16:00:23 <nirik> #startmeeting Server SIG Weekly Meeting (2015-01-13)
16:00:23 <zodbot> Meeting started Tue Jan 13 16:00:23 2015 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:23 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:24 <nirik> #chair sgallagh mizmo nirik stefw adamw simo tuanta mitr danofsatx
16:00:24 <nirik> #topic roll call
16:00:24 <zodbot> Current chairs: adamw danofsatx mitr mizmo nirik sgallagh simo stefw tuanta
16:01:12 <mitr> Hello
16:01:24 <adamw> a glorious herd of yaks charges through the western planes, their coats flowing in the breeze...if you look carefully you can just make out a forlorn, adamw-shaped figure chasing them with a disposable razor
16:01:36 <nirik> sgallagh indicated he would be a bit late and asked me to start the meeting
16:01:38 <adamw> also, plains.
16:01:41 <nirik> ha
16:01:50 <junland> Hello
16:02:10 <tuanta_> .hello tuanta
16:02:11 <zodbot> tuanta_: tuanta 'Truong Anh Tuan' <tuanta@iwayvietnam.com>
16:02:16 <simo> .hello simo
16:02:17 <zodbot> simo: simo 'Simo Sorce' <ssorce@redhat.com>
16:02:22 <junland> . hello junland
16:02:23 <zodbot> junland: junland 'John Unland' <opensourcejohn2112@gmail.com>
16:03:36 <nirik> #topic Agenda
16:03:43 <nirik> anyone have any items for agenda?
16:04:11 <adamw> just an apology for not getting the role description wiki page/whatever plan done yet, it's coming, i promise...
16:04:47 <danofsatx|w> I'm here, sorry I'm late
16:04:51 <danofsatx|w> .hello dmossor
16:04:51 <simo> nirik: there are some change proposals for F22 which maybe we'd want to discuss, in order to make a SIG recommendation ?
16:04:51 <zodbot> danofsatx|w: dmossor 'Dan Mossor' <danofsatx@gmail.com>
16:05:22 <nirik> ok.
16:05:24 <simo> nirik: one of them I do not like is the one to change sshd configuration to not allow root in w/ password
16:05:41 <nirik> #info Discuss pending F22 changes related to server
16:05:51 <nirik> any other topics?
16:06:34 <danofsatx|w> have a link to those proposals, simo?
16:06:43 <nirik> I'm really not sure where we are with the database role... we punted it to f22, but I've had no time to work on it.
16:06:55 <nirik> danofsatx|w: lets wait for that topic...
16:07:01 <simo> danofsatx|w: I only followed them on the fedora-devel@ listy
16:07:11 <danofsatx|w> that's what sgallagh said he wanted to poke at in his mail (the db thing)
16:07:28 <junland_2> Sorry lost connection
16:07:41 <nirik> yeah.
16:07:50 <nirik> ok, lets go on to the one about f22 changes then.
16:07:57 <danofsatx|w> oh, sorry nirik.....I'm a bit frazzled this morning
16:07:57 <nirik> #topic Discuss pending F22 changes related to server
16:08:32 <nirik> simo: https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no is the one you were concerned with right?
16:08:47 <simo> yes
16:09:07 <simo> it concerns me on usability grounds for the server image
16:09:11 <simo> but perhaps it is just me
16:09:19 <nirik> They did change it to without-password
16:09:25 <simo> so I wonder if we need to act wrt it or not
16:09:29 <nirik> but without any way to get keys at install time...
16:09:35 <simo> nirik: exactly
16:09:46 <simo> it means you *have* to have a console to log in the first time
16:09:59 <simo> how likely is that in cloud environments and the like ?
16:10:17 <mitr> At this point this seems like a very minimal security improvement with serious usability impact, and that usability impact has minimal attention.
16:10:19 <simo> I fear we are making sure people will *not* use fedora server in their virtualized environment or even bare metal
16:10:28 <mitr> simo: cloud-init is supposed to take care of that
16:10:28 <danofsatx|w> the cloud images are deployed with a key.
