#fedora-meeting log

16:00:18 <jwb> #startmeeting FESCO (2017-01-06)
16:00:18 <zodbot> Meeting started Fri Jan  6 16:00:18 2017 UTC.  The chair is jwb. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:18 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:18 <zodbot> The meeting name has been set to 'fesco_(2017-01-06)'
16:00:18 <jwb> #meetingname fesco
16:00:18 <jwb> #chair maxamillion dgilmore jwb nirik paragan jsmith kalev sgallagh Rathann
16:00:18 <zodbot> The meeting name has been set to 'fesco'
16:00:18 <zodbot> Current chairs: Rathann dgilmore jsmith jwb kalev maxamillion nirik paragan sgallagh
16:00:22 <jwb> hi all
16:00:30 <nirik> morning
16:00:40 <jsmith> Greetings!
16:00:46 <sgallagh> .hello sgallagh
16:00:47 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
16:00:50 <jsmith> I'ts been a while :-)
16:01:28 <jwb> well, there's 4 of us anyway
16:01:37 <paragan> .hello pnemade
16:01:38 <zodbot> paragan: pnemade 'Parag Nemade' <pnemade@redhat.com>
16:01:41 <jwb> ah, 5
16:01:45 <jwb> good, we have quorum
16:01:57 <kalev> hello
16:02:08 <jwb> ok, so some of the agenda items were wrapped up in the tickets themselves.  that's good because the agenda is shorter now
16:02:11 <jwb> let's get going
16:02:21 <jwb> #topic #1646 No appropriate sudo directory for user scripts
16:02:21 <jwb> .fesco 1646
16:02:21 <jwb> https://pagure.io/fesco/issue/1646
16:02:22 <zodbot> jwb: Issue #1646: No appropriate sudo directory for user scripts - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1646
16:02:45 <nirik> I dont think we got any more info here...
16:03:04 <jwb> no, we didn't but how long are we going to wait?
16:03:05 <sgallagh> Proposal: No changes required at this time.
16:03:13 <jsmith> sgallagh: +1
16:03:20 <jsmith> I'm done debating and waiting :-)
16:03:36 <kalev> +1
16:03:45 <sgallagh> I haven't heard a compelling argument for the change; anyone who is creating sudo user scripts can make a trivial change to their sudoers file
16:03:58 <dgilmore> hey all
16:04:01 <jwb> sgallagh: that's a strange way to word the proposal
16:04:13 <jwb> he's not asking if they're required.  he's asking if he can make them
16:04:34 <sgallagh> jwb: I thought he was asking that FESCo require the sudo maintainer to make a change
16:04:41 <sgallagh> That's how I read it, at least
16:04:49 <jwb> ah, i suppose
16:05:15 <kalev> I am personally thinking that it would be slightly nicer to have the sudo paths match with the system $PATH, but I don't think it's so important that fesco should require that
16:05:23 * nirik is fine with no changes
16:05:27 <dgilmore> sgallagh: +1
16:05:29 <jwb> i guess i'd be more clear either way and phrase it as "FESCo does/does not support..."
16:05:29 <kalev> but I think we should definitely be okay _allowing_ them to change it if they want
16:05:59 <jwb> kalev: who is "them"?
16:06:04 <sgallagh> kalev: Eh, the default sudo config is definitely in FESCo's wheelhouse
16:06:09 <jwb> kalev: the maintainer or end users?
16:06:17 <kalev> the maintainer
16:06:30 <dgilmore> this is only the defaults
16:06:43 <sgallagh> jwb: "FESCo does not support extending the set of paths to include a custom script path" Better?
16:06:45 <dgilmore> I personally always use full paths with sudo anyway
16:06:57 <dgilmore> just to make sure I am calling the intended thing
16:07:10 <sgallagh> "FESCo does not support extending the set of paths to include a custom script path by default"
16:07:20 <jwb> sgallagh: yes!
16:07:26 <jwb> +1
16:07:29 <dgilmore> +1
16:07:30 <paragan> +1
16:07:30 <kalev> sgallagh: I liked the previous wording more, because the new wording sounds like we are against changing it
16:07:44 <jwb> kalev: i think we're saying we're against changing it
16:07:44 <sgallagh> kalev: I am :)
16:07:56 <kalev> fair enough
16:07:59 <kalev> +1 then
16:08:00 <sgallagh> Specifically, against changing the defaults
16:08:12 <jsmith> +1 to sgallagh's updated proposal
16:08:13 <sgallagh> The users themselves can modify it to their hearts' content
16:08:18 <nirik> +1
16:08:53 * jwb tallies the vote
16:09:29 <jwb> #agreed FESCo does not support extending the set of paths to include a custom script path (+7: 0: -0)
16:09:34 <jwb> ok, moving on
16:09:49 <jwb> #topic #1657 Unresponsive maintainer: ke4qqq
16:09:50 <jwb> .fesco 1657
16:09:50 <jwb> https://pagure.io/fesco/issue/1657
16:09:51 <zodbot> jwb: Issue #1657: Unresponsive maintainer: ke4qqq - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1657
16:11:08 <sgallagh> Huh, I thought I voted on this in the ticket. Guess I didn't. +1 to orphaning all his packages and giving sheepdog to the reporter.
