10:57:35 <aday> #startmeeting Workstation WG (2020-04-07)
10:57:35 <zodbot> Meeting started Tue Apr 14 10:57:35 2020 UTC.
10:57:35 <zodbot> This meeting is logged and archived in a public location.
10:57:35 <zodbot> The chair is aday. Information about MeetBot at http://wiki.debian.org/MeetBot.
10:57:35 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
10:57:35 <zodbot> The meeting name has been set to 'workstation_wg_(2020-04-07)'
10:57:35 <aday> #meetingname workstation
10:57:35 <zodbot> The meeting name has been set to 'workstation'
10:57:35 <aday> #chair cmurf
10:57:36 <aday> 
10:57:36 <aday> #topic Rollcall
10:57:36 <zodbot> Current chairs: aday cmurf
10:57:36 <aday> 
10:57:38 <aday> #info present: aday, cmurf, feborges, jens, neal, tpopela, langdon, otaylor, mcatanzaro
10:57:40 <aday> #info regrets:
10:57:42 <aday> #info missing: kalev
10:57:44 <aday> 
10:57:46 <aday> #topic Approve minutes for 24 & 31 March
10:57:50 <aday> #link https://meetbot.fedoraproject.org/fedora-meeting-2/2020-03-31/workstation.2020-03-31-13.07.html
10:57:53 <aday> #info The minutes for 24 March incorrectly say 17 March.
10:57:55 <aday> #agreed Approve minutes of 24th March. Defer approval of 31st March minutes.
10:57:57 <aday> #topic Announcements
10:57:59 <aday> #info Freeze will be Thursday
10:58:01 <aday> #info Suspend to RAM criterion https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org/thread/G26BI4DSMZ5HLBMLJESCCPJZPTHE6TR2/
10:58:04 <aday> #info Terminal palette testing, if anyone wants to provide feedback: https://gitlab.gnome.org/Teams/Design/app-mockups/-/issues/20#test-it-yourself
10:58:07 <aday> #info Neal has spoken to Daniel Mach about installing on upgrade, we will need to use the supplements workaround for F32, and come up with something better for F33
10:58:10 <aday> #info Michael has written the change proposal for systemd-resolved; it's nearly done - https://fedoraproject.org/wiki/Changes/systemd-resolved
10:58:13 <aday> Topics
10:58:15 <aday> #topic Unprivileged users can install, but not remove, system software
10:58:17 <aday> #link https://pagure.io/fedora-workstation/issue/137
10:58:21 <aday> Michael: background - way back we stopped required auth to install software, in order to reduce the number of passwords people have to enter. However, you can't remove software without a password. This is bad - someone can install something just to try it, and then be stuck with it. Why is removing bad, but adding ok?
10:58:25 <aday> Neal: graphical apps don't have protection against removing required software.
10:58:27 <aday> Langdon: removing software isn't typically as urgent as adding - you need something to complete a task. Removing something can wait.
10:58:30 <aday> Michael: suggests that unprivileged users be allowed to install/remove flatpaks, but not packages.
10:58:33 <aday> Unprivileged users install flatpaks systemwide. Maybe that could be changed? Matthias: that can get messy.
10:58:36 <aday> Neal: if a system flatpak is installed, we shouldn't let the user install a per-user version of it. This would be more complicated, but makes sense.
10:58:39 <aday> Michael: there's also the reverse case - app installed per-user and someone tries to install it systemwide.
10:58:42 <aday> Michael: proposes that we should make the permission the same for add/remove, whatever we choose - so it's intelligable to users.
10:58:45 <aday> Software doesn't advertise which apps are packages versus flatpaks.
10:58:47 <aday> Allan: Fedora doesn't ship with a full set of Flatpaks available out of the box - can we therefore assume that Flatpak is a viable solution?
10:58:52 <aday> #info Upon testing, it turns out that unprivileged users can't actually install without a password.
10:58:55 <aday> Michael: the thing that doesn't make sense - showing the password prompt for the admin user.
10:58:57 <aday> #agreed There's probably not much to do here.
10:58:59 <aday> Open floor
10:59:01 <aday> #topic Disk encryption #136
10:59:03 <aday> One goal is to not have a password prompt before the user session - because there aren't input methods there.
10:59:06 <aday> Matthias: there's no way around that if you encrypt the whole disk.
10:59:08 <aday> Neal: the answer for that is to have a grub efi with input methods and everything else compiled into it.
10:59:11 <aday> Chris: this is how SUSE does it(?)
10:59:13 <aday> Allan: the other issue with the disk encryption password prompt is that the user ends up getting prompted twice (which results in people using autologin as a workaround).
10:59:16 <aday> Allan: wasn't the plan to pursue encrypting the home directory only?
10:59:20 <aday> Chris: yes, plus the previous plan was to use the TPM to seal a key that can be used to encrypt non-home items - /usr, /etc, /var. This protects against someone stealing your hard drive.
10:59:23 <aday> Michael: If we encrypt only /home then an attacker can replace system binaries with malicious binaries without detection. This defeats the point of encryption.
10:59:26 <aday> Neal: there are 1 or 2 methods using package management to ensure that software isn't tampered with. We could ask the RPM team why these aren't being used.
10:59:29 <aday> Neal: we could look into IMA, where RPM configures integrity protection.
10:59:31 <aday> #agreed We should invite speakers to discuss this with teh WG: someone from the security team, people from the boot team (Javier or Hans or Peter).
10:59:34 <aday> Chris: there's a prebuilt initramfs project; we could potentially incorporate that.
10:59:36 <aday> #topic Disk partitioning #54
10:59:38 <aday> #info Previous decision 18 months ago was to drop LVM and use a big EXT4 partition, but it was put aside until we decided about encryption. The main motivation for this was root partitions getting full. This plan shouldn't conflict with systemd-homed, however it wouldn't align with LUKS /home encryption.
10:59:42 <aday> #info Why drop LVM? There's no point in having it if there's just one partition. Add to that, difficulties with LVM resizes and a lack of easy tools.
10:59:45 <aday> Neal: Cockpit seems to be able to manipulate LVM storage just fine. Can we put that functionality into GNOME Disks? Doesn't want us to change the storage configuration for invalid reasons. Likes LVM because he can grow his / without reformatting.
10:59:51 <aday> Owen: there's some history between UDisks and LVM. UDisks now has new maintainership, and is probably more flexible. There's complexity with LVM which can cause issues.
10:59:54 <aday> Chris: EXT4 doesn't support shrink online.
10:59:56 <aday> Chris: systemd-homed would require integration work. Lennart has an issue list. Initial setup would need to be able to creat a home.
10:59:59 <aday> #endmeeting