18:00:55 <notting> #startmeeting FESCO (2013-06-26)
18:00:55 <zodbot> Meeting started Wed Jun 26 18:00:55 2013 UTC.  The chair is notting. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:55 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:01:02 <notting> #meetingname fesco
18:01:02 <zodbot> The meeting name has been set to 'fesco'
18:01:03 <notting> #chair abadger1999 jwb mitr mmaslano notting nirik pjones t8m sgallagh
18:01:03 <zodbot> Current chairs: abadger1999 jwb mitr mmaslano nirik notting pjones sgallagh t8m
18:01:03 <notting> #topic init process
18:01:18 * nirik waves.
18:01:20 <sgallagh> Salutations
18:01:41 * abadger1999 half here -- will have full attention in a bit
18:02:21 <nirik> so I guess we assume old fesco continues to handle business until new fesco is announced?
18:02:40 <notting> can't think of alternatives to that
18:03:03 <sgallagh> nirik: I think that's the only sane approach, yes
18:03:24 * nirik nods
18:03:35 <nirik> provided we have quorum. ;)
18:05:41 <jwb> sorry
18:06:10 <abadger1999> yeah /me working with the board to get the election announcement out later today.
18:06:13 <notting> that's minimal quorom. will wait a couple of minutes for others.
18:08:46 <mitr> Hello all
18:09:44 <notting> ok, that's six. pjones and mmaslano are known out... haven't heard from t8m
18:10:12 <notting> #topic #1128    switching from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20
18:10:12 <notting> .fesco 1128
18:10:13 <zodbot> notting: #1128 (switching from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20) – FESCo - https://fedorahosted.org/fesco/ticket/1128
18:10:21 <nirik> sure, +1 to the change
18:10:32 <notting> .topic #1128
18:10:41 <jwb> seems reasonable.  i would go with jakub's suggestion of switching gcc %check to use -strong too
18:10:48 * nirik nods.
18:10:54 <notting> #topic #1128    switching from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20
18:10:59 <notting> that's better.
18:11:50 <abadger1999> +1
18:12:03 <notting> i'm +1. we can certainly revisit if perf looks awful
18:12:06 <sgallagh> I'm in favor of any change that makes our code more secure. +1
18:13:01 <mitr> To clarify, this is a change for all builds, not just hardened, isn't it?
18:13:18 <abadger1999> That's how I read it.
18:13:33 <sgallagh> mitr: That's my interpretation as well
18:13:35 <nirik> yes
18:13:46 <notting> mitr: that is the proposal, yes.
18:13:47 <notting> hm
18:13:55 <notting> /usr/lib/rpm/redhat/rpmrc:optflags: aarch64 %{__global_cflags} -fno-stack-protector
18:13:59 <notting> what's up with that?
18:14:18 <nirik> no idea
18:15:35 <notting> still, not technically a f20 concern there for aarch64
18:16:03 <notting> mitr: do you have concerns?
18:16:08 <mjg59> notting: ARM doesn't have stack protector support yet
18:16:24 <mjg59> notting: It's totally enterprise ready
18:16:33 <notting> mjg59: without the support, it errors on the commandline rather than just doing nothing?
18:16:42 <mjg59> notting: Yup!
18:16:43 <mitr> notting: Jakub was OK with enabling "as long as benchmarks show it doesn't introduce significant overhead".  Wondering whether to just go ahead and flip the switch now (and possibly revert later), or wait for data
18:17:13 <notting> mjg59: i can see the logic in throwing an error if it can't do the security thing you asked, i suppose
18:19:36 * nirik is ok with just doing it now, but if others want to wait ok
18:19:37 <notting> halfie: do you have benchmarks?
18:20:22 <nirik> "In preliminary benchmarking, using "-fstack-protector-strong" did not result in any performance regressions."
18:20:24 <nirik> from the ticket
18:20:29 * nirik isn't sure what that covered
18:22:58 <notting> is everyone who is +1 ok with making the switch now, presumably?
18:23:12 <abadger1999> yeah, +1 from me.
18:23:28 <abadger1999> plenty of time to revert for f20 if there's a performance problem.
18:25:06 * notting is +1 as well
18:25:18 <sgallagh> Yeah, as abadger1999 says, if we institute it now, we have months to revert if it becomes an issue.
18:25:24 <notting> jwb: you as well?
18:25:30 <jwb> yes
18:25:53 <mitr> OK, let's try this. +1
18:25:55 <sgallagh> Perhaps the decision can carry a rider that a reversion must be decided before the F20 gcc mass rebuild (assuming there is one)
18:26:11 <notting> that works for me
18:26:15 <abadger1999> wfm
18:26:21 <mitr> sgallagh: yes
18:26:41 <nirik> yep
18:26:52 <notting> mitr: you +1 with that rider?
