Summary/Minutes from today's FESCo Meeting (2014-06-25)

Wed, 25 Jun 2014 11:12:50 -0700 

===================================
#fedora-meeting: FESCO (2014-06-25)
===================================


Meeting started by dgilmore at 17:03:52 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2014-06-25/fesco.2014-06-25-17.03.log.html
.



Meeting summary
---------------
* init process  (dgilmore, 17:04:01)

* #1310 Reconsidering rpcbind's exception allowing it to start by
  default  (dgilmore, 17:05:22)
  * LINK: https://fedorahosted.org/fesco/ticket/1310   (dgilmore,
    17:05:27)
  * ACTION: kylem to test and harass steved to find out if things can be
    made to work for nfsv3  (dgilmore, 17:17:59)

* #1311 Disable syscall auditing by default  (dgilmore, 17:18:31)
  * LINK: https://fedorahosted.org/fesco/ticket/1311   (dgilmore,
    17:18:33)
  * AGREED: turn off syscall auditing for all processes by default. we
    will reevaluate when we get info from the perf team (6-0-0)
    (dgilmore, 17:38:39)

* #1312 F22 System Wide Change: Replace Yum With DNF -
  http://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF  (dgilmore,
  17:38:52)
  * LINK: https://fedorahosted.org/fesco/ticket/1312   (dgilmore,
    17:38:57)
  * ACTION: dgilmore will look back at last weeks minutes and update the
    ticket appropriately  (dgilmore, 17:40:58)

* Next week's chair  (dgilmore, 17:41:14)
  * ACTION: nirik to run next weeks meeting  (dgilmore, 17:42:21)

* Open Floor  (dgilmore, 17:42:27)
  * jreznik to be election wrangler  (dgilmore, 17:57:25)
  * AGREED: Will finalize current schedule and remove 'no earlier than'
    from milestones. (+5,0,0)  (nirik, 18:04:49)

Meeting ended at 18:07:26 UTC.




Action Items
------------
* kylem to test and harass steved to find out if things can be made to
  work for nfsv3
* dgilmore will look back at last weeks minutes and update the ticket
  appropriately
* nirik to run next weeks meeting




Action Items, by person
-----------------------
* dgilmore
  * dgilmore will look back at last weeks minutes and update the ticket
    appropriately
* kylem
  * kylem to test and harass steved to find out if things can be made to
    work for nfsv3
* nirik
  * nirik to run next weeks meeting
* **UNASSIGNED**
  * (none)




