19:30:01 <nirik> #startmeeting FESCO (2010-10-05)
19:30:01 <zodbot> Meeting started Tue Oct 5 19:30:01 2010 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:30:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:30:01 <nirik> #meetingname fesco
19:30:01 <zodbot> The meeting name has been set to 'fesco'
19:30:01 <nirik> #chair mclasen notting nirik SMParrish kylem ajax pjones cwickert mjg59
19:30:01 <nirik> #topic init process
19:30:01 <zodbot> Current chairs: SMParrish ajax cwickert kylem mclasen mjg59 nirik notting pjones
19:30:06 * notting is here
19:30:36 * ajax waves
19:30:48 <nirik> #info mclasen will not be able to attend today due to a backhoe incident.
19:30:56 * pjones throws a trout at ajax
19:30:59 <nirik> #info cwicket will also be unable to attend.
19:31:12 <gholms> A backhoe incident? Ouch.
19:31:13 <nirik> #info kylem is also unable to attend.
19:31:21 <nirik> gholms: took out his home internet it seems.
19:31:30 <gholms> Ok, that's not *so* bad.
19:31:52 <notting> and kylem will not be here
19:32:19 <nirik> SMParrish: / mjg59: you guys here?
19:33:15 <mjg59> Afternoon
19:33:27 <nirik> Hello. :) Thats 5.
19:33:45 <nirik> Shall we start with meeting time?
19:33:54 <nirik> #topic #473 new meeting time (redux)
19:33:54 <nirik> https://fedorahosted.org/fesco/ticket/473
19:34:09 <nirik> has everyone updated their http://whenisgood.net/ee8prq/results/z5binx entry?
19:34:15 <ajax> i have
19:34:25 * nirik 's didn't really change any
19:35:04 <nirik> so, currently we have 0 times everyone can attend. ;)
19:35:18 <pjones> yeah :/
19:35:22 <nirik> a few times with 1 person left out, but everyone else...
19:35:31 <pjones> and excluding one person doesn't really help that much
19:36:11 <nirik> I guess we need to confirm that everyone updated before we do anything else?
19:36:24 <notting> although one of the times where mclasen is the only holdout his update info says will become available in a couple of weeks
19:37:01 <nirik> oh?
19:37:12 <mjg59> Wait. I'm suddenly worried by the timezones here.
19:37:15 <nirik> wed 1-2?
19:37:17 <pjones> So can we move to that time and then hope that he can make do responding to trac until then? sounds not that great.
19:37:27 <nirik> mjg59: yeah, the site is confusing.
19:37:28 <pjones> mjg59: yeah, the site's representation of timezones is weird.
19:37:30 <notting> nirik: 2-3 your time. unless i'm forgetting what your time is
19:37:31 <nirik> I think it's in my local time.
19:37:39 <pjones> nirik: right.
19:37:41 <pjones> it's in mountain
19:37:49 <nirik> yeah.
19:38:04 <notting> nirik: he says 5-6PM e(d|s)t will become available for him in mid-ocyt
19:38:06 <pjones> but on the individual pages you can set it to a different local time.
19:38:10 <gholms> whenisgood allows you to set time zones.
19:38:54 <mjg59> notting: I don't think that actually helps
19:38:55 <nirik> I see 1-2my time on wed being just him unable to attend... so one hour of that would work. (Althought thats sure late for you guys)
19:38:56 <pjones> notting: uh, pretty sure I didn't have 5-6pm EST5EDT selected as okay
19:39:16 <pjones> (given that the meeting often takes two hours, I didn't select anything after 3)
19:39:22 <notting> pjones: i may have been confusing the displayed TZ as PDT
19:40:18 <nirik> so, everyone here has updated? and I am pretty sure mclasen has and I know kylem has.
19:40:30 <nirik> that leaves cwickert and SMParrish as unknowns?
19:40:49 <notting> SMParrish did
19:40:55 <notting> (mouse over their names)
19:41:09 <nirik> ah yes.
19:42:32 <nirik> so, make sure cwickert updated and then go from there? and/or ask everyone else to doublecheck that they can't be available more times?
19:43:04 <mjg59> nirik: I've left the entire working day other than lunchtime
19:43:23 <mjg59> So I think I'm relatively unable to add more at this point :)
19:43:38 <nirik> tue 11-12 has either cwickert or kylem unavailable... if we do that block they could both attend, just not for the entire time. ;)
19:44:27 <nirik> mjg59: yeah, mostly me too.
19:44:42 <notting> and, of course, we'll have elections in about a months time
19:44:46 <nirik> so, how much time is left in this term.
