#fedora-meeting log

18:01:28 <thozza> #startmeeting FESCO (2015-03-11)
18:01:28 <zodbot> Meeting started Wed Mar 11 18:01:28 2015 UTC.  The chair is thozza. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:01:28 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:01:28 <thozza> #meetingname fesco
18:01:28 <thozza> #chair ajax dgilmore jwb mitr nirik paragan rishi thozza sgallagh
18:01:28 <thozza> #topic init process
18:01:28 <zodbot> The meeting name has been set to 'fesco'
18:01:28 <zodbot> Current chairs: ajax dgilmore jwb mitr nirik paragan rishi sgallagh thozza
18:01:33 <mitr> Hello
18:01:37 * ajax waves
18:01:37 <thozza> hi all
18:01:40 <nirik> morning
18:01:42 <paragan> hi
18:02:08 <jwb> hello
18:02:35 <thozza> will wait a minute and start
18:03:34 <thozza> ok, let's start
18:03:37 <thozza> #topic #1412 anaconda password change is causing consternation among the user community please review this policy decision
18:03:37 <thozza> .fesco 1412
18:03:39 <zodbot> thozza: #1412 (anaconda password change is causing consternation among the user community please review this policy decision) – FESCo - https://fedorahosted.org/fesco/ticket/1412
18:03:58 <thozza> we have a proposal from sgallagh
18:04:06 <thozza> Proposal: Request a Freeze Exception to include it in the Alpha release if it becomes available, otherwise get to it in Beta.
18:04:10 <t8m> hi, I am here to answer possible questions about libpwquality.
18:04:20 <thozza> +2 votes in the ticket
18:04:30 <ajax> that sounds fine, +1
18:04:34 * nirik reads up. I didn't see a proposal?
18:04:44 <jwb> Alpha is out the door.  i thought we thawed between Alpha and Beta?
18:04:45 <ajax> comment 38
18:04:47 <jwb> or did we stop doing that
18:05:01 <nirik> we do/did.
18:05:11 <jwb> then i don't think an exception is needed?
18:05:26 <ajax> heh, indeed
18:05:29 <dgilmore> hola
18:05:34 <thozza> jwb: well, the proposal is 7 days old
18:05:36 <nirik> right, as long as it's in before beta freeze.
18:06:01 <jwb> thozza, ok.  but my point is that it wasn't acted on in a timely manner and is now irrelevant :)
18:06:11 <thozza> jwb: right
18:06:18 <dgilmore> Alpha is out, it should make Beta
18:06:31 <nirik> I somehow missed it. possibly thinking it was just part of the agreed from last week or something.
18:06:37 <jwb> where it is the change fesco requested.  did anybody look to see if that is done?
18:06:44 <dgilmore> jwb: we freely  allow updates between Alpha and Beta
18:06:56 <nirik> jwb: ajax asked... they said they would do it as a local patch to f22...
18:07:16 * nirik looks
18:08:09 <nirik> although, I think they generate/keep the spec in their git, so really it's not going to be possible to do in just pkgs...
18:08:11 <mitr> http://pkgs.fedoraproject.org/cgit/anaconda.git/log/?h=f22 has last commit 7 days ago
18:09:02 <nirik> so, aside that stuff, how can we move forward with a more overall policy? try and gather people who have time/inclination to work on it?
18:09:15 <t8m> imho the enforcement of score > 50 or whatever the value anaconda uses was nonsense and they should have asked me at least before they switched it on
18:09:42 <nirik> t8m: what should it be? 0?
18:09:49 <mitr> nirik: Only having a local patch on the F22 branch is kind of forcing our hand :)
18:09:49 <nirik> (in your opinion)
18:10:12 <jwb> mitr, if said patch existed
18:10:30 <t8m> nirik, if exception is not returned then it should be allowed and the score should be just informative value
18:10:35 <nirik> mitr: I think they wanted to do that to force us to actually come up with a policy before f23...
18:10:39 <mitr> jwb: Right.  Do we want to explicitly file a Beta blocker bug?
18:10:59 <nirik> bug is a good idea, yes. .
18:11:06 <t8m> nirik, IMHO even the exception should be overridable but that is a different debate
18:11:27 <thozza> ok, I can do the bug
18:11:59 <thozza> basically requesting to get back to the double-click state, right?