People Present (lines said)
---------------------------
* dgilmore (72)
* mattdm (37)
* nirik (36)
* abadger1999 (23)
* kylem (23)
* mitr (16)
* jreznik (16)
* pjones (13)
* zodbot (7)
* amluto (6)
* jwb (2)
* pingou (1)
* mmaslano (0)
* sgallagh (0)
* t8m (0)
--
17:03:52 <dgilmore> #startmeeting FESCO (2014-06-25)
17:03:52 <zodbot> Meeting started Wed Jun 25 17:03:52 2014 UTC.  The chair is 
dgilmore. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:03:52 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link 
#topic.
17:03:55 <nirik> yep
17:03:58 <dgilmore> #meetingname fesco
17:03:58 <zodbot> The meeting name has been set to 'fesco'
17:03:58 <dgilmore> #chair abadger1999 dgilmore jwb kylem mattdm mitr mmaslano 
nirik pjones  sgallagh t8m
17:03:58 <zodbot> Current chairs: abadger1999 dgilmore jwb kylem mattdm mitr 
mmaslano nirik pjones sgallagh t8m
17:04:01 <pingou> mattdm: nice timing :)
17:04:01 <dgilmore> #topic init process
17:04:03 <pjones> hello.
17:04:06 <mattdm> magic!
17:04:06 <mitr> Hello
17:04:08 <kylem> bueller.
17:04:08 <nirik> morning
17:04:26 <abadger1999> Hola
17:04:27 <dgilmore> looks like we have enough folks
17:04:31 <mattdm> I have a hard stop at 10 before the hour, btw.
17:04:33 <dgilmore> lets get started
17:04:40 * jreznik is around
17:04:45 <dgilmore> mattdm: its a short agenda
17:05:22 <dgilmore> #topic #1310 Reconsidering rpcbind's exception allowing it 
to start by default
17:05:26 <dgilmore> .fesco 1310
17:05:27 <dgilmore> https://fedorahosted.org/fesco/ticket/1310
17:05:28 <zodbot> dgilmore: #1310 (Reconsidering rpcbind's exception allowing 
it to start by default) – FESCo - https://fedorahosted.org/fesco/ticket/1310
17:06:55 <dgilmore> not sure where we are with this
17:07:10 <nirik> we were waiting for some feedback from steved..
17:07:18 <nirik> which doesn't seem to have happened.
17:07:28 <dgilmore> yeah
17:07:48 <nirik> but if it's needed for the client, I'm inclined to leave it 
autostarting (at least for now)
17:08:00 <dgilmore> i know it is needed for the client
17:08:04 <mattdm> the comment about it being socket-activated seems like a 
balancing factor.
17:08:13 <abadger1999> s/autostarting/start by default/ ?
17:08:19 <mattdm> that is, it's not _really_ autostarted unless needed?
17:08:27 <dgilmore> The question seems to be can rpcbind be started 
automatically when you go to mount a nfsv3 share
17:08:28 <abadger1999> I think steved asked whether it would start on-demand.
17:08:37 <mitr> mattdm: From a security/risk limitation perspective socket 
activation makes no differene.
17:09:09 <mattdm> mitr true. but from a resource consumption one it does.
17:10:11 * abadger1999 notes that socket activation is something that fesco 
should be addressing in its "autostart" list but currently hasn't set precedent 
by doing so.
17:10:32 <mattdm> abadger1999: yeah
17:11:15 <dgilmore> I guess someone need to test if rpcbind starts when needed, 
and if it doesn't can it be made to do so
17:12:03 <mitr> Do I read steved's note right that on the client, we need 
rpcbind running but not necessarily network reachable?  Having the default 
localhost-only but enabled would be much more attractive to me.
17:12:24 <mattdm> mitr yes, I think that's correct
17:13:07 <amluto> IIUC the client needs nfs-lock.service (unless -o nolock is 
set), and nfs-lock.service requires rpcbind.service
17:13:19 <dgilmore> So the question is will this type of network activity 
(remote and local) cause rpcbind to start before its needed? If the answer is 
yes, then good I will be more than willing to try.
17:13:39 <amluto> so the only likely regression i can think of is that maybe 
omitting -o nolock behaves better if rpcbind is running (but not 
nfs-lock.service) than if rpcbind isn't running
17:14:45 <nirik> so, wait another week for steved? assign one of us to just do 
the testing?
