13:06:07 <mcatanzaro> #startmeeting Fedora Workstation WG 13:06:07 <zodbot> Meeting started Mon Aug 5 13:06:07 2019 UTC. 13:06:07 <zodbot> This meeting is logged and archived in a public location. 13:06:07 <zodbot> The chair is mcatanzaro. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:06:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:06:07 <zodbot> The meeting name has been set to 'fedora_workstation_wg' 13:06:11 <mcatanzaro> #meetingname workstation 13:06:11 <zodbot> The meeting name has been set to 'workstation' 13:06:15 <mcatanzaro> #topic Roll call 13:06:20 <mcatanzaro> .hello catanzaro 13:06:21 <zodbot> mcatanzaro: catanzaro 'Michael Catanzaro' <mcatanzaro@gnome.org> 13:06:45 <cmurf> .hello chrismurphy 13:06:46 <zodbot> cmurf: chrismurphy 'Chris Murphy' <bugzilla@colorremedies.com> 13:07:06 <mcatanzaro> #chair cmurf petersen 13:07:06 <zodbot> Current chairs: cmurf mcatanzaro petersen 13:07:54 <petersen> hmm maybe pre-Flock meeting ambitious 13:07:56 <cschalle> hi 13:08:02 <petersen> .hello2 13:08:03 <zodbot> petersen: petersen 'Jens Petersen' <petersen@redhat.com> 13:08:11 <mcatanzaro> #chair cschalle otaylor 13:08:11 <zodbot> Current chairs: cmurf cschalle mcatanzaro otaylor petersen 13:08:14 <mcatanzaro> #chair langdon 13:08:14 <zodbot> Current chairs: cmurf cschalle langdon mcatanzaro otaylor petersen 13:08:19 <cschalle> yeah, I am in the middle of getting my stuff together before being picked up for the airport after lunch 13:08:21 <aday> sorry i'm late, my system choked on an update 13:08:58 <mcatanzaro> cschalle: Want me to keep running the meeting then, if you're busy? 13:09:13 <cschalle> mcatanzaro, if you can that be great 13:09:35 * otaylor is here now 13:09:39 <otaylor> .hello2 13:09:40 <zodbot> otaylor: otaylor 'Owen Taylor' <otaylor@redhat.com> 13:09:51 <mcatanzaro> Yay, otaylor makes quorum 13:10:17 <mcatanzaro> #topic Fill open WG slot 13:10:32 <mcatanzaro> So we had two proposals at the last meeting 13:11:05 <mcatanzaro> The proposal we first approved was to invite a bunch of people to this meeting and consider who shows up 13:11:11 <mcatanzaro> I accepted an action item to send the invites 13:11:43 <langdon> .hello2 13:11:44 <zodbot> langdon: langdon 'Langdon White' <langdon@redhat.com> 13:11:57 <langdon> sorry i am late... i thought we had canceled this meeting 13:12:05 <mcatanzaro> Not cancelled :) 13:12:19 <mcatanzaro> Then at towards end of the meeting I thought it would be rather unnecessary; it would make a sort of contest out of WG membership, which didn't seem desirable. And we had two strong candidates at the meeting already, aday and Son_Goku (Neal Gompa) 13:12:41 <langdon> like cschalle, ill be a bit distracted getting ready for *my* flight this afternoon 13:12:44 <mcatanzaro> So I offered another proposal to just accept those two instead, but we were out of time to discuss it. 13:14:18 <cmurf> I'm ready to +1 the proposal to accept both aday and ngompa 13:14:31 <langdon> me too 13:15:08 <mcatanzaro> cschalle, petersen, otaylor: Your opinions/votes? This would bring WG membership from 8 up to 10. (We've historically been 9.) 13:15:37 <mcatanzaro> cmurf: Wouldn't be a bad idea to try summoning Son_Goku, since he knew we would be meeting today ;) 13:15:53 <cschalle> +1 from me to, I am good with adding both 13:15:54 <cmurf> I sent an email just a couple minutes ago. 13:16:25 <petersen> mcatanzaro: +1 13:16:36 * cmurf isn't sure about the DiscordBridge 13:16:45 <petersen> Other people are always welcome to join the meetings if they are interested of course 13:16:53 <mcatanzaro> Of course. 13:17:07 <mcatanzaro> cmurf: That DiscordBridge didn't work last week, all his comments from Discord arrived after the end of the meeting. 13:17:38 <mcatanzaro> otaylor: A vote from you would be lovely. 13:17:51 <langdon> i just pinged son_goku in another channel 13:17:57 <mcatanzaro> Thanks! 