19:44:47 <nirik> yeah.
19:45:28 <nirik> so, let me make sure cwickert updated, and then see if we can get any times then? revisit next week?
19:45:42 <mjg59> Ok
19:45:59 <nirik> any objections?
19:46:08 <ajax> nope
19:46:09 <nirik> #action make sure cwickert is updated, revisit next week.
19:46:22 <nirik> #info reminder: you can vote in tickets if unable to attend the meeting.
19:46:46 <nirik> ok, moving on.
19:46:48 <nirik> #topic Updates policy / Vision implementation status
19:46:48 <nirik> .fesco 351
19:46:48 <nirik> .fesco 382
19:46:49 <zodbot> nirik: #351 (Create a policy for updates) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/351
19:46:53 <zodbot> nirik: #382 (Implementing Stable Release Vision) - FESCo - Trac - https://fedorahosted.org/fesco/ticket/382
19:46:59 <nirik> Our fun updates tickets. :)
19:47:09 <nirik> So, I have several things here:
19:48:11 <nirik> There was a suggestion made to add/clarify https://fedoraproject.org/wiki/Updates_Policy about stable release N and stable release N+1
19:48:29 <nirik> currently it's just "stable releases"
19:48:46 <nirik> do we want to specifically say N+1 should be treated any differently than N ?
19:49:22 <nirik> Thoughts?
19:49:28 <ajax> i do, but the impression i got from the list was... disappointing
19:49:56 <nirik> what would we do differently?
19:50:28 <nirik> The suggestion I got was to say that N+1 should get 'less' updates... but didn't say how.
19:50:33 <ajax> right.
19:51:04 <ajax> what i was hearing was "that doesn't make any sense", which is just bizarre to me
19:51:07 <gholms> Should it?
19:51:23 <ajax> since all my experience says that eventually you stop being able to fix things in place without massive upheaval
19:51:42 <ajax> so the amount that you _can_ fix in older releases naturally falls off
19:51:50 * nirik nods.
19:52:09 <ajax> but apparently that's just, like, my opinion, man.
19:52:12 <pjones> yeah, that's pretty much how I see it as well
19:52:16 <nirik> not just yours... ;)
19:52:48 <nirik> so, is there any way to codify this into the policy aside from the "The update rate for any given release should drop off over time, approaching zero near release end-of-life." sentence?
19:53:17 <pjones> I hope so; I don't imagine a statement like that will have any credence.
19:54:03 <ajax> yeah, i just can't think of a better way to word it
19:55:12 <nirik> updates to N+1 releases should only fix serious bugs or security issues. updates to N releases could additionally fix more minor bugs if all the other criteria are met?
19:55:20 <notting> ... surely you mean n-1
19:55:27 <nirik> right, sorry.
19:55:30 * nirik fails math
19:55:48 <pjones> notting: somehow I was assuming that the whole time without saying anything. Yeah, obviously n-1
19:56:12 <nirik> anyhow, not sure we can/will decide this today. I guess I will ask for more input from the people who asked for this and try and get a concrete wording.
19:57:04 <nirik> #info ideas wanted to improve stable N-1 wording/distinction.
19:57:31 <nirik> So, the next thing I had: we have an updates policy. Yea! What do we want to do about enforcing/educating maintainers about it?
19:58:07 <gholms> Another round of package reviews! :P
19:58:12 * gholms runs
19:58:17 <nirik> riiiight.
19:58:46 <nirik> I was thinking a first easy step would be to ask proventesters to look out for things that don't fit the stable release policy and bring them to our attention.
19:59:02 <nirik> some things it's hard to tell though.
19:59:38 <nirik> some examples: dracut was updated in f12/13 with a bunch of patches. Were those all bugfixes?
19:59:59 <pjones> if it's hard to tell, that means either a) we need to think about how to make a generic exemplar of that case, or b) the packager needs to be telling us more about the update
20:00:07 <nirik> NetworkManager rebases to a git snapshot in all of f12/f13/f14/rawhide at the same time.
20:00:19 <pjones> And I think both of those are "b" there.
20:00:59 <nirik> right, so more education...
20:01:12 <mjg59> Ideally we'd have some means of identifying this
20:01:14 <pjones> (obviously, there could be more classes of things; feel free to bring them up if they're of consequence)
20:01:28 <mjg59> But insisting that all changelog elements be flagged with a bug just encourages people not to mention things in changelogs
20:01:46 <nirik> yeah.
