15:01:12 <sgallagh> #startmeeting FESCO (2019-01-14) 15:01:12 <zodbot> Meeting started Mon Jan 14 15:01:12 2019 UTC. 15:01:12 <zodbot> This meeting is logged and archived in a public location. 15:01:12 <zodbot> The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:12 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:01:12 <zodbot> The meeting name has been set to 'fesco_(2019-01-14)' 15:01:12 <sgallagh> #meetingname fesco 15:01:12 <sgallagh> #chair nirik, bowlofeggs, jforbes, zbyszek, tyll, sgallagh, contyk, mhroncok, otaylor 15:01:12 <sgallagh> #topic init process 15:01:12 <zodbot> The meeting name has been set to 'fesco' 15:01:12 <zodbot> Current chairs: bowlofeggs contyk jforbes mhroncok nirik otaylor sgallagh tyll zbyszek 15:01:17 <mhroncok> hi 15:01:17 <sgallagh> .hello2 15:01:18 <zbyszek> .hello2 15:01:18 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com> 15:01:21 <zodbot> zbyszek: zbyszek 'Zbigniew Jędrzejewski-Szmek' <zbyszek@in.waw.pl> 15:01:22 <nirik> morning 15:01:22 <jforbes> .hello2 15:01:24 <zodbot> jforbes: jforbes 'Justin M. Forbes' <jforbes@redhat.com> 15:01:27 <otaylor> .hello2 15:01:28 <zodbot> otaylor: otaylor 'Owen Taylor' <otaylor@redhat.com> 15:01:31 <asamalik> .hello2 15:01:31 <zbyszek> afternoon ;) 15:01:32 <zodbot> asamalik: asamalik 'Adam Samalik' <asamalik@redhat.com> 15:01:53 * asamalik is here to discuss #2027 and #2028 15:02:18 <asamalik> good morning and good afternoon! 15:02:40 <bcotton> .hello2 15:02:41 <zodbot> bcotton: bcotton 'Ben Cotton' <bcotton@redhat.com> 15:02:48 <bowlofeggs> .hello2 15:02:54 <zodbot> bowlofeggs: bowlofeggs 'Randy Barlow' <rbarlow@redhat.com> 15:04:05 <sgallagh> contyk told me he couldn't make it, so I think we have everyone but tyll, so we're probably good to start 15:04:15 <sgallagh> #topic #2003 Ursa Major (modules in buildroot) enablement 15:04:15 <sgallagh> .fesco 2003 15:04:19 <zodbot> sgallagh: Issue #2003: Ursa Major (modules in buildroot) enablement - fesco - Pagure.io - https://pagure.io/fesco/issue/2003 15:05:06 <sgallagh> I want to throw out a contentious proposal here 15:05:21 * bowlofeggs readies his pitch fork 15:05:29 <zbyszek> https://pagure.io/pungi/issue/1095 has no answer :( 15:05:30 * nirik gets a torch 15:05:42 * zbyszek grabs a flamethrower 15:06:10 * mhroncok grabs popcorn 15:06:13 <sgallagh> Currently, the lack of Ursa Major is providing a blocker to EPEL efforts. I'd like to propose that FESCo approves the addition of Ursa Major in Fedora/EPEL and leaves the implementation details to be worked out by those doing the work. 15:06:15 * asamalik grabs a single match because he's just a guest here 15:07:01 <sgallagh> Trusting in the fact that at least three FESCo members are actively working on the problem and will report back if specific questions need answering. 15:07:10 <bowlofeggs> i would prefer it if we still have some high level requirements 15:07:12 <otaylor> sgallagh: What does "in fedora/epel" mean in this context? Enabled only for those buildroots? 15:07:27 <bowlofeggs> i don't feel the need to specify how they are achieved, but i think we need a way for packagers to make local builds still 15:07:33 <bowlofeggs> (for example) 15:07:46 <sgallagh> otaylor: I was going higher-level than that and just asserting that we permit it in the infrastructure. 15:07:47 <mhroncok> sgallagh: if the primary motivation is epel8, can we only do it in epel8 and see how it works, before we possibly destroy fedora? 15:07:49 <zbyszek> That proposal means that FESCo abdicates the responsibility, and I'm not happy about that. 15:07:58 <sgallagh> bowlofeggs: I don't think that is necessarily a blocker to doing this 15:08:06 <otaylor> sgallagh: EPEL doesn't have separate infrastructure... 15:08:08 <sgallagh> I think it's absolutely an endgame requirement 15:08:26 <bowlofeggs> sgallagh: wouldn't it mean that packagers can't build packages locally? i thought that was the primary concern in the ticket from before 15:08:27 <sgallagh> otaylor: That's why it was a slash and not an OR 15:08:33 <bowlofeggs> (working on memory) 15:08:43 <otaylor> sgallagh: Oh, I misunderstood the proposal then :-) 15:09:09 <nirik> we are going to also have to work out mbs for epel8...without exposing rhel binries.... 15:09:12 <sgallagh> It would, and it probably is, but I'm suggesting that blocking on local builds is hurting our ability to deliver other pieces in the meantime 15:09:30 <otaylor> sgallagh: Or, wait, I'm not sure which you were proposing ... is the / namespacing or "OR" ? 15:09:41 <zbyszek> or "AND" ? 15:09:52 <bowlofeggs> i personally think the ability to locally build is crucial 15:09:54 <sgallagh> But I suppose if the rest of FESCo disagrees, I'd be willing to walk it back to "Allow Ursa Major for EPEL without a local build requirement to unblock their efforts" 15:10:02 <bowlofeggs> it saves so much time when trying to debug 15:10:19 <sgallagh> otaylor: I think we're getting lost in the semanticshere. 15:10:29 <jforbes> That is fair, and I hate to block progress, but the local build requirement is also pretty critical 15:10:36 <otaylor> sgallagh: I have no idea what you proposed, sorry 15:10:41 <sgallagh> bowlofeggs: I do not disagree that it is *highly desirable*. I disagree that it is absolutely mandatory 15:11:13 <sgallagh> otaylor: I'll rephrase, maybe it will help 15:11:14 <bowlofeggs> it makes an enormous difference when there is a build problem 15:11:38 <mhroncok> as long as we approve this without such things as local builds or 3rd party rebuilds working, we have a dangerous situation 15:12:04 <mhroncok> some maintainers are eager to drop their nonmodular packages and they will do it 15:12:24 <mhroncok> and suddenly, other maintainers are left in a very bad situation 15:12:31 <sgallagh> As long as we don't approve this, we cannot move forward with EPEL 8 at all. Which is more important to us? 15:12:45 <zbyszek> What mhroncok says 15:12:56 <zbyszek> Sorry sgallagh 15:12:57 <otaylor> sgallagh: are you thinking that there's no solution for local build that can be arrived at? 15:13:04 <mhroncok> exisitng contributors bet nonexsisting epel 15:13:08 <mhroncok> *beat 15:13:24 <sgallagh> otaylor: I'm saying that every time a suggestion has been proposed, it's shouted down and spends a month trying to find a way to satisfy people. 15:13:45 <sgallagh> I think it's more likely that a solution will be found when it becomes critical to do so than if we keep kicking the can down the road. 15:13:50 <mhroncok> let's experiment withe pel8 without breaking Fedora? why is that wrong? 15:14:01 <mhroncok> *epel8 15:14:11 <smooge> with my EPEL hat on.. the local build is critical also 15:14:13 <jforbes> Wait, local build does work, there is no solution for automagically installing build deps 15:14:24 <sgallagh> jforbes: Correct 15:14:25 <otaylor> I'd be happy to support enabling UM for EPEL 8 work immediately, if there's a *plan* to get to the point where local builds can be done, and work is being done on that 15:14:33 <smooge> because most of the packagers I have talked with don't want to put stuff in EPEL-8 until they can build it locally 15:14:45 <sgallagh> otaylor: Local builds *can* be done, you just have to install your deps manually first 15:14:52 <jforbes> unfortunate, but not impossible 15:14:52 <sgallagh> There's no "mock" equivalent today 15:15:59 <mhroncok> I think we cannot break what doesn't exist 15:16:09 <mhroncok> if we do this in EPEL first, we can figure out the problems as we go 15:16:28 <mhroncok> there will be problems and there will be workarounds 15:16:30 <otaylor> sgallagh: is the plan that modules in UM must be in the modular repodata? 15:16:36 <otaylor> (no "buildroot only" modules) 15:16:42 <smooge> with the way that the build system is interdependant.. is it possible to do it for EPEL and not Fedora? 15:16:45 <jforbes> I am going to say, I think we should let EPEL 8 go forward, and insist that the local build issue be a priority for further development 15:17:35 <sgallagh> otaylor: I think so, yes. That seems a reasonable restriction. 15:17:50 <bowlofeggs> i feel like we've already allowed too many "cuts" on the packager workflow through in the past 1.5 years 15:17:59 <bowlofeggs> this seems like a pretty deep cut 15:18:14 <zbyszek> I don't think that sgallagh's characterisation that "time a suggestion has been proposed, it's shouted down and spends a month trying to find a way to satifsfy people" is correct. Instead, there have been some concrete proposals, e.g. pungi#1095, with no real answer. 