16:06:54 <sgallagh> #startmeeting FESCO (2016-12-02)
16:06:54 <zodbot> Meeting started Fri Dec  2 16:06:54 2016 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:06:54 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:06:54 <zodbot> The meeting name has been set to 'fesco_(2016-12-02)'
16:06:54 <sgallagh> #meetingname fesco
16:06:54 <zodbot> The meeting name has been set to 'fesco'
16:06:54 <sgallagh> #chair maxamillion dgilmore jwb nirik paragan jsmith kalev sgallagh Rathann
16:06:54 <sgallagh> #topic init process
16:06:54 <zodbot> Current chairs: Rathann dgilmore jsmith jwb kalev maxamillion nirik paragan sgallagh
16:07:01 <maxamillion> sgallagh++
16:07:02 <zodbot> maxamillion: Karma for sgallagh changed to 5 (for the f25 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
16:07:06 <linuxmodder> (just staying up-to-speed)
16:07:23 <sgallagh> .hello sgallagh
16:07:24 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
16:07:52 <nirik> morning.
16:08:58 <maxamillion> .hello maxamillion
16:08:59 <zodbot> maxamillion: maxamillion 'Adam Miller' <maxamillion@gmail.com>
16:09:05 <Rathann> .hello rathann
16:09:06 <zodbot> Rathann: rathann 'Dominik Mierzejewski' <dominik@greysector.net>
16:09:08 <kalev> .hello kalev
16:09:09 <zodbot> kalev: kalev 'Kalev Lember' <klember@redhat.com>
16:10:17 <sgallagh> We have quorum, let's get started.
16:10:19 <sgallagh> #topic #1651 F26 System Wide Change: Fedora 26 Boost 1.63 upgrade
16:10:20 <sgallagh> .fesco 1651
16:10:21 <zodbot> sgallagh: Issue #1651: F26 System Wide Change: Fedora 26 Boost 1.63 upgrade - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1651
16:10:51 <sgallagh> +1 rubber stamp
16:10:52 <kalev> +1
16:11:09 <maxamillion> +1
16:11:27 <Rathann> +1, though there seems to be a typo with boost version
16:11:31 <nirik> sure, +1
16:12:00 <kalev> what's the typo?
16:12:08 <Rathann> first sentence talks about 1.62 and the next about 1.61
16:12:56 <kalev> weird, I only see 1.63 everywhere
16:14:07 <sgallagh> #agreed F26 System Wide Change: Fedora 26 Boost 1.63 upgrade is approved (+5, 0, -0)
16:14:17 <sgallagh> #topic #1650 F26 System Wide Change: Debugging Information For Static Libraries
16:14:17 <sgallagh> .fesco 1650
16:14:17 <Rathann> kalev: I'm talking about the feature wiki page
16:14:18 <zodbot> sgallagh: Issue #1650: F26 System Wide Change: Debugging Information For Static Libraries - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1650
16:14:20 <Rathann> https://fedoraproject.org/wiki/Changes/F26Boost163
16:15:06 <sgallagh> Rathann: The jump is from 1.60 to 1.63. Those two paragraphs are describing what happened in the two intermediate releases that were skipped.
16:15:12 <sgallagh> It doesnt' look like a typo to me
16:15:17 * kalev concurs.
16:15:30 <Rathann> ah
16:15:34 <Rathann> right, I misread
16:15:37 <Rathann> never mind
16:16:24 <nirik> +1 to this change
16:16:35 <kalev> +1
16:16:54 <sgallagh> +1 from me as well.
16:17:04 <maxamillion> +1
16:17:51 <Rathann> right, I remember this one
16:17:52 <Rathann> +1
16:17:59 <sgallagh> /me notes that this change must be readied before the mass-rebuild
16:18:20 <Rathann> indeed
16:18:21 <sgallagh> #agreed F26 System Wide Change: Debugging Information For Static Libraries is approved (+5, 0, -0)
16:19:00 <sgallagh> Shall we assert that the contingency plan must go into effect if it's not ready by N days before the mass-rebuild?
16:20:16 <sgallagh> I suppose that's more or less already in the change.
16:20:25 <kalev> not sure it's necessary as the Change page explicitly mentions that it needs to go in before the rebuild
16:20:26 <sgallagh> Though "final mass rebuild" is oddly-phrased.
16:21:09 <sgallagh> #topic #1648 F26 System Wide Change: GHC 8.0
16:21:09 <sgallagh> .fesco 1848
16:21:14 <zodbot> sgallagh: An error has occurred and has been logged. Please contact this bot's administrator for more information.
