summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meeting-logs/20171112-summary.txt204
-rw-r--r--meeting-logs/20171112-summary.txt.asc18
2 files changed, 222 insertions, 0 deletions
diff --git a/meeting-logs/20171112-summary.txt b/meeting-logs/20171112-summary.txt
new file mode 100644
index 0000000..af6e120
--- /dev/null
+++ b/meeting-logs/20171112-summary.txt
@@ -0,0 +1,204 @@
+The Gentoo Council Meeting was held on Sunday 2017-11-12 at 18:00 UTC
+in the #gentoo-council channel on Freenode.
+
+
+1. Roll call
+============
+Present: dilfridge, k_f, mgorny, slyfox, tamiko, ulm, williamh
+Absent: (none)
+
+
+2. Status of old GLEPs [1]
+==========================
+Motion:
+
+ a. mark Final:
+
+ 59 Acce 2008-10-22 Manifest2 hash policies and security implications
+
+ b. mark Moribund:
+
+ 7 Fina 2003-07-06 New ombudsman position
+ 8 Fina 2003-07-02 Adopt-A-Developer
+ 36 Fina 2004-11-11 Subversion/CVS for Gentoo Hosted Projects
+
+7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+Notes:
+
+a. The following GLEP was left Final since there seems to be some
+ activity around the topic:
+
+ 6 Fina 2003-07-02 Gentoo Linux monthly bug day
+
+b. The state of the following GLEP has not been discussed as security@
+ team indicated that they are planning an update:
+
+ 14 Acce 2003-08-18 security updates based on GLSA
+
+
+3. GLEP 66 (Gentoo git workflow)
+================================
+Motion: mark GLEP 66 Final
+
+7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+
+4. GLEP 65 (Post-install QA checks)
+===================================
+Motion:
+
+ Mark GLEP 65 Accepted, pending Final when tree-signing is implemented
+
+7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+
+5. manifest-hashes
+==================
+After a lively debate, the Council has voted on the following motion:
+
+ Change manifest-hashes to 'BLAKE2 SHA512' according to the plan in [2]
+ with the exception that the Council will vote on removing SHA512 later
+
+7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+Notes:
+
+a. The Council argued that the 36 month period for dropping SHA512
+ should not be set in stone. Instead, the Council should vote on doing
+ that when it makes sense to proceed.
+
+b. slyfox has suggested getting an additional review from security@.
+
+
+6. GLEP 74 (Full-tree verification using Manifest files)
+========================================================
+During the debate the following issues were pointed out:
+
+a. dilfridge has pointed out that the TIMESTAMP tag description
+ is unclear it is allowed in sub-Manifests, and what is the meaning
+ of sub-Manifest timestamps.
+
+b. k_f pointed out that the following wording could suggest that
+ a sub-Manifest may not be included in top-level Manifest:
+
+ "The sub-Manifest can also be signed using OpenPGP armored cleartext
+ format. However, the signature verification can be omitted if it is
+ covered by a signed top-level Manifest."
+
+ dilfridge suggested changing it to:
+
+ "However, the signature verification can be omitted since it already
+ is covered by the signed top-level manifest."
+
+c. robbat2 has pointed out an additional use case for additional OpenPGP
+ signatures and timestamp entries. They could be use to make
+ the sub-Manifest e.g. in metadata/glsa a valid top-level Manifest
+ so that it could be used stand-alone with partial checkout,
+ e.g. purely for GLSA tooling.
+
+d. k_f has pointed out that the compression of top-level Manifest should
+ be forbidden to prevent exploiting the compressor, since
+ the signature is included inside the compressed file and therefore
+ the compressed content is not verified.
+
+e. slyfox has suggested getting an additional review from security@.
+
+Motion:
+
+ Pre-approve GLEP 74 given changes b.+d. listed above, and give green
+ light for Infra testing
+
+7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+
+7. EAPI 7 feature/spec pre-approval
+===================================
+The Council has iterated over all the items suggested in EAPI 7.
+The following table lists all the votes that have taken place, grouped
+whenever the Council has been voting on multiple items.
