Started logging meeting in #ubuntu-meeting
[12:56:17] <mdz> [link] https://wiki.ubuntu.com/TechnicalBoardAgenda
[12:57:30] <kees> \o
[12:59:00] <mdz> pitti isn't online, so I assume he isn't going to make it
[12:59:07] <mdz> sabdfl declined in the calendar
[12:59:38] <mdz> cjwatson is online, but he's on holiday, so he presumably won't be here
[12:59:59] <kees> is 3 quorum?
[13:00:04] * mdz nods
[13:00:21] <mdz> we've regarded it as such in the past
[13:00:29] <kees> yeah, that's my memory too
[13:00:33] <mdz> [topic] Action review
[13:00:41] <mdz> Persia to see if Bryce is willing to serve as LP stakeholder for Ubuntu
[13:01:16] <mdz> I've asked bryce asynchronously for an update
[13:01:22] <mdz> [topic] ffmpeg vs. libav
[13:01:41] <mdz> I guess this was discussed some at the last meeting, which I wasn't present for
[13:01:57] <mdz> the notes said that we wanted to hear from Reinhard, and he's responded now
[13:01:59] <mdz> [link] https://lists.ubuntu.com/archives/technical-board/2011-May/000891.html
[13:02:23] <kees> right. given that I've seen both sides of this, I think I'm satisfied to stay where we are: libav
[13:02:47] <kees> trying to track ffmpeg would require a dedicated maintainer, and Ubuntu does not seem to have anyone willing to do that currently.
[13:02:57] <kees> I only see downsides to switching from libav.
[13:03:11] <mdz> libav is the status quo, so we would need a justification to switch away from it
[13:03:50] <kees> right, and I don't see anything significant to do that currently.
[13:04:59] <mdz> it's all feeling a little bit cdrecordish to me
[13:05:46] <mdz> Keybuk, any thoughts?
[13:05:51] <kees> bryce: we're looking at https://wiki.ubuntu.com/TechnicalBoardAgenda and have "Persia to see if Bryce is willing to serve as LP stakeholder for Ubuntu". can you speak to this at all?
[13:06:09] <mdz> sure, I'd be happy to help
[13:06:14] <Keybuk> mdz: I don't believe I have the necessary background
[13:06:18] <Keybuk> all I saw was flamewar
[13:06:18] <bryce> kees, yes we spoke a couple UDSes ago, and yes I'd be happy to help
[13:06:38] <kees> bryce: ah-ha, perfect. thanks!
[13:07:06] <kees> Keybuk: did you have additional questions based on the techboard thread?
[13:07:24] <Keybuk> kees: I didn't see anything in the techboard thread that led me to have technical questions
[13:07:49] <Keybuk> nothing suggested ffmpeg was technically better, so I don't see any need to dispute the current maintainer decisions
[13:08:06] <Keybuk>
[13:08:16] <kees> Keybuk: okay, so you're okay with status quo too.
[13:08:24] <mdz> OK, so this came in as an inquiry from an upstream developer, suggesting that what the Ubuntu maintainer had done was not in the best interest of our users
[13:08:46] <mdz> I haven't heard of any complaints from our users about it yet
[13:08:47] <Keybuk> mdz: it came from the upstream developer of a package we weren't using though, right?
[13:08:58] <mdz> Keybuk, yes
[13:09:15] <Keybuk> I must admit, I wrote that of us "how dare Ubuntu not use *my* software, and use something else"
[13:09:20] <mdz> if someone wanted to maintain the other fork in Ubuntu as well, and make both available to users, that wouldn't seem unreasonable to me
[13:09:23] <Keybuk> and then failed to find any technical argument from the author as to why we should
[13:09:46] <Keybuk> mdz: agree
[13:09:49] <mdz> but if the maintainer chose to follow libav, the TB can't tell them whether they should package something else
[13:10:07] <mdz> they should be regarded as different software at this point
[13:10:23] <mdz> one is packaged for Ubuntu, the other is not yet (but would be welcome)
[13:10:28] <mdz> kees, does that seem like a reasonable position to you?
[13:10:37] <kees> mdz: yup.