16:10:35 <simo> at my hosting provider I do not pay the extra fee for the luxury of hooking up a KVM
16:10:51 <simo> mitr: cloud-init for people that use it sure can do anything
16:11:06 <simo> but I am talking of fedora server installed from the DVD
16:11:09 <simo> just a plain install
16:11:17 <simo> you do it,. you set the password ... and you are locked out
16:11:20 <nirik> or a pxe/netinstall
16:11:27 <simo> how many users are going to jump through the hoops
16:11:32 <mitr> simo: I think this discussion needs to be split between the principle of the thing and between what we would get for F22.
16:11:35 <simo> netinstall is the same
16:11:45 <junland_2> Sorry  when was the bug found? Before the release or after?
16:11:50 <simo> mitr: the principle is: increase security, sure
16:12:01 <danofsatx|w> junland_2: it's not a bug, it's a change proposal
16:12:02 <simo> mitr: but we need to be practical too
16:12:06 <junland_2> Ah
16:12:16 <simo> first access is a usability/presentation issue too
16:12:24 <simo> for workstations it doesn't matter
16:12:31 <simo> people will just log in graphically
16:12:40 <mitr> That's not the principle I mean :)
16:12:41 <simo> but for server it is a whole different story
16:12:42 <mitr> As for the principle, any individual server can have a non-root user created at install time, and this would work fine. (What to do about IPA clients that loose domain access is the unresolved question)
16:12:46 <nirik> and workstation has no sshd listening. ;)
16:12:57 <simo> nirik: exactly
16:13:01 <mitr> But I am afraid that with the month left we would not get all the UI and defaults smoothed out.
16:13:03 <simo> so IMO this is a bad change
16:13:18 <simo> and I never create local users
16:13:24 <danofsatx|w> neither do i
16:13:25 <nirik> mitr: then you login as that user and join the domain? so you are left with some weird local admin user? ;(
16:13:41 <simo> nor does anyone that do not care for them because they do not have users just "application users" that gets created later
16:13:44 <mitr> nirik: Yeah, that's the ugly/proglematic part.
16:14:13 <simo> mitr: the ugly/problematic part IMO is trying to force a questionable configuration on people "for their own good"
16:14:13 <mitr> I would really like to end up with root having _no_ password (not even for local logins) so that accesses are associated with physical people (or automated applications)
16:14:18 <nirik> it would be easier to just have some way to set 'root login with password is acceptable' in ks or the anaconda ui (defaulting to no)
16:14:34 <danofsatx|w> I like that word, mitr - porglematic. I'm going to remember and use that one ;)
16:14:41 <danofsatx|w> proglematic, too
16:14:45 <junland_2> Haha
16:15:06 <simo> nirik: I think a server admin knows how to disable root if they so desire
16:15:30 <mitr> simo: Kickstarts and shell scripts are always a fallback for people with hard requirements or fixed opinions; we _should_, though, be making it easy to have a useful and safe configuration.
16:15:34 <sgallagh> /me arrives and reads scrollback
16:15:35 <simo> I think this change is actively harmful for the server experience
16:15:53 <simo> mitr: we should be make easy to *use* this stuff
16:16:01 <simo> *then* we can think of making it more secure
16:16:11 <simo> but if security gets in the way of usability we fail
16:16:18 <simo> and I strongly think this change is such a change
16:16:47 <junland_2> So if admins have an option todo that there needs to be a window in anaconda where you can load / write a script when your installing
16:16:49 <adamw> that smells like a false argument to me
16:16:55 <adamw> just about any form of security impedes some kind of 'usability'
16:17:06 <adamw> it's more usable if you don't have to waste time typing a password...
16:17:09 <mitr> simo: I do agree, we need to make whatever the new path is easy, and the migration painless.  I think we only differ in that i do not consider “log in using the root account“ a use case, only a tool for some other use case.
16:17:28 <simo> adamw: not that just more convenient (for some)
16:17:40 <simo> adamw: and you achieve that by setting a ssh key or using gssapi or similar
16:18:04 <simo> mitr: my use case is simple, I am a guy that installs from ISOs
16:18:07 <nirik> simo: at install? I guess in %post?
16:18:08 <simo> I dop not use kickstarts
16:18:23 <simo> so this change locks me out unless I have a way to do console logins
16:18:28 <adamw> simo: i'm gonna give you credit for being able to see the rhetorical point i'm making and not chase that red herring.