20:02:05 <pjones> mjg59: If your changelog looks like this, it's "b" in my list:
20:02:07 <pjones> * Wed Sep 22 2010 Harald Hoyer <harald@redhat.com> 005-4 - backported a lot of bugfixes from git
20:02:31 <pjones> insisting that there's an actual changelog might be a start? ;)
20:02:51 <mjg59> pjones: Yeah, but how? Name and shame?
20:03:00 <pjones> this specific case is obviously bad regardless of the updates policy - how would a user know if they should update it?
20:03:01 <mjg59> It doesn't seem obvious how to do this in an automated way
20:03:10 <nirik> yeah, automating this is doomed.
20:03:10 <pjones> no, it's really not obvious how to automate it.
20:03:14 <hicham> would have been best to list the bugs at least
20:03:38 <mjg59> Well, we can certainly insist that the update request has something in the update description that isn't just a cut and paste of the changelog
20:04:20 <pjones> so it looks like we need to focus some on changelog quality as well as update request text quality
20:04:49 <notting> but for now, just... raise exceptions to fesco?
20:04:59 <mjg59> Guess so
20:05:13 <nirik> of course after something is found, what do we do?
20:05:40 <nirik> unpush it?
20:05:41 <mjg59> Ask people not to do it again?
20:05:57 <mjg59> I don't think there's a hard and fast rule
20:06:00 <pjones> educate them? (a clockwork orange style?)
20:06:02 <mjg59> In some cases unpushing may be worse
20:06:10 <mjg59> It's partially a social expectations change
20:06:26 <mjg59> We need people to be more aware of what they're doing
20:06:43 <nirik> ok, so any objections to me asking testers/qa to be on the lookout and let us know via a ticket for now?
20:07:03 <pjones> that seems like a good start.
20:07:05 <ajax> sure
20:07:08 <gholms> As a packager I would appreciate some documentation on *what* should go in changelogs. It varies enough between people that I don't know what would be best to do.
20:07:30 <nirik> Changelog in the package should be changes to the packaging.
20:07:35 <pjones> gholms: good point
20:07:41 <nirik> ie, updated to version 10 added patch for foo, etc
20:08:46 <gholms> http://fedoraproject.org/wiki/Packaging/Guidelines#Changelogs <-- only shows formatting rules, so some recommendations for their content might be nice.
20:08:53 <nirik> yeah.
20:09:11 <nirik> Note that the update could have more info about the update rather than just package changes.
20:09:54 <nirik> #agreed will asking testers/qa to be on the lookout for things not following the update_policy and notify us via a ticket for further discussion.
20:09:58 <nirik> ok, shall we move on?
20:10:11 <nirik> gholms: perhaps we should ask FPC to clarify contents there.
20:10:42 <gholms> I would certainly appreciate that. It's up to you folks what to do.
20:11:05 <pjones> I'm +1 to asking FPC to expand that section to be more instructive.
20:11:24 * nirik is +1 to them looking into it if they can.
20:12:19 <nirik> any other votes/comments on that?
20:12:24 <ajax> fine with me
20:12:28 <notting> wfm
20:12:47 <nirik> #agreed will see if FPC is willing/able to expand on the changelog guidelines.
20:13:20 <nirik> ok, on ticket #467 Make Feature Freeze happen sooner, I don't see any new info... should we skip it this week?
20:14:25 <ajax> sure
20:14:32 <nirik> I can ping on the ticket again.
20:14:40 <nirik> #topic #472 About Mozilla's decision to not allow using the system's libvpx
20:14:40 <nirik> https://fedorahosted.org/fesco/ticket/472
20:15:03 <ajax> i do love how people can only see code duplication when it's named /lib.*/
20:15:03 * pjones sighs.
20:15:08 <pjones> ajax: no shit
20:15:34 <pjones> I'm still +1 to letting this skate for now, though with a bit more nuance than what I said in the ticket.
20:15:53 * nirik is wanting more info I think...
20:15:59 <nirik> do we have any of the firefox maintainers here?
20:17:02 <pjones> I guess the real question is: what's the holdup on the libvpx side?
20:17:14 <pjones> --- [blizzard] idle 135:15:48, signon: Thu Sep 23 14:03:32
20:17:17 <pjones> well, that won't help.
20:17:45 <nirik> yeah, and can we not use the system version in fedora if they can temp have their patches against it? what else in the repo uses it?
20:18:01 <hicham> gstreamer
20:18:17 <nirik> and is this going to be fixed by f15? or go longer?
