Fedora Release Engineering Meeting :: Monday 04-JUN-07

[1]

Spam-o-matic for rawhide

• the tool that generated the broken deps report at the end of the old rawhide emails
• DECISION:
• notting is going to get 'spam-o-matic' working for rawhide reports again
• including a full report of broken deps at the bottom of rawhide report mails like before the merge, and specific individual mails to maintainers with broken deps.
• f13 will let mike schwendnt know that this is coming.

Updates policy

• DECISION:
• rel-eng is proposing to FESCo that Update tool defaults to pushing to updates-testing
• Maintainer has option to "skip testing" and can do so without an "approver" roadblock.
• UPdate gets marked as "hot" somehow visually so that releng / qa can look over before pushing if necessary

Signing unsigned 7 packages

• DECSISON:
• To do some final Fedora 7 tree maintenance, replace unsigned packages with signed versions
• chmod 644 all the files (not dirs).
• Test with cached yum metadata to see what happens, push to mirror master, alert mirrors.
• Leave the i486/586/686/athlon stuff alone, fix those by updates.

Disable tagged builds from srpms in koji

• DECISION:
• Koji's little know ability to accept builds for tags directly from srpms rather than CVS checkouts will be disabled
• This will prevent people from getting builds into collections that aren't managed in CVS.
• This will NOT disrupt admins ability to bootstrap new arches.

Freeze Policy

• DECISION:
• Defer to a subsequent meeting
• Discuss release Freeze Requirments
• determine what they are
• document them
• determine how to best manage them
• get input from QA
• Start discussion on fedora-maintainers-list the write up results into a wiki page

IRC Transcript

f13 changed the topic of #fedora-meeting to: RELENG-Meeting - Rawhide spam-o-matic - JesseKeating		<a href="#t13:04" class="time">13:04</a>
f13	Rolecall. poelcat, jwb, jeremy, spot, rdieter, wwoods, warren ping	<a href="#t13:04" class="time">13:04</a>
rdieter	here	<a href="#t13:05" class="time">13:05</a>
jwb	out today.  crit sit in real life	<a href="#t13:05" class="time">13:05</a>
* spot raises his head and puts his head back down		<a href="#t13:05" class="time">13:05</a>
dgilmore	f13: i'm here for mmcgrath to represent infrastructure	<a href="#t13:06" class="time">13:06</a>
f13	Notting said he was out.	<a href="#t13:07" class="time">13:07</a>
rdieter	dgilmore: to represent the peeps from instra-town.  word.	<a href="#t13:07" class="time">13:07</a>
rdieter	s/instr/infra/	<a href="#t13:07" class="time">13:07</a>
f13	alright, lets try to blow through this, we've got a lot to cover.	<a href="#t13:08" class="time">13:08</a>
warren	f13, who's decision is it if new added packages go directly into updates or updates-testing?	<a href="#t13:08" class="time">13:08</a>
warren	(It is either this group, or FESCO...)	<a href="#t13:08" class="time">13:08</a>
f13	warren: that comes up later	<a href="#t13:08" class="time">13:08</a>
warren	ok	<a href="#t13:09" class="time">13:09</a>
* f13 waits for the wiki to load to link to the agenda		<a href="#t13:09" class="time">13:09</a>
f13	<a href="http://fedoraproject.org/wiki/ReleaseEngineering/Meetings/Agenda">http://fedoraproject.org/wiki/ReleaseEngineering/Meetings/Agenda</a>	<a href="#t13:09" class="time">13:09</a>
f13	so Bill isn't here but I'm going to ask him to turn on spam-o-matic again for rawhide builds.  Core builders are used to this.	<a href="#t13:09" class="time">13:09</a>
f13	it's the tool that generated the broken deps report at the end of the old rawhide emails.	<a href="#t13:10" class="time">13:10</a>
f13	notting: whoh, I thought you were out?	<a href="#t13:10" class="time">13:10</a>
notting	f13: greetings from the UNC PT waiting room	<a href="#t13:10" class="time">13:10</a>
f13	heh	<a href="#t13:10" class="time">13:10</a>
f13	notting: so, are there any blockers to turning spam-o-matic back on?	<a href="#t13:11" class="time">13:11</a>
f13	notting: does it need modification to work with koji or is that done already?	<a href="#t13:11" class="time">13:11</a>
dgilmore	f13: is it free and open?	<a href="#t13:11" class="time">13:11</a>
f13	dgilmore: it is, not sure if we've checked it into the git repo though	<a href="#t13:11" class="time">13:11</a>
notting	f13: 'making it work'. basically, mash would need to dump the deps out,and spam-o-matic would need to parse it, and query koji (using the api) instead of brew-via-command-line for owners	<a href="#t13:11" class="time">13:11</a>
f13	it's basically just a repoclosure with goo in it to query koji to find out who owns the package and email them as well.	<a href="#t13:11" class="time">13:11</a>
dgilmore	f13: ok  my only concern would be that whatever we use has to be free	<a href="#t13:11" class="time">13:11</a>
f13	dgilmore: absolutely	<a href="#t13:12" class="time">13:12</a>
f13	notting: hrm, didn't spam-o-matic work independantly of the compose tool in the past, or are you just looking to capatilize on the info we already have in the mash?	<a href="#t13:12" class="time">13:12</a>
notting	f13: no sense to run the dep check/closure twice if we don't have to	<a href="#t13:12" class="time">13:12</a>
f13	nod	<a href="#t13:12" class="time">13:12</a>
notting	also, it was running on its own hacked-up version of repoclosure	<a href="#t13:13" class="time">13:13</a>
f13	oh fun.	<a href="#t13:13" class="time">13:13</a>
f13	notting: so do you want help with getting this going, or will htat just put things in your way?	<a href="#t13:13" class="time">13:13</a>
