<@adamwill:fedora.im>
15:01:09
!startmeeting Quality
<@meetbot:fedora.im>
15:01:10
Meeting started at 2024-04-01 15:01:09 UTC
<@meetbot:fedora.im>
15:01:10
The Meeting name is 'Quality'
<@adamwill:fedora.im>
15:01:14
!topic Roll Call
<@nhanlon:beeper.com>
15:01:18
!hi
<@zodbot:fedora.im>
15:01:20
Neil Hanlon (neil) - he / him / his
<@adamwill:fedora.im>
15:01:22
who's around for quality fun?
<@nhanlon:beeper.com>
15:01:23
morning, fedorians
<@nhanlon:beeper.com>
15:01:34
or, whatever $time it is
<@nielsenb:fedora.im>
15:01:37
!hi
<@zodbot:fedora.im>
15:01:38
Brandon Nielsen (nielsenb)
<@pboy:fedora.im>
15:01:50
!hi
<@zodbot:fedora.im>
15:01:51
Peter Boy (pboy)
<@nielsenb:fedora.im>
15:02:54
I'm going to need everyone to cryptographically verify their xz installations before we can continue
<@adamwill:fedora.im>
15:03:40
Brandon Nielsen: cryptographically speaking I am *totally* trustworthy ALL PRAISE OUR GLORIOUS LEADER *ahem*
<@jeffiscow:fedora.im>
15:03:44
hello
<@geraldosimiao:matrix.org>
15:04:14
!hi
<@zodbot:fedora.im>
15:04:16
Geraldo S. Simião Kutz (geraldosimiao) - he / him / his
<@farribeiro:matrix.org>
15:04:30
!hi
<@zodbot:fedora.im>
15:04:32
Fábio Ribeiro (farribeiro) - he / him / his
<@coremodule:fedora.im>
15:04:37
!hi
<@tflink:fedora.im>
15:04:38
!hi
<@zodbot:fedora.im>
15:04:39
Geoffrey Marr (coremodule)
<@zodbot:fedora.im>
15:04:39
Tim Flink (tflink)
<@jeffiscow:fedora.im>
15:05:05
wait is !hi a server command?
<@nhanlon:beeper.com>
15:05:16
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTvdBw7ReozAoY7yvtwW8Iew8cPNAUCZgrNGwAKCRBwW8Iew8cP
NPJyAP41hNq3BSGFG1I9n+ZKHe79qUIYJ0qz4JkJJv+/r6hfdQEAwHhr3ye1GDD4
kP2SOCk8aCCcVr+NzwtN4IHelMpKMgQ=
=soxa
-----END PGP SIGNATURE-----
<@jeffiscow:fedora.im>
15:05:26
!hi
<@zodbot:fedora.im>
15:05:27
jeff bucher (jeffiscow) - he / him / his
<@nhanlon:beeper.com>
15:05:44
part of meetbot, yea. i think it's required if you want your words to be logged
<@tablepc:matrix.org>
15:06:19
Good moring
<@adamwill:fedora.im>
15:06:23
Neil Hanlon: that definitely looks like a signature. this guy checks out
<@farribeiro:matrix.org>
15:06:24
It is not necessary
<@adamwill:fedora.im>
15:06:29
(that's how you use GPG, right?)
<@nhanlon:beeper.com>
15:06:41
Ack. thank you for clarifying
<@nhanlon:beeper.com>
15:06:45
amen
<@coremodule:fedora.im>
15:06:59
see, I'm verified too
<@adamwill:fedora.im>
15:07:13
alright, well, good thing we're all so highly security conscious around here
<@adamwill:fedora.im>
15:07:23
!topic Previous meeting follow-up
<@nhanlon:beeper.com>
15:07:33
you certainly are not!
<@nielsenb:fedora.im>
15:07:39
Of all the signatures I've seen, those are certainly some of them
<@adamwill:fedora.im>
15:08:18
!info no specific action items to follow up from last meeting
<@tablepc:matrix.org>
15:08:41
did I miss something I was I didn't have to use my credentials this time.
<@adamwill:fedora.im>
15:09:36
tablepc: you didn't miss anything
<@adamwill:fedora.im>
15:09:43
!topic Fedora 40 status and Final planning
<@adamwill:fedora.im>
15:10:10
!info Beta was released last week, seems to be going fine
<@tablepc:matrix.org>
15:10:24
Workstatin 40 looks good to me none of the blockers of freezes have shown up here
<@adamwill:fedora.im>
15:10:52
!info Final freeze is tomorrow (2024-04-02), first go/no-go date is 2024-04-11
<@sumantrom:fedora.im>
15:11:03
I am using F40 for a while now and things work fine for me
<@adamwill:fedora.im>
15:11:04
the schedule is very tight because we don't push the final dates when we slip beta, these days
<@adamwill:fedora.im>
15:11:28
so just be aware that we're nearly into the final grind already :) given this it's v. important to do validation testing on nightlies
<@adamwill:fedora.im>
15:13:04
any other notes on f40?
