16:00:41 <maxamillion> #startmeeting FESCO (2017-11-03)
16:00:41 <zodbot> Meeting started Fri Nov  3 16:00:41 2017 UTC.  The chair is maxamillion. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:41 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:41 <zodbot> The meeting name has been set to 'fesco_(2017-11-03)'
16:00:41 <maxamillion> #meetingname fesco
16:00:41 <maxamillion> #chair maxamillion dgilmore nirik jforbes jsmith kalev sgallagh bowlofeggs tyll
16:00:41 <zodbot> The meeting name has been set to 'fesco'
16:00:41 <zodbot> Current chairs: bowlofeggs dgilmore jforbes jsmith kalev maxamillion nirik sgallagh tyll
16:00:43 <maxamillion> #topic init process
16:00:48 <nirik> morning
16:00:52 <jforbes> .hello jforbes
16:00:54 <zodbot> jforbes: jforbes 'Justin M. Forbes' <jforbes@redhat.com>
16:01:06 <bowlofeggs> .hello2
16:01:07 <zodbot> bowlofeggs: bowlofeggs 'Randy Barlow' <randy@electronsweatshop.com>
16:02:01 <maxamillion> .hello2
16:02:01 <zodbot> maxamillion: maxamillion 'Adam Miller' <maxamillion@gmail.com>
16:02:04 <tyll> .hello tyll
16:02:05 <zodbot> tyll: Sorry, but you don't exist
16:02:12 <tyll> .hello till
16:02:13 <zodbot> tyll: till 'Till Maas' <opensource@till.name>
16:02:14 <jsmith> .hello2
16:02:17 <zodbot> jsmith: jsmith 'Jared Smith' <jsmith.fedora@gmail.com>
16:03:03 <kalev> morning
16:03:04 <maxamillion> who all is out? I know dgilmore wasn't going to make it
16:03:05 <kalev> .hello kalev
16:03:06 <zodbot> kalev: kalev 'Kalev Lember' <klember@redhat.com>
16:03:18 <maxamillion> sgallagh out as well?
16:03:22 <tyll> Hi, can only follow a little bit on my mobile phone. Did not take DST changes into account
16:03:23 * maxamillion can't remember
16:03:38 <maxamillion> tyll: no worries, we have a pretty short agenda today
16:03:40 <sgallagh> I’m swamped today, but if I’m needed for quorum, I’m sort of here
16:03:57 <maxamillion> sgallagh: we do not, there's 7 of us here without your vote
16:04:04 <maxamillion> let's get to it
16:04:09 <maxamillion> #topic Follow Ups
16:04:13 <maxamillion> #topic #1786 Non-responsive maintainer: jcapik
16:04:13 <maxamillion> .fesco 1786
16:04:14 <maxamillion> https://pagure.io/fesco/issue/1786
16:04:14 <zodbot> maxamillion: Issue #1786: Non-responsive maintainer: jcapik - fesco - Pagure - https://pagure.io/fesco/issue/1786
16:04:44 <maxamillion> nirik: this had some questions on it about timing, I figured I'd bring that up to the group ... anything you want to say around this one or just have people read the ticket?
16:05:02 <nirik> there's 139 packages involved here...
16:05:20 <jsmith> I don't mind holding off until after the release...
16:05:29 <maxamillion> nirik: yeah, that's concerning pre-release
16:05:38 <bowlofeggs> i don't have an opinion on the timing - wouldn't we orphan them on rawhide only anyway?
16:05:50 <maxamillion> bowlofeggs: I don't think so, no
16:05:54 <jforbes> I am not sure what it matters. He has responded already and said that he won't be around for a while
16:05:55 <bowlofeggs> ah
16:06:18 <bowlofeggs> well i do think we should only orphan them on rawhide
16:06:20 <maxamillion> jforbes: there's releng scripts that handle orphaned packages differently for pre-releases
16:06:34 <jforbes> Ahh, then I see no harm in waiting
16:06:36 <maxamillion> (or there used to be, not sure if that's the case today)
16:06:43 <kalev> I don't think we have per-branch orphaning any more, as I understand it? it's either all branches orphaned or nothing, right?
16:06:46 <nirik> bowlofeggs: ? why?
16:07:02 <tyll> kalev: yes, all or nothing
16:07:05 <nirik> yeah, pagure just knows about the package itself, not branches.