18:12:07 <jwb> yes
18:12:18 <nirik> readd the ability to click done twice to accept any password, yes.
18:12:39 <thozza> #action thozza to file a beta blocker bug for anaconda to get back to double-click for weak passwords
18:12:56 <thozza> #info the proposal in the ticket is outdated since the alpha is already out. The change should go into beta.
18:13:14 <thozza> ok, can we move on, or want to discuss the topic more?
18:13:59 <nirik> alright, since I hate just leaving this sitting around with nothing happening on it, I will try and come up with a list of stakeholders and use cases and see if I can get everyone to meetup/discuss a overall policy.
18:14:18 <nirik> I'll start with a wiki page probibly, help welcome.
18:14:32 * nirik doesn't have time, but screw it, this needs to get addressed.
18:14:37 <thozza> nirik: thanks
18:14:39 <t8m> nirik, cc me please
18:14:50 <nirik> t8m: definitely will include you...
18:15:36 <thozza> #action nirik to start a wiki page for discussion around the overall password policy
18:15:58 <thozza> ok, let's move on then
18:16:01 <jwb> sure
18:16:07 <thozza> #topic #1420 policy change: admins (non-POC) should be able to retire packages
18:16:07 <thozza> .fesco 1420
18:16:08 <zodbot> thozza: #1420 (policy change: admins (non-POC) should be able to retire packages) – FESCo - https://fedorahosted.org/fesco/ticket/1420
18:16:46 <thozza> I count +5 in the ticket ( sgallagh, jwb, mitr, pnemande, ajax
18:16:50 <dgilmore> i am +1 to this
18:16:53 <thozza> I'm also +1
18:17:45 <thozza> #agreed Allow also package admins to retire the package (+7, 0, -1)
18:18:03 <thozza> let's move on :)
18:18:07 <thozza> #topic #1421 FESCO Decision on COPR/Playground in GNOME Software
18:18:07 <thozza> .fesco 1421
18:18:09 <zodbot> thozza: #1421 (FESCO Decision on COPR/Playground in GNOME Software) – FESCo - https://fedorahosted.org/fesco/ticket/1421
18:18:50 <sgallagh> Sorry I'm late, folks.
18:18:53 <nirik> I meant to reply to sgallagh's last comment there, but haven't had time yet... ;)
18:19:11 <thozza> I count +5 in the ticket
18:19:30 <thozza> sgallagh: we are discussing https://fedorahosted.org/fesco/ticket/1421
18:19:37 <dgilmore> I am +1, but I think we should look at mirroring options
18:19:52 <sgallagh> thozza: Thanks
18:19:56 <nirik> IMHO, copr repo files should also include skip-if-unavailable. That would help mitigate any issues with mirroring, etc.
18:20:13 <thozza> nirik: sounds reasonable
18:20:57 <nirik> I think adding mirroring might be good down the road, but might not be needed for initial rollout.
18:21:16 <nirik> there's currently 451GB of copr rpms.
18:21:53 <mitr> AFAICS the proposal is not at all to include repo files for all of that
18:22:01 <sgallagh> No, absolutely not.
18:22:01 <jwb> i wonder how many could be cleaned up
18:22:05 <nirik> right. only a small curated subset.
18:22:22 <nirik> also note that with this policy change we would allow any such packages right?
18:22:27 <sgallagh> But whether that distinction can be made for mirrors is a valid question
18:22:42 <nirik> so, I could make, get reviewed and added a 'junk-from-coprs' package with all the repo files I want?
18:22:46 <sgallagh> nirik: Sorry, can you rephrase that? It was unclear what we would allow.
18:23:36 <sgallagh> Hmm, good point. That wasn't the intent, but it's not clearly spelled out.
18:23:40 <nirik> ie, this wouldn't allow just workstation folks to add something, but anyone right?
18:23:56 <jwb> technically, yes
18:23:56 <nirik> we could add a 'get a approval from fesco' or something.
18:24:03 <sgallagh> Maybe too technical an answer, but we should probably keep the list to subpackages of the fedora-repos package
18:24:15 <dgilmore> nirik: do we want to have the  .repo files ship as a subpackage of fedora-repos  fedora-repos-copr ?
