From 4b5b2e75f1e9f311fedca5ea336c19044f7170b8 Mon Sep 17 00:00:00 2001 From: David Abbott Date: Sun, 22 Oct 2017 16:15:29 -0400 Subject: Log for Oct Meeting --- ...0-22-19:00_Foundation-Meetings-2017-10-.log.txt | 370 +++++++++++++++++++++ 1 file changed, 370 insertions(+) create mode 100644 2017/2017-10-22-19:00_Foundation-Meetings-2017-10-.log.txt diff --git a/2017/2017-10-22-19:00_Foundation-Meetings-2017-10-.log.txt b/2017/2017-10-22-19:00_Foundation-Meetings-2017-10-.log.txt new file mode 100644 index 0000000..a410370 --- /dev/null +++ b/2017/2017-10-22-19:00_Foundation-Meetings-2017-10-.log.txt @@ -0,0 +1,370 @@ +[19:00:12] Meeting started by prometheanfire +[19:00:24] Meeting chairs are: zlg, alicef, dabbott, kensington, prometheanfire, +[19:00:35] Current subject: roll call, (set by prometheanfire) +[19:00:38] o/ +[19:00:59] o/ +[19:01:01] o/ +[19:01:20] dabbott: kensington? +[19:02:06] (btw it's paragraph 7 that talks about stretch's gnupg using elliptical curves) +[19:03:01] they use gnutls, not openssl though (for gnupg) +[19:03:18] ah +[19:03:26] anyway, guess I'm logging then? +[19:03:40] robbat2: jmbsvicetto ping as well +[19:04:03] fairly sure I log this channel as well, in case anyone needs a backup. +[19:04:18] pong +[19:04:18] Current subject: Has the NM filing been updated? (prometheanfire), (set by prometheanfire) +[19:04:21] yes +[19:04:37] Current subject: https://wiki.gentoo.org/wiki/Foundation:Activity_Tracker, (set by prometheanfire) +[19:05:03] Annual Report - New Mexico is scheduled for november +[19:05:12] zlg: robbat2 thats you I think +[19:05:19] Yep, looks like us. +[19:05:39] k, just a ping to get on it :P +[19:05:45] no, it's not me +[19:05:50] it's been filed by dabbott in the past +[19:06:10] robbat2: k, it stated treasurer though +[19:06:17] 11/15/2018 +[19:06:22] ? +[19:06:25] and it looks like it has been done already +[19:06:29] on the NMPRC site +[19:06:44] Sorry guys +[19:07:04] Yeah, I remember us discussing the update of this record. +[19:07:04] Report Due Date:11/15/2018 +[19:07:59] ok, then the wiki needs updating +[19:08:07] zlg: can you do that? +[19:08:17] prometheanfire: sure, I can do that +[19:08:19] Current subject: irs status, (set by prometheanfire) +[19:08:32] zlg: robbat2 how goes it? +[19:08:34] sorry afk kid +[19:09:34] sorry was tied up +[19:09:39] I haven't seen much this last month, so don't expect anything +[19:09:41] I've not seen anything new on it yet. I filled in some of the missing information we had for the MoneyMarket account (about 2 years worth of statements thanks to robbat2 ) +[19:09:45] dabbott: k, all are here now :D +[19:09:50] dabbott: you logging? +[19:10:02] But the filing itself I've not seen anything on. +[19:10:03] yes +[19:10:36] k, well, we can come back to it if robbat2 has additional info +[19:10:41] sgtm +[19:10:55] zlg: dabbott you have any items to go over? +[19:11:17] there is no further progress on the filing, next step, as before, is producing our updated financial statements +[19:11:33] robbat2: ack +[19:11:42] None at this time. I want to focus on learning the rest of what I need to know so I can catch up on financial activity. +[19:11:46] and i've had very little time +[19:11:51] Current subject: alicef - Add Foundation:Consultants reference to https://www.gentoo.org/support, (set by prometheanfire) +[19:11:58] alicef: how goes that? +[19:12:02] prometheanfire: no +[19:12:19] still not done +[19:12:42] sorry i got buusy +[19:12:42] k, that item will stay on the itenerary then +[19:12:45] np +[19:12:55] going to shanghai next week +[19:12:55] Current subject: alicef - (non-corporate) donors / "friends" page, (set by prometheanfire) +[19:13:02] alicef: fun :D +[19:13:24] i have to made such page ? +[19:13:25] how goes that one? +[19:13:35] the donors page was waiting on me to formalize the new sponsors proposal +[19:13:51] robbat2: ah, the various amounts right? +[19:13:59] yes +[19:14:33] robbat2: should I move that item to you? +[19:14:55] yes +[19:15:02] k +[19:15:12] yee +[19:15:18] Current subject: copyright policy, (set by prometheanfire) +[19:15:30] this is about the FLA +[19:15:32] not for fun +[19:15:43] FLA? +[19:15:57] it was previously under my name, but I moved it under alicef's name as she has more experience there +[19:16:01] LINK: https://fsfe.org/activities/ftf/fla.en.html [Fiduciary Licence Agreement (FLA) - FSFE Legal] +[19:16:13] you can move to me but I think I will be busy for working on it soon +[19:16:13] LINK: https://script-ed.org/archive/volume-10/issue-102-140-306/ [Issue 10:2 (140-306) – SCRIPTed] +[19:16:34] alicef: that's ok, this is a bigger thing that will likely involve research among all of us +[19:16:48] LINK: https://wiki.gentoo.org/wiki/User:Aliceinwire/CopyrightPolicy [User:Aliceinwire/CopyrightPolicy - Gentoo Wiki] +[19:16:54] is not for fun, I will go to attend SOSP +[19:17:11] alicef: why do you keep saying 'not for fun' ? +[19:17:23] is replay to prometheanfire +[19:17:25] ok, no progress yet, but it looks like the web hosting for https://contributoragreements.org/ is gone (squater) +[19:17:30] her trip is not for fum +[19:17:41] oh +[19:17:44] alicef: sneek some in :) +[19:17:48] now I get that response +[19:17:59] yep, that's the key to intl trips, sneaking fun in +[19:18:26] they probably moved the page +[19:18:42] prometheanfire: http://contributoragreements.org/ +[19:19:00] someone added https +[19:19:11] with the wrong cert +[19:19:12] ya +[19:19:27] ok, moving on +[19:19:46] Current subject: prometheanfire - join the call for Public Code https://publiccode.eu (done), (set by prometheanfire) +[19:19:52] prometheanfire: no to the wiki link +[19:20:04] alicef: that was probably me +[19:20:15] this is finished +[19:20:23] +1 prometheanfire +[19:20:25] yep +[19:20:32] next, the fun items +[19:20:40] \o/ +[19:20:48] Current subject: larrythecow.org , (set by prometheanfire) +[19:20:58] LINK: https://bugs.gentoo.org/634406 [634406 – larrythecow.org potentially(?) profiting off of Gentoo mascot's name.] +[19:21:06] beandog used to own the domain, but he let it lapsed, present owner unknown +[19:21:10] *let it lapse +[19:21:39] looks like it's a laptop review blog now. +[19:21:48] I think we should reach out to them (the current owner), specifically about the use of our copyright +[19:21:57] i see the gentoo logo there and looks like is only suggesting to buy free laptop +[19:21:59] a funtoo user gave it to drobbins (Funtoo) at one point I think +[19:22:16] point them to our logo usage guidelines +[19:22:37] I'm not sure we can get them to stop using the domain itself, but should be able to get them to stop using the logo +[19:22:40] After reading a few pages, it's all the same marketing-speak stuff. +[19:22:48] zlg: yep +[19:22:52] Yeah, the logo is clearly in violation. +[19:22:55] mmm +[19:23:02] ok +[19:23:04] I had asked prior if we have any standard copy to send violators. +[19:23:17] Or if each of our letters are written from scratch. +[19:23:19] zlg: I don't think we do +[19:23:37] If I know the requirements of the copy, I can draft something up. +[19:23:38] I'm going to start out as a normal email to inform them +[19:23:41] I never saw anything +[19:23:56] if that doesn't work we can make it 'official' +[19:25:11] I'd like to vote on that plan of action +[19:25:22] I'm in favor of reaching out. It's a clear violation. +[19:25:25] Registry Expiry Date: 2018-10-28T23:11:06Z +[19:25:35] Registrar URL: http://www.name.com +[19:26:04] i think there might be a letter we had written in the past, but it would probably require substantial updates, so better to start fresh +[19:26:09] email them to inform of logo usage guidelines (to get them to stop using our logo), failing that, contact hosting provider +[19:26:14] vote please ^ +[19:26:16] aye +[19:26:16] yes +[19:26:24] Yes +[19:26:36] yes +[19:26:44] yes +[19:26:47] k +[19:26:58] I'll send a draft to the trustees alias first +[19:27:08] prometheanfire: thanks +[19:27:11] next +[19:27:26] Current subject: openssl ecc patents issue, (set by prometheanfire) +[19:27:36] LINK: https://bugs.gentoo.org/531540 [531540 – dev-libs/openssl: revise inclusion of elliptic curves with bindist USE flag] +[19:27:45] A quick search indicates there's a lot of ECC patents. +[19:28:00] robbat2: I believe you've done some work there as well +[19:28:02] at the licenses team, ulm & I have agreed that Fedora's approach is the safest one at this time, and ulm has approved the patch I used +[19:28:25] it's just Fedora's patch for 1.1.0, applied on top of the 1.1.0 ebuild +[19:28:33] the catch herein, is that