15:18:20 <otaylor> smooge: I think you should be able to configure UM only to be active for the EPEL8 tag 15:18:25 <bowlofeggs> (thinking of the pkgdb retirement and all the features that were lost that nobody is adding back) 15:18:49 <zbyszek> Somebody needs to put in the work and figure out the details to satisfy the requirements that have been voiced. 15:19:00 <zbyszek> Pushing it down the road is not going to help that happen. 15:19:14 <bowlofeggs> zbyszek: agreed. if we approve this, there will be no pressure to fix it later 15:19:19 <bowlofeggs> it will be like the pkgdb situation 15:19:31 <bowlofeggs> there is no pressure for anyone to fix those problems, and nobody is 15:19:48 <nirik> there is an objective to now. ;) 15:19:51 <bowlofeggs> if there had been a requirement to have feature parity before pkgdb was retired, we wouldn't be in this situation now 15:20:03 <bowlofeggs> yeah i see that, and i hope it is successful 15:20:16 <sgallagh> bowlofeggs: That may be true, but we'd also probably still be on Trac at this point 15:20:18 <mhroncok> but let's not go thatroad again 15:20:21 <bowlofeggs> but we've had a long time of poor experiences because nobody stood up for packagers when that proposal was made 15:20:32 <mhroncok> if we approve this now, we migth have an objective in 3 years to enbale local builds 15:20:57 <sgallagh> As noted, there are active proposals for how local builds should work. 15:21:02 <sgallagh> This *is* a priority already. 15:21:18 <mhroncok> it should be a hard requirement 15:21:37 <bowlofeggs> to me it's more important for people to actualyl solve those problems than to just have proposals for how they could be solved 15:21:37 <sgallagh> Does someone want to make that a proposal then? 15:22:15 <sgallagh> E.g. "Ursa Major is forbidden in the Fedora (and EPEL) infrastructure until automatic local build dependencies are available" ? 15:22:42 <mhroncok> I'd still be fine if we enable this in EPEL8 as an experiment 15:22:48 <sgallagh> Because if nothing else, I would like to get *some* hard target settled today so we at least know that the requirements won't keep changing on us 15:23:11 <zbyszek> I'd prefer to phrase it positively 15:23:41 <sgallagh> zbyszek: Why start now? (Sorry, but it's been a whole lot of stonewalling so far) 15:23:44 <otaylor> Proposal: Ursa Major can be enabled *only* for EPEL8 for now, to allow work to proceed, but before enabling it for other tags, there needs to be an agreement on an appropriate packager workflow for local builds 15:24:04 <sgallagh> otaylor: An agreement between whom? 15:24:13 <otaylor> approved by fesco 15:24:27 <sgallagh> Just wanted that to be clear 15:24:51 <zbyszek> proposal: the ability to do automatic local installation of build dependencies is a pre-requirement for enabling UM, e.g. along the lines of pungi #1095 15:25:00 <mhroncok> sgallagh: do i assume correctly you would be happier if that "appropriate packager workflow for local builds" would be better defined? 15:25:11 <otaylor> (appropriate workflow could just be "only default streams can be enabled in UM" - not necessarily new technology.) 15:25:16 * sgallagh finds the idea that EPEL is going to be the experimental testing ground somewhat backwards, but 15:25:28 <nirik> well, it's only beta currently 15:25:35 <zbyszek> yeah, that seems wrong 15:25:40 <sgallagh> Sure, but it's still kind of odd 15:25:55 <mhroncok> looking at modularity in Fedora and modularity in RHEL8, i think it make sense if we experiment in EPEL8 15:26:05 <bowlofeggs> does seem against the 'upstream first' mantra, but it is also mostly motivated by epel 15:26:06 <sgallagh> Yeah, I don't actually disagree. 15:26:07 <zbyszek> nirik: also, by the time peole make use of this, it won't be beta anymore 15:26:10 <sgallagh> It just *feels* backwards 15:26:32 <otaylor> sgallagh: my impression is that you are saying this is urgent because EPEL8 is blocked on it? So blocking the work in EPEL8 and allowing it to proceed elsewhere wouldn't make sense. 15:26:38 <nirik> perhaps but we can also do final differently with lessons learned 15:27:15 <sgallagh> otaylor: Yeah, as I said, I don't disagree with the plan. It's just kind of unintuitive 15:27:45 <bowlofeggs> ok so we have a few different proposals out there 15:28:12 <bowlofeggs> first of all, we haven't made many epel decisions while i've been on fesco. so fesco overseees the epel sig? 15:28:17 <sgallagh> otaylor: "Only default streams" is actually insufficient. 15:28:25 <sgallagh> Because default streams CAN be incompatible with one another 15:28:44 <mhroncok> I think EPEL Steering Committee should actually decide if it is being done in epel or not 15:28:44 <zbyszek> So, ... we have a history of temporary solutions and soon-to-fixed deficiencies persisting for years. 15:28:45 <nirik> bowlofeggs: yes. 15:28:46 <bowlofeggs> because i wouldn't mind allowing the epel sig to make the decision about whether they are ok with local builds working or not, for epel 15:28:51 <sgallagh> bowlofeggs: FESCo oversees Infra to some extent. Adding new build infrastructure may affect both products 15:28:53 <mhroncok> but we may recommend it? 15:28:56 <sgallagh> *projects 15:29:28 <sgallagh> I think we at least have to say "It's permissible" 15:30:08 <mhroncok> I think so too 15:30:24 <mhroncok> but I amen EPEL should make the decision whether to use this 15:30:32 <sgallagh> Yes 15:30:33 <bowlofeggs> i really am heavily concerned about allowing something with a "we'll fix it later" because of the history, especially recent 15:30:47 <mhroncok> bowlofeggs: even in EPEL only? 15:31:08 <sgallagh> bowlofeggs: I'm heavily concerned about going the other direction and disallowing experimentation at all. 15:31:29 <zbyszek> mhroncok: yes 15:31:45 <sgallagh> bowlofeggs: I mean, perhaps we ask the EPEL SIG to say that EPEL isn't officially released/available until local builds are possible 15:31:57 <sgallagh> But we still allow them to bootstrap things in the official build system 15:32:01 <mhroncok> sgallagh: shouldn't we experiment in copr etc. rather than in Fedora proper? 15:32:17 <sgallagh> mhroncok: How do you experiment with the build system in a COPR? 15:32:18 <zbyszek> sgallagh: I think experimentation is good, so let's provide a devel version of pungi that provides some first iteration of the solution, and build on that. 15:32:28 <sgallagh> zbyszek++ 15:32:28 <zodbot> sgallagh: Karma for zbyszek changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 15:33:00 <mhroncok> sgallagh: or some experimntal Koji. what I'm trying to say is don't break contributor experience for experiments 15:33:02 <jforbes> Copr is not the place to experiment in my opinoin 15:33:10 <otaylor> zbyszek: I think someone needs to requirement collect, then line up the solutions 15:33:46 <bowlofeggs> so it is true that EPEL 8 can't be built without Ursa Major? 15:33:56 <otaylor> mhroncok: but there's no contributor experience for epel8 now - if you have an epel8 installation and want to work on epel8 packages by doing local builds, you can't 15:34:12 <otaylor> s/epel8 installation/rhel 8 beta installation/ 15:34:24 <mhroncok> otaylor: and since there is no experince now, i'm OK to allow that 15:34:26 <sgallagh> bowlofeggs: In RHEL 8 beta, a large percentage of packages that might be used for building are available only as modules 15:34:43 <sgallagh> So it would be impossible to build the majority of packages we'd want in EPEL without it. 15:34:53 <sgallagh> The ones we *could* build would be the exceptions, not the rule 15:35:02 * nirik thinks the beta is fine for trying to get solutions with, then when final comes out we can look at it again? 15:35:07 <zbyszek> otaylor: I agree, with the caveat that this is going to be have to be somebody who is deeply involved in the modularity initiative. 15:36:03 <sgallagh> zbyszek: Yeah, it's becoming increasingly clear that this needs to be me or contyk. 15:36:09 <smooge> how hard would it be to set up a seperate koji+bodhi+pungi+everything-else+ursa-major for just EPEL-8 15:36:12 <sgallagh> And since contyk cleverly dodged this meeting, I guess that means me 15:36:19 <nirik> ha 15:36:34 <bowlofeggs> i think i'm ok with letting the EPEL SIG make this decision for EPEL 8, but i don't want Fedora to use this until we have an equivalent packager experience to what we have today 15:36:39 <sgallagh> nirik: Was that directed at me or smooge? :) 15:36:59 <bowlofeggs> my reason for allowing it in EPEL 8 is the arguments that there can't be an EPEL 8 without it 15:37:03 <nirik> sgallagh: at you. 15:37:21 <mhroncok> bowlofeggs: exactly 15:37:26 <nirik> a duplicate koji/bodhi/everything would be... a lot of work 15:38:34 <sgallagh> OK, let me string together a couple proposals and see where we stand. 