--- Log opened nie sie 15 02:55:31 2010 15.08.2010 025531-!- LySy (lysy@serv.arch.edu.pl) joins #ArchServer-meeting 15.08.2010 025532-!- Irssi: #ArchServer-meeting: 2 nicks (ops: 1 voices: 0 regular: 1) 15.08.2010 025613-!- Irssi: Join to #ArchServer-meeting was synced in 43 secs 15.08.2010 050315-!- tzunami (~tzunami@adsl-10-25-25.mia.bellsouth.net) joins #ArchServer-meeting 15.08.2010 063246-!- tzunami (~tzunami@adsl-10-25-25.mia.bellsouth.net) quits [Remote host closed the connection] --- Log closed nie sie 15 07:49:03 2010 --- Log opened nie sie 15 07:51:50 2010 15.08.2010 075150-!- LySy (lysy@serv.arch.edu.pl) joins #ArchServer-meeting 15.08.2010 075150-!- Irssi: #archserver-meeting: 2 nicks (ops: 1 voices: 0 regular: 1) 15.08.2010 075150- verne.freenode.net [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp 15.08.2010 075158-!- Irssi: Join to #archserver-meeting was synced in 11 secs 15.08.2010 075205< LySy> morning ;-) 15.08.2010 100106-!- fakeroot (~f1y@pc41-180.elektr.polsl.pl) joins #ArchServer-meeting 15.08.2010 100411< fakeroot> LySy: O ktorej meeting? 15.08.2010 101257< LySy> hello fakeroot ;-) about 1 pm 15.08.2010 101738< LySy> chociaz mozna chyba i po pl pisac bo nas polakow tu wiecej ;p 15.08.2010 101749< LySy> przynajmniej teraz ;-P 15.08.2010 110000< fakeroot> Nom. 15.08.2010 120955-!- Faelar_AS (~faelar@archserver/trusteduser/faelar-as) joins #ArchServer-meeting 15.08.2010 121126< Faelar_AS> Hi 15.08.2010 121129-!- triplem (triplem@archserver/trusteduser/triplem) joins #ArchServer-meeting 15.08.2010 121631< LySy> hello Faelar_AS & triplem ;-) 15.08.2010 121654 triplem hi lysy. 15.08.2010 121657< triplem> whats up? 15.08.2010 121728< Faelar_AS> Hum... I think we should all stick to the main chain :p 15.08.2010 121733< Faelar_AS> *chan 15.08.2010 121824< LySy> nothing, Sunday, and tomorrow i must go back to work ;/ 15.08.2010 121846< LySy> and now it's time for beer ;-) 15.08.2010 121901< LySy> fakeroot: come to me ;-) 15.08.2010 121921< Faelar_AS> someone mentioned "beer" ? 15.08.2010 122023< triplem> just had breakfast, so beer would not really be appropriate ;-) 15.08.2010 122130< Faelar_AS> I'm about to lunch, so beer would be totally relevant :p 15.08.2010 122138< LySy> breakfast at 1 pm? nice ;p 15.08.2010 122248* LySy make dinner ;p 15.08.2010 122251< triplem> lysy: yeah, well, it is sunday ;-) brunch would have been more correct, though. still now beer, probably some champaign? 15.08.2010 122356< Faelar_AS> "champagne" please :p 15.08.2010 122411< LySy> hje hje ;-) 15.08.2010 122414< LySy> brb 15.08.2010 123826-!- fukawi2 (~fukawi2@archserver/trusteduser/fukawi2) joins #ArchServer-meeting 15.08.2010 123829-!- Mode change +v fukawi2 on #archserver-meeting by ChanServ 15.08.2010 124239< Faelar_AS> Hi fukawi2 15.08.2010 124311<+fukawi2> g'evening :) 15.08.2010 124331< triplem> hello ;-) 15.08.2010 124339<+fukawi2> hello stranger 15.08.2010 124411< Faelar_AS> stranger ? who's stranger ? 15.08.2010 124457< triplem> hm, i think he meant myself ;-) 15.08.2010 124510< triplem> just a sidekick. 15.08.2010 124552< Faelar_AS> You're country belong to the EU, you're not a stranger to me. fukawi2 on the other hand... :p 15.08.2010 124556< Faelar_AS> *Your 15.08.2010 124603< Faelar_AS> *belongs 15.08.2010 124709<+fukawi2> you're was correct ;) 15.08.2010 124718<+fukawi2> and yes, I meant triplem.... haven't seen you for a while! 15.08.2010 125050< triplem> fukawi2: sorry, have been busy with some other stuff as well as a quite long vacation without any computer available ;-) 15.08.2010 125150<+fukawi2> it's ok, we'll take it out of your pay ;P 15.08.2010 125208< triplem> lol 15.08.2010 125320<+fukawi2> got me a new rack @ home the other week :D 15.08.2010 125551< triplem> oh, thats nice. having archserver installed now on these machines? 15.08.2010 125634< Faelar_AS> I've got a feature request, can we add anti micro-wave network stack hardening to Arch ? 15.08.2010 125754<+fukawi2> wtf pancakes? 15.08.2010 125755< Faelar_AS> Else I won't be able to stay connected while eating... -_- 15.08.2010 125911< Faelar_AS> Hey we're 2 minutes late on the meeting aren't we ? :p 15.08.2010 125913<+fukawi2> rack: http://imgur.com/9Bkbw 15.08.2010 125915<@Lord-Taco> http://imgur.com/9Bkbw = "imgur: The Simple Image Sharer" 15.08.2010 125925<+fukawi2> 45 seconds to go by my NTP clock :P 15.08.2010 130000-!- Mode change +v Faelar_AS on #archserver-meeting by ChanServ 15.08.2010 130004-!- Mode change +v fakeroot on #archserver-meeting by ChanServ 15.08.2010 130008-!- Mode change +v triplem on #archserver-meeting by ChanServ 15.08.2010 130026<+fukawi2> perhaps give others a bit more time to come.... very small crowd atm :( 15.08.2010 130039<+triplem> looks neat and clean 15.08.2010 130055<+Faelar_AS> Nice rack, but you should buy another camera :p 15.08.2010 130118<+fukawi2> yeah.... fsck'ing iPhone :( 15.08.2010 130127<+fukawi2> not sure where my canon eos is :-/ 15.08.2010 130150<+Faelar_AS> iPhone ? The most expensive crapy-camera in the world ;) 15.08.2010 130212<+fukawi2> yeah.... even the barbie camera is better 15.08.2010 130236<+triplem> faelar_as: probably you could use this helmet? http://1.bp.blogspot.com/_xDzZp7YpVYc/R3PNXA_vP9I/AAAAAAAAADs/Al1fWJls2wc/s200/Helm-Modell-light.JPG 15.08.2010 130238<@Lord-Taco> http://1.bp.blogspot.com/_xDzZp7YpVYc/R3PNXA_vP9I/AAAAAAAAADs/Al1fWJls2wc/s200/Helm-Modell-light.JPG = "1.bp.blogspot.com/_xDzZp7YpVYc/R3PNXA_vP9I/AAAAAAAAADs/Al1fWJls2wc/s200/Helm-Modell-light.JPG" 15.08.2010 130243-!