16:07:18 <maxamillion> bowlofeggs: the maintainer stated he's going to be unavailable ... why wouldn't we orphan for f27 to find new maintainers?
16:08:06 <nirik> also, due to pagure needing someone in releng to reassign things, perhaps we should file 1 releng ticket with the list and have people comment there to take the packages.
16:08:16 <nirik> rather than a flurry of tickets / requests
16:08:20 <bowlofeggs> maxamillion, nirik: i guess what i really care about is that they don't get *retired* on f27
16:08:43 <bowlofeggs> so i suppose the orphaning itself isn't a big deal
16:09:07 <nirik> right, retirement is different.
16:09:12 <maxamillion> yeah
16:09:16 <kalev> I guess people can still retire things in F27, yeah. I was just about to say that we're deep in the freeze and there's not much harm orphaning/reassising can do now, but retiring is definitely a possibility
16:09:20 <maxamillion> retirement is a whole different ball of wax
16:09:42 <maxamillion> Proposal: Wait until Post F27 GA to orphan jcapik's packages
16:09:43 <nirik> I suppose as long as no one takes a package and retires it we are ok...
16:09:49 <nirik> but they could in theory
16:09:54 <bowlofeggs> maxamillion: +1
16:09:56 <nirik> maxamillion: +1
16:09:59 <kalev> maxamillion: +1
16:10:13 * maxamillion is +1 (for posterity)
16:10:38 <maxamillion> tyll: jforbes: jsmith: ?
16:10:47 <jforbes> +1
16:11:11 <tyll> I do not understand why we would wait
16:11:42 <nirik> tyll: someone takes orphaned package, decides it's not maintainable, retires it, gets blocked, messes up rc's
16:12:01 <nirik> (I know it's far fetched)
16:12:13 <maxamillion> tyll: also, there's releng tooling that handles orphaned packages differently from non-orphaned ones which could also have implications on RCs
16:12:40 <jsmith> maxamillion: +1
16:13:02 <jsmith> (sorry for the latency)
16:13:09 <tyll> nirik: we need to disable blocking of retired pkgs for F27 then anyhow if it isn't atm
16:13:31 <nirik> well, I think that depends on it being 'pre release'
16:13:32 <nirik> or whatever
16:13:38 <tyll> maxamillion: what tools are this? Anyone can orphan pkgs currently
16:14:11 <tyll> nirik: with pkgdb we disabled it in it, now it would need to be changed in block_retired.py (I will file a PR later today)
16:14:14 <maxamillion> tyll: I think pungi, some of the stuff that auto-updates bugzilla tickets, and some other stuff that operates on pkgdb (well, pagure-on-distgit now)
16:15:23 <nirik> tyll: well wasn't that using pkgdb still? (since PDC is still not implemented the state we need?)
16:17:02 <tyll> maxamillion: I am pretty sure that pungi does not check for orphan status, however, I am ok if we would like to be cautious in general
16:17:26 <nirik> It's waited this long, another week or two shouldn't matter too much I hope
16:17:28 <tyll> nirik: I guess it is the pdc-updater that needs to be updated in addition to block_retired
16:18:07 <maxamillion> tyll: actually, I think you're right ... I'm probably mistaken about pungi
16:18:45 <tyll> maxamillion: formally +1, but I do not think it would be necessary to wait
16:19:26 <maxamillion> #agreed Proposal: Wait until Post F27 GA to orphan jcapik's packages (+1:7, +0:0, -1:0)
16:19:36 <maxamillion> #topic #1788 Default path for root is inconsistent between su - and sudo
16:19:36 <maxamillion> .fesco 1788
16:19:37 <maxamillion> https://pagure.io/fesco/issue/1788
16:19:38 <zodbot> maxamillion: Issue #1788: Default path for root is inconsistent between su - and sudo - fesco - Pagure - https://pagure.io/fesco/issue/1788
16:20:43 <nirik> didn't we already decide this? ah... related.
16:21:12 <maxamillion> I do think it's reasonable to expect 'sudo -i' and 'su -l' to have similar environments at the result of executing the command
16:21:15 <maxamillion> nirik: oh?
16:22:08 <nirik> we already said sudo should not add /usr/local/
16:22:15 <nirik> in ticket 1646
16:22:34 <kalev> I was for the change to make sudo and PATH consistent back when we discussed that and still am
16:23:05 <maxamillion> hrm
16:23:41 <nirik> kalev: so remove /usr/local/ from su - ?
