summaryrefslogtreecommitdiff
blob: 0d4db733911d7261851fcb9523f17979fac59df9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
Jun 09 15:08:10 <blueness>	dberkholz, dilfridge radhermit ulm rich0 WilliamH lets start
Jun 09 15:08:21 <blueness>	the agenda is at http://dpaste.com/17W6BG8
Jun 09 15:08:38 <blueness>	roll call: rich0 and WilliamH missing (or late if they show up)
Jun 09 15:08:55 <blueness>	the first item is brought to us by mgorny 
Jun 09 15:09:01 <blueness>	Project Members Without Wiki Accounts
Jun 09 15:09:09 <blueness>	https://archives.gentoo.org/gentoo-project/message/9ee60ed0bdb532d63e9fd535a48c864a
Jun 09 15:09:42 <blueness>	so right now the wiki migration is being held up by developers/contributors that don't have accounts on the wiki
Jun 09 15:09:44 <dilfridge>	two independent problems
Jun 09 15:09:53 <dilfridge>	1) developers who are too lazy to sign up
Jun 09 15:09:59 <dilfridge>	2) non-developers
Jun 09 15:10:01 <blueness>	mgorny asked infra to track them and infra said "meh"
Jun 09 15:10:22 <blueness>	dilfridge, yeah that was my first thought, how do we track "contributors"
Jun 09 15:10:32 <ulm>	formally, non-developers aren't project members
Jun 09 15:10:36 <ulm>	so no problem there
Jun 09 15:10:48 <dilfridge>	1) is kinda silly. imho just make it a recruitment requirement, and hard-require it.
Jun 09 15:10:57 <dilfridge>	2), well ulm said it already
Jun 09 15:10:59 <ulm>	wasn't possible to add users to projects in gorg either
Jun 09 15:11:08 <dberkholz>	on the developer note i'd just tend to have someone on the wiki or infra team create a login and random password, and drop it in their homedir
Jun 09 15:11:16 <dberkholz>	for existing devs who haven't yet signed up
Jun 09 15:11:18 <dilfridge>	dberkholz++
Jun 09 15:11:29 <blueness>	dilfridge, okay we can make that a recruitment criterion going forward but what about lazy developers now?
Jun 09 15:11:36 <radhermit>	yes we should
Jun 09 15:11:48 <blueness>	dberkholz, sounds good to me
Jun 09 15:11:50 <dilfridge>	as dberkholz said, assuming that infra can automate it if there are too many lazies
Jun 09 15:12:06 <ulm>	just have infra create the wiki acccount, along with with link to the wiki login in ldap
Jun 09 15:12:18 <blueness>	dilfridge, i think the ldap will say who has accounts and who doesn't
Jun 09 15:12:26 <dberkholz>	do we have any clue as to the scope of this problem? are we really just talking about 1 person without mentioning names?
Jun 09 15:12:26 *	WilliamH is here
Jun 09 15:12:39 <dilfridge>	(the devs also need to link their account to ldap, not sure how complex that is from infra side. a3li?)
Jun 09 15:12:49 <blueness>	hi WilliamH agenda at http://dpaste.com/17W6BG8 - we're on the wiki issue
Jun 09 15:13:22 <ulm>	dilfridge: that's simple one entry, gentooWikiUser
Jun 09 15:13:34 <a3li>	no automation for creating accounts, no automation for setting user available.
Jun 09 15:13:34 <blueness>	dilfridge, okay how about this for action, if we want infra to act on this, we reopen the bug and ask them to automate the addition of lame devs?
Jun 09 15:13:47 <blueness>	a3li, thanks for that
Jun 09 15:13:55 <dilfridge>	a3li: do you know how many "lame devs" exist? (no wiki account)
Jun 09 15:14:06 <blueness>	a3li, or even if you can give us a list
Jun 09 15:14:12 <a3li>	certainly
Jun 09 15:15:05 <blueness>	hmmm ... should we reopn the bug and attach the list of names?
Jun 09 15:15:18 <blueness>	then mgorny can go "hunt them down"?
Jun 09 15:15:22 <ulm>	it would also help if the wiki login name was identical to the normal nick
Jun 09 15:15:29 <ulm>	but I think mediawiki doesn't allow all-lowercase for some stupid reason
Jun 09 15:15:48 <a3li>	the solution for this, as I have stated elsewhere is some sort of SSO, that's planned but not ETA-able
Jun 09 15:15:51 <jmbsvicetto>	ulm: projects in gorg could have users as members
Jun 09 15:15:57 <a3li>	jmbsvicetto: negative.
Jun 09 15:16:13 <blueness>	a3li, SSO?
Jun 09 15:16:27 <a3li>	https://dpaste.de/BTcv is the list w/status
Jun 09 15:16:32 <a3li>	blueness: single sign on gentoo.org wide
Jun 09 15:17:06 <blueness>	ah yes
Jun 09 15:17:20 <blueness>	mgorny, are you here?
Jun 09 15:17:31 <WilliamH>	That would be the slickest way to go eventually a3li
Jun 09 15:17:34 <ulm>	a3li: "no user in ldap" means gentooWikiUser unassigned?