- allanbrokeit (~allan@archlinux/developer/allan) joins #ArchServer-meeting 15.08.2010 130243<+fukawi2> it's *okay* in bright sunlight, but sucks indoors/low light.... if work wasn't paying for it, I wouldn't use it 15.08.2010 130251<+fukawi2> howdy allan :) 15.08.2010 130255< allanbrokeit> hi 15.08.2010 130305<+Faelar_AS> hello allan 15.08.2010 130325<+triplem> hi 15.08.2010 130352-!- Mode change +v allanbrokeit on #archserver-meeting by ChanServ 15.08.2010 130518<+fukawi2> what's news? how's sunny qld tonight? 15.08.2010 130532<+fukawi2> beautiful or perfect? :P 15.08.2010 130532<+allanbrokeit> been good the past few days 15.08.2010 130635<+fukawi2> ok, enough late-time... 15.08.2010 130637<+fukawi2> !start-meeting 15.08.2010 130638<@Lord-Taco> fukawi2: I love it when you talk dirty, but I don't know how to !start-meeting 15.08.2010 130641<+fukawi2> crap 15.08.2010 130723<+Faelar_AS> XD 15.08.2010 130728<+triplem> lol ;-) we take it, that the meeting started now ;-) 15.08.2010 130753<+triplem> the agenda can be found here: http://wiki.archserver.org/index.php/2010-08_Meeting_Agenda#Agenda 15.08.2010 130755<@Lord-Taco> http://wiki.archserver.org/index.php/2010-08_Meeting_Agenda#Agenda = "2010-08 Meeting Agenda - ArchServer Wiki" 15.08.2010 130800<+fukawi2> !open-meeting 15.08.2010 130800<@Lord-Taco> **** MEETING OPENED AT 11:8:0 BY fukawi2 **** 15.08.2010 130820<+fukawi2> that's better.... we'll ignore the padding issue on the minutes/seconds 15.08.2010 130824<+fukawi2> thx triplem 15.08.2010 130830-!- ras0ir (ras0ir@archserver/trusteduser/ras0ir) joins #ArchServer-meeting 15.08.2010 130834<+fukawi2> welcome all 15.08.2010 130840<+fukawi2> especially ras0ir :P 15.08.2010 130846< ras0ir> hi :P 15.08.2010 130918<+fukawi2> thanks for coming -- apologies for the bad times... it seems northern summer/southern winter makes for bad meeting schedules compared to the other way around 15.08.2010 130926<+fukawi2> but anyway 15.08.2010 130952<+fukawi2> !topic kernel -- State; Freeze until RC is released? 15.08.2010 130952<@Lord-Taco> *** NEXT TOPIC: 'kernel -- State; Freeze until RC is released?' 15.08.2010 130956<+fukawi2> triplem... 15.08.2010 131012<+triplem> Yeah, I have just added some information about this in the agenda 15.08.2010 131029<+triplem> basically we have 2.6.32.16 and it looks okay, at least nobody objected. 15.08.2010 131054<+Faelar_AS> What's intresting in .19 compared to .16 ? 15.08.2010 131056<+triplem> i would probably like to upgrade to 2.6.32.19 (Kreg wrote: are strongly encouraged to upgrade) 15.08.2010 131119<+triplem> which hints, that there are some security fixes in there. 15.08.2010 131210<+triplem> so, from my pers᱕ective thats it for this topic. any hints, recommendations, questions? [cp1250] 15.08.2010 131231<+fukawi2> let's bump to .19, and freeze it there until we make RC1 15.08.2010 131239<+Faelar_AS> agreed 15.08.2010 131242<+triplem> +1 15.08.2010 131242< ras0ir> +1 15.08.2010 131245<+fukawi2> done 15.08.2010 131321<+fukawi2> !action triplem to bump kernel to rel .19 then freeze until AS RC 15.08.2010 131322<@Lord-Taco> *** ACTION POINT: 'triplem' to follow up: to bump kernel to rel .19 then freeze until AS RC 15.08.2010 131346<+fukawi2> anything else on the kernel? 15.08.2010 131425<+fukawi2> I'll take that as a no 15.08.2010 131429<+fukawi2> !topic Toolchain 15.08.2010 131429<+Faelar_AS> Not before the security topic which cover kernel + toolchain + other things 15.08.2010 131429<@Lord-Taco> *** NEXT TOPIC: 'Toolchain' 15.08.2010 131437<+fukawi2> allan.... 15.08.2010 131507<+allanbrokeit> I put a bunch of updates to toolchain related packages in [testing] for a signoff a while back 15.08.2010 131525<+allanbrokeit> I do not think anything else needs done to it at this point 15.08.2010 131556<+fukawi2> ok -- forgive my stupid question, but just to clarify, exactly which pkgs are considered 'toolchain' 15.08.2010 131646<+allanbrokeit> gcc, glibc, binutils, linux-api-headers, and deps (gmp, mpfr) 15.08.2010 131716<+triplem> could we sign-off these changes right now? or wait for the corresponding agenda topic? 15.08.2010 131721<+fukawi2> cool -- so where do we stand compared to AL? same toolchain? 15.08.2010 131723<+allanbrokeit> linux-api-headers should be bumped to .19 too 15.08.2010 131737<+fukawi2> apart from the headers 15.08.2010 131747<+allanbrokeit> gcc and glibc are a version behind, but that is a good thing 15.08.2010 131759<+allanbrokeit> gmp and mpfr are also using more stabe versions 15.08.2010 131841<+fukawi2> sounds 'bleeding edge' enough for me ;) 15.08.2010 131853<+fukawi2> triplem -> I'm happy with them 15.08.2010 131856<+Faelar_AS> Does the toolchain needs to be often update compared to... for example... the kernel ? Or can we keep the same version long enough ? 