16:03:01 <geppetto> #startmeeting fpc
16:03:01 <zodbot> Meeting started Thu Sep 11 16:03:01 2014 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:03:01 <geppetto> #meetingname fpc
16:03:01 <zodbot> The meeting name has been set to 'fpc'
16:03:02 <geppetto> #topic Roll Call
16:03:37 * RemiFedora here
16:04:09 <geppetto> abadger1999 tibbs|w limburgher Rathann SmootherFr0gZ RemiFedora racor spot: FPC ping
16:04:15 <geppetto> tibbs: FPC ping
16:04:16 * racor is here
16:04:21 <tibbs|w> I'm around, but super busy.
16:04:22 <geppetto> #chair racor
16:04:22 <zodbot> Current chairs: geppetto racor
16:04:26 <geppetto> #chair tibbs
16:04:26 <zodbot> Current chairs: geppetto racor tibbs
16:04:44 * RemiFedora here
16:04:50 <geppetto> #chair RemiFedora
16:04:50 <zodbot> Current chairs: RemiFedora geppetto racor tibbs
16:05:23 <geppetto> racor: hey, you didn't send an email about the new FPC member you wanted to propose … did you speak to him/her and they decline?
16:10:19 <racor> geppetto: ?!? I don't recall having wanted to propose one, sorry.
16:10:58 * Rathann here
16:11:02 <Rathann> sorry
16:11:36 <geppetto> #chair Rathann
16:11:36 <zodbot> Current chairs: Rathann RemiFedora geppetto racor tibbs
16:11:43 <geppetto> no problem
16:11:57 <geppetto> Rathann: hey, you didn't send an email about the new FPC member you wanted to propose … did you speak to him/her and they decline?
16:12:36 <racor> geppetto: Nevertheless, I can start think about it.
16:13:00 <geppetto> racor: sure, just for some reason I thought you said you'd spoken to someone as Rathann said the same.
16:13:07 <geppetto> racor: Was just confused, I guess.
16:13:41 <Rathann> geppetto: was I supposed to send e-mail to someone? I only said I talked to a guy during Flock and he expressed interest, so I told him to watch out for public announcement. I didn't get his name, sadly.
16:14:03 <Rathann> sorry for confusion
16:14:17 <geppetto> Rathann: Ahh, I thought you did. I had you down as being able to send an email to everyone.
16:14:41 <geppetto> Rathann: I'll try to find out what our public announcements have looked like so I can do something similar.
16:15:38 <geppetto> Anyway, we have quorum … so let's try some tickets:
16:15:40 <geppetto> #topic #448     Copylib exception for fastlz
16:15:44 <Rathann> I have no problem doing the public announcement, if that's what you meant.
16:15:45 <geppetto> https://fedorahosted.org/fpc/ticket/448
16:15:52 <geppetto> Rathann: Sure, that'd be great
16:16:05 <RemiFedora> 448 is closed
16:16:28 <geppetto> bah
16:16:39 <geppetto> #topic #454 	Bundling exception for php-phpoffice-phpexcel
16:16:44 <geppetto> https://fedorahosted.org/fpc/ticket/454
16:17:03 <geppetto> no more info.
16:17:19 <geppetto> Ok, moving on to new stuff:
16:17:20 <geppetto> #topic #452     Crypto policies packaging guideline
16:17:25 <geppetto> https://fedorahosted.org/fpc/ticket/452
16:19:09 <tibbs|w> I haven't seen anything that would change my opinion here.
16:20:01 <Rathann> I actually did change mine
16:20:50 <RemiFedora> the draft have "When in doubt, discuss with the Fedora security team." which is perhaps enough
16:22:02 <Rathann> also it's only for OpenSSL and GnuTLS users
16:22:21 <geppetto> yeh, while I'm not a fan of "paste this and hope" … this looks fine.
16:23:02 <Rathann> it looks simple enough that every packager should be able to understand and apply
16:23:06 <geppetto> yeh
16:23:32 <Rathann> however
16:23:37 <geppetto> tibbs: was your opinion that this was bad … want to say why, and if there's any change you'd like to see before you'd change your mind?
16:23:59 <Rathann> I'd like a bit more detail about the configuration files mentioned at the beginning of each section
16:25:12 <geppetto> Like where they'd be found in the package etc.?
16:26:16 <Rathann> like how they look and how they're used - in the code? or do you need to place them in a specific directory?