Jun 09 15:17:39 <a3li>	as you can see, plenty of devs that need fixing. I don't agree with that being dumped onto infra/wiki which means me.
Jun 09 15:17:53 <a3li>	ulm: yes
Jun 09 15:18:04 <dberkholz>	a3li: any other suggestions?
Jun 09 15:18:08 <blueness>	a3li, let's see if someone else will go tracking these devs down
Jun 09 15:18:37 <a3li>	my stance is that people unwilling to sign up have to live with the fact they're not listed as project members
Jun 09 15:19:04 <ulm>	that's about 50 users that need fixing
Jun 09 15:19:05 <blueness>	a3li, hmmm ... if that's the only fallout, the maybe you're right
Jun 09 15:20:28 <dilfridge>	ok, so basically, for the lazy devs, the only fallout is that they are seen as lazy. (and "not listed as project member" == "not a project member", relevant i.e. for lead elections)
Jun 09 15:20:59 <blueness>	actually can a dev not be part of any team?
Jun 09 15:21:09 <dilfridge>	fine with me, and if anyone wants to start annoying them, fine too
Jun 09 15:21:15 <dilfridge>	sure
Jun 09 15:21:25 <WilliamH>	blueness: Yes, afaik you don't have to be part of any projectts.
Jun 09 15:21:32 <WilliamH>	blueness: projects *
Jun 09 15:21:53 <dilfridge>	imagine you're only maintaining a few packages, sci-exobiology/tribble etc
Jun 09 15:22:08 <blueness>	dilfridge, i'm thinking maybe i will jsust email gentoo-dev@ and then those particular devs and state the consequences and leave it at that
Jun 09 15:22:18 <dilfridge>	yeah
Jun 09 15:22:36 <dilfridge>	about contributing users
Jun 09 15:22:55 <dilfridge>	that is a bit different since these might want to get some sort of acknowledgment
Jun 09 15:23:00 <jmbsvicetto>	dilfridge / blueness: doing the "devil's advocate" role here, there is nothing in our rules that states that for one to be a member of a project one needs a wiki account
Jun 09 15:23:19 <jmbsvicetto>	Also, why should we force developers have wiki accounts when we don't force anyone to have a forums account?
Jun 09 15:23:25 <dilfridge>	jmbsvicetto: listed on the project page as member?
Jun 09 15:23:36 <blueness>	jmbsvicetto, pragrmatics!  we'll just amke it part of our resolution to close that loop hole :P
Jun 09 15:23:47 <blueness>	forums are different
Jun 09 15:23:50 <jmbsvicetto>	dilfridge: basically we're saying that one isn't a member of a project if they aren't listed in the project page
Jun 09 15:24:06 <dilfridge>	yes, since the list has to be somewhere
Jun 09 15:24:38 <dberkholz>	jmbsvicetto: because the wiki is a source of truth, the forums are just an area for Q&A
Jun 09 15:24:49 <jmbsvicetto>	blueness: ok, let me give another example: so we have no elections project and no one running the upcoming council election because I didn't "bother" migrating a working project space from gorg to the wiki?
Jun 09 15:25:12 <jmbsvicetto>	You know that in the limit we (me?) could just say: "enough" and let others deal with the fallout ;)
Jun 09 15:25:45 <blueness>	jmbsvicetto, where is the authoritative list of people on projects?
Jun 09 15:25:55 <dilfridge>	jmbsvicetto: it's been migrated, sadly you're not on the list :P
Jun 09 15:25:56 <radhermit>	personally I don't see the big deal about being listed in the wiki as a project member or not since most (all?) that matter have email aliases
Jun 09 15:25:58 <jmbsvicetto>	blueness: it was in the project pages = xml pages
Jun 09 15:26:16 <dilfridge>	https://wiki.gentoo.org/wiki/Project:Elections
Jun 09 15:26:17 <radhermit>	members that care will watch and respond to the alias
Jun 09 15:26:24 <blueness>	jmbsvicetto, but some of the xml pages are out of syn with the wiki
Jun 09 15:26:33 <jmbsvicetto>	blueness: now with the move to the wiki, we're imposing a rule that didn't exist before and telling anyone not willing to work with the wiki to go sit in a corner and play alone
Jun 09 15:26:57 <jmbsvicetto>	dilfridge: I have a wiki account, I just didn't migrate the page
Jun 09 15:27:22 <jmbsvicetto>	dilfridge: that means maffblaster must have done it. I need to thank him
Jun 09 15:27:24 <blueness>	jmbsvicetto, but which page is authoritative in linking members of a project?
Jun 09 15:27:29 <dilfridge>	yes, and a couple of people have been working hard to move the content since gorg will go offline...
Jun 09 15:27:33 <jmbsvicetto>	blueness: To me that's the argument
Jun 09 15:28:02 <blueness>	well mgorny brought this forward, so is here here?
Jun 09 15:28:06 <jmbsvicetto>	blueness: GLEP39 and existing rules said it was the project page in the web space (xml/htdocs/proj/en)
Jun 09 15:28:32 <blueness>	i don't want ot argue for him, but he might say that this is keeping up the wiki migration
Jun 09 15:28:59 <dilfridge>	quoting from GLEP39, current version:
Jun 09 15:29:02 <dilfridge>	"Any dev may create a new project just by creating a new project page on the wiki.gentoo.org (see Gentoo_Wiki:Developer_Central/Project_pages) and sending a Request For Comments (RFC) e-mail to gentoo-dev."
