Summary/Minutes from today's Fedora Infrastructure meeting (2012-07-12)
#fedora-meeting: Infrastructure (2012-07-12)
Meeting started by nirik at 18:00:01 UTC. The full logs are available at
* Howdy Fedora Folk (nirik, 18:00:01)
* New folks introductions and Apprentice tasks. (nirik, 18:02:56)
* Applications status / discussion (nirik, 18:07:41)
* Sysadmin status / discussion (nirik, 18:28:16)
* FAD (nirik, 18:35:18)
* cgit and gitweb-caching retirement (nirik, 18:36:40)
* Upcoming Tasks/Items (nirik, 18:51:41)
* 2012-07-11 migration of last redhat.com lists (smooge) (nirik,
* 2012-07-12 drop inactive apprentices. (nirik, 18:51:53)
* 2012-07-12 migration of lists.fedorahosted.org (smooge) (nirik,
* 2012-08-01 nag fi-apprentices (nirik, 18:51:53)
* 2012-08-07 to 2012-08-21 F18 Alpha Freeze (nirik, 18:51:53)
* 2012-08-21 F18 Alpha release. (nirik, 18:51:53)
* 2012-09-11 to 2012-09-25 F18 Beta Freeze (nirik, 18:51:56)
* 2012-09-25 F18 Beta release (nirik, 18:51:58)
* 2012-08-14->2012-08-19 PHX2 trip? (smooge, 18:52:37)
* md5/fips/etc. (nirik, 18:57:48)
* Open Floor (nirik, 19:04:54)
Meeting ended at 19:07:56 UTC.
Action Items, by person
People Present (lines said)
* nirik (117)
* skvidal (111)
* smooge (31)
* abadger1999 (25)
* mdomsch (23)
* ianweller (9)
* lmacken (9)
* threebean (8)
* zodbot (5)
* jaysonr (5)
* relrod (3)
* rdieter (2)
* joshbenner (2)
* whiterhino (1)
* sdrfed17 (1)
* dan408 (1)
* dgilmore (1)
* ricky (0)
* CodeBlock (0)
18:00:01 <nirik> #startmeeting Infrastructure (2012-07-12)
18:00:01 <zodbot> Meeting started Thu Jul 12 18:00:01 2012 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:00:01 <nirik> #meetingname infrastructure
18:00:01 <nirik> #topic Howdy Fedora Folk
18:00:01 <nirik> #chair smooge skvidal CodeBlock ricky nirik abadger1999 lmacken dgilmore mdomsch threebean
18:00:02 <zodbot> The meeting name has been set to 'infrastructure'
18:00:02 <zodbot> Current chairs: CodeBlock abadger1999 dgilmore lmacken mdomsch nirik ricky skvidal smooge threebean
18:00:16 * lmacken
18:00:19 * skvidal is here
18:00:32 * jaysonr here
18:01:16 * ianweller here
18:01:17 <smooge> good day sirs
18:01:19 * nirik waits a minute or two more for folks to wander in.
18:01:54 * threebean is here
18:02:40 <nirik> ok, lets go ahead and get started.
18:02:42 * whiterhino is here
18:02:56 <nirik> #topic New folks introductions and Apprentice tasks.
18:03:06 <nirik> If any new folks want to give a quick one line bio or any apprentices would like to ask general questions, they can do so here.
18:03:16 * abadger1999 here
18:03:36 <jaysonr> i started working on #3251...ran into some things getting fas running locally
18:03:37 <joshbenner> hello - looking to get involved with the infrastructure team
18:03:46 <abadger1999> .ticket 3251
18:03:48 <zodbot> abadger1999: #3251 (FAS openId auth, Accept should be on the right side of the cancel button) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/3251
18:04:01 <jaysonr> I will e-mail the team w/ details, and ask for more help
18:04:13 <jaysonr> *team = infra list :)
18:04:24 <nirik> jaysonr: you can also ask in #fedora-admin or the #fedora-apps channels. :)
18:04:45 <nirik> welcome joshbenner. Are you interested in sysadmin type stuff, or application development/programming?
