path: root/wiki/src/contribute/meetings/201711/logs.txt
diff options
Diffstat (limited to 'wiki/src/contribute/meetings/201711/logs.txt')
1 files changed, 286 insertions, 0 deletions
diff --git a/wiki/src/contribute/meetings/201711/logs.txt b/wiki/src/contribute/meetings/201711/logs.txt
new file mode 100644
index 0000000..ce9e3a4
--- /dev/null
+++ b/wiki/src/contribute/meetings/201711/logs.txt
@@ -0,0 +1,286 @@
+(19:00:08) intrigeri: meeting time
+(19:00:24) intrigeri: who's here for the meeting (3rd one in a row for some of us, crazy!)
+(19:00:25) intrigeri: ?
+(19:00:32) segfault: i am
+(19:00:44) intrigeri: note taking, facilitation, anyone?
+(19:00:53) emmapeel: imm for the meeting
+(19:01:05) nodens: .o/
+(19:01:05) segfault: i can take notes if nobody else wants to do it
+(19:01:13) intrigeri: I can *force myself* to do one of those but at first glance I'd rather not.
+(19:01:18) spriver: i'm here
+(19:01:49) masha: I am
+(19:02:01) nodens: I can take notes, not confortable with "facilitation", whatever that mean (I guess it's what was called hosting before)
+(19:02:14) sajolida: i'm here
+(19:02:16) intrigeri: nodens: yes.
+(19:02:27) intrigeri: masha, sajolida: wanna host?
+(19:02:56) muri: i'm here
+(19:02:59) masha: really would rather not, I would be pretty bad...
+(19:03:21) goupille a quitté le salon (Disconnected: closed)
+(19:03:33) sajolida: i can do whatever
+(19:03:38) geb: i am here for the meeting
+(19:03:38) masha: yes!
+(19:03:47) intrigeri: OK, so nodens take notes and sajolida hosts. Great.
+(19:03:55) intrigeri:
+(19:04:14) intrigeri: funky, we have an empty agenda.
+(19:04:14) sajolida: First point is: Volunteers to handle "Hole in the roof (" tickets this month
+(19:04:28) sajolida: Please have a look at the list here:
+(19:05:10) intrigeri: had to take over work from anonym, might have to take over some more => postponed quite a few of my tickets and won't commit to new stuff. so: no.
+(19:05:23) sajolida: and speak up if you can:
+* Assign one of these to you
+* Provide useful information on one of them
+* Help unblock one of them
+(19:05:35) nodens: I did volunteer last month on #8447, but it might be a bit beyond my skills -> I need more time
+(19:05:36) Tailsbot: Tails ☺ Bug #8447: Persistent data is not erased when persistence features are disabled
+(19:05:59) nodens: (actually it's still assigned to me)
+(19:06:13) sajolida: NB: I have high in my todo list to call for a meeting to find another way of dealing with Holes in the Roof but I was waiting for intrigeri to come back and be more available before calling for that meeting :)
+(19:06:14) intrigeri: nodens: you know where to find me :)
+(19:06:27) nodens: won't commit on any other stuff, I have a bunch of debian stuff I'd like to look into as well
+(19:07:02) intrigeri: sajolida: so we can maybe have this meeting at some point in 2019Q3, I think I have some free time then.
+(19:07:11) drwhax: hehe :)
+(19:07:15) segfault: i also don't feel like committing to more stuff
+(19:07:26) intrigeri: wise words, everyone.
+(19:07:55) emmapeel: :D
+(19:08:10) sajolida: ok, let's move on then...
+(19:08:13) nodens: intrigeri: I know where... not when :D
+(19:08:27) sajolida: Next point is: Volunteers to handle important tickets flagged for next release, but without assignee
+(19:08:48) sajolida: please help me spot any such ticket...
+(19:09:29) intrigeri: there's one
+(19:09:32) intrigeri:
+(19:09:33) Tailsbot: Tails ☺ Bug #14772: Test suite reports incomplete (and thus useless) info when systemctl is-system-running fails
+(19:09:44) intrigeri: well, actually it's a mistake, let me fix it..
+(19:09:49) sajolida: cool!
+(19:09:55) intrigeri: so there's none.