Jun 09 15:29:06 <jmbsvicetto>	dilfridge: my complaint was that I was being forced to do work I didn't ask for, that I actually liked xml and don't like wiki markup and that I was being told it was my problem to do the migration (even though I had a working project page and didn't change anything on my side)
Jun 09 15:29:15 <blueness>	heh, glep 39 is a wiki page now :)
Jun 09 15:29:23 <jmbsvicetto>	enough "devil's advocate" on my part. I'll let you continue the meeting
Jun 09 15:29:31 <dilfridge>	I dont like to work with cvs either, but infra is forcing me to continue doing that...
Jun 09 15:29:51 <blueness>	jmbsvicetto, thanks for the countervailing view
Jun 09 15:30:12 *	WilliamH agrees about cvs
Jun 09 15:30:25 <jmbsvicetto>	dilfridge: that means someone updated GLEP39 without a vote (which as stated before by earlier councils was not viewed as ok)
Jun 09 15:31:06 <ulm>	jmbsvicetto: IIRC it was discussed in mailing lists
Jun 09 15:31:07 <blueness>	okay what does the rest of the council want to do with this? 
Jun 09 15:31:11 <jmbsvicetto>	dilfridge: yeah, but cvs is "status quo", not a change forced on you ;)
Jun 09 15:31:41 <dilfridge>	well, I dont have any luck yet making the same argument about git :)
Jun 09 15:33:16 <blueness>	how about this: 'in light of the migration to the gentoo wiki for our projects, the council strongly encourages project members to sign up for a wiki account so that they can be listed as members of their projects.  failure to do so will not disqualify you as a project member, but it does make accounting for membership on projects difficult"
Jun 09 15:33:36 <blueness>	i can sent that to gentoo-dev@g.o and to the lame members individually
Jun 09 15:33:55 <blueness>	we can ask infra to just monitor the situation but not overburdon themselves
Jun 09 15:34:01 <dilfridge>	then we have to say somehow where the definitive member list can be found
Jun 09 15:34:21 <blueness>	dilfridge, i don't think we can really, there two sets of pages are out of sync
Jun 09 15:34:40 <WilliamH>	The xml stuff is going away farely soon too isn't it?
Jun 09 15:34:49 <blueness>	WilliamH, that was my understanding yse
Jun 09 15:35:06 <a3li>	most of the xml stuff doesn't even render. the old version of the website will be shut down end of the month
Jun 09 15:35:08 <dilfridge>	so it's kinda pointless if someone is only listed there
Jun 09 15:35:25 <blueness>	a3li, thanks
Jun 09 15:36:00 <WilliamH>	So the authoritative list has to be the wiki
Jun 09 15:36:09 <blueness>	i can add that to the email
Jun 09 15:37:15 <blueness>	i don't think chairs can make a motion (robert's rules) .... does someone care to motion something?
Jun 09 15:38:15 <dilfridge>	???
Jun 09 15:38:20 <radhermit>	I don't think we're usually that formal
Jun 09 15:38:24 <dilfridge>	who's robert?
Jun 09 15:38:28 <blueness>	lol okay
Jun 09 15:39:04 <jmbsvicetto>	blueness: replace infra with wiki-admins
Jun 09 15:39:05 <blueness>	so then let me make a motion: the council will email gentoo-dev@g.o and encourage developers to sign up for the wiki
Jun 09 15:39:31 <blueness>	jmbsvicetto, okay wiki-admins
Jun 09 15:40:21 <blueness>	okay motion: the council will email gentoo-dev@g.o and encourage developers to sign up for the wiki, and will request the that the wiki admins monitor which devs have not signed up
Jun 09 15:40:26 <jmbsvicetto>	The xml stuff isn't rendered any more - we had to drop gorg. The repo itself doesn't need to be abandoned yet. We could even migrate from cvs to git - to make everyone happy ;) - for historical purposes
Jun 09 15:41:00 <blueness>	dilfridge, dberkholz radhermit rich0 WilliamH ulm can we vote on that motion?
Jun 09 15:41:11 *	ulm yes
Jun 09 15:41:14 *	dilfridge yes
Jun 09 15:41:28 *	radhermit yes
Jun 09 15:41:50 <blueness>	dberkholz, WilliamH vote?
Jun 09 15:42:13 <blueness>	well i vote yes
Jun 09 15:42:50 <blueness>	dberkholz, WilliamH second call for vote.