18:04:51 <jaysonr> nirik: will do - i got some help in #fedora-admin already :)
18:05:35 <joshbenner> programming. I currently work on build scripting in python and app development in c++
18:05:39 <nirik> sometimes folks are busy, but I think we do a reasonable job on helping anyone who asks in channels. ;)
18:06:14 * relrod here (late)
18:06:47 <nirik> joshbenner: great. we can point you the right direction after the meeting in #fedora-admin.
18:07:13 <nirik> any other new folks or apprentice questions off hand?
18:07:41 <nirik> #topic Applications status / discussion
18:07:49 <nirik> any applications news this week?
18:08:26 <threebean> oh, nirik and I got SCM (pkgs01.stg) into fedmsg yesterday
18:08:36 <relrod> I am, by some chain of evens, now the maintainer of python-flask. ianweller and I are working to get flask 0.9 in epel.
18:08:44 * ianweller is still working on fedora-elections-flask
18:09:07 <relrod> *events too.
18:09:07 * skvidal watches the time tick away on ianweller
18:09:10 <nirik> threebean: when would you like to target moving stuff to production? perhaps draw up a timetable/schedule email to the list? or ?
18:09:10 <skvidal> tick tick tick
18:09:20 <ianweller> skvidal: btw, my 5pm, not yours :)
18:09:23 <threebean> (and I made a little screencast tour of fedmsg -- https://vimeo.com/45614749 )
18:09:32 <skvidal> ianweller: I thought it was 5pm GMT :)
18:09:50 <ianweller> 'pm' and 'gmt' in the same line, oh my
18:09:55 <skvidal> ianweller: :)
18:10:12 <threebean> nirik: I'd like to get fas nailed down in stg (working on it now) and then start moving over the small pieces like tagger first. I'll make sure to make a lot of noise before I touch anything in prod.
18:10:44 <smooge> ianweller, where is it currently?
18:10:53 <nirik> threebean: sounds good. alpha freeze starts 2012-08-07, so it would be good to have a stable bunch of stuff moved by then...
18:10:53 <ianweller> smooge: in my home directory on my laptop
18:10:55 <smooge> and what was the git clone for it?
18:10:59 <ianweller> smooge: goal is to push it somewhere tonight
18:11:06 <ianweller> once i have something useful to push
18:11:07 <smooge> ha! I meant in what status is it at
18:11:11 <threebean> nirik: damn, that's way sooner than I thought.
18:11:23 <ianweller> oh, lol
18:11:40 <nirik> threebean: it doesn't have to all be done by any means, just the part that is done is stable and such.
18:11:48 <ianweller> smooge: half of the admin is done, i got stuck in a loop deciding how to implement this before i decided "this needs more discussion later, just copying over how it's implemented now"
18:12:47 <nirik> is there any news on pkgdb or fas releases before the freeze? or still waiting on finding the time to do them?
18:12:51 <smooge> ah I know that loop so well
18:13:32 <smooge> for my app stuff. I am still helping our GSOC student with a limesurvey implementation. I think nirik figured out some sticking points and I will be trying to get a box testing it soon
18:13:51 <nirik> smooge: thanks for helping on that.
18:14:18 <sdrfed17> hi all, i am in for the meeting too.
18:15:01 <nirik> welcome sdrfed17
18:15:13 <nirik> ok, any other apps news? lmacken / abadger1999 / pingou ?
18:15:24 <abadger1999> nothing from me
18:15:32 <lmacken> nothing really...
18:15:48 <lmacken> blocking on legal for this summer of hardware app.. still putting the finishing touches on it too
18:16:12 <nirik> lmacken: how's your next week? could we schedule a tenative bodhi2.0 meeting next wed or something?
18:16:29 <lmacken> nirik: yep, let's do it
18:16:37 <nirik> yeah, that host should be all set but for the proxy stuff.
18:17:13 <skvidal> lmacken: do you or Mo have the final url you want?
18:17:35 <nirik> lmacken: pick a time this channel is free and announce it out. ;) Or if you pick a time and tell me I can send out an email on it.
18:17:42 <lmacken> skvidal: I think mo had apps.fp.o/openhw2012 in mind, but we probably want to confirm with her because I think she's linking to it already
18:17:49 * nirik would ping dgilmore and adamw at least to see if they could both make it.
