16:00:37 <paragan> #startmeeting FESCO (2016-10-14) 16:00:37 <zodbot> Meeting started Fri Oct 14 16:00:37 2016 UTC. The chair is paragan. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:37 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:37 <zodbot> The meeting name has been set to 'fesco_(2016-10-14)' 16:00:37 <paragan> #meetingname fesco 16:00:38 <paragan> #chair maxamillion dgilmore jwb nirik paragan jsmith kalev sgallagh Rathann 16:00:38 <paragan> #topic init process 16:00:38 <zodbot> The meeting name has been set to 'fesco' 16:00:38 <zodbot> Current chairs: Rathann dgilmore jsmith jwb kalev maxamillion nirik paragan sgallagh 16:00:54 <nirik> morning 16:00:59 <jwb> hi 16:01:05 <kalev_> morning 16:01:06 <paragan> .hello pnemade 16:01:07 <zodbot> paragan: pnemade 'Parag Nemade' <pnemade@redhat.com> 16:01:29 <mhroncok> .hello churchyard 16:01:30 <zodbot> mhroncok: churchyard 'Miro Hrončok' <mhroncok@redhat.com> 16:01:33 * nirik has a hard stop at 17UTC today 16:01:48 <maxamillion> .hello maxamillion 16:01:49 <zodbot> maxamillion: maxamillion 'Adam Miller' <maxamillion@gmail.com> 16:01:52 <cstratak> .hello cstratak 16:01:53 <zodbot> cstratak: cstratak 'None' <cstratak@redhat.com> 16:02:08 <nb> .hello nb 16:02:09 <zodbot> nb: nb 'Nick Bebout' <nb@nb.zone> 16:02:43 <paragan> okay we are 5 members now here 16:03:49 <paragan> lets start 16:03:56 <paragan> #topic #1626 Release blocking deliverables for Fedora 25 16:03:57 <paragan> .fesco 1626 16:03:57 <paragan> https://fedorahosted.org/fesco/ticket/1626 16:03:58 <zodbot> paragan: #1626 (Release blocking deliverables for Fedora 25) – FESCo - https://fedorahosted.org/fesco/ticket/1626 16:04:27 <paragan> From https://fedoraproject.org/wiki/Fedora_Program_Management/ReleaseBlocking/Fedora25 ,I see that only KDE SIG remain to reply. 16:04:59 <paragan> Do we need to wait for their reply? or just close the ticket with the existing deliverables information for KDE SIG on that wiki page? 16:05:39 <jwb> i'd propose only delivering what is listed but not blocking the release for it 16:05:40 <nirik> I'm fine with closing it based on what we have now... 16:05:59 <maxamillion> yeah, I'm good with closing 16:06:12 * kalev_ agrees 16:06:14 <nirik> jwb: can you expand on that? you mean not blocking on kde because they didn't answer? or ? 16:06:24 <jwb> nirik: correct. per my comments in the fesco ticket 16:06:42 <jwb> if nobody feels responsible enough to reply to an email, how is that a group that can warrant blocking a release? 16:07:44 <paragan> Proposal: Accept the current status of Release blocking deliverables as given on its wiki page and close the ticket 16:08:00 <kalev_> I think this may partially also be because it was FESCo that originally said that the KDE live image should be blocking, and not KDE sig 16:08:22 <kalev_> so maybe they don't feel they have control over what is blocking and what not 16:08:38 <maxamillion> paragn: +1 16:08:47 <kalev_> kparal: +1 16:08:50 <kalev_> err. 16:08:51 <nirik> well, the query on the kde list was "hey, if this is wrong, let us know" 16:08:52 <kalev_> paragn: +1 16:09:13 <nirik> IMHO next time we should definitely say "please answer and tell us what is release blocking" 16:10:11 <jwb> paragn: ok, +1 16:10:19 <jwb> that's a majority vote. move on 16:11:37 <nirik> yeah, +1 sorry 16:12:08 <kalev_> I think paragan may have connection troubles 16:13:43 <nirik> yeah, he is... 16:14:00 <nirik> can someone else drive for a bit? he messaged me on internal rh irc that his connection is not working 16:14:38 <kalev_> paragan: https://paste.fedoraproject.org/450215/14764616/ is what happened in the mean time 16:16:57 <nirik> #agreed Accept the current status of Release blocking deliverables as given on its wiki page and close the ticket (+6,0,0) 16:17:30 <nirik> #topic #1635 F26 Self Contained Changes 16:17:30 <nirik> .fesco 1635https://fedorahosted.org/fesco/ticket/1635 16:17:30 <zodbot> nirik: Error: '1635https://fedorahosted.org/fesco/ticket/1635' is not a valid integer. 