20:18:33 <mjg59> I think approaching this discussion in this manner isn't really helpful
20:18:46 <mjg59> The real question is "Does Mozilla matter to us more than the bundling policy"
20:19:08 <hicham> i think it does matter a lot, as stransky said
20:19:21 <mjg59> And that's what we should answer, rather than trying to argue that Mozilla kind of adheres to the bundling policy in spirit if not in reality if we take a sufficiently holistic view
20:19:39 <pjones> mjg59: I wasn't arguing that. At all.
20:19:46 <mjg59> I'm going to say that Mozilla matters to us more, and we should just leave it at that
20:19:52 <gholms> Enough so that your answer would be different if this happened to a less prominent package?
20:19:59 <hicham> if our libvpx matches mozilla's copy, I don't see where is the problem
20:20:15 <mjg59> gholms: Yes. I have no qualms at all about saying that Mozilla gets to follow different rules, just like the kernel does.
20:20:33 <notting> of note is that (afaik) all the bundled libs in mofoco sw are *modified* ones
20:20:37 <mjg59> In the same way that finding a licensing problem with glibc doesn't result in us dropping glibc
20:20:53 <notting> the ones where they aren't modified they have --enable-system-<foo> and we use that (hey, that's why we keep updating nss)
20:21:14 <Oxf13> also, those modifications might not be suitable for all other consumers of said bundled libraries
20:21:17 <mjg59> And given that our Mozilla maintainers have indicated that they have no interest in maintaining a fork, and nobody else has demonstrated that they'd be able to provide sufficient support for a fork, I really don't see the point in arguing the case
20:21:27 <Oxf13> so just taking those modifications and throwing at our system libraries isn't exactly the best course of action.
20:21:29 <mjg59> We ship Mozilla even though it has bundled libraries. End of story.
20:21:39 <hicham> I don't see another solution than to grant an exception since mozilla folks refused for now
20:21:40 <mjg59> The alternatives are all dreadful.
20:21:41 <nirik> Oxf13: could be... I don't know what changes they have made...
20:22:02 <pjones> the real question is if splitting out their library changes and making them work in the system libraries is more trouble than it's worth. I think the answer is almost certainly "yes".
20:22:20 <hicham> i am against shipping an unbranded firefox or ice<***> for this reason
20:22:21 <pjones> since, you know, that's exactly what mozilla upstream is working on.
20:22:37 <Oxf13> nirik: by and large, I would assume that if the changes were suitable for all consumers, those changes would be upstream, like previous cases with mozilla.
20:22:52 <nirik> Oxf13: they specifically mentioned "security fixes"
20:22:58 <nirik> which seems very odd to me.
20:23:19 <hicham> so their patches are not upstreamed yet
20:23:19 <pjones> Oxf13: isn't this the nature of the problem? that seems to be obviously the case but there are some upstream maintainers dragging their feet?
20:23:31 <nirik> " We prefer to ship our own copies of the media
20:23:31 <nirik> libraries, as if necessary we can cherry-pick a critical security fix and push
20:23:31 <nirik> out a release quickly, rather than relying on the distros to update their
20:23:31 <nirik> libraries. We can guarantee the safety and stability of our libraries this way."
20:23:41 <Oxf13> nirik: a security fix that works for Mozilla's narrow use case may not be suitable for other use cases.
20:23:58 <pjones> I think you're in the weeds with that one.
20:24:09 <nirik> who me?
20:24:14 <pjones> no, Oxf13
20:24:25 <notting> nirik: they're doing the right thing as application developers
20:24:33 <pjones> I mean, there's a remote chance, but.
20:24:40 <nirik> notting: right, but they aren't letting us as distributors do what we think is right.
20:24:46 <pjones> notting: yeah, that's the conclusion I came to as well - but it sortof sucks for us.
20:25:06 <Oxf13> pjones: fair enough.
20:25:08 <notting> nirik: is 'use a library version they don't develop, ship, or test against' right?
20:25:16 <nirik> ie, if this was a normal case, the fedora maintainer would unbundle and be responsible for getting the unbundled thing in fedora updated
20:25:57 <pjones> nirik: (with apologies to kde) there's something to be said for the size of the project here.
20:26:00 <nirik> notting: no. But they are developing it in this case right? it's their internal fork?
20:26:12 <ajax> normal apps have neither the complexity nor the visibility of firefox.
20:26:20 <ajax> i don't have any problem saying ff is more equal.
20:26:37 <notting> nirik: i believe it's a vendor branch, in SCM parlance
20:27:45 <nirik> well, on the plus side it sounds like they are heading the right way.
20:28:35 <nirik> so, what do we want to do here? vote on something? or gather more info? or ?