notting	i can look at it	<a href="#t13:13" class="time">13:13</a>
f13	the key here is that the rawhide report will have the list of broken deps, and the individual maintainers will get "spam" in their inbox about it.	<a href="#t13:13" class="time">13:13</a>
* poelcat here		<a href="#t13:13" class="time">13:13</a>
f13	We can then have mschwendent remove rawhide from his reports.	<a href="#t13:14" class="time">13:14</a>
warren	notting, physical therapy?	<a href="#t13:14" class="time">13:14</a>
f13	Is there anybody in attendance that thinks we should not go forward with this?	<a href="#t13:14" class="time">13:14</a>
jwb	question	<a href="#t13:14" class="time">13:14</a>
jwb	oh wait... this is rawhide	<a href="#t13:14" class="time">13:14</a>
jwb	nevermind	<a href="#t13:14" class="time">13:14</a>
rdieter	spam the broken-dep bastards.	<a href="#t13:14" class="time">13:14</a>
mclasen	will the individual spam be filtered ? or does everybody get the full report ?	<a href="#t13:14" class="time">13:14</a>
warren	f13, it sends mail to individuals right?	<a href="#t13:14" class="time">13:14</a>
notting	mclasen: full report goes in the rawhide report	<a href="#t13:14" class="time">13:14</a>
f13	warren: yes, for their specific package(s)	<a href="#t13:15" class="time">13:15</a>
mclasen	notting: yes, I'm asking about the individual spam	<a href="#t13:15" class="time">13:15</a>
warren	f13, as long as the individual spam is only packages pertinent to themself	<a href="#t13:15" class="time">13:15</a>
f13	mclasen: filtered IIRC.	<a href="#t13:15" class="time">13:15</a>
* bpepple pokes his head into the meeting.		<a href="#t13:15" class="time">13:15</a>
jeremy	hit traffic on the way back from lunch... here now	<a href="#t13:15" class="time">13:15</a>
f13	mclasen: didn't you get some from before the merge?	<a href="#t13:15" class="time">13:15</a>
mclasen	f13: you expect me to read all my mail ?	<a href="#t13:16" class="time">13:16</a>
notting	mclasen: it's just things that it thinks you're involved with (i.e., your packages, and things with deps on libraries that you maintain)	<a href="#t13:16" class="time">13:16</a>
mclasen	sounds great then	<a href="#t13:16" class="time">13:16</a>
nirik	Q: is there fc5/fc6 reports? extras push scripts should do that still right?	<a href="#t13:16" class="time">13:16</a>
jwb	nirik, those are being done again	<a href="#t13:16" class="time">13:16</a>
* jwb notes that he's really not here and a bot is replying for him		<a href="#t13:16" class="time">13:16</a>
nirik	and for f7, bodhi should stop push on broken except for security pushes?	<a href="#t13:17" class="time">13:17</a>
* rdieter waves at jwb_bot.		<a href="#t13:17" class="time">13:17</a>
f13	nirik: that's a different subject.	<a href="#t13:17" class="time">13:17</a>
nirik	ok. sorry. ;)	<a href="#t13:17" class="time">13:17</a>
f13	nirik: we're talking about the broken dep report for rawhide.	<a href="#t13:17" class="time">13:17</a>
* nirik goes back to lurking.		<a href="#t13:17" class="time">13:17</a>
f13	ok, I didn't see any objections, notting please 'make it work' at your convenience (:	<a href="#t13:18" class="time">13:18</a>
f13	poelcat: for the record, notting is going to get 'spam-o-matic' working for rawhide reports again.  This includes a full report of broken deps at the bottom of rawhide report mails like before the merge, and specific individual mails to maintainers with broken deps.	<a href="#t13:19" class="time">13:19</a>
f13	I'll let mike schwendnt know that this is coming.	<a href="#t13:19" class="time">13:19</a>
poelcat	f13: thanks. summaries like that make the minutes easy to prepare :)	<a href="#t13:19" class="time">13:19</a>
f13	poelcat: thought it would (:	<a href="#t13:19" class="time">13:19</a>
f13 changed the topic of #fedora-meeting to: RELENG-Meeting - Updates Policy - JesseKeating		<a href="#t13:19" class="time">13:19</a>
f13	lmacken: are you lurking?	<a href="#t13:19" class="time">13:19</a>
lmacken	indeed	<a href="#t13:20" class="time">13:20</a>
f13	I think wwoods is on vacation which makes this topic a bit difficult to discuss.	<a href="#t13:20" class="time">13:20</a>
jeremy	yeah, he is on vacation	<a href="#t13:20" class="time">13:20</a>
warren	How much authority does wwoods alone have over this?	<a href="#t13:20" class="time">13:20</a>
warren	Surely rel-eng group and FESCO have some say.	<a href="#t13:20" class="time">13:20</a>
f13	but the natives would like some policy around what things can be pushed, when they can go directly to updates without passing go, what criteria they should have before leaving -testing, etc...	<a href="#t13:20" class="time">13:20</a>
f13	warren: we have some say sure, but I know that wwoods  and his QA team is trying to come up with policy on the same subject, so we should cooporate.	<a href="#t13:21" class="time">13:21</a>
notting	use common sense?	<a href="#t13:21" class="time">13:21</a>
f13	notting: if only :/	<a href="#t13:21" class="time">13:21</a>
lmacken	heh, right now bodhi requires common sense.	<a href="#t13:21" class="time">13:21</a>
rdieter	notting: heresy!	<a href="#t13:21" class="time">13:21</a>
warren	Is it too dangerous to trust package owners to decide if it goes directly into updates or updates-testing?	<a href="#t13:21" class="time">13:21</a>
mclasen	notting: thats a scarce resource...	<a href="#t13:21" class="time">13:21</a>
warren	In the case of multi-package updates that are interdependent, it can be problematic to push everything at once no?	<a href="#t13:21" class="time">13:21</a>