16:28:00 <geppetto> #info Need more info. about the configuration files, what they look like, where they'd be located, etc.
16:30:30 <geppetto> tibbs: ping before we move on?
16:32:00 <tibbs|w> Hmm?
16:32:13 <tibbs|w> Oh, sorry.
16:32:16 <geppetto> tibbs: You said your opinion hadn't changed … was it a no>
16:32:28 <geppetto> tibbs: Do you want to ask them for anything? Or for any changes?
16:32:37 <tibbs|w> I just don't think this is the kind of thing we can reasonably expect to do at package review time.
16:34:05 <geppetto> So you think we'd need some kind of GCC thing?
16:34:18 <geppetto> Like for the printf stuff?
16:34:27 <Rathann> why not? you get specific function calls to grep for, so it really isn't that much additional effort
16:35:04 <geppetto> yeh, I think anyone who understands C could make sure a package follows this.
16:35:20 <geppetto> Although it'd be somewhat annoying, in that you'd have to prepare the source and start grepping
16:35:28 <geppetto> could just look in the specfile/etc.
16:37:38 <tibbs|w> I've done a whole bunch of package reviews and just don't think this works well.  Having package reviewers join some cargo cult to say "I see stuff in the source which I don't understand but which you aren't supposed to use; fix it" isn't helpful to the process.
16:39:16 <geppetto> But how is that different from the current "you must compile with -Wformat=2" or whatever?
16:39:21 <racor> I basically concur with tibbs|w. I don't think how this proposal can be make workable.
16:40:01 <racor> Detecting such issues is one thing, doing something about them is a different issue.
16:40:19 <Rathann> I'm all for lowering the bar for doing package reviews but some things just require a bit of understanding
16:40:27 <Rathann> crypto is one of them
16:40:46 <Rathann> nobody is forcing people to do reviews of packages using crypto
16:41:04 <tibbs|w> Because we really need to have less package reviews done....
16:41:32 <geppetto> racor: tibbs: Do you think we can put this into policy to help packagers without saying reviewers have to understand/review it?
16:41:47 <racor> geppetto: I guess you are aware, -Werror=format-security is controversial and considered to be more harmful than helpful by some people (e.g me)?
16:42:05 <Rathann> tibbs|w: I think the proposal contains more than enough information not to warrant a cargo cult reference
16:43:26 <geppetto> racor: I agree to some extent (I've had to work around it in packages where it was a false positive) … but that is policy atm.
16:43:41 <Rathann> if there are reviews where people say they don't understand this part of the guidelines, we can ask nmav to make it more understandable
16:44:34 <geppetto> racor: And I can see the upside (everyone being good enough is better than 99% being awesome, and one disaster).
16:47:00 <racor> sorry, was distracted on the phone, trying to catch up.
16:50:09 <racor> geppetto: how would you envision to make https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies workable? Patch each and every package to comply with this?
16:50:46 <Rathann> racor: exactly
16:50:57 <geppetto> racor: yeh, ask packagers to make sure those calls looked like the policy said
16:51:03 <Rathann> has anyone even counted how many there are?
16:51:21 <racor> geppetto: I am also astounded to read "discuss with the Fedora Security", but see a denial to make this the jov Security Team in trac.
16:51:43 <racor> s/jov/job/
16:52:44 <geppetto> My guess is that security are worried that a lot of apps. would then need their signoff at review time
16:53:25 <racor> Rathann: I do not consider this to be realistic, but to cause it very bad blood with upstreams.
16:53:30 <geppetto> But as Rathann said, I wouldn't expect a lot of apps. (maybe that's naive though)
16:54:16 <racor> geppetto: May be, to getting started Nmav should start identifying and counting?
16:54:34 <geppetto> Ok, that at least is something concrete that seems fair.
16:55:18 <geppetto> #info We need some kind of number on how many packages this would affect. 6 affected would be different than 666.
16:55:43 <RemiFedora> just looking at php sources... not trivial to fix and be compliant with this proposal
16:56:00 <geppetto> #info Worries that if security team can't be the gatekeepers, then random reviewers wouldn't be good gatekeepers either.
16:56:43 <geppetto> #info Also, as a quick example, PHP seems non-trivial to make compliant with this proposal … and it's not obvious how upstream would react if it was changed.