20:29:53 <pjones> we could vote on letting them bundle it; I think most of us are widely in support of it, and we're discussing reasoning more than anything else here.
20:29:56 <notting> i'm surprised... where are the opposing viewpoints?
20:30:17 <nirik> notting: our FPC folks are against the exception.
20:30:24 <pjones> nirik: oh?
20:30:36 <nirik> see ticket, toshio and spot
20:30:41 <nirik> https://fedorahosted.org/fesco/ticket/472
20:30:42 <pjones> (I mean, yes, I see that in the thread, but... where are they? ;)
20:30:49 <pjones> it's not like toshio doesn't know where our meetings are.
20:31:09 <nirik> spot is in channel, not sure if he's around.
20:32:54 <nirik> I kinda wish we had more info... like if there's a timeline on when they would use system, the security thing seems weak to me.
20:33:04 * nirik summoned abadger1999
20:33:11 * abadger1999 here
20:33:27 * abadger1999 notes that spot is the one that corresponded with mozilla... and the libvpx package maintainer.
20:33:47 <gholms> Well, look at how long other media libraries have remained forked.
20:34:11 <nirik> gholms: sure, but note in the ticket that they say they are close to unbundling those.
20:34:31 <nirik> abadger1999: http://meetbot.fedoraproject.org/fedora-meeting/2010-10-05/fesco.2010-10-05-19.30.log.txt has the log/backscroll.
20:34:33 <gholms> If that's the case then you know about how long to expect.
20:34:45 <abadger1999> nirik: not all of them.
20:34:48 <nirik> not really. I don't know if this is the same sort of case.
20:35:26 * nirik notes we are over 15min... votes to continue?
20:35:29 * abadger1999 tries to find tickets with some info
20:35:36 <nirik> +1 from me. I would like to hear from abadger1999.
20:36:38 <abadger1999> Hmm... so should ask spot since blizzard's quoted reply doesn't say which libraries are close to being unbundled.
20:37:07 <abadger1999> I do know that mozilla has extended libpng in their copy so that's unlikely to be pushed to the system for a while.
20:37:25 <pjones> maybe we should put this off for a week and invite blizzard to come here and talk to us directly.
20:37:30 <pjones> since this sounds a lot like playing telephone.
20:37:32 * nirik would like that.
20:38:44 <notting> if we can't get everyone here today... who wants to do herding for next week?
20:40:42 <pjones> I'm not against putting it to a vote now, but nirik sounded like he wants more info first.
20:41:04 * abadger1999 finishes reading logs
20:41:13 <abadger1999> pjones: +1 to inviting others.
20:41:24 <nirik> I kinda do, but if no one else wants to, we can vote I suppose.
20:41:25 <abadger1999> i'd like spot and blizzard if possible.
20:42:02 <ajax> sure, let's have a party.
20:42:30 <hicham> invite kkofler also
20:42:35 <abadger1999> Since they're the two that have been doing the communication in the background.
20:42:59 <nirik> hicham: I don't think that would be productive.
20:43:08 <gholms> ...
20:43:37 <hicham> so no decision for today ...
20:43:57 <hicham> I thought that gecko-maint would be here
20:44:22 <nirik> I can invite people, but if someone else knows/talks to those involved, they could do that and I would be happy. ;)
20:44:50 <abadger1999> notting: So I don't 100% agree with your thought that they're doing what's best for app development. But it's pretty nuanced so we might just be coming at the same ideas from different angles.
20:45:49 <hicham> nirik : what are the possible solutions for this case ?
20:46:17 <abadger1999> basically, When you as a developer are releasing an app to a platform, then you do want to have control over what is being used.
20:46:38 <mjg59> Well, options seem to be "Grant Mozilla a broad exemption", "Grant Mozilla a limited exemption", "Don't grant Mozilla an exemption"
20:46:48 <nirik> right.
20:47:01 <pjones> and the latter two make a lot of work for somebody.
20:47:03 <hicham> mjg59: I don't think the third one is possible
20:47:04 <mjg59> With the third of those meaning "Remove Mozilla", the second meaning "Let's have the same conversation again in 6 months" and the first meaning "Nobody working on Mozilla really cares"
20:47:04 <nirik> ok, I guess I will mail people to come next week.
20:47:21 <abadger1999> But when a system admin is deploying things (or we as packagers are proxying for the system admin) we want to make sure that our workload as a whole system is as low as possible.
20:47:23 <mjg59> I'm in favour of keeping Mozilla and not having this conversation every 6 months
20:47:34 * spot is here
20:47:38 <abadger1999> So we want the ability to unbundle those libraries.