notting	warren: sounds more problematic not to	<a href="#t13:21" class="time">13:21</a>
warren	notting, not to what?	<a href="#t13:22" class="time">13:22</a>
f13	warren: I honestly don't think so.  Bodhi should definitely default to updates-testing, but there should be an override they can do to get it to go to updates directly	<a href="#t13:22" class="time">13:22</a>
warren	f13, I can agree with that.	<a href="#t13:22" class="time">13:22</a>
f13	warren: multi-package interdependant packages should be pushed all at once, regardless of where they go	<a href="#t13:22" class="time">13:22</a>
lmacken	f13: so along with a 'Push to Testing', maybe have a 'Skip testing' button, that then requires approval from releng ?	<a href="#t13:22" class="time">13:22</a>
warren	f13, lmacken: does bodhi still lack the multi-package update like core updates had	<a href="#t13:22" class="time">13:22</a>
warren	?	<a href="#t13:22" class="time">13:22</a>
f13	lmacken: I don't think we necessarily need to block on approval	<a href="#t13:22" class="time">13:22</a>
lmacken	warren: yes.. It is going to require some schema changes that I hope to do tonight	<a href="#t13:23" class="time">13:23</a>
warren	lmacken, cool	<a href="#t13:23" class="time">13:23</a>
f13	lmacken: but perhaps flag those as "hot" updates so that when rel-eng goes to do a push they might scruitinize the update closer, we have the ability to 'deny' the update just by unchecking it in the push.	<a href="#t13:23" class="time">13:23</a>
* mclasen doesn't see why we have to allow skipping		<a href="#t13:23" class="time">13:23</a>
f13	mclasen: there are some valid cases where spending time in updates-testing won't really do any good.	<a href="#t13:23" class="time">13:23</a>
warren	more than half of packages really don't belong in updates-testing	<a href="#t13:24" class="time">13:24</a>
dgilmore	f13: i think only security and new packages go straight in the rest go through testing	<a href="#t13:24" class="time">13:24</a>
mclasen	does it justify a complicated policy with exceptions and approval ?	<a href="#t13:24" class="time">13:24</a>
warren	The package owner should really DTRT	<a href="#t13:24" class="time">13:24</a>
f13	if a maintainer is abusing the ability to go directly to updates, that's a matter for his sponsor and FESCo to address.	<a href="#t13:24" class="time">13:24</a>
f13	mclasen: nope, which is why I want to make it simple.	<a href="#t13:24" class="time">13:24</a>
f13	mclasen: just offer the ability and call it good.	<a href="#t13:24" class="time">13:24</a>
warren	If a maintainer screws up consistently with bad judgment, then $HIGHER_POWER can lart.	<a href="#t13:24" class="time">13:24</a>
mclasen	f13: simplest is just to not have that feature...	<a href="#t13:24" class="time">13:24</a>
f13	mclasen: which would mean not allowing it all together.	<a href="#t13:25" class="time">13:25</a>
warren	mclasen, you mean everything goes to updates-testing first?	<a href="#t13:25" class="time">13:25</a>
mclasen	rather than have a button and say "if you press this, we'll send the sponsors after you"	<a href="#t13:25" class="time">13:25</a>
dgilmore	mclasen: sometimes things need to go straight in	<a href="#t13:25" class="time">13:25</a>
warren	mclasen, sponsors after you is only if your judgment screws up.	<a href="#t13:25" class="time">13:25</a>
* f13 wonders if we're talking past eachother.		<a href="#t13:25" class="time">13:25</a>
mclasen	dgilmore: My first question was for a concrete example of that being necessary	<a href="#t13:25" class="time">13:25</a>
dgilmore	mclasen: firefox security bug	<a href="#t13:26" class="time">13:26</a>
mclasen	oh, security, sure	<a href="#t13:26" class="time">13:26</a>
f13	broken deps	<a href="#t13:26" class="time">13:26</a>
mclasen	100% agreed on that	<a href="#t13:26" class="time">13:26</a>
warren	I believe the releng policy recommendation should be, "Package owner decides if it goes directly into updates or updates-testing.  They are expected to use their best judgment about risk, and they are responsible for screwing up."	<a href="#t13:26" class="time">13:26</a>
nirik	how about a serious bug that makes something not work right for many users?	<a href="#t13:26" class="time">13:26</a>
dgilmore	mclasen: probably any remotely exploitable security bug	<a href="#t13:26" class="time">13:26</a>
mclasen	f13: the broken dep should not make it out of updates-testing in the first place...	<a href="#t13:26" class="time">13:26</a>
rdieter	dgilmore: security updates already bypass testing, don't they?	<a href="#t13:26" class="time">13:26</a>
f13	mclasen: it may due to security	<a href="#t13:26" class="time">13:26</a>
lmacken	rdieter: yes	<a href="#t13:26" class="time">13:26</a>
mclasen	I'm just contesting that we need to allow non-security updates directly in	<a href="#t13:26" class="time">13:26</a>
f13	mclasen: there were a number of complains by many people with specific cases, lots of library updates that there aren't really test cases / testers for	<a href="#t13:27" class="time">13:27</a>
dgilmore	rdieter: they don't have to right now  but security and a new package should be the only exceptions to testing	<a href="#t13:27" class="time">13:27</a>
mclasen	anyway, if you need to add that button to make valuable contributors happy, then go ahead	<a href="#t13:27" class="time">13:27</a>
lmacken	f13: i do plan on adding support for defining testing instructions, if that makes any difference	<a href="#t13:27" class="time">13:27</a>