15.08.2010 132008<+allanbrokeit> it should not need updated that often as long as you do not use e.g. gcc-4.5.0 releases and wait for 4.5.2 or something like that 15.08.2010 132020<+allanbrokeit> only crazy distros used gcc-4.5.0... 15.08.2010 132026<+fukawi2> lol 15.08.2010 132042<+fukawi2> we would keep the major versions the same for the life of a release wouldn't we? 15.08.2010 132110<+allanbrokeit> I'd assume so... 15.08.2010 132123<+fukawi2> sounds good 15.08.2010 132136<+Faelar_AS> Yes, kernel+toolchain per release 15.08.2010 132242<+fukawi2> regarding sign-off, allan has requested... triplem are you happy to test and post as dev 1 sign-off? 15.08.2010 132252<+triplem> yes 15.08.2010 132306<+fukawi2> !action triplem and fukawi2 to test and sign-off toolchain 15.08.2010 132307<@Lord-Taco> *** ACTION POINT: 'triplem' to follow up: and fukawi2 to test and sign-off toolchain 15.08.2010 132323<+triplem> we will have to update linux-api-headers and then the sign-off should take place 15.08.2010 132339<+fukawi2> ok, well I'll wait until you've done that 15.08.2010 132349<+fukawi2> anything else for toolchain discussion? 15.08.2010 132357<+allanbrokeit> triplem: can you do that as you update the kernel? 15.08.2010 132418<+triplem> sure ;-) 15.08.2010 132426<+triplem> just wrote it in the agenda under decision 15.08.2010 132440<+fukawi2> thx triplem :) 15.08.2010 132509<+fukawi2> and also big thanks to allan for volunteering to take on the maintenance of the toolchain for us... many hands make light work :D 15.08.2010 132528<+Faelar_AS> @ fukawi2 : can we then talk about package sign-off instead of portal/iso ? 15.08.2010 132545<+Faelar_AS> Just to stay on similar subject :) 15.08.2010 132621<+fukawi2> sounds good.... in the absence of sbnet, we'll skip the APP, and postpone ISO.... 15.08.2010 132628<+fukawi2> !topic sign-off 15.08.2010 132628<@Lord-Taco> *** NEXT TOPIC: 'sign-off' 15.08.2010 132648<+triplem> fukawi2: i don't like to skip the APP, we should just postpone it as well. 15.08.2010 132702<+fukawi2> ok, we'll come back to it then 15.08.2010 132803<+fukawi2> well to date, we haven't managed to move many packages out of [testing] and into their proper repositories 15.08.2010 132840<+fukawi2> I'm wondering if it would be worthwhile in the long run to allow the move of packages with only 1 dev sign-off in order to get the repos populated 15.08.2010 132913< ras0ir> sounds fine to me 15.08.2010 132915<+fukawi2> this would help move us closer to releasing an RC, which will make testing easier for users, which should find any problems in the packages 15.08.2010 132917<+triplem> this IMHO highly depends on what we would like to reach. for more stability I would stick to two developers. 15.08.2010 132936<+Faelar_AS> Yes, I think it's not a good idea per see 15.08.2010 132948<+Faelar_AS> But I alos think we need a basis (like first RC) 15.08.2010 132950<+fukawi2> having the [server-core] repo fully populated will make it possible for the ISO to be make 'properly' instead of pointing to [testing] 15.08.2010 132950<+triplem> in the short run (for the first release now) we should use just 1 dev 15.08.2010 133005<+Faelar_AS> Then people could install testing packages on it, and see if everything is fine 15.08.2010 133039<+fukawi2> we definitely want to have 2 devs for packages that are going into a RELEASED repo, but for packages to be moved to a repo for RC, I think 1 is enough, since part of the point of RC is testing 15.08.2010 133139<+triplem> fukawi2: makes sense. +1 15.08.2010 133147< ras0ir> +1 15.08.2010 133157<+Faelar_AS> Hum... 15.08.2010 133211<+Faelar_AS> Do we have (or will we have) something else than RC ? 15.08.2010 133217<+fukawi2> there would still be the packaging dev to request sign-off, then an additional dev to approve... so there would still be 2 sets of eyes looking at things 15.08.2010 133221<+Faelar_AS> Like beta or something ? 15.08.2010 133320<+fukawi2> well we could go alpha, beta, rc, but I figured it was just as easy to do rc1, rc2, rc3 etc until it's ready 15.08.2010 133402<+triplem> and testing is already kind of alpha/beta. 15.08.2010 133411<+Faelar_AS> Ok, what comes to my mind is having the 2 sign of for the latest test version, the one just before the release 15.08.2010 133425<+Faelar_AS> When things must slow down to ensure stability 15.08.2010 133446<+Faelar_AS> For everything before (be it RC1 or alpha/beta) I'm for a 1 sign-off 15.08.2010 133527<+Faelar_AS> I don't know if it's clear... :/ 15.08.2010 133547<+allanbrokeit> given most packages have had testing of sorts in Arch Linux first, you are really just signing of that particular build anyway 15.08.2010 133608<+fukawi2> part of the release process (http://wiki.archserver.org/index.php/Release_Process) is to ensure all bugs due for this release are fixed/closed so as long as testers open bugs for issues they find, everything should be resolved 15.08.2010 133610<@Lord-Taco> [ERR] No response from wiki.archserver.org/index.php/Release_Process) 15.08.2010 133639<+fukawi2> of course, it depends on testers finding all the issues, but there's no gurantee devs will either 15.08.2010 133729< ras0ir> i'll