On Tue, Aug 4, 2020 at 8:50 AM Geoffrey Marr gmarr@redhat.com wrote:
At today's blocker review meeting[0], we ran across a bug[1] that we believe is bad enough to warrant blocker status, but as the criteria currently stand, does not violate any particular criterion. The bug in question has to do with logging out of one user account and logging into another account that has already been accessed before during that boot. The criterion listed in the bug[2] doesn't seem to fit, as it is more focused on what happens after the system is booted (which does work in the case of this bug). There is a Final criterion[3] that covers switching between two accounts, where the data in the account switched out of is retained, but that is not the case presented here (as this bug has to do with "logging in/out" of accounts, not "switching" as they are defined technically). Intellectually, we believe this type of bug should violate the criteria, as it seems a common use-case, and so we are bringing it up as a possible addition as there is nothing that currently covers this kind of bug.
The new criterion could look something like "A system with multiple user accounts must be able to log in and out of said accounts as presented by all release-blocking desktops in their default configuration."
Actually, I'd make this even simpler. We already have a Beta criterion related to logging out (among others): https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria#Shutdown.2C_r...
So let's just include logging in as well, and we're done: "Shutting down, rebooting, logging in and logging out must work using standard console commands and the mechanisms offered (if any) by all release-blocking desktops."
We'd also update the "Work?" footnote: "Similar to the Basic criterion for shutting down, shutdown and reboot mechanisms must take storage volumes down cleanly and correctly request a shutdown or reboot from the system firmware. Logging in must transfer the user from the login screen/prompt to his/her working environment, and logging out must return the user to the environment from which they logged in, working as expected."
This sufficiently covers the discussed bug and seems to fit naturally into the existing criterion. One unclear area might be what the console console used for logging in is. We can either explicitly say that for logging in we don't require any specific console command, or we can note that the most likely command to get covered by this is "su". We can also not define it and leave that up to blocker discussion, if such a situation occurs in the future. I'd lean towards the last option, but all sound fine to me.
Thoughts?
On Tue, Aug 4, 2020 at 8:48 AM Kamil Paral kparal@redhat.com wrote:
Actually, I'd make this even simpler. We already have a Beta criterion related to logging out (among others): https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria#Shutdown.2C_r...
So let's just include logging in as well, and we're done: "Shutting down, rebooting, logging in and logging out must work using standard console commands and the mechanisms offered (if any) by all release-blocking desktops."
We'd also update the "Work?" footnote: "Similar to the Basic criterion for shutting down, shutdown and reboot mechanisms must take storage volumes down cleanly and correctly request a shutdown or reboot from the system firmware. Logging in must transfer the user from the login screen/prompt to his/her working environment, and logging out must return the user to the environment from which they logged in, working as expected."
Simple is good. I like this approach.
On Tue, 2020-08-04 at 14:47 +0200, Kamil Paral wrote:
On Tue, Aug 4, 2020 at 8:50 AM Geoffrey Marr gmarr@redhat.com wrote:
At today's blocker review meeting[0], we ran across a bug[1] that we believe is bad enough to warrant blocker status, but as the criteria currently stand, does not violate any particular criterion. The bug in question has to do with logging out of one user account and logging into another account that has already been accessed before during that boot. The criterion listed in the bug[2] doesn't seem to fit, as it is more focused on what happens after the system is booted (which does work in the case of this bug). There is a Final criterion[3] that covers switching between two accounts, where the data in the account switched out of is retained, but that is not the case presented here (as this bug has to do with "logging in/out" of accounts, not "switching" as they are defined technically). Intellectually, we believe this type of bug should violate the criteria, as it seems a common use-case, and so we are bringing it up as a possible addition as there is nothing that currently covers this kind of bug.
The new criterion could look something like "A system with multiple user accounts must be able to log in and out of said accounts as presented by all release-blocking desktops in their default configuration."
Actually, I'd make this even simpler. We already have a Beta criterion related to logging out (among others): https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria#Shutdown.2C_r...
So let's just include logging in as well, and we're done: "Shutting down, rebooting, logging in and logging out must work using standard console commands and the mechanisms offered (if any) by all release-blocking desktops."
We'd also update the "Work?" footnote: "Similar to the Basic criterion for shutting down, shutdown and reboot mechanisms must take storage volumes down cleanly and correctly request a shutdown or reboot from the system firmware. Logging in must transfer the user from the login screen/prompt to his/her working environment, and logging out must return the user to the environment from which they logged in, working as expected."
This sufficiently covers the discussed bug and seems to fit naturally into the existing criterion. One unclear area might be what the console console used for logging in is. We can either explicitly say that for logging in we don't require any specific console command, or we can note that the most likely command to get covered by this is "su". We can also not define it and leave that up to blocker discussion, if such a situation occurs in the future. I'd lean towards the last option, but all sound fine to me.
As mentioned in the IRC meeting today, I have a small nit with this: the criterion as it exists right now is conceptually intended as a "Stopping The Session" criterion. It covers three things which are all, broadly, ways to stop the current session. If we stick "logging in" into it in this way, we lose that conceptual clarity and it potentially makes the overall...idea...of the criterion more muddy and hard to read.
On the whole I feel like considering all requirements related to log in, log out, shutdown, restart, and user switch together we should be able to come up with a better option either than a standalone new criterion (Geoff's proposal) or this add-on to the "end session" criterion (Kamil's proposal), but I think either proposal would be *okay* if we don't get the time to come up with something better. Just wanted to flag that up for discussion.