#fedora-meeting-2 log

17:00:07 <mhayden> #startmeeting FESCO (2023-10-05)
17:00:07 <zodbot> Meeting started Thu Oct  5 17:00:07 2023 UTC.
17:00:07 <zodbot> This meeting is logged and archived in a public location.
17:00:07 <zodbot> The chair is mhayden. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
17:00:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:07 <zodbot> The meeting name has been set to 'fesco_(2023-10-05)'
17:00:11 <mhayden> #meetingname fesco
17:00:11 <zodbot> The meeting name has been set to 'fesco'
17:00:17 <mhayden> #chair nirik, decathorpe, zbyszek, sgallagh, mhroncok, dcantrell, mhayden, Conan_Kudo, Pharaoh_Atem, Son_Goku, King_InuYasha, Sir_Gallantmon, Eighth_Doctor, tstellar
17:00:17 <zodbot> Current chairs: Conan_Kudo Eighth_Doctor King_InuYasha Pharaoh_Atem Sir_Gallantmon Son_Goku dcantrell decathorpe mhayden mhroncok nirik sgallagh tstellar zbyszek
17:00:23 <mhayden> #topic init process
17:00:26 <mhayden> .hello2
17:00:27 <zodbot> mhayden: mhayden 'Major Hayden' <mhayden@redhat.com>
17:00:30 <dcantrell> .hello2
17:00:33 <Son_Goku> .hello ngompa
17:00:33 <zodbot> dcantrell: dcantrell 'David Cantrell' <dcantrell@redhat.com>
17:00:36 <zodbot> Son_Goku: ngompa 'Neal Gompa' <ngompa13@gmail.com>
17:00:46 <zbyszek> .hello2
17:00:47 <zodbot> zbyszek: zbyszek 'Zbigniew Jędrzejewski-Szmek' <zbyszek@in.waw.pl>
17:00:52 <mhayden> in other news, my phone would like us to rename this to the Fresco Meeting 🍂
17:01:04 <zbyszek> Wine?
17:01:11 <nirik> morning
17:01:24 <dcantrell> not Fresca?  https://www.fresca.com/
17:01:25 <mhayden> zbyszek: if you've got a red, i'll take it 🍷
17:01:34 <mhroncok_web> hey hey
17:01:40 <dcavalca> .hi
17:01:41 <zodbot> dcavalca: dcavalca 'Davide Cavalca' <davide@cavalca.name>
17:01:46 <mhroncok_web> .hello churchyard
17:01:47 <zodbot> mhroncok_web: churchyard 'Miro Hrončok' <mhroncok@redhat.com>
17:01:54 <mhayden> ah, it's the web version of mhroncok!
17:02:19 <dcantrell> I've heard of the web before
17:02:21 <mhroncok_web> yep. I am using web.libera.chat and I didn't want to bother with logins and things
17:02:32 <mhayden> i'm using the super minimal libera webchat doodad
17:02:35 <mhroncok_web> I forgot how to IRC
17:02:35 <mhayden> gamja?
17:02:48 <decathorpe> .hi
17:02:49 <zodbot> decathorpe: decathorpe 'Fabio Valentini' <decathorpe@gmail.com>
17:02:55 <mhayden> mhroncok_web: you and me both 🤣
17:03:12 <mhayden> i think we've got 7 if i am able to count on my fingers properly
17:03:32 <mhayden> we're so ready
17:03:34 <mhayden> let's go
17:03:49 <mhayden> #topic #3080 Retiring 5 packages without a Python 3.12 rebuild from Fedora 39+40
17:03:52 <mhayden> .fesco 3080
17:03:53 <zodbot> mhayden: Issue #3080: Retiring 5 packages without a Python 3.12 rebuild from Fedora 39+40 - fesco - Pagure.io - https://pagure.io/fesco/issue/3080
17:03:53 <michel-slm> .hello salima
17:03:55 <zodbot> michel-slm: Sorry, but user 'salima' does not exist
17:03:56 <michel-slm> .hello salimma
17:03:58 <zodbot> michel-slm: salimma 'Michel Lind' <michel@michel-slm.name>
17:04:26 <mhayden> 👋 michel-slm
17:04:34 <mhayden> mhroncok_web: you want to kick this one off?
17:05:02 <mhroncok_web> well
17:05:03 <mhayden> i think we have 5 +1's in the ticket, no -1's
17:05:06 <zbyszek> This already had a bunch of votes in the ticket, but didn't get +7 despite the fast-track request.