18:17:51 <skvidal> lmacken: :)
18:18:10 <skvidal> lmacken: okay. keep us in the loop so we can help
18:18:29 <lmacken> skvidal: will do
18:18:32 <mdomsch> abadger1999: have you looked at shibboleth at all?
18:18:34 <lmacken> nirik: cool, will do
18:18:42 <mdomsch> it came to my attention this week on another unrelated matter
18:18:47 <skvidal> mdomsch: please don't make me die
18:18:59 <skvidal> mdomsch: I worked with/on shib at duke
18:19:07 <abadger1999> mdomsch: For auth? I asked about it at one poiint and got ^ that answer :-)
18:19:14 <skvidal> mdomsch: A good friend of mine works on it now
18:19:24 <skvidal> mdomsch: he has special medicine he takes
18:19:38 <skvidal> mdomsch: on the plus side
18:19:43 <skvidal> the major legal issue that USED to exist
18:19:45 <skvidal> has been overcome
18:19:47 <skvidal> which is nice
18:19:53 <skvidal> it used have patent issues
18:20:00 <skvidal> and a REALLY Dodgy license
18:20:01 * nirik hasn't really used it or heard much about it.
18:20:09 <mdomsch> internet2 is pushing it with their InCommon SSO project
18:20:09 <skvidal> nirik: it has been almost exclusively higher-ed
18:20:36 <threebean> RIT adopted it
18:20:43 <mdomsch> and our Dell Cloud properties are about to get I2 connections
18:20:56 <threebean> met some py developers on pysaml2 (which is *kinda* synonymous with shib?)
18:20:57 <skvidal> it's a federated authn/z infrastructure
18:21:06 <skvidal> threebean: s/synonmous/related/
18:21:25 * threebean nods
18:21:26 <skvidal> shib ends up being a set of compnents a shire(?)-provider
18:21:37 <skvidal> shit - I'm going to forget the other jargon
18:21:46 <mdomsch> k. just thought I'd ask, given FAS is going to need porting at some point, is there something else we could use as an Identity Provider and Service Provider framework
18:21:47 <nirik> so, if we looked at this it would be a fas replacement? or perhaps we could look at it from the side of interfacing fas with it? or ?
18:21:49 <skvidal> essentially - each site hosts their own auth mechanism
18:21:53 <skvidal> nirik: it doesn't do that
18:21:58 <skvidal> it fits in at about the same place as openid
18:22:05 <nirik> ah, ok
18:22:10 <skvidal> well openid + OAUTH
18:22:23 <mdomsch> IdP == accounts; SP == services that decide authz based on data from IdP
18:22:25 <skvidal> so if you think of each person as having a home authority
18:22:35 <skvidal> then if you are somewhere else
18:22:37 <skvidal> or on another website
18:22:40 <skvidal> you go there
18:22:44 <skvidal> you select your authority
18:22:47 <skvidal> you login to your authority
18:23:01 <skvidal> which passes back who you are and what your authZ is at that authority
18:23:25 <skvidal> and then the remote site you're trying to access can use that to determine what you get
18:23:39 <skvidal> it was started so that univ didn't up duplicating a billion user accounts
18:23:43 <mdomsch> we could go either way, with FAS as the Identity Provider, or FAS-consuming apps as Service Providers
18:23:44 <skvidal> when folks were collaborating
18:24:03 <skvidal> mdomsch: so - last time I worked on it
18:24:12 <skvidal> mdomsch: it had no local user/uid/etc provider of any kind
18:24:17 <nirik> so if this gets more popular, perhaps we look at fas providing auth for it like we do for openid?
18:24:29 <skvidal> so FAS-app consuming would only work for web apps, at most
18:24:44 <skvidal> it would definitely not work for any kind of local login - unless they've come up with some sort of uid mapper
18:24:45 <mdomsch> nirik: it's only interesting if you're federated with a group that's meaningful to your org it seems
18:25:00 <nirik> ok
18:25:08 <mdomsch> e.g. http://www.incommon.org/participants/
18:25:23 <mdomsch> which is "a bunch of universities and related research groups"
18:25:54 <nirik> well, happy to investigate more, perhaps on list or out of band?