we still have 1.1.0 is package.mask +[19:28:49] and Fedora doesn't have a current version of their patch for openssl 1.0 +[19:28:53] robbat2: that's only allowing specific curves by default? +[19:28:56] yes +[19:29:08] robbat2: have we searched their git history? +[19:29:17] yes, I can link you to the earlier patches +[19:29:24] so what it does: +[19:29:33] - remove any curves that are covered by patents +[19:29:41] - remove any EC methods that are covered by patents +[19:30:05] - disable/modify anything that linked/referenced those +[19:30:36] the methods part worries me more than the curves +[19:30:41] because the curves are well-contained in the codebase +[19:30:52] will users be able to opt out of that disabling? +[19:31:10] USE=-bindist, as presently, gets you the FULL openssl +[19:31:19] USE=bindist will give you the limited subset of openssl +[19:31:51] k +[19:32:20] What will this patch mean for releng? Can they ship dev-python/cryptography with USE=bindist on openssl? +[19:32:21] by your ommision it sounds like the methods are not well contained in the code base? +[19:32:39] zlg: I think so +[19:33:02] dwfreed was going to test it, but it should build, at worst with some patches to ensure it doesn't try disabled curves +[19:33:21] I don't remember saying I was going to test it +[19:33:26] The patch sounds good, and other larger distros appear to have avoided legal trouble with it. +[19:33:28] at the least, fedora should have those patches +[19:33:42] if any are needed +[19:33:58] maybe we could reach out to them and ask for details regarding the decision(s). +[19:34:06] I doubt they'd make that decision lightly. +[19:34:12] prometheanfire: yes, the methods aren't well-contained, that's why USE=bindist passes disable-ecm2 +[19:34:15] *ec2m +[19:34:35] k +[19:34:57] i trust the Fedora person behind the decision, I know from prior experience he makes the choices for all of Redhat, with the backing of RH legal +[19:35:19] well, I'm in favor of using the patches, with a directive to try and getting it working with openssl-1.0 if possible +[19:35:38] https://lwn.net/Articles/714524/ +[19:35:52] LINK: https://lwn.net/Articles/714524/ [This is why I drink: a discussion of Fedora's legal state [LWN.net]] +[19:35:53] "Elliptic curve cryptography is now in Fedora, after a six-year wait for the base functionality, and a ten-year wait for the curves currently used. " +[19:36:06] yep, that was a good article +[19:36:11] Looks like a good read +[19:36:28] k, I think we should vote +[19:36:40] the options on the table for it +[19:36:49] 1. keep USE=bindist very safe, no EC at all +[19:36:58] 2. use the Fedora patches, hobbled-EC +[19:37:10] 3. talk to Debian, and take their full EC approach +[19:37:19] did I miss a possible outcome? +[19:37:30] using the patches (as fedora does, aka, the one ported by robbat2 from fedora), with a directive to try and getting it working with openssl-1.0 as well, if possible +[19:37:34] nope +[19:37:37] robbat2: lgtm +[19:38:01] 1 is not an option if you want mirrorselect on min-install CDs, just fyi +[19:38:04] debian would be easier, does anyone know anyone over there? +[19:38:26] dwfreed: yep, I'm in favor of option 3 if we can, but at least option 2 +[19:38:30] rewrite mirrorselect ;-) +[19:38:40] this is the rewrite +[19:38:47] re-rewrite it :D +[19:39:21] if it's in python cryptography is THE library to use +[19:39:25] I've had limited communication with Debian. Their technical committee is probably the point of contact. +[19:39:36] convince cryptography to revert making EC non-optional +[19:39:45] dwfreed: good luch +[19:39:47] luck +[19:39:53] that'd be the only way you could have 1 and mirrorselect on min-install +[19:40:02] dwfreed: How do they legally get away with that? +[19:40:07] If they write libre software... +[19:40:24] it's a requirement, they don't make the decision to use themselves +[19:40:28] downstreams do +[19:41:00] it's mostly a sane wrapper around openssl and/or other crypto libraries +[19:41:26] robbat2: how hard would it be to get it into 1.1? can we do that while at the same time talking to deb? +[19:41:37] it's mostly python, with a C component for the interface to crypto libraries +[19:41:41] The patch is for 1.1 afaik +[19:41:48] you mean 1.0; it's just a matter of some dev