17:05:10 <dcavalca> michel-slm and I are still working to unfuck the mathics packages, so we'd like to request a stay of execution for those
17:05:16 <mhroncok_web> I want to get this approved, so I can proceed tmrw
17:05:23 <michel-slm> the ticket does say the retirement will happen tomorrow
17:05:24 <dcantrell> I just added a +1 to the ticket
17:05:34 <mhroncok_web> dcavalca: ack
17:05:35 <michel-slm> so ... we can still fix this today
17:05:45 <mhroncok_web> please do
17:05:46 <mhayden> so we are +6, but dcavalca brings up a point there
17:06:04 <mhroncok_web> I won't retire the 2 mathics packages
17:06:19 <dcavalca> thanks mhroncok_web
17:06:20 <mhroncok_web> not this week anyway
17:06:24 <michel-slm> thanks Miro
17:06:56 <mhroncok_web> the pyside+freecad thing seem to be acked by the maintainers and the last one probbaly is
17:06:59 <nirik> +1 also
17:07:14 <mhroncok_web> thanks
17:07:29 <mhroncok_web> let's declare this approved as +7 now?
17:08:01 <mhayden> nirik makes 7 for sure
17:08:10 * mhayden needs to refresh his policy knowledge on fast track tickets
17:08:24 <mhroncok_web> +7, -0 in ticket makes is approved
17:08:28 <decathorpe> fast track doesn't apply when we're voting in meeting, I think
17:08:34 <mhroncok_web> but we are in a meeting
17:08:42 <decathorpe> but either way it's approved now
17:08:48 <neil> .hi
17:08:49 <mhroncok_web> so unless somebody tosses a -1 now, we can declare it approved +7,0,-0
17:08:49 <zodbot> neil: neil 'Neil Hanlon' <neil@shrug.pw>
17:08:52 <zbyszek> I think it's approved as soon as the meeting ends.
17:08:54 <mhayden> haha okay let me remember the incantations for the bot
17:09:12 <dcantrell> in this timeline we're in a meeting, but in another timeline we're not
17:09:18 <zbyszek> mhayden: #agreed APPROVED (+7, 0, 0)
17:09:19 <mhayden> #agreed Proceed with Python package retirements in #3080 except the mathics packages (+7,0,0)
17:09:31 <mhayden> thanks zbyszek
17:09:42 <zbyszek> mhayden: you wrote it better than my suggestion :)
17:09:51 <mhayden> zbyszek: i'm too verbose 🙃
17:09:54 <mhroncok_web> yay \o/
17:10:04 <mhayden> okay, anything else on this one?
17:10:20 <mhayden> sweet, moving right along
17:10:23 <mhayden> #topic #3072 Change: Passim Peer-to-Peer Metadata
17:10:28 <mhayden> .fesco 3072
17:10:29 <zodbot> mhayden: Issue #3072: Change: Passim Peer-to-Peer Metadata - fesco - Pagure.io - https://pagure.io/fesco/issue/3072
17:10:31 <mhroncok_web> I need to go afk for a minute
17:10:43 <mhayden> "Passim is a local caching server that broadcasts specific shared metadata to other clients on your local network to reduce the amount of duplicate data downloaded from the internet."
17:11:16 <mhayden> seems like the main concerns are about enabling this by default since it's network service
17:11:41 <dcantrell> yeah, so I'm ok with this change but would not want it on by default.  users would need to explicitly enable it.
17:11:56 <mhayden> this would reduce the load on the firmware servers that fwupdmgr uses, if i read this right
17:12:27 <zbyszek> Yeah. From what I have seen, this daemon is implemented well, but OTOH, the proposal is to enable-by-default a network service that is freshly written. I would feel better it was opt-in at least for a release.
17:12:47 <mhayden> i could be persuaded to bring it in but not enabled by default
17:12:53 <decathorpe> well, doesn't this only save server bandwidth if there are actually >= 2 Fedora devices with this enabled on the same network?
17:13:10 <zbyszek> decathorpe: yes
17:13:30 <mhayden> yes, the testing instructions specify 2+ machines
17:13:31 <decathorpe> that somewhat limits the usefulness to large deployments, and "punishes" single users with an additional networked service
17:13:50 <zbyszek> mhayden: it's already "in", in the sense that you can do 'dnf install passim' today.
17:15:06 <dcavalca> would this Change apply to all editions?
17:15:22 <nirik> well, it's dbus activated right?
17:15:46 <mhayden> i don't see editions specified there
17:15:53 <mhayden> this wouldn't give much value in cloud, for example
17:16:34 * mhroncok_web is back
17:16:48 <mhayden> mhroncok_web: welcome back -- talking about 3072
17:17:22 <mhayden> would our feedback here be 1) not on by default and 2) please specify the editions it would apply to?
