| f13
| ping: notting jeremy spot lmacken rdieter wwoods poelcat
| 10:07
|
| rdieter
| here
| 10:07
|
| * notting is here
| 10:08
|
| notting
| f13: so, the proposals and actions of rel-eng have now caused fedora-devel to be drowned by ... german sociopolitics. i commend you, that's impressive!
| 10:09
|
| * poelcat here
| 10:09
|
| f13
| notting: not too often you can create an instant godwin's law break
| 10:10
|
| f13
| alright, lets get rolling
| 10:11
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - Snapshot 2
| 10:11
|
| f13
| snapshot2 torrents went a lot better, because a few folks were able to help out with the seeding at the beginning
| 10:11
|
| * lmacken rolls in
| 10:11
|
| f13
| I'm seeing over 700 downloads of the various snap2 offerings
| 10:12
|
| f13
| the biggest winner is the i686 live image with 259 downloads alone
| 10:12
|
| f13
| behind it was the i386 DVD with 151
| 10:13
|
| jwb
| yay for XO
| 10:13
|
| * lmacken had no luck with snap2 on his XO :(
| 10:13
|
| f13
| I still need to stage out the source isos so our seeders can pick it up and test
| 10:14
|
| f13
| and I'd really like to adjust the schedule as I proposed on list, start the snapshot attempts on Wed instead of Thu, that way if we fail wed, we try again thu and have thu night to stage/sync things up, and start torrenting on Friday
| 10:14
|
| f13
| staggering the torrent bring up seemed to help as well
| 10:14
|
| f13
| We've only got one more snapshot, and then a preview release which is just a snapshot by a different name.
| 10:15
|
| f13
| can we vote here on the proposal to move the snapshot day back by one?
| 10:16
|
| f13
| I'm +1 obviously
| 10:16
|
| notting
| generally +1. sort of worried that it leads to spending most of the time snapshotting, with very little interim change time
| 10:17
|
| f13
| I think that's the price we pay by trying to make these snapshots public
| 10:19
|
| f13
| and by doing both live, and split, and DVD install media, with source
| 10:19
|
| rdieter
| +1
| 10:19
|
| f13
| lmacken: jeremy spot ??
| 10:23
|
| lmacken
| +1
| 10:23
|
| spot
| +1
| 10:26
|
| f13
| well, I guess that's enough voters.
| 10:29
|
| f13
| I'll run it through FESCo just to be sure.
| 10:29
|
| f13
| poelcat: Decision: Rel-eng approves adjusting snapshots to start on Wed to give extra time to stage/prepare the torrents. Moving on to FESCo for final approval, may happen in time for Snapshot 3
| 10:30
|
| f13
| Anybody else have anything on snapshot 2?
| 10:30
|
| f13
| ok, moving on
| 10:32
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora Releng - Signing Server
| 10:32
|
| f13
| There was a post just recently about a proposal for a signing server system, made by Miloslav Trmač
| 10:33
|
| f13
| I haven't had a chance to read it, but I would ask all of you interested to read and comment either in email or on the wiki discuss page
| 10:33
|
| f13
| https://fedoraproject.org/wiki/User:Mitr is the current location of hte page
| 10:33
|
| lmacken
| where was this posted to ?
| 10:33
|
| mitr
| Just rel-eng.
| 10:34
|
| mitr
| Sorry about posting it so late.
| 10:34
|
| mitr
| Basically, it's 1 dedicated server/VM guest to do the signatures, and 1 network server to help with security, interface with koji, etc.
| 10:35
|
| * jeremy is here now
| 10:36
|
| f13
| We don't need to discuss it right now, just save it as reading to do soon.
| 10:37
|
| lmacken
| "Each user with access to the key has their own password, and the key passphrase is encrypted with user's password. When adding a new user, the key passphrase is decrypted using the key admin's password, and encrypted using the new user's password. "
| 10:37
|
| lmacken
| that was my initial design from day 1 :)
| 10:38
|
| lmacken
| part of, rather
| 10:38
|
| * jeremy adds to his reading list
| 10:38
|
| notting
| not really keen on the keys/passphrases being on a VM
| 10:38
|
| lmacken
| this design looks pretty solid at a first glance
| 10:38
|
| notting
| run it by some other security folks? looks reasonable.
| 10:39
|
| mitr
| notting: You mean a physical computer would be preferred?
| 10:39
|
| mitr
| Or something else?
| 10:40
|
| jeremy
| mitr: physical computer at least gets rid of the "attack the host of the VM" problem
| 10:40
|
| mitr
| right
| 10:40
|
| f13
| that's why I had it as a different physical computer in my rough draft
| 10:40
|
| f13
| and connecting via something other than network
| 10:41
|
| jeremy
| but that then adds the risk of "hardware goes boom. now we have to have someone physically go to the colo and set up a new piece of hardware"
| 10:42
|
| f13
| sure
| 10:43
|
| notting
| jeremy: if you can quickly replicate it on a VM in time of crisis, sure. but i don't think that's the default mode
| 10:43
|
| jeremy
| anyway, I need to actually read more of what mitr wrote to give a sensible architecture critique
| 10:43
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - Open Floor
| 10:46
|
| f13
| anybody got anything else to talk about, if not, it's back to the grind stone
| 10:46
|
| f13
| alright looks like no.
| 10:49
|
