16:04:26 <abadger1999> #startmeeting Fedora Packaging Committee
16:04:26 <zodbot> Meeting started Wed Feb  3 16:04:26 2010 UTC.  The chair is abadger1999. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:04:28 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:04:46 <abadger1999> #meetingtopic Fedora Packaging Committee
16:04:50 <abadger1999> Who's here?
16:04:55 * rdieter here
16:05:24 <abadger1999> Sees racor, rdieter, tibbs
16:05:36 * SmootherFrOgZ is
16:06:55 <abadger1999> racor: Are you really here?
16:07:28 <hansg> Hi all
16:07:34 <abadger1999> Hi hans!
16:07:42 <abadger1999> Well, that's quorum then.
16:07:47 <abadger1999> Let's get started.
16:08:09 <hansg> (until my wife and kids come home)
16:08:15 <SmootherFrOgZ> hey hansg
16:08:26 <abadger1999> Guidelines on our plate are here: http://fedoraproject.org/wiki/PackagingDrafts
16:08:41 <abadger1999> #topic 	SRPM_Buildtime_macros
16:08:42 <abadger1999> SRPM_Buildtime_macros
16:08:51 <abadger1999> http://fedoraproject.org/wiki/SRPM_Buildtime_macros
16:09:08 <hansg> +1
16:09:12 <SmootherFrOgZ> +1
16:09:50 <tibbs> +1, although I wonder if it's more than just summary and description that need this attention.
16:10:02 <abadger1999> This came up because someone was using macros defined in a different package in their %description.
16:10:05 <abadger1999> +1
16:11:20 <abadger1999> tibbs: When it was brought up people decided that everything else would be expanded when the binary packages were bult.
16:11:31 <abadger1999> Only the Summary and description mattered for SRPM build time.
16:11:41 <abadger1999> rdieter: ?
16:12:01 <rdieter> (sorry, distracted @ work), +1
16:12:23 <abadger1999> np
16:12:36 <abadger1999> #agreed SRPM_Buildtime_macros passes
16:12:49 <abadger1999> #topic Emphasize correct SF.net SourceURL
16:12:56 <abadger1999> http://fedoraproject.org/wiki/PackagingDrafts/SourceURL_sourceforge_downloads_admonition
16:12:58 <tibbs> Ralf just send email that he can't talk here.
16:13:19 <abadger1999> Might not be registered.
16:14:08 <abadger1999> and spot's not here so I don't know who the ops are.
16:14:44 * abadger1999 asked in #fedora-devel if any ops are around.
16:14:54 <skvidal> lemme see
16:15:51 <abadger1999> If you can voice racor for the FPC meeting that would be wonderful.
16:15:58 <skvidal> one sec
16:16:33 <skvidal> racor: did that work?
16:16:42 * skvidal suspects not
16:16:50 <abadger1999> :-(
16:16:54 <Jeff_S> might be easier to register the nick... =/
16:16:57 <racor> ping?
16:16:58 <hansg> He is not on this channel, I think the problem is he cannot join.
16:17:02 <hansg> he racor
16:17:09 <abadger1999> racor: I see your ping :-)
16:17:11 <hansg> Guess it did work
16:17:11 <skvidal> there is he
16:17:19 <racor> seems as if my registration expired ;)
16:17:30 <skvidal> racor: did you identify to nickserv?
16:17:41 <racor> yep, ca. 15 ago
16:17:48 <racor> 15 secs ago
16:17:56 <skvidal> hmm okay
16:18:12 <skvidal> abadger1999: lemme know if you need anything else
16:18:19 <abadger1999> Okay.  Thank you!
16:18:59 <abadger1999> So sourceURL -- till just wants to add a note that we really do mean "downloads" with the s at the end.
16:19:08 <hansg> +1
16:19:11 <rdieter> +1
16:19:12 <abadger1999> Since some people still get it wrong with the present text.
16:19:14 <abadger1999> +1
16:19:52 <tibbs> I guess so.  Do we have to use the blink tag or something?
16:19:53 <SmootherFrOgZ> +1
16:20:12 <hansg> tibbs, no marque is much cooler :)
16:20:19 <rdieter> hopefully we won't have to make a habit of adding "<blink>seriously, we really mean it</blink>" to too many other guidelines
16:21:12 <abadger1999> tibbs: If that's an official +1 we're agreed here.