20:47:40 <spot> is there a question for me?
20:47:57 <mjg59> abadger1999: Yeah, and we also want bug free software, maintainers and users
20:48:04 <mjg59> All of these things are tradeoffs
20:48:06 <abadger1999> spot: Talking libvpx (in specific) bundled libraries in general as it applies to mozilla.
20:48:08 <hicham> well, yes, you are the one who mailed mozilla folks spot
20:48:10 <notting> hicham: re: gecko-maint, caillon had other commitments, most other members are in wrong timezone
20:48:44 <mjg59> #proposal: Mozilla gets to do whatever it wants with its packaging, up to (but not including) deleting user data
20:48:50 <spot> fwiw, i don't at all like mozilla's attitude towards bundling.
20:49:10 <abadger1999> mjg59: We'll never ever have bug-free software though -- so the question is what's most beneficial to our workload and to the workload of the system admins.
20:49:36 * nirik is uneasy by it, since it seems they aren't trying to hard to work with us on it.
20:49:40 <mjg59> abadger1999: Well, what's beneficial to *my* workload is having a working web browser that's maintained by people who have proved they can maintain it
20:50:03 <pjones> abadger1999: mjg59: can we not try to make this as abstract as possible? we don't really need a discussion about the nature of software bugs. We know firefox is a file. ;)
20:50:18 <notting> (note: i have to leave in ~15 mins or so)
20:50:20 <abadger1999> pjones: haha :-)
20:50:27 <mjg59> pjones: I'd prefer to be specific. I think Mozilla is a special case and I think we should explicitly acknowledge that.
20:50:36 <spot> mjg59: is chromium also a special case?
20:50:42 <mjg59> spot: Right now? No.
20:50:47 <mjg59> In a couple of years? Maybe.
20:50:50 <spot> mjg59: because to be fair, they're doing the same as mozilla on a much larger scale.
20:51:02 <nirik> notting: we have no other items after this... so just open floor.
20:51:03 <notting> spot: aren't they bundling things we can't ship in any case?
20:51:12 <mjg59> Firefox has significant brand recognition that we genuinely benefit from
20:51:12 <ajax> spot: where by "the same" you mean "bundling" not "being a web browser", i assume
20:51:15 <spot> notting: those items are removable.
20:51:24 <mjg59> I don't think Chromium provides that
20:51:25 <spot> ajax: well, technically both, but yes.
20:51:25 <rdieter> spot: I read somewhere today chome's marketshare went ahead of firefox today
20:51:37 <hicham> mozilla isn't doing what google is doing
20:52:05 <mjg59> rdieter: Remember that Chrome -> Chromium = Firefox -> Iceweasel
20:52:07 <pjones> rdieter: so *completely* not relevant.
20:52:25 <mjg59> We can't ship Chrome
20:52:27 <hicham> mjg59: i don't think that this is a fair comparison
20:52:34 <nirik> back to the topic, I'd like to hear more from upstream as to why they are bundling in this case. The security argument seems poor. I'd also like that they had a roadmap to unbundle.
20:53:02 <notting> well, in staying close to upstream, you're at the mercy of upstream. c.f. kde not maintaining security updates for older releases
20:53:13 <spot> nirik: i'd be happy to pass along the contact info, but i would not expect much more info from them on this.
20:53:28 <hicham> i am just wondering if we can't ask mozilla for an exception instead of granting them an exception ...
20:53:36 <mjg59> hicham: We did.
20:53:39 <mjg59> They said no.
20:53:44 <nirik> It's hard to get too much from: "It sounds like we're still finding issues with our fuzzers from time to time and there are still changes coming to the library. So we're going to keep it close for a while yet."
20:54:18 <mjg59> nirik: I think the assumption that we can change their mind on this by demonstrating that a specific rational argument doesn't support their position isn't obviously true
20:54:26 <hicham> mjg59: we asked them to allow building against libvpx, not to patch xulrunner to use the system vpx
20:54:34 <nirik> I suppose not. ;(
20:54:42 <mjg59> hicham: Why do you believe the answer would be different?
20:55:01 <spot> nirik: i can only assume they feel that the system libvpx will in some way make firefox work poorly, and they are unwilling to permit anyone to do that and still call the resultant product "firefox"
20:55:11 <hicham> mjg59: because if our vpx matches their vpx we might have an agreement
20:55:23 <pjones> nirik: I think it's pretty clear that they choose to bundle the libraries with higher volatility (in terms of changes), and they think libvpx is under a lot of flux
20:55:25 <notting> i'm sure someone with sufficient skill could send a patch that adds --enable-system-vpx
20:55:32 <mjg59> Fundamentally, we are an entirely insignificant part of MoFo's market share, they've shown little historical interest in adhering to our whims on this point and we need them more than they need us
20:55:40 <nirik> notting: they did. it was rejected.