18:25:57 <mdomsch> skvidal: I've seen reference to a PAM plugin, but seems unmaintained if it exists at all
18:26:15 <skvidal> mdomsch: the pam plugin only works for an up/down auth
18:26:21 <mdomsch> boo
18:26:24 <skvidal> mdomsch: you have to have some sort of matching local account
18:26:33 <skvidal> mdomsch: it's really a web-app auth mechanism
18:26:37 <skvidal> it came along before openid
18:26:43 <skvidal> and being a university thing
18:27:01 <skvidal> the amount of force required to break university inertia on anything is massive
18:27:09 <skvidal> several jovian planets, massive
18:27:33 <nirik> always fun.
18:27:42 <nirik> ok, shall we move on then? or anything more on this?
18:28:16 <nirik> #topic Sysadmin status / discussion
18:28:27 <nirik> news in the sysadmin side of things this week?
18:28:45 <nirik> we had rhel 6.3 updates + new kernel update. We will be scheduling some rebooting for next week sometime.
18:29:23 * mdomsch finally got s3-mirror-eu-west-1 functional a couple days ago
18:29:32 <skvidal> so - I've been moving ahead on the builders revamp
18:29:32 <nirik> skvidal has been working on easy re-install for koji builders.
18:29:40 <mdomsch> decent uptake of EPEL5 and 6; minimal uptake on anything Fedora
18:29:45 <smooge> RHIT did not contact me tuesday or wednesday about the mailing list change. I am going to ping and find out what I missed
18:29:55 <smooge> mdomsch, hurray
18:30:22 <mdomsch> smooge: what mailing list change?
18:30:26 <nirik> cool.
18:30:40 <smooge> EPEL from redhat.com -> firstname.lastname@example.org
18:30:41 <mdomsch> skvidal: have you given it an FTBFS run yet?
18:30:46 <skvidal> dgilmore is working on a module for kojira to let us maybe get out of the koji-admin builder disable
18:31:13 <skvidal> mdomsch: besides the one I did earlier, no - I've been reformatting boxes so we have as many builders as I can find
18:31:35 <skvidal> mdomsch: currently I should be able to come up with about 15 builders - I have to reformat some more x86 builders
18:31:54 <skvidal> mdomsch: looking good for kicking a ftbfs tomorrow
18:31:58 <skvidal> barring drama of some kind
18:32:04 <nirik> hurray.
18:32:22 <skvidal> nirik: I'll most likely be running the ftbfs from lockbox
18:32:28 <skvidal> writing to the netapp for the results
18:32:30 <nirik> ok, any other sysadmin news, or shall we move on...
18:32:34 <nirik> skvidal: sounds fine to me.
18:32:55 <smooge> nirik I am working on 2 issues currently:
18:33:05 <smooge> 1) following orders for osuosl01/phx2
18:33:19 <smooge> 2) getting sign-vault02 fixed
18:33:31 <nirik> cool.
18:33:32 <smooge> 3) hosted mailing lists -> hosted-lists
18:33:39 <smooge> 4) PHX2 trip in August
18:33:44 <smooge> for very large values of 2
18:34:08 <nirik> smooge: on 3... you were thinking of today, is that pushed back to next week? do you need anyone else to help poke at it?
18:34:32 <smooge> pushed back to next week. I was having problems rsyncing to hosted03
18:34:39 <smooge> I figured it out eventually.
18:34:58 <dgilmore> heya all
18:35:03 <smooge> heya dgilmore
18:35:05 <nirik> smooge: ok.
18:35:10 <nirik> welcome dgilmore
18:35:18 <nirik> #topic FAD
18:35:19 <abadger1999> smooge: what's wrong with sign-vault? /me hadn't heard about that
18:35:25 <nirik> abadger1999: it lost a disk.
18:35:31 <smooge> and no one can find it
18:35:57 <nirik> so, I haven't done much on the FAD. I need to do some more poking at it... will try and do so this week/early next
18:36:03 <nirik> smooge: ?
18:36:11 <abadger1999> smooge: Hopefully that's a joke... 'cuz.... signing ;-)
18:36:23 <smooge> yes it was meant to be a joke
18:36:40 <nirik> #topic cgit and gitweb-caching retirement
18:37:01 <nirik> so, I got cgit working and with some help from tmz when we hit a bug, it seems working nicely now.