16:21:42 <tibbs> Yeah, +1.
16:21:43 <hansg> Note, as cozy as this is, my time is limited, or do we still have quorum even without me now that racor is here ?
16:21:54 <abadger1999> #agreed Emphasize correct SF.net SourceURL passes
16:22:12 <abadger1999> hansg: Could I just ask if you've read either of the last two?
16:22:25 <abadger1999> Andif so, if you have a vote/opinion?
16:22:30 <abadger1999> hansg: We do have quorum.
16:22:48 <abadger1999> #topic Clarify line between bundled libraries and copied snippets of code
16:22:55 <abadger1999> https://fedorahosted.org/fesco/ticket/314
16:23:01 <hansg> abadger1999, yes I read both (although the python one only globally)
16:23:44 <abadger1999> Okay.  So this one: Do we want to make guidelines on what's a bundled library and what's a snippet?
16:23:52 <hansg> Ok, so this one seems to be 2 in one: 1) When is something a library, 2) can wordpress have an exception (on which I guess we can only advice)
16:24:09 <abadger1999> If so I'd like to see if we can approve the python guidelines while hansg is here and then come back to this.
16:24:17 <abadger1999> hansg: That's correct.
16:24:40 <hansg> It seems obvious to me when something is a library, if it has a separate upstream and is used by several other projects it is "shared code"
16:25:20 <hansg> FTR, I'm fine with giving wordpress an exception, as long as the maintainer promises to take this up with upstream and try to get them to become better citizens
16:25:45 <abadger1999> So te one piece of code I looked at from the top had a sepaate upstream but the code was very heavily modified -- as in variables and classes renamed, messsages totally rewritten.  Function signatures changed.
16:25:49 <hansg> (note "shared code" == "library", I called it shared code to make the term more generic)
16:25:57 <abadger1999> <nod>
16:26:22 <hansg> abadger1999, if they've significantly forked that is ground for an exception.
16:26:53 * hansg has a couple of packages him self with significantly forked libs in there, although non are network exposed which makes wordpress different
16:26:58 <abadger1999> Also note that adrian wants to continue to bundle all the libraries even though only the tpo three were heavily modified.
16:27:27 <hansg> Yes I noticed, are the other libs already in anaconda ?
16:27:43 <abadger1999> anaconda?
16:27:47 <abadger1999> You mean Fedora?
16:27:49 <hansg> Fedora
16:28:03 <hansg> Guess what I've been working on the entire day :)
16:28:18 <abadger1999> Some of them are -- david nalley discovered this when he was pulling the libraries out of zikula.
16:29:10 <abadger1999> Seems rather unfair to make zikula unbundle libraries when they have a better security record than wordpress....
16:29:28 <hansg> Ok, so maybe our advice to FESco should be give an exception for libs not yet otherwise packaged (or heavily forked), but require wordpress to use libs when already packaged (and move over to packaged libs as others are packaged).
16:29:32 <rdieter> it probably has to remain grandfathered for the time-being, mostly because of existing wordpress inclusion and deployments
16:29:39 <tibbs> postnuke?  security record?
16:30:03 <hansg> I think that is fair, as otherwise we would require of adrian to package them and maintain them separately hugely increasing the wordpress maintenance load
16:30:05 <abadger1999> hansg: Want to keep talking about this or move on to python and come back if you have time?
16:30:13 <rdieter> and continue to road of identifying bundled code, and poking upstream.
16:30:39 <tibbs> I sure hope that FESCo doesn't intend to grant any sort of permanent exception.
16:30:46 <hansg> abadger1999, I don't have much input on the pythnon stuff, so lets finish this topic first
16:30:55 <rdieter> (but I guess that's FESCos call to make, ours is to help draw the line)
16:31:18 <abadger1999> tibbs: Check cve.mitre.org for postnuke vs wordpress.
16:31:47 <abadger1999> hansg: We've already demanded that of the zikula people, though.
16:32:14 <tibbs> The mistake is that wordpress was reviewed and approved without anyone noticing this.
16:33:13 <hansg> abadger1999, tibbs, ack and ack, which is why I proposed: " our advice to FESco should be give an exception for libs not yet otherwise packaged (or heavily forked), but require wordpress to use libs when already packaged (and move over to packaged libs as others are packaged)."