20:55:42 <spot> notting: that patch was sent and rejected
20:55:59 <mjg59> So could we please just vote on this?
20:56:02 <pjones> and in order to carry it ourself, we've basically got to redbaron it.
20:56:06 <pjones> +1 to voting on it.
20:56:12 <pjones> (and I'm still +1 to granting them the exception)
20:56:16 <notting> pjones: i think that lapsed
20:56:23 <pjones> notting: details.
20:56:48 <notting> pjones: just saying, if it hadn't, and we *did* go the iceweasel route... that would be the obvious way
20:57:25 <notting> i'm for voting on non-comical proposals. does someone have one?
20:57:26 <nirik> ok, so we are voting then?
20:57:32 <mjg59> And can we be clear what we're voting on?
20:57:40 <nirik> proposal: grant firefox a exception to bundle libvpx
20:57:51 <mcepl> mjg59: I have my doubts about their opinions on Linux share of MoFo users, but that's besides the point. I would say on MoFo defense (what did you expect?) that comparing to Google/Chromium they have some history of after some time pushing patches upstream.
20:57:51 <pjones> +1 to nirik's proposal.
20:57:54 <mjg59> I think we should start with a vote for a generic exception, and then if that fails do so for a limited one
20:58:15 <nirik> mjg59: ok, you have one?
20:58:34 <mjg59> proposal: Mozilla be exempted from FPC's policy on library bundling
20:58:40 <gholms> A carte blanche?
20:58:43 <mjg59> Yes
20:58:48 <gholms> Interesting...
20:58:49 <nirik> -1 here
20:59:15 <pjones> there's only 6 of us here, right?
20:59:27 <mjg59> +1
20:59:33 <hicham> that would solve future conflicts, I agree with mjg59
20:59:43 <mjg59> pjones: Yeah, so +5 is still possible
20:59:49 <nirik> pjones: I thought we only had 5 exactly... but I could have miscounted.
21:00:07 <nirik> SMParrish isn't active, but is in channel. ;)
21:00:12 <pjones> Oh, okay.
21:00:15 <pjones> so this can't pass.
21:00:24 <notting> i'm leery of carte blanche in case they do something really dumb. but i suppose that could be an exception
21:00:29 <Oxf13> needing unanimity kind of sucks.
21:00:43 <pjones> notting: we can always *revoke* it.
21:00:44 <nirik> well, you could try again next week when more folks were around.
21:00:47 <ajax> who said unanimity.
21:01:18 <gholms> How about bringing up and voting on both proposals both here and in the ticket? There's no reason you can't vote on both types of exceptions.
21:01:53 <notting> i'm ok with voting in ticket in an attempt to get quorum
21:01:58 <mjg59> Yeah
21:02:04 <ajax> wfm
21:02:11 <nirik> just as a side note, does anyone have problems with an iceweasel package being in fedora provided it passes review, etc?
21:02:21 <pjones> nirik: yes
21:02:37 <gholms> It would need to update side-by-side with firefox.
21:02:38 <nirik> ok would someone like to update the ticket?
21:02:45 <pjones> Seriously, if we're against having dupicate libraries, how can we be fore having duplicate application code?
21:02:45 <hicham> i am against such a package
21:02:47 <nirik> pjones: out of curiosity, what?
21:02:53 <pjones> for
21:03:06 <hicham> ice* browsers are useless
21:03:12 <mjg59> I would be in favour of out firefox package being *trivially* rebrandable
21:03:18 <hicham> just rebranding+destructive patches
21:03:22 <notting> nirik: it strikes me as a petty waste of resources
21:03:28 <mjg59> So that downstreams can handle this more easily
21:03:47 <nirik> if an iceweasel package was in, was well maintained and had an active community of packagers, I would be much more likely to drop firefox. (ie, find out if it's viable before we move to it)
21:04:04 <nirik> anyhow, I guess I am going off topic.
21:04:04 <notting> mjg59: can you put your global and local(vpx-only) proposals in the ticket for voting
21:04:13 <mjg59> notting: Sure
21:04:22 <pjones> nirik: we know it's /viable/, don't we? since debian does it within reason.
21:04:56 <notting> nirik: imo, it makes sense to have ff or iw. not both
21:04:57 <nirik> I don't know how well it works there...
