- Wednesday, February 10, 2016

release-team@conference.openafs.org

Wednesday, February 10, 2016< ^ >

Room Configuration

Room Occupants

GMT+0
[02:08:53] Jeffrey Altman leaves the room
[02:17:24] Jeffrey Altman joins the room
[05:35:59] mvita leaves the room
[11:42:42] shadow@gmail.com/barnowlABEE2063 leaves the room
[11:42:52] shadow@gmail.com/barnowlABEE2063 joins the room
[11:46:59] shadow@gmail.com/barnowlABEE2063 leaves the room
[11:47:12] shadow@gmail.com/barnowlABEE2063 joins the room
[13:33:07] meffie joins the room
[14:30:07] mvita joins the room
[14:59:56] <mvita> hello and good day
[15:00:34] <meffie> hello mark
[15:00:58] <mvita> I see you made it even without a proper email notification
[15:01:36] <mvita> my apologies to any attendees who didn't get my email - I mistakenly sent it only to ben, stephan and mike instead of to the release-team mailing list
[15:01:55] <mvita> I'll get it right next week
[15:02:52] <mvita> Ben said he might not be able to make it today.
[15:03:09] <mvita> and we are not expecting Stephan.
[15:04:31] <mvita> Mike, for 1.6x
[15:05:30] <mvita> we should try to get the rest of the donated OS X packaging posted for upstream review
[15:05:57] <mvita> maybe marcio could do it?
[15:06:41] <mvita> I'm not sure what Stephan meant by "is that web change really all we want/need?"
[15:06:44] <meffie> yes, that is on his list.
[15:06:53] <mvita> oh, okay, good
[15:07:53] <mvita> do you know what Stephan was referring to?
[15:07:59] <Jeffrey Altman> morning
[15:08:07] <mvita> good morning Jeffrey
[15:08:13] <mvita> how are you?
[15:08:54] <Jeffrey Altman> doing ok.  snow in Nashville shuts down the city
[15:09:17] <meffie> excellent.
[15:09:26] <mvita> oh, are you attending a conference in Nashville?
[15:09:31] <Jeffrey Altman> wreaking havoc with the birthing class schedule.  not enough weeks left for make ups when they get canceled
[15:09:41] <Jeffrey Altman> I live in Nashville
[15:09:49] <mvita> ( I don't know that)
[15:09:52] <mvita> didn't
[15:10:07] <mvita> for some reason I thought you lived in NY State
[15:10:26] <meffie> only been there once, but i found it to be a very nice place. (nashville)
[15:10:28] <Jeffrey Altman> I used to.  Moved to Nashville 2.5 years ago
[15:10:35] <mvita> ah, okay
[15:11:12] <meffie> just a light snow here today. (cleveland)
[15:11:32] <mvita> about an inch here (mid eastern state PA)
[15:11:45] <mvita> okay.
[15:12:01] <Jeffrey Altman> I was in NYC for the 26.9".   The snow here is nothing by comparison but there is no infrastructure to deal with it.
[15:13:45] <Jeffrey Altman> I didn't meant to interrupt your discussion.  I didn't seek Stephan's comment.  Was it in a private e-mail exchange?
[15:14:36] <mvita> I don't know if the original was.  but this part was intended for the release team, so I think it's okay to share.
[15:15:01] <mvita> and I believe Stephan said he would forward you the private email last week - did he?
[15:15:28] <Jeffrey Altman> He sent me a private mail about his personal situation.
[15:16:10] <mvita> yes, okay, good.  I think these agenda items may have been included in that (as carryover from 2-3 wks ago)
[15:16:13] <mvita> anyway:
[15:16:25] <mvita> We have the following agenda items from Stephan to discuss:
1.6.x
- how to deal with the just donated OS X installers (is that web change really all we want/need?)
- how to proceed with 1.6.x (ship a pre1 which builds on Linux 4.4 but is suspicious of causing serious issues including data corruption?)
[15:16:41] <mvita> the bullet items are his words
[15:17:02] <mvita> any idea what he meant by "web change"?
[15:18:23] <Jeffrey Altman> I believe that Stephan is referring to the gerrit change that David Botsch pushed which adds a link from openafs.org/macos.html to SNA's downloads directory.
[15:18:36] <mvita> OH, that.
[15:18:41] <mvita> I forgot about that.
[15:19:16] <mvita> well, since we intend to submit what we have for upstream review
[15:19:34] <mvita> the web change, if appropriate, should only be termporary
[15:19:46] <mvita> temporary
[15:20:20] <mvita> the intention is that openafs.org will be able to publish mac packaging going forward
[15:21:04] <mvita> the current package is signed by SNA, I believe, but that too is intended to be temporary if I understand correctly
[15:21:06] <Jeffrey Altman> In my option, the intention is irrelevant.  Why distribute from SNA's site at all?   If they are the product of "OpenAFS" then they should be distributed via grand.central.org and dl.openafs.org just as all of the other installers that AuriStor, Inc. and Secure Endpoints, Inc. signed in the past.
