16:01:27 <geppetto> #startmeeting fpc
16:01:27 <zodbot> Meeting started Thu Oct 23 16:01:27 2014 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:27 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:01:27 <geppetto> #meetingname fpc
16:01:27 <zodbot> The meeting name has been set to 'fpc'
16:01:27 <geppetto> #topic Roll Call
16:01:37 <geppetto> abadger1999 limburgher mbooth orionp racor Rathann SmootherFr0gZ spot tibbs|w tomspur: FPC ping
16:01:46 <orionp> morning
16:02:21 <tomspur> evening :)
16:02:22 <geppetto> #chair orionp
16:02:22 <zodbot> Current chairs: geppetto orionp
16:02:27 <geppetto> #chair tomspur
16:02:27 <zodbot> Current chairs: geppetto orionp tomspur
16:03:36 <geppetto> #chair racor
16:03:36 <zodbot> Current chairs: geppetto orionp racor tomspur
16:03:44 <mbooth> Hi
16:04:48 <geppetto> #chair mbooth
16:04:48 <zodbot> Current chairs: geppetto mbooth orionp racor tomspur
16:06:18 <geppetto> abadger1999 limburgher Rathann SmootherFr0gZ spot tibbs|w: FPC ping
16:06:36 <geppetto> tibbs: FPC ping
16:10:23 <orionp> do we have quorum? Need to wait more or shall we proceed?
16:10:51 <geppetto> Yeh, was just waiting to see if more people arrived
16:10:59 <geppetto> we only need 5 though.
16:11:17 * jsmith lurks
16:12:15 <geppetto> #chair tibbs|w
16:12:15 <zodbot> Current chairs: geppetto mbooth orionp racor tibbs|w tomspur
16:12:18 <geppetto> Ok
16:12:19 <tibbs|w> Sorry for being late yet again.
16:12:56 <geppetto> #topic #463 	Note on ExecStart
16:13:01 <geppetto> https://fedorahosted.org/fpc/ticket/463
16:13:56 <geppetto> This seemed like kind of an annoying word change for no real reason
16:14:13 <geppetto> but w/e … I guess I'm +1 on any reasonable wording
16:15:19 <tibbs|w> I don't know what reasonable wording would be.
16:15:56 <geppetto> Maybe just delete that sentence?
16:16:01 <tomspur> Maybe change ExecStart to ExecStart/ExecStop?
16:16:51 <orionp> There is also this earlier: ExecStart= is necessary for all services. This line defines the string that you would run to start the daemon, along with any necessary options.
16:17:13 <racor> I think orionp's question on the ticket should be clarified, beforehand.
16:17:16 <tibbs|w> I mean, our guidelines should reflect reality but I don't know what reality with systemd is anymore.
16:17:43 <mbooth> Yeah, I'd say just delete that "note" box, if it's contents are not longer relevant.
16:18:37 <geppetto> I'm also happy to send it back with "Please come up the a diff. for the policy and we'll vote on it" :)
16:18:38 <tomspur> What does this mean "They should only set ExecStop= but leave ExecStart= unset." If "ExecStart=" still needs to be there (just unset), thatn the wording sounds fine for me. It would still be needed for all services.
16:18:43 <racor> mbooth: Can you confirm this applies to all of fedora 19...22 and EPEL7?
16:19:02 <tomspur> Or does unset mean, leave it out of the .service file?
16:19:23 <orionp> +1 to deleting the note box.
16:20:15 <mbooth> racor: I cannot without some research, the reporter might know
16:21:08 <racor> mbooth: I can't, either.
16:22:09 <geppetto> Ok, so do we want to vote on asking the reporter to come up with a policy change, and clarify which versions of systemd this is true for?
16:22:54 <mbooth> geppetto: Yes that sounds ideal
16:23:32 <tibbs|w> Honestly I'm not sure that note box is even useful regardless of what versions of systemd support this.
16:25:26 <geppetto> tibbs: there is that, the entire thing seems like adding weird trivia into the documentation that won't help anyone
16:25:32 <tibbs|w> I could get behind just removing it.