[13:10:53] <mdz> OK, I'll follow up on the list
[13:10:55] <Keybuk> to me also
[13:11:05] <mdz> [action] mdz to summarize consensus on libav/ffmpeg to the mailing list
[13:11:07] <kees> they would have colliding binary packages, though
[13:11:27] <mdz> kees, that could presumably be fixed in packaging
[13:11:32] * kees nods
[13:11:36] <mdz> [topic] Set series RM to ubuntu-release?
[13:11:44] <mdz> [link] https://bugs.launchpad.net/ubuntu-community/+bug/174375/comments/21
[13:11:45] <ubottu> Ubuntu bug 174375 in Launchpad itself "Distribution drivers permissions may need redesign" [Low,Triaged]
[13:11:48] <mdz> the bug mentioned there is now fixed
[13:12:01] <mdz> so in theory we should be able to set the series release manager to ubuntu-release
[13:12:08] <kees> let's do it and see what breaks?
[13:12:18] <mdz> let's tell people that we're doing it, and then do it, and see what breaks :-)
[13:12:26] <mdz> any volunteers?
[13:13:01] <kees> seems like it should be coordinated with skaet at least?
[13:13:14] <mdz> yse
[13:13:15] <mdz> yes
[13:14:05] <kees> I'm not entirely comfortable volunteering myself for this since these discussions have mostly been involved people doing archive admin work, so perhaps cjwatson?
[13:14:15] <kees> s/been //g
[13:14:41] <mdz> we can push this to the next meeting where cjwatson is here
[13:14:42] <mdz> it's not urgent
[13:14:49] <kees> ok
[13:14:52] <mdz> [topic] Measuring installation success/failure
[13:15:03] <mdz> [link] https://lists.ubuntu.com/archives/technical-board/2011-May/000857.html
[13:15:10] <mdz> [link] https://lists.ubuntu.com/archives/ubuntu-devel/2011-May/033194.html
[13:15:45] <kees> aiui, ev is looking for a TB "blessing" for this data gathering.
[13:15:55] <mdz> I like the general idea of gathering data which will give us an indication of how effective our installer is
[13:16:25] <kees> I generally do too. I remain unconvinced that the proposed data gather is substantially useful, though.
[13:17:13] <kees> *gathering
[13:17:14] <mdz> Evan wasn't crystal clear about what he wanted decided
[13:17:18] <mdz> and several issues have cropped up in the discussion
[13:17:30] <mdz> Keybuk was concerned about how the collected data would be shared
[13:17:56] <mdz> kees, I think that's a valid concern, but perhaps not something for the TB to decide
[13:18:11] <mdz> I think it's Evan's responsibility to make it useful, and our responsibility to set policy for what's permissible
[13:18:32] <kees> mdz: that's fair
[13:19:16] <mdz> kees, and FWIW I would recommend to evan that he consider your advice carefully :-)
[13:20:08] <mdz> so the policy questions I think are regarding what data is collected, and what we do with it
[13:20:12] <kees> right. I don't want to get us into the trap where we approve "meaningless data collection" since it's harmless, and then end up on an unregulated slippery slope of "harmful" data collection just happening without review.
[13:20:44] <mdz> what is proposed to be collected is a GUID
[13:21:04] <kees> right, it's a random number. I have no problem with that.
[13:21:31] <mdz> ah, right, he did specify how it would be generated (uuidgen)
[13:21:33] <mdz> so it's random
[13:21:51] <mdz> that ID is associated with an installation attempt which was started
[13:22:16] <mdz> specifically, a Ubiquity installation attempt
[13:22:55] <mdz> it's then used to report back that the installation succeeded
[13:23:37] <mdz> the user implicitly shares their IP address in the process, of course
[13:24:28] <mdz> what's the worst thing that could be done with that information?
[13:24:46] <kees> the correlation of guid to IP can also be seen as an identity leak, since it could be used in the future
[13:25:09] <Keybuk> you could use the table of IPs collected to discern which Fortune 500 companies were using Ubuntu
[13:25:14] <kees> if we did not save the IP on the server side, and did not keep the GUID after install success on the client side, I think that would be okay
[13:25:17] <Keybuk> since they tend to have public IP blocks
[13:26:00] <mdz> kees, agreed, but ideally we wouldn't have to ask for that trust
[13:26:12] <mdz> kees, what's the identity leak?