keep following CVEs 15.08.2010 133832<+fukawi2> my concern with your suggestion faelar is how do we know when we're at a the last RC before release, until after the RC has been released, and tested? we would then have to go back and re-test and re-signoff everything 15.08.2010 133956<+Faelar_AS> Well, after reading the wiki, I'm definitivly more for a 2 sign-off process before moving anything to the repos 15.08.2010 134036<+fukawi2> 2-sign off? as in the packager and 1 dev, or package and 2 devs? 15.08.2010 134042<+Faelar_AS> Testing should be the fast-moving bug-tracking thing, and repos' packages should be fine unless something ugly happens :p 15.08.2010 134059<+Faelar_AS> 2 devs 15.08.2010 134135<+triplem> faelar_as: then we need a strong committment from all devs to sign packages off. 15.08.2010 134144<+triplem> up until now, this did not really happen ;-( 15.08.2010 134155<+fukawi2> what in the wiki makes you say that? 15.08.2010 134225<+Faelar_AS> Yes but I thing we will have less packages and less versions to manage than AL 15.08.2010 134314<+Faelar_AS> At the same time, I'm all for having a quicker release of that first RC, so I'm not against a one time exception now 15.08.2010 134408<+allanbrokeit> how about a really bold suggestion... what about no signoffs until the first RC/alpha? Just get the packages out there in a form people can use and stabilize further from there. 15.08.2010 134412<+fukawi2> let's go with 1-dev sign-off for redgum RC, 2-dev post-RC, and revisit before spruce 15.08.2010 134451<+triplem> +1 15.08.2010 134454<+Faelar_AS> +1 15.08.2010 134535< ras0ir> +1 15.08.2010 134601<+fukawi2> !action (actually, decision, but there's no ! cmd for that) only 1 dev sign-off required for packages to move them out of [testing] *prior to redgum RC* 15.08.2010 134602<@Lord-Taco> *** ACTION POINT: '(actually,' to follow up: decision, but there's no ! cmd for that) only 1 dev sign-off required for packages to move them out of [testing] *prior to redgum RC* 15.08.2010 134625<+triplem> who is going to document this in the wiki? 15.08.2010 134650<+fukawi2> I thought you were updating it? :P 15.08.2010 134706<+fukawi2> or were you only updating your topic? 15.08.2010 134709<+triplem> i am currently updating the agenda. 15.08.2010 134717<+fukawi2> ok, thx :) 15.08.2010 134722<+triplem> i meant the releas process 15.08.2010 134748<+fukawi2> I will update it 15.08.2010 134822<+fukawi2> any more input to this discussion? 15.08.2010 134842<+Faelar_AS> no 15.08.2010 134854<+fukawi2> !topic APP 15.08.2010 134854<@Lord-Taco> *** NEXT TOPIC: 'APP' 15.08.2010 134901<+fukawi2> triplem filling in for sbnet.... 15.08.2010 134934<+triplem> i just wanted to ask, if this really makes any sense anymore. we haven't seen any real progress for the last 3-5 month. 15.08.2010 135013<+fukawi2> I agree -- I was really hoping to get an update tonight, but sb is obviously unable to be here :( 15.08.2010 135036<+fukawi2> he did say he would have a demo/beta up for us not long after the last meeting, but that hasn't happened 15.08.2010 135050<+triplem> well, probably we should think about alternatives, and discuss those in the next meeting. 15.08.2010 135054<+fukawi2> (for those not across the project: http://wiki.archserver.org/index.php/ArchServer_Package_Portal ) 15.08.2010 135056<@Lord-Taco> http://wiki.archserver.org/index.php/ArchServer_Package_Portal = "ArchServer Package Portal - ArchServer Wiki" 15.08.2010 135145<+Faelar_AS> I think it's too huge to be ready on time 15.08.2010 135205<+Faelar_AS> So I'm all for a short-term alternative 15.08.2010 135221<+fukawi2> any suggestions faelar? 15.08.2010 135227<+triplem> the short-term alternative could be to stick to the current process, without tool-support. 15.08.2010 135258<+fukawi2> possibly the best option 15.08.2010 135301<+triplem> or we could also try to install the AL AUR stuff? 15.08.2010 135311<+Faelar_AS> if that's not convenient enough maybe smaller tools should be developed ? 15.08.2010 135318<+triplem> allanbrokeit: any hints on this one? 15.08.2010 135320<+fukawi2> what do we think are the most important features that we should aim for first? 15.08.2010 135447<+triplem> i think: Database record for each package 15.08.2010 135452<+allanbrokeit> the arch website code is all in a public git repo - it is actually quite good for a developer to keep track of what they need to do 15.08.2010 135517<+Faelar_AS> Interface to git repositories - server-core, server-extra and server-community. Read-only, just to get current version and other details from the PKGBUILD. <- exactly what you can have with the git web front-end no ? 15.08.2010 135517<+fukawi2> it's mysql backed isn't it allan? 15.08.2010 135538<+allanbrokeit> possibly... :P 15.08.2010 135642<+triplem> i am asking for: somebody should look at this stuff and report back in the near future. report on all pros/cons of the diffferent possible solutions 15.08.2010 135644<+fukawi2> *puts on sysop hat* given the limited resources on hydrogen (esp 1gb ram) I'd like to avoid having to run mysql and postgresql on there 15.08.2010 135747<+triplem> probaly we could migrate this stuff to pgsql. 