Jun 09 15:42:50 *	WilliamH yes
Jun 09 15:43:14 <blueness>	okay motion carries, i'll send something out immediately after the meeting
Jun 09 15:43:20 <blueness>	let's move to the next item
Jun 09 15:43:28 <blueness>	Vote on GLEP 65 - Post-Install QA Checks
Jun 09 15:43:36 <blueness>	https://archives.gentoo.org/gentoo-project/message/cd71445e6968d5630161ae72d9c38562
Jun 09 15:43:44 <blueness>	mgorny asks that we vote on GLEP 65.  This GLEP provides a mechanism for running QA
Jun 09 15:43:44 <blueness>	checks on installation image after src_install phase exits.   The glep has been mostly
Jun 09 15:43:44 <blueness>	implemented
Jun 09 15:43:57 *	mgorny just came here
Jun 09 15:44:27 <blueness>	mgorny, do you want to say soemthign about that
Jun 09 15:44:53 <mgorny>	well, long story short it standarizes the old portage behavior
Jun 09 15:45:00 <mgorny>	splits the one ol' big function into separate files
Jun 09 15:45:11 <mgorny>	and allows repositories to provide them instead of embedding all of em in package manager
Jun 09 15:45:47 <mgorny>	i.e. gnome team puts their policies in gentoo repo, so they don't apply to repos where that is undesired
Jun 09 15:45:50 <WilliamH>	I think it is a good idea.
Jun 09 15:45:56 <mgorny>	instead of asking portage team to include them
Jun 09 15:46:09 <dilfridge>	what privileges are used to run them?
Jun 09 15:47:04 <mgorny>	same as src_install()
Jun 09 15:47:07 <mgorny>	i think
Jun 09 15:47:20 <mgorny>	each file is run in a subshell
Jun 09 15:47:36 <dilfridge>	mostly I'm asking, we now slowly move towards requiring ebuilds to be signed somehow, but the scripts are delivered from rsync / ... without any verification
Jun 09 15:47:39 <jmbsvicetto>	mgorny: in my understanding, it also changes the "exposure surface". It used to require commit privileges to the portage repo, now it's anyone with commit privileges to any repo that is used and even local users that are able to gain access to /usr/local
Jun 09 15:48:23 <mgorny>	i think gentoo repo is actually more ACL-limited than portage
Jun 09 15:48:35 <mgorny>	in particular, a few non-devs have commit access to portage
Jun 09 15:49:37 <WilliamH>	I do agree with the concept of separating the qa checks from portage itself...
Jun 09 15:50:10 <ulm>	would be nicer if there was some integrity check
Jun 09 15:50:18 <dilfridge>	I like the idea of a qa check plugin architecture in general, and I also like that a local admin can define local checks
Jun 09 15:50:29 <ulm>	but there are no manifest file in the metadata dir
Jun 09 15:50:44 <dilfridge>	I mean, if you can gain root access in the local machine you can always compromise /etc/bashrc
Jun 09 15:51:44 <dilfridge>	but it makes absolutely no sense to first require (hopefully, soon) signed ebuilds and then run a qa check that's downloaded in the clear and not verified.
Jun 09 15:52:00 <blueness>	do you think we need to bounce this back to have some kind of gpg signing so we can track blame?
Jun 09 15:52:11 <WilliamH>	Hmm
Jun 09 15:52:23 <WilliamH>	I would say that the repo-level is where the issue is...
Jun 09 15:52:38 <dilfridge>	package manager level = verified with portage installation
Jun 09 15:52:46 <dilfridge>	repo level = unsolved problem
Jun 09 15:52:57 <dilfridge>	package level = verified with package installation
Jun 09 15:53:09 <dilfridge>	sysadmin level = it's the sysadmin's problem
Jun 09 15:53:16 <WilliamH>	I would kill the repo level
Jun 09 15:53:19 <ulm>	so, make it a package containing these scripts?
Jun 09 15:53:43 <dilfridge>	why not
Jun 09 15:54:05 <WilliamH>	The pm level itself really doesn't need qa checks...
Jun 09 15:54:20 <dilfridge>	well, that's where they all are now
Jun 09 15:54:29 <WilliamH>	dilfridge: Yes, but they shouldn't be.
Jun 09 15:54:30 <blueness>	dilfridge, can you chair the meeting for 5 mins, someone is at the door
Jun 09 15:54:31 <blueness>	brb
Jun 09 15:54:34 <dilfridge>	ok
Jun 09 15:55:04 <dilfridge>	mgorny: what do you think about dropping repo-level checks and installing them with an ebuild instead?
Jun 09 15:55:07 <WilliamH>	dilfridge: we have some "qa checks" that really shouldn't be "qa checks" imo but that's another topic.
Jun 09 15:55:24 <mgorny>	dilfridge: sounds like major loss
Jun 09 15:55:39 <mgorny>	dilfridge: the point is to have the checks without having to install extra software
Jun 09 15:55:47 <mgorny>	and have them in sync with current repo state
Jun 09 15:55:47 <jmbsvicetto>	As a user / sys admin, I'd suggest that this change be opt-in. I would be really upset if this went live on my systems without me having a say
Jun 09 15:56:00 <dilfridge>	mgorny: yes it's a loss, but it circumvents the entire "verification question"
Jun 09 15:56:22 <ulm>	also it would make opt-in/opt-out trivial
Jun 09 15:56:34 <dilfridge>	jmbsvicetto: why? once the repo level is out, we're talking about another plugin interface to portage
Jun 09 15:56:52 *	WilliamH agrees with dilfridge 
Jun 09 15:57:10 <dilfridge>	I remember you were unhappy with the /usr/local path
Jun 09 15:57:36 <jmbsvicetto>	dilfridge: The thing is that we're making portage run arbitrary code
Jun 09 15:58:07 <jmbsvicetto>	dilfridge: for example, if we want to run code from /usr/local that was installed by an ebuild, I'd expect us to at least check if the hash still matches what the PM generated when installed the file
Jun 09 15:58:14 <mgorny>	how about this, we make infra finally do git migration and files are verified by git
Jun 09 15:58:33 <mgorny>	jmbsvicetto: ebuilds are not supposed to install into /usr/local
Jun 09 15:58:43 <jmbsvicetto>	I don't object to the idea of refactoring this. I think that's a good idea. I'm just asking that more thought related to security is put on this
Jun 09 15:58:49 <mgorny>	portage should refuse that, if it doesn't do that already
Jun 09 15:58:52 <blueness>	back
Jun 09 15:59:05 <WilliamH>	jmbsvicetto: if we kill the repo level checks that takes care of it doesn't it?