+(19:10:01) sajolida: next point is: Availability and plans until the next meeting
+(19:10:48) masha: nothing apart from my help desk shifts
+(19:10:59) masha: and answer on assigned tickets
+(19:11:16) emmapeel: i am moving these days so i am a bit away
+(19:11:20) spriver: I'm getting back into Tails stuff, so let's see. definitely will do some German translation and the usual release testing. besides of that I started working on #14504 and #10181
+(19:11:21) Tailsbot: Tails ☺ Bug #14504: Investigate mobile messaging platforms
+(19:11:21) Tailsbot: Tails ☺ Feature #10181: Non-discriminatory language - German
+(19:11:29) intrigeri: This week: whatever I have to do to make 3.3 exist as a good Tails release; next week: OTF summit. Then some non-Tails work. In other words, I'll be do the bare minimum to keep the boat afloat but don't count on me too much.
+(19:11:39) intrigeri: spriver: seen that, amazing!
+(19:11:56) segfault: i will continue working on the VeraCrypt stuff and also try to work through some of the other stuff i committed to
+(19:12:20) spriver: somebody has to tell me how to actually create a blueprint. (
+(19:12:45) nodens: availability is a moving beast these times for me ($dayjob is hard to predict). Plans: more debian stuff and this Hole in the roof ticket
+(19:12:46) drwhax: I hope to actually work on some of the randomness tickets this month, next week im at the OTF summit.
+(19:13:30) intrigeri: spriver: ask someone who has git commit access and they'll do it.
+(19:13:42) spriver: intrigeri: ack
+(19:14:37) sajolida: * Finish the work on the new download page and verification extension; hopefully... somehow...
+* Do fun UX stuff as I'm under-clocked on this budget line (breaking news: under-clocking happens!)
+* Catch up with a bunch of technical writing reviews and tiny stuff
+* Prepare the VeraCrypt UX sprint in December
+* As time allows, try to do less and be less stressed about everything, ha ha!
+(19:14:57) sajolida: emmapeel, masha: Any plans?
+(19:15:30) pablonatalino a rejoint le salon.
+(19:15:34) nodens: they already said theirs
+(19:15:35) sajolida: pablonatalino: hi!
+(19:15:36) masha: sajolida: I already said I think
+(19:15:45) nodens: I have them in my notes ;)
+(19:16:01) emmapeel: sajolida: i am moving, so not many plans
+(19:16:04) sajolida: masha: indeed, i missed that!
+(19:16:12) masha: sajolida: no problem
+(19:16:18) pablonatalino: sajolida: hi
+(19:16:22) intrigeri: sajolida: *under* clocking, OMG!!
+(19:16:24) sajolida: pablonatalino: we're discussing availability and plans, in case you want to add something
+(19:16:38) sajolida: intrigeri: crazy shit!
+(19:16:49) emmapeel: ill be back on frontdesk on November 27
+(19:16:50) pablonatalino: sajolida: ok
+(19:17:44) intrigeri: emmapeel, masha: starts to look a bit worrying, but I didn't look closely so perhaps it's well under control. you know better :)
+(19:18:04) nodens: sajolida: oh I have UX questions but I don't know if it's fun ;)
+(19:18:28) sajolida: while i want to leave some time for pablonatalino to speak about his plans (if he wants) you can start reading the monthly report and spot missing stuff:
+(19:18:43) emmapeel: yeah we need to look at it intrigeri
+(19:18:59) sajolida:
+(19:19:35) masha: intrigeri: it's pretty much fine for me according to my shifts :) but sure we have to work on it better
+(19:19:38) intrigeri: I didn't add my bits to the report yet, will do tomorrow.
+(19:19:46) sajolida: nodens: shot! either on Redmine or by email... though I'm better at email than Redmine
+(19:19:56) nodens: sajolida: will do :)
+(19:20:00) intrigeri: masha: OK, cool.
+(19:20:25) sajolida: masha, emmapeel: we're missing the "Hot topics on our help desk" for the report
+(19:20:32) sajolida: any ETA? who shall i ping?