16:26:43 <geppetto> Proposal: Remove note box containing ExecStart information, from systemd guidlines
16:26:53 <geppetto> +1
16:26:54 <mbooth> This is true. "Will knowing this cause you to do anything differently?" Probably not
16:27:00 <orionp> +1
16:27:03 <mbooth> +1
16:27:04 <tomspur> +1
16:27:38 <tibbs|w> +1
16:28:54 <racor> +1
16:28:59 <geppetto> #action 463 Remove note box containing ExecStart information, from systemd guidlines (+1:6, 0:0, -1:0)
16:29:21 <geppetto> #topic #464 	systemd recommendations for modifying configuration
16:29:29 <geppetto> https://fedorahosted.org/fpc/ticket/464
16:30:12 <geppetto> This really needs new policy
16:31:06 <geppetto> The "new new" way is to have an override file, so you don't have to copy everything from the source. This means you'll get automatic changes to the bits you didn't change, which is hopefully not going to break anything.
16:31:36 <tibbs|w> Why is this in the packaging guidelines in the first place?
16:31:43 <tibbs|w> That sounds like end user documentation.
16:32:04 <geppetto> Because we documented how to get services started for sysvinit?
16:32:50 <orionp> Packagers needed to know how to use existing /etc/sysconfig/ files
16:33:35 <orionp> Is it possible that packages would ship a foo.service.d/option.conf file for admins to modify?
16:34:17 <geppetto> Maybe
16:34:27 <geppetto> In theory they should be %ghost'ing them
16:34:41 <geppetto> Well, the dir.
16:34:55 <orionp> fun
16:35:33 <geppetto> It's also that time in the cycle where people seem to think chipping config. files in packages is an awesome idea again … so I can see packages shipping .conf files for other services
16:35:40 <geppetto> *shipping
16:37:12 <tibbs|w> This isn't at all about /etc/sysconfig files, though.
16:37:31 <tibbs|w> This is about what an end user does if they want to change something in a shipped unit file.
16:37:39 <tibbs|w> It really shouldn't be in the guidelines at all.
16:38:36 <geppetto> tibbs: "environment files" in that paragraph means "config file in /etc/sysconfig"
16:39:36 <orionp> or wherever
16:39:47 <geppetto> I'm happy to just delete that paragraph, and the next "Either approach is valid in Fedora. " … so people can use environment files, or do systemd specific things they know about
16:40:31 <mbooth> These things seem orthogonal -- customising a unit's behaviour != setting up a unit's environment
16:40:33 <racor> tibbs|w: Err, the section we currently are discussing is https://fedoraproject.org/wiki/Systemd i.e. systemd documentation.
16:40:33 <geppetto> That leaves in the documentation for people transitioning from sysvinit
16:41:04 <racor> It is not https://fedoraproject.org/wiki/Packaging:Systemd
16:41:07 <geppetto> racor: yeh, specifically: https://fedoraproject.org/wiki/Packaging:Systemd?rd=Packaging:Guidelines:Systemd#EnvironmentFiles_and_support_for_.2Fetc.2Fsysconfig_files
16:41:26 <tibbs|w> Umm, if this isn't under Packaging, why are we talking about this at all?
16:41:28 <racor> I think this isn't our topic or business at all!
16:41:56 <geppetto> racor: no, it's under packaging
16:42:21 <geppetto> The wiki link racor posted is related, but not what the ticket is talking about
16:42:41 <geppetto> -10 points to the ticket for not including URLs to what he's talking about
16:42:42 <tibbs|w> OK, all I can say is that we should excise the part of the guidelines starting with "Although environment files are easy to use".
16:43:00 <geppetto> yeh
16:43:13 <tomspur> So only the upstream recommendation has changed. How about remove the wording about "upstream recommendation" and only show both possibilities: "EnvironmentFiles" and the extra section about "How do I customize a unit file/ add a custom unit file" ?
16:43:30 <geppetto> Proposal: Just delete that paragraph, and the next "Either approach is valid in Fedora."
16:43:42 <tibbs|w> If using EnvironmentFiles is to be discouraged, someone can propose that and we'll add an admonition not to use it.
16:43:54 <racor> geppetto: I think, the document the ticket is referring to, is not part of the FPG but general systemd documentation.