16:33:20 <hansg> Which seems a decent compromise to me
16:33:56 <rdieter> reasonable to me.
16:34:00 <abadger1999> I could see a heavily forked exception, although we don't yet have a definition for heavily forked (changes API, for instance)
16:34:10 <tibbs> Also note that they effectively have to track upstream on all of these libraries anyway, so simply packaging properly shouldn't be considered an additional burden.
16:34:16 <abadger1999> But I do not like an exeption for libs already packaged.
16:34:26 <abadger1999> vs not already packaged.
16:34:41 <abadger1999> <nod>
16:35:35 <abadger1999> With the state of web applications whatit is, giving a "not already packaged" exception means we'll never get more system libs packaged b/c practically everyone bundles.
16:35:43 <hansg> tibbs, well adrian is counting on wordpress upstream to do that for him atm
16:36:25 <hansg> abadger1999, note the  "not already packaged" exception is a form of grandfathering the existing wordpress packages, iow not meant as a rule for new ones
16:36:34 <tibbs> As if that makes anything somehow better?
16:37:04 <abadger1999> hansg: Looking at their code choices, I wouldn't say they're setting themselves up to do a good job at that -- for instance, the heavily  modified code I looked at is several revisions back from the latest release.
16:37:10 <hansg> I thought all we were discussing is wordpress exception, I think the current rules are fine as is, except that they need to be checked better during reviews of web apps
16:37:34 <abadger1999> Also, we have both wordpress and wordpress-mu in the distro so that's already two packages with the same bundled libs...
16:38:12 <hansg> abadger1999, ack, I'm merely trying to say that it seems reasonable for adrian to expect any holes discovered to get fixed by wordpress upstream, and that he can then just rebase, which is less work then having 15 packages and tracking 15 upstreams
16:38:47 <tibbs> So you're saying you basically disagree with the no-bundled-libraries concept?
16:39:39 <hansg> No I don't disagree as said I think the current rule for this is fine, I'm merely trying to see things from adrian's pov
16:40:11 <abadger1999> reasonable as in wordpress is his upstream and they should be taking responsibility for this or reasonable as in they've proven that they can make good decisions about security and can swiftly fix any security issues in their bundled copies?
16:40:16 <hansg> Anyways this is all my 2 cents, my wife and children just came home, so its time for me to go cook dinner. Good luck with this discussion :)
16:40:23 <abadger1999> b/c I really don't think the second is there.
16:40:29 <hansg> the first
16:40:59 <abadger1999> hansg: k.  I'm against it but will continue to discuss with everyone else :-)
16:41:15 <hansg> And I agree wordpress has a terrible security record, but we don't have a guideline that says you cannot package software with a terrible security record, hmm now maybe there is an idea ?
16:41:18 <abadger1999> hansg: Before you go, would you vote +1 on python unless someone brings up some issue?
16:41:42 <hansg> yes, +1 on python given no one else finds any issues with it
16:41:48 <abadger1999> Thanks.
16:41:48 <hansg> bye!
16:41:51 <abadger1999> bye!
16:43:59 <tibbs> So....
16:44:11 <abadger1999> So.... I disagree with upstream is ultimately responsible since if it was, we could let every upstream bundle libraries -- they're all responsible, right?
16:44:30 <abadger1999> Given that, I'm still against grandfathering the non-heavily modified libs.
16:44:59 <abadger1999> Do we want to vote on whether to recommend an exception for the non-heavily modified libs to be bundled?
16:45:59 <tibbs> I'm still not really getting this.
16:46:17 <racor> neither do I
16:46:30 <tibbs> The wordpress maintainer knows we have a policy against bundling libraries like that, and he just... doesn't want to comply with it?
16:46:52 <tibbs> The libraries aren't modified or anything, he just disagrees with the policy?
16:48:12 <abadger1999> yep.
16:48:21 <abadger1999> For the second list.
16:48:23 <rdieter> tibbs: basically (ie, doesn't want the extra work, I guess)
16:48:23 <abadger1999> Well....
16:49:01 <abadger1999> I haven't checked too deeply but I think he sees the second list as minorly modified -- put several source files into one file, add wordpress comment header, stuff like that.
