workstation
MINUTES
13:06:07 <mcatanzaro> #startmeeting Fedora Workstation WG
13:06:07 <zodbot> Meeting started Mon Aug  5 13:06:07 2019 UTC.
13:06:07 <zodbot> This meeting is logged and archived in a public location.
13:06:07 <zodbot> The chair is mcatanzaro. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:06:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
13:06:07 <zodbot> The meeting name has been set to 'fedora_workstation_wg'
13:06:11 <mcatanzaro> #meetingname workstation
13:06:11 <zodbot> The meeting name has been set to 'workstation'
13:06:15 <mcatanzaro> #topic Roll call
13:06:20 <mcatanzaro> .hello catanzaro
13:06:21 <zodbot> mcatanzaro: catanzaro 'Michael Catanzaro' <mcatanzaro@gnome.org>
13:06:45 <cmurf> .hello chrismurphy
13:06:46 <zodbot> cmurf: chrismurphy 'Chris Murphy' <bugzilla@colorremedies.com>
13:07:06 <mcatanzaro> #chair cmurf petersen
13:07:06 <zodbot> Current chairs: cmurf mcatanzaro petersen
13:07:54 <petersen> hmm maybe pre-Flock meeting ambitious
13:07:56 <cschalle> hi
13:08:02 <petersen> .hello2
13:08:03 <zodbot> petersen: petersen 'Jens Petersen' <petersen@redhat.com>
13:08:11 <mcatanzaro> #chair cschalle otaylor
13:08:11 <zodbot> Current chairs: cmurf cschalle mcatanzaro otaylor petersen
13:08:14 <mcatanzaro> #chair langdon
13:08:14 <zodbot> Current chairs: cmurf cschalle langdon mcatanzaro otaylor petersen
13:08:19 <cschalle> yeah, I am in the middle of getting my stuff together before being picked up for the airport after lunch
13:08:21 <aday> sorry i'm late, my system choked on an update
13:08:58 <mcatanzaro> cschalle: Want me to keep running the meeting then, if you're busy?
13:09:13 <cschalle> mcatanzaro, if you can that be great
13:09:35 * otaylor is here now
13:09:39 <otaylor> .hello2
13:09:40 <zodbot> otaylor: otaylor 'Owen Taylor' <otaylor@redhat.com>
13:09:51 <mcatanzaro> Yay, otaylor makes quorum
13:10:17 <mcatanzaro> #topic Fill open WG slot
13:10:32 <mcatanzaro> So we had two proposals at the last meeting
13:11:05 <mcatanzaro> The proposal we first approved was to invite a bunch of people to this meeting and consider who shows up
13:11:11 <mcatanzaro> I accepted an action item to send the invites
13:11:43 <langdon> .hello2
13:11:44 <zodbot> langdon: langdon 'Langdon White' <langdon@redhat.com>
13:11:57 <langdon> sorry i am late... i thought we had canceled this meeting
13:12:05 <mcatanzaro> Not cancelled :)
13:12:19 <mcatanzaro> Then at towards end of the meeting I thought it would be rather unnecessary; it would make a sort of contest out of WG membership, which didn't seem desirable. And we had two strong candidates at the meeting already, aday and Son_Goku (Neal Gompa)
13:12:41 <langdon> like cschalle, ill be a bit distracted getting ready for *my* flight this afternoon
13:12:44 <mcatanzaro> So I offered another proposal to just accept those two instead, but we were out of time to discuss it.
13:14:18 <cmurf> I'm ready to +1 the proposal to accept both aday and ngompa
13:14:31 <langdon> me too
13:15:08 <mcatanzaro> cschalle, petersen, otaylor: Your opinions/votes? This would bring WG membership from 8 up to 10. (We've historically been 9.)
13:15:37 <mcatanzaro> cmurf: Wouldn't be a bad idea to try summoning Son_Goku, since he knew we would be meeting today ;)
13:15:53 <cschalle> +1 from me to, I am good with adding both
13:15:54 <cmurf> I sent an email just a couple minutes ago.
13:16:25 <petersen> mcatanzaro: +1
13:16:36 * cmurf isn't sure about the DiscordBridge
13:16:45 <petersen> Other people are always welcome to join the meetings if they are interested of course
13:16:53 <mcatanzaro> Of course.