[13:27:03] <kees> mdz: if the guid is saved on the client and the IP is saved on the server, it can be used to look up from what IP a given system was installed from. it's pretty minor, obviously.
[13:27:30] <kees> (assuming the server data is public)
[13:27:41] <mdz> the GUID would only be saved on the client until the next time it connected to the network
[13:27:46] <mdz> according to evan's proposal
[13:27:52] <Keybuk> if the IP is saved on the server, the information could be used by Canonical Support Sales to identify potential customers and sell support contracts to them
[13:28:06] <kees> right, I was stressing that it is important that guid be removed on the client.
[13:28:21] <Keybuk> if the IP is saved on a public server, it could be used by other support companies, or competitors
[13:28:30] <mdz> I didn't notice if there was discussion of how this impacts OEM installs
[13:28:44] <mdz> we definitely wouldn't want a UUID getting stored on factory installed systems
[13:29:15] <mdz> Keybuk, is there anything evil that Canonical could do that Canonical can't do by virtue of controlling DNS for archive.*.ubuntu.com already?
[13:30:00] <Keybuk> mdz: no, likewise Canonical already collects the IPs of booting Ubuntu machines, and could use that information for the same purposes
[13:30:07] <Keybuk> I'm just answering the question from a perception POV
[13:30:43] <mdz> there are surely already places where Ubuntu systems generate random numbers and send them over the network
[13:30:48] <mdz> like TLS connections
[13:31:34] <mdz> has anyone considered whether this could be done without generating a UUID?
[13:31:36] <mdz> it seems like it could
[13:31:38] <kees> the ephemeral keys in TLS aren't saved by the server usually
[13:32:11] <kees> but they're connection-based, so they don't survive the install.
[13:32:31] <mdz> http://installreport.ubuntu.com/start followed by http://installreport.ubuntu.com/finish, divide finishes by starts?
[13:32:45] <mdz> MootBot, you are too clever for your own good
[13:33:14] <ScottK> I was one of the objectors to this. I don't think we should be collecting data from users that's not needed for system operation without opt-in.
[13:33:15] <kees> mdz: right.
[13:33:46] <ScottK> I'm also on a very laggy connection, so if it seems like I'm running behind, that may be why.
[13:33:57] <mdz> ScottK, do you want a copy of the meeting log up to this point?
[13:34:04] <ScottK> mdz: I have it.
[13:34:18] <Keybuk> ScottK: I do agree with mdz that the usefulness of this data is only interesting if it's implicit
[13:34:49] <kees> since ev is not here, perhaps continue this on the TB list?
[13:34:51] <ScottK> Keybuk: I agree that opt-in compromises the utility, but I think without opt-in it's not appropriate.
[13:35:22] <mdz> ScottK, what is the data that you don't feel should be collected in this case?
[13:35:32] <ScottK> Also I think the opt-out mechanism he proposed was sufficiently convoluted that it's equivalent to not having one.
[13:35:59] <ScottK> mdz: I don't think it's appropriate to engage in any user data collection without consent.
[13:36:23] <mdz> ScottK, I understand, but that isn't what I asked
[13:36:26] <ScottK> There are some things that one could inherently collect like how many people hit security.ubuntu.com for updates, but that's needed to make the system work.
[13:36:56] <mdz> ScottK, what data would be collected from users if we went ahead with this proposal?
[13:36:59] <ScottK> mdz: I'm objecting to the entire thing being opt-out.
[13:38:39] <kees> ScottK: do you see having a system hit "http://installreport.ubuntu.com/start" and .../finish as a problem?
[13:39:59] <mdz> I think ScottK is lagging as he warned he might
[13:40:02] <ScottK> I think that's less of a concern since there's not really any information being transmitted beyond hitting the server. I'd need to think about it.
[13:40:29] <mdz> it's not strictly necessary to make the system work, but I think I would argue that there is (indirect) benefit to the user
[13:40:40] <mdz> if the data is used to improve the quality of the installer
[13:40:41] <ScottK> It's a slippery slope.
[13:40:48] <mdz> ScottK, yes it is
[13:40:56] <mdz> so we're treading cautiously
[13:41:29] <ScottK> I feel like needed to make the system work versus data we'd like to have is a bright line.