16:18:28 <simo> it is that simple
16:18:45 <sgallagh> nirik: I think simo's point is "default install, log in as root, join a domain"
16:19:15 <simo> sgallagh: "default install, log in as root to do any configuration"
16:19:26 <nirik> so I guess to point this more productive way: a) can we suggest a way to make this change acceptable or more acceptable for server ? b) do we want to recomment it be rejected by fesco?
16:19:37 <simo> even copying ssh keys is a royal pain if you can't scp ssh_key root@
16:19:47 <mitr> simo: No, there must be some  other essential parts of your use case that result in not having any local user accounts.  If anaconda didn't let you finish before creating a user account (and did not even prompt for a root password), would you finish the install, and use that account?  If not, why not?
16:19:56 <sgallagh> Sure, so an interesting question here is "Can we make Cockpit sufficiently useful that having root logins via SSH is no longer necessary by default?"
16:20:19 <simo> mitr: I would have to finish, log in as that account, enable root, kill the account then join to ipa
16:20:35 <simo> mitr: because I need no stinking local accounts when I use a domain server like FreeIPA and AD
16:20:46 <simo> and local accounts are just dangerous as they are not managed
16:20:48 <sgallagh> (And making "root-over-ssh" an option in Cockpit somewhere?)
16:20:58 <mitr> simo: Fair enough, IPA is a pain point, but then that is no longer the "simply install from a DVD" case :)
16:21:07 <simo> sgallagh: how do you log into cockpit ?
16:21:22 <simo> mitr: it is
16:21:23 <sgallagh> simo: root with password :)
16:21:29 <sgallagh> But it's a restricted set of actions
16:21:29 <simo> mitr: that's what I do for my machines
16:21:38 <simo> mitr: I simply install then as the first thing I join the domain
16:21:51 <simo> sgallagh: makes no difference :)
16:22:06 <sgallagh> simo: Sure it does.
16:22:10 <mitr> sgallagh: That only trivially changes the bruteforce target.  It is not entirely useless, like the change to prohibit root logins is not entirely useless, but it only makes a marginal difference in the protection.
16:22:11 <simo> the point is that yes, as a security person I can recommend people to disable root
16:22:12 <sgallagh> With SSH, you have no limits
16:22:19 <simo> but that is a far thing from making it a forced default
16:22:59 <simo> mitr: right so we get a highly annoying usability issue for a very marginal protection
16:23:19 <sgallagh> Well, regardless of the default setup, can we perhaps agree that enabling or disabling root SSH is worth making a setting in Cockpit?
16:23:19 <nirik> so, would it make sense for server to have a different config from everything else on this?
16:23:30 <mitr> simo: So, a hypothetical: anaconda that forces you to choose between domain membership and a root account, or not domain membership and a sudo-privileged local account.  Acceptable?
16:23:34 <simo> if we want protection from password guessing attacks I rather install by default a tool that blacklists/throttles attackers IP addresses instead
16:23:42 <simo> installed by default
16:24:03 <sgallagh> I thought we had that...
16:24:05 <simo> mitr: they tried to put domain joinnig in anaconda for 3 releases
16:24:08 <mitr> nirik: We already have a different config on ssh being enabled / deployed because they change the defaults :)  As for PermitRootLogin, I think that's a distraction.
16:24:11 <nirik> they all suck and are horrible, IMHO
16:24:14 <simo> mitr: it always fails to work for me for whatever reason
16:24:19 <sgallagh> simo: It's there in kickstart and works for me
16:24:41 <simo> sgallagh: in F21 ?
16:24:57 <sgallagh> simo: RE: domain-join in kickstart, yes
16:25:05 <sgallagh> I tested it as part of the F21 validation
16:25:11 <simo> last I tried it was admittedly F20, then I stopped bothering as it was failing horribly
16:25:11 <nirik> sgallagh: and in the ui? or only ks?