13:17:07 <mcatanzaro> cmurf: That DiscordBridge didn't work last week, all his comments from Discord arrived after the end of the meeting.
13:17:38 <mcatanzaro> otaylor: A vote from you would be lovely.
13:17:51 <langdon> i just pinged son_goku in another channel
13:17:57 <mcatanzaro> Thanks!
13:18:00 <mcatanzaro> #proposal Add Allan Day and Neal Gompa to WG membership
13:18:08 <otaylor> In reference to Son_Goku - I think he's generally a very knowledgeable and productive member of the Fedora community, but I want to put it out there, that I  consider snaps in Fedora to be a distraction to what we are trying to achieve and do not want to see that made appear fuzzy
13:18:48 <cmurf> +1 to the proposal
13:19:02 <aday> thanks for having me! i hope that i can be useful
13:19:18 <petersen> +1
13:19:29 <otaylor> So I guess I'm +1, but with the note that my vote for Son_Goku should be not seen as any sort of endorsement Snap support on the Workstation
13:19:31 <King_InuYasha> .hello ngompa
13:19:32 <zodbot> King_InuYasha: ngompa 'Neal Gompa' <ngompa13@gmail.com>
13:19:41 <mcatanzaro> I agree and I assume he'll not try to change the direction of the WG regarding application containerization and flatpak.
13:19:49 * King_InuYasha shrugs
13:19:54 <petersen> King_InuYasha: lol
13:20:09 <mcatanzaro> Heh :)
13:20:12 <mcatanzaro> #chair aday King_InuYasha
13:20:12 <zodbot> Current chairs: King_InuYasha aday cmurf cschalle langdon mcatanzaro otaylor petersen
13:20:24 <mcatanzaro> King_InuYasha: Does your IRC nick change from week to week? ;)
13:20:32 <King_InuYasha> nah, it changes based on what machine I'm using
13:20:43 <cmurf> haha
13:20:46 <King_InuYasha> I'm at home today preparing for heading to Flock, so I can use my home desktop
13:21:03 <King_InuYasha> I fly out tomorrow evening US/EDT, so..
13:21:55 <mcatanzaro> Ah multiple people sending multiple +1s during a vote is confusing. :P I think we're still missing langdon
13:22:21 <mcatanzaro> Oh he said "me too"
13:22:31 <mcatanzaro> That counts I think :)
13:22:34 <mcatanzaro> #agreed Add Allan Day and Neal Gompa to WG membership (+6, 0, -0)
13:22:38 <King_InuYasha> :D
13:22:42 <mcatanzaro> #action mcatanzaro to update WG membership page
13:23:05 <langdon> mcatanzaro: ha.. i was waiting to "+1" for a "vote".. just indicating I was ready to vote :)
13:23:11 <langdon> so.. for the record "+1"
13:23:19 <mcatanzaro> #topic New quorum size
13:23:37 <aday> ah good. that was going to be my next question :)
13:23:38 <mcatanzaro> So is our quorum still 5 or will we require 6 now? Any preferences?
13:24:37 <cmurf> I think it needs to be 6, practically speaking
13:24:52 <cmurf> but also I think proxy votes should be possible
13:25:26 <otaylor> I think it needs to be 6 ...  votes on tickets can be counted ,of course, not sure about proxy votes :-)
13:25:52 <petersen> So better to increase to 11 hehe
13:25:54 <cmurf> I'd consider a vote in ticket to be a kind of proxy.
13:26:05 <mcatanzaro> We have 8/10 members here atm which is quite good for us historically. In the past, we've had a lot of trouble meeting quorum. So please just try to attend whenever possible so we can hit 6!
13:26:25 <petersen> Yes
13:26:44 <King_InuYasha> note that 9am US/ET is early for me, so if someone just pings me, I can make sure to get in
13:27:00 <cmurf> I mean we'd want more than 3-4 votes in favor of something no matter what.