16:21:43 <sgallagh> .fesco 1648
16:21:48 <zodbot> sgallagh: Issue #1648: F26 System Wide Change: GHC 8.0 - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1648
16:22:06 <maxamillion> +1
16:22:08 <sgallagh> There are four +1s in the ticket
16:22:16 <kalev> " with much improved support for aarch64, ppc64, and ppc64le" -- sounds like a good time now that these are all on primary koji
16:22:16 * maxamillion meant to +1 in ticket but forgot :/
16:22:19 <kalev> +1
16:22:43 <sgallagh> #agreed F26 System Wide Change: GHC 8.0 is approved (+6, 0, -0)
16:23:48 <sgallagh> #topic #1635 F26 Self Contained Changes (Java Security Policy)
16:23:48 <sgallagh> .fesco 1635
16:23:50 <zodbot> sgallagh: Issue #1635: F26 Self Contained Changes - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1635
16:24:46 <sgallagh> jkurik requested the Change owner to provide additional information, but it has not happened.
16:24:53 <maxamillion> +1 - seems like a sane change, I honestly didn't know that wasn't already the case ... I don't really Java
16:25:06 <maxamillion> what's missing?
16:25:13 <sgallagh> maxamillion: That's one of the open questions: it sounds like it maybe was supposed to already work but there was a bug that got fixed.
16:25:24 <kalev> it's driven by our crypto toolset maintainer and I definitely trust that he knows what he's doing
16:25:26 <sgallagh> It's unclear.
16:25:27 <maxamillion> sgallagh: ahhh ok
16:26:14 <sgallagh> Actually, reading further...
16:26:27 <sgallagh> Looks like it was added to F24 and F25 (as a 0day update)
16:26:52 <sgallagh> But it wasn't called out as a Change for either release, so if we wanted to approve it solely for marketing purposes, I could get behind that, I suppose.
16:27:22 <sgallagh> (or we could just deny it and ask that they add it to the F26 release highlights when they get put together)
16:27:33 <maxamillion> sgallagh: +1
16:27:38 <sgallagh> Because it looks like there's nothing technical remaining to be done
16:27:50 <kalev> from the last (private) comment, it looks like it's going to get reverted in older fedora releases
16:28:10 <kalev> https://bugzilla.redhat.com/show_bug.cgi?id=1249083#c40 -- note the "ok" reply
16:28:32 <sgallagh> /me nods
16:28:45 <sgallagh> OK, I'm thinking we perhaps don't have enough information today.
16:28:47 <nirik> private comments. yuck
16:28:52 <sgallagh> I move to defer to next week.
16:29:07 <nirik> sure, +1
16:29:17 <maxamillion> +1
16:29:23 <kalev> +1 to next week
16:30:14 <sgallagh> #info FESCo defers this discussion to next week, as it's currently unclear what is the status of the effort.
16:30:25 <Rathann> ok
16:30:25 <sgallagh> OK, that's the last item on the list marked with "meeting".
16:30:37 <sgallagh> I didn't have a chance to groom them before the meeting (I wasn't scheduled to chair).
16:30:53 <sgallagh> Anything on https://pagure.io/fesco/issues that we want to discuss?
16:31:04 * kalev looks
16:33:00 <kalev> sudo's ticket sounds like "fun" mediating between the maintainer and the person who filed the ticket
16:33:05 <sgallagh> Anyone want to discuss https://pagure.io/fesco/issue/1646 on sudo>?
16:33:36 <sgallagh> #topic #1646 No appropriate sudo directory for user scripts
16:33:36 <sgallagh> .fesco 1646
16:33:40 <zodbot> sgallagh: An error has occurred and has been logged. Please contact this bot's administrator for more information.
16:33:55 <maxamillion> zodbot is having a rough day
16:34:33 <sgallagh> The earlier one I figured was because of the typo...
16:34:34 <sgallagh> .fesco 1646
16:34:38 <zodbot> sgallagh: An error has occurred and has been logged. Please contact this bot's administrator for more information.
16:34:44 <sgallagh> nirik! ;-)
16:34:52 <maxamillion> I think the addition of /usr/local/bin and /usr/local/sbin make sense but I also think that if that's needed, an administrator can just enable it so I'm a bit torn as I like the system being secure "out of the box"
16:35:40 <sgallagh> Well, I think part of the issue is that there's no clear guideline on what /usr/local/bin is for
16:35:53 <kalev> I think it makes sense too, but I don't particularly want to override the maintainer either
16:35:55 <sgallagh> My *intuition* is that it's meant to be there for third-party tools
16:36:15 <sgallagh> And that's why it exists in the default PATH
16:36:38 <sgallagh> kalev: Well, the last comment from the maintainer sounds like he is looking for FESCo's thoughts on the matter.