16:50:23 <rdieter> we're wading into the weeds here, isn't our job here to simply try to define what counts as a (bundled) library or not  (and then FESCo decides)?
16:50:24 <abadger1999> His claim in the bug is that upstream will respond to problems and he'll be able to resync to upstream without much effort -- if he has to unbundle, then he'll have to apply some sort of patch for wordpress to look in the right place for the system lib and he might not be able to forward port that to a newwordpress release very well.
16:50:40 <abadger1999> We can recommend.  I've done that in the past.
16:50:52 <tibbs> That's the same argument that java and mono folks have used which has always been rejected in the past.
16:50:57 <abadger1999> <nod>
16:51:21 <abadger1999> So yeah, I really think we should recommend no exception for the second list.
16:51:43 <rdieter> I think so too
16:51:52 <abadger1999> Vote?  Recommend no exception for the list of non-heavily modified libraries.
16:51:54 <abadger1999> +1
16:52:06 <rdieter> +1
16:52:09 <tibbs> +1 no exception
16:52:24 <racor> +1 I would agree to allow "functionally modified" versions of packages
16:52:32 <SmootherFrOgZ> +1
16:52:43 <abadger1999> #agreed recommend no exception for the non-modified libraries
16:53:02 <abadger1999> racor: Okay, how do you define "functionally modified" ?
16:53:50 <tibbs> We have to accept that open source stuff will be forked.
16:53:52 <abadger1999> Additions to the API (even if they could just be done in the wordpress code instead of modifying the library)?  Bugfixes even though those should go upstream?
16:54:19 <tibbs> I don't think we can hope to actually define this kind of thing, however.
16:54:19 <abadger1999> Changes that more than just the single application might want?
16:54:53 <racor> abadger1999: Modified (Hacked) API/ABI, required by a package but not implemented in the "official upstream"
16:55:08 <abadger1999> Shall we table this, look at the code in question, (there's only three files) and come back next week?
16:55:21 * abadger1999 only ten minutes left and I want to get to python.
16:55:22 <rdieter> table +1, we''re running short on time
16:55:29 <SmootherFrOgZ> abadger1999: yes
16:55:46 * rdieter needs to go close to promptly at the top of the hour
16:55:49 <abadger1999> #agreed FPC will meet next week to discuss the heavily modified files
16:55:55 <abadger1999> #topic New python guidelines
16:55:58 <racor> An extreme example of what I am referring to would xbmc
16:56:24 <abadger1999> https://fedoraproject.org/wiki/PackagingDrafts/Python3
16:56:34 <tibbs> I think the new python guidelines are fine.
16:56:50 <tibbs> I'm sure that we'll still find a few corner cases that will need clarification.
16:56:53 <abadger1999> dmalcolm and I wrote them.  I like them.
16:57:58 <racor> I am missing a statement on "long term vision", i.e. when does Fedora envision it do be removed
16:58:06 <abadger1999> dmalcolm: ^
16:58:10 <dmalcolm> "it" = python2?
16:58:14 <racor> yep
16:58:15 <dmalcolm> s/do/to/
16:58:19 <abadger1999> Are we envisioning python2 ever being removed?
16:58:29 <tibbs> That's not really FPC's domain.
16:58:54 <racor> So Fedora will carry around a python2 rucksack for the next 5 years?
16:59:04 <tibbs> At least that long.
16:59:05 <dmalcolm> FWIW I think it's safe to bet that python 2 will still be relevant in at least 3 years time
16:59:27 <racor> tibbs: Then I can't avoid to vote -1
16:59:28 <dmalcolm> fairly sure 5 years, too
16:59:32 <tibbs> Why?
16:59:33 <abadger1999> Judging from things like this: http://renesd.blogspot.com/2009/09/py3kpython3-more-than-one-year-on-096.html
16:59:48 <abadger1999> I'd say three years is a pretty safe bet.
16:59:49 <dmalcolm> racor: why?
16:59:59 <tibbs> racor: If you simply reject any possibility of having python2 and python3, then that's not your decision to make.
17:00:14 <rdieter> tibbs: +1 (that's the wrong reason)
17:00:20 <racor> We should be aim forward, not aiming at backward compatibility
17:00:25 <tibbs> Our committee has been tasked with coming up with guidelines for how to do this.