13:27:09 <petersen> sure
13:27:16 <King_InuYasha> that's of course, in case I forget to actually be here already ;)
13:27:16 <mcatanzaro> aday, King_InuYasha: If you have user pages on the Fedora wiki, please let me know so I can link to it from https://fedoraproject.org/wiki/Workstation
13:27:34 <King_InuYasha> mcatanzaro: https://fedoraproject.org/wiki/User:Ngompa
13:27:55 <aday> mcatanzaro: i'll add one
13:27:56 <King_InuYasha> it's not as fancy as some of the other folks...
13:27:57 <mcatanzaro> FWIW I set my alarm on Mondays since otherwise I too would often miss
13:28:06 <King_InuYasha> mcatanzaro: that's a good idea
13:28:50 <mcatanzaro> OK, going down the issue list
13:29:05 <mcatanzaro> #agreed Quorum size is increased to 6
13:29:08 <mcatanzaro> #topic Better interactivity in low-memory situations
13:29:12 <mcatanzaro> cmurf: Your show
13:29:46 <cmurf> Updates are in the ticket for now. There's not much new to report on this.
13:30:22 <cmurf> The systemd upstream rust based swap on zram generator is broken, so I need to go on a recruitment drive perhaps.
13:30:36 <cmurf> Find someone who wants to dabble in rust and systemd generators.
13:30:46 <petersen> oh
13:30:50 <petersen> so it is not going to make F31?
13:31:32 <King_InuYasha> rust is not fun :(
13:31:41 <cmurf> petersen: unlikely
13:32:14 <petersen> King_InuYasha: depends on your definition of fun :)
13:32:18 <cmurf> But in the ticket we discussed pushing this to Fedora 32 anyway, because it touches enough things that we probably should go through the change process.
13:32:26 <petersen> okay
13:32:30 <cmurf> And we're past changes for Fedora 31.
13:32:40 <King_InuYasha> petersen: beating my head into the ground with a language that has not good ergonomics sucks
13:32:40 <mcatanzaro> cmurf: Remove meeting tag for now?
13:33:06 <cmurf> mcatanzaro: yes please
13:33:28 <mcatanzaro> cmurf: OK to move on to next topic?
13:33:31 <cmurf> yes
13:34:04 <aday> cmurf: i assume some coordination between relevant parties would need to happen if/when you've found someone to work on it?
13:34:27 <cmurf> aday: correct, including a discussion on how to handle upgrades
13:34:51 <cmurf> lotsa little ducks to put in a row
13:35:02 <aday> zeenix likes rust :)
13:35:14 <aday> hey, so does aruiz
13:35:51 <mcatanzaro> Worst case, rewriting in C seems plausible if there's not enough interest from Rust devs?
13:35:53 <cmurf> I'll inquire
13:36:01 <mcatanzaro> Anyway
13:36:16 <mcatanzaro> #topic Automatically install the OpenH264 codecs
13:36:17 <cmurf> mcatanzaro: systemd devs weren't in favor of using C for any generators going forward is my (possibly flawed) understanding
13:36:59 <mcatanzaro> cschalle are you still around to give an update on this? Last update we have from kalev (missing today) is that the package is blocked on Fedora releng
13:38:54 <mcatanzaro> I think cschalle is probably running to his plane :)
13:39:05 <mcatanzaro> Last topic for today:
13:39:11 <mcatanzaro> #topic LUKS by default
13:40:14 <mcatanzaro> So our last action item here was for otaylor to form a WG subgroup to look into this issue and report back to the main WG... last December. I understand that hasn't quite happened. :)
13:40:40 <cmurf> I'll join that subgroup, I'm familiar with most of the issues.
13:40:48 <otaylor> there's no subgroup :-)
13:40:58 <cmurf> there's two :-D
13:42:27 <cmurf> I think two is sufficient to report back to the WG with a recommendation
13:42:42 <King_InuYasha> does LUKS by default mean Fedora does FDE by default?
13:42:46 <mcatanzaro> That's the goal
13:42:47 <King_InuYasha> err Workstation
13:42:52 <cmurf> King_InuYasha: multiple possibilities
13:43:14 <cmurf> could mean FDE, could mean /home only, could mean per user ext4 based file system encryption using the VFS interface
13:43:16 <cmurf> blah blah blah
13:43:43 <aday> i agree with aruiz that the goal is "better protect user data" rather than a specific technological solution
13:43:52 <cmurf> yep
13:43:59 <aday> my understanding was that the subgroup was going to evaluate the options and report back
13:44:05 <mcatanzaro> Well that goal is only plausibly going to be met by LUKS, of course
13:44:14 <otaylor> cmurf: genrerally, talk to aruiz about what he thinks the path forward should be - I'm a bit skeptical but since he leads the team that does our early boot, need to coordinate with him :-)
13:44:42 <aday> otaylor: which part are you skeptical about?