16:36:43 <kalev> ahhh
16:36:53 <sgallagh> I'm not sure it's an "override" so much as him asking FESCo what the correct answer is
16:37:06 <kalev> fair enough, sorry, I didn't read the ticket to the end
16:37:12 <Rathann> hm I wonder what sudo upstream default is
16:37:31 <maxamillion> Rathann: +1
16:37:46 <sgallagh> /me looks
16:39:30 <sgallagh> upstream has no secure_path in examples/sudoers
16:39:38 <sgallagh> That said, this isn't a *default*, it's an example.
16:39:40 <kalev> my opinion here is that since putting things to /usr/local/bin requires root access, it should be fine to add it to sudo's path as well
16:39:49 <kalev> it's not like anyone can sneak behind an admin and add things there
16:40:06 <kalev> and it makes sense to have consistency between ubuntu and fedora
16:40:51 <sgallagh> My mistake.
16:40:58 <sgallagh> It's actually a compile-time option: /bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc
16:41:26 <sgallagh> Which is actually much more lenient than our default :)
16:41:51 <Rathann> I see Solaris paths :)
16:42:00 <Rathann> still, no /usr/local/bin
16:43:19 <sgallagh> I think I'm a weak -1 on adding /usr/local to secure_path.
16:43:28 <maxamillion> I'd be inclined to leave it the way it is citing that the proposed paths are not included by defualt from upstream and are not well defined paths
16:43:37 <maxamillion> -1 here as well
16:43:40 <sgallagh> Nowadays, most people who install third-party software do it either in /usr or /opt
16:43:46 <maxamillion> sgallagh: +1
16:44:03 <sgallagh> /usr/local is rapidly becoming a legacy concept
16:44:26 <Rathann> I think it's worth checking if other Linux distributions (apart from Ubuntu) do have /usr/local/bin there
16:45:05 <sgallagh> The only other relevant distro I can think of would be SUSE
16:45:26 <sgallagh> Between the Fedora/RHT family, Debian and SUSE, that's where most of the rest take their cues
16:46:47 <sgallagh> SUSE uses `Defaults secure_path = "/bin:/usr/bin:/sbin:/usr/sbin"`
16:47:00 <Rathann> Debian doesn't modify secure_path as far as I can tell
16:47:23 <sgallagh> I'm -1 to adding /usr/local
16:47:30 <sgallagh> Rathann: "modify" how?
16:47:43 <Rathann> ah
16:47:53 <Rathann> they ship a default sudoers
16:48:01 <Rathann> Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
16:48:12 <Rathann> so that's probably why Ubuntu has it as well
16:48:14 <nirik> yeah, I lean toward -1 as well.
16:48:39 <kalev> I think it makes sense to have some kind of search path in the default config where admins can install scripts
16:48:53 <kalev> just so that people can avoid editing the config file
16:48:57 <Rathann> I'm with kalev on this one
16:49:09 <nirik> well, there is /etc/sudoers.d
16:49:18 <sgallagh> I was about to say the same
16:49:31 <Rathann> yes, but you need to (remember to) put a file there
16:49:36 <sgallagh> They can modify secure_path with a dropfile in sudoers.d if they don't want to touch the main file
16:50:12 <sgallagh> kalev: Why wouldn't admins just install scripts in /usr/bin or /usr/sbin?
16:50:15 <Rathann> if we want to attract Ubuntu users, then every additional step they have to do on Fedora to get the same experience is a loss
16:50:49 <Rathann> so, I'm +1 to adding /usr/local/{bin,sbin}
16:51:13 <Rathann> it doesn't make things any less secure
16:51:13 <kalev> sgallagh: because /usr/bin and /usr/sbin are tracked by rpm and if they want to install something manually, it's much clearer to see what they've installed if they put things in a separate directory
16:51:50 <kalev> if they install something through rpm, then I totally agree that they should put things in /usr/bin, but quite often people do one-off hacks on their systems
16:52:15 <kalev> and it makes sense to have a separate directory for these hacks I think
16:52:24 <Rathann> also, it's already in the default $PATH
16:52:46 <Rathann> so not having it in secure_path may be confusing
16:53:08 <Rathann> kalev: +1
16:53:40 <kalev> I am just trying to say that the reason that _fedora_ doesn't install anything in /usr/local doesn't mean that local admin's can't find it useful
16:54:28 <kalev> "make" + "make install" usually defaults to /usr/local, for example
16:54:59 <sgallagh> Rathann: I don't really buy the "attract from Ubuntu" argument. As a whole, the set of people who know how to use sudo sufficiently to care about secure_default is a rather small subset of Ubuntu users
16:56:40 <sgallagh> I mean, the other side of it is that you can *still use the full path*
16:56:57 <sgallagh> The only purpose of this option is to set the PATH variable that the elevated process sees.