15.08.2010 135802<+triplem> but like said, we need to look at it, right now it is just wild guesses 15.08.2010 135806<+fukawi2> that would probably take as much effort as writing the APP :P 15.08.2010 135814<+Faelar_AS> Plus oracle will sue you soon after winning against Android/Google on java licensing :p 15.08.2010 135819<+triplem> fukawi2: possible, but who knows. 15.08.2010 135834<+fukawi2> let's see if we can get an update from sb ASAP 15.08.2010 135840<+fukawi2> then go from there 15.08.2010 135840<+allanbrokeit> just as an insight to what I see on the Arch website: http://allanmcrae.com/images/arch_developer_dashboard.png 15.08.2010 135843<@Lord-Taco> http://allanmcrae.com/images/arch_developer_dashboard.png = "allanmcrae.com/images/arch_developer_dashboard.png" 15.08.2010 135916<+fukawi2> that looks neat allan 15.08.2010 135918<+fukawi2> nice 15.08.2010 135927<+triplem> i like it as well. 15.08.2010 140001<+triplem> who is responsible for this one? probably we could ask for some details? 15.08.2010 140016<+allanbrokeit> Dan/toofishes 15.08.2010 140018<+triplem> like e.g. migration to pgsql, if possible and stuff 15.08.2010 140056<+fukawi2> more difficult would probably be changing it to support named-releases, rather than rolling-release 15.08.2010 140110<+fukawi2> but it's worth investigating 15.08.2010 140147<+Faelar_AS> altering tables with an added "release" field won't do it ? 15.08.2010 140307<+fukawi2> it'd be great if it could be that simple ;P 15.08.2010 140355<+fukawi2> let's continue with our manual methods for now, I'll try and get an update from sb (or someone else can if you see him in irc etc) and we'll revisit next meeting once we know more 15.08.2010 140356<+triplem> so, first step, is probably to send an mail to ask sb for an update. 15.08.2010 140407<+Faelar_AS> Don't know but should not be worst than moving from Msql to PGsql 15.08.2010 140412<+triplem> +1 15.08.2010 140419<+Faelar_AS> ok 15.08.2010 140428<+fukawi2> any thoughts allan? 15.08.2010 140440<+fukawi2> or +1 from you also? 15.08.2010 140501< ras0ir> archweb is a django app isnt it? iirc django has pgsql backend 15.08.2010 140517<+allanbrokeit> no thoughts from me really... 15.08.2010 140605<+fukawi2> all good then! 15.08.2010 140606<+Faelar_AS> http://www.toofishes.net/blog/archweb-db-schema/ 15.08.2010 140608<@Lord-Taco> http://www.toofishes.net/blog/archweb-db-schema/ = "toofishes.net - Archweb DB Schema" 15.08.2010 140620<+Faelar_AS> "for the archweb Django application that is the face of the Arch Linux website." 15.08.2010 140645<+fukawi2> ah yes, I remember seeing that post a while back.... crazy hell 15.08.2010 140815<+fukawi2> I can't see an easy way to incorporate releases into that.... but that's a discussion for another time 15.08.2010 140822<+fukawi2> !topic Installation ISO 15.08.2010 140823<@Lord-Taco> *** NEXT TOPIC: 'Installation ISO' 15.08.2010 140907<+triplem> A couple of bugs are still open, and some testing needs to get done on the ISO. 15.08.2010 140907<+fukawi2> triplem.... I think we've probably covered anything that could have been talked about here? 15.08.2010 140928<+fukawi2> once we get [server-core] populated then we will be able to make another ISO 15.08.2010 140936<+triplem> other then that, we have covered anything. 15.08.2010 140938<+triplem> true. 15.08.2010 140953<+fukawi2> cool cool 15.08.2010 141000<+triplem> no additional action required right now. 15.08.2010 141004<+Faelar_AS> A quick thing 15.08.2010 141020<+fukawi2> yes? :) 15.08.2010 141022<+Faelar_AS> What bootloader is used for the iso ? 15.08.2010 141037<+triplem> isolinux 15.08.2010 141050<+Faelar_AS> Ok thank you 15.08.2010 141130<+fukawi2> isolinux has issues with xen on intel cpu's in HVM guests due to the real-mode emulation issues.... but that's a xen issue, not ours 15.08.2010 141207< ras0ir> im using isolinux as bootloader here :P 15.08.2010 141234<+fukawi2> it does look pretty ;P 15.08.2010 141241<+Faelar_AS> I'm using extlinux, I don't know if it's the same thing... 15.08.2010 141256<+triplem> rigth now we do not support USB loading, just CDs. which should be changed somewhen as well.... (after RC). 15.08.2010 141259<+Faelar_AS> I'm confused between extlinux syslinux and isolinux :p 15.08.2010 141343<+fukawi2> let's stick with upstream (AL == isolinux) for simplicity's sake ;P 15.08.2010 141400< ras0ir> Faelar_AS: they're part of syslinux :) 15.08.2010 141419< ras0ir> fukawi2: +1 15.08.2010 141425<+Faelar_AS> +1 15.08.2010 141428<+triplem> +1 15.08.2010 141433<+fukawi2> !topic Security 15.08.2010 141433<@Lord-Taco> *** NEXT TOPIC: 'Security' 15.08.2010 141435<+fukawi2> faelar... 15.08.2010 141511<+Faelar_AS> Ok, I don't know if everybody have read the topic on the forum (or the mail) 15.08.2010 141539<+fukawi2> quick overview for the benefit of the meeting minutes, and those who haven't...? ;) 15.08.2010 141607<+Faelar_AS> It looks like AS security can be enhanced if some specific compilation choices are made 15.08.2010 141637<+Faelar_AS> From what I understand, it will not break the compatibility between AS and AL 15.08.2010 141647<+Faelar_AS> Then downside is a performence hit 15.08.2010 141725<+fukawi2> do we know how much of a performance impact? 