13:44:44 <aruiz> I am not necessarily claiming to know what the final solution should be
13:44:45 <cmurf> There was back and forth about this, pjones for sure, maybe aruiz, on one of the lists.
13:44:46 <otaylor> I do think that the subgroup purpose was intended to be "figure out how to protect data by default"
13:45:00 <cmurf> Their work was predicated on LUKS2 which itself requires TPM 2.0
13:45:16 <aruiz> I am mostly against the password by default because I've seen how much damage that setup makes to users in real life deployments
13:45:30 <aruiz> and also how people actually disable it because of how inconvenient it is
13:45:43 <cmurf> Agreed
13:45:51 <otaylor> aday: I am skeptical about making all home directories loopback mounts - a developer basically needs a large home directory which is the most performance sensitive thing, and a thin OS around it
13:45:53 <aday> having a list of these common issues would be a good thing to have
13:46:01 <aruiz> things like keyboard layout mismatches between vconsole.conf and the graphical session, having to remember two passwords, handling a recovery....
13:46:04 <aday> if we could have a design page or document...
13:46:36 <cmurf> Fortunately this conversation is being recorded... ;-)
13:46:36 <aday> otaylor, ah i see. thanks
13:46:39 <aruiz> my take is that we should encrypt just /home/user for now using ext4 and then explore more generic options
13:47:10 <King_InuYasha> I have personal experience with how bad loopback mounts everywhere are
13:47:18 <cmurf> aruiz: that does come with several advantages, easy to undo, easy to ugprade in place, easy to do for installations
13:47:28 <King_InuYasha> after developing many systems that abused loops, I don't really think they're a good system for anything
13:47:40 <aruiz> King_InuYasha, I am not necessarily saying with loopback mounts, I mean online ext4 encryption
13:47:41 <cmurf> King_InuYasha: great for testing!
13:47:47 <mcatanzaro> My original expectation when the WG originally approved LUKS by default was that we'd just flip the default value of the checkbox in anaconda and move on. I wasn't expecting it to be controversial. But the objection from aruiz is input methods are not available in plymouth for typing likely passwords in non-Latin locales. I don't see how doing LUKS without any password at all would be beneficial, and we already have it hooked up to skip gdm
13:47:50 <mcatanzaro> so two passwords shouldn't be an issue, can just use the same password for both. But there are many warts here, many stars have to align for this to work as we desire (e.g. user enters exactly the same password in both anaconda and gnome-initial-setup and then never changes keyboard layout later...) so I certainly agree there are many warts here....
13:47:54 <mcatanzaro> Oops, that was long
13:48:05 <otaylor> aday: I'm also skeptical about the LUKS2 / TPM 2.0 stuff - busted motherboard should not cause data loss, IMO
13:48:22 <mcatanzaro> Also aruiz joined halfway through my writing that essay :D
13:48:25 <King_InuYasha> oh yay, busted motherboards, I didn't even think of that
13:48:30 <aruiz> otaylor, I have my issues with that too
13:48:32 <King_InuYasha> that would be horrifying
13:48:46 <otaylor> aday: So i don't think you can encrypt passwordless without having a recovery password and some mechanism where the user actually will have the recovery password when they need it
13:48:59 <aruiz> otaylor, that was more of a compromise if we really wanted to encrypt the whole of "/"
13:49:19 <aday> i'm not sure we're going to solve this here with 10 minutes to go :)
13:49:41 <mcatanzaro> aday: We're not, but there's nothing else on the agenda ;)
13:49:50 <cmurf> but we have the subgroup!
13:50:09 <aday> cmurf: can you provide details of that?
13:50:10 <cmurf> otaylor: cmurf: aruiz: aday:
13:50:34 <langdon> i would like to clarify that I am confused about the meeting schedule.. i thought we were off today .. so if we want to touch on that topic briefly before the end...