Jun 09 15:59:10 <dilfridge>	ok, but... jmbsvicetto, would that objection go away if we dont use /usr/local?
Jun 09 15:59:12 <jmbsvicetto>	mgorny: sorry, /usr/lib I believe is the path you listed for ebuilds. /usr/local is for sys admin scripts, correct?
Jun 09 15:59:33 <dilfridge>	I mean, portage does not check its own files for integrity at startup afaik
Jun 09 15:59:55 <dilfridge>	so if someone compromises the partition where portage lives on, you're dead anyway
Jun 09 16:00:21 <jmbsvicetto>	WilliamH / dilfridge: I can accept repo level checks (one is responsible for using an overlay), but in any case, I'd let the user / sys admin opt-in
Jun 09 16:00:47 <dilfridge>	yeah, but I dont want repo-level checks (without signature verification)
Jun 09 16:01:26 <WilliamH>	jmbsvicetto: the problem with opting in is that, for example, most of the current package manager checks are really gentoo checks, so they would move to repo  level.
Jun 09 16:01:35 <mgorny>	jmbsvicetto: yes
Jun 09 16:01:38 <WilliamH>	jmbsvicetto: then say I don't opt in.
Jun 09 16:01:54 <WilliamH>	jmbsvicetto: now I commit an ebuild to portage.
Jun 09 16:02:07 <radhermit>	then QA assigns bugs to you
Jun 09 16:02:26 <WilliamH>	radhermit: then I close them as "worksforme"
Jun 09 16:02:49 <mgorny>	well, the point of portage performing QA checks is to finally avoid developers committing screwups and QA having to clean up after them
Jun 09 16:02:50 <radhermit>	then I imagine you'd get comrelled after a while :)
Jun 09 16:03:23 <mgorny>	i'd really prefer if we fixed the issues you see rather than killing the whole feature
Jun 09 16:03:35 <jmbsvicetto>	Well, nothing prevent us from making a policy saying that a developer that doesn't opt-in, gets shouted the same as when they use repoman -f ;)
Jun 09 16:03:36 <dilfridge>	not killing
Jun 09 16:04:04 <stanley>	"<mgorny> how about this, we make infra finally do git migration and files are verified by git" this sounds good. quicker, probably quite a bit safer.
Jun 09 16:04:10 <WilliamH>	I would rather just not have repo level checks, make them ebuilds.
Jun 09 16:04:25 <WilliamH>	make a gentoo-qa-checks ebuild that installs the checks.
Jun 09 16:04:31 <dilfridge>	I mean, you could even move the qa checks from portage to a separate package, and make portage depend on that
Jun 09 16:04:39 <dilfridge>	install files in /usr/lib
Jun 09 16:04:48 <radhermit>	that's where I initially thought this was going
Jun 09 16:04:52 <jmbsvicetto>	mgorny: I don't want to kill your proposal. I'd like to see some thought about possible security mitigation options and I'd prefer this GLEP is opt-in. I don't object "forcing" devs to use it or live with the consequences, though
Jun 09 16:05:01 <dilfridge>	that's a noop from security pov
Jun 09 16:05:02 <radhermit>	a snapshotted repo type package
Jun 09 16:05:14 <mgorny>	package kills some of it
Jun 09 16:05:35 <mgorny>	introduces possible mis-syn between repo/ebuilds and checks
Jun 09 16:05:43 <mgorny>	i.e. people with old version installed will see old policies
Jun 09 16:05:50 <mgorny>	+ makes it impossible to control this per-repo
Jun 09 16:05:59 <dilfridge>	mgorny: see it as a lifeline... instead of requiring you to come up with a signature verification framework
Jun 09 16:06:02 <mgorny>	i.e. right now ::foo can disable checks from ::gentoo
Jun 09 16:06:02 <blueness>	okay, does the glep need workign about security? or can we leave that to implementation details, remember we are voting on the glep
Jun 09 16:06:28 <blueness>	if the glep needs work on security then let's bounce it back for rework
Jun 09 16:06:42 <WilliamH>	The implementation shouldn't be a concern for us.
Jun 09 16:06:44 <dilfridge>	defer to lists (sorry)
Jun 09 16:06:52 <dilfridge>	I really like the idea
Jun 09 16:07:19 <blueness>	okay motion to defer further discussion of glep 65 to the lists
Jun 09 16:07:25 <blueness>	ready to vote?