16:44:27 <tibbs|w> It's in this section:
16:44:29 <geppetto> racor: No, it's: https://fedoraproject.org/wiki/Packaging:Systemd?rd=Packaging:Guidelines:Systemd#EnvironmentFiles_and_support_for_.2Fetc.2Fsysconfig_files
16:44:31 <tibbs|w> https://fedoraproject.org/wiki/Packaging:Systemd#EnvironmentFiles_and_support_for_.2Fetc.2Fsysconfig_files
16:44:44 <mbooth> racor: That document linked on the ticket is not in guidelines, but the quote is from Packaging:Systemd
16:44:57 <tibbs|w> The penultimate paragraph in that section is what's out of date (and what shouldn't be there at all).
16:45:04 <mbooth> +1 to geppetto's proposal
16:45:16 <tomspur> +q
16:45:20 <tomspur> +1
16:45:47 <tibbs|w> +1
16:46:26 <orionp> +1
16:46:35 <geppetto> +1
16:47:49 <geppetto> #action Remove penultimate paragraph, and the next "Either approach is valid in Fedora.". (+1:6, 0:0, -1:0)
16:48:03 <geppetto> #topic #465 	OpenOffice.org Extensions guidelines out-of-date
16:48:07 <geppetto> https://fedorahosted.org/fpc/ticket/465
16:49:16 <geppetto> I guess we need to move this to someone who knows how to rewrite those guidlines, and then we can vote on the result?
16:49:28 <racor> geppetto: OK, I was confused by the original ticket. It did not refer to Packaging:Systemd at all. orionp's addition did.
16:49:39 <mbooth> I was just about to say, as the reporter I think Rathann offered to draft new guidelines ;-)
16:50:20 <geppetto> I wasn't sure if libreOffice was big enough to have a SIG or something
16:50:26 <geppetto> racor: np
16:50:30 <orionp> I've started a version here: https://fedoraproject.org/wiki/PackagingDrafts/libreOfficeExtentions but we really need input from the libreoffice packager
16:51:19 <orionp> I actually have a libreoffice package, and need to make sure it's proper
16:51:39 <geppetto> #action orionp Have started a version of new policy at https://fedoraproject.org/wiki/PackagingDrafts/libreOfficeExtentions, but need input from rathann and libreOffice packager(s)
16:52:19 <mbooth> orionp: Nice, I guess the action to seek that approval is yours :-)
16:53:23 <geppetto> Anything else anyone want to bring up about it?
16:55:46 <geppetto> Ok, back to crypto
16:55:48 <geppetto> #topic #452     Crypto policies packaging guideline
16:55:53 <geppetto> https://fedorahosted.org/fpc/ticket/452
16:56:57 <geppetto> There's no ruby/python examples, yet
16:57:25 <racor> Still on oo/lo: In his proposal, rathann says %post --link isn't supported, but orionp's draft still carries it.
16:57:44 <orionp> Yup, it still needs a lot of work
16:58:04 <racor> OK
16:58:51 <geppetto> The wording for NSS still isn't 100% clear … are you supposed to migrate from NSS to OpenSSL because of this, or just wait as they'll have it done soon?
17:00:55 <geppetto> I think I'm still ready to +1 it though.
17:01:31 <geppetto> Anyone else need changes, or want to vote?
17:01:59 <mbooth> So are the proposed guidelines these here? https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
17:02:53 <geppetto> yeh
17:04:38 <geppetto> racor: tibbs: You both had concerns about this before, right? Does it look better to you now?
17:04:46 <mbooth> I like that there's an rpmlint patch
17:05:13 <orionp> Petr Pisar had some comments on the devel list
17:05:39 <orionp> but more for clarification it seems
17:07:03 <racor> It much clearer now, than it used to be. However I am still having doubts on its applicability ;)
17:09:19 <orionp> Where would it go in the guidelines?
17:10:17 <geppetto> I assume it'll be a new page Packaging:CryptoPolicies … and then we'll get updates pointing to it from other places?
17:10:35 <geppetto> unless someone has a better idea.
17:11:03 <orionp> That sees reasonable, just wondering where the link to it goes
17:11:22 <geppetto> Can probably ask nmav, if we approve it
17:11:39 <geppetto> Ok, I'm going to +1 it … anyone else want to vote?
