16:30:10 <bgilbert> #startmeeting fedora_coreos_meeting
16:30:10 <zodbot> Meeting started Wed Jun  5 16:30:10 2019 UTC.
16:30:10 <zodbot> This meeting is logged and archived in a public location.
16:30:10 <zodbot> The chair is bgilbert. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:30:10 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:30:10 <zodbot> The meeting name has been set to 'fedora_coreos_meeting'
16:30:17 <bgilbert> #topic roll call
16:30:18 <bgilbert> .hello2
16:30:21 <slowrie> .hello2
16:30:23 <zodbot> bgilbert: bgilbert 'Benjamin Gilbert' <bgilbert@backtick.net>
16:30:25 <zodbot> slowrie: slowrie 'Stephen Lowrie' <slowrie@redhat.com>
16:30:26 <red_beard> .hello redbeard
16:30:26 <ajeddeloh> .hello2
16:30:28 <zodbot> red_beard: redbeard 'Brian 'redbeard' Harrington' <bharring@redhat.com>
16:30:31 <zodbot> ajeddeloh: ajeddeloh 'Andrew Jeddeloh' <andrew.jeddeloh@redhat.com>
16:30:42 <jlebon> .hello2
16:30:43 <zodbot> jlebon: jlebon 'None' <jonathan@jlebon.com>
16:30:46 <yzhang> .hello2
16:30:47 <zodbot> yzhang: yzhang 'Yu Qi Zhang' <jzehrarnyg@gmail.com>
16:30:52 <mnguyen_> .hello mnguyen
16:30:53 <zodbot> mnguyen_: mnguyen 'Michael Nguyen' <mnguyen@redhat.com>
16:31:05 <geoff-> geoff-: Geoff Levand <geoff@infradead.org>
16:31:42 <dustymabe> .hello2
16:31:43 <zodbot> dustymabe: dustymabe 'Dusty Mabe' <dusty@dustymabe.com>
16:32:23 <kaeso[m]> .hello lucab
16:32:24 <zodbot> kaeso[m]: lucab 'Luca Bruno' <lucab@redhat.com>
16:33:16 <bgilbert> #chair slowrie red_beard ajeddeloh jlebon yzhang mnguyen_ geoff- dustymabe kaeso[m]
16:33:16 <zodbot> Current chairs: ajeddeloh bgilbert dustymabe geoff- jlebon kaeso[m] mnguyen_ red_beard slowrie yzhang
16:34:08 <bgilbert> #info Reminder that we're switching the meeting format back to only meeting tickets + open floor
16:34:11 <bgilbert> #link https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/thread/4YZSH5NFDPRIXAAL45RRMI56ZVNM4IVP/
16:34:26 <bgilbert> #topic Action items from last meeting
16:34:32 <bgilbert> None!
16:34:52 <bgilbert> #topic Signing for release artifacts
16:34:55 <bgilbert> #link https://github.com/coreos/fedora-coreos-tracker/issues/187
16:35:26 <dustymabe> #info will be discussing this with infra tomorrow during their weekly meeting
16:35:37 <dustymabe> #link https://github.com/coreos/fedora-coreos-tracker/issues/187#issuecomment-499160212
16:36:13 <bgilbert> dustymabe, did you want to discuss the details further here?
16:36:29 <dustymabe> bgilbert: i'm happy to, yep
16:36:48 <dustymabe> just wanted to throw that out there so that people who are interested can come to that discussion with infra team
16:37:13 <dustymabe> summary:
16:37:37 <dustymabe> we have a few options for signing FCOS artifacts detailed in https://github.com/coreos/fedora-coreos-tracker/issues/187#issuecomment-497090284
16:37:57 <dustymabe> there has been some discussion in the ticket on preferences
16:38:02 <rfairley> .hello2
16:38:03 <zodbot> rfairley: rfairley 'None' <rfairley@redhat.com>
16:38:16 <dustymabe> some votes for option `4.` and some for option `1.`
16:38:37 * red_beard goes to re-read the ticket
16:38:52 <dustymabe> we're going to discuss with infra tomorrow to see if there are limitations that will cause us to not be able to do option `1.`
16:38:52 <red_beard> i'm curious how much that splits along the lines of experience with #4
16:38:55 <bgilbert> #chair rfairley
16:38:55 <zodbot> Current chairs: ajeddeloh bgilbert dustymabe geoff- jlebon kaeso[m] mnguyen_ red_beard rfairley slowrie yzhang
16:39:44 * dustymabe waits for people to read ticket and bring forth any discussion
16:40:48 <bgilbert> red_beard: I'm interested in your opinion on those options
16:41:33 <ajeddeloh> I still prefer 1, but if we can't do that I think I prefer 2 to 4, since it doesn't need --ignore-missing
16:41:40 <red_beard> well, let's be clear about my bias.  I had done multiple evaluations of sigil and said "nope" which is why i invested multiple years of political capital into building fero.