16:25:24 <sgallagh> nirik: only KS right now
16:25:25 <simo> ks is not sufficient
16:25:42 <sgallagh> I didn't say it was. But the capability is there, so adding the UI should be feasible
16:25:42 <simo> anyway
16:25:45 <mitr> sgallagh: On the Cockpit setting for PermitRootLogin, unsure.  Would like to make statistics of what accounts and with what frequency are being accessed, but intuitively I would say that it is not worth it.  Rather have anaconda/Cockpit make it easy to deploy and use ssh keys (can cockpit even work with pubkey auth?)
16:25:52 <simo> I will personally cope whatever people do
16:26:03 <simo> I just feel it is a bad move for the server product
16:26:11 <sgallagh> mitr: Cockpit doesn't currently work with pubkeys, only GSSAPI
16:26:30 <mitr> sgallagh: Right, sorry, I should have remembered.
16:26:32 <sgallagh> stefw indicated that it was in progress, but I'm unclear on whether it will be there for F22
16:27:27 <sgallagh> simo: BTW, you're right. We don't have a password-retry limit by default right now.
16:27:42 <mitr> simo: I agree just changing sshd.conf is a bad move; OTOH I do think we could improve upon our defaults—but that would be a bigger project and the lack of anaconda developers participating in the Change discussion is not encouraging.
16:27:46 <sgallagh> I think I remembered that we decided a while ago not to do that, because it makes it easy to DoS root
16:28:05 <simo> sgallagh: and IMO a rate limiting feature would do all we need and let people free to choose how to log in
16:28:13 <nirik> mitr: they dont read #fedora-devel... ;)
16:28:25 <simo> sgallagh: you just have to wait a while and it unlocks
16:28:35 <sgallagh> simo: Not if they just keep hammering...
16:28:36 <nirik> not if they keep trying
16:28:37 <simo> sgallagh: and if you have ssh keys it wouldn't apply
16:28:46 <simo> you can keep trying too
16:28:52 <simo> evetually you'll be lucky :)
16:28:59 <simo> but that is hardening
16:29:08 <simo> I mean everything can be abused
16:29:11 <sgallagh> I think there's more value to that discussion than the no-root-login one though
16:29:15 <simo> you lock root and force a user
16:29:21 <simo> they find the user and they lock that one instead
16:29:26 <simo> and you are still locked out
16:29:35 <simo> if that is a concern you install ssh keys
16:29:50 <danofsatx|w> sorry, impromptu budgeet meeting popped up in my office
16:30:03 <sgallagh> proposal: The Server SIG feels that disabling root logins by default would be a significant reduction in usability. [Possible addon: and we will be re-enabling it in a per-product config if this Change is approved by FESCo]
16:30:06 <nirik> All passwords suck. We need to get to a point where keys are default. ;)
16:30:25 <sgallagh> nirik: Or better: GSSAPI
16:30:26 <nirik> note it's not disabling by default... it's just forcing key
16:30:31 <junland_2> Dual passwords?
16:30:33 <simo> nirik: security sucks, the computer should just *know* who am I when I ask gently :)
16:30:36 <mitr> sgallagh: Yes; active brute forcing prevention is a great way to reduce password requirements without reducing security, and we should have it by default (and then it is just a SMOP to have it)
16:30:57 <danofsatx|w> the point I wanted to bring up (I don't know if someone already did) was what sgallagh said - this is how Ubuntu does it.
16:30:59 <mitr> nirik: _What_ the change being discussed is, is not entirely clear from the discussion.
16:31:01 <simo> nirik: which is the same as blocking, because there is no mechanism to inject a key
16:31:16 <sgallagh> danofsatx|w: What is how Ubuntu does what?
16:31:25 <danofsatx|w> lock root and force a password.
16:31:34 <danofsatx|w> force a user and password, that is...
16:31:51 <simo> danofsatx|w: yeah and it sucks, but it is ok for a desktop
16:32:09 <simo> a *single user* desktop I should say
16:32:11 <nirik> mitr: it's setting PermitRootLogin with-password in our /etc/ssh/sshd_config... which isn't exactly 'disabling'
16:32:17 <sgallagh> danofsatx|w: I agree with simo: reasonable for a desktop expecting a single (or small number of) users.
16:32:19 <nirik> simo: with ks you can add keys.
16:32:23 <danofsatx|w> It does suck, but this is how they do it with their server, too
16:32:42 <simo> nirik: with ks I can also change sshd configuration ...