18:37:16 <nirik> So, we need to retire gitweb-caching.
18:37:22 <skvidal> as long as descroptions are shorter than 245 chars
18:37:23 <skvidal> right?
18:37:53 <nirik> Should we just say "it's gone as of YYYY-MM-DD, and /git* will redirect to /cgit/ and you can search for what you want"
18:38:07 <nirik> or should we try and add in some redirects that help get near what people expect.
18:38:17 <nirik> skvidal: correct. or 254 or something.
18:38:40 <skvidal> nirik: yes to the date
18:38:42 * smooge wonders how that would deal with unicode.
18:39:12 <nirik> http://git.ao2.it/gitweb_cgit_migration.git/commitdiff/ae0a642af73350c149f84af1640adf19fd2ee1f3
18:39:13 <skvidal> nirik: let's say 2012-08-30
18:39:28 <nirik> thats some long, ugly redirects people have used in such migrations.
18:39:31 <abadger1999> smooge: It's C so I suspect it'll work byte-by-byte
18:39:53 <skvidal> nirik: how about no to the redirs
18:40:08 <smooge> ugh. redirects are an ulcer and worse rolled into one
18:40:12 <nirik> http://git.fedorahosted.org/cgit/ibus-indic-table.git/commit/?id=0a4a64eeacbef0a3dfd093220ef8faec1fdb985d
18:40:19 <nirik> seems to handle things fine in username
18:40:42 <nirik> yeah, if we do do redirects we probibly would have to keep them for a long time.
18:41:43 <nirik> so, I guess I'm ok with not doing them...
18:41:48 <nirik> but others expressed some concerns.
18:42:44 <mdomsch> no redirects +1
18:42:49 <smooge> I would expect that if we asked those people to maintain those redirects.. they would sing a different tune
18:43:05 * abadger1999 okay without redirects
18:43:26 * skvidal looks
18:43:28 <skvidal> nirik: so
18:43:32 <skvidal> a modest proposal
18:43:36 <skvidal> seriously
18:43:42 <skvidal> is there a way to go half-way
18:43:57 <skvidal> so - let's say someone has a gitweb url pointing to ibus-indic-table.git
18:44:06 <skvidal> could we get them to the same top level in cgit?
18:44:20 <skvidal> so - they don't have to dig to find the repo they were looking for?
18:44:51 <skvidal> so -don't worry about the rest of the string
18:44:54 <skvidal> just parse out the repo
18:45:02 <skvidal> or is that even too much disaster?
18:45:05 <nirik> yeah, quite possibly.
18:45:22 <skvidal> Translation rules
18:45:22 <skvidal> + #
18:45:22 <skvidal> + # Project is a straight redirect
18:45:22 <skvidal> + # ---
18:45:22 <skvidal> + # /?p=(.+).git; http://cgit.openezx.org/$1/
18:45:23 <skvidal> + #
18:45:25 <skvidal> + # Action requires a mapping
18:45:27 <skvidal> + # ---
18:45:29 <skvidal> + # a=(blob|tree) /tree/
18:45:31 <skvidal> + # a=(blobdiff|commitdiff) /diff/
18:45:33 <skvidal> + # a=commit /commit/
18:45:37 <skvidal> + # a=(summary) /
18:45:39 <skvidal> + # a=(shortlog|log|history) /log/
18:45:39 * nirik wonders how much skvidal is pasting.
18:45:41 <skvidal> + # a=tag /tag/
18:45:43 <skvidal> + # a=blob_plain /blob/
18:45:43 <dan408> fpaste?
18:45:45 <skvidal> + # a=rss|atom /atom
18:45:51 <skvidal> wow
18:45:53 <skvidal> whoops
18:45:55 <skvidal> sorry
18:45:57 <skvidal> that was supposed to be 1 line
18:45:59 <skvidal> /?p=(.+).git; http://cgit.openezx.org/$1/
18:46:01 <skvidal> that was all
18:46:03 <skvidal> that was supposed to be 1 line
18:46:07 <skvidal> sorry
18:46:19 <skvidal> anyway - my point is - a single redir to put them in the right repo
18:46:28 <skvidal> will probably keep some of the whining to a minimum
18:46:30 <lmacken> skvidal: are you on irssi? /set paste_verify_line_count 1 :)
18:46:31 <mdomsch> actually, even that much in a single redirect httpd.conf snippet might not be too bad
18:46:53 <nirik> yeah, I can do minimal I guess.
