13:07:20 <hhorak> #startmeeting SCLo SIG sync-up (2017-10-17)
13:07:20 <centbot> Meeting started Tue Oct 17 13:07:20 2017 UTC.  The chair is hhorak. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:07:20 <centbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:07:25 <hhorak> #meetingname sclo-sig-syncup
13:07:25 <centbot> The meeting name has been set to 'sclo-sig-syncup'
13:07:31 <hhorak> hi
13:11:22 <pvalena> hhorak: hello!
13:13:19 <hhorak> anybody else? especially someone who would miss some SCLo packages on mirrors?
13:14:09 <jstanek> hhorak: hi
13:14:17 * hhorak talking about thread on centos-devel, that at this point looks like not many people have problem with moving content from mirrors to vault for SCLo SIG content
13:14:26 <hhorak> #link https://lists.centos.org/pipermail/centos-devel/2017-October/016256.html
13:19:25 <avij> I don't think SCLo packages should be an exception in this case. All EOL software -> vault.
13:21:04 <hhorak> avij: thx for this feedback! so far the feedback seems to be consistent, or at least nobody expressed a different opinion so far..
13:24:24 <avij> we were happy to move CentOS 5 to vault, even though it certainly broke some people's setups. it served as a wake up call for some people to update to a supported configuration, without giving them a false sense of security by keeping the frozen updates repo available.
13:24:51 <hhorak> yeah, that makes pretty good sense.
13:26:54 <avij> there will be people saying "oh, where did this stuff go", but if you have good documentation for how to switch to a newer release, people can be pointed to that
13:27:25 <hhorak> so, let's say SCLo content will be moved to vault.. As hughesjr mentioned in the ML thread, it is currently done during centos minor version release.
13:27:37 <hhorak> So, if we don't change this, in worst case, there can be packages that would be EOL for few months and still on mirror.. until next centos minor version is released.. how bad is that?
13:27:55 <TrevorH> it shouldn't wait, the next will be 7.5 and we already have content there that's expired inOct 2016
13:28:23 <TrevorH> 7.5 could be as far away as 1808
13:29:07 <hhorak> actually, maybe I got it wrong, the point-release is the time when things move to vault, but once they are there, we can probably remove them from mirror any-time.. maybe..
13:30:03 <hhorak> hughesjr: kbsingh: is removing from mirror somehow tight to "move to vault" event or removing from mirror can be done anytime?
13:33:01 <avij> there was also a concern raised about CentOS 6 .. if 6.9 remains the last point release and SCLo software was moved to vault only during point releases, the current CentOS 6 SCLo packages would remain there until C6 EOL, 30 Nov, 2020.
13:34:03 <hhorak> ah, correct.
13:34:59 <TrevorH> there is no real connection between the expiry of SCLs and the point release schedule and attempting to make it one will only lead to delays in obsoleting content
13:37:12 <TrevorH> pretty sure there is already at least one unfixed vulnerability in the php packages that went EOL in Oct 2016, I saw an errata for php5.4 in el7 dated earlier this year that will never have gone into an SCL expired in Oct 2016
13:37:47 <TrevorH> https://access.redhat.com/errata/RHSA-2016:2598
13:41:26 <hhorak> TrevorH: yeah, makes sense to me.. so I'll try to get some more insight around what would it mean to do it properly.
13:43:26 <hhorak> ok, do we have anything else for today?
13:47:33 <hhorak> of not, let's close for today
13:47:38 <hhorak> #endmeeting