17:00:44 <tibbs> It's not for us, or any committee member, to say "well, we don't want to do this".
17:01:01 <racor> that's why I am asking at "long term vision"
17:01:03 <rdieter> consider me +1 for the python draft, gotta run real-soon-now.
17:01:16 <racor> we should aim at abandoning python2
17:01:34 <racor> but set a grace period to allow a smooth transisition
17:01:54 <dmalcolm> racor: the background to this is that python 3 is intended by upstream to be the future, but the python community overall is only porting very slowly.  We have critical sys components that are written in python 2 and will take more than one Fedora release to port to python 3.  Hence we need at least one release (probably several) with both
17:02:10 <dmalcolm> (e.g. yum, anaconda)
17:02:36 <abadger1999> Also we have no control over when other projects will choose to switch from python2 to python3.
17:02:58 <tibbs> Anyway, +1 to these guidelines from me.
17:03:06 <racor> dmalcolm: This is nothing unusual - cf. autoconf-2.13/2.49 ... gcc2/gcc3/gcc4 ... gtk1/gtk2
17:03:13 <SmootherFrOgZ> racor: so 5 years is too long for you ?
17:03:22 <abadger1999> or even, if they will choose to.
17:04:19 <abadger1999> (Well.. when the py2.x line finally has no more security or bugfix releases, I suppose that'll be a cutoff).
17:04:29 <racor> yes, experience tells this will be counterproductive and non-helpful to upstreams (drive people away from "noveltity", because they have a "cheap escape") and to the distro (gradually rotting ballast)
17:04:42 <dmalcolm> even if we ported everything critical to python3 and dropped python 2, I would expect Fedora to immediately be dropped by anyone doing Python development
17:04:53 <abadger1999> I agree with tibbs, though -- that would be a packager choice, not a guidelines choice.
17:04:59 <dmalcolm> (at this time)
17:05:15 <tibbs> abadger1999: Or FESCo's choice, but in any case not our choice.
17:05:22 <abadger1999> <nod>
17:05:34 <tibbs> BTW, limburgher is also here but can't talk.
17:05:44 <tibbs> limburgher: Are you sure you've properly registered with nickserv?
17:06:26 <dmalcolm> racor: it can be argued that python 2 and python 3 are different languages
17:07:28 <racor> yes, time to encourage people to port their works ...
17:07:53 <dmalcolm> http://meetbot.fedoraproject.org/fedora-meeting/2009-11-13/fesco.2009-11-13-17.00.log.html
17:08:21 <dmalcolm> ^^ is the FESco meeting log: which had "Python 3 F13 feature is approved for F13"
17:08:35 <dmalcolm> "contingient on packaging guidelines"
17:08:42 <abadger1999> racor: if we don't allow people to package python3 modules and applications, we can't even begin to encourage them to port ;-)
17:09:01 <abadger1999> So we need these Guidelines before we can even get started on that process.
17:10:04 <racor> abadger1999: Pardon, but you misunderstood. I didn't say this. I am saying there should be a deadline to schedule removal of python2 in Fedora.
17:10:14 <tibbs> limburgher: Looks to me like you're not registered.
17:10:24 <tibbs> limburgher: /msg nickserv help register
17:10:54 <racor> libburgher: c.f http://freenode.net/faq.shtml#registering
17:11:04 <abadger1999> racor: Sure... but that would be a FESCo or packager deadline.
17:11:11 <abadger1999> Not an FPC Guideline.
17:11:47 <SmootherFrOgZ> abadger1999: right
17:11:49 <dmalcolm> would it be acceptable for Fedora to continue to support Python2 for as long as upstream python community supports python? (which is likely to be a long time)
17:12:26 <abadger1999> And in order to even hope to get there, we need to allow packaging of python3 modules now.  Which means we need these Guidelines.
17:12:32 <racor> the FPG should mention it, the FPG should notify about python2 to be scheduled to be removed <insert date>
17:13:05 <dmalcolm> coming up with such a date is not realistic at this time
17:13:13 <racor> the FPG should emphasize that it's its intention to abandon python2
17:14:45 <abadger1999> The FPC has no intention to abandon any language, though.  Those are things that are decided by packagers of the runtime and maybe FESCo.