16:23:45 <kalev> I think the decision in 1646 was more like that we don't require the package maintainer to make the change, not that we forbit that or anything. we were pretty split back then what the default should be
16:24:00 <maxamillion> alright, so I guess the question is: is this new ticket with new context different enough to re-evaluate or do we stick with the previous FESCo decision?
16:24:18 <maxamillion> yeah, I'm starting to remember this now
16:24:28 <maxamillion> I feel like this discussion went on for some time
16:24:33 <tyll> Does anyone know why /usr/local is considered to be insecure?
16:24:34 <kalev> nirik: I guess that, or add /usr/local to sudo?
16:25:48 <maxamillion> tyll: I think because it's difficult to audit since packages don't (or shouldn't) be putting files there
16:26:18 <nirik> so, su - uses the default path right? so really this is a setup issue (since /etc/profile is where that is added?)
16:26:51 <jsmith> nirik: That's my understanding, yes...
16:27:13 <jforbes> Here's the thing. A user might have no actual clue what root's path is. There is some flexibility here because root can add things to their local PATH that wouldn't be allowed for sudo users
16:27:14 <bowlofeggs> fwiw, it actually doesn't bother me that root and sudo have different paths
16:27:15 <nirik> all the bugs are against sudo. I don't see the setup maintainer being asked to drop /usr/local/ there at all.
16:27:33 <bowlofeggs> i'm not arguing that they *should* have different paths, just that it doesn't seem wrong to me the way it is
16:27:36 <nirik> bowlofeggs: yeah, me either too much.
16:27:51 <bowlofeggs> i don't find it surprising at all
16:28:11 <bowlofeggs> sudo is for non-root users, and we can treat non-root users differently than root users
16:28:44 <bowlofeggs> i wouldn't oppose making them have the same default path either
16:29:49 <jforbes> They can still have different paths, su - will process local .bashrc
16:30:01 <bowlofeggs> also true
16:30:32 <bowlofeggs> does anyone feel strongly one way or the other about this?
16:30:43 <jforbes> no
16:30:50 <maxamillion> not really
16:31:19 <maxamillion> I do think it's not far fetched to expect those two things to be equal, but I also understand the arguments against having that as such
16:31:44 <maxamillion> I'm curious what other distros do ... anyone happen know about debian, arch, or suse?
16:32:01 <jforbes> No, but it might be worth looking into
16:32:18 <maxamillion> agreed
16:32:32 <nirik> I lean slightly toward asking setup maintainer to drop /usr/local from default paths... but I also don't feel super strongly about it. It seems a pretty minor issue.
16:32:56 <maxamillion> agreed
16:33:07 <maxamillion> I'm really good either way
16:33:44 <maxamillion> anyone have a proposal?
16:33:46 <kalev> many of us here are package maintainers and probably fine with removing /usr/local, but I think a lot of people out there want 'make install' to just work, and that puts things in /usr/local
16:33:51 <jsmith> I'm torn, because I personally like having /usr/local in my own (non-root) default path... but I understand that from a security perspective... well, you get the idea
16:34:04 <kalev> I don't think I could support removing /usr/local
16:34:05 <nirik> kalev: ...sometimes. Sometimes it scribbles on /usr
16:34:29 <maxamillion> kalev: yeah, that's fair
16:34:30 <nirik> the adding of /usr/local in profile is conditional...
16:34:37 <nirik> root vs user.
16:34:49 <kalev> ah, I didn't know that
16:35:58 <nirik> I guess it's only /usr/local/sbin
16:36:55 <jforbes> Wait, doesn't sudo use the user calling's path?
16:37:13 <maxamillion> jforbes: unless you do 'sudo -i', yes
16:37:31 <jforbes> su - would use whatever is defined as the root PATH and sudo would use the user PATH, why are we discussing this?