15.08.2010 141729<+allanbrokeit> for what its worth, I have considered enabling those compiler flags in Arch Linux: http://bugs.archlinux.org/task/18864 15.08.2010 141731<@Lord-Taco> http://bugs.archlinux.org/task/18864 = "FS#18864 : Consider enabling GCC's stack-smashing protection (ProPolice, SSP) for all packages" 15.08.2010 141732<+Faelar_AS> What I would like to know is if we should take a look into that kind of stuff, and ut it in place in AS 15.08.2010 141755<+allanbrokeit> ~1.3% performance hit on average 15.08.2010 141946<+Faelar_AS> does this worth the added security ? 15.08.2010 142001<+allanbrokeit> it stops buffer overflow exploits 15.08.2010 142007<+triplem> CONFIG_CC_STACKPROTECTOR is set in our kernel already as well ;-) 15.08.2010 142015<+allanbrokeit> so possibly for a server os 15.08.2010 142059<+fukawi2> the lvm and iptables issues mentioned on the ubuntu wiki concern me 15.08.2010 142110<+Faelar_AS> link ? 15.08.2010 142116<+fukawi2> https://wiki.ubuntu.com/GccSsp 15.08.2010 142116<+allanbrokeit> that is old though (2006?) 15.08.2010 142128<+fukawi2> last edited 2008-08-06 15.08.2010 142147<+allanbrokeit> Fedora and Ubuntu have used this for a while so it should have less issues... 15.08.2010 142239<+allanbrokeit> at worst, you disable the flags for packages that have issues with it 15.08.2010 142252<+fukawi2> indeed, the ubuntu bug report seems to have it as resolved 15.08.2010 142320<+allanbrokeit> but I would say this is something to consider early in the development cycle for the redgum+1 release 15.08.2010 142352<+fukawi2> I agree, since the best option seems to be to enable it in gcc and then selectively disable it 15.08.2010 142427<+allanbrokeit> by that stage Arch Linux might see it in their CFLAGS... 15.08.2010 142434<+fukawi2> let's not bite off more than our small team can chew for redgum ;) 15.08.2010 142451<+Faelar_AS> ok so hardening for redgum + 1 release ? 15.08.2010 142511<+fukawi2> faelar -- do you want to raise a feature request in FS for it? 15.08.2010 142512<+allanbrokeit> +1 15.08.2010 142515<+triplem> +1 15.08.2010 142519< ras0ir> +1 15.08.2010 142545<+fukawi2> I'll assign it to allan and set it due for spruce ;P 15.08.2010 142558<+allanbrokeit> lol 15.08.2010 142620<+Faelar_AS> I asigned it to ... ? 15.08.2010 142644<+fukawi2> actually yeah, I gues you can do it since you have the permissions :P 15.08.2010 142705<+fukawi2> while we're talking about security, I'll open the can-of-worms and say -1 for selinux 15.08.2010 142733<+triplem> i am 0 on this one. no real opinion 15.08.2010 142759<+Faelar_AS> SELinux mean more security but less simplicity right ? 15.08.2010 142810<+Faelar_AS> (from the end-user point of view) 15.08.2010 142827<+fukawi2> much less simplicity.... I have wasted so many hours of my life due to selinux screwing with things when I'm setting up fedora/centos machines 15.08.2010 142835<+allanbrokeit> I'd say -1 for selinux given your parent distro does not do it and there is a small team, but note that one user has made a great start to getting it working in the AUR 15.08.2010 142904<+triplem> allan: wisely spoken 15.08.2010 142910<+fukawi2> perhaps in future we can look at including it, but defaulting it to disabled state 15.08.2010 142924<+fukawi2> but I'm strongly -1 for redgum 15.08.2010 142937< ras0ir> -1 from me 15.08.2010 142943<+fukawi2> is anyone +1? 15.08.2010 142953<+Faelar_AS> no, but I have a question 15.08.2010 142956<+Faelar_AS> AppArmor :p 15.08.2010 143012<+Faelar_AS> What's the difference between it and SELinux ? 15.08.2010 143040<+fukawi2> never used AA 15.08.2010 143054< ras0ir> Faelar_AS: nice article-> http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html 15.08.2010 143056<@Lord-Taco> [ERR] No response from www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html 15.08.2010 143059<+fukawi2> I tar it with the same brush as SELinux atm :P 15.08.2010 143124<+Faelar_AS> thank you ras0ir 15.08.2010 143138<+Faelar_AS> AH while we're on the security topic 15.08.2010 143148<+Faelar_AS> I've got a question about mirors 15.08.2010 143208<+fukawi2> thx for that ras0ir, I'll read it tomorrow ;) 15.08.2010 143210<+Faelar_AS> What can we do to improve the safety of our mirrors ? 15.08.2010 143218<+fukawi2> in what way? 15.08.2010 143225<+allanbrokeit> package signing :P 15.08.2010 143227<+Faelar_AS> I mean... I own one (archserver.fr) 15.08.2010 143258<+Faelar_AS> but someone can hack my server easily since it's a crapy debian installation and I do not monitor it XD 15.08.2010 143327* fukawi2 removes faelar's access to pull updates :P 15.08.2010 143329<+fukawi2> j/k 15.08.2010 143337<+Faelar_AS> @ allanbrokeit : patches welcome :p 15.08.2010 143355<+fukawi2> it's a valid question.... I don't have any immediate suggestions other than allan's 15.08.2010 143400<+fukawi2> @faelar lmao 15.08.2010 143508<+Faelar_AS> It would be nice to have some documentation on the topic 15.08.2010 143526<+fukawi2> it wouldn't be perfect, but we could implement some kind of "quality assurance" script to randomly check packages on the mirrors to make sure they hash correctly 15.08.2010 143535<+Faelar_AS> SOmething that non-specialists (aka me) can follow to ensure a minimum security with there mirrors 15.08.2010 143558<+allanbrokeit> you would only need to download their repodbs and check they are up to date and have the same md5sums 15.08.2010 143607<+fukawi2> it would be too bandwidth intensive to check all packages on all mirrors, but spot checks might find some issues 15.08.2010 143626<+allanbrokeit> assuming md5sum are secure enough.... 