16:11:27 <jwb> +1
16:11:33 <nirik> +1 also
16:11:43 <nirik> https://admin.fedoraproject.org/pkgdb/packager/ke4qqq/
16:11:45 <dgilmore> +1
16:11:48 <kalev> I'm +1 too, I'd just want to add that if we are processing unresponsive maintainer tickets, it would be nice to add the unresponsive maintainer to fesco ticket's CC
16:11:50 <nirik> point of contact on 26 packages
16:11:52 <kalev> so that they know what's going on
16:12:01 <jsmith> +1 (although he should have been added to the ticket)
16:12:21 <paragan> +1 to orphan packages
16:13:04 <nirik> There was a suggestion to mail him at an apache.org address on the devel list, but I guess that didn't pan out
16:13:27 <jwb> #agreed FESCo agrees to orphan ke4qqq's packages and give sheepdog to the reporter (+7:0:-0)
16:14:13 <jwb> nirik, i assigned the ticket to you to do the orphaning (sorry)
16:14:16 * nirik can do that after the meeting. ;)
16:14:17 <sgallagh> Worst case, he resurfaces and requests access
16:14:18 <nirik> sure
16:14:32 <jwb> ok, moving on
16:14:44 <jwb> #topic #1635 F26 Self Contained Changes
16:14:44 <jwb> .fesco 1635
16:14:44 <jwb> https://pagure.io/fesco/issue/1635
16:14:45 <nirik> well, note that changing poc to orphan leaves them still with access. just not poc.
16:14:46 <zodbot> jwb: Issue #1635: F26 Self Contained Changes - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1635
16:15:38 <jwb> pagure is being slow for me
16:15:44 <sgallagh> same here
16:15:49 <jwb> WE BROKE IT
16:16:08 * nirik looks
16:17:19 <jsmith> I'm pretty sure I voted in the ticket :-p
16:17:35 * nirik pokes it with a sharp stick
16:17:58 <jwb> pretty sure the two to discuss today were Golang PIE and fontconfig
16:18:14 <jwb> https://fedoraproject.org/wiki/Changes/golang-buildmode-pie
16:18:26 <maxamillion> sorry I'm late
16:18:28 <maxamillion> .hello maxamillion
16:18:29 <zodbot> maxamillion: maxamillion 'Adam Miller' <maxamillion@gmail.com>
16:18:46 <maxamillion> I was working on something and completely lost track of time, apologies
16:19:06 <jwb> np, it happens.  apparently to pagure too!
16:19:20 <maxamillion> jwb: uh oh, what'd I miss?
16:19:26 <nirik> ok, it should be back
16:19:30 <jwb> https://fedoraproject.org/wiki/Changes/FontconfigCacheDirChange
16:19:34 <jwb> there, those two changes
16:19:37 <jwb> maxamillion: nothing.  it just stalled
16:19:42 <maxamillion> fun
16:19:44 <paragan> yes its back now
16:20:10 <jwb> there were comments on performance numbers with the PIE change to golang
16:20:32 <jwb> i'm not sure that's really enough to not approve the change, but it would be good to get some data either way
16:20:34 <sgallagh> Yeah, I don't want to vote on the PIE change until we have more information
16:20:43 <jsmith> I haven't seen any response to the Golang performance issue
16:21:02 <jsmith> So I'll change my vote to "defer" :-)
16:21:11 <sgallagh> I mean, I'm always in favor of security hardening, but not if it comes with an 80% performance hit or something ridiculous.