15:39:29 <zbyszek> sgallagh++ 15:39:29 <zodbot> zbyszek: Karma for sgallagh changed to 6 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 15:39:57 <sgallagh> 1: FESCo will permit standing up an Ursa Major instance to be configured for use only in EPEL 8 this time. 15:39:57 <sgallagh> 2: FESCo would like a set of detailed requirements gathered regarding packager experience for local builds. Once approved, these will need to be met before enabling Ursa Major in Fedora. 15:40:47 <sgallagh> Assuming we agree with (2), I'll take an action item to try to put this together by Friday so you can all read it over the weekend. (Or, more likely, five minutes before the meeting 😁 ) 15:41:06 <nirik> +1, sure 15:41:25 <sgallagh> +1 to both, for the record 15:41:36 <jforbes> +1 to both 15:41:58 <zbyszek> +1 for 2, -1 for 1. 15:42:07 <otaylor> +1 to both 15:42:30 <mhroncok> I'd rather s/packager experience for local builds/packager experience/ - but it's not strong opinion. +1 to both 15:43:16 <sgallagh> mhroncok: Well, I think we already know the centralized packager experience at least. 15:43:36 <sgallagh> But I'll see if I can address both in my doc 15:43:58 <jforbes> Just something to consider, EPEL is a part of the Fedora community, and we can't leave them completely broken. I think with the combination of proposals here, it is the best way forward 15:44:15 <bowlofeggs> i'm +1 to both 15:44:43 <bowlofeggs> though, should we have the EPEL SIG make the final call on that? 15:45:00 <sgallagh> bowlofeggs: That's why I said we'd permit it. Not mandate it 15:45:07 <bowlofeggs> i imagine they just have to accept it since they can't have EPEL without it, but it still seems like a good idea to involve them 15:45:20 <bowlofeggs> sgallagh: ah ok, that wording works for me then 15:46:27 <sgallagh> #agreed FESCo will permit standing up an Ursa Major instance to be configured for use only in EPEL 8 this time. (+5, 0, -1) 15:46:27 <sgallagh> #agreed FESCo would like a set of detailed requirements gathered regarding packager experience for local builds. Once approved, these will need to be met before enabling Ursa Major in Fedora. (+6, 0, -0) 15:46:27 <sgallagh> #action sgallagh to gather requirements 15:46:34 <smooge> At the moment the EPEL SIG is going to be split. We need it for an EPEL beta, but many of the packagers I deal with are EPEL-6 bound and are like 'how do I build this on my laptop like I do all the other packages?' 15:47:11 <sgallagh> Shall we move on? 15:47:13 <smooge> yep 15:47:18 <sgallagh> OK 15:47:25 <sgallagh> #topic #2027 RFC: Module lifecycles 15:47:25 <sgallagh> .fesco 2027 15:47:26 <zodbot> sgallagh: Issue #2027: RFC: Module lifecycles - fesco - Pagure.io - https://pagure.io/fesco/issue/2027 15:47:45 * asamalik wakes up 15:48:03 * sgallagh hands asamalik the conch shell 15:49:07 <sgallagh> asamalik: That was your cue 15:49:43 <asamalik> so from the comments in the ticket I feel that people prefer setting modules' EOL as a specific fedora release, not a date 15:50:07 <jforbes> That was my strong preference 15:50:16 <asamalik> so we won't have a situation when a module EOLs in the middle of a release 15:50:23 <sgallagh> Yeah, I don't think there's any other realistic way to accomplish it when dates are malleable 15:50:45 <zbyszek> PROPOSAL: 1. Module EOL is defined in git along with the rest of the definition of the module. 15:50:46 <otaylor> asamalik: Yes - you mean "module stream EOLs" though right? 15:50:48 <zbyszek> 2. The EOL is defined as Fedora release number, and the module is supported until that Fedora release goes EOL, even if that slips. 15:50:54 <sgallagh> asamalik: Not in Fedora, and in EPEL I think we can only reasonably tie it to minor RHEL releases. 15:51:17 <asamalik> otaylor: right 15:51:34 <asamalik> otaylor: thanks :) 15:52:14 <mhroncok> zbyszek: that concerns you proposal as well 15:52:16 <bowlofeggs> yeah i also prefer EOL being a release 15:52:25 <mhroncok> zbyszek: it's a stream that eols 15:52:40 <zbyszek> mhroncok: yep! 15:52:42 <asamalik> what people think about the possibility of not setting an EOL in order to build the module until manually EOL'd by setting a release? 15:53:01 <mhroncok> asamalik: well that's the current case anyway 15:53:04 <bowlofeggs> oh yeah that's true, EPEL changes it maybe 15:53:05 <sgallagh> asamalik: Can I try to rephrase that? 15:53:07 <otaylor> asamalik: I think that's fine and make sense for most streams 15:53:11 <asamalik> sgallagh: please! 15:53:26 <bowlofeggs> because having a fedora release be the EOL seems nice to me, but what do we do wtih EPEL? point release EOL? 15:53:38 <zbyszek> I wonder if for EPEL we should allow date-EOL after all. 15:53:57 <zbyszek> RHEL release schedule is not known in advance (publically). 15:54:03 <bowlofeggs> yeah 15:54:05 <sgallagh> I think what asamalik is asking is: "Instead of picking an EOL up front, can we treat the lack of an EOL as an assumption that it's supported for this release? Then, once we know for sure we're going to not support it after a certain release, set the value then" 15:54:26 <nirik> makes sense 15:54:27 <zbyszek> sgallagh: that sounds good 15:54:28 <sgallagh> Which also could work for EPEL 15:54:34 <bowlofeggs> sgallagh: that makes sense to me too 15:54:35 <asamalik> zbyszek: so that was the initial thought behind the date.. and the build system would compute a corresponding Fedora release out of that, somehow 15:54:40 <sgallagh> Since we don't need to know the schedule in advance. 15:54:46 <asamalik> sgallagh: +1 15:54:48 <jforbes> That seems fair 15:54:58 <sgallagh> Once the beta is announced, people could then decide if they want to support it after that point by setting the value 15:55:10 <zbyszek> asamalik: yeah, I know, but for Fedora the approximate schedule is known, and then it makes more sense to use the release 15:55:15 <bowlofeggs> asamalik: would it be viable to set the EOL to an EPEL point release? 15:55:20 <bowlofeggs> e.g. 8.2? 15:55:32 <otaylor> I think EPEL needs to come up with its own rules, but there may not be experience to do that yet 15:56:33 <sgallagh> True; nothing stops EPEL from declaring for example that it has six month cycles that happen to be tied to Fedora releases... 15:56:41 <asamalik> bowlofeggs: to not answer your question, do we want to set this separately for Fedora and EPEL? That would mean for example setting f30 and 8.2 at once? and for example only setting f30 would mean "build for epel forever"? 15:57:04 <asamalik> I both want and don't want to treat Fedora and EPEL as two different things in this regard 15:57:20 <otaylor> (Can the module default stream change during an EPEL release? That's not really compatible with traditional EPEL rules, but modularity changes everything) 15:57:56 <sgallagh> otaylor: That policy decision hasn't been made yet, so far as I know 15:58:20 <sgallagh> I'd lean towards suggesting that it should be impermissible though 15:58:42 <otaylor> asamalik: Hmm, do we expect modules to stream expand across Fedora and EPEL? 15:58:52 <sgallagh> otaylor: We absolutely want that 15:58:57 <asamalik> another a bit crazy idea would be setting just one, either Fedora or an EPEL -release based EOL and let the buildsystem automagically figure out an EOL for the other one... </half-serious> 15:59:06 <asamalik> otaylor: yes 15:59:22 <bowlofeggs> asamalik: that's a good question. i guess i was assuming we would want to set them separately, but i can now see why you might not want to 15:59:47 <mhroncok> asamalik: my concern with dates was that it's too magical 16:00:05 <asamalik> the date was the only one working for both the same way, but it has its own issues 16:00:09 <mhroncok> asamalik: setting a Fedora EOL via EPEL release number (or vice versa) is even more magical 16:00:17 <otaylor> mhroncok: I certainly have spent considerable mental cycles with the fedpkg request-branch trying to figure out what date I needed.... 16:00:23 <sgallagh> smooge, nirik: Do you think EPEL SIG would be okay with matching to the Fedora schedule? Or would that be too much trouble? 