <buggbot> Bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=587750 was not found.
18:23:27 <halfline> was updated today in fact
18:23:40 <Kevin_Kofler> It's likely not to get installed on the KDE spin.
18:23:49 <jds2001> +1
18:23:52 <nirik> Kevin_Kofler: so, just change it to "User Account Dialog for Gnome" or "User Account Dialog for Desktop" would make you happy?
18:24:12 <otaylor> of course, this dialog would apply to a lot of spins other than the Desktop spin
18:24:12 <abadger1999> Kevin_Kofler: Does the firstboot-user replacement part affect KDE?  Or is that a firstboot plugin?
18:24:15 <Kevin_Kofler> The first one yes, the second one doesn't make the description any less generic.
18:24:22 <Kevin_Kofler> (replying to nirik)
18:24:25 <dgilmore> "Gnome User Account Dialog"
18:24:37 <nirik> otaylor: yeah, it could.
18:24:38 <Kevin_Kofler> abadger1999: I don't know.
18:24:43 <Kevin_Kofler> That's also an important part.
18:24:50 <Kevin_Kofler> If firstboot is going to require this, it's going to be a problem.
18:24:53 <nirik> otaylor: might make sense for Xfce for example... if we are still using gdm
18:24:53 <dgilmore> abadger1999: we likely need to see it
18:25:04 <abadger1999> halfline: Do you know? (firstboot portion... plugin replacing a different plugin?)
18:25:14 * notting thinks that part is not written yet
18:25:49 * dgilmore thinks this could be very cool if it was done so that there can be multiple backends/frontends
18:25:56 <dgilmore> so if could do gdm and kdm
18:26:07 <halfline> abadger1999: i don't know. my guess is we wouldn't ship the part of firstboot that asks for a username, and then we'd run this early in gdm
18:26:21 <halfline> or maybe we'd do it as a different firstboot module. not sure yet
18:26:28 <Kevin_Kofler> What I'd like to avoid is firstboot (which is required by anaconda which is required by liveinst, thus can't be removed) dragging in this tool through dependencies and so we being forced to ship this on the KDE spin despite it trying to configure GDM when we're shipping KDM.
18:26:50 <Kevin_Kofler> It might even end up dragging in GDM too, through dependencies, and the new GDM drags in a lot of GNOME stuff.
18:26:52 <dgilmore> Kevin_Kofler: but if it could do KDM also
18:26:57 <Kevin_Kofler> Dependency bloat is a major concern there.
18:27:12 <halfline> Kevin_Kofler: i wouldn't worry about that. i'm sure that can be avoided
18:27:24 <dgilmore> have it require login-manager and have gdma nd kdm provide login-manager
18:27:28 <nirik> dgilmore: how about slim and lxdm? there are more. ;)
18:27:32 <notting> reading it, it's a gtk app talking to a dbus backend. given that gdm's configured in flat files, not sure why it would require a login manager at all
18:27:35 <dgilmore> have kdm provide a plugin that allows it to be configured
18:27:52 <dgilmore> nirik: right it should be able to work for them all
18:28:04 <Kevin_Kofler> Well, KDM can already be configured, that's what the System Settings Module is for.
18:28:09 <notting> but sure, bonus points if it's routed through  ccsm or something :)
18:28:17 <Kevin_Kofler> It's GDM which is missing a config tool entirely.
18:28:21 <nirik> dgilmore: if the maintainers on those packages are willing to add plugins or whatever, sure.
18:28:38 * nirik notes he already voted. Goes to get more coffee.
18:28:57 <dgilmore> nirik: right.  but if its designed to be that flexiable  the implementation can follow or not
18:28:58 <jds2001> tally is 3 +1 at this point
18:29:07 <sharkcz> +1 also from me
18:29:22 <jds2001> me, nirik, and notting
18:29:31 <jds2001> alright - one more... :)
18:30:06 <jds2001> dgilmore, Kevin_Kofler, j-rod?
18:30:11 * skvidal 0's
18:30:33 <skvidal> mainly b/c of all the questions about it - but <shrug>
18:30:45 <dgilmore> jds2001: id like to know that its going to be designed in a flexible manner.  the general idea im ok with.
18:31:10 <dgilmore> but i want to make sure others can build on it. or provide different frontends etc
18:31:18 <dgilmore> im 0 for now
18:31:30 <jds2001> i think we're at a deadlock here then.