18:24:32 <sgallagh> But yeah, a generic answer of "Approval from FESCo or those FESCo delegates" is probably valid.
18:24:33 <nirik> we could do that, but it might mean changing that somewhat often?
18:24:42 <nirik> dunno how much they would change over releases.
18:24:50 <sgallagh> And figure out the technical solution from there
18:24:54 <jwb> this seems somewhat unnecessary at this point
18:24:55 <dgilmore> me doesn't know either
18:25:16 <mitr> sgallagh: delegating this to subpackages of fedora-repos seems very reasonable to me
18:25:17 <nirik> right, these are technical details mostly. ;) can do them out of meeting?
18:25:26 <thozza> jwb: you mean the need to approve repos?
18:25:37 <sgallagh> nirik: Mostly, but one thing to agree on.
18:25:52 <jwb> thozza, the necessity to make it a subpackage of fedora-repos
18:26:02 <thozza> right
18:26:03 <jwb> thozza, also, in part, the need to approve them
18:26:08 <sgallagh> Add language around "Approval from FESCo or those FESCo delegates is required for adding a repo to the Fedora Collection"
18:26:12 <jwb> because i would expect the WGs to curate their own sets
18:26:20 <sgallagh> Where "delegates" basically amounts to WGs
18:26:31 <nirik> sure. I was speaking to initially entering the collection.
18:26:39 <jwb> sgallagh, then remove FESCo and say "WGs"
18:27:06 <nirik> unless it's a copr for nonproduct related stuff?
18:27:12 <sgallagh> Well, I was willing to leave that open to more interpretation, but ok: "Approval from FESCo or the WGs is required for adding a repo to the Fedora Collection"
18:27:23 <sgallagh> nirik: In which case that goes to FESCo
18:27:25 <nirik> 'a repo' ?
18:27:35 <sgallagh> s/a repo/a repo file./
18:27:36 <jwb> nirik, this is why i think we're adding a restriction prematurely.
18:27:36 <nirik> a package containing copr repos
18:27:58 <nirik> jwb: could be. It might be no one wants to add anything else.
18:28:15 <jwb> i think you are all forgetting that just because a package exists does not mean it will be installed by default
18:28:15 <sgallagh> proposal: "Approval from FESCo or the WGs is required for adding a package containing a repo file to the Fedora Collection"
18:28:20 <jwb> sgallagh, -1
18:28:39 <jwb> this is unnecessary overhead in my opinion
18:28:53 <nirik> ok, jwb convinced me. :) until there's an issue...
18:28:55 <mitr> jwb: I think by default we want packages in Fedora proper; so without someone coming forward with a specific use case or class of use cases for using this copr mechanism I would not want to open the floodgates (if only because the right thing might be to refuse the request and get Fedora proper changed instead)
18:29:00 <mitr> sgallagh: +1
18:29:24 <mitr> sgallagh: nitpicking s/adding a package containing a repo file/packaging a repo file into a package/
18:29:26 <nirik> so, -1, lets not bother for now.
18:29:27 <jwb> mitr, we will have to disagree.
18:29:44 <sgallagh> Allow me to rephrase again:
18:29:51 <mitr> sgallagh: Do we want the default-disabled as a requirement in there?
18:29:57 <jwb> sgallagh, also, your language is confusing.  the ticket is limited to COPR repos but you don't specify that
18:30:15 <sgallagh> "Approval from FESCo or the WGs is required for packaging a repo file into a package included in the default install set of any Fedora release media"
18:30:37 <thozza> maybe something like
18:30:37 <thozza> Proposal: It is OK for RPM distributed within standard Fedora to install COPR repo that is not enabled by default (enabled=0), but has enabled metadata (enabled_metadata=1). The COPR repo file should also include skp_if_unavailable=1. Approval from FESCo or the WGs is required for adding a package containing a COPR repo file  to the Fedora Collection.
18:30:42 <mitr> … we don’t want the default-disabled in there, that is already in https://fedoraproject.org/wiki/Third_Party_Repository_Policy
18:31:15 <jwb> thozza, i'm fine with everything except the approval part.
18:31:43 <sgallagh> jwb: even with the distinction of "on default media"?