[15:21:40] <mvita> We are in agreement, we are just working out details of how to do that
[15:22:28] <mvita> distributed from SNA for those who need it now until we can get it distributed from openafs.org
[15:22:47] <Jeffrey Altman> What details? SNA gives binaries to the release managers who post them and update the web site along with the other binaries.
[15:23:30] <mvita> not all the packaging materials used to build those binaries are upstream yet
[15:23:55] <mvita> we want others to be able to use those as well if they would prefer to build and sign their own
[15:25:00] <Jeffrey Altman> That is great but is sort of irrelevant.  SNA isn't calling the distribution SNA AFS for OSX and the name will change to "OpenAFS for OSX" when it gets built and signed by the Foundation.
[15:26:38] <mvita> sure.  I'm not sure I'm following your objection?
[15:26:42] <jhutz@jis.mit.edu/owl> > not enough weeks left for make ups when they get canceled
they'll just have to postpone the birth :-)
[15:27:44] <Jeffrey Altman> sadly, the doctors have decided they do not want the pregnancy to extend beyond leap day because of Sara's age and size.  :-(
[15:28:05] <mvita> are you saying just post the binaries on openafs.org now, even though all their ingredients aren't upstream yet?
[15:28:38] <jhutz@jis.mit.edu/owl> No, Jeff, there's actually a constraint here.  I don't think we can
distribute binary packages if we don't have all the sources to distribute.
[15:29:04] <Jeffrey Altman> I'm saying that there is no reason not to provided it is made clear that what is being posted is not 1.6.16 as was claimed in Evan's announcement
[15:29:10] <mvita> yes, I guess that's the assumption/requirement I was using
[15:29:34] <mvita> Yes, it is not 1.6.16, that is correct
[15:29:43] <mvita> it's 1.6.16 +
[15:30:59] <Jeffrey Altman> I believe it contains http://gerrit.openafs.org/#/c/12167/ which is a security problem.
[15:31:51] <mvita> I believe that is correct as well and considerations should be noted in the release notes if it is posted to openafs.org
[15:32:12] <Jeffrey Altman> I disagree with the security analysis that Evan posted in the announcement.
[15:32:17] <mvita> this is a work in progress.
[15:32:58] <mvita> specifically, we and others are still looking for better solutions
[15:34:06] <mvita> and we (not just sna, but openafs) welcome any and all suggestions along those lines to make this as good as possible
[15:35:19] <mvita> ultimately as I believe you said Jeffrey, the security officer has to make the call about balancing the risk of that particular commit
[15:35:33] <mvita> and whether to allow the binaries to be posted on openafs.org
[15:38:21] <mvita> so there are indeed a number of details to still be ironed out.
[15:38:26] <Jeffrey Altman> I would not publicly distribute any installers with that change or something like it.  The change opens the door not just to local access to files but to remote access via any daemon that was started as root whether or not it later changes its effective id.
[15:38:39] <mvita> understood.
[15:41:18] <mvita> For now:
[15:41:53] <mvita> - we need Ben's opinion/decision on the security issue - he's unable to attend today, but I will mention this in the minutes
[15:42:02] <mvita> (that I post to release-team ml)
[15:42:19] <mvita> - sna will continue to upstream packaging for review
[15:42:54] <mvita> - we all need to keep looking for a more secure solution
[15:44:19] <mvita> any other discussion on the os x topic before we move on?
[15:44:27] <mvita> oh, yeah, wait
[15:44:31] <kadukoafs@gmail.com/barnowlF1D9A71F> I do not think I got mail with Jeffrey's comment on 12167, even though
I expected to (and ought to have prior to the gerrit upgrade, IIRC).
Oh, there is a new setting to receive email notification for all
comments that I did not check, sigh.
[15:45:11] <kadukoafs@gmail.com/barnowlF1D9A71F> I got a unicast reply from Evan that implied there were more changes
in the SNA installers (on top of 1.6.16) than just 12167.
[15:45:28] <Jeffrey Altman> Hi Ben.  Feeling better?
[15:45:32] <mvita> yes, packaging mostly, none of it submitted yet.
[15:45:49] <mvita> but we have someone assigned here to do it
[15:47:35] <kadukoafs@gmail.com/barnowlF1D9A71F> I am of improved health, finally.
[15:47:47] <Jeffrey Altman> glad to hear it
[15:47:48] <mvita> that's good
[15:47:49] <meffie> wonderful news
[15:47:51] <kadukoafs@gmail.com/barnowlF1D9A71F> Anyway, thanks for bringing the security issue up; I'll take a look.
[15:48:02] <mvita> thank you Ben.
[15:48:11] <mvita> and thank you Jeffrey for raising it.