16:42:08 <red_beard> personally, my opinion is as follows
16:42:17 <red_beard> if a user is having a hard time, it's a bug.
16:42:35 <red_beard> so i'd rather bear the brunt of the pain, and feel the motivation to fix it
16:42:40 <red_beard> rather than just kicking the can down the road
16:43:12 <red_beard> </rant>
16:43:29 <kaeso[m]> for reference, the "size issue" from the ticket with fero is just due to the grpc implemenation (and grpc max message size)
16:43:42 <bgilbert> red_beard: +1
16:43:46 <jlebon> red_beard: is that an endorsement for 1. then? given that it's the easiest for users
16:43:46 <red_beard> which, to that point, also exists with sigil.
16:44:28 <red_beard> and the point of the optimization with fero was to minimize the _duplicated_ transmitting of content
16:44:46 <red_beard> so that you could even participate in the signing quorum from a low bandwidth place
16:45:14 <bgilbert> ...after downloading the artifact to devsign it :-)
16:45:34 <red_beard> sure, but at least you don't have to re-upload it
16:45:37 <bgilbert> right
16:46:03 <red_beard> also, actually participating in proper M/N signing
16:47:38 <bgilbert> for context here, and red_beard and I have discussed this offline, I don't think there's much point in signing FCOS releases with fero
16:48:06 <bgilbert> since we're constructing FCOS from koji-built packages not signed with M/N
16:48:09 <red_beard> correct, it's more about prior art on a specific ideology
16:48:38 <bgilbert> sure
16:48:49 <bgilbert> making this more concrete, I'll second jlebon's question
16:49:06 <bgilbert> what user-facing signature model do you think makes the most sense?
16:49:23 <red_beard> sorry, i missed jlebon.  yes, consider me a +1 for option 1 (sign the artifact itself and deliver detached signature)
16:49:46 <bgilbert> red_beard: +1
16:51:09 <bgilbert> other thoughts from folks?  geoff- maybe?
16:51:44 <jlebon> are there any concerns around performance for users? how much more expensive is verification vs e.g. sha256sum?
16:52:13 <bgilbert> the thing being RSA-signed is also a hash
16:52:19 <bgilbert> so it comes down to libgcrypt's implementation of hash functions
16:52:25 <ajeddeloh> I think it'd be dwarfed by DL time unless it's truly abysmal
16:52:26 <bgilbert> I haven't looked in a decade, but they used to be very slow
16:52:28 <red_beard> bgilbert +1
16:52:35 <bgilbert> but also what ajeddeloh said
16:52:47 <bgilbert> something like coreos-installer should be doing streaming verification
16:52:51 <jlebon> +1
16:53:08 <geoff-> maybe #1
16:54:26 <dustymabe> dumb question.. does the public key need to be present to verify?
16:54:33 <bgilbert> yes
16:54:40 <dustymabe> i.e. would `gpg --verify` need net access?
16:54:48 <bgilbert> it'd need the pubkey
16:54:54 <bgilbert> but that's true anyway
16:55:06 <bgilbert> if you want to do a content verification without checking the sig
16:55:18 <bgilbert> then the hashes will be available in the stream metadata
16:55:21 <dustymabe> yeah I could think of a disconnected env
16:55:22 <bgilbert> or presumably on the website
16:55:35 <dustymabe> ahh you mean sha256sum hashes /
16:55:37 <dustymabe> ?
16:55:38 <bgilbert> yeah
16:55:40 <dustymabe> +1
16:55:52 <dustymabe> that should be good then
16:58:19 <bgilbert> I had the thought that the website could even present a CHECKSUMS file for download
16:58:28 <bgilbert> which is synthesized client-side from the stream metadata
16:58:33 <bgilbert> "download"
16:58:59 <bgilbert> not sure if that's the right affordance from a security perspective
16:59:00 <dustymabe> and the user is good with that because SSL ?
16:59:17 <bgilbert> yeah, and the stream metadata could be centralized but artifacts could come from the mirror network
16:59:21 <bgilbert> it's not as good as a full verification
16:59:25 <bgilbert> but some folks won't do that anyway
16:59:36 <bgilbert> "full verification" meaning signature check
17:00:08 <bgilbert> not arguing for it especially
17:00:40 <kaeso[m]> (sorry I need to drop offline a bit)
17:01:10 <bgilbert> any other discussion on artifact signing?
17:02:17 <bgilbert> #topic Open Floor
17:05:07 <jlebon> countdown?
17:05:18 <bgilbert> 60 seconds
17:05:30 * jlebon starts making sandwich
17:05:41 * ajeddeloh listens to "The Final Countdown"
17:06:04 * bgilbert closes fueling valves on the rkt
17:06:20 * red_beard drops a mic
17:06:22 <bgilbert> #endmeeting