18:31:44 <thozza> jwb: well I don't have problem with that
18:31:47 <nirik> mitr: thats what we are changing here no?
18:32:10 <jwb> sgallagh, i don't see it being necessary, even with that distinction
18:32:21 <thozza> but we should not allow it as a means to get packages that don't conform to packaging guidelines to Fedora just by adding a Fedora package with only repo file
18:32:27 <mitr> nirik: Ultimately I don’t care that we are redundant; I only wanted to make sure that _something_ requires that, and that is already the case.
18:33:06 <nirik> mitr: this ticket is to revise that policy. It even mentions that page. ;)
18:33:12 <mitr> sgallagh: the “on default media” feels too weak to me, though I don’t feel strongly about it.
18:33:31 <nirik> thozza: but they can just 'dnf copr enable ...' now, why would they bother with a .repo file package?
18:34:05 <thozza> nirik: right
18:34:12 <jwb> thozza, trying to craft a rule that grants this request but prevents what you are suggesting is fairly impossible
18:34:26 * nirik is sorry for starting us on this tangent. ;)
18:34:55 <sgallagh> I'm fine to just leave it alone and just approve it as originally proposed, then
18:34:58 <thozza> jwb: given that I agree that the rule does not make sense
18:35:13 <sgallagh> Realistically, nothing will end up on the default media without FESCo or the WGs putting it there anyway.
18:35:33 <jwb> the request, as asked in the ticket, already passes with 5 +1s
18:35:33 <sgallagh> (Excluding a rogue provenpackager, but I think someone would notice)
18:35:41 <jwb> does anyone that voted +1 want to change their vote?
18:35:51 * nirik is fine with the proposal as in ticket.
18:36:05 <thozza> do we want to add the skip_if_unavailable part?
18:36:06 <nirik> we can ask releng/interested parties to work out where the package lives, etc.
18:36:10 <mitr> thozza: The difference is that GNOME Software will start showing the other package; it will no longer be “Google for a project you are specifically looking for, find out that there is a COPR, and run a command” but “search for it in the default UI, click through some nonsense you didn’t read, package is installed”.
18:36:32 <sgallagh> thozza: That's an RFE for the COPR folks
18:36:36 <sgallagh> Not a requirement for this policy
18:36:49 <sgallagh> IMHO
18:36:50 <nirik> thozza: but only if you have the package(s) installed right? why would you install 'kevins-junk-coprs' ?
18:36:58 <nirik> sorry, that was for mitr
18:37:07 <mitr> sgallagh: AFAICS that is a requirement for the .repo file _in the package_, not necessarily in the repo file generated by COP
18:37:15 <sgallagh> ok, fine.
18:37:22 <mitr> nirik: true
18:37:30 <sgallagh> If anyone particularly wants to paint that particular shed now, fine.
18:37:50 <nirik> I suppose it could be a two step thing...
18:38:07 <mitr> sgallagh: Re skip_if_unavailable, I would be happy enough with noting this in the FESCo ticket and hoping that the appropriate people will notice.
18:38:14 <jwb> mitr, same.
18:38:18 <nirik> search gnome-software, see "kevins junk coprs! cure what ales you!" and you install that, then you have more, but i doubt it would hit many people.
18:38:23 <thozza> I don't see what harm could the skip-is-unavailable do
18:38:23 <sgallagh> mitr: +1
18:38:23 <mitr> Not going to put this for a vote or wordsmith it.
18:38:38 <thozza> it was proposed as a solution in case COPR can not deal with the load
18:39:32 <thozza> so 5 votes in the ticket
18:39:45 <thozza> I'm also +1 for the original proposal
18:39:56 <ajax> i continue to agree with the +1 i left in the ticket
18:40:12 <sgallagh> /me finds it amusing that we spent 30 minutes to discuss a ticket we actually approved async
18:40:23 <thozza> just to make sure, we agree on:
18:40:24 <nirik> I love +1's, so I am +1ing my +1 in the ticket. +1. ;)
18:40:27 <thozza> Proposal: It is OK for RPM distributed within standard Fedora to install COPR repo that is not enabled by default (enabled=0), but has enabled metadata (enabled_metadata=1).
18:40:29 <thozza> ?