Jun 09 16:07:31 *	dilfridge yes
Jun 09 16:07:39 *	blueness yes
Jun 09 16:08:02 *	dilfridge still thinks the easiest way out would be to just kill repo-level checks, but if that's too hard...
Jun 09 16:08:03 *	ulm yes
Jun 09 16:08:31 <blueness>	WilliamH, dberkholz radhermit vote?
Jun 09 16:08:46 *	radhermit yes
Jun 09 16:08:48 *	WilliamH yes, but with the caviet that if you kill repo-level checks I would approve it as it stands
Jun 09 16:09:14 <blueness>	dberkholz, 
Jun 09 16:09:24 <blueness>	(williamh your caveat is for the lists)
Jun 09 16:09:33 <ulm>	yeah, repo-level checks are the most problematic part
Jun 09 16:09:51 <blueness>	okay the motion carries, dilfridge do you want to start that conversation on the lists please
Jun 09 16:09:58 <dilfridge>	can do
Jun 09 16:10:05 <blueness>	thanks
Jun 09 16:10:23 <mgorny>	do you need my input for any of the earlier topics?
Jun 09 16:10:36 <blueness>	okay we're over time, but if people want ot continue we can
Jun 09 16:10:41 <blueness>	mgorny, nope we're good
Jun 09 16:11:03 <mgorny>	ok
Jun 09 16:11:14 <blueness>	the resolution with the wiki was that i was going to email people encouraging them to sign up for the wiki with THE FULL FORCE OF THE COUNCIL!
Jun 09 16:11:22 <blueness>	(dramatic music0
Jun 09 16:11:33 <blueness>	okay if people can continue, let's look at the last point
Jun 09 16:11:34 <radhermit>	isn't it about election season again anyway?
Jun 09 16:11:40 <dilfridge>	yes
Jun 09 16:11:41 <radhermit>	i.e. that force might not be too strong ;)
Jun 09 16:11:42 <blueness>	radhermit, yes i will contact infra
Jun 09 16:11:45 <jmbsvicetto>	right, I need to talk to you guys about that :P
Jun 09 16:12:02 <jmbsvicetto>	blueness: it's not infra that has been conducting elections :P
Jun 09 16:12:02 <blueness>	jmbsvicetto, later ...next item
Jun 09 16:12:07 <blueness>	Reminder to the Gentoo Foundation
Jun 09 16:12:07 <blueness>	https://archives.gentoo.org/gentoo-project/message/dc9656603171900ed007b6be143c88da
Jun 09 16:12:24 <dilfridge>	short story
Jun 09 16:12:43 <dilfridge>	I think it's rather crappy that the financial reports are missing and our treasurer is awol
Jun 09 16:12:51 <blueness>	*sigh*
Jun 09 16:12:58 <radhermit>	they already donated the funds to fifa... ;)
Jun 09 16:13:02 <dilfridge>	council has no oversight over the foundation
Jun 09 16:13:17 <dilfridge>	but at least we could say "this is wrong, could you please fix it?!"
Jun 09 16:13:18 <blueness>	who is the treasurer?
Jun 09 16:13:28 <dilfridge>	quantumsummers
Jun 09 16:13:34 <blueness>	ah jeez
Jun 09 16:13:46 <radhermit>	has he come up for air recently?
Jun 09 16:13:54 <blueness>	that is a problem, its can lead to the us feds investigating
Jun 09 16:14:08 <blueness>	don't they have to file an lm-3 every year?
Jun 09 16:14:15 <jmbsvicetto>	Have you guys talked to the Trustees?
Jun 09 16:14:30 <dilfridge>	I brought the item up some time ago on the nfp mailing list.
Jun 09 16:15:07 <dilfridge>	https://archives.gentoo.org/gentoo-nfp/message/d1c9e1691ebc3375ae25b5549dea7bed
Jun 09 16:16:29 <blueness>	dilfridge, what should we do about it?
Jun 09 16:16:37 <dilfridge>	motion:
Jun 09 16:17:03 <ulm>	strictly speaking, this is not an issue for the council
Jun 09 16:17:23 <dilfridge>	"The council would like to remind the Gentoo Foundation trustees that financial reporting is overdue. Please take your job serious."
Jun 09 16:17:56 <jmbsvicetto>	dilfridge: I think that wording from council about the Trustees is not appropriate
Jun 09 16:18:25 <dilfridge>	it's more appropriate than 2 years of missing financial reports
Jun 09 16:18:26 <jmbsvicetto>	dilfridge: Imagine if the Trustees decide to take a similar stance about something they consider the Council has been failing or missing
Jun 09 16:18:31 <blueness>	dilfridge, s/overdue/ grossly overdue/
Jun 09 16:18:48 <blueness>	i wonder if there are legal ramifications
Jun 09 16:19:07 <dilfridge>	well, this discussion here is now in the published council meeting logs.
