16:57:01 <brainycmurf> #startmeeting Workstation WG (2024-06-18)
16:57:01 <zodbot> Meeting started Tue Jun 18 16:57:01 2024 UTC.
16:57:01 <zodbot> This meeting is logged and archived in a public location.
16:57:01 <zodbot> The chair is brainycmurf. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
16:57:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:57:01 <zodbot> The meeting name has been set to 'workstation_wg_(2024-06-18)'
16:57:01 <brainycmurf> #meetingname workstation
16:57:01 <zodbot> The meeting name has been set to 'workstation'
16:57:01 <brainycmurf> #chair Michael
16:57:01 <zodbot> Current chairs: Michael brainycmurf
16:57:01 <brainycmurf> #info Present members: Allan, Michael, Jens, Matthias, Kalev, Chris
16:57:01 <brainycmurf> #info Guests:
16:57:02 <brainycmurf> #info Regrets: Tomas, Neal
16:57:04 <brainycmurf> #info Missing:
16:57:06 <brainycmurf> #info Secretary: Allan
16:57:10 <brainycmurf> #topic Metrics change proposal
16:57:12 <brainycmurf> No feedback from WG members so far
16:57:14 <brainycmurf> Matthias: question about defaulting metrics collection to off
16:57:16 <brainycmurf> Michael: the idea is that people will be forced to choose yes/no - so you can't click through
16:57:18 <brainycmurf> Allan: are we still on the hook to set up a working group to manage the data? Michael: yes
16:57:20 <brainycmurf> It could be a subcommittee of this working group, or FESCo
16:57:22 <brainycmurf> F41 is started at the target release, but it's more likely to be F42
16:57:24 <brainycmurf> Plan is to publish next week
16:57:26 <brainycmurf> What is the WG position on the proposal?
16:57:28 <brainycmurf> Vote: is the WG prepared to be the change owner on the change proposal?
16:57:30 <brainycmurf> +1s: Michael, Allan, Matthias, Jens, Owen, Kalev - passed unanimously
16:57:32 <brainycmurf> #topic encryption of user data (excludes system)
16:57:34 <brainycmurf> #link https://pagure.io/fedora-workstation/issue/82
16:57:36 <brainycmurf> Update from Owen:
16:57:38 <brainycmurf> GNOME homed integration work is continuing, but he doesn't know progress
16:57:42 <brainycmurf> Little movement on unified kernel images - it's unclear what we can do there
16:57:44 <brainycmurf> The plan in general is a good one. homed is probably more central to the plan than originally envisaged.
16:57:47 <brainycmurf> Owen doesn't expect to have time to work on this in the next couple of months
16:57:49 <brainycmurf> Michael: are unified kernel images important for this? Owen: if you don't have a standard boot loader image, you don't have a chain of trust up to the point that you unlock - things get a lot trickier. You'd have to update encryption keys each time the bootloader is updated.
16:57:53 <brainycmurf> Chris: a UKI image could be signed, closing the initramfs hole - it's not strictly necessary, but you'd want to do it because it's a big hole. It's a strong nice to have, though it is technically independent of homed.
16:57:56 <brainycmurf> Michael: since this isn't making progress, should we enable luks full disk encription by default?
16:57:58 <brainycmurf> Owen: full disk encryption doesn't protect against evil maid attacks. Also there's no recovery key story.
16:58:01 <brainycmurf> Allan: there were also questions around multi-user, a11y, input methods.
16:58:03 <brainycmurf> Owen: we know that full disk encryption isn't ideal. The question is whether we should do something rather than nothing.
16:58:06 <brainycmurf> Michael: input methods aren't an issue. Owen: but we should do better with keyboards. The layout could change.
16:58:11 <brainycmurf> Michael: would like to enable full disk encryption now
16:58:13 <brainycmurf> Allan: is concerned that enabling now will be a disincentive to doing a better solution later
16:58:15 <brainycmurf> Owen: doesn't think it's safe enough for people who don't have an understanding of what's going on
16:58:18 <brainycmurf> Chris: what would the upgrade experience be like if we enabled full disk and then introduced another encryption solution later? Would you end up with double encryption? Owen: any new solution would probably be for new installs only.
16:58:22 <brainycmurf> Owen: the GNOME work is just one piece of a system solution.
16:58:24 <brainycmurf> Owen: could we put out something to say what our engineering priorities are, to see if we can pull some resources together? Can we have a set of newcomers tasks that could help contributors get involved?
16:58:27 <brainycmurf> Allan: can we identify specific tasks and approach individuals to complete them? Can we come up with a task list of approachable development contributions?
16:58:30 <brainycmurf> Matthias: we could work out the missing pieces that we'd need, in combination with the existing GNOME/homed work. Owen: a call with Ray and the upstream GNOME contributors would be a good first step for that. We should work out what would be required for an MVP. We could also speak to the kernel and bootloader teams to see if there's a time line for what we would require from them.
16:58:35 <brainycmurf> #action Owen to organise a coordination meeting in 2 weeks
16:58:37 <brainycmurf> #topic Announcements, follow-ups, status reports
16:58:41 <brainycmurf> Owen will skip the next 2 meetings
16:58:43 <brainycmurf> #topic Minutes from last week
16:58:45 <brainycmurf> #link https://meetbot.fedoraproject.org/fedora-meeting-2/2024-06-11/workstation.2024-06-11-21.22.log.html
16:58:48 <brainycmurf> #endmeeting