16:57:14 <sgallagh> If you type `sudo /usr/local/myscript`, it's going to work.
16:57:30 <sgallagh> If you care about more than that, changing the config is REALLY EASY.
16:58:31 <kalev> what's the argument against changing the path?
17:00:11 <kalev> I am just trying to understand, maybe there are good reasons :)
17:00:19 <kalev> so far it seems to me that leaving /usr/local/bin out is just a weird annoyance for users
17:00:25 <kalev> something that they'd probably find their way around, but also something that we should try and make work out of the box
17:00:26 <sgallagh> kalev: The age-old "I forgot to type ./ before my command name and I accidentally ran something in the PATH instead" situation?
17:01:04 <maxamillion> it opens up for a non-standard and not well defined location to be default in secure_path ... however, there seems to be a decent amount of "defacto standard" around it, I'm not hard -1 ... but for now I'm -1
17:01:38 <kalev> yeah, but this is more like: people try to get this to work with sudo. it doesn't work. some admins are going to figure it out. others wont, and they end up giving root access to all people instead of using more secure sudo.
17:02:04 <sgallagh> kalev: I'd be less hesitant about a well-named location. But I really don't like using /usr/local for this. I'd be more comfortable with /usr/custom-sudo/bin or something
17:02:30 <sgallagh> kalev: I think that's a gross overstatement. People will make bad sudo decisions no matter what.
17:02:37 <sgallagh> It's a complicated feature
17:02:38 <maxamillion> indeed
17:02:43 <maxamillion> I've made my fair share of them :)
17:02:58 <sgallagh> I doubt anyone here could say otherwise with a straight face :)
17:02:59 <maxamillion> (many years ago before I knew it was a bad decision)
17:04:16 <sgallagh> Do we want to attempt to take this to a vote, or punt until we have a bigger quorum?
17:04:28 <sgallagh> /me would like to get lunch
17:04:52 <kalev> yes, dinner time here too!
17:05:23 <kalev> sorry for arguing and dragging this meeting so long
17:05:54 <Rathann> If I'm counting correctly, we have +2 and -2
17:06:18 <sgallagh> We're clearly not going to achieve the +5 that would be needed to make a decision today.
17:06:22 <Rathann> yup
17:06:27 <maxamillion> table! :D
17:07:17 <kalev> :D
17:07:51 <nirik> table is ok with me, I keep getting sidetracked/sucked into things and would be nice to read the bug more fully.
17:08:06 <sgallagh> #info FESCo discussed this issue but did not reach a decision today. We will discuss it again next week with hopefully a larger attendance.
17:08:18 <sgallagh> #topic Open Floor
17:08:42 <kalev> I may be missing next week, likely on a train with spotty connection at that time
17:09:03 * nirik actually will definitely be missing next week. I can vote in tickets tho
17:10:39 <maxamillion> afaik I will be here next week but I have jury duty on Tuesday ... so if I get selected I might not make it
17:10:43 <sgallagh> Oh, I forgot:
17:10:43 <sgallagh> #topic Next Week's Chair
17:11:24 <kalev> I could maybe take it in two weeks, but definitely not next week
17:11:32 <Rathann> I have a dentist appointment next week and don't know if I'll be able to attend, much less chair
17:12:22 <sgallagh> ...
17:12:54 <maxamillion> I can take next week's chair ... but I'm not convinced we will have quarum
17:13:17 <maxamillion> quorum*
17:13:17 <sgallagh> maxamillion: Thanks. If you end up with jury duty, I'll be your backup
17:13:23 <maxamillion> sgallagh: thanks
17:13:26 <sgallagh> #info maxamillion to chair next week's meeting.
17:13:48 <maxamillion> sgallagh: if that happens, I'll be sure to email to let you know so it's not a surprise thing
17:13:55 <sgallagh> Thanks
17:15:14 <sgallagh> OK, I'm closing out the meeting. Thanks for coming, everyone.
17:15:19 <sgallagh> #endmeeting