Jun 09 16:19:30 <ulm>	the council should be careful not to overstep its area of responsibility
Jun 09 16:19:39 <ulm>	so I'm against any motion on this
Jun 09 16:20:14 <ulm>	it's o.k. if any council member reminds them, but IMHO this cannot be a council vote
Jun 09 16:20:26 <blueness>	ulm, i'm not so sure.  that motion can be reworded so that it reflect our judgment of the matter
Jun 09 16:20:38 <blueness>	"the council is gravely concerned"
Jun 09 16:20:59 <blueness>	so we're not telling them what to do so much as reflecting our response to this sitaution
Jun 09 16:21:06 <blueness>	this is not outside of our responsibilities
Jun 09 16:21:20 <blueness>	the foundation can ignore us, or whatever
Jun 09 16:21:25 <dilfridge>	there's a time to be diplomatic, and if nothing happens, there's a time to be blunt
Jun 09 16:22:26 <jmbsvicetto>	blueness: "please take your job serious", in my view as a Gentoo developer and foundation member is a gross overstep of council responsability (but that's just me)
Jun 09 16:22:40 <blueness>	dilfridge, may i suggest ... "The council is gravely concerned that the Gentoo Founcation is two years of financial reports and would urge the Foundation to look into this matter as it may have negative consequences for the entire gentoo community."
Jun 09 16:23:07 <blueness>	s/is/is missing/
Jun 09 16:23:27 <dilfridge>	sounds much better, let me just verify the two years oncemore
Jun 09 16:23:57 <dilfridge>	https://wiki.gentoo.org/wiki/Foundation:Gentoo_Foundation_Finances
Jun 09 16:23:59 <dilfridge>	yep
Jun 09 16:24:14 <ulm>	s/the council is/council members are/
Jun 09 16:25:20 <blueness>	ulm, even better thanks for correcting my native english (<-not sarcasm!)
Jun 09 16:25:39 <blueness>	(native speaker are so sloppy!)
Jun 09 16:26:02 <blueness>	dilfridge, are you okay with the above wording?
Jun 09 16:26:08 <dilfridge>	"The council members are gravely concerned that the Gentoo Founcation is missing two years of financial reports and would urge the Foundation to look into this matter as it may have negative consequences for the entire gentoo community."
Jun 09 16:26:09 <dilfridge>	yep
Jun 09 16:26:19 <dilfridge>	fine with me
Jun 09 16:26:35 <blueness>	let's endorse it with a vote
Jun 09 16:26:37 *	blueness yes
Jun 09 16:26:38 <mgorny>	also the pdf links are dead :P
Jun 09 16:26:43 *	dilfridge yes
Jun 09 16:26:59 *	ulm yes
Jun 09 16:27:55 <blueness>	dberkholz, radhermit WilliamH  vote
Jun 09 16:28:21 <dberkholz>	yes
Jun 09 16:28:55 <blueness>	radhermit WilliamH  vote last chance
Jun 09 16:29:27 <blueness>	okay moton passes
Jun 09 16:29:52 <blueness>	dilfridge, do you want to do this one too, not to overburden you with work but you've already been pursuing it
Jun 09 16:30:12 <blueness>	but i can do it if you don't care to
Jun 09 16:30:25 <dilfridge>	not sure what's there to do
Jun 09 16:30:39 <dilfridge>	send a copy of our summary to -nfp?
Jun 09 16:31:14 <blueness>	dilfridge, okay let me just email them alerting their attention
Jun 09 16:31:18 <dilfridge>	ok
Jun 09 16:31:26 <blueness>	i just want to make sure they see the statement
Jun 09 16:31:35 <blueness>	i'll take care of it
Jun 09 16:31:50 <blueness>	okay two more ...
Jun 09 16:31:59 <blueness>	 Bug 503382 Missing summaries for 20131210, 20140114, and 20140225 council meetings
Jun 09 16:31:59 <blueness>	https://bugs.gentoo.org/show_bug.cgi?id=503382
Jun 09 16:32:01 <willikins>	blueness: https://bugs.gentoo.org/503382 "Missing summaries for 20131210, 20140114, and 20140225 council meetings"; Doc Other, Project-specific documentation; CONF; ulm:council
Jun 09 16:32:11 <blueness>	radhermit, i think you just added a summary right?
Jun 09 16:32:48 <blueness>	oh wait those are from 10 Dec 2013, 14 Jan 2014, and 25 Feb 2014 
Jun 09 16:32:52 <blueness>	dberkholz, ^^^^
Jun 09 16:33:46 <dilfridge>	14 Jan 2014 is done
Jun 09 16:34:22 <blueness>	 2013-12-10 this one looks done
Jun 09 16:34:23 <dberkholz>	they're mostly done
Jun 09 16:34:42 <blueness>	 2014-02-25 is pending
Jun 09 16:34:47 <dberkholz>	it's 0225 that isn't. i need to sit down and read through the whole meeting log and agenda, and count votes, and turn that into a summary.
Jun 09 16:34:54 <ulm>	20131210-summary.txt looks like the agenda
Jun 09 16:35:01 <ulm>	not like the summary
Jun 09 16:35:12 <blueness>	dberkholz, okay update the bug please
Jun 09 16:35:41 <blueness>	(for the next council)
Jun 09 16:35:45 <dberkholz>	weird, thought i did that.