16:17:38 <nirik> .fesco 1635 16:17:40 <zodbot> nirik: #1635 (F26 Self Contained Changes) – FESCo - https://fedorahosted.org/fesco/ticket/1635 16:17:41 <nirik> oops. sorry about that 16:17:59 <nirik> there's 2 self contained f26 changes... 16:18:10 <nirik> bind 9.11 and openssh crypto policy 16:18:24 * nirik is +1 to both 16:18:24 <maxamillion> is crypto policy really self contained? 16:18:34 * kalev_ is +1 to both as well 16:18:45 <nirik> well, it's just adding it to openssh client... 16:18:52 <maxamillion> ah ok 16:18:55 <nirik> which is important granted. 16:19:00 <maxamillion> right 16:19:09 <maxamillion> +1 to both 16:20:05 <paragan> +1 from side for both the changes 16:20:53 <nirik> jwb: ? 16:21:10 <jwb> +1 16:22:45 <nirik> #agreed self contained changes approved (+5,0,0) 16:23:07 <nirik> #topic #1634 EOL and vulnerable software 16:23:07 <nirik> .fesco 1634 16:23:08 <zodbot> nirik: #1634 (EOL and vulnerable software) – FESCo - https://fedorahosted.org/fesco/ticket/1634 16:23:51 * mhroncok and cstratak here for questions about added pythons 16:24:25 * mhroncok also has a more general proposal (or a draft of one) 16:25:19 <kalev_> Florian Weimer's comment in the devel list thread pretty much sums up my thoughts on this 16:25:26 <kalev_> "Fedora relies on EOLed components pretty much across the system (including critical security functionality), so one more such package really isn't the end of the world. I think new packages should not be held to tremendously higher standards than existing packages." 16:26:32 <nirik> well, in this case aren't these for helping people test against rhel python versions? cannot we keep the security fixes from rhel synced up with them? (or any other changes) 16:26:48 <mhroncok> nirik: we are doing that for python26 16:26:57 <nirik> I guess there's 2 parts here. 1) this specific case and 2) in general moving forward 16:27:09 <nirik> mhroncok: great. 16:27:15 <jwb> i can't help but wonder if SCLs would have helped here. 16:27:23 <maxamillion> jwb: +1 16:27:26 <nirik> I guess there is no rhel 3.3 python supported anywhere? 16:27:30 <mhroncok> but not sitting on the package waiting for cves, but rather syncing it now and then or when somebody asks to 16:27:41 <cstratak> nirik, there is actually 16:27:43 <mhroncok> nirik: nope, but myabe a scl is, cstratak might know 16:27:44 <maxamillion> nirik: probably in Software Collections which are on a 3 year lifecycle 16:28:03 <nirik> right. so it might be possible to sync now, but that support will end at some point 16:28:33 <kalev_> for what it's worth, I very much support the idea that Fedora should be a viable development system for targetting RHEL. if this means shipping more python versions, then this is what we need to do. 16:28:51 <mhroncok> we also plan to keep the package only for time we consider it useful which might colerate with scl 16:29:06 <kalev_> after all, development is one of the Fedora Workstation official target areas 16:29:15 <nirik> right, if people are no longer developing against it, it's not a very useful testing target 16:29:24 <cstratak> nirik, yep but it's not only developing for rhel. People might want to test their code on older versions for whatever reason, not nescessarily for rhel 16:29:42 * kalev_ nods. 16:29:48 <mhroncok> for now, for example Openshift Online 2 has python 3.3 and no newer 16:30:11 <nirik> I guess, thats seems pretty weird to me. "hey, lets see if my code works against this thing we will never ship or use" 16:30:16 <mhroncok> also, I agree with nirik that there are 2 parts here 16:30:27 <maxamillion> agreed with nirik also 16:30:47 <mhroncok> nirik: well if you develop a library, you might want to make it work in more version than you need personally 16:31:09 <nirik> mhroncok: if you had a more general proposal, perhaps we should have you update the ticket and devel thread with it and we can discuss more over the next week? or is there urgency to decide this? 16:31:34 <mhroncok> I don't have a urgency, the packages are there 16:32:10 <nirik> mhroncok: sure, but I wouldn't want to support an EOL version... what if you run into problems with the EOL version? nothing you can do and you just wasted a bunch of time you could have used to work on the supported cases. 