15:00:42 #startmeeting FESCO (2019-06-21) 15:00:42 Meeting started Fri Jun 21 15:00:42 2019 UTC. 15:00:42 This meeting is logged and archived in a public location. 15:00:42 The chair is jforbes. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:42 Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:00:42 The meeting name has been set to 'fesco_(2019-06-21)' 15:00:42 #meetingname fesco 15:00:42 The meeting name has been set to 'fesco' 15:00:42 #chair nirik, bowlofeggs, jforbes, zbyszek, bookwar, sgallagh, contyk, mhroncok, otaylor, ignatenkobrain 15:00:42 #topic init process 15:00:42 Current chairs: bookwar bowlofeggs contyk ignatenkobrain jforbes mhroncok nirik otaylor sgallagh zbyszek 15:00:51 morning. 15:00:56 .hello2 15:00:57 ignatenkobrain: ignatenkobrain 'Igor Gnatenko' 15:00:57 .hello2 15:01:00 dustymabe: dustymabe 'Dusty Mabe' 15:01:02 .hello2 15:01:03 bookwar: bookwar 'Aleksandra Fedorova' 15:01:16 .hello2 15:01:17 bgilbert: bgilbert 'Benjamin Gilbert' 15:01:27 .hello churchyard 15:01:28 mhroncok: churchyard 'Miro Hrončok' 15:01:46 .hello2 15:01:47 bcotton: bcotton 'Ben Cotton' 15:02:11 .hello2 15:02:12 otaylor: otaylor 'Owen Taylor' 15:03:27 sgallagh, ignatenkobrain, bookwar, contyk: congrats 15:03:45 So I wanted to start the meeting off with a welcome to ignatenkobrain 15:04:18 jforbes: mhroncok thanks 🙂 15:04:23 welcome! 15:04:25 And a big thank you to bowlofeggs 15:04:28 welcome all! 15:04:35 and many thanks to bowlofeggs too... yeah. 15:04:47 .hello psabata 15:04:48 contyk: psabata 'Petr Šabata' 15:05:09 since it seems we have quorum, let's get started 15:05:12 mhroncok: thanks 15:05:16 #topic #2133 F31 System-Wide Change: Disable Root Password Login in SSH 15:05:17 .fesco 2133 15:05:17 https://pagure.io/fesco/issue/2133 15:05:19 jforbes: Issue #2133: F31 System-Wide Change: Disable Root Password Login in SSH - fesco - Pagure.io - https://pagure.io/fesco/issue/2133 15:06:46 my proposal stands: Let's defer this change until the technical issues are solved. 15:07:28 mhroncok: but change is about approving the work to resolve the issues 15:07:42 mhroncok: or what do you mean as "resolved"? 15:08:08 when there is a plan that all the relevant maintainers agree on 15:08:15 * nirik wonders if there could be a kickstart version of the checkbox too... 15:08:15 "I plan to start on this soon, so we have it in place well before branching" from the bz seemed like resolution of the planning change 15:09:06 i think the anaconda bug contains this plan and agreement, doesn't it? 15:09:15 That was how I read it 15:09:47 * mhroncok looks 15:10:02 I don't think that anaconda bug has exact plan on how to solve issue, but there are some possible solutions mentioned in a bug. 15:10:04 it seems so, sorry 15:11:09 So I think I'm pretty confident +1 on this one. In worst case, contigency plan contains necessary things to be done and beta freeze seems like good time for it. 15:11:16 I thought from my reading there was a definite plan to proceed adding a checkbox (not entirely a fan...) 15:12:56 if that checkbox is the plan, I'd be happier if the change page described that plan 15:12:59 I think we could approve/vote now and if it's not done, it uses it's contingency plan. 15:13:37 it does have a link to the bug, but it's not very detailed indeed. 15:13:47 nirik: +1 15:15:53 so? vote? defer? 15:15:54 So shall we vote then, or is there more to discuss? 15:16:44 let's vote 15:16:46 I think we can vote to approve the change, and provide feedback if we think the anaconda changes need more careful planning 15:16:48 +1 to the change. I can ask for the description update in the ticket. 15:16:55 vote+ 15:17:04 +1 to the change as well 15:17:11 +1 for the change 15:17:20 +1 for the change 15:17:21 +1 to the change. Should update the change page to have more info on the anaconda checkbox (where it is, what it does, etc) 15:17:21 +1 to the change (will put my own comment in the ticket about the anaconda part) 15:17:39 +1, too 15:18:14 #agree 31 System-Wide Change: Disable Root Password Login in SSH is approved (+6,0,0) 15:18:38 jforbes: I think it's #agreed 15:19:04 both works 15:19:19 #topic #2149 Proposal to change non-responsive maintainer policy 15:19:19 .fesco 2149 15:19:19 https://pagure.io/fesco/issue/2149 15:19:21 jforbes: Issue #2149: Proposal to change non-responsive maintainer policy - fesco - Pagure.io - https://pagure.io/fesco/issue/2149 15:19:23 oh, well nevermind then :-) 15:20:54 let's vote on the general idea, later work on the exact wording and finally approve it then? 15:21:21 I think we were getting close to wording... 