From FedoraProject

< ReleaseEngineering | Meetings
Revision as of 04:05, 2 October 2008 by Poelstra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Fedora Release Engineering Meeting :: Monday 2008-09-29

Fedora 10 Beta

  • Good to go for beta on 2008-09-30
  • Export control submitted

Signing Server

  • gnupg smartcards have arrived
  • need to put specs on wiki

IRC Transcript

f13 ping: notting jeremy rdieter wwoods lmacken poelcat spot lmacken warren 10:01
warren meh 10:02
* jeremy is here-ish 10:02
* wwoods appears in a poofy cloud of smoke 10:02
* notting is here 10:03
* poelcat here 10:03
f13 alright good enough. 10:04
-!- f13 changed the topic of #fedora-meeting to: Fedora releng - F10 Beta 10:04
f13 Beta is set to go out tomorrow. Content is staged, I'm working on staging the torrents now too 10:04
rdieter here 10:04
f13 all systems are go, although torrents may be up late due to having a new server for them. 10:04
f13 rawhide unfroze last night, and promptly failed to make images. 10:05
f13 and we have to prepare for early branch requests 10:05
f13 does anybody want to talk about Beta items? 10:06
poelcat did we get the release notes updated that needed to? 10:06
poelcat f13: do we have to do export control? 10:06
f13 poelcat: I emailed legal. They'll take care of it. I expect a response from them today. 10:07
f13 but I'm not too worried on pre-releases. 10:07
f13 poelcat: I don't know about release notes, that's a good thing to grab all the release meeting folks about later today 10:08
poelcat okay 10:09
poelcat f13: btw what is lead time before a release that we have to email legal? 10:10
* poelcat thought might be good to put on schedule 10:10
warren Are we really going to release Beta with the e1000e issue still wild? 10:10
warren We have the driver disabled, which is a good thing. 10:10
warren but e1000e is one of the most prevalent ethernet devices now 10:10
f13 poelcat: same lead time as staging to mirrors. I email them as soon as I have gold content. 10:11
warren f13: Is a kernel with e1000e disabled tagged into beta? 10:11
f13 warren: yes. 10:12
warren Is everyone here aware this means we release Beta with disabled ethernet on a great many systems/ 10:12
f13 warren: yes, it's a bummer that e1000e is disbled, but in the interest of not completely destroying our schedules for F11 and F12, we need to get beta out. 10:12
warren This isn't limited to simply ICH8 and ICH9 10:12
f13 we can't hold the entire train up for one device. 10:12
warren ICH7 uses e1000e as well 10:12
warren Pretty much all Intel systems in the last almost 2 years 10:13
warren f13: I want everyone here to make the conscious decision, "Yes, release despite this problem." and also to loudly warn people about the deficiency in the announcements so people have low expectations before they use it. 10:14
f13 warren: please consider the alternatives. 10:14
f13 c'mon, this is a beta for godsakes. A rawhide snapshot 10:14
warren Is this our final release before F10 final? 10:15
f13 no 10:15
f13 there are weekly snapshots, and a preview release 10:15
warren hmm 10:15
ajax has beta _ever_ been the last release before final? 10:15
f13 and rawhide, every damn day. 10:15
ajax (no) 10:15
warren f13: Will there be loud warnings in the announcement about this? 10:15
f13 that's up to the people writing the release announcement and notes. 10:15
warren f13: we really don't want people to be caught off guard "why isn't my ethernet working?" 10:15
warren ok 10:15
f13 warren: people are going to anyway 10:15
warren I say go ahead with release, but we have to be very loud in warning people about it. 10:16
f13 just like they would with rawhide, or with previous days rawhides that ate their network. 10:16
f13 warren: so then I suggest you get involved with writing the release notes and release announcement. 10:16
warren ok 10:16
jwb and blog about it, with a big blinking message 10:16
jwb maybe an anaconda patch with a popup warning 10:17
* jwb runs 10:17
notting it's already in the relnotes 10:17
warren jwb: ANSI music in a minor key 10:18
wwoods I'm pretty sure we could check smolt to get an idea of how many machines this actually affects 10:20
f13 any other thoughts on Beta? 10:21
wwoods do we have a fix for e1000e yet? 10:21
jwb no 10:21
wwoods I thought one was being discussed on lkml 10:21
jwb there is/was 10:22
wwoods anyway - as soon as there's a fix for the problem, the next day's boot.iso can be used to fix/install those systems 10:22
wwoods it's ugly but it's not catastrophic. 10:22
warren it's only catastrophic if you ran the broken e1000e 10:23
warren a fixed e1000e wont fix that 10:23
jwb i think he meant in terms of the release 10:23
wwoods yes. 10:23
jwb e.g. the impacts of shipping with it disabled are not catastrophic 10:23
warren agreed 10:23
poelcat jwb: what about automated testing? 10:24
jwb if all of your machines require e1000e, then that is a fairly large impact 10:25
* f13 glares at vpn 10:25
f13 alright, lets move on 10:26
-!- f13 changed the topic of #fedora-meeting to: Fedora releng - signing server 10:26
f13 So I got those gnupg smartcards, and while nifty, and nearly what we need, there are some drawbacks. 10:26
f13 the card can only hold one key, and it's a low bitsize key. 10:26
f13 although signing wasn't too slow and use of the pin worked 10:26
f13 however I don't really think it's going to be suitable, especially when we're changing keys and using upwards to 6 different keys at the same time 10:27
f13 There is a team within Red Hat that has expressed interest in helping with this project 10:28
f13 I've roughly outlined some ideas for an appliance device that would do what we need to do 10:28
f13 Networkless appliance connected via serial/usb/whatever 10:28
f13 Send data to system, it returns signature for data from given key 10:28
f13 Use of multilevel pins, one for admin, one for use of keys 10:28
f13 Sign binaries approved to use in automated ways with system for signing 10:28
f13 Upload new firmware via usb/serial, not network. 10:28
f13 Interact with gnupg 10:28
jwb any redundancy? 10:29
f13 jwb: yeah, those are areas to think about as well, backups and restores 10:30
f13 anyway, I want to move these snippits into a wiki page so we can add more to it and see if said team is up to the challenge. 10:31
f13 THere isn't much like this in the retail market, mostly because gpg signing is a tiny tiny market, most HSM (Host Security Machine) devices work with ssl certs (x509) stuff, and are geared for things like active directory 10:31
-!- f13 changed the topic of #fedora-meeting to: Fedora releng - open floor 10:39
f13 anything else anybody would like to discuss? 10:40
* nirik wonders when the rest of the f8/f9 resigning will happen... 10:41
che f13, i have a patch hanging around that atleast fixes the binary locations of cman_tool in system-config-cluster 10:42
che f13, there seem to be other errors left (permission probs) 10:43
che f13, it only starts if you start it as root... doesent prompt 10:43
f13 nirik: "soon" 10:44
f13 alright I'll wrap it up then. 10:46

Generated by 2.7 by Marius Gedminas - find it at!