17:16:38 <racor> abadger1999: You're in nitpicking mode? The FPG should mention that it's Fedora's intention to abandon python2, because the language is obsolete.
17:19:17 <dmalcolm> python 2 is no longer in use, or no longer useful?  I disagree with that assertion
17:20:14 <dmalcolm> there is a transition occurring within the wider python community; we're at the beginning of it
17:20:26 <dmalcolm> it's impossible to tell at this point how long it will take
17:24:10 <racor> dmalcolm: The language might be in wide use NOW, but like most other languages undergoing major version changes, after some period will become an niche for exotic and/or dead packages
17:25:05 <racor> It's better to encourage people to upgrade now than having to carry around this ballast for ever.
17:26:41 <dmalcolm> encouraging people to upgrade is _exactly_ what I'm trying to do
17:27:29 <wwoods_nola> I think it's sensible to make it *easy* to upgrade first
17:27:38 <wwoods_nola> and worry about pushing people down the nice slide latetr
17:27:44 <dmalcolm> what nice slide?
17:28:05 <dmalcolm> porting everything from python 2 to python 3 is going to be _years_ of work
17:28:13 <Oxf13> well, we're providing them a nice slide by making it possible for them to ease the transition
17:28:22 <wwoods_nola> okay the slide is a lie
17:28:34 <Oxf13> instead of telling every user that "YOU MUST PORT YOUR WORK IN THE NEXT 3 MONTHS HHAHAHAHAHA"
17:29:30 <wwoods_nola> I may have over-emphasized the ease of porting to python 3. So maybe, you know, we're removing the mines from the trail, no forced deathmarch yet
17:29:30 <dmalcolm> we have FESco approval for parallel python 2 and python3 stacks, contingent on coming up with suitable packaging guidelines.  Toshio and I have written guidelines, based on our experiences of trying this
17:30:52 <dmalcolm> Feature Freeze is 6 days away
17:31:10 <racor> OK, here is my vote: -1, because the guideline encourages people to continue using python2. This is not-helpful to python nor to Fedora
17:31:11 <dmalcolm> we've been tuning the guidelines for literally months
17:31:18 <dmalcolm> blocking approval of the guidelines without specific purely to thwart parallel python 2 and python 3 stacks seems like a filibuster to me
17:32:12 <dmalcolm> given the netsplit, not sure meeting is quorate, or being logged
17:33:06 <Oxf13> racor: care to point out how/where it 'encourages people to continue using python2' ?
17:33:34 <Oxf13> I'd word it more "it allows people to continue using python2 as the world makes it's way to python3"
17:34:11 <Oxf13> dmalcolm: zodbot is still here, so the meeting should still be logged
17:34:27 <dmalcolm> Oxf13: thanks
17:34:57 <racor> 0xf13: I outlined this is depth before you popped up.
17:36:18 <racor> Oxf13: It should emphasize Fedora's intention to abandon python2 and encourage people to port their works to python3.
17:37:01 <wwoods_nola> over what time period?
17:37:03 <Oxf13> with vague and murky definitions for when?
17:37:48 <Oxf13> I think perhaps there is a disconnect.
17:38:04 <Oxf13> racor: I feel that you'd like to see Fedora force the hand of upstreams to move to python3
17:38:30 <dmalcolm> As the author of a tool for porting python code from 2 to 3, and a maintainer of python within Fedora, I'm very interested in encouraging people to port to python3.  But we're talking years of work here.
17:38:33 <Oxf13> while I think dmalcolm and toshio are trying to let Fedora facilitate the natural progression of upstreams from 2 to 3
17:39:15 <Oxf13> dmalcolm: racor: am I wrong on either count?
17:44:36 <dmalcolm> is the meeting quorate?
17:45:20 <Oxf13> looks like it's getting closer
18:00:09 <abadger1999> tibbs: hey sorry, my dsl line was giving me troubles.
18:00:22 <abadger1999> tibbs: Did we get anywhere?
18:00:40 * abadger1999 assumes everyone else has left now
18:02:19 <Southern_Gentlem> abadger1999, http://fpaste.org/bwR2/
18:05:29 <abadger1999> Southern_Gentlem: Thanks
18:05:32 <abadger1999> #endmeeting