16:21:14 <dgilmore> fontconfig seems kinda wrong
16:21:24 <jsmith> As for the fontconfig issue, I'm still squarely -1
16:21:53 <jwb> i forget what the objection there was
16:22:00 <kalev> I haven't looked at the fontconfig change closely, but from the discussion in https://bugzilla.redhat.com/show_bug.cgi?id=1377367 it seems that people are trying to come up with alternative ways to do it
16:22:16 <dgilmore> would be good to make sure that the PIE change does not effect performance
16:22:53 <maxamillion> jsmith: why so? I don't really know my way around fontconfig well enough to have an informed opinion
16:23:10 <jsmith> jwb: I don't like having caches under /usr/lib
16:23:19 <jsmith> maxamillion: ^^^
16:23:26 <jwb> jsmith: there are a number of others already there
16:23:29 <sgallagh> jsmith: Well, the debate is whether it's *really* a cache
16:23:43 <sgallagh> There's a semantic difference, I think
16:24:03 <kalev> I don't really see what's a problem with having a cache that's updated at package install time in /usr
16:24:07 <sgallagh> To me, a cache is a temporary storage of data that gets retrieved option as a perf enhancement
16:24:17 <kalev> lots of other stuff does that too, like for example in /usr/share/icon there's the icon cache etc
16:24:24 <kalev> /usr/share/icons
16:24:25 <sgallagh> A "cache" that is built once and used forever after isn't a cache... it's data.
16:24:37 * jwb finds the invocation of FHS somewhat laughable
16:24:41 <maxamillion> jsmith: oh
16:24:46 <jsmith> OK, comment 10 makes that more clear...
16:25:25 <sgallagh> s/option/often/ above. Not sure what I was thinking there..
16:25:54 <jwb> Proposal: Defer golang PIE change until more data on performance impact is available
16:26:01 <maxamillion> jwb: +1
16:26:02 <jsmith> jwb: +1
16:26:03 <nirik> +1 I guess
16:26:04 <dgilmore> +1
16:26:06 <kalev> +1
16:26:08 <sgallagh> +1
16:26:21 <jwb> -1 to my own proposal fwiw
16:26:42 <nirik> ha
16:26:49 <paragan> +1
16:27:13 <jwb> #agreed Defer golang PIE change until more data on performance impact is available (7:0:-1)
16:27:19 <jwb> ok, fontconfig
16:27:20 <kalev> as for the /usr vs /var/cache, I think it's fine to have a lookup table that's generated at package install time in /usr. Things that are dynamically generated at runtime should be in /var/cache though
16:29:10 <sgallagh> kalev: So the main issue as I see it is that the data differs between traditional and ostree
16:29:29 * paragan agrees with kalev
16:29:32 <sgallagh> With ostree, you only generate the font cache on the server and never update it.
16:29:49 <sgallagh> On a traditional RPM deployment, if a package pulls in a new font, the data set is regenerated.
16:30:04 <sgallagh> So while it's not a *cache* by my personal definition, it's still variable data.
16:30:19 <jwb> that seems... orthogonal to the location of where the data is stored
16:30:34 <jwb> i mean, nitpicking the definition of a "cache" is fine i guess but it doesn't really matter
16:31:28 <jsmith> Ok, you've convinced me
16:31:30 <maxamillion> sgallagh: so moving to /usr won't help the ostree use-case, isn't that the whole point of the proposed change and if it doesn't in fact work wouldn't it kind of make the whole thing pointless?
16:32:04 <kalev> no, I think it would help ostree
16:32:12 <dgilmore> maxamillion: well the data is made at ostree creation time in /usr and shipped in the ostree
16:32:14 <kalev> ostree needs to have a separation of cache directories and system directories because the system directories are always generated on the server side
16:32:23 <kalev> yup, what dgilmore said
16:32:26 <sgallagh> Right, I think the change affects the OStree build-time
16:32:31 <kalev> so the things that happen during 'rpm -i' stage need to be in the ostree tree for things to work
16:32:33 <sgallagh> I was thinking in terms of the end-user system
16:32:39 <maxamillion> dgilmore: right, but then users can't add fonts ... right?
16:32:57 <dgilmore> maxamillion: users can not install anything at run time
16:33:03 <dgilmore> thats how ostree is designed
16:33:05 <sgallagh> kalev: so ostree fails if rpmostree tries to put data in /var ?
16:33:21 <kalev> sgallagh: in /var/cache at least, that's my understanding
16:33:32 <dgilmore> to add fonts they would have to make a new tree
16:33:38 <maxamillion> dgilmore: sure they can, just not with dnf ... nothing is stopping someone from laying font files down on the filesystem and running commands to update fontconfig, right?
16:33:55 <dgilmore> maxamillion: thats making a updated tree
16:34:01 <sgallagh> kalev: OK, so if they moved it to /var/lib, everyone could be happy?
16:34:01 <sgallagh> :)
16:34:04 <dgilmore> its all in the new tree when you reboot into it
16:34:18 <jwb> that's not what maxamillion is describing
16:34:23 <nirik> the bug seems to indicate they are installing and using overlay?