21:05:07 <ajax> i feel like we've now spent more time talking about this than it would require to patch both the firefox and system versions of vpx in the event of a security problem.
21:05:11 <nirik> #agreed will vote on proposals in ticket.
21:05:28 <nirik> shall we move on then?
21:05:32 <ajax> please.
21:05:36 <notting> ajax: i have no doubts about mofoco's ability to push new security releases at a rapid pace
21:05:39 <pjones> yes.
21:05:41 <pjones> move on.
21:05:43 <nirik> #topic Open Floor
21:05:48 <nirik> anyone have anything for open floor?
21:06:00 * gholms raises hand
21:06:07 <nirik> gholms: go ahead
21:06:48 <gholms> I have a rel-eng ticket that could result in very a minor distro-wide change. If any of you have any input on it I would appreciate hearing from you.
21:06:52 <gholms> .releng 4149
21:06:52 <zodbot> gholms: Ticket #4120 (task closed): Override tag request for rubygem-hoe� || �Ticket #4156 (task closed): task 2513514 stuck in tests� || �Ticket #4158 (task created): tag banshee-1.8.0-4.fc14 gio-sharp-0.2-2.fc14 libgpod-sharp-0.7.95-1.fc14 gudev-sharp-0.1-3.fc14 gkeyfile-sharp-0.1-3.fc14 gtk-sharp-beans-2.14.0-2.fc14� || �Ticket #4157 (task created): Please tag nss-softokn-3.12.8-1.fc12 nss-softokn-3.12.8-1.fc13�� �(12 more messages)�
21:07:07 <gholms> Err, that didn't work so well.
21:07:13 <gholms> https://fedorahosted.org/rel-eng/ticket/4149
21:07:35 <Oxf13> .rel 4149
21:07:36 <zodbot> Oxf13: #4149 (Need a way to point EC2 instances to specific mirrors) - Fedora Release Engineering - Trac - https://fedorahosted.org/rel-eng/ticket/4149
21:07:45 <gholms> Thanks
21:08:00 * nirik is happy with whatever solution folks interested come up with there. ;)
21:09:25 <notting> yeah, i'm ok with whatever the yum and MM people agree on
21:09:41 <ajax> up, enter
21:10:11 <notting> gholms: have the MM maintainers chimed in yet?
21:10:47 <gholms> mdomsch added the needed MM support already.
21:11:18 <gholms> It isn't released yet, but it's there.
21:11:37 <pjones> totally okay with it then.
21:11:38 <mdomsch> yep
21:11:47 <notting> sweet. if you need the repo def changed, plz file a blocker bug against fedora-release
21:11:53 <mdomsch> needs some testing, but is pretty straightforward
21:12:04 <mdomsch> notting: with the config plugin, we shouldn't need to
21:12:11 <gholms> How soon should such a bug be filed?
21:12:12 <mdomsch> and I prefer not to
21:12:27 <notting> i thought the yum folks said they'd prefer a non-plugin solution
21:12:39 <gholms> mdomsch: skvidal and Oxf13 are saying avoiding a plugin would be better.
21:13:01 <mdomsch> oh? I missed that. I thought skvidal was on board, exactly so we get
21:13:07 <mdomsch> a) dynamic operation
21:13:13 <mdomsch> b) no munging the config file
21:13:23 <Oxf13> I defer to skvidal on how it should operate
21:13:31 <Oxf13> my only contribution that I like was adding a tag to the MM url string
21:13:35 <mdomsch> a) being that we can grab the value every time yum runs, rather than when the AMI is created
21:13:38 <Oxf13> how that tag gets added isn't as much of a concern of mine
21:13:42 <gholms> With the currently-favored solution we change the *stock* repo configs.
21:13:59 <notting> gholms: right, which is a blocker bug against fedora-release
21:14:00 <nirik> anyhow, sounds like we are fine with whatever you guys come up with. ;)
21:14:01 <gholms> Those can stay the same, and the value gets filled in a different file at boot time. Simple!
21:14:08 <gholms> Sounds good.
21:14:08 <notting> gholms: (or, you do it in appliance-tools)
21:14:21 <gholms> notting: Read the wiki page; there are problems with that approach.
21:15:02 <pjones> mdomsch: okay, so it sounds like you and skvidal need to make sure you're on the same page - aside from that, I think a lot of us will defer to you two.
21:16:07 <nirik> Any other open floor items?
21:17:34 * nirik will close the meeting in a minute if nothing else comes up.
21:18:39 <nirik> #endmeeting