15:21:27 otherwise the bikeshedding might prevent us from moving this forward 15:21:33 just perhaps need to consider the non maintainer case... 15:21:46 I think there is enough agreement on the general idea in the ticket. Do we want to defer a week to finish the wording? I don't see a point in 2 votes. 15:22:07 how about we defer and also see if devel list has any input before we change it? 15:22:08 that work for me as well 15:22:24 I can agree to that 15:23:01 let's do that then :) 15:23:09 who wants to start a thread? if no one else I can... 15:23:29 I suppose I can do that :) 15:24:05 cool. thanks. 15:24:09 #agreed The proposal to change non-responsive maintainer policy is deferred while wording is fine tuned and it is discussed on devel list 15:24:28 #action ignatenkobrain to start a thread on the non-responsive maintainer policy 15:24:52 #topic #2151 F31 Self-Contained Change: Include several modules in the EFI build of Grub2 for security use-cases 15:24:52 .fesco 2151 15:24:53 https://pagure.io/fesco/issue/2151 15:24:54 jforbes: Issue #2151: F31 Self-Contained Change: Include several modules in the EFI build of Grub2 for security use-cases - fesco - Pagure.io - https://pagure.io/fesco/issue/2151 15:25:50 this has buy in from grub2 maintainers right... 15:25:52 it's quite fresh 15:26:32 nirik: yes, i confirmed that with them (the first time it was announced, they were surprised) 15:26:49 yeah. If they are ok with it, then +1 here... 15:27:19 I am +1 here and was in the ticket 15:27:21 +1 to the change 15:27:33 still 0 15:27:37 although it really seems like it's sort of 1/2 done... to be a real useful change it would change anaconda to use it, but that can be down the road... 15:28:24 Yes, anaconda would make it more useful 15:30:35 +1 15:32:07 bcotton: the grub2 maintainres are listed on the proposal as owners, did that change from the initial state? 15:32:40 otaylor: iirc, the proposer listed them but hadn't talked to them about it first :-) 15:32:48 oh my 15:33:02 otaylor: he has since gotten their buy-in on it 15:33:07 bookwar contyk? 15:33:21 still +1 15:33:31 Oh right, you voted in ticket 15:33:41 +1 too 15:34:22 #agreed 31 Self-Contained Change: Include several modules in the EFI build of Grub2 for security use-cases is approved (+6,1,-0) 15:34:34 switched to agreed just for you bcotton :) 15:34:46 :D 15:34:47 jforbes++ you're too good to me 15:34:48 bcotton: Karma for jforbes changed to 5 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 15:34:54 #topic #2152 "backport" branches in src.fp.o for backports to coreos stable streams 15:34:54 .fesco 2152 15:34:54 https://pagure.io/fesco/issue/2152 15:34:55 jforbes: Issue #2152: "backport" branches in src.fp.o for backports to coreos stable streams - fesco - Pagure.io - https://pagure.io/fesco/issue/2152 15:35:20 19 hours ago, I have not yet seen this 15:35:24 So this one is super new, like filed as I was making the agenda, but dustymabe asked if we could discuss it. I said we could, but I couldn't guarantee a decision today 15:35:48 * mhroncok goes to read it 15:35:49 * nirik hasn't read anything this morning 15:35:53 mhroncok: Yes, super new, and not exactly straight forward 15:36:49 +1 15:36:59 raising awareness, not expecting a vote today 15:37:16 also bgilbert and I are here to field questions if any exist 15:37:20 * bgilbert waves 15:37:48 dustymabe: should this be discussed on devel first? 15:37:48 I'd like to see more thought put into alternate possible solutions before we vote on this. 15:37:54 * nirik is ok with it, but it may end up being a ton of work... hard to say. 15:38:31 bcotton: not sure, is that something you would suggest ? 15:38:32 dustymabe: as I just commented in ticket, why would there be multiple branches? a single coreos-backport branch seems sufficient. If there were a 2nd CVE to address you would just add it to the first? 15:39:00 jforbes: there might be separate bases for the `testing`, `stable`, and `next` streams 15:39:01 dustymabe: how do you plan to "reuse" a branch? 