Jun 09 16:36:01 <blueness>	no problem, just so we don't keep coming back to it
Jun 09 16:36:10 <ulm>	dberkholz: https://projects.gentoo.org/council/meeting-logs/20131210-summary.txt
Jun 09 16:36:16 <blueness>	okay one last point before open floor.
Jun 09 16:36:37 <blueness>	what should i put for last month, we really didn't have a meeting, so i think i'll just state that in a summary
Jun 09 16:36:39 <ulm>	there's also bug 545184 with council in CC
Jun 09 16:36:41 <willikins>	ulm: https://bugs.gentoo.org/545184 "Please stop removing last stable media-libs/libsdl"; Gentoo Linux, Games; CONF; mgorny:qa
Jun 09 16:37:07 <jmbsvicetto>	blueness: before you finish, can you please give me 2 minutes about the election?
Jun 09 16:37:47 <blueness>	jmbsvicetto, yes at the beginning of the open floor
Jun 09 16:38:03 <blueness>	ulm, sounds like the drama was resolved
Jun 09 16:38:13 <ulm>	yes, rich0 has summarised it will in comment 7
Jun 09 16:38:15 <ulm>	*well
Jun 09 16:38:26 <ulm>	so remove council from cc?
Jun 09 16:38:40 <blueness>	yeah i'll do it
Jun 09 16:38:57 <dilfridge>	yeah. the whole issue is still somehow in an unstable superposition of opinions, but there's no solution
Jun 09 16:39:24 <blueness>	ulm, okay i removed us from the cc
Jun 09 16:39:52 <blueness>	dilfridge, i really don't want to judge on that stuff right now
Jun 09 16:40:00 <dilfridge>	me neither.
Jun 09 16:40:00 <blueness>	let's have them discuss it more
Jun 09 16:40:03 <dilfridge>	++
Jun 09 16:40:23 <blueness>	okay so last month's summary, there really wasn't a meeting so i'll just state that in the summary section
Jun 09 16:40:49 <blueness>	unless others want to see more, but i don't know what more to state except just some chatter
Jun 09 16:40:56 <dilfridge>	just make sure to note that enough members were in attendance :)
Jun 09 16:41:03 <blueness>	dilfridge, good point
Jun 09 16:41:18 <blueness>	okay i'll do that and a short log to verify
Jun 09 16:41:25 <blueness>	finally open floor ... jmbsvicetto you're up!
Jun 09 16:41:55 <jmbsvicetto>	ok
Jun 09 16:42:12 <jmbsvicetto>	So, this is last year's email thread: http://thread.gmane.org/gmane.linux.gentoo.project/3730
Jun 09 16:42:26 <jmbsvicetto>	Taking that into account, this is my suggestion:
Jun 09 16:42:32 <jmbsvicetto>	nominations: 13 June - 26 June
Jun 09 16:42:32 <jmbsvicetto>	voting: 28 June - 11 July
Jun 09 16:42:33 <jmbsvicetto>	results: after 12 July
Jun 09 16:42:57 <jmbsvicetto>	I plan to send an email later today / tomorrow about the election and calling for election officials
Jun 09 16:43:06 <blueness>	works for me
Jun 09 16:43:09 <radhermit>	blueness: yes, my summaries are done
Jun 09 16:43:16 <dilfridge>	sounds good
Jun 09 16:43:37 <jmbsvicetto>	I plan to be an election official for this election. If I can't find anyone else for doing the infra side and enough people are willing to be officials, I can do the infra side
Jun 09 16:44:00 <blueness>	jmbsvicetto, i don't even know if there is a rule for this
Jun 09 16:44:16 <blueness>	ie for who runs the election, infra has usually done it
Jun 09 16:44:17 <dilfridge>	I guess an official cannot be nominated :P
Jun 09 16:44:26 <jmbsvicetto>	We try to split the jobs: election official and infra contact
Jun 09 16:44:29 <mgorny>	just make sure not to submit the secret files this time ;P
Jun 09 16:44:34 <dilfridge>	heh
Jun 09 16:44:36 <creffett|irssi>	jmbsvicetto: I'll happily be another official, though after last year's debacle I'm not sending any emails
Jun 09 16:44:46 <jmbsvicetto>	blueness: no. As I've said, the elections team (me and others) have been doing it since 2008
Jun 09 16:45:25 <jmbsvicetto>	blueness: The infra contact deploys the election in woodpecker and collects the votes, but it's the election officials that have been running elections since 2008
Jun 09 16:45:37 <blueness>	jmbsvicetto, okay
Jun 09 16:45:39 <jmbsvicetto>	creffett|irssi: ok :)
Jun 09 16:46:15 <jmbsvicetto>	_robbat2|irssi: ^^ Are you willing to do the infra side?
Jun 09 16:46:31 <jmbsvicetto>	_robbat2|irssi: sorry, to give you context, are you willing to be the infra contact for this year's council election?
Jun 09 16:48:09 <jmbsvicetto>	I believe Robin is afk, so we'll have to wait for his answer. In any case, I'll send an email and see if I can find more people to run the election
Jun 09 16:48:25 <blueness>	okay is there anything more?
Jun 09 16:49:17 <blueness>	dberkholz, dilfridge, radhermit, ulm, williamh: if there is no more business, the meeting is over