02:56:00 #startmeeting Workstation WG (2023-05-16) 02:56:01 Meeting started Wed May 17 02:56:00 2023 UTC. 02:56:01 This meeting is logged and archived in a public location. 02:56:01 The chair is brainycmurf. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 02:56:01 Useful Commands: #action #agreed #halp #info #idea #link #topic. 02:56:01 The meeting name has been set to 'workstation_wg_(2023-05-16)' 02:56:01 #meetingname workstation 02:56:01 The meeting name has been set to 'workstation' 02:56:01 #chair Allan 02:56:01 Current chairs: Allan brainycmurf 02:56:26 #info Present members: Matthias, Tomas, Chris, Owen, Allan, Jens, Kalev, Michael 02:56:27 #info Guests: 02:56:27 #info Regrets: Neal 02:56:27 #info Missing: 02:56:27 #info Secretary: Owen 02:56:27 #topic Suggest upgrading KDF (Key Derivation Function) for encrypted drives 02:56:29 #link https://pagure.io/fedora-workstation/issue/372 02:56:31 We have new information in the ticket. 02:56:33 - Owen: I don't fully agree with mbroz's comment on the ticket (people do have "weak" passphrases), but we shouldn't proceed without mbroz's approve 02:56:36 #action: owen to comment on ticket 02:56:38 #topic encryption of user data (excludes system) 02:56:40 #link https://pagure.io/fedora-workstation/issue/82 02:56:44 #link https://discussion.fedoraproject.org/t/future-of-encryption-in-fedora-desktop-variants/80397 02:56:47 #link https://hackmd.io/j0rQLW8mQ1uFKELZNliORQ?view 02:56:49 Summary of the Discourse discussion: 02:56:51 * A lot of the discussion was about how to bind the passphrase to the TPM. Doesn't necessarily change the overall plan. 02:56:54 * One takeaway: we can't go ahead with this until we know what will be used for the next gen bootloader. Our plan wouldn't be possible with grub2. 02:56:57 * fscrypt - discussion about whether it provides privacy. It doesn't encrypt metadata. In most cases people don't care about that, but in some situations they might. 02:57:00 * Recent bootloader discussion about opening an untrusted Btfrs filesystem. 02:57:02 * Lennart advocated for homed. Owen - one issue is that homed doesn't allow remote login. However, there may also be issues with remote login with the btrfs/fscrypt plan. 02:57:05 * One positive - we didn't get much push for entire disk encryption. People seemed comfortable with the separate approaches to / and ~/. 02:57:08 Owen is more positive about homed than previously, since it provides a place to add code and provides options for encryption rather than rolling our own solution. 02:57:11 We'd need a way to have centrally managed account details and local home directories. 02:57:15 We're still waiting for btrfs-fscrypt to land upstream. Could happen this year? 02:57:17 We should dig more into homed - what would our list of requirements be to make it work? 02:57:19 Are we leaning more towards fscrypt or homed? Owen is still leaning more towards fscrypt, but wants to investigate the unenypted btrfs filesystem security concern. Lack of metadata encryption is a little bit of a concern. 02:57:23 We could do homed+fscrypt. That would give us more flexibility, so the same approach could be used without btrfs. 02:57:26 Michael - filesystem code has to be trusted. Filesystems hacking the kernel is not OK. 02:57:28 #action Owen to identify homed requirements and try to move that side of things forward. 02:57:30 homed has implications for user manaagement in GNOME - it would require changes there. 02:57:32 homed can lock home while the system is suspended. Would require changes to how the lock screen works. This might not be necessary initially. 02:57:35 #topic append commands to bash history instead of overwriting 02:57:37 #link https://pagure.io/fedora-workstation/issue/364 02:57:39 Chris is proposing to drop this proposal. Anything more to say before we do that? 02:57:41 Chris considers his understanding of Bash insufficient push back against the detailed feedback he got on the mailing list - it would have to be advocated by a Bash expert. 02:57:46 Michael thinks that we shouldn't avoid making a change that helps most users to avoid causing negative effects for users - we could have a subpackage that enables it (installed or not installed by default). 02:57:49 #action Michael and Chris will prepare a change proposal based on the idea of making this a drop-in #link https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/JNA5OVGRVEL5WQKYNMBKANTT5NO2Q4ME/ 02:57:53 #topic can we have wifi macid randomized by default 02:57:55 #link https://pagure.io/fedora-workstation/issue/350 02:57:57 Seems like we need a consensus on the NetworkManager side. Can someone push it forward? 02:57:59 Currently some NetworkManager-side disagreement about how it is handled. 02:58:01 #action Michael to ask thaller if he can proceed based on his idea (of changing the defaults in the NetworkManager configuration) 02:58:04 #topic Move Fedora bookmarks to Fedora start page 02:58:06 #link https://pagure.io/fedora-workstation/issue/313 02:58:08 Action has been waiting on Neal for 10 months. Do we want to pass it on? 02:58:10 #action Deferred 02:58:14 #topic GUI-based recovery environment 02:58:16 #link https://pagure.io/fedora-workstation/issue/288 02:58:18 This seems to have stalled. Do we want to reboot it, or put it on the backlog? 02:58:20 #action Deferred 02:58:22 #topic Announcements and status updates 02:58:24 The minutes from last meeting have been posted online: 02:58:26 #link https://meetbot.fedoraproject.org/fedora-meeting-2/2023-05-10/workstation.2023-05-10-23.43.log.html 02:58:29 - Now are nightly Flatpaks of GNOME incubator apps 02:58:31 - Some action on Console vs. Workstation requirements after publicity via https://blogs.gnome.org/mcatanzaro/2023/05/10/gnome-core-apps-update/ 02:58:34 - EOL of Fedora 36 today 02:58:36 #endmeeting