<@geraldosimiao:matrix.org>
15:13:33
Here at may baremetal notebook it is fine
<@geraldosimiao:matrix.org>
15:13:37
F40 KDE
<@geraldosimiao:matrix.org>
15:13:51
Here at my baremetal notebook it is fine
<@geraldosimiao:matrix.org>
15:14:26
Adam, it is a good ideia to register here the XZ problem?
<@geraldosimiao:matrix.org>
15:14:32
at this meeting?
<@geraldosimiao:matrix.org>
15:14:36
for the records
<@adamwill:fedora.im>
15:14:44
there's a topic for that next
<@geraldosimiao:matrix.org>
15:14:49
ok
<@geraldosimiao:matrix.org>
15:14:50
fine
<@farribeiro:matrix.org>
15:14:56
On my laptop I'm using silverbue 40 and it's Fine
<@pboy:fedora.im>
15:15:02
Server works well, apart from problems with keyboard navigation in Anaconda. But nobody seems to care about that
<@geraldosimiao:matrix.org>
15:16:00
lruzicka: found an interesting bug at KDE... https://bugs.kde.org/show_bug.cgi?id=484176
<@adamwill:fedora.im>
15:17:53
Peter Boy: i don't think it's that nobody cares, but people have to prioritize :( what was the bug report again?
<@jeffiscow:fedora.im>
15:18:14
yeah 40 workstation has been great on my laptop and desktop dual booted with win 11 other than me tring to install Nvida drivers...
<@geraldosimiao:matrix.org>
15:18:40
now F40 workstation have a bug on loupe
<@geraldosimiao:matrix.org>
15:18:57
it cannot open imege files such as jpg and png...
<@pboy:fedora.im>
15:19:02
If you have to install server without a mouse (sometimes the case in rack installations) you are out of luck.
<@geraldosimiao:matrix.org>
15:19:12
the package is already at stable repo
<@geraldosimiao:matrix.org>
15:19:18
it cannot open image files such as jpg and png...
<@farribeiro:matrix.org>
15:19:26
Also in my pc
<@geraldosimiao:matrix.org>
15:19:29
https://bugzilla.redhat.com/show_bug.cgi?id=2272149
<@adamwill:fedora.im>
15:19:45
geraldosimiao: yep, we've got that proposed as a blocker
<@pboy:fedora.im>
15:19:50
Its nearly impossoble to select a language or to go step by step tjhrougt the installation topics.
<@jeffiscow:fedora.im>
15:20:12
oh yeah I ran into that also
<@pboy:fedora.im>
15:20:34
Its nearly impossoble to select a language or to go step by step tjhrougt the installation topics. https://bugzilla.redhat.com/show_bug.cgi?id=2271368
<@nielsenb:fedora.im>
15:20:47
Loupe isn't the default though, is it?
<@adamwill:fedora.im>
15:21:03
yeah, it is
<@adamwill:fedora.im>
15:21:07
since 40
<@nielsenb:fedora.im>
15:21:11
Ah
<@tablepc:matrix.org>
15:21:55
Didn't know it was the default. I'll test it from now on.
<@adamwill:fedora.im>
15:22:27
Peter Boy: er, that's not a test line. it's a search/filter box.
<@geraldosimiao:matrix.org>
15:22:31
just click at the images on nautilus, it opens loupe
<@tablepc:matrix.org>
15:24:55
Thanks
<@adamwill:fedora.im>
15:25:49
alrighty
<@adamwill:fedora.im>
15:26:06
!topic xz compromise discussion
<@farribeiro:matrix.org>
15:26:51
the most controversial topic of the last few days
<@adamwill:fedora.im>
15:28:30
!info there was a very significant compromise of the xz compression library. builds known to be potentially vulnerable to the currently-known exploit vector are 5.6.0-1.fc40, 5.6.0-2.fc40, 5.6.0-1.fc41, 5.6.1-1.fc41 , 5.6.0-2.eln136 , 5.6.1-1.eln136
<@adamwill:fedora.im>
15:29:08
if you ever ran an affected build, the current official advice is to cease use of that system
<@adamwill:fedora.im>
15:30:03
we are leaning on the rh security team to come up with permanent guidance, they seem to still be evaluating (I suspect part of the work here is checking for the potential of other compromises caused by the malicious identity, besides the original known one)
<@farribeiro:matrix.org>
15:30:53
my system had these packages downgraded
<@adamwill:fedora.im>
15:31:17
i don't have anything else specific on this, but figured folks might have thoughts/questions
<@geraldosimiao:matrix.org>
15:31:24
I was running one of these since 03/03
<@tablepc:matrix.org>
15:32:04
Is rebuilds the way this is being delt with in 40?
