Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/meeting-logs/20171112-summary.txt
blob: af6e12011edf28e5369004a2ab88dbee0721c549 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

The Gentoo Council Meeting was held on Sunday 2017-11-12 at 18:00 UTC
in the #gentoo-council channel on Freenode.


1. Roll call
============
Present: dilfridge, k_f, mgorny, slyfox, tamiko, ulm, williamh
Absent:  (none)


2. Status of old GLEPs [1]
==========================
Motion:

  a. mark Final:

    59 Acce 2008-10-22 Manifest2 hash policies and security implications

  b. mark Moribund:

     7 Fina 2003-07-06 New ombudsman position
     8 Fina 2003-07-02 Adopt-A-Developer
    36 Fina 2004-11-11 Subversion/CVS for Gentoo Hosted Projects

7 yes, 0 no, 0 abstained -- motion passed unanimously

Notes:

a. The following GLEP was left Final since there seems to be some
   activity around the topic:

     6 Fina 2003-07-02 Gentoo Linux monthly bug day

b. The state of the following GLEP has not been discussed as security@
   team indicated that they are planning an update:

    14 Acce 2003-08-18 security updates based on GLSA


3. GLEP 66 (Gentoo git workflow)
================================
Motion: mark GLEP 66 Final

7 yes, 0 no, 0 abstained -- motion passed unanimously


4. GLEP 65 (Post-install QA checks)
===================================
Motion:

  Mark GLEP 65 Accepted, pending Final when tree-signing is implemented

7 yes, 0 no, 0 abstained -- motion passed unanimously


5. manifest-hashes
==================
After a lively debate, the Council has voted on the following motion:

  Change manifest-hashes to 'BLAKE2 SHA512' according to the plan in [2]
  with the exception that the Council will vote on removing SHA512 later

7 yes, 0 no, 0 abstained -- motion passed unanimously

Notes:

a. The Council argued that the 36 month period for dropping SHA512
   should not be set in stone. Instead, the Council should vote on doing
   that when it makes sense to proceed.

b. slyfox has suggested getting an additional review from security@.


6. GLEP 74 (Full-tree verification using Manifest files)
========================================================
During the debate the following issues were pointed out:

a. dilfridge has pointed out that the TIMESTAMP tag description
   is unclear it is allowed in sub-Manifests, and what is the meaning
   of sub-Manifest timestamps.

b. k_f pointed out that the following wording could suggest that
   a sub-Manifest may not be included in top-level Manifest:

    "The sub-Manifest can also be signed using OpenPGP armored cleartext
    format. However, the signature verification can be omitted if it is
    covered by a signed top-level Manifest."

   dilfridge suggested changing it to:

    "However, the signature verification can be omitted since it already
    is covered by the signed top-level manifest."

c. robbat2 has pointed out an additional use case for additional OpenPGP
   signatures and timestamp entries. They could be use to make
   the sub-Manifest e.g. in metadata/glsa a valid top-level Manifest
   so that it could be used stand-alone with partial checkout,
   e.g. purely for GLSA tooling.

d. k_f has pointed out that the compression of top-level Manifest should
   be forbidden to prevent exploiting the compressor, since
   the signature is included inside the compressed file and therefore
   the compressed content is not verified.

e. slyfox has suggested getting an additional review from security@.

Motion:

  Pre-approve GLEP 74 given changes b.+d. listed above, and give green
  light for Infra testing

7 yes, 0 no, 0 abstained -- motion passed unanimously


7. EAPI 7 feature/spec pre-approval
===================================
The Council has iterated over all the items suggested in EAPI 7.
The following table lists all the votes that have taken place, grouped
whenever the Council has been voting on multiple items.

  Feature                                         Y N A Result
  =============================================== = = = ================
  Runtime-modifiable USE flags (IUSE_RUNTIME)     7 0 0 accepted
  Automatic enforcing of REQUIRED_USE (GLEP 73)   2 2 3 rejected
  BDEPEND + BROOT, SYSROOT (cross-compile bits)   7 0 0 accepted
  Profile-defined unsetting of vars (ENV_UNSET)   7 0 0 accepted
  Sandbox path removal (rm* analogs to add*)      4 0 3 accepted
  Version manipulation & comparison commands      7 0 0 accepted
  ----------------------------------------------- - - - ----------------
  Directory support for profiles/package.mask
  Directory support for profile files             6 0 1 accepted
  ----------------------------------------------- - - - ----------------
  ||= dependency groups (binding at build time)   4 0 3 accepted
  ----------------------------------------------- - - - ----------------
  nonfatal as a function and an external command
  die works in a subshell/subcommand              7 0 0 accepted
  ----------------------------------------------- - - - ----------------
  Require bash 4.3                                1 1 5 rejected
  Empty || ?? groups do not count as matched      x x x accepted [a]
  Remove trailing slash from {,E}ROOT and {,E}D   6 0 1 accepted
  ----------------------------------------------- - - - ----------------
  Require GNU patch 2.7
  Require einfo & co not to pollute stdout
  Make domo install to /usr instead of DESTTREE
  Ban package.provided in profiles
  Ban PORTDIR and ECLASSDIR variables
  Ban DESTTREE and INSDESTTREE variables
  Ban dohtml function
  Ban dolib and libopts commands                  7 0 0 accepted
  =============================================== = = = ================

[a]. The feature has been already accepted on the previous meeting.


8. Open bugs with Council involvement
=====================================
The bugs covered by other agenda items were omitted from this point.

a. #587226 "[PATCH] PMS: Clarify/specify when and how to store
   the slot/sub-slot part for equals slot operator" [3]

   The Council has pointed out that ||= has been approved as a proper
   fix for EAPI 7.

   Motion: approve the patch in bug #587226

   0 yes, 5 no, 2 abstained -- motion did not pass

b. #634406 "larrythecow.org potentially(?) profiting off of Gentoo
   mascot's name." [4]

   The Council has pointed out that it's not Council territory.

   Motion: un-CC from bug #634406

   7 yes, 0 no, 0 abstained -- motion passed unanimously

c. #629554 "HPPA arch stabilization problem" [5]

   The Council debated between closing it as solved or deferring
   to continue monitoring the situation:

   Motion: Close bug #629554 as fixed

   4 yes, 1 no, 2 abstained -- motion passed


9. Open floor
=============

The floor has been opened at 20:28 UTC. During the open floor, dwfreed
asked for rationale on banning dolib. No other topics were raised.


The meeting has been concluded at 20:35 UTC.


References
==========
[1]:https://bugs.gentoo.org/634100
[2]:https://archives.gentoo.org/gentoo-dev/message/682618f6d1cf4d63b30577cb1e9bd269
[3]:https://bugs.gentoo.org/587226
[4]:https://bugs.gentoo.org/634406
[5]:https://bugs.gentoo.org/629554