18:31:45 <skvidal> where did dwmw2 go?
18:32:32 <jds2001> let's defer until halfline can provide more info about the extensibiltiy of it.
18:32:35 <Kevin_Kofler> I'm -1 for now, I think they clearly need to decide whether to target GNOME only or Fedora in general.
18:32:46 <Kevin_Kofler> Design decisions appear to be inconsistent there.
18:32:56 <jds2001> alright, we're deferring this :)
18:33:19 <Kevin_Kofler> On one hand, trying to replace parts of firstboot and system-config tools, on the other hand, integrating with things like GDM.
18:33:34 <jds2001> #agreed User account dialog is deferred for further information as to the flexibility and extensibility to other DE's
18:33:34 * dwmw2 lost
18:33:49 * notting pokes j-rod
18:34:24 <jds2001> #topic sponsorship via co-maintainership
18:34:29 <jds2001> .fesco 275
18:34:31 * j-rod wakes up, apologies profusely
18:34:31 <zodbot> jds2001: #275 (Propose a soft-path via co-maintainer status to becoming sponsored) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/275
18:34:40 <jds2001> j-rod: heh
18:35:07 <jds2001> im not sure that we need to codify anything here
18:35:20 <halfline> i don't think there is going to be any interest in making the user account dialog be pluggable
18:35:20 <nirik> abadger1999: how feasable is this?
18:35:21 <jds2001> it's up to the sponsor whether or not to sponsor someone
18:35:26 <nirik> it would require pkgdb changes.
18:35:41 <nirik> and fas.
18:35:45 <jds2001> nirik: the proposal as written, yeah
18:36:10 <Kevin_Kofler> The current situation is pretty bad though.
18:36:14 <jds2001> wll the fas change would be to create a new group
18:36:16 * nirik notes we have always had a path to sponsor people on other than new package submissions.
18:36:39 <jds2001> and a config change to give that group fedorabugs as well.
18:36:41 <Kevin_Kofler> People either have to submit a dummy package to get sponsored, or convince a sponsor to just sponsor them without following any codified policy.
18:36:53 <notting> nirik: is that *documented*?
18:37:09 * abadger1999 notes he's been somewhat acting on this already.
18:37:32 <abadger1999> Since we split provenpackagers and packagers with packagers only being able to touch the packages they own.
18:37:59 <jds2001> yeah, that was a big step forward in this.
18:38:11 <Kevin_Kofler> The big issue here is that how this should be handled is not documented.
18:38:14 <nirik> notting: https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
18:38:19 <Kevin_Kofler> Sponsors have been handling these as exceptional cases.
18:38:25 <nirik> notting: but not very explicit
18:39:05 <Kevin_Kofler> This clearly tells you to submit packages.
18:39:13 <nirik> another option here is that we could just explictly add 'sponsors are allowed to sponsor people when they feel they understand the guidelines and will do good work'
18:39:23 <abadger1999> So.. as just a policy statement and no code changes this seems feasible to me right now.
18:39:34 <nirik> Kevin_Kofler: it says "The best ways for you..." not "The only way..."
18:39:55 <Kevin_Kofler> nirik: Well, that sentence also needs something like "Independently of this usual process, sponsors are allowed to ...".
18:40:03 <nirik> abadger1999: but we need code changes to implement it, right?
18:40:25 <jds2001> no, we just click the sponsor button like today
18:40:41 <jds2001> all they can touch is what they have acl's to anyhow
18:41:01 <abadger1999> nirik: Maybe.... Thinking about how this would work.
18:41:15 <abadger1999> So right now sponsors an act on the proposed policy fine.
18:41:18 <dgilmore> I know of cases where people have been sponsored by co-workers without having gone though the new review process
18:41:19 <nirik> jds2001: well, there is no indication to another maintainer that they were sponsored for just one package.
18:41:22 <abadger1999> mere package owners can't.
18:41:51 <abadger1999> Adding mere package owners means making them sponsors of some group that can commit to packages.
18:41:55 <nirik> right, a package maintainer that wanted to add a new non sponsored person would need to get a sponsor to sign off on it.
18:42:39 <nirik> so we can't just implement this as written now, it needs code.
18:42:44 <abadger1999> So we'd need three groups in fas instead of two (four, and three if you count cvsadmin).