16:32:45 <nirik> sure
16:32:48 <mitr> sgallagh: On the proposal, "disabling root logins by default without other UI and tool changes" or something like that would wfm.  I think it is doable (though, security-wise, fairly pointless) but requires someone to actually start writing code.
16:32:56 <nirik> so the case you care about is non ks dvd install...
16:33:15 <simo> nirik: yes
16:33:22 <sgallagh> mitr: If it's not adding security, it's completely pointless
16:33:25 <adamw> nirik: it's without-password , isn't it? not with-password .
16:33:44 <mitr> sgallagh: It is adding a few bits to the brute force space… a few bits that bots are already exploring.
16:33:53 <nirik> adamw: sorry, yes, you are correct
16:34:21 <simo> if it were for me I would block all users password auth but root
16:34:28 <sgallagh> A more reasonable approach would be to just enforce a better root password (not more complex, just longer)
16:34:38 <simo> because the weak passwords are usually on user accounts, not root
16:34:38 <adamw> the change description does seem to have considered the server deployment use case, and uses its magical powers to order new code:
16:34:39 <adamw> " Anaconda installer OR maybe OpenSSH package needs to create initial set of authentication keys for 'root' user. "
16:34:59 <nirik> right and thats the wrong way to do it anyhow...
16:35:02 <adamw> sgallagh: that's fine, so long as you don't mind me quitting. ;)
16:35:06 <sgallagh> And how would the private key get to the user...?
16:35:29 <adamw> sgallagh: all my test installs have the root password 111111 and if i have to type 'correcthorse' 10,000 times a goddamn release cycle i'm off to buy that yak farm.
16:35:32 <sgallagh> adamw: "I cannot stand long passwords" there you go
16:35:58 <adamw> sgallagh: yes, now type it a dozen times *every fking day*
16:36:05 <adamw> anyhow.
16:36:08 <nirik> I guess the dvd case is something we definitely want to work out... so yeah, without anaconda changes we should not support this change at this time.
16:36:12 <mitr> Proposal: The server SIG feels that disabling root logins provides very minimal security improvement, and is not worth any reduction in usability; accepting this change would make sense only if all relevant UIs/tools were adapted to fully support system usage after this change.  [Excluding the case that "changing anything is an unfixable reduction in usability"]
16:36:15 <danofsatx|w> I have a 12 character password that is in the muscle memory of my fingers. not too bad.
16:36:32 <junland_2> Hate long passwords but you but you got to do that in order to secure the network....
16:36:52 <adamw> mitr: s/"disabling root logins"/"the proposed change"
16:37:04 <mitr> adamw: sure
16:37:13 <junland_2> Isnt there a way to have a two-form factor password like google does?
16:37:29 <sgallagh> junland_2: You would have to have a 2FA server running somewhere
16:37:30 <mitr> junland_2: In principle, yes. AFAIK we are not making it easy (authconfig and the like)
16:37:53 <sgallagh> junland_2: FreeIPA can do this nowadays, but setting it up in Anaconda is still a UI effort
16:37:54 <nirik> I think getting rid of passwords is a good thing, but this is just one (too easy) part...
16:38:11 <sgallagh> Anyway, +1 to mitr's proposal
16:38:18 <nirik> simo: so you do remove dvd installs with no console access?
16:38:34 <mitr> (How do you even _do_ a "dvd" install with no console access? :) )
16:38:35 <adamw> yeah, having looked over the change page i don't think it's been stunningly well thought through and i'm fundamentally sceptical of any change which invokes lots of work on the part of people who don't seem to have been brought in on the plan, so +1 the proposal
16:38:46 <junland_2> I see.
16:38:55 <nirik> mitr: this is what I am wondering.
16:39:05 <mitr> nirik: In other words, having someone from Server SIG take on the greater task of improving user authentication all around would be a great thing very much in our scope.  (I'm not volunteering in the near future.)
16:39:12 <adamw> nirik: clearly, it involves robots.
16:39:36 <sgallagh> adamw: Or possibly psychokinetics
16:39:49 <simo> nirik: last time I did it I actually had console access, doh :)
16:39:52 <nirik> mitr: sure, but for example we would need anaconda work to deal with keys somehow (import from usb? pull from site?) or the like
16:39:52 <adamw> and anything that involves robots installing fedora is undeniably awesome.