mclasen	I just won't use it...	<a href="#t13:27" class="time">13:27</a>
nirik	yeah, thats the common one: firefox security update. Other updates needed to keep broken deps from happening. They should be allowed right?	<a href="#t13:27" class="time">13:27</a>
f13	mclasen: I appreciate that	<a href="#t13:27" class="time">13:27</a>
warren	mclasen, the vast majority of Extras really would not benefit from an enforced testing period, and this adds lots of additional process overhead for those maintainers who maintain dozens of packages.	<a href="#t13:27" class="time">13:27</a>
warren	We really must trust the package maintainers more here.	<a href="#t13:28" class="time">13:28</a>
f13	warren: that's a really broad and disparaging comment	<a href="#t13:28" class="time">13:28</a>
jeremy	warren: I think there _should_ be value for the packages being in updates-testing	<a href="#t13:28" class="time">13:28</a>
warren	f13, it is the reality.	<a href="#t13:28" class="time">13:28</a>
mclasen	warren: thats the kind of comment that I feared	<a href="#t13:28" class="time">13:28</a>
f13	warren: reality is what you make of it.	<a href="#t13:28" class="time">13:28</a>
nirik	I think the reccomendation is that testing should be used unless the maintainer has a good reason not to.	<a href="#t13:28" class="time">13:28</a>
f13	warren: if you state there is no value, then sure, people believe there is no value and don't even attempt to add value.	<a href="#t13:28" class="time">13:28</a>
warren	nirik, +1	<a href="#t13:28" class="time">13:28</a>
jeremy	that said, at the moment, there isn't necessarily a lot of value there.  as we build up more testing and QA stuff around updates-testing, hopefully people will see the value even more	<a href="#t13:28" class="time">13:28</a>
* rdieter agrees is mclasen, having run my own repo, and having been burnt by skipping testing a few times when it didn't *seem* necessary.		<a href="#t13:28" class="time">13:28</a>
mclasen	warren: if it looks as if former extras will in general just skip testing altogether, then we should not add the button	<a href="#t13:28" class="time">13:28</a>
jeremy	nirik: +1	<a href="#t13:29" class="time">13:29</a>
lmacken	if bodhi can automatically submit updates to Stable after $TIMEOUT, then I don't see any issue with throwing updates at it..	<a href="#t13:29" class="time">13:29</a>
lmacken	or $APPROVALs	<a href="#t13:29" class="time">13:29</a>
warren	lmacken, that would be good.	<a href="#t13:29" class="time">13:29</a>
warren	Is there a required length of time something must sit in updates-testing?	<a href="#t13:29" class="time">13:29</a>
lmacken	that's something we need to agree upon	<a href="#t13:29" class="time">13:29</a>
f13	lmacken: I would hope that getting an update to go directly to updates without passing go wouldn't need somebody to "sign off" on it.	<a href="#t13:29" class="time">13:29</a>
lmacken	some people said a week.. some say 3 - 4 days :\	<a href="#t13:29" class="time">13:29</a>
nirik	I think letting maintainers should have a bypass, but default should be testing. Otherwise everyone will bypass it and it will be useless. ;(	<a href="#t13:29" class="time">13:29</a>
f13	if we're going to trust the maintainer, lets trust th emaintainer.	<a href="#t13:30" class="time">13:30</a>
warren	Say I want a trivial update that is obviously correct to go in, that corrects a typo in a cron script that spams users due to a syntax error.  Do I really want that to sit in updates-testing for 7 dys?	<a href="#t13:30" class="time">13:30</a>
f13	nirik: indeed.	<a href="#t13:30" class="time">13:30</a>
f13	warren: you shouldn't have to no	<a href="#t13:30" class="time">13:30</a>
f13	warren: positive feedback should override a default timeout.	<a href="#t13:30" class="time">13:30</a>
lmacken	f13: well.. releng / qa should always be able to nudge stuff through	<a href="#t13:30" class="time">13:30</a>
warren	We really need to trust the package maintainer to some degree.   I would argue that such trivial and obviously correct updates should skip testing.	<a href="#t13:30" class="time">13:30</a>
nirik	warren: yeah, thats an exampe of something the maintainer should be allowed to push. Although it should have been caught in testing for the previous release, right?	<a href="#t13:30" class="time">13:30</a>
warren	We need to ENCOURAGE use of updates-testing in most cases, but TRUST the maintainer to DTRT.	<a href="#t13:30" class="time">13:30</a>
f13	lmacken: releng always has the ability to "opt out" of pushing an update.  However there hsouldn't be a roadblock to the maintainer getting it to the "push" stage of updates.	<a href="#t13:31" class="time">13:31</a>
warren	nirik, I screwed that up for spamassassin in RHEL5 somehow.  Testing missed it.	<a href="#t13:31" class="time">13:31</a>
nirik	really? was that the sa-update thing? That should have been caught by a day in updates-testing I would think...	<a href="#t13:32" class="time">13:32</a>
lmacken	f13: so you're saying anyone should be able to submit anything to Stable at any time ?	<a href="#t13:32" class="time">13:32</a>
f13	Proposal:	<a href="#t13:32" class="time">13:32</a>
warren	nirik, it happened during FC6test, there was no updates-testing	<a href="#t13:32" class="time">13:32</a>
warren	nirik, I accepted a user submitted patch during a rush and got burned.	<a href="#t13:32" class="time">13:32</a>
nirik	yeah. ;( Now there is tho... so thats a great case of updates-testing being good. Someone would have notified about it...	<a href="#t13:33" class="time">13:33</a>