16:56:55 <geppetto> Ok, I'll update the ticket with that stuff later.
16:57:12 <geppetto> #topic #453     Changes/SystemdSysusers updates for Packaging:UsersAndGroups
16:57:17 <geppetto> https://fedorahosted.org/fpc/ticket/453
16:57:38 <Rathann> hm I'm counting 840 binary RPMs requiring openssl in f20
16:57:56 <Rathann> and 168 for gnutls
17:00:18 <geppetto> It doesn't say why the benefit is a benefit
17:01:00 <geppetto> …my guess is that you can manually run the systemd-sysusers on /usr//lib/sysusers.d … after you've deleted passwd/etc.
17:01:41 <geppetto> The backout plan seems terrible to me too
17:03:04 <geppetto> walters: Hey, so … the benefit section doesn't mention why it's different … I assume there is a way to rerun the user creation post package install?
17:03:19 <tibbs|w> Queue the systemd katamari arguments all over again.
17:03:24 <walters> to be clear, basically I made the Feature after the code had been written and uploaded, to try to document it and gather consensus
17:03:49 <tibbs|w> Not that I agree with those arguments, but I do expect them.
17:04:09 <walters> geppetto, i believe just rerunning systemd-sysusers will do that, it's AFAIK idempotent
17:04:35 <geppetto> walters: Also the contingency plan kind of sucks :) … is there a way we could template the current usage of user install, so that it'd call useradd or systemd-sysusers with a created file?
17:04:52 <walters> that's a good point
17:05:08 <walters> doesn't some other RPM distro have macros for this already?
17:05:33 * walters looks
17:05:33 <geppetto> walters: Ok, so it's more like gtk-icon-cache … in that every post would look at the entire contents of the directory?
17:05:35 <walters> not suse...
17:05:47 <walters> geppetto, yeah
17:06:10 <tibbs|w> What's behind the %sysusers_create macro?  The link to the git commit doesn't seem to have it.
17:06:34 <walters> tibbs|w, systemd ships rpm macros
17:07:32 <walters> see src/core/macros.systemd.in in the source, /usr/lib/rpm/macros.d/macros.systemd in the binary
17:08:56 <tibbs|w> Seems I'm not on new enough systemd to see that.
17:09:07 <walters> hmm, i have it on rhel7
17:09:33 <walters> geppetto, so we could try for a higher level macro, but my initial take was to only do sysusers for a few packages to see how it works out before mass porting
17:09:33 <tibbs|w> systemd-208-21.fc20.x86_64
17:09:59 <tibbs|w> What's this going to look like for people who want to maintain one spec across multiple distro versions?
17:10:24 <geppetto> tibbs: depends on if we get template macros , I guess
17:10:24 <sgallagh> tibbs|w: To be fair, that's always been aspirational.
17:10:57 <geppetto> walters: Ok, so this ticket just wants to ask for permissions to change a few packages?
17:11:15 <tibbs|w> My RHEL7 (really Centos7) doesn't have that macro.
17:11:22 <geppetto> walters: That's probably easier to get ACKs for than to change policy for everything :) … do you have a list of packages you want to test with?
17:11:42 <walters> geppetto, yes...but also agreeing something like this, if not this exact code, is the right long term direction
17:12:13 <tibbs|w> sgallagh: To be fair, the majority (or at least a significant portion) of package maintainers seem prefer it that way.  I don't really agree with them, but that's the way it is.
17:12:15 <walters> tibbs|w, oh right, that macro is only in f21 or newer, i just meant the macro file has existed for some time
17:12:26 <tibbs|w> Yeah, the file is there.
17:13:05 <sgallagh> tibbs|w: I mostly meant that we've added macros in the past and acknowledged that it's acceptable for older releases to need to make conditionals to work around it.
17:13:13 <walters> also note the current state AIUI is still the service is enabled for f21, but only used by systemd itself
17:14:23 * geppetto nods
17:14:36 <geppetto> Does anyone know where the rpm macro file lives in git?
17:14:38 <tibbs|w> What I really don't understand here is how the users get created _before_ package install.
17:14:55 <tibbs|w> Currently you add users in %pre.  This seems to create users in %post.
17:14:56 <sgallagh> tibbs|w: %pre?
17:15:06 <sgallagh> oh, ignore me :(
17:15:37 <tibbs|w> Actually, the proposal says we currently create users in %post, and that's not the case.