17:17:34 <dcavalca> yeah, that's why I was asking, it really feel like something that would make sense for workstation and server, and only if one has 2+ systems on the same network
17:18:06 <Son_Goku> mhayden: I don't know about that
17:18:17 <Son_Goku> private cloud networks with gateway servers are a thing
17:18:55 <mhayden> i can see your point, Son_Goku
17:19:17 <mhayden> but for the average fedora instance in aws or azure or digitalocean, there's likely not much benefit enabling passim there by default
17:19:17 <Son_Goku> and I used to work in a place that did in fact do private cloud stuff where this would be useful
17:19:44 <Son_Goku> only because nobody wrote a dnf plugin for it yet :)
17:19:57 <mhroncok_web> however, useful does not imply "let's enable this for everybody by default"
17:20:05 <dcavalca> even on a public cloud, it'd probably work if the instances are on the same VPC and the security groups are wired up right but... that's a lot of assumptions
17:20:09 <zbyszek> nirik: It's dbus-activated, but it would generally be started always whenever fwupdmgr refresh is done.
17:21:01 <mhroncok_web> Stephen said he'd ask some questions on the list
17:21:05 <nirik> right, and it's a suggests in fwupdmgr currently right?
17:21:32 <nirik> yeah
17:22:07 <mhroncok_web> and the thing being on discuss.fp.o makes me unable to see if those questions were split to a different topic or if they never happened
17:22:31 <Son_Goku> dcavalca: I think it's a lot more common to see that kind of stuff in public cloud deployments
17:22:37 <mhroncok_web> there is https://discussion.fedoraproject.org/t/f40-change-proposal-passim-peer-to-peer-metadata-self-contained/89608/9
17:22:39 <Son_Goku> even smaller clouds do a lot of that "by default" now (e.g. Linode)
17:23:19 <zbyszek> mhroncok_web: when things are split out, discourse leaves a pointer. So it's not "invisible".
17:23:31 <mhroncok_web> oh
17:23:43 <Son_Goku> it's a pain to find, but it's there
17:23:53 <mhroncok_web> "I’d be fine with just workstation for F40." says the change owner
17:24:06 <Son_Goku> I would prefer to see this everywhere fwupd is installed
17:24:36 <zbyszek> Yeah, Stephens' point about the firewall is important: without a hole in the firewall, the service cannot work.
17:24:49 <Son_Goku> and in the future, I expect that someone will write a DNF plugin to fetch repodata this way too
17:24:53 <mhayden> sorry folks, web chat locked up and i was the last to know (thanks mhroncok_web!)
17:25:44 <nirik> that could be tricky given the different caches for users/root with dnf... but yeah
17:26:03 <decathorpe> how would that work with zchunk?
17:26:13 <Son_Goku> it's just http range downloading
17:26:21 <Son_Goku> so it would just do range requests across passim
17:26:30 <decathorpe> ah
17:26:41 <Son_Goku> that's what makes zchunk awesome
17:26:46 <Son_Goku> it's very light on requirements to work
17:26:57 <Son_Goku> so you can "double up" and "scale out" easily
17:27:32 <mhroncok_web> I am worried that the dnf plugin thing is probably a bit off topic for this change
17:27:47 <dcantrell> mhroncok_web: agreed
17:29:28 <Son_Goku> it is, but I'm saying that passim is generally useful enough that I don't find a reason to block it
17:29:41 <Son_Goku> right now, passim change is oriented around being installed where fwupd is
17:29:43 <Son_Goku> and I'm fine with that
17:30:16 <mhayden> so i might have missed it when i dropped, but did we solve the firewall open port question for passim?
17:30:17 <mhroncok_web> how much network traffic fwupd generally uses?
17:30:27 <mhroncok_web> as in, is this really the practical use?
17:30:42 <mhroncok_web> no, the firewall thing has not been answered here
17:30:58 <nirik> well, for workstation it would just work right?
17:31:16 <nirik> but other editions would need to open that port it uses if they block it by default
17:31:30 <nirik> 27500/tcp is the port to be clear
17:31:52 <Son_Goku> do we have the port registered as a firewalld service?
17:32:41 <zbyszek> Son_Goku: I don't think so. There's no firewalld config in the package.
17:33:04 <Son_Goku> so we can ask them to do that and get the firewalld presets configured
17:33:37 <Son_Goku> nirik: workstation has a firewall preset, passim needs to be allowed there
17:33:42 <Son_Goku> it's not default-open
17:34:18 <zbyszek> Son_Goku: the firewall is not enabled by default on Workstation.