[13:41:30] <mdz> unless someone convinces me otherwise, I think that the use of a UUID is not essential to the objective, and so I don't think we need to be concerned about potentially identifying information
[13:41:46] <ScottK> Once you cross it, how to you define the limit?
[13:42:14] <mdz> I think we can distill it to the point where the only information being shared is whether Ubuntu was installed successfully or not
[13:42:16] <kees> hm... do-release-upgrade fetching installer-specific things when it runs, does ubiquity do anything like that on install? maybe we're already hitting a url.
[13:42:30] <mdz> kees, yes
[13:42:33] <mdz> I'm pretty sure
[13:43:34] <kees> so then we're half way there. we just need an on-first-boot url. that's less obvious to me, though.
[13:43:38] <mdz> ScottK, I think we can set limits which make sense
[13:43:51] <kees> ScottK: agreed -- I think having a direct operational benefit is the key.
[13:43:54] <mdz> kees, not quite. I think we need to store some state, and only hit the "finish" URL if we successfully hit the "start" one
[13:44:02] <ScottK> mdz: OK. I'd like to see the policy for the limit made first.
[13:44:15] <mdz> fair enough. let's try to steer away from the technical implementation
[13:44:31] <mdz> I'm comfortable assuming that we can get to a point where virtually no incidental information is shared, other than what we're trying to collect
[13:45:00] <kees> I would agree. if there is a reason why guid would be required, that should be a separate issue.
[13:45:07] <mdz> so the question is: is it OK to report back whether the installation succeeded or failed?
[13:45:32] <ScottK> I think taking a step back from this use case, I think having a general policy in place is important.
[13:45:38] <maco> mdz: how do you report failed?
[13:45:42] <ScottK> Why is this OK, but not popcon by default?
[13:45:44] <mdz> possible answers include: yes (unconditionally), no (unconditionally), yes (but only opt-in), yes (but only with opt-out)
[13:45:50] <mdz> maco, it's implicit
[13:46:08] <maco> mdz: what's the difference between failed and cancelled?
[13:46:39] <mdz> maco, we're taking it as a given that this is possible, and we can have a separate technical discussion about how to do it
[13:47:06] <kees> in general, I disagree with opt-out.
[13:47:23] <mdz> ScottK, popcon is problematic for a few reasons, not least because there is a lot of identifying information there
[13:47:47] <kees> opt-in is UI-noisy and doesn't give ev what he's really after
[13:47:48] <ScottK> mdz: I agree, but I think someone needs to define the limit of what's OK for opt-out.
[13:47:51] <mdz> ScottK, but to play devil's advocate, our default web browser shares similar information without the user's consent
[13:48:10] <mdz> or rather, with their implicit consent, depending on how you look at it
[13:48:25] <mdz> kees, I agree that it's a UI wart, but why doesn't it give evan what he's after?
[13:48:34] <mdz> because not enough people would click the button?
[13:48:36] <ScottK> mdz: I would argue that doing so it a bad thing and the best that can be said about it is it represents a compromise that we have to live with.
[13:48:41] <kees> I would support "yes" if I could see an immediate benefit to the user. I still don't see one beyond the weak "maybe we have improved the installer" thing.
[13:49:02] <kees> mdz: because the numbers would then have an additional variable of "who clicked it"
[13:49:10] <mdz> ScottK, I don't think we have to live with it, but we do, and our users don't seem to mind
[13:49:31] <ScottK> How many of our users really know?
[13:49:31] <mdz> kees, unless that correlates somehow with success or failure of the installation, it doesn't seem relevant
[13:49:35] <Keybuk> mdz: they're probably completely unaware of it
[13:49:54] <mdz> Keybuk, exactly
[13:50:00] <Keybuk> the key there is whether the information is sufficiently non-identifying that they never *need* to be aware of it
[13:50:18] <mdz> Keybuk, I think a good test is whether, if they *did* know, they would mind
[13:50:18] <Keybuk> ie. if Firefox collected everyone's browsing histories and published them
[13:50:23] <Keybuk> it's something you would want to be aware of
[13:50:28] <mdz> and I don't know the answer to that, honestly
[13:50:30] <mdz> but it's testable
[13:50:30] <ScottK> The existence of branded Firefox packages given the constraints on them is making the (arguable) best of a difficult situation.
