From Fedora Project Wiki
Fedora Release Engineering Meeting :: Monday 2008-09-29
Fedora 10 Beta
- Good to go for beta on 2008-09-30
- Export control submitted
Signing Server
- gnupg smartcards have arrived
- need to put specs on wiki
IRC Transcript
| f13 | ping: notting jeremy rdieter wwoods lmacken poelcat spot lmacken warren | 10:01 |
|---|---|---|
| warren | meh | 10:02 |
| * jeremy is here-ish | 10:02 | |
| * wwoods appears in a poofy cloud of smoke | 10:02 | |
| * notting is here | 10:03 | |
| * poelcat here | 10:03 | |
| f13 | alright good enough. | 10:04 |
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - F10 Beta | 10:04 | |
| f13 | Beta is set to go out tomorrow. Content is staged, I'm working on staging the torrents now too | 10:04 |
| rdieter | here | 10:04 |
| f13 | all systems are go, although torrents may be up late due to having a new server for them. | 10:04 |
| f13 | rawhide unfroze last night, and promptly failed to make images. | 10:05 |
| f13 | and we have to prepare for early branch requests | 10:05 |
| f13 | does anybody want to talk about Beta items? | 10:06 |
| poelcat | did we get the release notes updated that needed to? | 10:06 |
| poelcat | f13: do we have to do export control? | 10:06 |
| f13 | poelcat: I emailed legal. They'll take care of it. I expect a response from them today. | 10:07 |
| f13 | but I'm not too worried on pre-releases. | 10:07 |
| f13 | poelcat: I don't know about release notes, that's a good thing to grab all the release meeting folks about later today | 10:08 |
| poelcat | okay | 10:09 |
| poelcat | f13: btw what is lead time before a release that we have to email legal? | 10:10 |
| * poelcat thought might be good to put on schedule | 10:10 | |
| warren | Are we really going to release Beta with the e1000e issue still wild? | 10:10 |
| warren | We have the driver disabled, which is a good thing. | 10:10 |
| warren | but e1000e is one of the most prevalent ethernet devices now | 10:10 |
| f13 | poelcat: same lead time as staging to mirrors. I email them as soon as I have gold content. | 10:11 |
| warren | f13: Is a kernel with e1000e disabled tagged into beta? | 10:11 |
| f13 | warren: yes. | 10:12 |
| warren | Is everyone here aware this means we release Beta with disabled ethernet on a great many systems/ | 10:12 |
| f13 | warren: yes, it's a bummer that e1000e is disbled, but in the interest of not completely destroying our schedules for F11 and F12, we need to get beta out. | 10:12 |
| warren | This isn't limited to simply ICH8 and ICH9 | 10:12 |
| f13 | we can't hold the entire train up for one device. | 10:12 |
| warren | ICH7 uses e1000e as well | 10:12 |
| warren | Pretty much all Intel systems in the last almost 2 years | 10:13 |
| warren | f13: I want everyone here to make the conscious decision, "Yes, release despite this problem." and also to loudly warn people about the deficiency in the announcements so people have low expectations before they use it. | 10:14 |
| f13 | warren: please consider the alternatives. | 10:14 |
| f13 | c'mon, this is a beta for godsakes. A rawhide snapshot | 10:14 |
| warren | Is this our final release before F10 final? | 10:15 |
| f13 | no | 10:15 |
| f13 | there are weekly snapshots, and a preview release | 10:15 |
| warren | hmm | 10:15 |
| ajax | has beta _ever_ been the last release before final? | 10:15 |
| f13 | and rawhide, every damn day. | 10:15 |
| ajax | (no) | 10:15 |
| warren | f13: Will there be loud warnings in the announcement about this? | 10:15 |
| f13 | that's up to the people writing the release announcement and notes. | 10:15 |
| warren | f13: we really don't want people to be caught off guard "why isn't my ethernet working?" | 10:15 |
| warren | ok | 10:15 |
| f13 | warren: people are going to anyway | 10:15 |
| warren | I say go ahead with release, but we have to be very loud in warning people about it. | 10:16 |