f13	Update tool defaults to pushing to updates-testing.  Maintainer has option to "skip testing" and can do so without an "approver" roadblock.  UPdate gets marked as "hot" somehow visualyl so that releng / qa can look over before pushing if necessary.	<a href="#t13:33" class="time">13:33</a>
jwb	f13, +1	<a href="#t13:33" class="time">13:33</a>
jeremy	f13: +1	<a href="#t13:33" class="time">13:33</a>
rdieter	f13: +1	<a href="#t13:33" class="time">13:33</a>
lmacken	f13: sounds good to me	<a href="#t13:33" class="time">13:33</a>
lmacken	so a 'Skip testing' checkbox in the new update submission for m?	<a href="#t13:33" class="time">13:33</a>
* nirik thinks that sounds great.		<a href="#t13:33" class="time">13:33</a>
warren	f13, "hot" could just mean zero days in updates-testing, and it could be colored such.  +1 in principle	<a href="#t13:33" class="time">13:33</a>
f13	lmacken: or how about 'push to updates-testing' followed by 'skip updates-testing' ?	<a href="#t13:34" class="time">13:34</a>
lmacken	f13: WFM	<a href="#t13:34" class="time">13:34</a>
warren	f13, color code!  0 days red,  1-3 days orange, 4-6 days yellow	<a href="#t13:34" class="time">13:34</a>
f13	warren: but I want my bike shed to be blue!	<a href="#t13:34" class="time">13:34</a>
notting	rpm threat level is: red	<a href="#t13:34" class="time">13:34</a>
warren	And we adjust the threat level for political reasons as needed.	<a href="#t13:34" class="time">13:34</a>
f13	whaever we do to mark it, please don't break my ability to highlight the list of updates to go out and paste them into a \n seperated list.	<a href="#t13:34" class="time">13:34</a>
* spot puts all his liquid and gel packages in a quart ziploc bag		<a href="#t13:35" class="time">13:35</a>
f13	So it looks like that proposal passed.	<a href="#t13:35" class="time">13:35</a>
lmacken	f13: hahah.. damn screen scrapers!!	<a href="#t13:35" class="time">13:35</a>
jwb	f13, do we want to run it by FESCo now?	<a href="#t13:35" class="time">13:35</a>
f13	If we notice repeated abuse we can take it up with maintainer+sponsor, potentially even FESCo	<a href="#t13:35" class="time">13:35</a>
f13	jwb: yes, this should be proposed to FESCo	<a href="#t13:35" class="time">13:35</a>
warren	This is the official releng recommendation to be ratified by FESCo	<a href="#t13:36" class="time">13:36</a>
jwb	should just be a quick review and ack from them	<a href="#t13:36" class="time">13:36</a>
lmacken	heh, i was just about to implement it :(	<a href="#t13:36" class="time">13:36</a>
jwb	lmacken, go ahead.  just don't make it live yet	<a href="#t13:36" class="time">13:36</a>
lmacken	k	<a href="#t13:36" class="time">13:36</a>
f13	lmacken: haha, well you can do it on your test platform	<a href="#t13:36" class="time">13:36</a>
warren	Do we agree on a 7 day countdown for updates-testing by default?	<a href="#t13:36" class="time">13:36</a>
jwb	f13, and we should send that to the list as well	<a href="#t13:36" class="time">13:36</a>
f13	poelcat: For the record, rel-eng is proposing to FESCo that Update tool defaults to pushing to updates-testing.  Maintainer has option to "skip testing" and can do so without an "approver" roadblock.  UPdate gets marked as "hot" somehow visualyl so that releng / qa can look over before pushing if necessary.	<a href="#t13:36" class="time">13:36</a>
f13	warren: I want to leave that up to QA	<a href="#t13:37" class="time">13:37</a>
warren	Idea: 7 day countdown for updates-testing by default.  Interface allows an emergency "WAIT!!!" button for people to click if a test update is really fubar.	<a href="#t13:37" class="time">13:37</a>
mclasen	I think one proposal on the mailing list made a lot of sense, to write down an update policy independent of any tools that we use	<a href="#t13:37" class="time">13:37</a>
mclasen	but that probably has to wait for wwoods return...	<a href="#t13:37" class="time">13:37</a>
f13	mclasen: indeed.  Policy should not be goverened by tools, instead tools should be written to apply the policy (:	<a href="#t13:38" class="time">13:38</a>
warren	f13, as an implementation detail, the color code of hotness really may help.  At a glance you see how long something has been in testing before you push.	<a href="#t13:38" class="time">13:38</a>
jwb	work that with lmacken	<a href="#t13:38" class="time">13:38</a>
* warren likes "color code of hotness"		<a href="#t13:38" class="time">13:38</a>
f13	warren: absolutely.  That's eye candy	<a href="#t13:38" class="time">13:38</a>
lmacken	patches welcome!	<a href="#t13:38" class="time">13:38</a>
f13	heh	<a href="#t13:38" class="time">13:38</a>
f13	as for the rest of updates policy, lets see how far this gets us and discuss more specific things as they fall out of the mailing list and out of QA/FESCo.  OK?	<a href="#t13:39" class="time">13:39</a>
lmacken	sounds good.. so is the Testing -> Stable move still going to be manual? or should bodhi move them after a timeout ?	<a href="#t13:40" class="time">13:40</a>
notting	lmacken: tbd?	<a href="#t13:40" class="time">13:40</a>
lmacken	notting: k	<a href="#t13:40" class="time">13:40</a>
jwb	yeah, tbd	<a href="#t13:40" class="time">13:40</a>
f13	lmacken: we didn't really talk about that.	<a href="#t13:40" class="time">13:40</a>
f13	tbd.	<a href="#t13:40" class="time">13:40</a>
notting	lmacken: actually, coding up the ability to *have* a timeout that moves things could be useful	<a href="#t13:40" class="time">13:40</a>