13:51:19 <cmurf> langdon: the change was voted on end of last minute and the calendar updated; to bypass conflicts with Flock and something else I can't remember.
13:51:26 <cmurf> So we're off next week.
13:51:40 <mcatanzaro> langdon: Last week we agreed to shift the usual meeting schedule forward by one week. So yes, off next week, next meeting Aug 19
13:51:43 <langdon> hmm .. ok.. weird.. i usually update my calendar and seem to have the the opposite
13:52:04 <langdon> alright.. ill just chalk it up to i am bad at calendars
13:52:19 <petersen> cmurf: guadec
13:52:27 <mcatanzaro> https://apps.fedoraproject.org/calendar/workstation/ is updated
13:52:29 <cmurf> I don't think the Fedora calendar automatically updates e.g. Google calendar, at least mine didn't
13:52:37 <aday> perhaps we should focus on the process for figuring this out? do we need to set up a call between the interested parties?
13:52:43 <cmurf> i'm not sure that it's a URL based calendar rather than having to manually import the .ics
13:52:46 <petersen> Mine did
13:53:19 <langdon> yeah.. i have never had the ics update gcal.. but maybe it got better?
13:53:42 <mcatanzaro> "perhaps we should focus on the process for figuring this out?" indeed, having a subgroup still sounds like a good idea to me.
13:54:09 <cmurf> aday: +1
13:54:21 <mcatanzaro> Volunteers to join cmurf? (aday? aruiz? otaylor?)
13:54:35 <aday> i'd be interested from a ux perspective
13:54:41 <aruiz> I am up to cotribute as well as involving other people, namely gicmo and hansdg
13:54:57 <cmurf> I'll do a summary/organize the issues and points and concerns in this meeting, post to desktop@
13:54:58 <mcatanzaro> I don't think we need to decide in the next 5m how you'll meet, we can just agree that you will coordinate among yourselves to schedule some meetings somehow and discuss
13:55:00 <petersen> My main interest is the keyboard layouts issue
13:55:05 <aday> aruiz: sounds great
13:55:08 <otaylor> cmurf:  I can join, but not lead, but the caveat on that is that I'm out from mid-august to mid-september, and I'd suggest just proceeding without me while I'm gone
13:55:11 <cmurf> refine that, then setup a live voice meeting
13:55:13 <aruiz> gicmo, I was not aware of my summoning powers
13:55:13 <mcatanzaro> Keyboard layouts seem like the biggest problem
13:55:21 <petersen> Been meaning to discuss that with aruiz for some time
13:55:34 <gicmo> aruiz: heh ;)
13:55:39 <aday> mcatanzaro: it'd be good to have someone take the lead, at least in organising the call
13:55:47 <cmurf> mcatanzaro: make a proposal that the subgroup has been formed and will report to the WG regularly
13:56:09 <mcatanzaro> cmurf: You have the power, use #agreed :)
13:56:13 <mcatanzaro> cmurf to lead subgroup...
13:57:04 <cmurf> #agreed cmurf to lead subgroup to explore ways of better safeguarding user data by default
13:57:24 <cmurf> ack nack patch?
13:57:31 <aruiz> petersen, o/
13:57:32 <langdon> +1
13:57:35 <mcatanzaro> +1
13:57:39 <aday> +1
13:57:49 <petersen> +1
13:57:56 <petersen> though it says agreed hehe
13:58:14 <cmurf> we'll take that as a combined proposal and agreed I guess :D
13:58:22 <petersen> yes
13:58:23 <mcatanzaro> cmurf: I'd be interested in attending at least the first meeting as well
13:58:57 <cmurf> sort out the details on desktop@ and fedora-workstation?
13:59:16 <petersen> Sounds good
13:59:48 <cmurf> I can also update the ticket
14:00:05 <mcatanzaro> This is a tricky problem of balancing security and usability and it's important that we get the balance to the best point we practically can. That might have to mean some difficult compromises....
14:00:22 <mcatanzaro> Anyway, that's time
14:00:30 <mcatanzaro> Next meeting: Aug 19
14:00:37 <mcatanzaro> Thanks cmurf for leading!
14:00:39 <mcatanzaro> #endmeeting