| f13 | just like they would with rawhide, or with previous days rawhides that ate their network. | 10:16 |
| f13 | warren: so then I suggest you get involved with writing the release notes and release announcement. | 10:16 |
| warren | ok | 10:16 |
| jwb | and blog about it, with a big blinking message | 10:16 |
| jwb | maybe an anaconda patch with a popup warning | 10:17 |
| * jwb runs | 10:17 | |
| notting | it's already in the relnotes | 10:17 |
| warren | jwb: ANSI music in a minor key | 10:18 |
| wwoods | I'm pretty sure we could check smolt to get an idea of how many machines this actually affects | 10:20 |
| f13 | any other thoughts on Beta? | 10:21 |
| wwoods | do we have a fix for e1000e yet? | 10:21 |
| jwb | no | 10:21 |
| wwoods | I thought one was being discussed on lkml | 10:21 |
| jwb | there is/was | 10:22 |
| wwoods | anyway - as soon as there's a fix for the problem, the next day's boot.iso can be used to fix/install those systems | 10:22 |
| wwoods | it's ugly but it's not catastrophic. | 10:22 |
| warren | it's only catastrophic if you ran the broken e1000e | 10:23 |
| warren | a fixed e1000e wont fix that | 10:23 |
| jwb | i think he meant in terms of the release | 10:23 |
| wwoods | yes. | 10:23 |
| jwb | e.g. the impacts of shipping with it disabled are not catastrophic | 10:23 |
| warren | agreed | 10:23 |
| poelcat | jwb: what about automated testing? | 10:24 |
| jwb | if all of your machines require e1000e, then that is a fairly large impact | 10:25 |
| * f13 glares at vpn | 10:25 | |
| f13 | alright, lets move on | 10:26 |
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - signing server | 10:26 | |
| f13 | So I got those gnupg smartcards, and while nifty, and nearly what we need, there are some drawbacks. | 10:26 |
| f13 | the card can only hold one key, and it's a low bitsize key. | 10:26 |
| f13 | although signing wasn't too slow and use of the pin worked | 10:26 |
| f13 | however I don't really think it's going to be suitable, especially when we're changing keys and using upwards to 6 different keys at the same time | 10:27 |
| f13 | There is a team within Red Hat that has expressed interest in helping with this project | 10:28 |
| f13 | I've roughly outlined some ideas for an appliance device that would do what we need to do | 10:28 |
| f13 | Networkless appliance connected via serial/usb/whatever | 10:28 |
| f13 | Send data to system, it returns signature for data from given key | 10:28 |
| f13 | Use of multilevel pins, one for admin, one for use of keys | 10:28 |
| f13 | Sign binaries approved to use in automated ways with system for signing | 10:28 |
| f13 | Upload new firmware via usb/serial, not network. | 10:28 |
| f13 | Interact with gnupg | 10:28 |
| jwb | any redundancy? | 10:29 |
| f13 | jwb: yeah, those are areas to think about as well, backups and restores | 10:30 |
| f13 | anyway, I want to move these snippits into a wiki page so we can add more to it and see if said team is up to the challenge. | 10:31 |
| f13 | THere isn't much like this in the retail market, mostly because gpg signing is a tiny tiny market, most HSM (Host Security Machine) devices work with ssl certs (x509) stuff, and are geared for things like active directory | 10:31 |
| -!- f13 changed the topic of #fedora-meeting to: Fedora releng - open floor | 10:39 | |
| f13 | anything else anybody would like to discuss? | 10:40 |
| * nirik wonders when the rest of the f8/f9 resigning will happen... | 10:41 | |
| che | f13, i have a patch hanging around that atleast fixes the binary locations of cman_tool in system-config-cluster | 10:42 |
| che | f13, there seem to be other errors left (permission probs) | 10:43 |
| che | f13, it only starts if you start it as root... doesent prompt | 10:43 |
| f13 | nirik: "soon" | 10:44 |
| f13 | alright I'll wrap it up then. | 10:46 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!