18:47:12 <nirik> so, is 2012-08-30 a good deadline? sooner? later?
18:47:46 <nirik> how about 2012-07-30 ? too soon?
18:48:26 <skvidal> nirik: it's 2 weeks - if the redirects are in place to go to the repo level then I'm fine with 2 weeks - though maybe a month is nicer?
18:48:58 <nirik> yeah, a month drops us in alpha freeze tho
18:49:06 <skvidal> not for hosted
18:49:39 <nirik> yeah, but for pkgs
18:49:42 <skvidal> nod
18:50:24 <nirik> lets tenatively try for 2012-07-30... I'll test redirects in stg/hosted01/02
18:50:37 <skvidal> okie doke
18:50:49 <nirik> anything else on cgit?
18:50:58 * nirik thinks it will be nice to not have gitweb-caching to deal with.
18:51:11 <lmacken> will that be the last perl app we have in production? :P
18:51:30 <nirik> not sure... might be. ;)
18:51:41 <nirik> #topic Upcoming Tasks/Items
18:51:53 <nirik> #info 2012-07-11 migration of last redhat.com lists (smooge)
18:51:53 <nirik> #info 2012-07-12 drop inactive apprentices.
18:51:53 <nirik> #info 2012-07-12 migration of lists.fedorahosted.org (smooge)
18:51:53 <nirik> #info 2012-08-01 nag fi-apprentices
18:51:53 <nirik> #info 2012-08-07 to 2012-08-21 F18 Alpha Freeze
18:51:53 <nirik> #info 2012-08-21 F18 Alpha release.
18:51:56 <nirik> #info 2012-09-11 to 2012-09-25 F18 Beta Freeze
18:51:58 <nirik> #info 2012-09-25 F18 Beta release
18:52:01 <nirik> anything anyone would like to schedule or note?
18:52:22 <nirik> Id like to get the hosted03-> 01/02 migration attempted again, but after we do the hosted-lists move.
18:52:37 <smooge> #info 2012-08-14->2012-08-19 PHX2 trip?
18:52:46 <nirik> smooge: any idea when you want to reschedule those lists things?
18:52:47 <nirik> ok.
18:53:09 <nirik> smooge: that does put it in alpha freeze. ;(
18:53:59 <smooge> yeah.. I could look at the next week... but it can't be any later for budget reasons.
18:54:45 <nirik> yeah. So, how about the next week? of course if alpha slips we are still in freeze, but I suppose it's possible we don't. ;)
18:54:48 <smooge> or I could put it at the 07->12 and hope alpha misses a week due ot anaconda
18:55:18 <smooge> nirik, have we ever not missed an alpha? or had it go a week or two longer due to something
18:55:29 <nirik> I think once. ;)
18:55:42 <smooge> that was meant to be a serious question for once :)
18:55:45 <nirik> would the week before work? 30th-3rd?
18:55:52 <nirik> or is that too soon.
18:56:35 <smooge> when talking to RHIT people I got tentative goes for mid august but not before then.
18:56:37 <rdieter> smooge: f17 didnt' slip until beta
18:56:58 <smooge> rdieter, ah ok. alpha freeze isn't usually too tough. it is more of a slush.
18:57:11 <smooge> nirik, I will see if mgalgoci can make 30th->3rd
18:57:12 <rdieter> <nod>
18:57:17 <nirik> smooge: so, if 30th-3rd works for them we could try that... if not, how about 21'st, etc?
18:57:23 <nirik> sounds good.
18:57:48 <nirik> #topic md5/fips/etc.
18:57:59 * skvidal raises an eyebrow
18:58:01 <nirik> abadger1999: you wanted to note https://fedorahosted.org/fedora-infrastructure/ticket/3358 in the meeting?
18:58:14 <abadger1999> yep
18:58:28 <nirik> basically folks want us to not ever use md5 anywhere. ;)
18:58:40 <abadger1999> got email from sgrubb that we should be moving to sha256sum instead of md5 for lookaside/sources/etc.