16:00:30 <bowlofeggs> this issue is less contentious than the last one, but imo harder to come to a solution on ☺ 16:00:46 * asamalik sends a magical spell towards mhroncok, laughing 16:00:54 <nirik> I could see it being confusing... 16:01:01 <bowlofeggs> asamalik: would it be painful to support "all of the above?" (date, fedora release, EL point release)? 16:01:08 <sgallagh> Maybe we could just do a "season"? 16:01:10 <bowlofeggs> and let the packager pick? 16:01:14 <asamalik> bowlofeggs: that was the initial idea, yes 16:01:29 <sgallagh> (Well, picking a non-northern-hemisphere-oriented term) 16:01:34 <otaylor> Proposal: just support one, but have a well known web page with a table.... 16:01:46 <zbyszek> bowlofeggs: but then we need to come up with rules what happens if a Fedora release slips 16:01:53 <sgallagh> i.e. supported until Q1 2020 and that translates to the appropriate release in that timeframe 16:01:53 <bowlofeggs> yeah 16:01:55 <mhroncok> can we do it by game of thrones releases? 16:01:58 <bowlofeggs> hahaha 16:02:06 <sgallagh> mhroncok: Books or TV? "_ 16:02:07 <sgallagh> :) 16:02:27 * sgallagh suspects that the latter might mean supporting modules longer than RHEL 8's lifetime 16:02:29 <mhroncok> sgallagh: both actually as we are trying now with fedora and epel 16:02:31 <sgallagh> err former 16:02:32 <jforbes> sgallagh: has to be books, TV is done in a couple of months 16:02:33 <bowlofeggs> ok, so the simplest proposal i see is to allow only fedora releases. would that be a problem for epel? 16:02:58 <sgallagh> bowlofeggs: nirik said "I could see it being confusing..." above on that 16:03:02 <bowlofeggs> yeah 16:03:14 <nirik> yeah, but might be a ok first cut at it... 16:03:20 <bowlofeggs> what if there were two fields for the EOL 16:03:20 <mhroncok> I suppose specifciying a Fedora release and an RHEL release 16:03:23 <otaylor> bowlofeggs: We'd have to make sure that it was displayed to epel users in time form ... we can't assume an epel user (or a fedora user) knows when f31 is 16:03:25 <sgallagh> Which is why I was thinking about just doing half-years or something 16:03:26 <mhroncok> in case the module builds fro both 16:03:33 <bowlofeggs> {'product': 'fedora', 'release': 31} 16:03:39 <sgallagh> If the release happens in Q1/Q2 or Q2/Q3, it ends then 16:03:41 <asamalik> for the date, would a following rule be crazy? "Modules EOL with the first release having its EOL *after* the module EOL date, potentially slipping with the release." 16:03:43 <bowlofeggs> {'product': 'epel', 'release': 8.2} 16:03:56 <bowlofeggs> then you can use both or just one? 16:03:59 <mhroncok> bowlofeggs: +1 16:04:02 <bowlofeggs> make EOL a list? 16:04:06 <asamalik> I really want to change that "after" to "before" but we'd need a time machine 16:04:09 <sgallagh> bowlofeggs: Depends on where we're storing that info 16:04:24 <sgallagh> If it's in the module metadata, that's now a backwards-incompatible change that we won't get into RHEL 8 at this point. 16:04:33 <mhroncok> asamalik: or just EOL everything now and call it day :D 16:04:52 <sgallagh> (Though I never liked the idea of storing that in the modulemd) 16:04:53 <asamalik> mhroncok: yeah, who use these Linuxes anyway!!! 16:04:56 <zbyszek> Hmm, EPEL lives on its own schedule. I don't understand tying lifetime of EPEL things to Fedora releases. 16:04:57 <bowlofeggs> sgallagh: ah 16:05:07 <bowlofeggs> sgallagh: so what does the existing module metadata format allow? 16:05:09 <nirik> we do have FPDC we could use 16:05:25 <sgallagh> bowlofeggs: https://github.com/fedora-modularity/libmodulemd/blob/master/spec.v2.yaml#L40 16:05:25 <otaylor> zbyszek: Well, if we are sharing module streams, they have to be tied together. The question is how to do it. 16:05:41 <zbyszek> sgallagh: isn't the format xml/json/whatever to be extensible exactly to allow adding new fields at any point? 16:06:04 <asamalik> sgallagh: I actually like that idea 16:06:06 <bowlofeggs> sgallagh: so dates only? 16:06:09 <sgallagh> zbyszek: Not exactly, no. Though there's an opportunity to cheat. 16:06:42 <sgallagh> The YAML structure is strict except for the "XMD" section, which can contain arbitrary content that isn't validated. 16:07:03 <sgallagh> MBS uses it for internal purposes, but we could extend it for our purposes. 16:07:19 <sgallagh> It just wouldn't be directly accessible via libmodulemd API 16:07:41 <sgallagh> (You'd just get the raw contents as python objects or GVariants in C and deal with them manually) 16:07:48 <bowlofeggs> sgallagh: so if we were going to say "fedora version x" that wouldn't work with this file either? 16:08:08 <sgallagh> bowlofeggs: Well, as I said, I don't really like the idea of storing that info in the metadata to begin with 16:08:09 <zbyszek> That's sad, but it's still probably better then putting it in some external place 16:08:14 <sgallagh> I think the FPDC idea is a better place for it 16:08:27 <zbyszek> sgallagh: but why? 16:08:28 <sgallagh> Because metadata once in the repo is static 16:08:42 <bowlofeggs> sgallagh: so would dnf/packagekit query PDC to get it? or would it get into the repodata via some process? 16:08:50 <sgallagh> But if the upstream decides to extend the lifecycle, for example, you can't change that in the frozen release repos 16:09:19 <zbyszek> I don't think so. I update the metadata of my packages all the time. This would be just another case. 16:09:19 <sgallagh> I guess as long as the metadata values were always updated on any compose of the updates[-testing] repos, it could work though 16:09:45 <sgallagh> Is this data useful on the client side though? 16:09:50 <bowlofeggs> we probably don't want users live querying PDC without infra doing some serious scaling work 16:09:58 <sgallagh> I mean, isn't EOL really only meaningful to the build system and bodhi? 16:10:00 <bowlofeggs> sgallagh: isn't this data *for* the client? 16:10:08 <bowlofeggs> sgallagh: oh i thought it was for the end user to know 16:10:17 <sgallagh> bowlofeggs: At present, none of this is presented to the user 16:10:31 <bowlofeggs> sgallagh: so i could know "this django version i'm using will only be supported until XYZ" 16:10:49 <bowlofeggs> sgallagh: i don't know of a way that bodhi directly uses this info either 16:10:53 <bowlofeggs> maybe pungi does? 16:11:00 <bowlofeggs> (and bodhi uses pungi) 16:11:04 <sgallagh> bowlofeggs: Well, Bodhi I could see refusing to submit an update for an EOL stream 16:11:11 <sgallagh> Not that it does today, but I could see that happening 16:11:16 <bowlofeggs> ah i see 16:11:19 <bowlofeggs> yeah 16:11:34 <bowlofeggs> but wouldn't you want end users to get notice they are using EOL packages? 16:11:48 <bowlofeggs> otherwise they dont' get updates and don't realize it 16:11:55 <sgallagh> bowlofeggs: Want to? Sure. Have a meaningful way of reporting it? Nope. 16:12:15 <bowlofeggs> i guess my surprise here is that i thought that was the main purpose of this field 16:12:22 <jforbes> Yes, that is the critical piece. We don't want end users thinking something is supported when it isn't and end up exposed to a big security hole 16:12:26 <bowlofeggs> the bodhi/koji side of it seems secondary to me 16:12:31 <sgallagh> bowlofeggs: I think this field has changed purposes several times 16:12:45 <sgallagh> But realistically, we can't represent this information to an Ansible user, for example. 16:12:52 <bowlofeggs> true 16:12:54 <sgallagh> (Short of denying the installation) 16:13:05 <bowlofeggs> but dnf could print warnings for CLI users at least 16:13:10 <bowlofeggs> and GUI users could get warnings too 16:13:16 <sgallagh> Perhaps 16:13:24 <bowlofeggs> to me, that's far more important than stopping builds from happening 16:13:32 <bowlofeggs> in fact, i dont' see a real purpose in stopping builds from happening 16:13:34 <sgallagh> Oh, I don't disagree. 16:13:38 <sgallagh> We just don't have a good answer for it. 16:13:53 <bowlofeggs> so i dont' see the point of this field outside of informing the end user 16:14:10 <mhroncok> we remove packages between Fedora releases 16:14:23 <mhroncok> how is this different? 16:14:36 <sgallagh> mhroncok: It's really not 16:14:51 <sgallagh> If you upgrade to F30 and a package you were using goes away, you still have the old package there, warts and all 16:14:57 <mhroncok> I guess that really goes back to my question ont he ticket 16:15:11 <sgallagh> Yes, maybe we can make it a little nicer/more visible, but I don't think it's fully solvable 16:15:12 <nirik> unless it's got broken deps or somehing 16:15:12 <mhroncok> do we remove the packages or keep them? both is bad 16:15:17 <sgallagh> Right 16:15:41 <mhroncok> and I think we only need to figure out how to do this consitently with nonmodular Fedora 16:15:52 <zbyszek> I'll have to leave 20 past the hour. Apologies. 