18:27:08 * sgallagh is +1 with the rider, for the record
18:27:37 <mitr> +1 even with the rider, and +1 to the rider as well (i.e. not depending on the rider)
18:27:50 <notting> ok
18:28:25 <notting> #agreed Will switch from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20. Any reversion based on poor benchmarks must be decided before any F20 gcc mass rebuild
18:28:29 <notting> #undo
18:28:29 <zodbot> Removing item from minutes: <MeetBot.items.Agreed object at 0x12b19110>
18:28:38 <notting> #agreed Will switch from "-fstack-protector" to "-fstack-protector-strong" in Fedora 20. Any reversion based on poor benchmarks must be decided before any F20 gcc mass rebuild (+:6, -:0, 0:0)
18:29:19 <notting> moving on...
18:29:26 <notting> #topic #1129     F20 System Wide Change: Perl 5.18 - https://fedoraproject.org/wiki/Changes/perl5.18
18:29:31 <notting> .fesco 1129
18:29:33 <zodbot> notting: #1129 (F20 System Wide Change: Perl 5.18 - https://fedoraproject.org/wiki/Changes/perl5.18) – FESCo - https://fedorahosted.org/fesco/ticket/1129
18:30:15 <nirik> +1
18:30:23 <mitr> +1
18:30:27 <abadger1999> +1
18:30:42 <notting> +1
18:30:50 <sgallagh> The only open question is with the dlopen() change, I assume?
18:31:03 <nirik> yeah.
18:32:05 <sgallagh> Ok, I think those will only get fixed if we force the issue, frankly. +1
18:33:08 <mitr> Linking the moduels with -lperl is IMHO just the right thing to do.
18:33:56 <notting> jwb: ?
18:35:57 <jwb> abstain
18:36:11 <notting> #agreed F20 System Wide Change: Perl 5.18 is approved (+:5, -:0, 0:1)
18:36:24 <notting> #topic #1130     F20 System Wide Change: python-setuptools update to 0.7.x
18:36:38 <notting> .fesco 1130
18:36:39 <zodbot> notting: #1130 (F20 System Wide Change: python-setuptools update to 0.7.x - https://fedoraproject.org/wiki/Changes/Python_setuptools_0.7) – FESCo - https://fedorahosted.org/fesco/ticket/1130
18:36:49 <nirik> +1
18:36:58 <jwb> this seems fine
18:37:25 <notting> +1
18:37:28 <sgallagh> +1
18:37:56 * abadger1999 +1's or recuses self -- whichever is appropriate for fesco
18:37:59 <mitr> +1
18:39:12 <notting> abadger1999: i *think* recusal, but i could be wrong. in any case, it passes
18:39:29 <notting> #agreed F20 System Wide Change: python-setuptools update to 0.7.x is approved (+:5, -:0, 0:1)
18:40:10 <notting> #topic Next week's chair
18:40:24 <notting> anyone want to take it ... whose seat is not in jeopardy pending election results?
18:40:31 <jwb> sigh
18:40:50 <sgallagh> notting: I'll take it this time.
18:41:06 <notting> #info sgallagh will chair next week's meeting
18:41:28 <notting> #info next week's meeting should be the first meeting of the new FESCo
18:41:47 <notting> #topic Open Floor
18:41:56 <notting> besser82: you wanted to bring something up?
18:42:09 <besser82> Yes
18:42:11 <besser82> .fesco 1132
18:42:12 <zodbot> besser82: #1132 (libtool + %global _hardened_build 1 = no full hardening) – FESCo - https://fedorahosted.org/fesco/ticket/1132
18:42:29 <mitr> Isn't this better suited for the FPC?
18:43:04 <nirik> so, this was filed after the agenda went out... I've not had time to dig into it much.
18:43:07 <sgallagh> Frankly, I think it's just a bug in redhat-rpm-config.
18:43:17 <notting> if it ends up as a guidelines change, perhaps. i think the question is where to best fix it
18:43:19 <nirik> is this simply a bug? or desired by the redhat-rpm-config maintainer?
18:43:29 <sgallagh> Short version: the hardening flags aren't always applied for libtool shared libraries.
18:44:00 <sgallagh> Because of a very old and well-established limitation of libtool.
18:44:12 <nirik> in any case I'd be good with punting to next week... in the mean time work around in those two packages and they can push out updates.
18:45:05 <sgallagh> So essentially, besser82 is asking for us to insist that this be fixed and then mass-rebuild in all branches.
18:45:20 <sgallagh> Mass-rebuilding of released Fedora is not going to happen. Period.