16:37:46 <kalev> hah, in other news, see #fedora-releng: the thing we just discussed, someone possibly retiring a package used in F27 compose and messing it up seems to have just happened
16:37:49 <kalev> libnfsidmap was retired
16:37:50 <tyll> I am in favor of adding /usr/local, I do not see practical security issues to be honest and it is sometimes annoying if they are not in the path
16:38:01 <jforbes> create a .bashrc if you want to add /usr/local
16:38:12 <maxamillion> or edit /etc/profile ... or $other
16:38:44 <maxamillion> ultimately, I'd defer to the package maintainers on this ... if these are enhancements that people would like to see, they should open a BZ against the package(s) and if the maintainer wants to make the change, then great
16:39:03 <nirik> well, the sudo maintainer does not want to add /usr/local (at least I think thats the case)
16:39:16 <jforbes> It seems perfectly sane and logical to me that sudo is using my path and su - is using the user I su tos path
16:39:20 <kalev> the first ticket we discussed months was the package maintainer asking for guidance on this, I think
16:39:53 <kalev> at least that's what I recall, don't want to be spreading false information :)
16:40:13 <bowlofeggs> i'm kind of inclined to leave this decision up to the sudo packager
16:40:19 <bowlofeggs> i don't see why this is a fesco issue
16:40:21 <maxamillion> kalev: oh, well if that was the case then we already decided this :) (my memory is not good enough to remember a ticket from 11 months ago)
16:41:18 <nirik> this ticket is asking us to make su and sudo consistent
16:41:45 <jforbes> nirik: that seems specifically against the point of having the 2 different commands
16:42:01 <bowlofeggs> i don't see a strong argument being made why fesco should override the packager on this
16:42:30 <jforbes> root has a PATH, users have PATH, any user can edit their PATH as they see fit
16:42:30 <nirik> I didn't say I agreed, just my take on the ticket.
16:43:22 <maxamillion> to advocate for the other side, what's the potential harm of making the change and providing the consistency?
16:43:28 <tyll> jforbes: sudo does not use the users's path but its own
16:43:53 <jforbes> tyll: it does, the only change is it will move . to the end
16:43:55 <bowlofeggs> maxamillion: i wouldn't call it harm, but overriding the packager's decision shouldn't be taken lightly imo
16:44:32 <maxamillion> bowlofeggs: completely agreed on that front
16:44:37 <bowlofeggs> maxamillion: i.e., there should be a pretty clear benefit if we override the packager. i don't personally think that consistency is expected, so that doesn't seem like a strong benefit to me
16:44:47 <maxamillion> right
16:44:52 <jforbes> which is why sudo echo $PATH includes /data/src/kernel/scripts for me and does not for another user
16:44:54 <maxamillion> it's been the way it is for ... forever?
16:44:55 <bowlofeggs> well, it's clearly expected by some people as evidenced in the ticket
16:45:01 <bowlofeggs> but it's not expected by me is what i mean
16:45:06 <tyll> jforbes: this shows only the sudo paths: sudo bash -c 'echo $PATH'
16:45:58 <jforbes> tyll: that also gives me my PATH
16:46:01 <nirik> you are doing a subshell there?
16:46:39 <jforbes> sudo bash -c "echo $PATH"
16:47:14 <tyll> jforbes: bash -c 'echo $PATH' contains /home/till/bin here but the sudo command does not
16:48:46 <jforbes> oh, I see what you mean.
16:48:51 <nirik> proposal: FESCo asks submittor to talk to setup/bash/util-linux folks if he wants changes in them. Consistency isn't really something we require from different commands
16:48:57 <maxamillion> just to mention time here, we have 12 minutes left and I have a hard-stop at the hour (got roped into a $dayjob meeting this morning)
16:49:04 <maxamillion> nirik: +1
16:49:11 <bowlofeggs> nirik: +1
16:49:48 <tyll> IMHO we should provide some consistency as a distribution
16:50:18 <jforbes> +1
16:50:18 <nirik> for things that make sense to sure...but su and sudo are inherently different commands used by different groups.
16:50:24 <kalev> I think so too. FESCo is exactly the body who is in the position to make things consistant, nobody else can do that
16:50:35 <maxamillion> I agree with nirik on that one
16:50:48 <nirik> we could punt and discuss more on list?
16:50:50 <jforbes> they are different command for a reason
16:51:32 <maxamillion> nirik: +1
16:51:48 <bowlofeggs> i'm fine with more discussion on a list too
16:52:28 <nirik> it sounds like there is disagreement and perhaps a discussion could help us reach some consensus, and this doesn't seem all that time sensitive
16:52:39 <maxamillion> Proposal: Discuss on the mailing list and in ticket, vote at next week's FESCo meeting based on feedback
16:52:47 <jforbes> That works
16:52:49 <jforbes> +1
16:53:00 <tyll> +1
16:53:01 <bowlofeggs> +1
16:53:17 * maxamillion is +1
16:53:21 <nirik> sure, +1
16:53:49 <kalev> +1
16:53:51 <maxamillion> jsmith: ?