17:11:40 <geppetto> +1
17:11:54 <tomspur> Verifying it for python applications seems to be difficult: https://docs.python.org/2/library/ssl.html#protocol-versions
17:12:24 <geppetto> Welcome to python
17:13:19 <tibbs|w> Just a new section on the main page with a link should be sufficient, just like we do with most of the other guidelines.
17:14:27 <tibbs|w> I guess I can +1 this.
17:14:35 <geppetto> tomspur: isn't it just: SSLContext.set_ciphers("@SYSTEM")
17:16:46 <tomspur> geppetto, where is this "@SYSTEM" coming from? sed'ed at %build time?
17:17:34 <geppetto> tomspur: was looking at the gnutls part of the policy … I guess SSLContext.set_ciphers("PROFILE=SYSTEM") ?
17:17:44 <orionp> Can these changes be upstreamed or is this Fedora specific?
17:17:58 <tibbs|w> I guess that depends on upstream.
17:18:05 <geppetto> Not 100% on that, but it looks like the python docs. are saying this is passed through to openssl … so anything that works on the C APIs should be valid here too
17:18:20 <geppetto> orionp: AIUI this is being upstreamed
17:18:32 <tibbs|w> I think most upstreams just want some encryption and don't really understand the ins and outs of it much more than we do.
17:18:54 <geppetto> Yeh
17:19:05 * limburgher is finally here. .  .
17:19:11 <geppetto> #chair limburgher
17:19:11 <zodbot> Current chairs: geppetto limburgher mbooth orionp racor tibbs|w tomspur
17:19:34 <mbooth> It would be great to understand exactly how this SYSTEM profile is defined, I don't see that explained anywhere.
17:19:57 <geppetto> mbooth: It's kind of explained in the Fedora change
17:19:57 <tibbs|w> "Trust us; we know what we're doing."
17:20:05 <geppetto> http://fedoraproject.org/wiki/Changes/CryptoPolicy
17:21:13 <mbooth> geppetto: Ah, I see
17:22:21 <geppetto> So, does anyone want to ask for any more info. or any changes to the policy?
17:22:24 <tomspur> geppetto, aah, it is: context.set_ciphers("DEFAULT")
17:23:31 <geppetto> tomspur: no, that's the compile time setting from upstream … not the system CryptoPolicy setting
17:23:46 <geppetto> tomspur: at least AIUI
17:24:00 <tomspur> That one should get the default from openssl, that is determined at compile time. So if openssl is following the correct CryptoPolicy that should be it isn't it?
17:24:36 <geppetto> AIUI DEFAULT still means openssl default, and you have to do PROFILE=SYSTEM to get the CryptoPolicy version
17:25:11 <geppetto> See, Eg. the SSL_CTX_set_cipher_list example
17:26:57 <geppetto> Proposal: Vote on current CryptoPolcy.
17:27:00 <geppetto> +1
17:28:41 <mbooth> So are the changes to applications to use SYSTEM=PROFILE applicable to other platforms (Windows/Mac, etc) ? (AKA, are the patches upstreamable?)
17:29:14 <tibbs|w> +1
17:29:19 <limburgher> +1
17:29:32 <tibbs|w> Though that rpmlint patch needs to go in ASAP.
17:29:45 <orionp> +1
17:29:45 <racor> +1
17:30:11 <geppetto> mbooth: I believe so
17:30:53 <tomspur> +1
17:30:54 <geppetto> mbooth: In that I believe the patches for openssl for understand PROFILE=SYSTEM have gone upstream
17:31:26 <geppetto> mbooth: And dito. on patches for clients to call SSL_CTX_set_cipher_list("PROFILE=SYSTEM") are going upstream
17:31:44 <geppetto> wtf. openssl happens there on windows, I've no idea.
17:31:44 <mbooth> Ok, as long as we are not adding to the "patches we have to carry forever" maintenance burden, I am happy
17:31:58 <mbooth> +1
17:32:03 <geppetto> I'd guess DEFAULT … but I wouldn't be 100% shocked if it booted nethack either ;)
17:32:18 <geppetto> ok
17:33:02 <geppetto> #action Crypto policies packaging guideline. (+1:7, 0:0, -1:0)
17:33:21 <geppetto> #topic Open Floor
17:33:41 <geppetto> I guess the first thing is … Welcome to your first meeting tomspur and mbooth :)
17:33:58 <mbooth> geppetto: Thanks :-)
17:34:14 <tomspur> geppetto, thanks ;)
17:34:14 <tibbs|w> We accomplished things.