time, which I'm short on +[19:41:51] it is +[19:42:06] the 1.1 patches just-worked, the 1.0 didn't +[19:42:17] robbat2: I mean to get the patch for 1.1 in tree, while we contact debian for more info +[19:42:26] that would force releng to use 1.1 though +[19:42:33] that wouldn't be bad +[19:42:46] i think it's probably doable +[19:42:53] since Fedora is shipping 1.1 as default +[19:42:56] even with 1.1 being masked? +[19:42:59] and ubuntu does as of last week too +[19:43:30] patch + talk to debian + try to backport for 1.0 sounds like the best course of action. +[19:43:53] well, if we can unmask 1.1 and start the stable process that sounds good too (instead of backporting) +[19:44:02] so, to vote +[19:44:04] it has been in package.mask for a long time +[19:44:34] patch 1.1, talk to debian, (try to backport for 1.0 OR work on getting 1.1 stable) +[19:44:42] yes +[19:44:47] yes +[19:44:56] yes +[19:45:14] Abstain +[19:45:16] (side note: where is releng? it'd be nice to hear from them) +[19:45:48] alicef: ? +[19:45:50] abstein +[19:45:52] k +[19:45:58] jmbsvicetto has been busy with IRL stuff, so I'm the closest you have to releng here +[19:46:03] as the releng-infra liason +[19:46:11] we have quorum +[19:46:15] oh yeah, I recall you mentioning that +[19:46:15] Abstain +[19:46:21] xd +[19:46:47] robbat2: you want to head that up? (I'll make a comment on the bug) +[19:47:06] I can reach out to Debian if robbat2 's too busy. +[19:47:18] i will put my 1.1 in the tree +[19:47:20] most of the patch work appears to be done already. +[19:47:22] somebody else gets the rest +[19:47:24] zlg: k +[19:47:38] i will link the existing Fedora 1.0 patches as well +[19:47:46] robbat2: ok, so it's you and zlg I think +[19:47:57] next item +[19:48:04] robbat2: let me know what you can't get to via e-mail or IRC, I'll try to figure it out from there. +[19:48:07] Current subject: infra update, (set by prometheanfire) +[19:48:14] robbat2: that's you :D +[19:48:19] how are the new drives/server? +[19:48:24] oh yeah, the new storage! :D +[19:48:34] \o/ +[19:48:41] the parts are in place as of this past Monday +[19:48:56] i did some quick benchmarks to test the storage, but haven't set up MySQL on them yet +[19:48:59] ENOTIME +[19:49:15] ok, any other infra updates? +[19:49:52] nothing else comes to mind right now +[19:49:54] k +[19:50:05] is that it for agenda items? +[19:50:10] Current subject: Treasurer update, (set by prometheanfire) +[19:50:15] zlg: that's you :D +[19:50:30] next is bugs, then that's it +[19:50:36] robbat2 and I worked together to catch up the MoneyMarket account from 2013-12 to 2015-12. +[19:50:50] So there's a good swath of statements that are known-good now. +[19:51:20] robbat2 can correct me if I'm wrong but I think next is to get caught up on recent transactions. +[19:51:33] and the error margin was only a few cents in the wrong months :-) +[19:51:40] robbat2: very good :D +[19:51:46] two seperate parts for next-steps +[19:51:51] Indeed! it all balanced out well, it was a matter of where the pennies were going. +[19:52:04] as before, 1. financial statements of older data for IRS needs +[19:52:16] 2. recent transaction importing as data becomes available +[19:52:42] nice +[19:52:43] Is the accountant still on board? +[19:52:47] I don't think I have access to all that I'd need to fetch all the data. +[19:52:58] e.g. csv and statements from Paypal, et al +[19:53:16] zlg: then you haven't looked closely enough in the repos +[19:53:24] fair enough :) +[19:53:24] the passwords for Paypal ARE there +[19:53:32] in the encrypted files +[19:53:48] the accountant is still available, but is also waiting for us to do the financial statements +[19:53:53] Ah, I had assumed I didn't have the keys to open them. +[19:54:03] robbat2: ok thanks +[19:54:12] k, bugs next +[19:54:14] there's a bunch of changes needed in data to get those financial statements, like fixing forex transactions & depreciation +[19:54:34] depreciation, fun +[19:54:54] .subect bugs +[19:55:02] Current subject: bugs, (set by prometheanfire) +[19:55:09] LINK: https://goo.gl/CTX1qO [Bug List: TrusteesOpenBugs] +[19:55:22] we already went over 2 bugs +[19:55:28] robbat2: is e-mail the better way to reach you since you're busy? +[19:56:06] try email if you can't find me on IRC +[19:56:12] okay, I'll