| *** mhen_ is now known as mhen | 02:04 | |
| dmendiza[m] | #startmeeting barbican | 13:00 |
|---|---|---|
| opendevmeet | Meeting started Tue Oct 4 13:00:56 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:00 |
| opendevmeet | The meeting name has been set to 'barbican' | 13:00 |
| dmendiza[m] | #topic Roll Call | 13:01 |
| dmendiza[m] | Courtesy ping for ade_lee dave-mccowan d34dh0r53 hrybacki jamespage Luzi lxkong mhen rm_work tosky xek nearyo oleksandry | 13:01 |
| xek | o/ | 13:01 |
| Luzi | o/ | 13:01 |
| tosky | o/ | 13:01 |
| dmendiza[m] | Hi y'all! | 13:01 |
| dmendiza[m] | OK, let's get started | 13:02 |
| dmendiza[m] | #topic Review Past Meeting Action Items | 13:02 |
| dmendiza[m] | #link https://meetings.opendev.org/meetings/barbican/2022/barbican.2022-09-27-13.00.html | 13:02 |
| dmendiza[m] | Looks like we didn't have any | 13:05 |
| dmendiza[m] | moving on | 13:05 |
| dmendiza[m] | #topic Liaison Updates | 13:05 |
| dmendiza[m] | tosky: around? Any updates from QA/QE? | 13:06 |
| dmendiza[m] | Moving on to release liaison (we'll come back to tosky if he stops by) | 13:08 |
| dmendiza[m] | actually, let's talk VMT first | 13:08 |
| dmendiza[m] | ... | 13:09 |
| dmendiza[m] | I'm waiting for coffee to kick in and need to organize my thoughts ... | 13:09 |
| dmendiza[m] | ... | 13:09 |
| dmendiza[m] | OK, so for release liaison, I've submitted a patch to volunteer myself as Release Liaison: | 13:10 |
| tosky | (sorry, no updates from me) | 13:10 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/releases/+/860152 | 13:10 |
| ade_lee | o/ | 13:10 |
| dmendiza[m] | thanks tosky ! | 13:10 |
| d34dh0r53 | o/ | 13:10 |
| dmendiza[m] | Dave McCowan was still the release liaison on the releases repo, so that's why he was still being added to all release reviews | 13:10 |
| dmendiza[m] | Not sure xek is around, but I'll ask him to +1 that patch so we can get that update in | 13:11 |
| dmendiza[m] | after it merges both xek and I will be able to approve release requests | 13:11 |
| ade_lee | dmendiza[m], can we add more than one ? looks like cyborg has two .. | 13:11 |
| dmendiza[m] | ade_lee I suppose so ... are you volunteering as tribute? | 13:12 |
| ade_lee | dmendiza[m], what does the release liaison do? | 13:12 |
| dmendiza[m] | * Pay attention to release deadlines | 13:13 |
| dmendiza[m] | * Approve release patches that are created by the release team automation | 13:13 |
| dmendiza[m] | * Request releases for libraries when the team feels there's a need | 13:13 |
| ade_lee | dmendiza[m], interesting that we haven't had any issues for awhile -- given that dave has been away for awhile now | 13:14 |
| dmendiza[m] | ade_lee: if that's something you're interested in, just submit a patch like mine and ask xek to +1 (or ask me if my patch has already merged.) | 13:14 |
| dmendiza[m] | ade_lee: well, PTL is the default liaison so I've been handling all that stuff | 13:14 |
| ade_lee | dmendiza[m], gotcha -- so liaison is backup in case ptl is not around? | 13:15 |
| ade_lee | or it goes to both> | 13:15 |
| ade_lee | ? | 13:15 |
| dmendiza[m] | ade_lee: yeah, or helping had if PTL is too busy | 13:15 |
| dmendiza[m] | yeah, so when my patch merges, the release automation will add both myself and xek. Previously it used to add me and Dave. Now it's adding Dave and xek | 13:15 |
| dmendiza[m] | The release team waits for either one to +1 before merging | 13:16 |
| ade_lee | dmendiza[m], ok - I'll put my own patch up -- or you can add me to your | 13:16 |
| ade_lee | either way | 13:16 |
| dmendiza[m] | ade_lee: I don't want to update mine because it will drop the +2 that's already there | 13:16 |
| ade_lee | dmendiza[m], ack - I'll add my own | 13:16 |
| dmendiza[m] | ade_lee++ thanks! | 13:17 |
| dmendiza[m] | #info antelope cycle will have two release liaisons ade_lee and dmendiza[m] | 13:17 |
| ade_lee | and xek by default | 13:17 |
| dmendiza[m] | right | 13:17 |
| dmendiza[m] | On the topic of releases, I did request a Zed RC3 this week: | 13:18 |
| dmendiza[m] | https://review.opendev.org/c/openstack/releases/+/859894 | 13:18 |
| dmendiza[m] | *last week | 13:18 |
| dmendiza[m] | that was to pull in a CVE fix that' I'll talk about in a bit | 13:18 |
| dmendiza[m] | RC3 should be the final spin and will likely be the Zed final release | 13:19 |
| dmendiza[m] | OK, moving on | 13:19 |
| dmendiza[m] | #topic CVE-2022-3100 | 13:20 |
| dmendiza[m] | #link https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3100 | 13:21 |
| dmendiza[m] | it was reported via Red Hat CVE tracking: | 13:22 |
| dmendiza[m] | #link https://access.redhat.com/security/cve/CVE-2022-3100 | 13:22 |
| dmendiza[m] | We also have an errata page with more info: | 13:22 |
| dmendiza[m] | #link https://access.redhat.com/errata/RHSA-2022:6750 | 13:22 |
| dmendiza[m] | Storyboard was private, but I just toggled the flag to make it public: | 13:24 |