+(19:20:38) masha: tails-bugs
+(19:21:09) nodens: I'm never sure if what I do should go in the report, like "fixed a long standing bug that no one really cared about in openpgp-applet, will be in next release or the one after"
+(19:21:12) sajolida: since two of you are here already, i won't ping explicitely then :)
+(19:21:12) masha: tagging [internal] works better
+(19:21:13) emmapeel: #14755
+(19:21:14) Tailsbot: Tails ☺ Bug #14755: Tails Installer treats drives differently depending on when they are plugged
+(19:21:54) intrigeri: let's not re-do the foundations team / help desk meeting now, just ensure this is added to the report :)
+(19:21:54) sajolida: nodens: anything you want! writing the monthly report also gives me a sense of achievement and makes me a bit happier
+(19:22:43) sajolida: ok, please tell me if you still need more time on the monthly report...
+(19:22:51) nodens: META: do the stuff about the report go in the meeting minutes ?
+(19:22:57) emmapeel: u said something about money for translation web interface but i dont know enough
+(19:22:57) intrigeri: sajolida: I need 1 more day.
+(19:23:02) muri: the limesurvey monitor link ( doesn't work (no repo found)
+(19:23:07) intrigeri: nodens: I would say no.
+(19:23:09) sajolida: nodens: nah!
+(19:23:23) intrigeri: muri: known immerda bug
+(19:23:24) nodens: ok that's what I thought. I'll include the full log anyway
+(19:23:31) intrigeri: sajolida: instead instruct to git clone?
+(19:24:10) intrigeri: muri: we don't bother immerda about it (even though it's quite painful not to have cgit for any new repo) because we prefer them to work on the GitLab thing.
+(19:24:19) intrigeri: muri: I'll ask ng for a status update one of these days.
+(19:24:35) sajolida: i'll fix that when publishing it
+(19:24:49) intrigeri: (but this has been going on for 1-2y so perhaps at this point it's worth fixing cgit integration..)
+(19:25:36) sajolida: ah, and we don't have any discussion listed on the agenda, so if you're done with the monthly report you can got hunt for discussions on Redmine
+(19:25:42) sajolida: note that they need to be prepared enough
+(19:26:05) nodens: well I have a discuss ticket assigned to me but it's very low priority
+(19:26:19) nodens: #14808 (
+(19:26:19) Tailsbot: Tails ☺ Bug #14808: OpenPGP Applet should display long keyid - Tails - RiseupLabs Code Repository
+(19:26:43) nodens: (OTOH, it should be a short discussion)
+(19:26:58) intrigeri: nodens: should we read the full ticket? or can you sum up what's up for discussion?
+(19:27:23) nodens: there is no comment in the ticket, so it's short, but I can summarize
+(19:27:50) sajolida: cool, let's do this one then!
+(19:28:43) nodens: Currently OpenPGP applet show hex key id (short) in pub key selection. The Fingerprints are shown as mouse-over. The mouse-over will probably go in the not to distant future
+(19:29:38) nodens: the interface has to be redone a bit, I was wondering if it's worth it keeping the short hex id somewhere (so the user might find it if they relied on it, which they shouldn't)
+(19:29:44) intrigeri: why do we want/need to display key IDs at all?
+(19:29:47) nodens: and if it was indeed worth it to show the id
+(19:29:53) intrigeri: fwiw seahorse doesn't
+(19:30:01) nodens: seahorse show only fingerprint
+(19:30:07) nodens: I was going to go this way
+(19:30:26) intrigeri: nodens: where in seahorse? the main UI displays only UIDs
+(19:30:28) nodens: but thought it might be worth discussing this a bit before actually starting
+(19:31:20) nodens: intrigeri: you're right, I must have confused with something else.
+(19:31:24) segfault: i think it should display the fingerprint instead of a key id
+(19:31:34) intrigeri: "seahorse-tool --encrypt /tmp/bla" displays short keyids, for disambiguations I guess.
+(19:31:40) geb: nodens: I don't use gpgapplet much, so i don't remind precisely the interface. But if i may, a quick opinion: I would prefer in order fingerprint > long > short. If you want to keep short (/long?) id visible, maybe could you consider emphazing it it in bold when displaying the fingerprint. Thats usally what i do, even if i am not sure it is really helpful.
+(19:32:28) intrigeri: I say do the same as seahorse. Rationale: it's *not* the interface where people will manually check fingerprints. But UIDs are useful to disambiguate between N keys that share UIDs.