15.08.2010 143642<+fukawi2> hydrogen generates md5's and sha1's of all packages 15.08.2010 143708<+Faelar_AS> checking both then ? 15.08.2010 143750<+allanbrokeit> the distributed md5sum in the repo dbs should be enough as pacman checks those against the downloaded package 15.08.2010 143756<+fukawi2> the mirrors would have to constantly regenerate the checksum files for all packages though.... too resource intensive for most mirrors I'd think 15.08.2010 143816<+fukawi2> good point allan 15.08.2010 143843<+fukawi2> if a malicious user modified a package, they would have to regenerate the DB file too in order to get the hash to match to keep pacman happy 15.08.2010 143909<+fukawi2> so if we pulled the db file, compared the md5/sha1 of that to the one on hydrogen, then any differences would set off alarm bells 15.08.2010 143926<+allanbrokeit> it is not foolproof given md5 collision attacks exist (somewhat...) but better than nothing 15.08.2010 143941<+allanbrokeit> but you could also check the package md5sums within the repos 15.08.2010 143952<+allanbrokeit> repo dbs i mean 15.08.2010 144021<+fukawi2> if we check both, then it would be sufficient I think.... a md5 AND sha1 collision would be sooo unlikely 15.08.2010 144048<+Faelar_AS> that was the idea... 15.08.2010 144126<+allanbrokeit> sure 15.08.2010 144141<+fukawi2> !action fukawi2 script a repo integrity script 15.08.2010 144141<@Lord-Taco> *** ACTION POINT: 'fukawi2' to follow up: script a repo integrity script 15.08.2010 144211<+allanbrokeit> and hopefully package signing will be finished for redgum+1 15.08.2010 144227<+fukawi2> lets not hold our breath :P 15.08.2010 144252<+allanbrokeit> there is a working patchset... 15.08.2010 144254<+Faelar_AS> or we'll move to apt-get :p 15.08.2010 144338<+fukawi2> we will do no such thing! 15.08.2010 144347<+fukawi2> are you trying to make me vomit? :-o 15.08.2010 144356<+Faelar_AS> but pacman is soooo confusing :p 15.08.2010 144414<+allanbrokeit> it needs a gui! 15.08.2010 144427<+Faelar_AS> apt-cache meaninglessaction --uselessfalg whateverpackage-dev is sooo much better ! 15.08.2010 144456<+fukawi2> dpkg --erase Faelar_AS 15.08.2010 144507<+fukawi2> evil person 15.08.2010 144509<+fukawi2> bad! 15.08.2010 144533<+Faelar_AS> "dpkg --erasing Faelar_AS will autoremove fukawi2 continue ?" 15.08.2010 144550<+fukawi2> lol 15.08.2010 144600<+fukawi2> aaaaanyway...... any more security discussion for now? 15.08.2010 144633<+triplem> no 15.08.2010 144639<+Faelar_AS> no 15.08.2010 144646<+fukawi2> excellent 15.08.2010 144648<+fukawi2> :) 15.08.2010 144652<+fukawi2> !topic general business 15.08.2010 144652<@Lord-Taco> *** NEXT TOPIC: 'general business' 15.08.2010 144655<+fukawi2> anyone? 15.08.2010 144705<+allanbrokeit> sure... 15.08.2010 144724<+fukawi2> no, you can't have a pay rise :P 15.08.2010 144726<+Faelar_AS> Hum... for those intrested I can talk about webdesign after other topics 15.08.2010 144734<+allanbrokeit> getting packages from the staging area to the repos could really use some automation 15.08.2010 144739<+Faelar_AS> but for now... brb :p 15.08.2010 144810<+fukawi2> http://git.archserver.org/?p=dbscripts.git;a=blob;f=staging2repo.sh;h=323227e694b90d22538e49b10738880663acb8f8;hb=HEAD 15.08.2010 144812<@Lord-Taco> http://git.archserver.org/?p=dbscripts.git;a=blob;f=staging2repo.sh;h=323227e694b90d22538e49b10738880663acb8f8;hb=HEAD = "ArchServer Project :: Repositories - - dbscripts.git/blob - staging2repo.sh" 15.08.2010 144822<+fukawi2> is that not working for you? 15.08.2010 144830<+fukawi2> or do you mean even mroe automation? 15.08.2010 144902<+allanbrokeit> usage: $(basename $0) [ [ yuck :D 15.08.2010 144932<+allanbrokeit> I am used to just running /arch/db-testing and everything in staging/testing goes to testing 15.08.2010 145002<+triplem> well, thats then staging2testing 15.08.2010 145002<+Faelar_AS> back 15.08.2010 145029<+fukawi2> at minimum we would need to have the argument for the release (eg, redgum) 15.08.2010 145201<+allanbrokeit> fair enough - I just found it a lot of typing compared to what I normally do 15.08.2010 145209<+fukawi2> I see your point 15.08.2010 145237<+fukawi2> that was one of the first scripts I wrote for AS, so yes, there probably are some good optimizations that could be made ;) 15.08.2010 145253<+triplem> jowilkin has written some nice aliases, which can help here. 15.08.2010 145300<+allanbrokeit> but extra typing is motivation not to upload bad packages :P 15.08.2010 145324<+fukawi2> !action fukawi2 simplify staging2repo script, and symlink to /arch/ 15.08.2010 145325<@Lord-Taco> *** ACTION POINT: 'fukawi2' to follow up: simplify staging2repo script, and symlink to /arch/ 15.08.2010 145451<+fukawi2> will that make you a happy chappy allan? :P 15.08.2010 145534<+allanbrokeit> yes! 15.08.2010 145541<+fukawi2> heheh, ace 15.08.2010 145550<+fukawi2> any other general business? 