17:34:36 <nirik> it allows high ports (or at least it used to)
17:35:32 <neil> nirik: it seems to, on my machine, anyways
17:35:38 <nirik> ports: 1025-65535/udp 1025-65535/tcp
17:35:49 <nirik> so, this would just work there.
17:35:52 <Son_Goku> zbyszek: it is, but as nirik points out, high ports are open by default: https://src.fedoraproject.org/rpms/firewalld/blob/rawhide/f/FedoraWorkstation.xml
17:35:59 <nirik> but other editions/images would need something yeah.
17:36:05 <mhayden> oh yes, good call on that nirik
17:37:23 <nirik> well, cloud would just work too.
17:38:01 <Son_Goku> yes, cloud has no firewall by default
17:38:13 <mhroncok_web> any suggestions on how to proceed on this one?
17:38:30 <nirik> unclear to me on what default the other's would have.
17:38:36 <mhayden> so the change proposes moving passim from Suggests: to Recommended:, which makes it a weak dep and installed along with fwupdmgr
17:40:55 <nirik> I guess I am +1, but it would be good to make it so other spins/labs/images could also opt in easily... which I think would mean it would need a service firewalld could enable...
17:41:33 <Son_Goku> yup
17:41:46 <Son_Goku> I think that's the only other thing we need to ask of them
17:43:05 <nirik> so does this have enough votes to pass? or go back to vote in ticket?
17:43:35 <mhayden> i could go +1 on this after the discussion, but i'd like to see that firewalld service in there too
17:44:06 <zbyszek> I think this is too risky to enable by default. -1 for now.
17:44:18 <mhroncok_web> I don't have an opinion. On one hand this is a nice thing to have and might as well establish a good precedence for dnf metadata. On the other hand, I am not sure saving 2 MB a day if and only if there are multiple Fedoras on the network is worth to be enabled by default for every insatllation
17:44:35 <mhroncok_web> I'm 0
17:44:42 <Son_Goku> +1 from me
17:44:49 <mhayden> zbyszek: would you have feedback you'd like to provide back to rhughes?
17:45:14 <zbyszek> mhayden: we're in communication, he even merged my pull request for passim today.
17:45:17 <dcantrell> My big concern is the risk of a new network service for everyone.  The idea seems nice for certain use cases, but overall as a default I am -1
17:45:23 <mhayden> zbyszek: 🎉
17:46:17 <mhayden> so it seems like we have (+3, 1, -2) right now?
17:46:19 <decathorpe> I'm torn between ±0 and -1 but leaning ±ß
17:46:37 <mhayden> ßeautiful
17:46:38 <decathorpe> argh, can't type. count me as ±0
17:46:51 <zbyszek> The scenario I'm afraid of is that we enable this, F39 rolls out, and somebody discovers that there's a buffer overrun or missing locking for concurrent access or something like that, that allows execution of code, and then Fedora Workstations start running a bitcoin miner whenever you visit an untrusted network.
17:47:00 <mhayden> okay, so that's (+3, 2, -2)
17:47:16 <zbyszek> I think that according to the new rules, that passes.
17:47:17 <dcantrell> zbyszek: yeah, exactly
17:47:32 <mhayden> valid concerns, zbyszek
17:47:41 <mhroncok_web> 2 zeros mean the total number of voters is 7
17:47:44 <Son_Goku> yes
17:47:52 <Son_Goku> and they follow the +3
17:47:56 <nirik> note that this is a 40 change. ;)
17:47:56 <mhroncok_web> +3 is not over 50% of 7
17:48:13 <zbyszek> I would prefer that we let users opt-in, figure out if there are any issues, and then maybe enable it by default later.
17:48:35 <dcantrell> yes, save the default decision for later
17:48:54 <mhayden> hmm, is there a proposal we throw out there as a path to yes? zbyszek has a suggestion there
17:49:25 <mhroncok_web> users can already opt-in it seems
17:50:21 * nirik nods.
17:50:46 <nirik> just install the package and make sure the port it uses is otherwise open...
17:51:51 <nirik> (well, I guess you need the rawhide packages)
17:52:55 <mhayden> so it appears we're deadlocked on votes here
17:53:06 <Son_Goku> opt-in has been a thing for a while now
17:53:16 <decathorpe> so ... back to ticket with the questions we have?
17:53:19 <Son_Goku> this is effectively "kill the Change" if we don't accept it for F40
17:54:25 <mhayden> could someone own bringing the concerns and questions to the ticket?
17:54:45 <zbyszek> Oh, wait, this is for F40?