13:18:00 <mcatanzaro> #proposal Add Allan Day and Neal Gompa to WG membership 13:18:08 <otaylor> In reference to Son_Goku - I think he's generally a very knowledgeable and productive member of the Fedora community, but I want to put it out there, that I consider snaps in Fedora to be a distraction to what we are trying to achieve and do not want to see that made appear fuzzy 13:18:48 <cmurf> +1 to the proposal 13:19:02 <aday> thanks for having me! i hope that i can be useful 13:19:18 <petersen> +1 13:19:29 <otaylor> So I guess I'm +1, but with the note that my vote for Son_Goku should be not seen as any sort of endorsement Snap support on the Workstation 13:19:31 <King_InuYasha> .hello ngompa 13:19:32 <zodbot> King_InuYasha: ngompa 'Neal Gompa' <ngompa13@gmail.com> 13:19:41 <mcatanzaro> I agree and I assume he'll not try to change the direction of the WG regarding application containerization and flatpak. 13:19:49 * King_InuYasha shrugs 13:19:54 <petersen> King_InuYasha: lol 13:20:09 <mcatanzaro> Heh :) 13:20:12 <mcatanzaro> #chair aday King_InuYasha 13:20:12 <zodbot> Current chairs: King_InuYasha aday cmurf cschalle langdon mcatanzaro otaylor petersen 13:20:24 <mcatanzaro> King_InuYasha: Does your IRC nick change from week to week? ;) 13:20:32 <King_InuYasha> nah, it changes based on what machine I'm using 13:20:43 <cmurf> haha 13:20:46 <King_InuYasha> I'm at home today preparing for heading to Flock, so I can use my home desktop 13:21:03 <King_InuYasha> I fly out tomorrow evening US/EDT, so.. 13:21:55 <mcatanzaro> Ah multiple people sending multiple +1s during a vote is confusing. :P I think we're still missing langdon 13:22:21 <mcatanzaro> Oh he said "me too" 13:22:31 <mcatanzaro> That counts I think :) 13:22:34 <mcatanzaro> #agreed Add Allan Day and Neal Gompa to WG membership (+6, 0, -0) 13:22:38 <King_InuYasha> :D 13:22:42 <mcatanzaro> #action mcatanzaro to update WG membership page 13:23:05 <langdon> mcatanzaro: ha.. i was waiting to "+1" for a "vote".. just indicating I was ready to vote :) 13:23:11 <langdon> so.. for the record "+1" 13:23:19 <mcatanzaro> #topic New quorum size 13:23:37 <aday> ah good. that was going to be my next question :) 13:23:38 <mcatanzaro> So is our quorum still 5 or will we require 6 now? Any preferences? 13:24:37 <cmurf> I think it needs to be 6, practically speaking 13:24:52 <cmurf> but also I think proxy votes should be possible 13:25:26 <otaylor> I think it needs to be 6 ... votes on tickets can be counted ,of course, not sure about proxy votes :-) 13:25:52 <petersen> So better to increase to 11 hehe 13:25:54 <cmurf> I'd consider a vote in ticket to be a kind of proxy. 13:26:05 <mcatanzaro> We have 8/10 members here atm which is quite good for us historically. In the past, we've had a lot of trouble meeting quorum. So please just try to attend whenever possible so we can hit 6! 13:26:25 <petersen> Yes 13:26:44 <King_InuYasha> note that 9am US/ET is early for me, so if someone just pings me, I can make sure to get in 13:27:00 <cmurf> I mean we'd want more than 3-4 votes in favor of something no matter what. 13:27:09 <petersen> sure 13:27:16 <King_InuYasha> that's of course, in case I forget to actually be here already ;) 13:27:16 <mcatanzaro> aday, King_InuYasha: If you have user pages on the Fedora wiki, please let me know so I can link to it from https://fedoraproject.org/wiki/Workstation 13:27:34 <King_InuYasha> mcatanzaro: https://fedoraproject.org/wiki/User:Ngompa 13:27:55 <aday> mcatanzaro: i'll add one 13:27:56 <King_InuYasha> it's not as fancy as some of the other folks... 