<@jeffiscow:fedora.im>
15:32:32
so we should completely wipe the the Harddrive?
<@farribeiro:matrix.org>
15:32:37
I think we were all using each other, which was in beta
<@adamwill:fedora.im>
15:32:40
tablepc: so far, the response was to issue an update that goes back to 5.4.x (using an epoch bump)
<@adamwill:fedora.im>
15:33:13
tablepc: that's https://bodhi.fedoraproject.org/updates/FEDORA-2024-d02c7bb266 . it is now stable and in composes, so fresh f40 installs should not be affected
<@tablepc:matrix.org>
15:33:46
Thanks
<@geraldosimiao:matrix.org>
15:33:52
it wasn't in the beta iso, but since beta uses testing repos, ass soon as one installed it and run dnf upgrade it upgraded to the affected version.
<@geraldosimiao:matrix.org>
15:34:01
it wasn't in the beta iso, but since beta uses testing repos, as soon as one installed it and run dnf upgrade it upgraded to the affected version.
<@adamwill:fedora.im>
15:34:09
the advice to stop using affected systems is because if you actually *were* compromised by this, updating the system is not going to be enough. any system which was compromised has to be treated as permanently infected and redeployed from scratch
<@adamwill:fedora.im>
15:34:43
but i think, right now, we are still evaluating the exact factors around how likely it is any compromises actually occurred
<@adamwill:fedora.im>
15:35:26
folks have suggested various constraints on how the *known* vector worked (ssh accessibility, the name of the executable, and stuff) and I think those are still being evaluated
<@tablepc:matrix.org>
15:35:40
Ah the advantages of testing on dedicated hardware.
<@geraldosimiao:matrix.org>
15:35:43
but only systems that used ssh to connect to other machines in that timeframe, right?
<@adamwill:fedora.im>
15:36:08
and there is also the fact that the malicious identity had commit access to the project for a long period of time (and made contributions to other projects) to consider, so there has to be an evaluation of whether there are *other* attacks besides the initially-discovered one
<@pboy:fedora.im>
15:36:35
When will we get a new branched version? The last one is from 29.
<@adamwill:fedora.im>
15:36:56
right. if you ran f40 and updated it freqently, it's very likely you got an affected version at some point.
<@adamwill:fedora.im>
15:37:45
right. if you ran f40 and updated it freqently, it's very likely you got an affected version at some point.
<@adamwill:fedora.im>
15:38:00
geraldosimiao: i can't say for sure. that's what is being evaluated
<@geraldosimiao:matrix.org>
15:38:19
ok, noted.
<@adamwill:fedora.im>
15:38:43
i'm no kind of security expert, so i'm trying not to go beyond what I know for sure :)
<@jeffiscow:fedora.im>
15:39:24
yeah, I had it I can't say for how long, but I removed it quickly as soon as alert was posted. Thankfully, I've done a full clean install since then.
<@adamwill:fedora.im>
15:39:42
Peter Boy: you mean a new branched compose? I didn't look at why the last couple failed yet, friday and monday are both holidays here so i've been long-weekending :)
<@adamwill:fedora.im>
15:39:57
i believe the xz downgrade was already in the last compose, but let me verify that
<@pboy:fedora.im>
15:40:52
Yes, branched version for testing. Ok, I remain patient
<@adamwill:fedora.im>
15:41:38
huh, the last few nightlies all completed, but it looks like there's a problem on openqa01 which does various things in response to nightlies (testing them, updating https://openqa.fedoraproject.org/nightlies.html , and nominating composes for testing) because none of that is happening
<@adamwill:fedora.im>
15:41:53
sigh, this is probably why test results weren't being reported last night too...i'd better go figure out what's going on...
<@pboy:fedora.im>
15:42:24
Oh, sorry for imposing work.
<@tablepc:matrix.org>
15:43:19
Glad I caught all that, but I gotta go now have a Great Day!
<@adamwill:fedora.im>
15:43:54
alright, thanks pat!
<@adamwill:fedora.im>
15:47:56
!topic Test Day / community event status
<@adamwill:fedora.im>
15:48:03
Sumantro Mukherjee: what's the score?
<@sumantrom:fedora.im>
15:48:22
FCOS test week starts today http://fedoraproject.org/wiki/Test_Day:Fedora_40_CoreOS
<@sumantrom:fedora.im>
15:49:33
Kernel Test Week was horrible ... the Kernel test app got deployed and people couldn't submit results ... https://pagure.io/fedora-qa/issue/771#comment-903726
<@sumantrom:fedora.im>
15:50:02
Podman and Podman 5 test week(s) went really good with decent amount of people coming in
<@sumantrom:fedora.im>
15:50:11
Upgrade test day to follow soon
<@sumantrom:fedora.im>
15:50:41
and DNF 5 upgrade test day with inbuilt upgrade functionality will follow
<@sumantrom:fedora.im>
15:51:03
Intel Test Day will be on April 9th František Zatloukal and I will be hosting it
<@sumantrom:fedora.im>
15:51:19
EOM
<@nielsenb:fedora.im>
15:51:43
Intel test day?