17:15:20 <dgilmore> lets wait one week, for further feedback, if none then we 
get someone to do some testing and provide it
17:15:55 <abadger1999> And be sure to comment on the ticket what we're wanting 
to know :-)
17:15:59 <nirik> +1
17:16:07 <dgilmore> abadger1999: already writing it up
17:16:10 <mattdm> okay, sure. doesn't seem urgent
17:16:11 <abadger1999> Cool.
17:16:12 <mattdm> +1
17:16:54 * kylem can do the testing.
17:17:18 <kylem> i can also harass steved tomorrow.
17:17:23 <dgilmore> kylem: okay
17:17:30 <mattdm> kylem: do both! :)
17:17:41 <kylem> i'll update the ticket before the next meeting with whatever 
the result is.
17:17:57 * jwb shows up
17:17:59 <dgilmore> #action kylem to test and harass steved to find out if 
things can be made to work for nfsv3
17:17:59 <abadger1999> Thanks
17:18:13 <dgilmore> kylem: thanks i wont add anything to the ticket then
17:18:23 <kylem> ok. no problemo.
17:18:30 <dgilmore> lets move on
17:18:31 <dgilmore> #topic #1311 Disable syscall auditing by default
17:18:31 <dgilmore> .fesco 1311
17:18:33 <dgilmore> https://fedorahosted.org/fesco/ticket/1311
17:18:33 <zodbot> dgilmore: #1311 (Disable syscall auditing by default) – FESCo 
- https://fedorahosted.org/fesco/ticket/1311
17:19:31 <dgilmore> are waiting further info here on the actual performance 
impact
17:19:42 <dgilmore> I think we are waiting further info here on the actual 
performance impact
17:19:44 <mattdm> I got some feedback from steve grubb
17:19:56 <mattdm> he, in turn, is waiting for the performance team to do some 
testing
17:20:35 <dgilmore> okay, so wait a week for more feedback?
17:20:41 <dgilmore> or should we wait longer?
17:20:53 <mattdm> I'll ping and ask the rough timeline
17:21:21 <dgilmore> okay lets update the ticket when we know when we should 
expect feedback so we can skip until then
17:21:36 <mattdm> however, he did say that it's probably going to be on a 
slower schedule than fedora might like
17:21:57 <kylem> nobody has made a particularly good case why it should stay 
on...
17:22:12 <kylem> besides "it helps sometimes"
17:22:32 * nirik nods.
17:22:44 <dgilmore> indeed
17:22:47 <kylem> then again, if a handful of ns per syscall is really a 
performance concern, you can turn it off yourself anyway.
17:22:51 <pjones> with the counterpoint "it clearly hurts sometimes"
17:22:55 <kylem> pjones, indeed.
17:23:01 <mattdm> kylem correct. I think the case is basically: if it's on in 
fedora, people are more likely to notice when something goes wrong and we get 
this feedback, which helps for the few people for whom it is vital
17:23:03 <kylem> amluto makes a good point wrt security too.
17:23:03 <pjones> and "it doesn't seem to be maintained, so it will hurt more 
in the future"
17:23:22 <kylem> (then again, the same is true for a lot of kernel code.)
17:24:03 <amluto> this particular piece of kernel code is unusual in that 
seccomp can't protect against it
17:24:29 <pjones> kylem: yeah, but not much of the code you're referencing is 
on /every/ syscall path
17:24:34 <mattdm> And, from my point of view... I appreciate that role of 
fedora in general, but I don't think that very many people are actually using 
it in fedora in a way that really helps
17:24:38 <kylem> indeed. frankly, i turn it off anyway, so i'm +1.
17:24:45 <kylem> ;-)
17:24:46 <mitr> pjones: The 32-on-64 case is AFAIK being actively addressed 
right now; the code is maintained but nobody is actively looking for bugs every 
week
17:25:00 <nirik> if we want to turn it off, we should be clear which way we 
want to turn it off. ;)
17:25:02 <pjones> mitr: well, that's some consolation.
17:25:30 <amluto> mitr: what 32-on-64 case?  is there yet another bug i don't 
know about?
17:25:35 <mitr> nirik: yeah; I'd be fairly strongly against kicking it out of 
the kernel; the default rule to disable it for all processes would be quite fine