16:40:07 <nirik> indeed.
16:40:39 <mitr> nirik: It seems to me this would would really end up focusing on Kerberos domains, just because ssh is so application-specific, but that's just a hunch.
16:40:41 <danofsatx|w> finally, a use for my daughter's Pi
16:41:27 <sgallagh> Keys are a usability no-go for installer
16:41:31 <junland_2> USB key as a actuall "key"  but that would require physical access to the server to insert the drive in...
16:41:47 <nirik> so really the impact is that people would have to adjust sshd_config in kickstart where they didn't before.
16:41:59 <sgallagh> If you have the installer generate them, you can't get the private key off securely. If you have to provide one in interactive install, you would have to type it correctly.
16:42:10 <nirik> junland_2: sure, but you can get a monkey to do that.
16:42:17 * junland_2 trying to think outside the box.
16:42:20 <nirik> sgallagh: or a https url or etc
16:42:44 <sgallagh> nirik: That assumes network access, which may not be granted at install time
16:42:52 <sgallagh> Hard to say
16:42:56 <nirik> sure, there's lots of variables.
16:43:07 <mitr> sgallagh: If you don't have network access you don't need network-incoming authentication?
16:43:09 <nirik> or it could just be in the ks
16:43:13 <sgallagh> Anyway, can we get votes on mitr's proposal?
16:43:24 <junland_2> Dont we have a security SIG?
16:43:25 <sgallagh> If we all agree that this Change is not helpful, we can stop talking about it :)
16:43:34 <simo> nirik: if you want ssh-key you just have to go the ks way
16:43:39 <sgallagh> mitr: I said "at install time"
16:43:39 <nirik> I'm +0. I'm not decided on if the use cases matter so much key
16:43:51 <simo> in some cases you may be able to copy&paste it into a UI, but often not
16:43:56 <mitr> sgallagh: Would love to hear more, sometime later.
16:43:58 <tuanta_> it is a long but productive discussion
16:44:10 <tuanta_> +1 from me to mitr's proposal
16:44:11 <sgallagh> mitr: Such as a machine that has to be set up and secured before the IT guys let it access the internet.
16:44:13 <simo> +1
16:44:28 <simo> sgallagh: I've done image installs before too
16:44:39 <simo> then hadned over the VM image to run in prod/dev/etc...
16:44:51 <sgallagh> /me nods
16:45:00 <junland_2> Unplug server from network = Best security ever.
16:46:29 * mitr adds +1 for the record, I think we are at +5 (with s/"disabling root logins"/"the proposed change"/)
16:46:39 <danofsatx|w> +1
16:46:42 <sgallagh> junland_2: Also needs to be encased in cement and sunk to the bottom of the Marianas Trench, for proper physical security
16:47:08 <tuanta_> :)
16:47:17 <danofsatx|w> or launched to the sun.
16:47:20 <nirik> and even then the evil manatees living in the trench will just strip off the cement and login to it. ;)
16:47:27 <junland_2> Ha. That was network security. Not physical.
16:48:17 <tuanta_> sorry, I have to go now. I will see the logs for the rest of the meeting
16:48:44 <junland_2> tuanta_: Later!
16:49:10 <sgallagh> OK, let's call this agreed (I count +6, 1, -0)
16:49:54 <adamw> nirik: also, richard branson. you can't trust that guy.
16:50:02 <nirik> indeed
16:50:39 <sgallagh> What else is on the agenda? I *do* have a brief update on the DB Role
16:50:49 <simo> adamw: as an English man I disagree! ... oh wait .. I am not English, nvm
16:51:03 <simo> adamw: and you forgot the Sir ! :)
16:51:11 <junland_2> Nope nothing from me.
16:51:11 <simo> sgallagh: DB role is next
16:51:25 <sgallagh> ok
16:51:50 <sgallagh> /me is leaving the zodbot stuff to nirik today...
16:52:04 <nirik> sorry, got distracted.