18:45:23 <nirik> all branches? no.
18:45:29 <nirik> world of no
18:45:39 <mitr> (Anothe question is why hasn't anyone noticed till now - perhaps something else is going on?)
18:45:45 <notting> yeah, i can see fixing the bug in other branches, but it then becomes maintainer discretion
18:45:53 <notting> mitr: people set hardended_build but don't check? dunno.
18:45:54 <abadger1999> notting: +1
18:45:55 <sgallagh> mitr: Well, the tools to autodetect this are fairly recent additions to Fedora
18:46:15 <nirik> is there a redhat-rpm-config bug filed?
18:46:16 <mitr> sgallagh: Other tools have years of history.
18:46:25 <mitr> notting: possible.  dunno
18:46:47 <sgallagh> mitr: Well, I suspect that the majority of projects that set these flags do so manually in their builds
18:46:53 <sgallagh> s/builds/Makefiles/
18:47:21 <sgallagh> Which would hide the issue as libtool would honor them that way.
18:47:40 <sgallagh> My understanding of the problem is that it doesn't work properly when set in the environment like we do with the macros.
18:47:48 <mitr> Proposal: 1) mass rebuild at this time rejected (will rebuild f20 later), 2) defer to next week to allow proper analysis
18:47:49 <notting> besser82: have you filed a bug?
18:47:58 <besser82> not yet
18:48:14 <nirik> mitr: +1
18:48:27 <sgallagh> besser82: Please don't bring things to FESCo without first consulting the relevant maintainers through Bugzilla.
18:48:38 <sgallagh> Chances are, they want this to work as much as you do
18:48:50 <sgallagh> mitr: +1
18:48:52 <notting> i'm +1 to mitr's proposal to defer
18:50:04 <abadger1999> mitr: +1
18:52:19 <notting> #agreed re: #1132  1) mass rebuild at this time rejected (will rebuild f20 later), 2) defer to next week to allow proper analysis (+:5, -:0, 0:0)
18:52:31 <notting> besser82: please do file a bug
18:52:35 <notting> anything else for open floor?
18:52:48 <besser82> OK. I'll do.
18:53:08 <sgallagh> Not for discussion, but I opened a ticket for next week to try to organize FESCo Flock attendees.
18:53:57 <abadger1999> Would people wantto clarify the httpd-itk decision for the package maintainer?
18:54:58 <nirik> abadger1999: IMHO, we simply decided the question of overruling the httpd maintainer and forcing them to carry patches. If FPC would like to review the bundling/etc there I think that would be great.
18:55:00 <abadger1999> I'm having a hard time getting him to understand he needs to take the bundling question to fpc: https://fedorahosted.org/fesco/ticket/1125#comment:20
18:55:18 <abadger1999> nirik: <nod>
18:55:45 <mitr> Well, it's not quite obvious whether to treat this as a bundled subproject or as a fork (with forks being presumably allowed)
18:56:02 <nirik> proposal: fesco would like the bundling reviewed by FPC, please ask them to examine this case.
18:56:43 <abadger1999> mitr: <nod>  That's part of why fpc should evaluate it -- I think that we might end up crafting something that says it's a fork and what criteria we used to determine that... but I'm only FPC member so I can't decide that on my own :-)
18:56:43 <sgallagh> nirik: +1
18:56:49 <mitr> nirik: =1 (with the expectation that said review should not be a huge deal with lots of hoops, just a review whether it's responsible to ship this to users)
18:56:51 <abadger1999> nirik: +1
18:57:01 * notting is +1
18:58:19 <nirik> that looks lke 5
18:58:25 <notting> #agreed (re: httpd-itk ticket) FESCo would like the 'bundling' of httpd-itk reviewed by FPC
18:58:36 <notting> #undo
18:58:36 <zodbot> Removing item from minutes: <MeetBot.items.Agreed object at 0x10eb6e50>
18:58:43 <notting> #agreed (re: httpd-itk ticket) FESCo would like the 'bundling' of httpd-itk reviewed by FPC (+:5, -:0, 0:0)
18:58:53 <notting> who will officially take the ticket there?
19:00:05 <abadger1999> I haven't had success getting the httpd-itk maintainer to take me seriously so it would be great if someone else can.  I can drive it in FPC once the ticket and maintainer start communicting there.
19:01:23 <notting> ok, i'll file the ticket
19:01:29 <notting> anything else for open floor?
19:03:05 <notting> if not, will close meeting in 1 minute
19:03:31 <nirik> Thanks to all the departing folks. Your service is appreciated. ;)
19:04:18 <notting> #info Thanks to all departing FESCo members!
19:04:31 <notting> #endmeeting