remember that. +[19:56:43] I don't see any new items outside of the usual funding requests +[19:56:55] I do have a suggestion about the bugs +[19:57:09] adding a last-checked item in whiteboard? +[19:57:22] a flag could be created so we know if something is actionable +[19:57:25] robbat2: close :P +[19:57:33] an actionable flag sounds good. +[19:57:41] the user would set this flag so we know to go over it +[19:57:45] actionable by who is the question +[19:57:47] consider bug +[19:57:51] bug 607622 +[19:57:54] robbat2: https://bugs.gentoo.org/607622 "a new sparc machine is needed"; Gentoo Foundation, Infra Support; CONF; ago:trustees +[19:58:05] we are waiting for the sparc team to attach a funding proposal +[19:58:07] actionable by trustees +[19:58:46] hmm.. good point. If the Foundation is waiting for action from another group, do we just CC them and leave the ball in their court? +[19:58:48] last-reviewed date would help as well, so we can clearly see when we last looked at it, or gave a direction +[19:58:56] I think we should review rotting bugs and close them where possible +[19:58:59] but we can discuss that offline +[19:59:02] kensington: ++ +[19:59:09] this is spam https://bugs.gentoo.org/607622#c11 ? +[19:59:43] alicef: nope +[19:59:49] alicef: that's weird, it's a real comment with the spammy link +[19:59:57] yep +[20:00:23] https://www.ultimatewebtraffic.com/ this link is completely not related with what we are talking +[20:00:38] don't some of us have the ability to edit bug comments? +[20:00:43] yeah, i'm going to redact that comment for spam, and repost it without the link +[20:00:46] only infra does +[20:00:50] robbat2: k +[20:00:54] is comment could be auto generated +[20:01:01] his +[20:01:03] https://bugs.gentoo.org/631446 can be closed I think? +[20:01:48] We could check that user to see if they've posted the same spam elsewhere on the tracker. +[20:02:00] If it's done sure +[20:02:14] prometheanfire: only closed after that is entered in the accounting data +[20:02:24] expense against goodwill +[20:02:24] check if ir usual thing for Nico Bareto to post spam and ban in case it is +[20:02:28] robbat2: it's not being reimbursed +[20:02:43] not sure how that gets accounted +[20:02:48] prometheanfire: yes, that's the 'goodwill' part, you effectively donated the fee to us +[20:02:55] ah, right +[20:03:07] ok, will be open til you or zlg gets to it then +[20:03:10] i have to go for the kids again; lots of the open bugs are waiting for treasurer data entry :-) +[20:03:19] robbat2: I noticed... x_x +[20:03:33] alicef: are you going to buy the other item in your funding request or not? +[20:03:43] not now +[20:03:47] yep, lets move on +[20:03:51] Current subject: open floor, (set by prometheanfire) +[20:03:56] alicef: ok, if you DO want it in future, please open a new funding request for it +[20:04:21] no one helped me making the table cover so i'm dropping it for now +[20:04:22] alicef: you need the traveling mailbox password file reencrypted with your key right? +[20:04:30] yes +[20:05:02] robbat2: I think I can do it, I just have to ecrypt the file with all of our keys (trustee/officer) right? +[20:05:30] prometheanfire: there's a helper comment in one of the toplevel textfiles +[20:05:34] that should catch all the keys +[20:05:37] k +[20:05:51] trustees-gpg.txt.asc +[20:06:14] date of next meeting is currently November 19th, is that fine with everyone? +[20:06:29] Yep +[20:06:29] I should be able to get that day off. +[20:06:37] fine here +[20:06:41] yes, Nov 19th is good with me +[20:07:02] alicef: nov 19 good for you? +[20:07:19] ok +[20:07:35] k, anyone else have any remaining items? +[20:07:48] I'm good. +[20:07:57] i'm good +[20:08:17] k +[20:08:17] # Who will post the log? Minutes? ({{U|dabbott}}) +[20:08:18] # Who will update the motions page? ({{U|aliceinwire}}) +[20:08:18] # Who will send emails? ({{U|dabbott}}) +[20:08:18] # Who will update agenda? ({{U|prometheanfire}}) +[20:08:20] # Who will update channel topic? ({{U|prometheanfire}}) +[20:08:29] just so people know their jobs :D +[20:08:32] I'm gonna update our activity tracker and reach out to Debian to figure out their reasoning for ECC inclusion. +[20:08:41] Meeting ended by prometheanfire, total meeting length 4109 seconds -- cgit v1.2.3-65-gdbad