f13	ok, next topic	<a href="#t13:40" class="time">13:40</a>
warren	lmacken, I'll start a theoretical discussion about that on list now	<a href="#t13:41" class="time">13:41</a>
f13 changed the topic of #fedora-meeting to: RELENG-Meeting - Signing unsigned 7 packages - JesseKeating		<a href="#t13:41" class="time">13:41</a>
mclasen	lmacken: at the very least, we should have the same spam-after-timeout that the old tool had	<a href="#t13:41" class="time">13:41</a>
lmacken	warren: thanks	<a href="#t13:41" class="time">13:41</a>
f13	(inserting topic that wasn't on the wiki)	<a href="#t13:41" class="time">13:41</a>
mclasen	lmacken: getting those reminders was very useful to me	<a href="#t13:41" class="time">13:41</a>
lmacken	mclasen: yeah, I need to hack up some nagmail for bodhi	<a href="#t13:41" class="time">13:41</a>
f13	mclasen: +1  good idea.	<a href="#t13:41" class="time">13:41</a>
f13	Ok, so we all know that there were a number of unsigned packages that leaked into the Everything trees	<a href="#t13:41" class="time">13:41</a>
f13	My plan to fix this was to make sure they're signed within the koji store and do another mash of the f7-final tag.  Then rsync to the tree I have staged to make sure only the expected things changed, push to mirror masters, and alert mirrors that this content change happened.	<a href="#t13:42" class="time">13:42</a>
f13	Any objections to this plan?	<a href="#t13:42" class="time">13:42</a>
notting	works for me. sorry about the bug.	<a href="#t13:42" class="time">13:42</a>
f13	(there is more to come, I just want to get this part cleared first)	<a href="#t13:43" class="time">13:43</a>
dgilmore	f13: none from me	<a href="#t13:43" class="time">13:43</a>
jwb	sounds fine	<a href="#t13:43" class="time">13:43</a>
f13	skvidal thinks we'll be OK with the nvr not changing, but the metdata/checksum changing.	<a href="#t13:43" class="time">13:43</a>
jeremy	have we found the bug that caused this to happen in the first place?	<a href="#t13:43" class="time">13:43</a>
jeremy	(so that we can avoid it in the future)	<a href="#t13:43" class="time">13:43</a>
notting	jeremy: mash assumed that if koji had the signature, it had a signed rpm	<a href="#t13:43" class="time">13:43</a>
warren	Only problem with this, is all existing users must wipe their yum caches in order to recover.	<a href="#t13:44" class="time">13:44</a>
jeremy	ok, fine by me then	<a href="#t13:44" class="time">13:44</a>
rdieter	I assume that assumption was incorrect?	<a href="#t13:44" class="time">13:44</a>
notting	rdieter: correct. it has since been fixed	<a href="#t13:44" class="time">13:44</a>
warren	If you do it with an Update instead, then yum can recover without a yum cache wipe.	<a href="#t13:44" class="time">13:44</a>
f13	warren: actually I think skvidal and jbowes think that bug in yum is fixed.	<a href="#t13:44" class="time">13:44</a>
warren	since when?	<a href="#t13:44" class="time">13:44</a>
warren	hm	<a href="#t13:44" class="time">13:44</a>
jeremy	that should be easy to verify	<a href="#t13:44" class="time">13:44</a>
f13	I talked to them about it last week when I was formulating this plan, but I havne't tested to verify	<a href="#t13:45" class="time">13:45</a>
f13	We should test before pushing anywhere	<a href="#t13:45" class="time">13:45</a>
warren	fortunately the number of affected packages is small	<a href="#t13:45" class="time">13:45</a>
f13	indeed.	<a href="#t13:45" class="time">13:45</a>
warren	gallery2 (the majority) will likely have an update naturally anyway	<a href="#t13:46" class="time">13:46</a>
f13	Anyway, so with testing I'll go forward with that plan.	<a href="#t13:46" class="time">13:46</a>
f13	but the second part of this is a bit more controversial.	<a href="#t13:46" class="time">13:46</a>
f13	due to a misthought out patch to koji, there are a number of packages that were built not just for i386, but for i486, i586, i686, athlon.	<a href="#t13:47" class="time">13:47</a>
dgilmore	opps	<a href="#t13:47" class="time">13:47</a>
f13	And they're sitting in the Everything tree, and in the pungi spins	<a href="#t13:47" class="time">13:47</a>
notting	f13: qt4, pm-utils... what else?	<a href="#t13:47" class="time">13:47</a>
f13	libbeagle	<a href="#t13:47" class="time">13:47</a>
f13	beagle-ui	<a href="#t13:48" class="time">13:48</a>
f13	beagle basically	<a href="#t13:48" class="time">13:48</a>
f13	notting: I don't see qt4 as built like htat	<a href="#t13:48" class="time">13:48</a>
notting	f13: that may have been only in rawhide	<a href="#t13:48" class="time">13:48</a>
f13	just pm-utils, beagle.	<a href="#t13:48" class="time">13:48</a>
f13	pm-utils is particularly bad as radeontool inclusion is only on i386, not the other arches	<a href="#t13:49" class="time">13:49</a>
f13	so some people will get pm-utils but not radeon-tool.	<a href="#t13:49" class="time">13:49</a>
notting	f13: that you'd want to force upgrades on, so i'd do an update	<a href="#t13:49" class="time">13:49</a>
f13	notting: I wanted to for that yes.	<a href="#t13:49" class="time">13:49</a>
f13	so the question though is do we just leave those in the tree, while we're doing signing maint, or do we scrub them?	<a href="#t13:49" class="time">13:49</a>
f13	both beagle and pm-utils will probably get updates soon anyway (and we'll force the issue with pm-utils)	<a href="#t13:50" class="time">13:50</a>
f13	I'm more in favor of just leaving them and changing as little as possible.	<a href="#t13:50" class="time">13:50</a>
* jeremy votes for leave them		<a href="#t13:50" class="time">13:50</a>