[13:50:38] <Keybuk> but Firefox collecting histograms about the average time a DNS lookup takes -> only Firefox cares
[13:50:59] <mdz> Keybuk, what about sharing which extensions you have installed, and which versions?
[13:51:04] <Keybuk> (and any Firefox developer, and anyone doing DNS work, and anyone optimising web sites, etc.)
[13:51:08] <Keybuk> but fundamentally not the user
[13:51:20] <mdz> sharing which web pages you're visiting in order to check for phishing attempts?
[13:52:03] <ScottK> mdz: I would think that would most appropriately be opt-in.
[13:52:04] <mdz> ScottK, I'm not sure it's realistic to come up with a general policy at this point, given there are so many subtleties to this topic
[13:52:08] <Keybuk> sharing everything you type into the awesomebar to third parties? :p
[13:52:16] <mdz> it hasn't come up enough times that it's problematic to handle on a case by case basis
[13:52:34] <mdz> Keybuk, sharing things you START to type into the box, in Chrome's case :-)
[13:52:36] <ScottK> mdz: Perhaps, but I think we need a line in the sand beyone which the TB won't go.
[13:52:57] <Keybuk> mdz: I was just looking at the data we collect, as it happens :D
[13:53:07] <mdz> ScottK, I think we already have such a line drawn at collecting PII, by way of precedent, and I would be comfortable making that explicity
[13:53:33] <mdz> s/ity$/it/
[13:53:50] <ScottK> What's your definition of PII then?
[13:54:22] <mdz> I'm not sure of the best way to specify that. number of bits?
[13:54:45] <mdz> there is always going to be room for interpretation
[13:55:05] <mdz> and it can be really hard to tell
[13:55:15] <kees> I think PII remains a judgement call, even if we explicitly declare it out of bounds
[13:55:56] <mdz> I agree
[13:56:13] <mdz> I think we have to punt on this for the time being; we aren't going to come to a conclusion in this meeting
[13:56:16] <mdz> but we can try to get to some other topics
[13:56:21] <mdz> we can continue the discussion by email
[13:56:27] * ScottK agrees (re punting)
[13:56:28] <mdz> [topic] Policy proposal for partner repository
[13:56:35] <mdz> [link] https://lists.ubuntu.com/archives/technical-board/2011-May/000875.html
[13:57:04] <kees> I was curious how this differed from -extras
[13:57:08] <kees> (policy-wise)
[13:57:23] <mdz> kees, is there a written policy for extras which could be shared with partner?
[13:57:37] <kees> mdz: I couldn't find it when I looked earlier this week
[13:57:52] <kees> I think we should check with allison
[13:58:13] <mdz> I'll CC her into the email discussion for input
[13:58:38] <mdz> my view on this is that we'll never get a policy like this right the first time, and it will need to be updated as time goes on
[13:58:41] <kees> beyond that thought, nothing jumped out at me.
[13:58:44] <mdz> if there is a problem, we'll change the policy to prevent further problems of that kind
[13:58:50] <kees> right
[13:59:20] <kees> I'd also be curious to get archive admin opinions on this, since we may be missing some additional implicit things
[13:59:39] <mdz> it doesn't reference the Debian or Ubuntu policy manual, and it probably should
[14:00:09] <mdz> any other comments ? email
[14:00:11] <mdz> [topic] ubuntu-techboard celebrity in Launchpad
[14:00:16] <mdz> https://lists.ubuntu.com/archives/technical-board/2011-May/000907.html
[14:00:20] <mdz> [link] https://lists.ubuntu.com/archives/technical-board/2011-May/000907.html
[14:00:26] <kees> seems like we're not ready to drop this, pending additional bug fixes
[14:00:48] <mdz> if james_w says we can't do this yet, then I say we don't do it yet
[14:00:54] <kees> right
[14:01:05] <mdz> we're out of time
[14:01:08] <mdz> is there anything else urgent?
[14:01:10] <mdz> [topic] AOB
[14:01:44] <mdz> ok, thanks all
[14:01:45] <mdz> #endmeeting
Meeting ended.