+(19:32:42) masha: yep
+(19:32:47) intrigeri: geb: could you please explain the rationale behind this opinion?
+(19:32:59) sajolida: In Seahorse:
+* In the list of key there's neither the key id nor the fingerprint
+* In the "Owner" tab (first tab to open) there's the short id
+* The fingerprint is in the "Details" tab
+(19:33:36) intrigeri: sajolida: fyi you're talking about key management, while this ticket is about selecting keys for encryption, which is a different situation.
+(19:33:58) intrigeri: sajolida: better look at "seahorse-tool --encrypt /tmp/bla" if you want to draw inspiration from them.
+(19:33:59) nodens: yes, thanks intrigeri, this needs to be clear: it's not the place to check a f/p
+(19:34:00) geb: intrigeri: Easier to find the short id/long in one quick look. But as i said, i am not sure its relevant. I am just use to do it, when i present fingerprints.
+(19:34:39) sajolida: ah, sure... so in that case they display Name + (Short) Key ID
+(19:34:46) emmapeel: i dont think useful to get users used to short keyids
+(19:35:29) intrigeri: emmapeel: do you mean it would suggest it's a strong identifier and can be relied upon for other things than disambiguation?
+(19:35:58) emmapeel: well i think short keyids should dissappear and never be used anymore
+(19:36:08) intrigeri: emmapeel: I tend to agree, but OTOH a fingerprint is not actionable info in this context, so displaying this is folklore and teaches people to ignore info we display, which has its problems too.
+(19:36:20) emmapeel: hmmm tru
+(19:36:50) intrigeri: so basically we need to choose between "suggest that short keyids are always OK" vs. "suggest that ignoring fingerprints is always OK", and both are bad.
+(19:36:53) sajolida: yeap, the only point of some sort of key id here is to disambiguation when you have two keys for the same email address
+(19:37:06) masha: yes
+(19:37:32) sajolida: so long key ids might be a sweet spot :)
+(19:37:38) nodens: so a compromise would be to show long ids
+(19:37:49) nodens: haha sajolida beat me to it
+(19:37:52) sajolida: it's also what we display on the gpg command line in Tails by default, by the way
+(19:37:53) intrigeri: how would a user use the keyid to disambiguate in practice? personally either I remember by heart how the short keyid looks like (rarely), or I need to go check the end of the fingerprint in another, key management software.
+(19:38:28) intrigeri: sajolida: we also display the fingerprint.
+(19:38:34) intrigeri: sajolida: (of the master key)
+(19:38:46) nodens: note that I intend to find a way to show trust level and expired/revoked keys are never shown.
+(19:38:53) intrigeri: ("with-fingerprint" in gpg.conf)
+(19:39:00) sajolida: yes, and in .gnupg/gpg.conf we have "keyid-format 0xlong"
+(19:39:28) nodens: intrigeri: so in your case, showing the FP is actually usefull ;)
+(19:39:31) sajolida: and gpg has no option for --keyid-format fingerprint or something...
+(19:39:50) intrigeri: I see 2 options: 1. easy one: just do like Seahorse and be done with it; 2. hard one: take a step back and reason about what exactly we expect users to *do* with this info we display.
+(19:40:17) intrigeri: sajolida: you don't care about fingerprint of subkeys as they're certified by the master key.
+(19:40:19) nodens: intrigeri: for clarification sake, you mean seahorse and not seahorse-tool ?
+(19:40:38) intrigeri: sajolida: so for crypto verification purposes "--keyid-format fingerprint" is not needed / not useful.
+(19:41:02) intrigeri: nodens: no, sorry, I meant "Seahorse when it presents a key selection dialog, i.e. seahorse-tool"
+(19:41:29) sajolida: wow, intrigeri is well versed into the mysteries of OpenPGP!
+(19:41:31) intrigeri: nodens: no, in my case it's not useful as I'll only look at the *end* of the fingerprint == the end of the short keyid.
+(19:42:22) nodens: ok. My only concern with keeping short hex id is that it contradicts what we say elsewhere, i.e. short keyids are unsafe
+(19:42:40) nodens: I'm find with keyids otherwise for disambiguation purpose
+(19:42:51) intrigeri: I would go with the first option I've proposed, unless we're ready to put serious UX work into the 2nd one, and I don't think it's worth it if it's only for OpenPGP applet. If it's going to be a shared effort with GNOME, then fine, go for the 2nd option.