18:40:45 <nirik> +1 (still)
18:40:45 <sgallagh> thozza: Yes
18:40:51 <sgallagh> +1 for the count
18:40:57 <mitr> thozza: Just incorporate comment#0 by reference if you want to be extra precise.
18:41:07 <mitr> +1 to that as well, finally.
18:41:51 * thozza is counting
18:42:05 <jwb> +1 again
18:42:18 <paragan> +1 to above proposal
18:42:34 <dgilmore> thozza: -1 there are many places where downloading the copr metadata will cause issues, especially for the bandwidth limited portions of the world
18:42:57 <dgilmore> I think users shoudl be able to opt in
18:43:04 <jwb> you have +5 twice now
18:43:06 <thozza> I counted +7 sgallagh, nirik, paragan, jwb, thozza, ajax, mitr; dgilmore -1
18:43:32 <mitr> dgilmore: Compared to the size of the fedora-updates repo, a few COPRs will surely not be noticeable, will they?
18:43:40 <sgallagh> (02:19:37 PM) dgilmore: I am +1, but I think we should look at mirroring options
18:43:47 <jwb> i propose we move on
18:43:53 <jwb> because we've now approved this twice
18:43:59 <sgallagh> jwb: +1 ;-)
18:44:10 <dgilmore> sgallagh: I am +1 to shipping the repo files, -1 to having enabled_metadata=1
18:44:24 <sgallagh> dgilmore: That's functionally useless.
18:44:31 <sgallagh> Anyway, it's approved. Let's move on.
18:44:34 <thozza> #agreed FESCo agrees with changes proposed in https://fedorahosted.org/fesco/ticket/1421#comment:0 (+7, 0, -1)
18:44:50 <thozza> #topic Next week's chair
18:44:51 <dgilmore> sgallagh: no its not. software centre can give an opt in message that toggles enabled_metadata
18:45:27 <thozza> any volunteer? :)
18:45:54 <sgallagh> I may have a conflict next week, not sure yet. So not I.
18:47:09 <nirik> I guess I can do it.
18:47:15 <thozza> nirik: thanks
18:47:26 <sgallagh> #action sgallagh to update the Third_Party_Repos wiki page
18:47:34 <sgallagh> I'll take care of it
18:47:43 <thozza> #info nirik to chair next week's meeting
18:47:45 <thozza> sgallagh: thanks
18:47:52 <thozza> #topic Open Floor
18:48:19 <thozza> anyone has business to discuss?
18:49:03 <sgallagh> I'm working on redesigning the way per-product config stuff works.
18:49:20 <sgallagh> I've sent a first pass at some of the dependent pieces to the rel-eng list.
18:49:32 <sgallagh> I'll put together a more comprehensive design and send it to the devel list later this week
18:49:56 <sgallagh> With luck, I should be able to eliminate the package-dependency-hell we have in F21
18:50:12 <thozza> sgallagh: thanks for the info
18:50:24 <nirik> I've started that wiki page at: https://fedoraproject.org/wiki/User:Kevin/Draft_Passwordpolicy
18:50:37 <nirik> feel free to dump ideas/stakeholders/usecases there.
18:50:51 <ajax> nirik: thanks
18:51:07 <thozza> #info Password policy wiki page started at https://fedoraproject.org/wiki/User:Kevin/Draft_Passwordpolicy
18:51:50 <jwb> thanks nirik
18:53:01 <thozza> So if there is not anything else I'll end the meeting in a minute
18:53:04 <sgallagh> ajax: Care to update the status of the SYSV init stuff? I saw mention that you'd been working on it.
18:53:15 <ajax> sgallagh: yeah, grinding away slowly
18:53:35 <sgallagh> Anything blocking you besides time?
18:53:52 <ajax> not yet.  i'll dump a status update in the ticket
18:54:08 <sgallagh> Cool, thanks
18:54:29 <nirik> ajax: if you need assistance, I'd be happy to help
18:56:32 <Cydrobolt> hey there
18:57:05 <thozza> Cydrobolt: you have someting for FESCo Open Floor?
18:57:14 <thozza> hi by the way :)
18:57:19 <Cydrobolt> no, just stopping by
18:57:24 <Cydrobolt> hi thozza :)
18:57:36 <thozza> ok, I'll end the meeting in a minute
18:58:43 <thozza> #endmeeting