16:17:28 <bowlofeggs> well that removal happens between fedora releases, not in the middle of a release. so yeah, i guess as long as we use fedora releases as the EOL date that becomes similar to what we do now 16:17:37 <sgallagh> I think we should try to move on, but can I summarize the discussion and move it to the ticket? 16:17:59 <asamalik> could we just have some sort of an audit command that would check the EOLs and report it back to the user? without making any physical restriction? 16:18:12 <asamalik> so they'd have the info and they could do what they think is best 16:18:25 <bowlofeggs> sgallagh: sure 16:18:27 <sgallagh> I think we generally agree that we would like to tie EOL to Fedora releases and RHEL minor releases while also retaining module stream expansion for both together. How we do this and how we report and store these EOLs needs more discussion. 16:18:31 <sgallagh> Reasonable summary? 16:18:40 <asamalik> combined with a policy preventing EOLs mid-release I think that would work nicely 16:19:10 <jforbes> Seems a good summary 16:19:17 <mhroncok> sgallagh++ 16:19:19 <zodbot> mhroncok: Karma for sgallagh changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:19:30 <asamalik> sgallagh: +1 16:19:50 <sgallagh> asamalik: The audit tool would be a good idea as well. Let's take that back to the ticket and discuss it further 16:19:58 <sgallagh> #info We generally agree that we would like to tie EOL to Fedora releases and RHEL minor releases while also retaining module stream expansion for both together. How we do this and how we report and store these EOLs needs more discussion. 16:20:11 <zbyszek> Ack. 16:20:17 <asamalik> sgallagh++ 16:20:26 <otaylor> sounds good +1 16:20:43 <sgallagh> #topic #2028 RFC: Stream branch ownership for packages & modules 16:20:43 <sgallagh> .fesco 2028 16:20:45 <zodbot> sgallagh: Issue #2028: RFC: Stream branch ownership for packages & modules - fesco - Pagure.io - https://pagure.io/fesco/issue/2028 16:20:58 <sgallagh> I'm sure this one will go *much* quicker :V 16:21:04 <mhroncok> :D 16:21:32 <asamalik> so I wanted to entertain the possibility of only defining module stream branch ownership, and having the package stream branch ownership be implicit 16:21:40 <sgallagh> Personally, I think the short version here is "We need pkgdb-like functionality back" 16:21:55 <mhroncok> pretty much 16:22:00 <asamalik> but what I feel from the ticket is that people would prefer explicit package stream branch ownership for various reasons 16:22:09 * sgallagh nods 16:22:34 <asamalik> sgallagh: we do! 16:22:35 <otaylor> asamalik: my take is that this too confusing, and depending on something shouldn't be acls/ownership 16:23:05 <sgallagh> Yeah, I think this is better solved with branch ownership. 16:23:51 <mhroncok> BTW I've put branch ownership to the contributor experience objective wiki page 16:23:58 <asamalik> otaylor: sorry, I couldn't parse that 16:24:35 <sgallagh> asamalik: I think he means that having ownership derive from dependencies is confusing an unintuitive 16:24:44 <mhroncok> asamalik: too magical :D 16:24:55 <asamalik> sgallagh: ah, sure, I'm not against that 16:25:02 <otaylor> asamalik: Sorry, just meant to say "ownership should be explicit" 16:25:21 <asamalik> I was just trying to find a solution with minimal "paperwork" if you will 16:25:31 <asamalik> but sure, agree it's kind of confusing 16:26:26 <sgallagh> So, are we more or less in agreement that mhroncok's going to add back ACLs to Fedora? :-D 16:26:31 <asamalik> so I hear we need 1) mechanics to define branch ownership and 2) explicit module branch ownership as well as explicit package branch ownership 16:26:34 <otaylor> asamalik: What was your main concern here - the module with a lot of packages all owned/streamed together with the module? 16:26:42 <asamalik> sgallagh: that's how I understand it, yes :D 16:28:08 <otaylor> I'm not sure we should rush into definining this as branch ownership. It's one case (somone wants to pick up nodejs:8 after the maintainer loses interest), but not the only case. 16:28:15 <asamalik> otaylor: my primarily motivation wasn't a concern, just the assumption that that if you own a module that contains a package, you also maintain it. And also the fact that there is no reason for a package stream branch to exist if it's not in a module. So adding explicit ownership seemed unnecessary to me. 16:28:22 <mhroncok> sgallagh: as long as you prepa a spearate koji stack for the previous ticket :D 16:28:50 <asamalik> otaylor: ah, you were talking about branch ownership, sorry. 16:28:50 * sgallagh tweaks DNS to make it look like there's a new infrastructure domain. 16:30:09 <sgallagh> Do we have anything to vote on here or shall we take this back to the ticket for more discussion? 16:30:30 <asamalik> otaylor: I can easily see different people maintaining different streams. Having shared permissions/ownership would somehow force them to collaborate/agree on things. There might be cases that's not desired and there could be a conflict. But maybe I'm just too negative here. 16:30:38 <sgallagh> I'd like to get to the new business before midnight in the EU :) 16:31:08 <mhroncok> sgallagh: so, plenty of time for this one :) 16:31:19 <otaylor> sgallagh: Sounds like back to the ticket - I don't think there's support for the exact proposal in the ticket. 16:31:34 <mhroncok> +1 for no voting. oh... 16:31:57 <sgallagh> Motion to defer 16:32:01 <asamalik> I think I'll take the action to update the proposal with 1) mechanics to define branch ownership and 2) explicit module branch ownership as well as explicit package branch ownership 16:32:14 <asamalik> EOF 16:32:21 <nirik> sounds good 16:32:30 <jforbes> +1 to defer 16:32:33 <mhroncok> asamalik++ 16:32:33 <zodbot> mhroncok: Karma for asamalik changed to 12 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:32:41 <sgallagh> #action asamalik will update the proposal with 1) mechanics to define branch ownership and 2) explicit module branch ownership as well as explicit package branch ownership 16:32:43 <asamalik> cookies for everyone!!! 16:32:55 <sgallagh> #info deferring further discussion to the next meeting 16:33:02 <sgallagh> #topic #2044 F30 Change: krb5 crypto modernization 16:33:02 <sgallagh> .fesco 2044 16:33:02 <sgallagh> #agree DECISION (+X, Y, -Z) 16:33:05 <zodbot> sgallagh: Issue #2044: F30 Change: krb5 crypto modernization - fesco - Pagure.io - https://pagure.io/fesco/issue/2044 16:33:33 <nirik> there were some more questions on the list... 16:33:44 <asamalik> thanks all! 16:33:44 <nirik> dunno if they got answered yet 16:33:45 * asamalik leaves 16:33:47 <sgallagh> So, I'll admit that my eyes crossed a bit reading through the devel list thread, but I gather that rharwood wants to remove algorithms more aggressively than upstream? 16:34:11 <sgallagh> I worry a bit about what that might mean for interoperability. 16:35:24 <sgallagh> And yes, I see zbyszek asked some new questions shortly before this meeting. 16:36:07 <sgallagh> Should we punt until we get answers? 16:36:17 <nirik> +1 16:36:24 <jforbes> +1 16:36:38 <bowlofeggs> +1 to punt 16:36:55 <sgallagh> If Robbie is in Brno next week, I'll try to sit down with him in person and hash this out. 16:37:14 <sgallagh> #info punting to await answers to questions on the mailing list 16:37:32 <sgallagh> #topic #2051 Backport Fish 3.0 to F29 16:37:32 <sgallagh> .fesco 2051 16:37:34 <zodbot> sgallagh: Issue #2051: Backport Fish 3.0 to F29 - fesco - Pagure.io - https://pagure.io/fesco/issue/2051 16:37:43 <bowlofeggs> i just searched to see if "punt" really means the way we use it in english, and it has a surprising number of definitions: https://www.merriam-webster.com/dictionary/punt 16:38:00 <sgallagh> I always assumed it was related to sportsball 16:38:11 <bowlofeggs> yeah me too 16:38:14 <bowlofeggs> it probably is 16:38:24 <bowlofeggs> but it can mean things about boats and wine bottles? 