13:27:57 <mcatanzaro> FWIW I set my alarm on Mondays since otherwise I too would often miss 13:28:06 <King_InuYasha> mcatanzaro: that's a good idea 13:28:50 <mcatanzaro> OK, going down the issue list 13:29:05 <mcatanzaro> #agreed Quorum size is increased to 6 13:29:08 <mcatanzaro> #topic Better interactivity in low-memory situations 13:29:12 <mcatanzaro> cmurf: Your show 13:29:46 <cmurf> Updates are in the ticket for now. There's not much new to report on this. 13:30:22 <cmurf> The systemd upstream rust based swap on zram generator is broken, so I need to go on a recruitment drive perhaps. 13:30:36 <cmurf> Find someone who wants to dabble in rust and systemd generators. 13:30:46 <petersen> oh 13:30:50 <petersen> so it is not going to make F31? 13:31:32 <King_InuYasha> rust is not fun :( 13:31:41 <cmurf> petersen: unlikely 13:32:14 <petersen> King_InuYasha: depends on your definition of fun :) 13:32:18 <cmurf> But in the ticket we discussed pushing this to Fedora 32 anyway, because it touches enough things that we probably should go through the change process. 13:32:26 <petersen> okay 13:32:30 <cmurf> And we're past changes for Fedora 31. 13:32:40 <King_InuYasha> petersen: beating my head into the ground with a language that has not good ergonomics sucks 13:32:40 <mcatanzaro> cmurf: Remove meeting tag for now? 13:33:06 <cmurf> mcatanzaro: yes please 13:33:28 <mcatanzaro> cmurf: OK to move on to next topic? 13:33:31 <cmurf> yes 13:34:04 <aday> cmurf: i assume some coordination between relevant parties would need to happen if/when you've found someone to work on it? 13:34:27 <cmurf> aday: correct, including a discussion on how to handle upgrades 13:34:51 <cmurf> lotsa little ducks to put in a row 13:35:02 <aday> zeenix likes rust :) 13:35:14 <aday> hey, so does aruiz 13:35:51 <mcatanzaro> Worst case, rewriting in C seems plausible if there's not enough interest from Rust devs? 13:35:53 <cmurf> I'll inquire 13:36:01 <mcatanzaro> Anyway 13:36:16 <mcatanzaro> #topic Automatically install the OpenH264 codecs 13:36:17 <cmurf> mcatanzaro: systemd devs weren't in favor of using C for any generators going forward is my (possibly flawed) understanding 13:36:59 <mcatanzaro> cschalle are you still around to give an update on this? Last update we have from kalev (missing today) is that the package is blocked on Fedora releng 13:38:54 <mcatanzaro> I think cschalle is probably running to his plane :) 13:39:05 <mcatanzaro> Last topic for today: 13:39:11 <mcatanzaro> #topic LUKS by default 13:40:14 <mcatanzaro> So our last action item here was for otaylor to form a WG subgroup to look into this issue and report back to the main WG... last December. I understand that hasn't quite happened. :) 13:40:40 <cmurf> I'll join that subgroup, I'm familiar with most of the issues. 13:40:48 <otaylor> there's no subgroup :-) 13:40:58 <cmurf> there's two :-D 13:42:27 <cmurf> I think two is sufficient to report back to the WG with a recommendation 13:42:42 <King_InuYasha> does LUKS by default mean Fedora does FDE by default? 13:42:46 <mcatanzaro> That's the goal 13:42:47 <King_InuYasha> err Workstation 13:42:52 <cmurf> King_InuYasha: multiple possibilities 13:43:14 <cmurf> could mean FDE, could mean /home only, could mean per user ext4 based file system encryption using the VFS interface 13:43:16 <cmurf> blah blah blah 13:43:43 <aday> i agree with aruiz that the goal is "better protect user data" rather than a specific technological solution 13:43:52 <cmurf> yep 13:43:59 <aday> my understanding was that the subgroup was going to evaluate the options and report back 13:44:05 <mcatanzaro> Well that goal is only plausibly going to be met by LUKS, of course 13:44:14 <otaylor> cmurf: genrerally, talk to aruiz about what he thinks the path forward should be - I'm a bit skeptical but since he leads the team that does our early boot, need to coordinate with him :-) 13:44:42 <aday> otaylor: which part are you skeptical about? 13:44:44 <aruiz> I am not necessarily claiming to know what the final solution should be 13:44:45 <cmurf> There was back and forth about this, pjones for sure, maybe aruiz, on one of the lists. 