+(19:43:37) spriver: intrigeri: full ack
+(19:43:43) intrigeri: nodens: I think everywhere else we say "short keyids are unsafe for key verification", not "short keyids are unsafe". a number can't be safe/unsafe outside of any practical context.
+(19:44:35) nodens: OK, so, anyone else ?
+(19:44:42) masha: fine with it
+(19:44:47) nodens: do we reach consensus ?
+(19:44:54) intrigeri: (now, I understand that from a novice user's perspective, "short keyids are unsafe" is simpler, even if it doesn't mean anything..)
+(19:44:55) nodens: (I still have to take notes ;) )
+(19:45:29) nodens: intrigeri: yes that's my point. People tend to confuse a lot those things regarding encryption etc.
+(19:45:29) intrigeri: I think I've shared all the insight I could so I'll shut up. I'm curious what sajolida thinks.
+(19:45:38) sajolida: i found no bug about this on the Seahorse or Debian bug trackers
+(19:45:43) emmapeel: im fine
+(19:45:56) pablonatalino a quitté le salon
+(19:46:16) sajolida: sajolida thinks it super duper low prio
+(19:46:27) nodens: I warned :D
+(19:46:30) sajolida: and is fine with whatever :)
+(19:46:36) sajolida: but yes, we were warned
+(19:46:52) nodens: also I think we spent already too much time on this one
+(19:47:06) nodens: I'll resume the discussion and rationale on the ticket
+(19:47:12) sajolida: and being super duper low prio, whatever nodens prefers like doing would be fine for me, short or long (maybe not fingerprint indeed)
+(19:47:13) masha: cool, thanks
+(19:47:26) intrigeri: (I'm *almost* tempted to propose we display only the last 2 digits of the short keyid, which hopefully nobody will believe is a strong identifier for key verification purposes.)
+(19:47:46) sajolida: or the date of creation :)
+(19:47:46) intrigeri: I'm rather strongly opposed to long keyid.
+(19:47:52) intrigeri: sajolida: yes, this!
+(19:47:55) nodens: I'm against it because it's more work ;)
+(19:48:08) nodens: date of creation is actually an interesting one
+(19:48:09) intrigeri: sajolida: *that*'s the perfect disambiguation criterion
+(19:48:14) sajolida: that's usually what i used to disambiguate between keys and not any id
+(19:48:22) sajolida: you're welcome :)
+(19:48:24) intrigeri: perfect.
+(19:48:46) emmapeel: good idea!
+(19:49:28) sajolida: the power of bluesky ideas, thanks intrigeri for the "2 digits" :)
+(19:49:28) intrigeri: hopefully nobody will believe is a strong identifier for key verification purposes, and it doesn't mess up the "short keyids must burn in hell" propaganda.
+(19:49:38) intrigeri: sajolida: out of the box thinking, man!
+(19:49:41) sajolida: dkg will be proud of us!
+(19:49:56) intrigeri: ♥ dkg
+(19:49:58) spriver: :D haha
+(19:50:31) sajolida: ok, does anybody wants to discuss this more? or are we all fine with using the date of creation instead of the short key id?
+(19:50:37) masha: fine
+(19:50:40) nodens: OK so let's use that as a decision: keep as-is is fine and if anything, drop the ID to show date of creation instead
+(19:50:45) sajolida: (we could even report that one upstream to seahorse actually)
+(19:50:56) intrigeri: is Discuss but apparently help desk didn't triage it yet
+(19:50:57) Tailsbot: Tails ☺ Feature #14897: Suggestions for the about:config
+(19:51:07) intrigeri: emmapeel: any clue who was on duty?
+(19:51:09) sajolida: i have another ticket to propose
+(19:51:14) intrigeri: sajolida: ack.
+(19:51:18) nodens: sajolida, yes but it's seahorse-tool not seahorse, which is kinda under-maintained
+(19:51:31) intrigeri: both are under-maintained.
+(19:51:35) sajolida: nodens: thanks, i never remember about that stuff...