17:25:50 * nirik nods. Just need to be clear.
17:25:58 <mitr> amluto: I'd expect everything to be discussed on linux-audit 
(but I'm not subscribed there)
17:26:03 <abadger1999> mitr: +1
17:26:44 <mitr> I'm still not _thrilled_ with disabling it, and dwalsh does say 
that it is somewhat useful, but nobody has been too strongly fighting for 
leaving it on either, so...
17:27:26 * nirik is ok with the disable for all processes config option.
17:27:34 * pjones is too
17:28:53 <mattdm> Is there a way we can turn it off in the cloud image which 
allows auditd to not be installed/running?
17:29:21 <jwb> isn't that what nirik just mentioned?
17:29:27 <mitr> mattdm: You need to run an auditctl command (i.e. have the 
package installed) but that doesn't require auditd running
17:29:41 <dgilmore> im okay with turning off for all processes, especially if 
we document a way to turn it on for the use cases where it is useful
17:29:48 <mitr> mattdm: That might be deviating from the default setup somewhat 
but AFAIK is fairly feasible
17:31:07 <amluto> mattdm: if nothing has ever enabled audit (that is, auditctl 
-e 1 or the equivalent never happens after boot), then syscall auditing will be 
off
17:31:17 <amluto> I think that, if auditd is not installed, then that's what 
happens
17:31:59 <mattdm> Okay -- I thought someone told me otherwise. But I may just 
be confused. This is definitely not an area of expertise for me -- we never had 
to audit things at this level at my sysadmin jobs :)
17:32:21 <dgilmore> should we vote on something or wait?
17:32:36 <pjones> mitr: that might be an argument for splitting the package 
into a -daemon and -tools or somesuch
17:32:47 <kylem> well, i assume we're not going to change f20, so i don't see 
harm in deferring the vote another week for rawhide.
17:33:02 <dgilmore> we wont change f20
17:33:15 <mitr> dgilmore: If we could expect to hear back from the perf team 
soon enough, I don't see harm in waiting (but then I don't see much harm in 
just flipping it now and perhaps flipping it back later)
17:33:18 <dgilmore> lets see if some magic data comes back soon
17:33:28 <mitr> pjones: It might; I'm not so intent on saving every 100 kb
17:33:40 <mattdm> mitr, pjones yes, it is small.
17:34:07 <abadger1999> mitr: I feel the same as you.
17:35:04 <mattdm> I'm +1 to mitr's parenthetical proposal
17:35:24 <mattdm> flip it now, and leave open the possibility of flipping it 
back if more data comes in
17:35:32 <abadger1999> +1 to mitr's proposal as well.
17:35:42 * nirik is +1 too
17:35:53 <mitr> Count me as +1 to either :)
17:36:36 <dgilmore> #proposal turn off syscall auditing for all processes by 
default. we will reevaluate when we get infor from the perf team
17:36:38 <pjones> Might be worth flipping it now and seeing if we get any 
anecdata in return.
17:36:46 <pjones> dgilmore: +1
17:36:47 <dgilmore> #proposal turn off syscall auditing for all processes by 
default. we will reevaluate when we get info from the perf team
17:36:56 <mattdm> dgilmore: +1
17:37:00 * dgilmore fixes typo
17:37:02 <nirik> dgilmore: +1
17:37:04 <abadger1999> dgilmore: +1
17:37:37 <dgilmore> since mitr did not actually put up a proposal
17:37:52 <dgilmore> we need one more +1 i think
17:37:57 <mitr> dgilmore: +1
17:38:03 <dgilmore> though i am +1 to my proposal
17:38:39 <dgilmore> #agreed turn off syscall auditing for all processes by 
default. we will reevaluate when we get info from the perf team (6-0-0)
17:38:52 <dgilmore> #topic #1312 F22 System Wide Change: Replace Yum With DNF - 
http://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF
17:38:57 <dgilmore> .fesco 1312
17:38:57 <dgilmore> https://fedorahosted.org/fesco/ticket/1312
17:38:57 <zodbot> dgilmore: #1312 (F22 System Wide Change: Replace Yum With DNF 
- http://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF) – FESCo - 