[15:49:48] kadukoafs@gmail.com/barnowlF1D9A71F leaves the room
[15:49:51] <mvita> back to the web page change
[15:49:51] kadukoafs@gmail.com/barnowl8DA8ED20 leaves the room
[15:49:51] kadukoafs@gmail.com/barnowl8DA8ED20 leaves the room
[15:49:51] kadukoafs@gmail.com/barnowlF1D9A71F leaves the room
[15:49:51] kadukoafs@gmail.com/barnowl8DA8ED20 leaves the room
[15:49:51] kadukoafs@gmail.com/barnowlF1D9A71F leaves the room
[15:50:03] <mvita> for a moment
[15:50:16] kadukoafs@gmail.com/barnowl2F6B45A5 joins the room
[15:50:59] <kadukoafs@gmail.com/barnowl2F6B45A5> (Had to login/out to stop getting 5 copies of everything)
[15:51:07] <mvita> if it's inappropriate for any reason that openafs.org point to _anything_ on a third party site, then that's that.
[15:52:37] <mvita> are all binaries on openafs.org actually hosted on openafs.org?  I don't know.
[15:52:44] <meffie> yes
[15:52:51] <Jeffrey Altman> no
[15:52:56] <meffie> oh?
[15:53:07] <Jeffrey Altman> all binaries are hosted by grand.central.org
[15:53:25] <mvita> okay.
[15:53:27] <Jeffrey Altman> as is the entire web site
[15:53:34] <meffie> well, i meant they ware in g.c.o's cell.
[15:55:08] <Jeffrey Altman> I have no objection to openafs.org referencing third party sites.  It already does so from the credits and support pages.
[15:55:36] <kadukoafs@gmail.com/barnowl2F6B45A5> Yeah, in principle it is fine to do; there might be quibbles about the
specific wording, of course.
[15:55:46] <kadukoafs@gmail.com/barnowl2F6B45A5> (I turn into a pumpkin in five minutes.)
[15:56:54] <mvita> okay.
[15:57:31] <mvita> ben re: 1.8 canyou point us to anything you need reviewed?
[15:58:03] <mvita> (or other tasks we can help with)
[15:58:56] <kadukoafs@gmail.com/barnowl2F6B45A5> I forget the current state of review, but akeyconvert,
rxgen-size_t-workaround, and externalize-log-rotation are topics I'm
keen to get in.
[15:59:33] <mvita> okay.  just wanted to give you a chance to say what you need before you have to drop
[15:59:39] <kadukoafs@gmail.com/barnowl2F6B45A5> (akeyconvert should be easy for meffie, since I just plugged the
memory leak, IIRC)
[15:59:54] meffie hangs head in shame. missed that.
[16:00:22] <kadukoafs@gmail.com/barnowl2F6B45A5> mvita: thanks
[16:00:33] <kadukoafs@gmail.com/barnowl2F6B45A5> meffie:, well, it's in a very unlikely case, to be fair
[16:00:37] <meffie> i'll look / test akeyconvert again.
[16:00:43] <kadukoafs@gmail.com/barnowl2F6B45A5> Thanks!
[16:01:13] <kadukoafs@gmail.com/barnowl2F6B45A5> GONE
[16:01:14] <meffie> i have to fix the comments in 'refactor OpenLog'
[16:01:23] <meffie> bye.
[16:01:35] <mvita> tx Ben
[16:03:00] <mvita> any other 1.6x or 1.8x topics before we adjourn?
[16:03:16] <Jeffrey Altman> on the subject of Linux 4.4.
[16:03:21] <mvita> okay
[16:04:07] <Jeffrey Altman> The changes that are in Gerrit are reasonably correct as far as they go but they will produce a client that corrupts data.
[16:04:51] <mvita> what's the level of confidence there?  proven/likely/possible/unknown?
[16:05:01] <mvita> (for corruption)
[16:05:26] <Jeffrey Altman> level of confidence of corruption?  100% it will corrupt data written to a file server.
[16:05:39] <mvita> okay.
[16:05:45] <mvita> well then, that won't do.
[16:05:46] <Jeffrey Altman> when you are unlucky
[16:06:22] <mvita> so more work is needed before that can go in a 1.6 point release
[16:06:27] <Jeffrey Altman> for Linux 4.5 the symlink handling in the kernel is being redesigned.
[16:06:44] <mvita> but how do we feel about it being in a pre1?
[16:06:56] <mvita> in its current state with the risk of corruption
[16:07:33] <Jeffrey Altman> I wouldn't give it to a customer to test with
[16:07:33] <mvita> would that provide any useful information from those who try it out?
[16:08:35] <mvita> (I'm not familiar with the details, so I 'm asking if the reason for the corruption is well understood, not if there's a known solution yet)
[16:09:09] <mvita> if we already know the cause, then there's not much to be gained from putting it in pre1 either
[16:09:40] <Jeffrey Altman> I believe that Ben has commented in RT that the cause is understood
[16:09:49] <mvita> okay.
[16:14:03] <mvita> tx Jeffrey.   anything else on that (or other points) before we adjourn?  jeffrey jhutz meffie?
[16:14:14] <meffie> no thank you.
[16:17:01] <mvita> okay, if there's nothing further, I'm going to adjourn.  I'll send minutes/summary to release-team mailing list in a day or two.
[16:17:04] <mvita> thank you all
[16:17:13] <Jeffrey Altman> good day
[16:17:22] <mvita> you too
[16:33:51] meffie leaves the room
[23:33:16] mvita leaves the room