17:34:30 <geppetto> Indeed … nice and simple 1.5 hour one too ;)
17:35:10 <geppetto> Anyone have anything else to bring up?
17:35:24 <mbooth> Going back to crypto...
17:35:30 <mbooth> (Sorry)
17:35:38 <geppetto> no problem
17:35:41 <mbooth> What does openjdk do, I wonder?
17:35:55 * mbooth is not sure what crypto lib that is linked against
17:36:39 <mbooth> Probably worth asking on the ticket is all.
17:36:52 <geppetto> sure
17:36:58 <racor> My time's up for today. I need to quit. Bye.
17:37:00 <geppetto> I'll ask witht he python/ruby bits
17:37:26 <geppetto> Before you go … one quick thing DST is going away over the next couple of weeks
17:38:07 <racor> yep. DE is switching next weekend.
17:38:13 <geppetto> Is everyone fine with 16:00 UTC until the first meeting after Nov. 2nd, and then moving it to 17:00 UTC (so it stays at 12:00 localtime for "everyone")
17:38:46 <tibbs|w> I've no preference either way.
17:38:50 <racor> not sure, I am always confusing timeshift directions ;)
17:39:26 <geppetto> I think that just means that most of europe will be 1 hour earlier next week
17:39:36 <geppetto> But then back at this time the week after
17:39:38 <racor> as long as it stays at 18:00 local time or earlier I am fine.
17:40:32 <geppetto> And all the US will stay on the time we had it this week
17:40:42 <tomspur> +1 for the move after Nov 2nd
17:40:52 <tibbs|w> +1 either way.
17:40:57 <geppetto> Well "all" … as .az etc. do the nice thing
17:41:08 * geppetto nods … ok, I'll do that then
17:41:49 <racor> bye, I really need to leave ...
17:41:52 <geppetto> see ya
17:42:01 <geppetto> I think we are done anyway
17:42:17 <geppetto> I'll leave the meeting open until :45 and then close if nobody has anything
17:42:30 <tomspur> So fedocal would need a change if we move back to summer time again
17:43:03 <geppetto> Well I alter the wiki pages, and the time in the emails I send out … that's about it.
17:43:26 <geppetto> Is fedocal the calendar thing?
17:43:38 * tomspur asks pingou how to change it
17:43:42 * geppetto nods
17:43:50 <tomspur> geppetto, yes: https://apps.fedoraproject.org/calendar/packaging/
17:44:31 <geppetto> Yeh, that's the replacement for the wiki pages now, right?
17:45:47 <orionp> Is there a way to add someone else to a trac ticket?
17:46:14 <mbooth> FAS name in the CC field
17:46:22 <orionp> can't seem to edit it
17:46:34 <geppetto> Click modify ticket, and a bunch of stuff can be seen/altered
17:46:58 <orionp> yeah I'm there - I only have my name and a checkbox
17:47:34 <geppetto> Ahh, you may not have permissions … nirik ping?
17:48:40 <tibbs|w> I can add them.
17:48:48 <tibbs|w> I think any of us can.
17:49:00 <geppetto> yeh, looking now
17:49:21 <tibbs|w> Just gave orionp TRAC_ADMIN.
17:49:25 <nirik> yeah, any of you that are TRAC_ADMIN
17:49:27 <geppetto> lol, me too
17:50:00 <geppetto> just done mbooth
17:50:21 <geppetto> dito. tomspur
17:50:34 <mbooth> Ta
17:50:45 <geppetto> If those aren't your FAS names ping me
17:50:47 <orionp> hmm, no change test
17:50:51 <orionp> yet
17:50:57 <geppetto> it should be instant
17:51:02 <geppetto> if you reload the ticket
17:51:31 <geppetto> FAS=orionp, right?
17:51:38 <orionp> Nope - orion
17:51:45 <geppetto> that would explain it :)
17:52:02 <tomspur> seems to work for me
17:52:48 <geppetto> orionp: ok, try now
17:53:06 <orionp> got it , thanks
17:53:14 <geppetto> ok, cool
17:53:25 <geppetto> #endmeeting