16:38:33 <sgallagh> aaanyway 16:39:14 <sgallagh> As I was observing to Matthew Miller the other day, sometimes working in open source can be really weird. Like receiving a message with the subject line "Backporting fish" 16:39:19 <bowlofeggs> on fish, i'm still of the opinion that it can be in a module or copr, otherwise can wait for f30 16:39:30 <bowlofeggs> haha 16:39:45 <sgallagh> I'm inclined to agree. The backwards-incompatible change list looks concerning to me. 16:39:52 <bowlofeggs> if i were a fedora user relying on the old behavior, i would be upset at this 16:39:59 <otaylor> As long as fish is just a sysadmin tool and nothing is depending on it in the distro, I think it's up to the maintainer. 16:40:01 <bowlofeggs> (i'm not a fish user, just thinking theoretically) 16:40:16 <sgallagh> otaylor: We have specific rules about stable updates for all packages 16:40:18 <bowlofeggs> otaylor: i don't agree with that, since users may have fish scripts 16:40:25 <bowlofeggs> and we can't know what their scripts are doing 16:40:25 <sgallagh> And it's a scripting language that has changed semantics 16:40:33 <sgallagh> I think it would annoy users of it greatly 16:40:40 <otaylor> I don't feel I have enough context about how people use fish to know whether people write scripts or not. 16:40:51 <bowlofeggs> we wouldn't do something liek this for python 16:40:53 <otaylor> The changes did sound concerning to me - like scripts breaking in unexpected ways 16:41:08 <sgallagh> We have modules and COPRs as alternatives these days. 16:41:12 <bowlofeggs> yeah, it's a shell/scripting language 16:41:13 <otaylor> bowlofeggs: it would clearly be a *nope* for python or bash 16:41:16 <jforbes> Yeah, I am inclined to -1 this one 16:41:31 <bowlofeggs> -1 16:41:49 <sgallagh> Proposal: FESCo does not grant an exception to the stable updates policy for 'fish' and recommends the use of a module stream or COPR repository instead. 16:41:56 <bowlofeggs> sgallagh: +1 16:42:00 <sgallagh> +1 16:42:04 <jforbes> +1 16:42:07 <bowlofeggs> (i do approve it for F30, fwiw ☺) 16:42:14 <nirik> +1 16:42:24 <mhroncok> +1 16:42:29 <sgallagh> bowlofeggs: We don't need to rule on that. That's maintainer's prerogative 16:42:50 <bowlofeggs> (also, fish is pretty cool. i did use it for a while. i like it a lot more than bash/zsh, though i switched back because it's easier to find things that integrate with bash) 16:42:52 <sgallagh> #agreed FESCo does not grant an exception to the stable updates policy for 'fish' and recommends the use of a module stream or COPR repository instead. (+5, 0, -0) 16:42:53 <otaylor> +1 16:42:53 <mhroncok> Also, we should thank ignatenkobrain for even asking. I can imagine others would juts push it and be done with it :D 16:42:58 <sgallagh> #undo 16:42:58 <zodbot> Removing item from minutes: AGREED by sgallagh at 16:42:52 : FESCo does not grant an exception to the stable updates policy for 'fish' and recommends the use of a module stream or COPR repository instead. (+5, 0, -0) 16:43:02 <sgallagh> #agreed FESCo does not grant an exception to the stable updates policy for 'fish' and recommends the use of a module stream or COPR repository instead. (+6, 0, -0) 16:43:06 <bcotton> ignatenkobrain++ 16:43:06 <zodbot> bcotton: Karma for ignatenkobrain changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:43:11 <sgallagh> mhroncok: Agreed. 16:43:17 <bowlofeggs> mhroncok: indeed 16:43:19 <sgallagh> ignatenkobrain: Thanks for checking in on this :) 16:43:20 <bowlofeggs> ignatenkobrain++ 16:43:24 <sgallagh> ignatenkobrain++ 16:43:24 <zodbot> sgallagh: Karma for ignatenkobrain changed to 8 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:43:36 <sgallagh> #topic Next week's chair 16:43:55 <mhroncok> would anybody be willing to guide me trough that? 16:44:04 <sgallagh> I may or may not make it next week; I'll be just arriving at my hotel in Brno around the time this starts. 16:44:08 <bowlofeggs> i'm not sure if i can be here next week 16:44:11 * nirik too 16:44:13 <sgallagh> mhroncok: https://fedoraproject.org/wiki/FESCo_meeting_process 16:44:20 <bowlofeggs> we have a team meeting during this time slot 16:44:30 <bowlofeggs> and i will be gone the following week for sure 16:44:33 <mhroncok> BTW I don't think I can tag issues 16:45:00 <sgallagh> mhroncok: Probably we haven't made you an admin on the repo yet 16:45:05 <bowlofeggs> mhroncok: maybe someone needs to add you to a pagure and/or fas group? 16:45:07 * nirik meant to add folks, can do that 16:45:16 <mhroncok> nirik: thanks 16:45:42 <mhroncok> should we deliberately cancel next week? 16:46:10 * sgallagh also notes he *definitely* will not be available the week after, as he'll be in-flight 16:48:22 <nirik> do we have any chance of quorum? 16:48:23 <bowlofeggs> will anyone be here next 2 weeks? 16:48:39 * mhroncok will be 16:48:43 * otaylor will be travelling both next monday and the week after 16:49:09 <mhroncok> I guess contyk mostl likely wonẗ be travling to/from devconf either 16:49:12 <jforbes> I will be here 16:49:27 <sgallagh> I will try to be available for next week, but I can't be absolutely certain 16:49:30 <otaylor> (*might* be able to make it next monday, like sgallagh, it's about the time I'm arriving at my hotel) 16:50:54 <bowlofeggs> sounds like maybe 3 people so maybe we should just say we meet next in 3 weeks? 16:50:56 <sgallagh> Looks like there's at least a chance of quorum, so let's try for it and see what happens? 16:51:01 <bowlofeggs> or that 16:51:07 <bowlofeggs> you could just host the meeting and see who comes 16:51:18 <bowlofeggs> it's a possibility i can do it, but i have a team meeting so seems unlikely 16:51:41 <bowlofeggs> sounds like the following week is less likely 16:51:57 <sgallagh> bowlofeggs: You can just .hello2 and then hand your proxy to me. I'm trustworthy ;-) 16:52:33 <mhroncok> the question is, how can we trust that you are trustworthy? 16:52:43 <sgallagh> I have this certificate I made! 16:52:53 <mhroncok> and you self signed it 16:52:57 <jforbes> seems legit 16:52:59 <mhroncok> anyway, I can do the next week meeting 16:53:07 <bowlofeggs> sgallagh: haha 16:53:11 <mhroncok> and just see if it will happen 16:53:25 <sgallagh> mhroncok: I literally wrote the book on how to improve self-signing :-D 16:53:27 <bowlofeggs> self signed certificates are easy to fix: you just mark them trusted in yuor browser! 16:53:31 <mhroncok> I'll read the docs and cry for help if I need it 16:54:32 <sgallagh> #action mhroncok to chair 2019-01-21 meeting 16:54:37 <sgallagh> #topic Open Floor 16:54:41 <sgallagh> Anything for Open Floor? 16:54:45 <sgallagh> (please say no) 16:54:52 <besser82> Well… 16:54:56 <bowlofeggs> i've been thinking that we need to come up with ways to make our meetings longs 16:54:58 <bowlofeggs> *longer 16:55:08 <sgallagh> Actually cverna had something I think 16:55:24 <cverna> it can wait for next meeting since you all had a long one today 16:55:29 <sgallagh> mhroncok: BTW in case you thought I was lying: https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/ 16:55:30 <mhroncok> bowlofeggs: just vote -1 on random tickets that seem to be getting close to getting approved 16:55:58 <mhroncok> sgallagh: you've just wrote that now to impress me. 16:56:01 <sgallagh> cverna: It's possible that will be in three weeks, so best you ask now 16:56:10 <sgallagh> mhroncok: I'm good, but not *that* good 16:56:16 <besser82> Since the next two weks meetings seem to be not certain, yet… I'd like to ask about https://pagure.io/fesco/issue/2052 16:56:32 <besser82> Current state is +5 in the ticket. 