18:42:53 <abadger1999> That's just another group though.
18:43:30 <abadger1999> We need the acls to allow the new group at the fs level and also in the cvs acl file.
18:43:32 * dwmw2 has to disappear
18:43:43 * jds2001 has to soon too
18:43:48 <jds2001> $DAYJOB calls.
18:43:54 <nirik> is adding another group and making code changes worthwhile here?
18:44:03 <abadger1999> The cvs acl file should be a config change in pkgdb but these things aren't changed often so assumptions can creep in.
18:44:08 * skvidal just wants to get lunch :(
18:44:10 <nirik> or should we just codify that we allow sponsors to sponsor based on other than package reviews?
18:44:15 <notting> wait. i thought this 'worked', (documentation aside), as long as you had a sponsor do it?
18:44:19 <abadger1999> I'm going to guess minimal code changes.
18:44:31 <abadger1999> but lots of testing :-)
18:44:44 <nirik> notting: no.
18:44:58 <nirik> "Also means that when a person of this type asks for access to a package then the package owner should clearly see that the person is not yet fully sponsored and only registered as co-maintainer of packages X."
18:45:22 <jds2001> notting: you can submit new packages without review of a sponsor if you get in via comaintainership right now for instance.
18:46:07 <jds2001> which is why the best way remains to submit a pakcage and show understanding of the guidelines.
18:46:11 <nirik> so there are parts of this as written that require changes.
18:46:44 <nirik> if we are running out of time we could defer? we might want to note this on devel list for maintainer imput too...
18:46:50 <abadger1999> I think this is worthwhile but would like to have the design laid out more before we implement it.
18:47:16 <abadger1999> I think this is pretty doable but I'm not 100% sure.
18:47:35 <abadger1999> Also, jds2001 is going to help me with this since he's not going to be on fesco next term.  Right?
18:47:38 <abadger1999> :-)
18:47:40 * nirik isnt sure the overhead is worth it, might be better to just codify that sponsors can just sponsor people who they feel understand the guidelines in other ways than package submission.
18:47:53 <jds2001> abadger1999: of course :D
18:48:03 <jds2001> abadger1999: we can work on it on FUDBus even :)
18:48:12 <abadger1999> jds2001: Sounds like a plan.
18:49:07 <jds2001> well how's this, let's defer til after fudcon and we can see what effort is required in pkgdb
18:49:11 <jds2001> it sounds pretty easy.
18:49:20 <abadger1999> jds2001: +1
18:50:07 * nirik nods. Sure, if we want to implement this... might be best to get a for sure vote yes before you start coding tho.
18:50:08 <dgilmore> jds2001: sounds good
18:50:27 <jds2001> nirik: true
18:50:32 <jds2001> in that case, +1 :)
18:50:34 <Kevin_Kofler> jds2001: +1
18:50:57 <Kevin_Kofler> (to deferring)
18:50:59 <jds2001> but if it winds up being not feasiable for some reason......
18:51:26 <jds2001> Kevin_Kofler: im gonna start coding pretty quick here, within the next 2 weeks
18:51:57 <jds2001> is it worthwhile is teh quesiton
18:52:03 <jds2001> or a waste of effort?
18:52:40 * nirik is 0 right now, not sure how many people are left around to vote
18:52:47 <jds2001> hello? bueller?
18:52:50 <jds2001> :)
18:52:59 * sharkcz is still here
18:53:03 <jds2001> well, we'll figure out how much effort at any rate
18:53:03 <skvidal> +1
18:53:08 * notting scrolls back to find the specific proposal
18:53:25 <Kevin_Kofler> https://fedorahosted.org/fesco/ticket/275
18:53:30 <jds2001> notting: to code pkgdb to teach it about the new group to implement the proposal as written.
18:53:43 <sharkcz> +1
18:54:18 <Kevin_Kofler> In short, the proposal is to allow any package owner to add unsponsored people as comaintainers, but those people couldn't get new packages in without getting through the regular sponsorship process.
18:54:39 <notting> +1
18:54:43 <jds2001> #agreed the propsoal in ticket 275 is accepted as written, however, it requires pkgdb code changes which will be accomplished at fudcon.
18:54:59 <tibbs> For what it's worth, I'm not sure that's a terribly good idea but I suspect it's better than the status quo.