17:16:10 <geppetto> it's possible some packages do, for users that don't own files the package ships
17:17:42 <tibbs|w> So I guess there's some confusion.
17:19:11 <walters> i think the reference to %post there was just my mistake
17:19:12 <walters> fixed now
17:19:14 <geppetto> Ok, so PROPOSAL: We don't mind moving from calling adduser, to having files installed that specify that information (maybe this implementation, maybe another). Also we don't mind someone testing a small number of packages to shake problems out of this implementation, and then they can come back with a real policy change. Would also be helpful to have a better revert plan than change all the rpms again.
17:19:40 <geppetto> +1
17:23:09 <geppetto> tibbs|w racor Rathann RemiFedora: Want to change the proposal, or vote?
17:23:31 <tibbs|w> +1
17:23:48 <RemiFedora> sorry was busy somewhere else...
17:23:50 <racor> I once again feel raped by the systemd guys and therefore will abstain to vote
17:24:10 <racor> i.e. 0
17:25:37 <Rathann> +1 on what geppetto proposes, -1 to current walters' proposal
17:25:48 <Rathann> it's not documented enough
17:25:56 <RemiFedora> I also agree on geppetto proposal
17:26:22 <geppetto> racor: To be fair I would look at this more of "tools that are shipped in the systemd git/tarball, like fsck/login/hostname/etc."
17:28:29 <geppetto> #action Needs votes:  #453     Small number of packages to test new sysusers user creation code (+1:4, 0:1, -1:0) (systemd marketing joy gets the non-pass, atm.)
17:29:04 <geppetto> walters: I'd guess spot or toshio can probably vote, to get the testing started.
17:29:34 <geppetto> #topic Open Floor
17:29:37 <racor> geppetto: There is not sense in trying to take nice the systemd's attitude to confront us with completed facts.
17:29:48 <racor> s/take/talk/
17:29:48 <RemiFedora> haw it would work with docker image and "fake systemd" ?
17:30:16 <geppetto> RemiFedora: I guess all the files get installed, but nothing is run to create the users until fakesystemd is swapped out
17:30:27 <racor> Anyway, 19:30 local time, I have to quit
17:30:44 <geppetto> RemiFedora: But that might be one of the things needing to be tested.
17:32:14 <RemiFedora> I was in the hope we could close the SCL ticket... but probably too late
17:32:15 <walters> fakesystemd was just pulled from fedora, right?
17:32:16 <geppetto> Certainly it doesn't seem to need the systemd- prefix … so maybe they can sub-package it and then it'll work as normal with fakesystemd
17:32:36 <walters> RemiFedora, but you're clearly correct there is a potential intersection there
17:33:07 <geppetto> RemiFedora: As I said last week … I'd rather have at least toshio here + quorum, before we do that.
17:33:09 <RemiFedora> yes, IIRC fakesystemd does "nothing" , so obviously won't create any user
17:33:25 <geppetto> Probably just too optimstic that we don't have to close it
17:33:42 <RemiFedora> I was also in hope we see some new candidates for FPC
17:34:03 <geppetto> But it's not systemd that's create the users, it's the systemd-sysusers program … which doesn't call into systemd at all, AFAIK.
17:34:04 <RemiFedora> my plan was to wait a little for this to happen and the resign from FPC
17:34:24 <RemiFedora> but this probably won't happen really soon.
17:34:29 <geppetto> Just uses library calls etc.
17:35:03 <geppetto> RemiFedora: Rathan is going to post for people who want to apply, publically
17:35:17 <RemiFedora> ok
17:35:32 <RemiFedora> I will try to assist next week FPC, and this should be my last one
17:35:54 <geppetto> wow, ok
17:36:31 <geppetto> was going to say we could try for 3 new people isntead of 2, and then it would be fine if you wanted to retire a few weeks after that
17:36:42 <Rathann> so how many new members do we need? 3?
17:36:49 <geppetto> But if you need to leave sooner...
17:37:18 <geppetto> Well atm. it's not obvious if/when spot and toshio will be able to be here
17:37:34 <geppetto> So I'd have said 2 … but I guess 3 now.
17:37:51 <geppetto> At worst we'll have a 7 person quorum in a few months.
17:39:21 <geppetto> Ok, if there's nothing else I'll close in 5 minutes.
17:45:43 <geppetto> #endmeeting