16:56:49 <bowlofeggs> mhroncok: haha 16:56:53 <besser82> Needs another +2 to be approved… 16:57:07 <sgallagh> besser82: Actually, it needs either another +2 or just five days to pass 16:57:10 <mhroncok> besser82: and couple of days as well 16:57:17 <mhroncok> or 16:57:34 <cverna> Ok my open floor question/ticket is about https://pagure.io/fesco/issue/2049 16:57:39 <sgallagh> besser82: Are you here to ask us to pass it quicker or to argue against it? 16:57:40 <cverna> container update policy 16:57:48 <mhroncok> besser82: btw python34 and 35 now build, so you can retest them in that copr 16:57:52 <besser82> sgallagh, pass it quicker 16:57:54 <sgallagh> ok 16:58:12 <besser82> mhroncok, then they will build with that change as well 16:58:28 <sgallagh> otaylor, bowlofeggs : If you two agree, please +1 the ticket so they can move ahead 16:59:40 <besser82> and bcotton needs to give me a tracking bug, so Ican reference the rhbz# when bumping / rebuilding ~154 Packages 16:59:47 <bowlofeggs> sgallagh: I +1'd (hadn't seen it before now, sorry ☺) 17:00:06 * otaylor adds his +1 (not entirely sure about the idea of using compat libraries to enforce security policies, but won't make things worse than the status quo) 17:00:31 <besser82> otaylor, the compat lib is kept for POSIX-requirements 17:00:36 <sgallagh> Thanks 17:00:43 <sgallagh> besser82: OK, it's approved 17:01:05 <besser82> sgallagh++ 17:01:05 <zodbot> besser82: Karma for sgallagh changed to 8 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:11 <sgallagh> #topic Container update policy update 17:01:11 <sgallagh> .fesco 2049 17:01:12 <zodbot> sgallagh: Issue #2049: Container update policy update - fesco - Pagure.io - https://pagure.io/fesco/issue/2049 17:01:14 <bcotton> besser82: i'll process it this afternoon and you'll get your tracking bug then 17:01:20 <besser82> mhroncok++ 17:01:20 <zodbot> besser82: Karma for churchyard changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:27 <besser82> otaylor++ 17:01:27 <zodbot> besser82: Karma for otaylor changed to 1 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:35 <besser82> bowlofeggs++ 17:01:35 <zodbot> besser82: Karma for bowlofeggs changed to 12 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:37 <besser82> bcotton++ 17:01:38 <zodbot> besser82: Karma for bcotton changed to 10 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:52 <sgallagh> cverna: You have the floor 17:01:59 <mhroncok> cverna: let's dance 17:02:09 <bowlofeggs> ok so on the container topic, i must admit that i don't have a lot of bandwidth to add the buildroot overrides to containers right now, though i do know what needs to happen to make it work 17:02:23 <bowlofeggs> so i could advise someone who did have time to work on it, review pull request, etc. 17:02:32 <bowlofeggs> just can't do it myself for now 17:02:47 * cverna puts shiny shoes to hit the dance floor 17:02:53 <bowlofeggs> i do feel like that would be better than not having testing time on containers 17:03:23 <cverna> I think this is more than just buildroot overrides 17:03:24 <bowlofeggs> though i also find cverna's counter argument that users can more easily run older containers than older RPMs to be a moving argument 17:03:47 <cverna> some containers will not need buildroot override and it does not make sense to have to wait 7 days to release 17:03:53 <mhroncok> why do we have that 1 day in bodhi? it clearly makes pretty much the same sense as bypassing bodhi entirely 17:04:07 <nirik> if CI is good enough... yeah... 17:04:17 <cverna> mhroncok: long term plan for me is to bypass bodhi once we have ci 17:04:29 <cverna> be the CI is not in place yet 17:04:35 <cverna> so this is a middle ground 17:04:38 <mhroncok> but as long as CI is in it's current state 17:04:46 <mhroncok> what good does the 1 day bodhi thing brings? 17:04:49 <bowlofeggs> why would CI make the difference on whether bodhi is used or not? 17:04:50 <mhroncok> other than 1 day delay 17:04:50 <otaylor> The other thing that is different about containers, is that a container update may have *nothing* to do with the containers actual functionality, it may be picking up a security fix from the base package set. 17:05:00 <otaylor> So asking people to test and karma is a lot of overhead 17:05:10 <cverna> mhroncok: I can because we can't do 0 days 17:05:27 <sgallagh> Regarding CI: couldn’t you just create a FAS user for CI to give it Bodhi karma? 17:05:35 <sgallagh> Then set the auto push to 1? 17:05:36 <mhroncok> :D 17:05:53 <mhroncok> or just set karma to push to 1 and ask sgallagh to give the karma 17:05:56 <bowlofeggs> sgallagh: i actually had considered doing something like that for rawhide gating 17:06:05 <bowlofeggs> rawhide will be very similar to what cverna wants 17:06:09 <sgallagh> bowlofeggs: I’m in favor 17:06:29 <cverna> I wish we could also have automated updates for containers 17:06:36 <bowlofeggs> for rawhide,i decided to just make it possible t have a policy that doesn't require karma and autopushes when ci passes 17:06:43 <otaylor> cverna: I don't want this policy change for Flatpaks, but I assume this is configured at the bodhi release level? 17:06:45 <bowlofeggs> so i think cverna could use that same implementation 17:06:57 <bowlofeggs> otaylor: yes, per release 17:07:00 <mhroncok> why is bodhi used here at all? 17:07:00 <cverna> otaylor: yes it would be 17:07:35 <bowlofeggs> for example, this ticket seems relevant: https://github.com/fedora-infra/bodhi/issues/2321 17:07:55 <bowlofeggs> mhroncok: well bodhi is the update gating mechanism for fedora, and this is about gating updates 17:08:18 <mhroncok> the requests seems to be about opening that gate 17:08:24 <mhroncok> *request 17:08:49 <mhroncok> I just don't see the point of having it in bodhi for one day. is this a temporary workaround before CI works better? 17:09:19 <nirik> well, without bodhi there's not a place to display the CI? 17:09:23 <bowlofeggs> i think we could make it faster than 1 day once bodhi's CI gating stuff is better 17:09:26 <cverna> I would be glad to have 0 days, I am just not sure if that is possible 17:09:40 <otaylor> mhroncok: it would still be in bodhi even if it was in there for 0 days, I think - bodhi is the place that handles moving things around and recording what is in where and why 17:09:46 <bowlofeggs> we will want faster than a day for rawhide too probably 17:10:34 <mhroncok> so basically what we want is "no time gating for containers", possibly use "1 day" as a wrokaround until that possible? 17:10:50 <bowlofeggs> the only reason we compose once a day right now is because it's hard on the mirrors if we compose too frequently. but i can see a use case for making compose frequency by a per-release setting 17:11:10 <otaylor> bowlofeggs: we discussed that we can compose containers/flatpaks without that issue 17:11:13 <cverna> mhroncok: yes 17:11:28 <mhroncok> cverna: thanks for clarifying 17:11:28 <bowlofeggs> mhroncok: in the ideal case, sure. but as it is, do we really have CI on all our stuff to make this actually ok? 17:11:43 <bowlofeggs> otaylor: yeah exactly 17:12:11 <mhroncok> I guess I'm OK with that 17:12:34 <bowlofeggs> i'm concerned about the mismatch between reality and the idea of having CI 17:12:58 <bowlofeggs> the reality being that the test coverage isn't great right now 17:13:07 <bowlofeggs> so voting on this seems a bit premature to me 17:13:26 <cverna> bowlofeggs: We currently have ~30 containers so CI all of them will not be so hard 17:13:37 <cverna> at least basic test does the container start 17:13:44 <mhroncok> "will not be so hard" 17:13:50 <mhroncok> again, can we make it a requirement? 17:13:57 <bowlofeggs> CI'ing my one bodhi container has been quite difficult 17:14:06 <cverna> what is currently missing from the CI pipeline is the reporting back to greenwaves etcc 17:14:12 <bowlofeggs> though i'm testing far more than whether it starts 17:15:17 <bowlofeggs> i did consider making a bodhi feature where the required time in testing depends on whether there are CI tests or not 17:15:31 <bowlofeggs> it could be cool, though some people might game it and just run /bin/true 17:15:33 <cverna> yes it is up to the maintainers but I think have at least one test that check that the container starts with the command documented in the USAGE label is the minimun 17:16:26 <sgallagh> bowlofeggs: There are many ways people could game the system today. They generally don't 17:16:32 <bowlofeggs> true 17:16:33 <sgallagh> I'd not optimize for bad actors 17:16:35 <cverna> and once again I think that a container that does not work is not a big deal, it will not crash your system 17:16:40 <otaylor> I don't think that relying on some fictional group of Feodra container testers to test containers makes sense 17:16:56 <bowlofeggs> sgallagh: well i'm not optimizing, it was just a counter point in my head. the other counter point is that it makes the policy more complicated ☺ 17:17:28 <cverna> otaylor: true, I am not even sure we have container users except from the base image tbh 17:17:30 <sgallagh> bowlofeggs: Depends how it's implemented. You could just give approved CI sources the right to add +10 to karma... 17:17:31 <bowlofeggs> and having just one test doesnt' mean it's a useful test, is the other counter point 17:17:52 <bowlofeggs> even if well intentioned, one test could still be poor quality 17:18:20 <sgallagh> bowlofeggs: That's still probably better than most of the karma things get today. 17:18:33 <sgallagh> A lot of them are just "it didn't obviously break, so +1!) 