15:39:12 jforbes: I certainly hope that wouldn't be common 15:39:17 dustymabe: i would, but i'm only here in a non-voting capacity ;-) 15:39:55 dustymabe: Yes, package maintainers get picky about git branches. I am still annoyed at kernel branches that people accidentally (or intentionally) pushed WIP to years ago 15:40:17 bcotton: I'm with you 15:40:17 mhroncok: we'd basically merge what we want into that branch at the time we need it - the history wouldn't be pretty, but we proposed using tags to keep track of what commits were used for what rpms 15:40:24 if this is not urgent, go trough devel@ first 15:40:49 dustymabe: that sounds horrible 15:40:51 otaylor: we're open to other more elegant solutions if they exist 15:41:19 I would prefer to have just one branch coreos-backports.. But generally I'm not happy with mid-branch fixes. +1 to mhroncok proposal 15:41:29 there are several options discussed in the ticket. we talked with mattdm and releng (mohan) and it seems this proposal is what we came up with 15:42:20 certainly open to better ideas :) 15:42:34 mhroncok: bcotton: is the proposal to discuss on devel to see if there are better ideas out there ? 15:42:43 dustymabe: realistically, when do you need a solution? 15:42:45 dustymabe: yes 15:42:49 The reality is, there tend to be less than 10 critical CVE events in a given year. Things like MDS and SACK were multiple CVEs, but single events. 15:43:25 mhroncok: it is not a rush unless a disclosure suddenly makes it so :( 15:43:38 jforbes: CVEs are a good example of when you'd need this, but there could be cases where we'd like to use this mechanism for regressions as well 15:43:46 dustymabe: so when you reuse branch, does it mean you reset it completely to point to another commit or you do merges and then get a very strange history 15:44:12 bookwar: probably the strange history option - i don't think you can overwrite history in dist-git 15:44:32 which is expected 15:44:53 note that backports are not our preferred approach in any event. we'd prefer to just take the new package when that seems safe. 15:44:54 bookwar: no, you have to merge the other branch/commits 15:45:10 You can do what we do with stabilization. We don't do a merge, just change everything and commit it as a "catch up commit" 15:45:46 I don't see a reason to have branches with crazy history in dist-git permanently 15:45:49 bgilbert: do we have a good answer for mhroncok on the "when do you need a solution"? 15:45:58 I have some ideas, but I need to read all the requirements, this is too quick for me 15:45:59 Just have a branch for each event named in some descriptive way 15:46:22 otaylor: that. also we could have those branches live in nondefault ref namespace 15:46:28 and if that's really annoying people, delete the branch and just leave the tags 15:46:30 dustymabe: the only odd thing there, if something like a kernel bug is filed on some older version such as you ship, the default answer would likely be "try the current kernel" 15:46:43 dustymabe: is there an expectation, how many cases like this would appear in let's say one release cycle? 15:47:13 dustymabe, mhroncok: we don't _need_ a solution for day 1 of the preview release. it's a preview release; we can occasionally regress a bit. but it'd be good to have an answer "soon". 15:47:18 "nondefault refs namespace" is probably not a proper git term 15:47:21 jforbes: correct. there would be some divergence here from the rest of fedora proper, which is why we hope we don't use this often 15:47:59 otaylor, mhroncok: if something like that is workable, I'd personally prefer it 15:48:01 otaylor: You can't delete a branch in dist-git. And even if you could, if this was something that ever ships (and it sounds like it always would be), wouldn't it have to be kept for compliance reasons? 15:48:33 jforbes: not if you keep the tag 15:48:35 jforbes: well the tag would be there 15:48:46 jforbes: you'd need a branch or a tag to keep the commits from being garbage collected, but otherwise the commits are pointed to from koji, and that should be fine for compliance 15:49:14 dustymabe, bgilbert: can we meet next week and discuss this (and not steal this fesco meeting)? 15:49:21 absolutely 15:49:29 to be honest I don't get what is the problem with having more branches, Aren't tag and branch the similar concept in git, it is a pointer to a hash of a commit, isn't it? 15:49:33 i was about to say I think we've gone far enough to let people think about it some 15:49:37 mhroncok: I'm out next week :-( 15:49:50 but in general, yes, happy to meet 15:49:59 i'll be around, and the discussion can continue in the ticket too 15:50:22 Yes, I expect there will be plenty more discussion in ticket. 