rdieter	f13, notting: qt4-4.3.0-1 was that way (used ExclusiveArch: %{ix86}) qt4-4.3.0-2 is better.	<a href="#t13:50" class="time">13:50</a>
f13	(oh and while we're doing tree stuff, chmod 644 *.rpm)	<a href="#t13:50" class="time">13:50</a>
f13	rdieter: that qt didn't land in f7 it appears.	<a href="#t13:50" class="time">13:50</a>
notting	rdieter: qt4 with 4 or 5 extra arches takes a loooooong time to push :)	<a href="#t13:51" class="time">13:51</a>
rdieter	f13: just rawhide.	<a href="#t13:51" class="time">13:51</a>
rdieter	notting: even longer to build.	<a href="#t13:51" class="time">13:51</a>
f13	Proposal: To do some final tree maintenance, replace unsigned packages with signed versions, and chmod 644 all the files (not dirs).  Test with cached yum metadata to see what happens, push to mirror master, alert mirrors.  Leave the i486/586/686/athlon stuff alone, fix those by updates.	<a href="#t13:52" class="time">13:52</a>
rdieter	f13: +1	<a href="#t13:53" class="time">13:53</a>
notting	f13: you may not have to actually chmod	<a href="#t13:53" class="time">13:53</a>
notting	f13: i thing sometime between <compose> and <now> chmod was run over the koji dirs	<a href="#t13:53" class="time">13:53</a>
f13	notting: ok, so rsync may pick up those changes when I mash.	<a href="#t13:54" class="time">13:54</a>
f13	since I"m not seeing any - votes, we'll count this as agreed.	<a href="#t13:56" class="time">13:56</a>
f13	poelcat: For the record, To do some final Fedora 7 tree maintenance, replace unsigned packages with signed versions, and chmod 644 all the files (not dirs).  Test with cached yum metadata to see what happens, push to mirror master, alert mirrors.  Leave the i486/586/686/athlon stuff alone, fix those by updates.	<a href="#t13:56" class="time">13:56</a>
f13	Next topic, another insertion.	<a href="#t13:56" class="time">13:56</a>
f13	mbonnet: you around?	<a href="#t13:56" class="time">13:56</a>
warren	f13, existing install images wont have a problem with the install tree changing?	<a href="#t13:57" class="time">13:57</a>
mbonnet	f13: yo	<a href="#t13:57" class="time">13:57</a>
warren	f13, (boot from boot.iso and do a network install, it wont care that things changed?)	<a href="#t13:57" class="time">13:57</a>
f13 changed the topic of #fedora-meeting to: RELENG-Meeting - Disable tagged builds from srpms in koji - MikeBonnet		<a href="#t13:57" class="time">13:57</a>
f13	warren: Everything trees are not installable for 7	<a href="#t13:57" class="time">13:57</a>
warren	f13, ah. ok.	<a href="#t13:57" class="time">13:57</a>
jwb	huh on /topic?	<a href="#t13:58" class="time">13:58</a>
f13	warren: only usable as add-on repos from other install media.  Too many moving parts at the deadline to have them tested as installable nad still release for LinuxTag	<a href="#t13:58" class="time">13:58</a>
f13	Right now, koji will allow you to build for a tag directly from an srpm	<a href="#t13:58" class="time">13:58</a>
notting	f13: um, if you point boot.iso at it, it does install :)	<a href="#t13:58" class="time">13:58</a>
f13	notting: when did you try that?  Maybe it does becuase I copied the Fedora spins' .discinfo file intot he tree	<a href="#t13:58" class="time">13:58</a>
f13	what we'd like to do is turn off Koji's ability to do this, making any build directly from srpm only --scratch builds.	<a href="#t13:59" class="time">13:59</a>
f13	any build that will be tagged and imported will have to have come from a CVS checkout.	<a href="#t13:59" class="time">13:59</a>
jwb	f13, ew on that.  tag builds should only be built from cvs and srpm should only work for --scratch	<a href="#t13:59" class="time">13:59</a>
notting	f13: a while ago	<a href="#t13:59" class="time">13:59</a>
dgilmore	f13: we need that	<a href="#t13:59" class="time">13:59</a>
f13	Not many people know that koji can build from srpms in this way for tags, so we want to fix it now before it gets abused.	<a href="#t13:59" class="time">13:59</a>
jwb	dgilmore, need it for what?	<a href="#t13:59" class="time">13:59</a>
warren	f13, wow.  I didn't know we allowed that.  Definitely.	<a href="#t14:00" class="time">14:00</a>
dgilmore	jwb: we cant allow people to build for releases and not check there build into cvs	<a href="#t14:00" class="time">14:00</a>
mbonnet	one proposal was to allow only admins to build from srpm as non--scratch	<a href="#t14:00" class="time">14:00</a>
f13	should be a no brainer, but we wanted to be transparent in making decisions/changes.	<a href="#t14:00" class="time">14:00</a>
jwb	dgilmore, oh ok.  i misunderstood your "need it" statement.  sounds like everyone is agreeing so far	<a href="#t14:00" class="time">14:00</a>
f13	Proposal: Disable Koji's ability to tag/import packages that were built directly from srpm instead of from a CVS checkout.	<a href="#t14:01" class="time">14:01</a>
f13	+1	<a href="#t14:01" class="time">14:01</a>
jwb	+1	<a href="#t14:01" class="time">14:01</a>
warren	+1	<a href="#t14:01" class="time">14:01</a>
jeremy	+1	<a href="#t14:01" class="time">14:01</a>
notting	f13: wait a sec	<a href="#t14:01" class="time">14:01</a>
f13	yes?	<a href="#t14:01" class="time">14:01</a>
notting	f13: secondary architecture population	<a href="#t14:02" class="time">14:02</a>
jwb	can do imports	<a href="#t14:02" class="time">14:02</a>
f13	notting: Admin override	<a href="#t14:02" class="time">14:02</a>
notting	f13: as long as that still works, i'm +1	<a href="#t14:02" class="time">14:02</a>
jwb	yeah	<a href="#t14:02" class="time">14:02</a>