17:18:39 <bowlofeggs> sgallagh: except for -1's. those are often useful (except the kernel, haha) 17:18:57 <bowlofeggs> and a poor quality CI would be no better than "works for me!" 17:19:09 <sgallagh> bowlofeggs: But no *worse* either 17:19:10 <bowlofeggs> and i would actually argue is worse 17:19:18 * sgallagh shrugs 17:19:19 <bowlofeggs> because at least a "works for me" is a person really useing it to realyl do soemthing 17:19:46 <mhroncok> bowlofeggs: I sometimes doubt that they actually did something at all 17:19:48 <bowlofeggs> a CI that just checks "does this process start" is doing much less than most "works for me" testers 17:20:12 <bowlofeggs> mhroncok: i think that's true in some cases, but i also personally test packages and i usually check for more than whether it starts 17:20:21 <bowlofeggs> and my message often ends up being "works for me" 17:20:45 <mhroncok> bowlofeggs: protip: write at least a bit what have you tested ;) 17:20:47 <mhroncok> anyway 17:20:52 <bowlofeggs> mhroncok: ☺ 17:20:56 <mhroncok> the discussion is going nowhere 17:21:06 <sgallagh> bowlofeggs: On at least three occasions, I've had packages get +3 karma between me submitting them and noticing that it didn't work *at all* (usually less than a half-hour) 17:21:14 <bowlofeggs> i don't think we're at a state of CI where i feel comfortable with the proposal 17:21:24 <mhroncok> it's far from midnight in the EU, so sgallagh has time 17:21:35 <sgallagh> sgallagh would love lunch though 17:21:48 <bowlofeggs> sgallagh: yeah i don't disagree that a lot of people don't do a good job. i'm just argueing that "does the process start" is worse than average 17:22:34 <bowlofeggs> i would like to think through a policy that allows packages with "good CI" to get a faster turnaround, but defining "good CI" is hard 17:23:02 <sgallagh> bowlofeggs: I default to assuming that the maintainer can be trusted. 17:23:10 <bowlofeggs> and configuring bodhi to detect teh difference between good CI and not-good CI is also a hard problem 17:23:22 <mhroncok> the maintainer can be trusted only if they have the certificate 17:23:24 <sgallagh> If they click a button that says "I trust my CI", I think we should believe them unless proven otherwise 17:23:30 * sgallagh slaps mhroncok 17:23:45 <bowlofeggs> maintainers regularly break the backwards incompatibility update policy 17:23:46 <cverna> I think we are going a bit off topic, I don't intend to define what good CI is or should be 17:23:58 <bowlofeggs> i'm not sure i would agree that they don't need guard rails 17:24:13 <mhroncok> the discussion is still going nowhere 17:24:15 <cverna> and again I might be a bit to careless, but a broken container as a user does not bother me too much 17:24:28 <cverna> I can use the previous working tag and open a bugzilla 17:24:45 <cverna> it will not break my system compared to packages 17:25:02 <bowlofeggs> yeah it does seem less severe than for RPMs 17:25:14 <bowlofeggs> though new users of the package won't know to do that 17:25:21 <bowlofeggs> (edge case) 17:25:33 <sgallagh> cverna: Any way we can automatically include a "last-week" alias on a container? 17:25:53 <sgallagh> So each time you push a new one, the previous one gets a standard tag? 17:26:03 <sgallagh> So it makes rollback easier for beginners? 17:26:14 <cverna> sgallagh: the tags are versions except for latest 17:26:23 <bowlofeggs> sgallagh: well then you have to know how often people update 17:26:25 <sgallagh> oh ok 17:26:33 <sgallagh> I was thinking they were just hashes 17:26:43 <sgallagh> If they have human-readable names already, I'm good with that 17:26:55 <cverna> for example https://registry.fedoraproject.org/repo/f29/origin-base/tags/ 17:26:56 <sgallagh> I was just aiming for maximum simplicity 17:28:17 * nirik has to go... 17:28:33 <cverna> Overall my point is that currently we have container updates that are not tested and just wait 7 days for nothing 17:28:35 <sgallagh> So, this conversation does not appear to be circling in on a decision, so shall we send it back to the ticket? 17:29:03 <sgallagh> cverna: And getting them testing isn't an option? 17:29:14 <sgallagh> You can't just have members of your team give karma? 17:29:22 <sgallagh> (After testing, of course) 17:30:03 <mhroncok> I don't think that "nobody tests this" is good enough reason 17:30:19 <cverna> We are 3-4 active member in the container SIG so giving +3 Karma would mean that we all have to spend some time testing them 17:30:22 <mhroncok> however "testing is not needed, because <reasons>" works for me 17:30:34 <mhroncok> cverna: it doesn't have to be 3 17:30:50 <cverna> so I gave my reason why I think testing for container is not that important 17:30:54 <cverna> reasons* 17:31:37 <mhroncok> you did 17:31:46 <sgallagh> cverna: My suggestion would be to lower the karma threshold to 1 and just have at least one of you do some testing 17:31:58 <sgallagh> Then it will get autokarmaed in a day AND have actual testing 17:32:20 <cverna> I guess that could work, can we configure bodhi to default to a +1 karma ? 17:32:30 <mhroncok> cverna: you can set the carma 17:32:32 <mhroncok> karma 17:32:36 <sgallagh> Default, no. But it's an option when you create the update 17:32:37 <bowlofeggs> cverna: it doesn't have settings, but you can set it on updates 17:32:40 <cverna> that's overhead 17:32:44 <sgallagh> Either in the UI or via the API 17:32:45 <mhroncok> seriously? 17:33:14 <mhroncok> either you do it by hand and it's very little difference 17:33:15 <jforbes> That is one extra drop down box to set when filing the update, I wouldn't consider it "overhead" 17:33:17 <cverna> mhroncok: we have already very little people interested in maintaining containers I would like it to be as painless as possible 17:33:22 <mhroncok> or you have it scripted and it's very little difference 17:34:00 <mhroncok> bowlofeggs: generally having karma limits presets would be nice feature 17:34:03 <sgallagh> cverna: This *is* as painless as possible 17:34:25 <mhroncok> however I don't think this is a big deal 17:34:41 <cverna> bowlofeggs: can we edit the karma after the update was submitted ? 17:34:43 <sgallagh> cverna: Just write a doc showing how to use the bodhi CLI with the --karma flag (or whatever it is) to create the update 17:34:48 <sgallagh> cverna: Yes 17:34:53 <bowlofeggs> mhroncok: yeah, though i can't commit to making that feature due to $time - i would accept a PR for it though ☺ 17:35:01 <bowlofeggs> cverna: yeah it can be edited 17:35:07 <sgallagh> But it will ignore you if you retroactively set it down to lower than the current value, I've noticed 17:35:16 <mhroncok> bowlofeggs: well, the bloody pyramid, I'm not sure I want to understand that code :D 17:35:26 <sgallagh> Or rather, it will change the maximum but not immediately queue it. 17:35:26 <cverna> ok that should be ok then even tho karma per release would be better :) 17:35:28 <sgallagh> That may be a bug 17:35:40 <bowlofeggs> sgallagh: it ignores until someone else karmas it (i've noticed this too) 17:35:49 <bowlofeggs> probably it shouldn't do that, but oh well 17:35:51 <bowlofeggs> haha 17:36:02 <mhroncok> I tought that's a protection against cheating 17:36:13 <mhroncok> bowlofeggs: call it a feature 17:36:15 <bowlofeggs> mhroncok: yeah pyramid isn't awesome, though honestly this particular feature wouldn't require knowing pyramid at all 17:36:33 <bowlofeggs> mhroncok: haha 17:36:36 <sgallagh> cverna: Is that sufficient for you to get on with for now? 17:36:43 <sgallagh> And then work towards sufficient CI? 17:36:44 <mhroncok> bowlofeggs: I'll submit a PR once I create the ACLs once sgallagh creates the separate koji 17:36:47 <cverna> yes I think that's good :) 17:36:49 <bowlofeggs> it's jsut that bodhi doesn't check the karma when that vlaue is changed, only when comments with karma are added 17:36:56 <mhroncok> cverna: \o/ 17:36:57 <sgallagh> Great! 17:37:01 <bowlofeggs> so when you change it, bodhi doesn't check the count, it just updates it 17:37:18 <bowlofeggs> mhroncok: haha, i look forward to all of those then 17:37:25 <sgallagh> We don't need to debug that here. I was just giving cverna a heads-up :) 17:37:42 <mhroncok> set us free? 17:37:53 <cverna> thanks all 17:38:08 <sgallagh> #info FESCo makes no policy change but recommends a workaround of setting minimal autokarma 17:38:16 <sgallagh> Yeah, I think we're done. 17:38:19 <sgallagh> Thanks all. 17:38:22 <sgallagh> #endmeeting