15:50:36 +1 15:50:38 Anyway, I didn't promise a vote, but it was asked that I bring it up, and I did. 15:50:46 thanks jforbes 15:50:48 jforbes: thanks 15:50:49 #action mhroncok to draft some more ideas next week, will put everything in the ticket (mostly based on what was said here) 15:50:53 this was productive I think 15:51:18 dustymabe: can you please drop me an e-mail? I'm on PTO today and might forget to do this next week 15:51:37 sure 15:51:47 thanks 15:51:52 #agreed voting on backport branches is deferred and will be further discussed in ticket 15:52:09 #topic Next week's chair 15:52:53 any takers? 15:53:01 guess I could if there's no one else 15:53:22 Thanks contyk 15:53:37 #action contyk will chair next meeting 15:53:43 #topic Open Floor 15:54:07 Anyone have anything for open floor? 15:54:14 onboarding ignatenkobrain 15:54:24 do we need a ticket? there's plenty of stuff 15:54:42 a ticket would be lovely. Happy to do stuff, but want it all tracked... 15:54:43 groups, badges, mailing lists, pagure rights whatnot 15:54:53 on it 15:54:53 Oh right. I forgot there is no magic script that does all of that 15:54:55 and perhaps we could make a sop/wiki page? 15:55:13 there is somehting 15:55:13 .fesco 2154 15:55:15 ignatenkobrain: Issue #2154: Update FESCo membership with elections results - fesco - Pagure.io - https://pagure.io/fesco/issue/2154 15:55:20 and could get it so others besides me could do it all. ;) 15:55:20 also, is it time for another whenisgood? 15:55:33 https://docs.fedoraproject.org/en-US/fesco/Updating_Fedora_Engineering_Steering_Committee_Members/ 15:55:43 ignatenkobrain: is this meeting time OK for you, generally? 15:55:46 contyk: I'm fine with this time 15:56:22 Seems we are okay. Didn't even think about it since ignatenkobrain is typically involved in the meetings for one reason or another before elected 15:56:34 side-question, do we have anything fesco-specific at flock? 15:56:52 There is a modularity thing that we were tagged in 15:56:57 fwiw, i'm happy to handle the new/leaving member stuff as a matter of routine, if fesco is open to granting the appropriate privileges (and if you're not, i won't be hurt, i'll just keep filing tickets for you) 15:57:05 https://pagure.io/flock/issue/192 15:57:35 nirik: https://pagure.io/fesco/issue/2156 15:57:38 jforbes: thanks 15:57:53 bcotton: fine with me. don't want to overburden you, but if you are good with that being a FPM thing, fine 15:58:11 Do we actually have some FESCo session on a Flock? 15:58:14 nirik, bcotton: +1 15:58:16 like where people can come and just ask us questions 15:58:30 bookwar: And we typically do a meeting in the same room, but it still has to be IRC based so that non attendees can participate 15:58:36 we do panels sometimes 15:58:50 it would be good to have one again 15:59:00 contyk: +1 15:59:06 There isn't a FESCo panel proposed that I see this year 16:00:06 anyone wants to fix that? 16:00:09 for the sake of having a record in case anyone questions it: proposed #agreed the FPgM is authorized to update membership of FESCo mailing lists, Pagure groups, etc. 16:00:25 bcotton: +1 16:00:36 +1 16:00:40 bcotton: +1 16:00:52 +1 16:00:59 contyk: well, I guess I can open a flock proposal 16:01:11 Just need to find previous ones and copy description :) 16:01:16 bcotton: +1 (and see me after meeting and we can sort out what you need for perms) 16:01:17 ignatenkobrain++ 16:01:31 maybe start from beginning, who doesn't go to flock? 16:01:35 It is late, round 2 selection is already in process isn't it? 16:01:38 nirik: ack 16:01:49 jforbes: cfp is open until 1st of July 16:02:07 Oh, forgot it was extended 16:02:25 I will be there, skipping Defcon for it 16:02:47 I'm coming to Flock, already bought a bus tickets 16:03:17 * nirik hopes to be there 16:03:21 assuming contyk, probably enough for a panel 16:03:53 I'll be there 16:04:47 then ignatenkobrain files a request and we just come :) 16:04:50 bcotton: sorry for the duplicate ticket :( 16:04:56 mhroncok: no worries :-) 16:05:05 mhroncok: two tickets are better than none :-) 16:05:39 If there is nothing else for open floor, will close in 2 minutes 16:05:40 #action ignatenkobrain to open FESCo Panel ticket for Flock 16:06:07 jforbes: can you #agreed my proposal for the record if the vote supports it? 16:06:19 jforbes: or #agree :p 16:06:33 +1 16:07:12 #agreed the FPgM is authorized to update membership of FESCo mailing lists, Pagure groups, etc. (+5,0,-0) 16:07:23 thanks :-) 16:07:43 #endmeeting