| dmendiza[m] | #link https://storyboard.openstack.org/#!/story/2010258 | 13:24 |
| dmendiza[m] | Long story short, there is a vulnerability that will allow malicious users to access secret payloads when they have no roles assigned on the project that owns the secret | 13:24 |
| dmendiza[m] | We've patched Wallaby, Xena, Yoga, Zed and Master branches: | 13:26 |
| dmendiza[m] | #link https://review.opendev.org/q/topic:cve-2022-3100 | 13:26 |
| dmendiza[m] | I'm currently working on the Victoria patch, but the Victoria gates are a mess | 13:26 |
| dmendiza[m] | so it's taking a bit longer than it should. | 13:26 |
| dmendiza[m] | Once that's sorted I'll be backporting the fix all the way back to Train | 13:27 |
| dmendiza[m] | Stein and older branches are EOL and folks should upgrade to a newer release to get the fix. | 13:27 |
| dmendiza[m] | d34dh0r53: anything else you want to add for this topic? | 13:28 |
| dmendiza[m] | I want to say that d34dh0r53 is working on an OSSA for this | 13:31 |
| dmendiza[m] | OK, moving on | 13:33 |
| dmendiza[m] | #topic PTG Planning | 13:33 |
| dmendiza[m] | It's that time again | 13:33 |
| dmendiza[m] | #link https://openinfra.dev/ptg/ | 13:33 |
| dmendiza[m] | We've got two weeks to come up with an agenda | 13:34 |
| dmendiza[m] | I'll probably spend some time with xek and ade_lee reviewing the last PTG notes to get things started | 13:34 |
| dmendiza[m] | Etherpad for topic ideas is here: | 13:35 |
| dmendiza[m] | #link https://etherpad.opendev.org/p/antelope-ptg-barbican | 13:35 |
| dmendiza[m] | #action xek and dmeniza[m] to reserve time slots for Barbican sessions during PTG | 13:35 |
| dmendiza[m] | I think we'll stick to 2x 2hr blocks on different days again | 13:36 |
| dmendiza[m] | Any questions/commets about the upcoming PTG? | 13:38 |
| dmendiza[m] | OK, moving on | 13:40 |
| dmendiza[m] | #topic New meeting time proposal | 13:40 |
| dmendiza[m] | Now that xek is the brand new shiny PTL we'll need to move this meeting | 13:41 |
| dmendiza[m] | because xek has a conflict at this time | 13:41 |
| dmendiza[m] | I should say he has a conflicting meeting. | 13:41 |
| xek | I have a conflict, so I propose to move it 1 hour later | 13:41 |
| dmendiza[m] | oh hi Grzegorz Grasza ! | 13:41 |
| dmendiza[m] | 1 hr later would work for me | 13:41 |
| dmendiza[m] | how about you, Luzi ? | 13:41 |
| dmendiza[m] | ... maybe Luzi had to run ... | 13:46 |
| xek | I'll send out an email before I change the meeting time | 13:46 |
| dmendiza[m] | sounds good | 13:46 |
| dmendiza[m] | #info This meeting time is proposed to move to an hour later | 13:47 |
| dmendiza[m] | OK, moving on | 13:47 |
| dmendiza[m] | #topic Secret Consumers | 13:47 |
| dmendiza[m] | Not a whole lot of progress on the client side | 13:47 |
| dmendiza[m] | I've been busy with CVE things and haven't gotten a chance to update the first python-barbicanclient patch | 13:48 |
| xek | dmendiza: you can +w the spec change, since the implementation already merged: https://review.opendev.org/c/openstack/barbican-specs/+/856759 | 13:48 |
| dmendiza[m] | Grzegorz Grasza: we should probably update the Core team | 13:49 |
| dmendiza[m] | Grzegorz Grasza: I'll add you and you can +W yourself 😄 | 13:49 |
| ade_lee | dmendiza[m], xek one hour later puts this meeting 10 minutes from now , right? | 13:49 |
| dmendiza[m] | ade_lee: correct ... overlaps with both PGM and FIPS for you | 13:49 |
| ade_lee | yup | 13:50 |
| dmendiza[m] | I'd be down with an hour earlier also | 13:50 |
| dmendiza[m] | but that might be too early for d34dh0r53 | 13:50 |
| d34dh0r53 | I can make that work | 13:51 |
| d34dh0r53 | dmendiza[m]: ^ | 13:51 |
| dmendiza[m] | Grzegorz Grasza: what does 1 hr earlier look like for you? (1200 UTC)? | 13:52 |
| xek | dmendiza: looks good | 13:52 |
| dmendiza[m] | OK, let's plan for that, hopefully that'll also work for Luzi | 13:53 |
| dmendiza[m] | back to Secret Consumers | 13:56 |
| dmendiza[m] | I'll continue to work on that as soon as we get all these CVE patches backported | 13:56 |
| dmendiza[m] | afaranha_ and Mauricio are also helping out with the Castellan bits | 13:56 |
| dmendiza[m] | ... | 13:56 |
| dmendiza[m] | and we're just about out of time | 13:56 |
| dmendiza[m] | #topic Open Discussion | 13:56 |
| dmendiza[m] | Anything else y'all want to talk about during the last couple of minutes? | 13:57 |
| dmendiza[m] | Thanks for joining, y'all! | 14:01 |
| dmendiza[m] | #endmeeting | 14:01 |
| opendevmeet | Meeting ended Tue Oct 4 14:01:48 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/barbican/2022/barbican.2022-10-04-13.00.html | 14:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/barbican/2022/barbican.2022-10-04-13.00.txt | 14:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/barbican/2022/barbican.2022-10-04-13.00.log.html | 14:01 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!