https://fedorahosted.org/fesco/ticket/1312
17:39:18 <dgilmore> didnt we approve this last week?
17:39:27 <nirik> yep
17:39:35 <mattdm> yeah there was something about asking the dnf maintainers 
here to talk more
17:39:44 <mattdm> but I don't actually have anything more to add :)
17:39:52 <mattdm> I said what I think
17:40:08 <mattdm> and after the devel mailing list I think it could use a nice 
calm rest
17:40:31 <dgilmore> okay, so lets get the ticket updated, actually invite dnf 
guys if we have questions for them
17:40:58 <dgilmore> #action dgilmore will look back at last weeks minutes and 
update the ticket appropriately
17:41:14 <dgilmore> #topic Next week's chair
17:41:24 <dgilmore> who wants to run the meeting next week?
17:41:33 <nirik> I've not done it in a while, I can
17:42:21 <dgilmore> #action nirik to run next weeks meeting
17:42:27 <dgilmore> #topic Open Floor
17:42:32 <mattdm> So.... https://fedorahosted.org/fesco/ticket/1317
17:42:36 <dgilmore> anyone have anything?
17:42:39 <mattdm> the election...
17:42:51 <nirik> yeah, we should move that forward
17:42:56 <mattdm> Last week, sgallagh tasked me with sending out an 
announcement as FPL
17:43:15 * kylem will be without internet in the wild and miss the meetings in 
2 weeks and 3 weeks. apologies in advance.
17:43:15 <mattdm> but I'd like the details of what exactly is to be announced 
worked out :)
17:44:10 <mattdm> I'm happy to help and to send messages and lend voice and 
etc., but would someone else be able to drive this?
17:44:14 <nirik> proposal: nominations from announcement time to 2014-07-07, 
election from 2014-07-07 to 2014-07-14
17:44:28 <kylem> what is everyones thoughts about me stepping down to let 
notting's seat be re-elected?
17:44:40 <nirik> kylem: you can do so if you like. ;)
17:44:49 <mattdm> kylem If you want to, do it sooner rather than later :)
17:44:50 <abadger1999> yeah, entirely your choice to me.
17:44:55 <dgilmore> kylem: your choice
17:45:10 <pjones> what they all said.
17:45:11 <kylem> ok. i'll do that then. ;-)
17:45:21 <nirik> ok, so 3 seats?
17:45:23 <pjones> Alright, then we're electing 3 seats.
17:45:39 <kylem> sounds right to me.
17:45:48 <pjones> nirik: +1 to that timeline
17:45:58 <dgilmore> nirik: +1
17:46:04 <kylem> +1
17:46:29 <nirik> the last election we didn't do a questionare... we could do a 
townhall tho if desired. Not sure how usefull they have been.
17:46:38 <abadger1999> nirik: +1
17:46:58 <mattdm> nirik We should have some standard questions for the 
questionnaire
17:47:46 <mitr> nirik: The townhalls were always useful to me; knowing about a 
long-term contributor doesn't always mean knowing their thoughts on the 
questions of the day.
17:48:13 <nirik> mattdm: we could, but in the past we asked for people to ask, 
and got very little response...
17:48:16 <mattdm> I can be +1 to the timeline, but it might be nice to have 
another week for publicity and letting potential candidates think about it.
17:48:19 <nirik> we could do a townhall next week?
17:48:23 <dgilmore> i know last election cycle the townhalls didnt work out
17:48:26 <mattdm> nirik: yeah that's a whole problem with the whole thing.
17:48:34 <dgilmore> due to devconf and people travelling
17:48:37 <mattdm> ftr I tried to give some but I put them in the wrong place :)
17:49:04 <mattdm> in any case, I need to go.
17:49:47 <dgilmore> thanks mattdm
17:49:49 <kylem> thanks matt.
17:49:54 <nirik> ok.
17:50:12 <dgilmore> should we reuse the questions from last cycle?
17:50:33 <jreznik> any volunteer for elections wrangler? while talking about 
elections, maybe I missed it
17:50:55 <dgilmore> jreznik: not that I know of
17:51:05 <nirik> I've not seen one, but would be great to have one to nag 
everyone to keep things moving
17:52:17 <dgilmore> anyone want to volunteer to run the elections?
17:52:19 <jreznik> for special elections, it's maybe not as much needed as for 