13:44:46 <otaylor> I do think that the subgroup purpose was intended to be "figure out how to protect data by default" 13:45:00 <cmurf> Their work was predicated on LUKS2 which itself requires TPM 2.0 13:45:16 <aruiz> I am mostly against the password by default because I've seen how much damage that setup makes to users in real life deployments 13:45:30 <aruiz> and also how people actually disable it because of how inconvenient it is 13:45:43 <cmurf> Agreed 13:45:51 <otaylor> aday: I am skeptical about making all home directories loopback mounts - a developer basically needs a large home directory which is the most performance sensitive thing, and a thin OS around it 13:45:53 <aday> having a list of these common issues would be a good thing to have 13:46:01 <aruiz> things like keyboard layout mismatches between vconsole.conf and the graphical session, having to remember two passwords, handling a recovery.... 13:46:04 <aday> if we could have a design page or document... 13:46:36 <cmurf> Fortunately this conversation is being recorded... ;-) 13:46:36 <aday> otaylor, ah i see. thanks 13:46:39 <aruiz> my take is that we should encrypt just /home/user for now using ext4 and then explore more generic options 13:47:10 <King_InuYasha> I have personal experience with how bad loopback mounts everywhere are 13:47:18 <cmurf> aruiz: that does come with several advantages, easy to undo, easy to ugprade in place, easy to do for installations 13:47:28 <King_InuYasha> after developing many systems that abused loops, I don't really think they're a good system for anything 13:47:40 <aruiz> King_InuYasha, I am not necessarily saying with loopback mounts, I mean online ext4 encryption 13:47:41 <cmurf> King_InuYasha: great for testing! 13:47:47 <mcatanzaro> My original expectation when the WG originally approved LUKS by default was that we'd just flip the default value of the checkbox in anaconda and move on. I wasn't expecting it to be controversial. But the objection from aruiz is input methods are not available in plymouth for typing likely passwords in non-Latin locales. I don't see how doing LUKS without any password at all would be beneficial, and we already have it hooked up to skip gdm 13:47:50 <mcatanzaro> so two passwords shouldn't be an issue, can just use the same password for both. But there are many warts here, many stars have to align for this to work as we desire (e.g. user enters exactly the same password in both anaconda and gnome-initial-setup and then never changes keyboard layout later...) so I certainly agree there are many warts here.... 13:47:54 <mcatanzaro> Oops, that was long 13:48:05 <otaylor> aday: I'm also skeptical about the LUKS2 / TPM 2.0 stuff - busted motherboard should not cause data loss, IMO 13:48:22 <mcatanzaro> Also aruiz joined halfway through my writing that essay :D 13:48:25 <King_InuYasha> oh yay, busted motherboards, I didn't even think of that 13:48:30 <aruiz> otaylor, I have my issues with that too 13:48:32 <King_InuYasha> that would be horrifying 13:48:46 <otaylor> aday: So i don't think you can encrypt passwordless without having a recovery password and some mechanism where the user actually will have the recovery password when they need it 13:48:59 <aruiz> otaylor, that was more of a compromise if we really wanted to encrypt the whole of "/" 13:49:19 <aday> i'm not sure we're going to solve this here with 10 minutes to go :) 13:49:41 <mcatanzaro> aday: We're not, but there's nothing else on the agenda ;) 13:49:50 <cmurf> but we have the subgroup! 13:50:09 <aday> cmurf: can you provide details of that? 13:50:10 <cmurf> otaylor: cmurf: aruiz: aday: 13:50:34 <langdon> i would like to clarify that I am confused about the meeting schedule.. i thought we were off today .. so if we want to touch on that topic briefly before the end... 13:51:19 <cmurf> langdon: the change was voted on end of last minute and the calendar updated; to bypass conflicts with Flock and something else I can't remember. 