16:52:10 <nirik> #topic Database role for f22
16:52:10 <sgallagh> s'ok
16:52:19 <sgallagh> nirik: You missed the #agreed
16:52:34 <sgallagh> (I don't think I am chaired, since I was logged out when the meeting started)
16:52:35 * junland_2 starts thinking of the song Database by Man With A Mission
16:52:41 <nirik> #undo
16:52:41 <zodbot> Removing item from minutes: <MeetBot.items.Topic object at 0xcbee750>
16:52:44 <nirik> everyone is a critic
16:53:41 <nirik> #agreed  The server SIG feels that the ssh config proposal provides very minimal security improvement, and is not worth any reduction in usability; accepting this change would make sense only if all relevant UIs/tools were adapted to fully support system usage after this change.  [Excluding the case that "changing anything is an unfixable reduction in usability"] (+6, +1, 0)
16:53:45 <nirik> #topic Database role for f22
16:54:06 <sgallagh> OK, so I was working on this yesterday and this morning.
16:54:34 <sgallagh> Quick reference: https://lists.fedoraproject.org/pipermail/server/2014-December/001694.html
16:54:57 <sgallagh> The short version is that, unless I hear strong arguments against it, I'm going to move ahead with 1) there.
16:55:22 <sgallagh> The longer version is that 1) and 3) are the only truly viable options, and 3) doesn't work on anything except x86_64.
16:55:47 <simo> 1 worksforme
16:55:59 <mitr> sgallagh: I’m not sure that we need to be tracking individual databases as rolekit instances but that’s mostly because I don’t know all that much about databases.
16:56:02 <sgallagh> I was also hoping to hear whether anyone knows of any decent web-based postgres management tools other than the PHP one.
16:56:19 <nirik> 1 works for me as well.
16:56:44 <sgallagh> mitr: The primary advantage will be usability. It'll be easier to set up owner users for each database.
16:57:03 <mitr> sgallagh: Ah, that's a good idea.
16:57:05 <sgallagh> I mean "easier" in an end-user sense
16:57:06 <mitr> ack to 1.
16:57:18 <sgallagh> Rather than a technical/coding sense
16:58:06 <junland_2> pgAdmin? Havent used it I think its web based
16:58:20 <sgallagh> I thought it was local X
16:58:43 <sgallagh> Yeah: http://pgadmin.org/images/screenshots/pgadmin3_linux.png
16:59:30 <sgallagh> So if that's the preferred approach, we may just want to make sure it plays nicely on Workstation and work with them
17:00:04 <junland_2> JackDB?
17:00:30 <sgallagh> That's another DB entirely...
17:00:41 <junland_2> Nevermind its nonfoss
17:01:05 <sgallagh> OK, so anyway, I'm actively working on developing this Role
17:01:26 <sgallagh> I'll happily take volunteers to assist with code-review and testing when it's closer to ready (hopefully early next week)
17:02:00 <nirik> cool. thanks sgallagh
17:02:05 <junland_2> Prolly cant do any code review but I am a willing test monkey!
17:02:14 <nirik> #info help wanted to code-review and test database role soon.
17:02:20 <sgallagh> /me gets out the music box
17:02:37 <nirik> anything else on db roleing? :)
17:03:06 <sgallagh> Agreed that we won't provide a management interface in Fedora Server 22?
17:03:33 <sgallagh> (potential addendum being that we'll try to work with pgadmin3 on Workstation)
17:03:34 <simo> +1
17:03:37 <nirik> sure
17:03:44 <junland_2> Guess so unless we can find something.
17:04:14 <mitr> sgallagh: +1 let's not block on that at least
17:04:37 <danofsatx|w> +1
17:04:57 <junland_2> agreed
17:05:34 <nirik> #agreed will not block on a management interface. Will look at working with pgadmin3 on workstation (+6,0,0)
17:05:38 <nirik> anything else on db?
17:05:45 <sgallagh> I think I'm good here
17:06:05 <nirik> cool.
17:06:09 <nirik> #topic Open Floor
17:06:12 <nirik> anything for open floor?
17:06:22 <junland_2> nope
17:06:33 <sgallagh> Let's take the discussion of Changes to the list.
17:07:02 <nirik> sounds good.
17:07:05 <nirik> Thanks everyone.
17:07:08 <nirik> #endmeeting