standard ones
17:52:23 <dgilmore> abadger1999: ^
17:52:38 <jreznik> but it's always to have someone you know he's responsible 
for to avoid mess
17:53:08 * abadger1999 doesn't want to but is willing to handle the technical 
aspects (setting up the electrion in the election app and getting the results 
to the person making the announcement)
17:53:20 <abadger1999> Since I'm not running I can do that :-)
17:54:11 <dgilmore> abadger1999: so you will be the wrangler?
17:54:49 * dgilmore needs to run in a minute
17:54:50 <abadger1999> dgilmore: no.  I'll handle the technical side of it.
17:54:57 <dgilmore> abadger1999: okay just clarifying
17:55:10 <abadger1999> not the schedule/townhall/etc side.
17:55:36 <jreznik> I can help with schedule, as I always do it
17:55:40 <dgilmore> so we need a wrangler, we need to set a schedule and we 
need to work out questionaire, townhall details
17:56:13 <jreznik> but I never did that questionaire/townhall stuff
17:56:28 <dgilmore> jreznik: want to learn?>
17:57:07 <jreznik> dgilmore: why not? it's probably going to be easier if I do 
it whole with abadger1999 to setup bits
17:57:25 <dgilmore> #info jreznik to be election wrangler
17:57:42 <dgilmore> anything else we need to sort out here today?
17:57:46 <jreznik> what's the timeframe for it? asap?
17:57:55 <dgilmore> jreznik: yep
17:58:37 * nirik notes we sort of agreed on a schedule above... although mattdm 
wanted perhaps another week of lead time
17:59:06 <dgilmore> nirik: can you take over the last bit of the meeting 
please, i really need to run
17:59:23 <jreznik> nirik: ah, ok I see it
17:59:40 <nirik> dgilmore: sure. I think we are almost done...
17:59:45 <nirik> any other open floor business?
17:59:52 <jreznik> I'll take a look tomorrow, will update the ticket with 
proposal
18:00:01 <jreznik> nirik: one topic - schedule
18:00:04 <abadger1999> another week would be fine for me too.
18:00:05 <dgilmore> jreznik: nirik: thanks
18:00:15 * nirik would be ok moving the elections out another week too.
18:00:21 <kylem> indeed, i'm fine with pushing all dates in mattdm's original 
proposal out a week
18:00:42 <jreznik> we are still in "no earlier than" in the schedule and folks 
started pinging me if change freeze/branch is happening for real or they have 
more time
18:01:01 <nirik> jreznik: Yeah, I thought we finalized that a while ago, but 
perhaps I am wrong.
18:01:07 <mitr> jreznik: prooposal: s/no earlier than //g
18:01:12 <nirik> mitr: +1
18:01:28 <jreznik> it makes sense
18:01:32 <abadger1999> at least for change freeze and branch that makes sense.
18:02:08 <jreznik> abadger1999: well, we can remove "no earlier than" and 
continue with standard slipage from this point
18:02:19 <abadger1999> really.. we could slip no matter what the schedule says 
so  "no earlier than" is just telling people that hte schedule is more fluid 
than normal this time around.
18:02:28 <abadger1999> jreznik: yeah.  agreed.
18:02:46 <abadger1999> mitr: +1 to your proposal
18:02:47 <jreznik> maybe I just missed we agreed it's really that final, I 
consider it as final, just want final confirmation
18:03:38 <nirik> more votes please? thats +3 assuming mitr is for his proposal. 
;)
18:03:45 * mitr is +1 for the record
18:03:54 <kylem> +1
18:04:00 <pjones> eh, +1 I guess.
18:04:49 <nirik> #agreed Will finalize current schedule and remove 'no earlier 
than' from milestones. (+5,0,0)
18:04:55 <nirik> anything else for open floor?
18:05:04 <jreznik> thanks!
18:06:30 <nirik> ok, if nothing else will close meeting in a random 
indeterminate time around a minute from now.
18:07:08 <abadger1999> :-)
18:07:11 <kylem> heh
18:07:23 <nirik> ok, thanks for coming everyone!
18:07:26 <nirik> #endmeeting

Attachment: signature.asc
Description: PGP signature

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Reply via email to