13:51:26 <cmurf> So we're off next week. 13:51:40 <mcatanzaro> langdon: Last week we agreed to shift the usual meeting schedule forward by one week. So yes, off next week, next meeting Aug 19 13:51:43 <langdon> hmm .. ok.. weird.. i usually update my calendar and seem to have the the opposite 13:52:04 <langdon> alright.. ill just chalk it up to i am bad at calendars 13:52:19 <petersen> cmurf: guadec 13:52:27 <mcatanzaro> https://apps.fedoraproject.org/calendar/workstation/ is updated 13:52:29 <cmurf> I don't think the Fedora calendar automatically updates e.g. Google calendar, at least mine didn't 13:52:37 <aday> perhaps we should focus on the process for figuring this out? do we need to set up a call between the interested parties? 13:52:43 <cmurf> i'm not sure that it's a URL based calendar rather than having to manually import the .ics 13:52:46 <petersen> Mine did 13:53:19 <langdon> yeah.. i have never had the ics update gcal.. but maybe it got better? 13:53:42 <mcatanzaro> "perhaps we should focus on the process for figuring this out?" indeed, having a subgroup still sounds like a good idea to me. 13:54:09 <cmurf> aday: +1 13:54:21 <mcatanzaro> Volunteers to join cmurf? (aday? aruiz? otaylor?) 13:54:35 <aday> i'd be interested from a ux perspective 13:54:41 <aruiz> I am up to cotribute as well as involving other people, namely gicmo and hansdg 13:54:57 <cmurf> I'll do a summary/organize the issues and points and concerns in this meeting, post to desktop@ 13:54:58 <mcatanzaro> I don't think we need to decide in the next 5m how you'll meet, we can just agree that you will coordinate among yourselves to schedule some meetings somehow and discuss 13:55:00 <petersen> My main interest is the keyboard layouts issue 13:55:05 <aday> aruiz: sounds great 13:55:08 <otaylor> cmurf: I can join, but not lead, but the caveat on that is that I'm out from mid-august to mid-september, and I'd suggest just proceeding without me while I'm gone 13:55:11 <cmurf> refine that, then setup a live voice meeting 13:55:13 <aruiz> gicmo, I was not aware of my summoning powers 13:55:13 <mcatanzaro> Keyboard layouts seem like the biggest problem 13:55:21 <petersen> Been meaning to discuss that with aruiz for some time 13:55:34 <gicmo> aruiz: heh ;) 13:55:39 <aday> mcatanzaro: it'd be good to have someone take the lead, at least in organising the call 13:55:47 <cmurf> mcatanzaro: make a proposal that the subgroup has been formed and will report to the WG regularly 13:56:09 <mcatanzaro> cmurf: You have the power, use #agreed :) 13:56:13 <mcatanzaro> cmurf to lead subgroup... 13:57:04 <cmurf> #agreed cmurf to lead subgroup to explore ways of better safeguarding user data by default 13:57:24 <cmurf> ack nack patch? 13:57:31 <aruiz> petersen, o/ 13:57:32 <langdon> +1 13:57:35 <mcatanzaro> +1 13:57:39 <aday> +1 13:57:49 <petersen> +1 13:57:56 <petersen> though it says agreed hehe 13:58:14 <cmurf> we'll take that as a combined proposal and agreed I guess :D 13:58:22 <petersen> yes 13:58:23 <mcatanzaro> cmurf: I'd be interested in attending at least the first meeting as well 13:58:57 <cmurf> sort out the details on desktop@ and fedora-workstation? 13:59:16 <petersen> Sounds good 13:59:48 <cmurf> I can also update the ticket 14:00:05 <mcatanzaro> This is a tricky problem of balancing security and usability and it's important that we get the balance to the best point we practically can. That might have to mean some difficult compromises.... 14:00:22 <mcatanzaro> Anyway, that's time 14:00:30 <mcatanzaro> Next meeting: Aug 19 14:00:37 <mcatanzaro> Thanks cmurf for leading! 14:00:39 <mcatanzaro> #endmeeting