16:34:24 <kalev> sgallagh: I suspect so, but not entirely sure. would have to ask someone who understands ostree better than I do
16:34:25 <maxamillion> dgilmore: that's not what I mean
16:34:30 <sgallagh> Fair enough
16:34:36 <dgilmore> maxamillion: thats how it works afaik
16:34:52 <sgallagh> May I suggest that FESCo doesn't have all the information it needs to make a decision on this today?
16:34:57 <jwb> sure!
16:35:00 <dgilmore> sgallagh: sure
16:35:04 * kalev agrees.
16:35:40 <sgallagh> I'll try to catch Colin next week in the office and discuss it with him
16:35:43 <nirik> it's the overlay/install package at runtime thats not working with fontconfig...
16:35:49 <maxamillion> sgallagh: should we come up with a list of questions we'd like answered?
16:35:54 <nirik> at least as far as I can tell
16:35:57 <sgallagh> maxamillion: That would be helpful.
16:36:05 <sgallagh> Might as well just ask them in the BZ, I suppose
16:36:22 <jwb> Proposal: FESCo defers the fontconfig cache change so that it can gather more information
16:36:27 <nirik> +1
16:36:33 <maxamillion> sgallagh: yeah, fair point
16:36:34 <maxamillion> jwb: +1
16:36:49 <paragan> +1
16:36:50 <sgallagh> +1
16:36:54 <jwb> +1
16:36:55 <kalev> +1
16:37:00 <jsmith> =1
16:37:02 <jsmith> +1, that is
16:37:20 <dgilmore> 1
16:37:28 <jwb> #agreed FESCo defers the fontconfig cache change so that it can gather more information (8:0:-0)
16:38:02 <jwb> #topic #1664 Orphaning of rrati's packages
16:38:02 <jwb> .fesco 1664
16:38:02 <jwb> https://pagure.io/fesco/issue/1664
16:38:03 <zodbot> jwb: Issue #1664: Orphaning of rrati's packages - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1664
16:38:49 <jwb> this one didn't exactly follow the normal process, but the equivalent data seems to be there
16:39:19 <nirik> proposal: contact rrati and offer to orphan their packages or assist them in doing so
16:39:29 <jsmith> nirik: +1
16:39:33 <dgilmore> nirik: +1
16:39:38 <jwb> +1
16:39:40 <paragan> +1
16:39:51 <sgallagh> +1
16:39:52 <kalev> +1
16:39:53 <maxamillion> +1
16:40:17 <nirik> poc on 16 packages: https://admin.fedoraproject.org/pkgdb/packager/rrati/
16:40:19 <jwb> #agreed contact rrati and offer to orphan their packages or assist them in doing so (8:0:-0)
16:40:47 <jwb> who wants to contact them?
16:40:47 <maxamillion> anyone already planning to take that as an action item?
16:40:51 <maxamillion> jwb: +1 :D
16:40:53 <nirik> I can do it.
16:40:56 <maxamillion> nirik++
16:41:00 <jwb> nope, not gonig to let nirik do it
16:41:02 <jwb> someone else
16:41:12 <nirik> ha. ;)
16:41:13 <maxamillion> I'll do it
16:41:16 <nirik> sure, I don't care.
16:41:22 <jwb> great, thanks maxamillion
16:42:00 <jwb> ok, last topic
16:42:09 <jwb> #topic #1663 How strongly should we recommend systemd sandboxing features?
16:42:09 <jwb> .fesco 1663
16:42:09 <jwb> https://pagure.io/fesco/issue/1663
16:42:10 <zodbot> jwb: Issue #1663: How strongly should we recommend systemd sandboxing features? - fesco - Pagure - https://fedorahosted.org/fesco/ticket/1663
16:42:57 <jwb> to be honest, i don't think we've all had time to digest this
16:43:33 <jwb> there's a lot of options to look at and figure out what to do, and there's no concrete proposal on which to enable and under what conditions
16:43:41 <maxamillion> I read over it this morning, I'm in support of improving the guidelines to recommend the sandboxing but I'm honestly not sure what's being proposed here ... it's kind of open ended in the ticket
16:43:46 * dgilmore notes we have had to eject systemd-232 from fedora
16:43:53 <jsmith> I haven't had time to fully digest it, but I do agree with mattdm's proposal that we go for stronger rather than weaker.... but a proposal would be nice
16:43:55 <maxamillion> dgilmore: oh fun
16:44:09 <maxamillion> jsmith: +1
16:44:16 <nirik> there's a patch tho, we should try that soon. ;)
16:44:16 <maxamillion> dgilmore: dare I ask what happened?