16:54:35 <jsmith> +1
16:54:37 <maxamillion> #agreed Proposal: Discuss on the mailing list and in ticket, vote at next week's FESCo meeting based on feedback (+1:7, +0:0, -1:0)
16:54:43 <maxamillion> #topic #1789 F28 System Wide Change: NSS Default File Format SQL
16:54:43 <maxamillion> .fesco 1789
16:54:44 <maxamillion> https://pagure.io/fesco/issue/1789
16:54:45 <zodbot> maxamillion: Issue #1789: F28 System Wide Change: NSS Default File Format SQL - fesco - Pagure - https://pagure.io/fesco/issue/1789
16:54:56 <nirik> +1
16:55:01 <maxamillion> +1
16:55:16 <kalev> +1, we already approved this for F27
16:55:36 <jforbes> +1
16:55:37 <maxamillion> yeah, do we even need to re-vote?
16:55:50 <tyll> +1
16:55:58 <jsmith> +1
16:56:40 <maxamillion> bowlofeggs: ?
16:57:11 * maxamillion throws a shoe at bowlofeggs
16:57:27 <jforbes> That's one hell of an arm
16:57:36 <bowlofeggs> maxamillion: +1
16:57:53 <bowlofeggs> (sorry i stepped away to put a kettle on for tea)
16:57:56 <maxamillion> my physical theraptist used to be a trainer for the Texas Rangers (which is true, but I still am terrible at baseball)
16:58:05 <maxamillion> #agreed Approved: F28 System Wide Change: NSS Default File Format SQL (+1:7, +0:0, -1:0)
16:58:16 <maxamillion> #topic Next week's chair
16:58:18 <maxamillion> who's up?
16:58:29 <bowlofeggs> i've not done it meaninfully in a while
16:58:49 <maxamillion> #info bowlofeggs to chair next week's FESCo Meeting 2017-11-10
16:58:53 <maxamillion> #topic Open Floor
16:58:55 <kalev> I should be able to take the week after that
16:58:59 <maxamillion> anyone have anything?
16:59:11 <jforbes> nothing here
16:59:33 <tyll> I was wondering, will we change the meeting time to adjust for DST changes when it happened in the US as well?
16:59:42 <kalev> I'd just like to note that it would be really nice to invite people to our meetings when we discuss things that concern them
16:59:43 <jforbes> tyll: historically we have not
16:59:50 <kalev> would have been so nice to have the sudo maintainer here today, for example
17:00:34 <nirik> yep. we should try and invite interested folks for sure.
17:01:10 <tyll> jforbes: uh, the wiki says we change according to DST but it is also one hour off AFAIU
17:01:30 <tyll> https://fedoraproject.org/wiki/Fedora_Engineering_Steering_Committee#Meetings
17:01:32 <maxamillion> it says that?
17:01:33 <maxamillion> huh
17:01:42 <bowlofeggs> we could do a new whenisgood for DST?
17:01:43 <maxamillion> I don't think we've ever switched since I've been on FESCo
17:01:45 <jforbes> tyll: it may, I am just saying it historically hasn't happened
17:02:02 <bowlofeggs> i'm pretty flexible, esp on fridays
17:02:13 <maxamillion> I'm on my ... second? I think second term
17:02:19 <maxamillion> so for a little while we've not
17:02:26 <maxamillion> I'm open to whatever folks want to do, switch or not
17:02:33 <maxamillion> Fridays are also pretty flexible for me
17:02:44 <maxamillion> people tend to not schedule too many meetings on Fri
17:03:40 <jforbes> I am not picky
17:03:42 <tyll> I can probably accomodate, I guess  this time is now better for kalev
17:03:52 * nirik is somewhat flexable too.
17:04:21 <kalev> tyll: it is!
17:05:21 <tyll> We can discuss this further on the list if necessary IMHO
17:06:54 <maxamillion> alright, in a couple minues I'll pull the pin
17:08:30 <maxamillion> #endmeeting