+
+ Feature Y N A Result
+ =============================================== = = = ================
+ Runtime-modifiable USE flags (IUSE_RUNTIME) 7 0 0 accepted
+ Automatic enforcing of REQUIRED_USE (GLEP 73) 2 2 3 rejected
+ BDEPEND + BROOT, SYSROOT (cross-compile bits) 7 0 0 accepted
+ Profile-defined unsetting of vars (ENV_UNSET) 7 0 0 accepted
+ Sandbox path removal (rm* analogs to add*) 4 0 3 accepted
+ Version manipulation & comparison commands 7 0 0 accepted
+ ----------------------------------------------- - - - ----------------
+ Directory support for profiles/package.mask
+ Directory support for profile files 6 0 1 accepted
+ ----------------------------------------------- - - - ----------------
+ ||= dependency groups (binding at build time) 4 0 3 accepted
+ ----------------------------------------------- - - - ----------------
+ nonfatal as a function and an external command
+ die works in a subshell/subcommand 7 0 0 accepted
+ ----------------------------------------------- - - - ----------------
+ Require bash 4.3 1 1 5 rejected
+ Empty || ?? groups do not count as matched x x x accepted [a]
+ Remove trailing slash from {,E}ROOT and {,E}D 6 0 1 accepted
+ ----------------------------------------------- - - - ----------------
+ Require GNU patch 2.7
+ Require einfo & co not to pollute stdout
+ Make domo install to /usr instead of DESTTREE
+ Ban package.provided in profiles
+ Ban PORTDIR and ECLASSDIR variables
+ Ban DESTTREE and INSDESTTREE variables
+ Ban dohtml function
+ Ban dolib and libopts commands 7 0 0 accepted
+ =============================================== = = = ================
+
+[a]. The feature has been already accepted on the previous meeting.
+
+
+8. Open bugs with Council involvement
+=====================================
+The bugs covered by other agenda items were omitted from this point.
+
+a. #587226 "[PATCH] PMS: Clarify/specify when and how to store
+ the slot/sub-slot part for equals slot operator" [3]
+
+ The Council has pointed out that ||= has been approved as a proper
+ fix for EAPI 7.
+
+ Motion: approve the patch in bug #587226
+
+ 0 yes, 5 no, 2 abstained -- motion did not pass
+
+b. #634406 "larrythecow.org potentially(?) profiting off of Gentoo
+ mascot's name." [4]
+
+ The Council has pointed out that it's not Council territory.
+
+ Motion: un-CC from bug #634406
+
+ 7 yes, 0 no, 0 abstained -- motion passed unanimously
+
+c. #629554 "HPPA arch stabilization problem" [5]
+
+ The Council debated between closing it as solved or deferring
+ to continue monitoring the situation:
+
+ Motion: Close bug #629554 as fixed
+
+ 4 yes, 1 no, 2 abstained -- motion passed
+
+
+9. Open floor
+=============
+
+The floor has been opened at 20:28 UTC. During the open floor, dwfreed
+asked for rationale on banning dolib. No other topics were raised.
+
+
+The meeting has been concluded at 20:35 UTC.
+
+
+References
+==========
+[1]:https://bugs.gentoo.org/634100
+[2]:https://archives.gentoo.org/gentoo-dev/message/682618f6d1cf4d63b30577cb1e9bd269
+[3]:https://bugs.gentoo.org/587226
+[4]:https://bugs.gentoo.org/634406
+[5]:https://bugs.gentoo.org/629554
diff --git a/meeting-logs/20171112-summary.txt.asc b/meeting-logs/20171112-summary.txt.asc
new file mode 100644
index 0000000..2a11f90
--- /dev/null
+++ b/meeting-logs/20171112-summary.txt.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEbbsHzE8NrQbqCv5BsHoa6u+0Rk4FAloL7spfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZE
+QkIwN0NDNEYwREFEMDZFQTBBRkU0MUIwN0ExQUVBRUZCNDQ2NEUACgkQsHoa6u+0
+Rk6XfBAAyHM6XD/B15wYdaSDiUYq56FNPy98o33/aut1zWVDnAhtsjIE9MNcHEnI
+flsG6e7MLRxbqKoDh8svUArsOQnIuV8ekx+yUJmILeAhd7JnUg96+IVKr43BM+2f
+vCSNoWeV8Y6bp126039NHJPBlCCrtUbUcBeC6rZnY611rs9M7JFDENLIM9vbIchm
+3ku96CtgfEBZm+/9sEVhJtU/SM3xBqDPqdQ6gF5EYDA0/tq4QA0oOwx6Ja5rjg+R
+YKNNUYosabLa0cfqZr9NvE3QhfJ1diZBt4PupLHOzNHS66TQznhUdO3dxiMguOiQ
+/Dy3s3L77EEmulQZlwtu5u3/Tgw5B4LpxFXOkI//LirFdOCUNR/edWITHe8KoK9y
+EwbQBU4KCKuKJUAn+j9/deV2QvquU3Sz2Bnw+5SHmpkwycMwngcm3SXI/5lSCU/T
+J3h8t2rkd4OaCQmr3si+6RowJmzIifnATqhpRhE2to133HiX5s9JNR362v5R0WOy
+8JcIVQ+2Mjm7wZfoo+xldzaSTiN9yalnhSbTG7S+Cu1I1AV/XKJOlv2jem18btcQ
+1lLdYso6s3f/49lfmUirVm16+X6aIF8B1sooDVz54EIua8gKKdVLGlCCyphDGORS
+DQhpskjcsnfxfLXpULIDyATmpK2/1/XQLHopXb9L2kryFUzN4CY=
+=Zp+C
+-----END PGP SIGNATURE-----