16:44:17 <dgilmore> it breaks compoing entirely as the kernel gets incorrectly copied
16:44:18 <jwb> jsmith: i'm going to guess that mattdm was hoping fesco would come up with said proposal
16:44:28 <maxamillion> dgilmore: computers! \o/
16:44:33 <dgilmore> so none of the new functionality is tested in fedora
16:44:36 <jwb> this seems like one of those polite FPL request things
16:44:41 <jsmith> jwb: That's my guess as well -- I'm just not sure I'm (yet?) qualified to make such a proposal
16:44:57 <dgilmore> I am all for making things more secure
16:44:58 <nirik> I think there's a few things we could change the default on... and the rest suggest maintainers use any that don't break functionality on their package
16:45:09 <dgilmore> I am not sure how it will effect things in practice
16:45:11 <maxamillion> nirik: +1
16:45:13 <jwb> ok, so this needs 1) an owner to make concrete suggestions, 2) a timeframe
16:45:14 <jsmith> nirik: Sounds very reasonable
16:45:26 <dgilmore> jwb: indeed
16:45:27 <jsmith> jwb: Yes, exactly.
16:46:08 <dgilmore> jwb: at least some things I can think of of the top of my head,  how hard is it to do something like change the port of ssh
16:46:18 <jsmith> For timeframe, I propose F27...
16:46:27 <dgilmore> if the service filed limited to tcp 22 would users find it to cumbersome to change
16:46:38 <nirik> well, likely it will be ongoing for a long time before everything is changed...
16:46:53 <dgilmore> and making sure changes in the service files got merged simply with user changes
16:47:27 <dgilmore> jsmith: I would leave the timeframe open until we know more
16:47:56 <jsmith> dgilmore: I guess what I"m trying to say is "Let's come up with an initial proposal for F27... it's not carved in stone, and can be adjusted from there"
16:48:02 <dgilmore> different suggestions could have different timeframes
16:48:08 <jwb> to be clear, i meant the proposal needs a timeframe
16:48:16 <dgilmore> jwb: oh :D
16:48:19 <jwb> right, what jsmith said
16:48:20 <jsmith> dgilmore: Rather than trying to solve for everything up front
16:48:41 <dgilmore> I read that very differently
16:48:54 <dgilmore> communication is hard
16:49:00 <maxamillion> jsmith: +1
16:49:33 <jwb> still needs an owner
16:49:35 <jsmith> I'm happy to brainstorm on the ticket for the next week or so, and see if we can't come up with a more concrete proposal for F27
16:49:41 <dgilmore> I think a month would be a good timeframe to come up with some initial proposals
16:49:41 <jwb> jsmith: great
16:49:49 <jsmith> I don't really want to volunteer to own it, but I'm happy to work on it
16:50:01 <jsmith> and if nobody else volunteers, I guess I'm stuck :-)
16:50:14 <jwb> Proposal: jsmith to take initial stab at a concrete proposal and present something in one month.  Help welcome
16:50:25 <jsmith> WORKSFORME +1
16:50:29 <sgallagh> Unfortunately, I know I'm not going to have the spare cycles in January.
16:50:36 <sgallagh> Sorry :(
16:50:39 <jsmith> sgallagh: Understood :-)
16:51:07 <nirik> might be good to setup a wiki page or something and ask everyone to poke at it a little
16:51:45 <jsmith> nirik: That's a good suggestion, and one that I wholeheartedly support
16:52:03 <maxamillion> I like that also
16:52:19 <dgilmore> +1 to jwb's proposal
16:53:04 <paragan> +1 to jwb's proposal
16:53:19 <kalev> +1 to jwb's proposal
16:53:22 <sgallagh> +1
16:53:43 <maxamillion> +1
16:53:46 <nirik> +1
16:53:52 <jwb> #agreed  jsmith to take initial stab at a concrete proposal and present something in one month.  Help welcome (8:0:-0)
16:54:00 <jwb> #topic Next Week's Chair
16:54:14 <dgilmore> I can it has been awhile
16:54:40 <jwb> #agreed dgilmore to chair next week
16:54:43 <jwb> #topic Open Floor
16:55:17 <jwb> jsmith: damnit, i misspelled your name in the ticket.  sorry
16:55:32 <jsmith> Reminder that voting in Fedora elections (FESCo, Council, FAmSCo) starts on January 10th
16:55:38 <jsmith> jwb: No worries -- I get that all the time
16:56:08 <jwb> #info Reminder that voting in Fedora elections (FESCo, Council, FAmSCo) starts on January 10th
16:56:16 <jwb> anything else?
16:56:21 <dgilmore> nada
16:56:31 <sgallagh> nope
16:57:03 <jwb> ok, thanks everyone
16:57:05 <jwb> #endmeeting