18:58:42 <abadger1999> yeah
18:58:52 <nirik> dgilmore looked at what it would take in fedpkg...
18:59:03 <abadger1999> FIPS is kinda beside the point but the original bugzilla was about that.
18:59:10 <abadger1999> <nod>
18:59:24 <nirik> FIPS is completely worthless except for one thing.
18:59:33 <abadger1999> dgilmore doesn't think it will be too hard. I let him know I'm available to do any of the work if he needs me to.
18:59:54 <nirik> is there anything we should worry about from a infra side here? or just keep our eyes out for the changes?
19:00:13 * skvidal hmms
19:00:29 <abadger1999> We'll need to add new directories to the existing lookaside and hardlink the existing sources files into the new directories.
19:00:52 <nirik> yeah.
19:00:53 <abadger1999> The upload.cgi will be updated to check sha256sums and write new content to sha256sum directories.
19:01:04 <skvidal> do we care about puppet, etc?
19:01:09 <abadger1999> Not sure if we should continue to support uploading new content using md5sums or not.
19:01:11 <skvidal> b/c puppet uses md5sums for file comparisons
19:01:18 <abadger1999> hmmm...
19:01:33 <nirik> we have no need for fips mode, so I would say we don't care.
19:01:42 <skvidal> ok
19:01:46 <abadger1999> skvidal: You'd need to ask sgrubb or bressers that.
19:02:08 <abadger1999> It probably wouldn't fall to us to implement changes, just consume new upstream updates if so, though.
19:02:11 <nirik> I would expect that they might be working with upstream puppet to add support for !md5
19:02:12 <skvidal> abadger1999: so - I have a hard time grokking a useful case for an md5sum collision
19:02:18 <mdomsch> s3cmd uses md5sums on the files being uploaded
19:02:33 <mdomsch> because S3 uses MD5 for ETags
19:02:37 <skvidal> again - while flame pointed out the concerns - it's hardly a common case
19:02:44 <abadger1999> mdomsch: <nod> I was thinking specifically about that when I made some of my comments o nthe bugzilla report.
19:03:05 <abadger1999> mdomsch: I think the answer is -- s3cmd wouldn't work in FIPS mode.
19:03:08 <nirik> I think this case needs us to act because end users possibly running FIPS mode might want to maintain packages.
19:03:19 <nirik> internal md5 usage for us matters less
19:03:25 <abadger1999> mdomsch: Which seems like, we're not doing it so upstream might need to worry about that but we don't.
19:04:04 <abadger1999> nirik: also that we're upstream for the software (upload.cgi and fedpkg) so we're the ones that would do the work.
19:04:09 <skvidal> ok
19:04:17 <nirik> abadger1999: yep.
19:04:30 <nirik> ok, anything else on this?
19:04:37 * nirik notes we are over time
19:04:52 <abadger1999> Nope, nothing else there.
19:04:54 <nirik> #topic Open Floor
19:04:56 <mdomsch> I could add sha256 recording into the metadata, just as I have added md5 recording. Easy enough. Not ideal though, because to get that metadata you have to do a HEAD call, where you can get an entire directory worth of files and their ETags with a single HTTP POST call in the API
19:04:58 <nirik> anything for open floor?
19:05:39 <nirik> mdomsch: wonder if it would be worth a mode for that? ie, default is md5, but --fips or --sha256 gets you sha256?
19:06:17 * nirik wonders as a side note if the s3cmd upstream ever merged any of mdomsch's changes?
19:06:30 * skvidal wonders if mdomsch is the new upstrea
19:06:34 <mdomsch> nirik: nope - upstream has been silent for months
19:06:45 <nirik> skvidal: yeah, no kidding. ;)
19:06:47 <mdomsch> I'm not the only one with forks - there are a pile of peole who have
19:06:58 <nirik> sad
19:07:26 <nirik> ok, if nothing else in a minute will close out the meeting. ;)
19:07:53 <nirik> thanks for coming everyone!
19:07:56 <nirik> #endmeeting
infrastructure mailing list
|All times are GMT. The time now is 04:13 AM.|
VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.