18:55:00 <Kevin_Kofler> +1 to the proposal as well, for the record.
18:55:07 <jds2001> #topic upcoming meetings
18:55:10 <nirik> this will be nice for upstreams where they are interested in helping maintain their package in fedora.
18:55:21 <jds2001> so next friday is the day after thankgiving
18:55:26 <jds2001> and the next one is fudcon
18:55:49 * nirik should be around both of the next fridays... but I know many of the rest of you may not.
18:56:00 <Kevin_Kofler> I should be around on both too.
18:56:01 <jds2001> so do we hold our fudcon meeting for whatever's on the docket (not sure we'll be quorate there now)
18:56:10 <Kevin_Kofler> Thanksgiving is not a special day here and I won't be at FUDCon.
18:56:48 <jds2001> well i'm not going anywhere for thanksgiving, so i'll be around
18:57:22 <jds2001> but i suspect that nirik, Kevin_Kofler, dwmw2_gone and I may be the only attendees :D
18:57:32 <skvidal> I will not be online on the day after thanksgiving
18:57:37 <skvidal> or if I am - something better be on fire
18:57:42 <sharkcz> I will be onlu next week
18:58:00 <nirik> how about we cancel them, and if something urgent comes up we can schedule a special session sometime.
18:58:05 <jds2001> sounds good.
18:58:16 <Kevin_Kofler> Well, we'd have quorum next week, it seems.
18:58:25 <sharkcz> s/onlu/online/
18:58:26 <jds2001> #agreed next two FESCo meetings are cancelled, unless something urgent comes up
18:58:30 <jds2001> Kevin_Kofler: nah
18:58:34 <jds2001> we'd have 4
18:58:34 <Kevin_Kofler> Unless dwmw2 would not be there.
18:58:39 <Kevin_Kofler> sharkcz too.
18:58:39 * notting is roughly in the same boat as skvidal. while i *could* be online, i would really really really really prefer not to
18:58:41 <Kevin_Kofler> Makes 5.
18:58:48 <dgilmore> skvidal: same.
18:58:57 <jds2001> same here
18:59:02 * dgilmore has to f9nish renovating his office by saturday
18:59:04 <jds2001> get black friday deals :D
18:59:20 <dgilmore> since its a 1st birthday party on sunday and wife dictates that office must be done
18:59:34 <jds2001> macy is 1 already?
18:59:37 <jds2001> time flies.
18:59:48 <Kevin_Kofler> But of course I'm OK with canceling the meeting.
18:59:48 <dgilmore> jds2001: she will be one in 10 days
19:00:13 <jds2001> anyhow, that's all I had.
19:00:17 <Kevin_Kofler> So the next meeting will be Nov 11?
19:00:25 <Kevin_Kofler> Uh, make that Dec 11.
19:00:36 <dgilmore> Kevin_Kofler: yes
19:00:45 <dgilmore> though we should try have something at fudcon
19:00:55 <dgilmore> at leasta  fesco session
19:01:01 <jds2001> #yeah
19:01:05 <Southern_Gentlem> meet the fesco
19:01:17 <jds2001> anyhow.....
19:01:22 <jds2001> are we done here?
19:01:34 <jds2001> im starving and have $DAYJOB matters to attend to :)
19:01:40 <skvidal> yez
19:01:43 <skvidal> +3
19:01:43 <nirik> jds2001: I had a thing for open floor, but if we are out of time then we are.
19:01:54 <jds2001> yeah, can it wait?
19:01:55 <Kevin_Kofler> I'm unhappy with FUDCon-based meetings, it's geographic discrimination.
19:02:03 <cjb> gosh, nearly a month away
19:02:05 <nirik> jds2001: probibly.
19:02:12 * cjb has a feature proposal ready for wrangling, but I guess there's no hurry.
19:02:25 <jds2001> cjb: yeah
19:02:27 <nirik> just to throw it out, from EvilBob (who had to leave): "Should upstream be the package owner, or should someone else be the owner and upstream be a co-maintainer? Making someone else responsible for checking for changes more or less."
19:02:53 <nirik> ie, should we look at adding non upstream co-maintainers to critical packages so they can help note changes for fedora, etc.
19:03:00 <nirik> but we can discuss that next time.
19:03:05 <jds2001> alright :)
19:03:16 <jds2001> #endmeeting