16:32:30 <nirik> we can't ship every version of every software that ever existed 16:32:40 <mhroncok> we cannot 16:32:54 <cstratak> nirik, that's up to the packager though, no? 16:32:54 <mhroncok> but we can ship a reasonable subset of pythons to make Fedora better for Python developers 16:33:01 <jwb> i think perhaps we're talking about different EOLs as well 16:33:18 <jwb> there's upstream's EOL and there's the end of support for a version in various distributions 16:33:19 <nirik> cstratak: I guess thats what we are trying to decide here. ;) 16:33:28 <mhroncok> this was just merged to Fedora developer portal (but not deployed yet) https://github.com/hroncok/content/blob/c893f742cad6458ba010748b3e1683dba5671b84/tech/languages/python/multiple-pythons.md 16:34:55 <mhroncok> I understand we don't want a packager to go and package Python 1.0 to Fedora just for fun 16:35:10 <mhroncok> that's why I have an idea for a porposal 16:35:19 <mhroncok> EOL packages with known security issues will not be added to fedora, unless there's a good reason. workgroups and SIGs can propose exceptions (stating the good reason). if those packages are not packaged as a dependency, no other packages can require or buildrequire them (but they can suggest and recommend). such packages needs to be marked especially, according to a rule yet to be agreed on fpc level. if such package is a dependency, the entire 16:35:47 <jwb> you got cut off 16:35:58 <mhroncok> sorry? 16:35:59 <jwb> "...dependency, the entire" 16:36:04 <jwb> your message was truncated 16:36:10 <maxamillion> mhroncok: irc buffer truncated your text 16:36:14 <mhroncok> i see, sorry 16:36:24 <mhroncok> the entire stack needs to be marked. 16:37:13 <nirik> is testing against old versions the only case for this kind of thing? I guess it might be... 16:37:30 <mhroncok> that's our reason for pythons 16:37:44 <mhroncok> I don't know what other parties would like to have and why 16:37:49 <nirik> proposal: more discussion on list/in ticket and revisit next week 16:37:59 <kalev_> I think I'd like the security sig to review any such proposals 16:38:02 <kalev_> nirik: +1 16:38:15 * nirik isn't sure how active our security sig is... but we can surely ask them 16:38:43 <kalev_> or RHEL security team members then if our security team isn't active 16:38:51 <nb> I think the security team has regular meetings 16:39:11 * nb not sure 16:39:25 <jwb> nirik: +1 16:39:28 <nb> or maybe i've just seen stuff in #fedora-security-team 16:40:49 <nirik> other votes? or did we lose quorum? 16:41:44 <mhroncok> well either it's agreed and postponed or the quorum was lost and it get's postponed :) 16:42:04 <nirik> yeah true enough. :) 16:42:17 <nirik> #info will discuss more on list/ticket and revisit next week 16:42:28 <nirik> thanks for coming mhroncok and cstratak. 16:42:28 <mhroncok> thank you guys, see you next week 16:42:38 <nirik> #topic Next weeks chair 16:42:44 <nirik> who wants it next week? 16:42:47 <cstratak> see you 16:43:00 <maxamillion> I can do it 16:43:10 <nirik> maxamillion: thanks 16:43:16 <nirik> #info maxamillion to chair next week 16:43:20 <nirik> #topic Open Floor 16:43:30 <nirik> I had one item: pagure migration... 16:43:41 <nirik> if no one objects I can do that later today or this weekend. 16:45:10 <maxamillion> sounds good to me 16:45:17 * nirik had nothing else 16:46:35 * nirik sets the quantum fuse(tm) 16:46:47 <nirik> ok, thanks for coming everyone. 16:46:49 <nirik> #endmeeting