mbonnet	notting: arbitrary packages can still be imported by admins	<a href="#t14:02" class="time">14:02</a>
f13	mbonnet: can we still import builds?	<a href="#t14:02" class="time">14:02</a>
f13	ok.	<a href="#t14:02" class="time">14:02</a>
jwb	good thinking notting	<a href="#t14:02" class="time">14:02</a>
f13	poelcat: For the record, Koji's little know ability to accept builds for tags directly from srpms rather than CVS checkouts will be disabled.  This will prevent people from getting builds into collections that aren't managed in CVS.  This will NOT disrupt admins ability to bootstrap new arches.	<a href="#t14:03" class="time">14:03</a>
f13	Next is going to be a /fun/ one.	<a href="#t14:03" class="time">14:03</a>
f13	although we're at an hour already.	<a href="#t14:03" class="time">14:03</a>
f13	Our next topic was to be Freeze Policy, which could be a fairly lengthy topic.	<a href="#t14:04" class="time">14:04</a>
f13	So we cna talk about it now and go over our meeting time, or we can punt for next week with more discussion on list?	<a href="#t14:04" class="time">14:04</a>
jwb	i say punt	<a href="#t14:04" class="time">14:04</a>
jwb	we have two decisions to push out to the lists from today's meeting	<a href="#t14:05" class="time">14:05</a>
jeremy	I think that rather than lengthy discussion, we should a) get requirements written up and then b) get some ideas written up as possible ways to work within the constraints of the requirements	<a href="#t14:05" class="time">14:05</a>
f13	the only topic after that was discussion around creating Standard Operating Proceedures for things that rel-eng does, which should be a no-brainer.	<a href="#t14:05" class="time">14:05</a>
f13	jeremy: I agree, but there needs to be some discussion on what our requirements are (:	<a href="#t14:05" class="time">14:05</a>
warren	What rel-eng team tasks are there outside of a freeze?	<a href="#t14:05" class="time">14:05</a>
notting	f13: at some point we need to tackle 'making signing sane'. but that's almost infrastructure as much as rel-eng	<a href="#t14:05" class="time">14:05</a>
rdieter	punt +1, need to bolt for food soon anyway.	<a href="#t14:05" class="time">14:05</a>
f13	so maybe next meeting and between now and then we'll discuss what our requirements are without any thought as to implementation?	<a href="#t14:05" class="time">14:05</a>
jwb	f13, sounds good	<a href="#t14:06" class="time">14:06</a>
f13	warren: updates pushing, buildroot overrides, buildroot unbreaking, tag creations, builds untagging, etc...	<a href="#t14:06" class="time">14:06</a>
jeremy	f13: it'll be a far more productive discussion if we're having a discussion _based_ on something.  as opposed to just random free-form discussion	<a href="#t14:06" class="time">14:06</a>
warren	f13, except only two of you can do updates pushing	<a href="#t14:06" class="time">14:06</a>
notting	warren: see my comment about signing :/	<a href="#t14:07" class="time">14:07</a>
f13	warren: right now.  we're planning on changing that.	<a href="#t14:07" class="time">14:07</a>
jwb	right	<a href="#t14:07" class="time">14:07</a>
warren	notting, make signing sane includes implementing signing server?	<a href="#t14:07" class="time">14:07</a>
notting	warren: step 1: get a box	<a href="#t14:07" class="time">14:07</a>
f13	warren: that's potentially one way	<a href="#t14:07" class="time">14:07</a>
f13	mbonnet: btw, "make it so" (the srpm thing)	<a href="#t14:08" class="time">14:08</a>
notting	i should write something up	<a href="#t14:08" class="time">14:08</a>
warren	We don't need a lot of signers, but a signing server allowing us to proxy and protect the real key would be great.	<a href="#t14:08" class="time">14:08</a>
mbonnet	f13: got it, I'll have new packages available today	<a href="#t14:08" class="time">14:08</a>
f13	mbonnet: cool, we'll schedule some downtime.	<a href="#t14:08" class="time">14:08</a>
f13	Ok, I'm going to call the meeting then, and let people go.  Thanks everybody!	<a href="#t14:08" class="time">14:08</a>
warren	notting, timezone coverage of signing is part of your goal?	<a href="#t14:08" class="time">14:08</a>
f13 changed the topic of #fedora-meeting to: <a href="http://fedoraproject.org/wiki/Communicate/FedoraMeetingChannel">http://fedoraproject.org/wiki/Communicate/FedoraMeetingChannel</a> -- Meetings often get logged -- see schedule in the wiki for next meeting		<a href="#t14:09" class="time">14:09</a>
notting	warren: it's not something i want to prevent. but it's so bad ATM it's not on the radar	<a href="#t14:09" class="time">14:09</a>
warren	notting, ok, I just wanted to know your thoughts.	<a href="#t14:09" class="time">14:09</a>
f13	poelcat: for the record: We're going to discuss what our Freeze Requirments are and write those up, to have further discussions about how to manage a freeze around those requirements.  Will need QA input on this as well.	<a href="#t14:10" class="time">14:10</a>
f13	the rest of the topics we'll get to next week.	<a href="#t14:11" class="time">14:11</a>
poelcat	f13: "discuss(ion)" will happen where?	<a href="#t14:11" class="time">14:11</a>
jwb	i suggest -maintainers or -devel list	<a href="#t14:12" class="time">14:12</a>
poelcat	IOW is someone writing up wiki page first, then email discussion?	<a href="#t14:12" class="time">14:12</a>
f13	poelcat: I think we should have some discussion on -maintainers first, then write up results into a wiki page	<a href="#t14:15" class="time">14:15</a>
poelcat	gotcha	<a href="#t14:16" class="time">14:16</a>