+(19:51:59) intrigeri: sajolida: #14743 ? (half joking)
+(19:52:00) Tailsbot: Tails ☺ Bug #14743: Get money from ads on our website or code
+(19:52:02) masha: emma was on duty
+(19:52:06) sajolida: ok, so we have 9 minutes left and i think it should be enough to close: #6387
+(19:52:07) Tailsbot: Tails ☺ Feature #6387: Create screencast videos of installing Tails onto a USB stick
+(19:52:27) intrigeri: masha: OK, so we do have a backlog of new tickets that were not handled. this matches my impressions.
+(19:52:45) intrigeri: screencast, again? didn't we reject this already?
+(19:52:48) sajolida: we can consider #6387#note-18 as a (very impartial!) preparation of the discussion...
+(19:52:59) emmapeel: oops that would be me intrigeri
+(19:53:08) nodens: I think it was postponed for lack of concensus.
+(19:53:12) nodens: consensus sorry
+(19:53:14) sajolida: i kind of wanted to here other people's opinion, but i'm also fine closing it after you gave yours :)
+(19:53:41) masha: fine closing it
+(19:54:01) spriver: me too
+(19:54:04) nodens: fine closing it as well
+(19:54:14) segfault: is this covered in the infosec videos? (i didn't watch them yet)
+(19:54:20) segfault: infosec bytes i mean
+(19:54:23) intrigeri: I already ack'ed sajolida's proposal on the ticket i.e. reject. With the FAT32 vs. NTFS mess I wonder if a screencast would help, perhaps it would, but still: cost/benefit is definitely too high.
+(19:54:34) nodens: if other people *want* to create such video we can watch them and give or not a seal of approval of some kind
+(19:54:49) intrigeri: segfault: no idea. I bet they'll be outdated and not maintained in less than 12 months though.
+(19:54:58) emmapeel: we should add the infosec bytes videos to the monthly report btw
+(19:55:07) segfault: it is covered in the infosec bytes videos
+(19:55:16) intrigeri: (hopefully they're not outdated already by the updated Installer..)
+(19:55:23) nodens: (also I'm very much against the concept of documentation by video. I hate those)
+(19:55:25) segfault:
+(19:55:26) intrigeri: (if they've been lucky they should be good)
+(19:55:31) geb: segfault: thanks for raising that, i was thinking thinking about but still reading the ticket.
+(19:55:35) pablonatalino a rejoint le salon.
+(19:56:08) intrigeri: note that *linking* to their vid is
+(19:56:09) Tailsbot: Tails ☺ Bug #14913: Add link to video tutorial from Infosec//Bytes//CIJ
+(19:56:11) sajolida: having an animated GIF for the FAT32 vs NTFS mess is definitely something to consider!
+(19:56:18) sajolida: i'll writing this down somewhere...
+(19:56:25) intrigeri: #6387 is about creating/maintaining it ourselves.
+(19:56:26) Tailsbot: Tails ☺ Feature #6387: Create screencast videos of installing Tails onto a USB stick
+(19:57:34) segfault: i understand that #6387 is about creating a video ourselves, but i thought it would be relevant if such a video already exists
+(19:57:55) masha: then it needs another ticket
+(19:58:15) masha: which #14913 is
+(19:58:19) intrigeri: the infosec vid is missing steps.
+(19:59:13) intrigeri: e.g. they don't show how to start Tails Installer. whatever.
+(20:00:05) intrigeri: anyways.. anyone thinks we should create/maintain such screencasts ourselves? and make them translatable somehow?
+(20:00:58) spriver: intrigeri: I don't feel good about this idea. I think it is a lot of work to do
+(20:01:00) nodens: we don't have the manpower / skills to do that ourselves and maintain it (not even talkging about making it translatable)
+(20:01:04) masha: agree with spriver
+(20:01:21) geb: agree too
+(20:01:45) sajolida: cool, so we drop that and still keep an eye on the Infosec videos (at some point)
+(20:02:05) sajolida: well... the meeting is over, friends!
+(20:02:13) intrigeri: yep, 62 minutes
+(20:02:14) pablonatalino a quitté le salon (Disconnected: closed)
+(20:02:15) sajolida: thank you very much for attending!
+(20:02:17) intrigeri: thanks!
+(20:02:19) spriver: ack. I think it's a good thing to link to such (good) videos, at least in the monthly report/media appearances