17:54:57 <nirik> yes
17:55:07 <nirik> it's way way too late for f39
17:55:20 <zbyszek> Hmm, OK, so I can change my vote to +1. 6 months should be enough to figure out if there are problems.
17:55:25 <mhroncok_web> :D
17:55:41 <mhayden> so we're (+4, 2, -1) now?
17:55:43 <mhroncok_web> "nirik 19:47:56: note that this is a 40 change."
17:55:59 <Son_Goku> we don't have any F39 changes to accept anymore :D
17:56:02 <zbyszek> Yes, sorry. Reading is hard. Reading with understanding even more so.
17:56:13 <mhroncok_web> (+4, 2, -1) makes this go
17:56:37 <mhayden> #agreed Proceed with #3072 for F40. APPROVED (+4, 2, -1)
17:57:05 <mhayden> one topic left!
17:57:05 <mhroncok_web> I am happy my 0 votes are finally meaningful :)
17:57:15 <mhayden> #topic #3078 Consider revising package sponsor policy due to possible race condition
17:57:17 <zbyszek> I hope I won't regret this. People should really spend some time kicking the tires on the service.
17:57:20 <mhayden> .fesco 3078
17:57:21 <zodbot> mhayden: Issue #3078: Consider revising package sponsor policy due to possible race condition - fesco - Pagure.io - https://pagure.io/fesco/issue/3078
17:57:49 <Son_Goku> I think this is a no-brainer
17:57:50 <mhroncok_web> should this be approved in ticket? it is a week with +3
17:57:51 <mhayden> i'm not sure i fully understand this one -- can someone else summarize?
17:58:14 <mhayden> seems like we're trying to keep track of who sponsored which packager, which sounds good
17:58:25 <zbyszek> mhayden: we lost the metadata that said who sponsored whom, so we can't expect people to do their sponsorship duties.
17:58:28 <decathorpe> zbyszek: newly written services like these should really be implemented in Rust ;)
17:58:38 <mhayden> zbyszek: thank you
17:58:44 * Son_Goku doesn't particularly feel enthused about rust-based stuff
17:58:54 <decathorpe> 🤣️ I know
17:59:05 <mhroncok_web> cobol ftw
17:59:06 <mhayden> okay, anything to discuss on this one? there's a PR open for that change, too
17:59:08 <decathorpe> still better than C for parsing untrusted input
17:59:13 <mhayden> #link https://pagure.io/fesco/fesco-docs/pull-request/79
17:59:15 <nirik> I'm +1... seems reasonable to adjust
17:59:20 <zbyszek> decathorpe: yeah. Though in this case, it's using various libraries to do most of the heavy lifting, so it's less bad.
17:59:31 <mhroncok_web> I updated firefox and I cannot open new links now
17:59:37 <decathorpe> :D
17:59:49 * nirik notes we have a full backup of the old fas2 db. But that doesn't help new data.
17:59:54 <mhayden> we're running long, can we just finish that one in the ticket?
18:00:00 <decathorpe> there's already a few +1 votes in the ticket, I think this would be approved by the "votes after one week" rule?
18:00:05 <mhroncok_web> yes
18:00:06 <zbyszek> mhroncok_web: it's a security feature. Links are dangerous.
18:00:15 <mhroncok_web> escpecially links in C
18:00:30 <mhroncok_web> *especially
18:00:54 <mhayden> okay, i'll wrap up that ticket
18:00:57 <mhayden> #topic Next week's chair
18:01:34 <mhroncok_web> I won't join next week, my cat has an appointment
18:01:37 <mhayden> 🪑 ❓ 🙋
18:01:56 <mhroncok_web> let me just restart firefox really quickly
18:02:09 <mhayden> now we can talk about mhroncok
18:02:19 <decathorpe> only good things, I hope
18:02:37 <mhayden> anyone want to chair next week? i can take it again if needed
18:02:58 <mhayden> but you had better be prepared for double the emojis
18:03:27 <mhayden> #action mhayden to chair again next week on Oct 12
18:03:38 <mhayden> #topic Open Floor
18:03:39 <zbyszek> mhayden: :)
18:03:47 <mhayden> anything for open floor time? 🕳️
18:03:58 <mhayden> 👂
18:04:11 <mhayden> 🦗
18:04:41 <mhayden> whew glad we gave mhroncok_web that action item 😅
18:05:05 <mhayden> okay, y'all! thanks for coming and putting up with my meeting antics. i hope y'all have a good week!
18:05:10 <mhayden> 👋
18:05:10 <mhroncok_web> I copied the hole emoji and my Xfce crashed
18:05:12 <mhayden> #endmeeting