15.08.2010 145609<+Faelar_AS> FluxBB update 15.08.2010 145630<+fukawi2> benefits? 15.08.2010 145700<+Faelar_AS> "Easily translated (v1.4 supports UTF-8)" 15.08.2010 145720<+fukawi2> I HATE that the new version doesn't have the BBcode buttons anymore >:-( 15.08.2010 145731< ras0ir> argh yes 15.08.2010 145747<+Faelar_AS> Yes but I think it will be resolved soon enough 15.08.2010 145754<+fukawi2> linux is supposed to be able being lazy and saving typing.... that goes complete'y against the ethos 15.08.2010 145756<+Faelar_AS> everybody's waiting for it 15.08.2010 145837<+Faelar_AS> (Maybe I can look at it, I've not done anything in php since... ouch !) 15.08.2010 145842<+fukawi2> lol 15.08.2010 145852<+fukawi2> let's wait until that's fixed before we upgrade 15.08.2010 145913<+Faelar_AS> PLus you'll be able to put my wonderfull theme on it :p 15.08.2010 145921< ras0ir> :p 15.08.2010 145925<+Faelar_AS> http://faelar.mine.nu/dev/AS-Forum/index.php 15.08.2010 145928<@Lord-Taco> http://faelar.mine.nu/dev/AS-Forum/index.php = "My FluxBB forum" 15.08.2010 145959< ras0ir> pretty :) 15.08.2010 150010<+fukawi2> looks nice :) 15.08.2010 150048<+Faelar_AS> Only the the header file has been changed 15.08.2010 150112<+fukawi2> OT: has anyone heard from JT recently? carbon64 has been down for weeks, and haven't heard from him.... 15.08.2010 150127<+Faelar_AS> nop 15.08.2010 150130< ras0ir> no :( 15.08.2010 150146<+triplem> fukawi2: wanted to ask the same. 15.08.2010 150203<+fukawi2> hmmmmm, I'll see what happens 15.08.2010 150205<+triplem> last time i have heard from him was during the short discussion between you and him about carbon 15.08.2010 150220<+fukawi2> same -- that was the last time it was down 15.08.2010 150227<+triplem> probably drop him a short note, that we miss him? 15.08.2010 150247<+fukawi2> yeah, I sent him an email but didn't get a reply.... will send another one 15.08.2010 150318<+Faelar_AS> http://fluxbb.org/resources/mods/easy-bbcode/ 15.08.2010 150320<@Lord-Taco> http://fluxbb.org/resources/mods/easy-bbcode/ = "Easy BBCode - FluxBB" 15.08.2010 150330<+Faelar_AS> I'll install it and see if it works 15.08.2010 150332<+fukawi2> faelar -- I got an e-mail note from "cipher" earlier offering assistance with the web design, particularly with iphone/ipad css etc.... I'll reply and CC you 15.08.2010 150401<+Faelar_AS> Sure :) 15.08.2010 150415<+fukawi2> last call for general business? 15.08.2010 150448<+Faelar_AS> nop 15.08.2010 150453<+triplem> no 15.08.2010 150505<+fukawi2> well, thank-you one and thank-you all :D 15.08.2010 150508<+fukawi2> !close-meeting 15.08.2010 150509<@Lord-Taco> **** MEETING CLOSED AT 13:5:9 BY fukawi2 (1 hour, 57 minutes, 9 seconds) **** 15.08.2010 150524<+fukawi2> I'll get minutes out tomorrow 15.08.2010 150541<+fukawi2> but not I shall head to bed.... work tomorrow :( 15.08.2010 150542<+triplem> fukawi2: thank you. 15.08.2010 150553<+fukawi2> now* 15.08.2010 150607<+Faelar_AS> see you fukawi2 ! 15.08.2010 150616<+triplem> fukawi2: see you soon. 15.08.2010 150622<+fukawi2> enjoy your sunday everyone (except allan :P) 15.08.2010 150628<+allanbrokeit> work is not so bad 15.08.2010 150637<+allanbrokeit> I have wisdom teeth removed tomorrow :( 15.08.2010 150656<+triplem> allan: yeah, i would prefer work over this one as well ;-) 15.08.2010 150731<+fukawi2> ouch, good luck with that 15.08.2010 150805<+fukawi2> I'll send you an icy beer ;P 15.08.2010 150827<+allanbrokeit> oooh - good :D 15.08.2010 150911<+fukawi2> heheh ;) 15.08.2010 150913<+fukawi2> night all! 15.08.2010 150914-!- fukawi2 (~fukawi2@archserver/trusteduser/fukawi2) parts #ArchServer-meeting ["Hooroo"] 15.08.2010 151007-!- allanbrokeit (~allan@archlinux/developer/allan) parts #ArchServer-meeting ["broken"] 15.08.2010 151019-!- Faelar_AS (~faelar@archserver/trusteduser/faelar-as) parts #ArchServer-meeting [] 15.08.2010 151322-!- ras0ir (ras0ir@archserver/trusteduser/ras0ir) parts #ArchServer-meeting ["Konversation terminated!"] 15.08.2010 154338<+fakeroot> Damn, I didn't make it to be at meeting time :( 15.08.2010 160035-!- tzunami (~tzunami@adsl-223-157-198.mia.bellsouth.net) joins #ArchServer-meeting 15.08.2010 160909-!- fakeroot (~f1y@pc41-180.elektr.polsl.pl) quits [Changing host] 15.08.2010 160910-!- fakeroot (~f1y@archserver/trusteduser/fakeroot) joins #ArchServer-meeting 15.08.2010 160910-!- ServerMode +v fakeroot on #ArchServer-meeting by kornbluth.freenode.net 15.08.2010 161533-!- fakeroot (~f1y@archserver/trusteduser/fakeroot) quits [Quit: Reconnecting] 15.08.2010 161535-!- fakeroot (~f1y@archserver/trusteduser/fakeroot) joins #ArchServer-meeting 15.08.2010 181553-!- xdnny (daan@blackhole.sk) joins #ArchServer-meeting 15.08.2010 200854-!- tzunami (~tzunami@adsl-223-157-198.mia.bellsouth.net) quits [Remote host closed the connection] 15.08.2010 201352-!- Irssi: #archserver-meeting: 5 nicks (ops: 1 voices: 0 regular: 3) --- Log closed nie sie 15 20:15:46 2010