| f13
|
ping: notting jeremy spot lmacken rdieter wwoods poelcat
|
10:07
|
| rdieter
|
here
|
10:07
|
| * notting is here
|
10:08
|
| notting
|
f13: so, the proposals and actions of rel-eng have now caused fedora-devel to be drowned by ... german sociopolitics. i commend you, that's impressive!
|
10:09
|
| * poelcat here
|
10:09
|
| f13
|
notting: not too often you can create an instant godwin's law break
|
10:10
|
| f13
|
alright, lets get rolling
|
10:11
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - Snapshot 2
|
10:11
|
| f13
|
snapshot2 torrents went a lot better, because a few folks were able to help out with the seeding at the beginning
|
10:11
|
| * lmacken rolls in
|
10:11
|
| f13
|
I'm seeing over 700 downloads of the various snap2 offerings
|
10:12
|
| f13
|
the biggest winner is the i686 live image with 259 downloads alone
|
10:12
|
| f13
|
behind it was the i386 DVD with 151
|
10:13
|
| jwb
|
yay for XO
|
10:13
|
| * lmacken had no luck with snap2 on his XO :(
|
10:13
|
| f13
|
I still need to stage out the source isos so our seeders can pick it up and test
|
10:14
|
| f13
|
and I'd really like to adjust the schedule as I proposed on list, start the snapshot attempts on Wed instead of Thu, that way if we fail wed, we try again thu and have thu night to stage/sync things up, and start torrenting on Friday
|
10:14
|
| f13
|
staggering the torrent bring up seemed to help as well
|
10:14
|
| f13
|
We've only got one more snapshot, and then a preview release which is just a snapshot by a different name.
|
10:15
|
| f13
|
can we vote here on the proposal to move the snapshot day back by one?
|
10:16
|
| f13
|
I'm +1 obviously
|
10:16
|
| notting
|
generally +1. sort of worried that it leads to spending most of the time snapshotting, with very little interim change time
|
10:17
|
| f13
|
I think that's the price we pay by trying to make these snapshots public
|
10:19
|
| f13
|
and by doing both live, and split, and DVD install media, with source
|
10:19
|
| rdieter
|
+1
|
10:19
|
| f13
|
lmacken: jeremy spot ??
|
10:23
|
| lmacken
|
+1
|
10:23
|
| spot
|
+1
|
10:26
|
| f13
|
well, I guess that's enough voters.
|
10:29
|
| f13
|
I'll run it through FESCo just to be sure.
|
10:29
|
| f13
|
poelcat: Decision: Rel-eng approves adjusting snapshots to start on Wed to give extra time to stage/prepare the torrents. Moving on to FESCo for final approval, may happen in time for Snapshot 3
|
10:30
|
| f13
|
Anybody else have anything on snapshot 2?
|
10:30
|
| f13
|
ok, moving on
|
10:32
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora Releng - Signing Server
|
10:32
|
| f13
|
There was a post just recently about a proposal for a signing server system, made by Miloslav Trmač
|
10:33
|
| f13
|
I haven't had a chance to read it, but I would ask all of you interested to read and comment either in email or on the wiki discuss page
|
10:33
|
| f13
|
https://fedoraproject.org/wiki/User:Mitr is the current location of hte page
|
10:33
|
| lmacken
|
where was this posted to ?
|
10:33
|
| mitr
|
Just rel-eng.
|
10:34
|
| mitr
|
Sorry about posting it so late.
|
10:34
|
| mitr
|
Basically, it's 1 dedicated server/VM guest to do the signatures, and 1 network server to help with security, interface with koji, etc.
|
10:35
|
| * jeremy is here now
|
10:36
|
| f13
|
We don't need to discuss it right now, just save it as reading to do soon.
|
10:37
|
| lmacken
|
"Each user with access to the key has their own password, and the key passphrase is encrypted with user's password. When adding a new user, the key passphrase is decrypted using the key admin's password, and encrypted using the new user's password. "
|
10:37
|
| lmacken
|
that was my initial design from day 1 :)
|
10:38
|
| lmacken
|
part of, rather
|
10:38
|
| * jeremy adds to his reading list
|
10:38
|
| notting
|
not really keen on the keys/passphrases being on a VM
|
10:38
|
| lmacken
|
this design looks pretty solid at a first glance
|
10:38
|
| notting
|
run it by some other security folks? looks reasonable.
|
10:39
|
| mitr
|
notting: You mean a physical computer would be preferred?
|
10:39
|
| mitr
|
Or something else?
|
10:40
|
| jeremy
|
mitr: physical computer at least gets rid of the "attack the host of the VM" problem
|
10:40
|
| mitr
|
right
|
10:40
|
| f13
|
that's why I had it as a different physical computer in my rough draft
|
10:40
|
| f13
|
and connecting via something other than network
|
10:41
|
| jeremy
|
but that then adds the risk of "hardware goes boom. now we have to have someone physically go to the colo and set up a new piece of hardware"
|
10:42
|
| f13
|
sure
|
10:43
|
| notting
|
jeremy: if you can quickly replicate it on a VM in time of crisis, sure. but i don't think that's the default mode
|
10:43
|
| jeremy
|
anyway, I need to actually read more of what mitr wrote to give a sensible architecture critique
|
10:43
|
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - Open Floor
|
10:46
|
| f13
|
anybody got anything else to talk about, if not, it's back to the grind stone
|
10:46
|
| f13
|
alright looks like no.
|
10:49
|
