#fedora-meeting-2 log

02:56:00 <brainycmurf> #startmeeting Workstation WG (2023-05-16)
02:56:01 <zodbot> Meeting started Wed May 17 02:56:00 2023 UTC.
02:56:01 <zodbot> This meeting is logged and archived in a public location.
02:56:01 <zodbot> The chair is brainycmurf. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
02:56:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
02:56:01 <zodbot> The meeting name has been set to 'workstation_wg_(2023-05-16)'
02:56:01 <brainycmurf> #meetingname workstation
02:56:01 <zodbot> The meeting name has been set to 'workstation'
02:56:01 <brainycmurf> #chair Allan
02:56:01 <zodbot> Current chairs: Allan brainycmurf
02:56:26 <brainycmurf> #info Present members: Matthias, Tomas, Chris, Owen, Allan, Jens, Kalev, Michael
02:56:27 <brainycmurf> #info Guests:
02:56:27 <brainycmurf> #info Regrets: Neal
02:56:27 <brainycmurf> #info Missing:
02:56:27 <brainycmurf> #info Secretary: Owen
02:56:27 <brainycmurf> #topic Suggest upgrading KDF (Key Derivation Function) for encrypted drives
02:56:29 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/372
02:56:31 <brainycmurf> We have new information in the ticket.
02:56:33 <brainycmurf> - Owen: I don't fully agree with mbroz's comment on the ticket (people do have "weak" passphrases), but we shouldn't proceed without mbroz's approve
02:56:36 <brainycmurf> #action: owen to comment on ticket
02:56:38 <brainycmurf> #topic encryption of user data (excludes system)
02:56:40 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/82
02:56:44 <brainycmurf> #link https://discussion.fedoraproject.org/t/future-of-encryption-in-fedora-desktop-variants/80397
02:56:47 <brainycmurf> #link https://hackmd.io/j0rQLW8mQ1uFKELZNliORQ?view
02:56:49 <brainycmurf> Summary of the Discourse discussion:
02:56:51 <brainycmurf> * A lot of the discussion was about how to bind the passphrase to the TPM. Doesn't necessarily change the overall plan.
02:56:54 <brainycmurf> * One takeaway: we can't go ahead with this until we know what will be used for the next gen bootloader. Our plan wouldn't be possible with grub2.
02:56:57 <brainycmurf> * fscrypt - discussion about whether it provides privacy. It doesn't encrypt metadata. In most cases people don't care about that, but in some situations they might.
02:57:00 <brainycmurf> * Recent bootloader discussion about opening an untrusted Btfrs filesystem.
02:57:02 <brainycmurf> * Lennart advocated for homed. Owen - one issue is that homed doesn't allow remote login. However, there may also be issues with remote login with the btrfs/fscrypt plan.
02:57:05 <brainycmurf> * One positive - we didn't get much push for entire disk encryption. People seemed comfortable with the separate approaches to / and ~/.
02:57:08 <brainycmurf> Owen is more positive about homed than previously, since it provides a place to add code and provides options for encryption rather than rolling our own solution.
02:57:11 <brainycmurf> We'd need a way to have centrally managed account details and local home directories.
02:57:15 <brainycmurf> We're still waiting for btrfs-fscrypt to land upstream. Could happen this year?
02:57:17 <brainycmurf> We should dig more into homed - what would our list of requirements be to make it work?
02:57:19 <brainycmurf> Are we leaning more towards fscrypt or homed? Owen is still leaning more towards fscrypt, but wants to investigate the unenypted btrfs filesystem security concern. Lack of metadata encryption is a little bit of a concern.
02:57:23 <brainycmurf> We could do homed+fscrypt. That would give us more flexibility, so the same approach could be used without btrfs.
02:57:26 <brainycmurf> Michael - filesystem code has to be trusted. Filesystems hacking the kernel is not OK.
02:57:28 <brainycmurf> #action Owen  to identify homed requirements and try to move that side of things forward.
02:57:30 <brainycmurf> homed has implications for user manaagement in GNOME - it would require changes there.
02:57:32 <brainycmurf> homed can lock home while the system is suspended. Would require changes to how the lock screen works. This might not be necessary initially.
02:57:35 <brainycmurf> #topic append commands to bash history instead of overwriting
02:57:37 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/364
02:57:39 <brainycmurf> Chris is proposing to drop this proposal. Anything more to say before we do that?
02:57:41 <brainycmurf> Chris considers his understanding of Bash insufficient push back against the detailed feedback he got on the mailing list - it would have to be advocated by a Bash expert.
02:57:46 <brainycmurf> Michael thinks that we shouldn't avoid making a change that helps most users to avoid causing negative effects for users - we could have a subpackage that enables it (installed or not installed by default).
02:57:49 <brainycmurf> #action Michael and Chris will prepare a change proposal based on the idea of making this a drop-in #link https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/JNA5OVGRVEL5WQKYNMBKANTT5NO2Q4ME/
02:57:53 <brainycmurf> #topic can we have wifi macid randomized by default
02:57:55 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/350
02:57:57 <brainycmurf> Seems like we need a consensus on the NetworkManager side. Can someone push it forward?
02:57:59 <brainycmurf> Currently some NetworkManager-side disagreement about how it is handled.
02:58:01 <brainycmurf> #action Michael to ask thaller if he can proceed based on his idea (of changing the defaults in the NetworkManager configuration)
02:58:04 <brainycmurf> #topic Move Fedora bookmarks to Fedora start page
02:58:06 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/313
02:58:08 <brainycmurf> Action has been waiting on Neal for 10 months. Do we want to pass it on?
02:58:10 <brainycmurf> #action Deferred
02:58:14 <brainycmurf> #topic GUI-based recovery environment
02:58:16 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/288
02:58:18 <brainycmurf> This seems to have stalled. Do we want to reboot it, or put it on the backlog?
02:58:20 <brainycmurf> #action Deferred
02:58:22 <brainycmurf> #topic Announcements and status updates
02:58:24 <brainycmurf> The minutes from last meeting have been posted online:
02:58:26 <brainycmurf> #link https://meetbot.fedoraproject.org/fedora-meeting-2/2023-05-10/workstation.2023-05-10-23.43.log.html
02:58:29 <brainycmurf> - Now are nightly Flatpaks of GNOME incubator apps
02:58:31 <brainycmurf> - Some action on Console vs. Workstation requirements after publicity via https://blogs.gnome.org/mcatanzaro/2023/05/10/gnome-core-apps-update/
02:58:34 <brainycmurf> - EOL of Fedora 36 today
02:58:36 <brainycmurf> #endmeeting