<@sumantrom:fedora.im>
15:52:45
It is where we will be testing Intel Compute and OpenCL libs .. this is mostly for Intel OneAPI which is primary for ML and AL
<@nielsenb:fedora.im>
15:53:02
Cool, thanks!
<@sumantrom:fedora.im>
15:53:09
np np!
<@adamwill:fedora.im>
15:53:36
thanks sumantro!
<@adamwill:fedora.im>
15:53:46
!info FCOS test week starts today: http://fedoraproject.org/wiki/Test_Day:Fedora_40_CoreOS
<@adamwill:fedora.im>
15:54:07
!info kernel test week went ahead recently but was affected by a breakage in the app usually used for submitting results: https://pagure.io/fedora-qa/issue/771#comment-903726
<@adamwill:fedora.im>
15:54:35
!info Podman test week went successfully with many results submitted: https://testdays.fedoraproject.org/events/183
<@adamwill:fedora.im>
15:55:03
!info Upgrade test day, dnf5 upgrade test day, and Intel test day are coming soon
<@sumantrom:fedora.im>
15:55:44
Also adamw , we are going to have a few video meetings as a part of FCOS test week..
- Tue April 2 Video Meeting Link: https://meet.google.com/uwb-enhy-evg?authuser=0
- Tue April 2 Notes Doc: https://hackmd.io/kwCRZ9fGTgWuMSh0HDwQJw?view
<@adamwill:fedora.im>
15:56:02
oooo
<@sumantrom:fedora.im>
15:56:07
Those will be the links, please join in if you are unsure of what to test :)
<@adamwill:fedora.im>
15:56:26
!info there will be video meetings as part of FCOS test week! see https://meet.google.com/uwb-enhy-evg?authuser=0 and https://hackmd.io/kwCRZ9fGTgWuMSh0HDwQJw?view
<@sumantrom:fedora.im>
15:56:45
Thanks adamw :)
<@adamwill:fedora.im>
15:57:43
!topic Open floor
<@adamwill:fedora.im>
15:57:54
any other business, quickly? we have blocker review meeting coming up in three minutes over in #blocker-review:fedoraproject.org
<@nielsenb:fedora.im>
15:58:02
https://fedoraproject.org/wiki/QA:Testcase_bluetooth_headset
<@nielsenb:fedora.im>
15:58:15
That testcase says my headset should reconnect automatically after reboot
<@geraldosimiao:matrix.org>
15:58:20
Nope
<@nielsenb:fedora.im>
15:58:22
That has never happened for me, at least in Gnome
<@nhanlon:beeper.com>
15:59:03
nope. thanks for running adamw
<@farribeiro:matrix.org>
15:59:11
nope
<@jeffiscow:fedora.im>
15:59:36
nothing from me
<@adamwill:fedora.im>
16:00:30
Brandon Nielsen: hum, thanks for the heads up...it was written back in 2018 by coremodule , do you remember if you tried that?
<@nielsenb:fedora.im>
16:00:45
It could just be my no-brand crappy headset
<@nielsenb:fedora.im>
16:01:06
I was curious what other people's experiences were
<@nhanlon:beeper.com>
16:01:31
I dunno that i've ever tried
<@nielsenb:fedora.im>
16:01:50
I always have to go into settings and click the little "connect" switch
<@coremodule:fedora.im>
16:02:11
Hmm, I can't remember off the top of my head. That said, I don't think my Sony XM2's auto connect after reboot to this day... I wonder if there's a regression or, (perhaps more likely), it was never supposed to work that way in the first place.
<@jeffiscow:fedora.im>
16:02:25
my Bluetooth speaker reconnects fine
<@nielsenb:fedora.im>
16:02:42
Without any interaction, after a full system reboot?
<@coremodule:fedora.im>
16:02:54
Okay, that's good input. Brandon Nielsen, let me dig a bit deeper and ping you after the meeting.
<@jeffiscow:fedora.im>
16:03:32
Logitech Z407
<@nielsenb:fedora.im>
16:03:38
Wonder if it's device type specific
<@jeffiscow:fedora.im>
16:04:00
yeah working fine
<@jeffiscow:fedora.im>
16:04:58
much more trouble on windows lol
<@adamwill:fedora.im>
16:05:36
thanks for looking into it
<@adamwill:fedora.im>
16:05:49
we're over time, so see you over in #blocker-review:fedoraproject.org :)
<@adamwill:fedora.im>
16:05:51
!endmeeting