| opendevreview | Vishal Manchanda proposed openstack/horizon master: Add Image "architecture" details in Image Detail View Page https://review.opendev.org/c/openstack/horizon/+/866173 | 14:41 |
|---|---|---|
| vishalmanchanda | #startmeeting horizon | 15:00 |
| opendevmeet | Meeting started Wed Nov 30 15:00:12 2022 UTC and is due to finish in 60 minutes. The chair is vishalmanchanda. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'horizon' | 15:00 |
| vishalmanchanda | hello, anyone around for horizon weekly meeting? | 15:01 |
| vishalmanchanda | Looks like no one around. | 15:05 |
| rdopiera | o/ | 15:05 |
| rdopiera | but I don't really have anything... | 15:05 |
| vishalmanchanda | rdopiera: np. | 15:06 |
| vishalmanchanda | I got two updates | 15:06 |
| vishalmanchanda | agenda of meeting can be found here https://etherpad.opendev.org/p/horizon-release-priorities#L31 | 15:06 |
| vishalmanchanda | I have no announcement for this week. | 15:06 |
| vishalmanchanda | moving to Release priorities topic | 15:07 |
| vishalmanchanda | #topic Release priorities | 15:07 |
| vishalmanchanda | Patch to migrate CI job to 2023.1 runtime https://review.opendev.org/c/openstack/horizon/+/865453 is ready for review | 15:07 |
| vishalmanchanda | rdopiera: please take a look | 15:07 |
| vishalmanchanda | I have migrated nodeset to Debian 11 which pass the CI jobs | 15:08 |
| vishalmanchanda | It is also runtime for 2023.1 cycle. | 15:09 |
| vishalmanchanda | https://governance.openstack.org/tc/reference/runtimes/2023.1.html | 15:09 |
| rdopiera | vishalmanchanda: what is firefox-esr? | 15:09 |
| vishalmanchanda | rdopiera: you mean why these job not fail on debian? | 15:10 |
| vishalmanchanda | rdopiera: actually some issue with snap package with firefox on ubuntu. | 15:11 |
| rdopiera | no, you are adding an extra entry in bindep.txt | 15:11 |
| rdopiera | I know why firefox is failing on ubuntu, and I'm pretty happy about switching to debian | 15:11 |
| rdopiera | snaps are cancer | 15:11 |
| vishalmanchanda | rdopiera: ok, that is because in case of debian firefox package avaialble as 'firefox-esr' | 15:12 |
| rdopiera | oh, I see, thanks | 15:13 |
| vishalmanchanda | Please add your vote and suggestion on the patch. | 15:13 |
| vishalmanchanda | moving to next topic. | 15:14 |
| vishalmanchanda | Drop nodejs 16 jobs | 15:14 |
| vishalmanchanda | As you can see in patch https://review.opendev.org/c/openstack/horizon/+/865293 | 15:15 |
| vishalmanchanda | nodejs18 passing in horizon and all plugins. | 15:15 |
| vishalmanchanda | So now we can drop nodejs 16 jobs. | 15:15 |
| vishalmanchanda | here is patch for that https://review.opendev.org/c/openstack/horizon/+/865661 | 15:16 |
| vishalmanchanda | please take a look once you have time. | 15:16 |
| vishalmanchanda | that's all update from my side for this week. | 15:17 |
| vishalmanchanda | moving to next topic | 15:17 |
| vishalmanchanda | #topic open-discussion | 15:17 |
| vishalmanchanda | I have one patch to discuss. | 15:17 |
| vishalmanchanda | I was thinking if should migrate django to 4.0 version | 15:18 |
| vishalmanchanda | Initial patch for that is https://review.opendev.org/c/openstack/horizon/+/851261 | 15:19 |
| vishalmanchanda | rdopiera: Could you take a look at it and once it merged. I will resolve merge conflict for other 2 patches in series. | 15:20 |
| rdopiera | didn't we just migrate to 3.0 | 15:20 |
| rdopiera | I'm not ready | 15:20 |
| vishalmanchanda | rdopiera: hehe yeah that was in last cycle I guess. | 15:21 |
| vishalmanchanda | rdopiera: I was asking because if we support django 4.x then horizon can also support FIP. | 15:22 |
| rdopiera | I suppose the earier we do it, the less painful it will be | 15:23 |
| rdopiera | by the way, did you see that security issue about websso and the referer headers? | 15:24 |
| vishalmanchanda | true, but there is no harm in doing it now. | 15:24 |
| vishalmanchanda | rdopiera: nope, I forgot | 15:25 |
| rdopiera | I wanted to look into it, but I can't find any documentation on websso itself | 15:25 |
| vishalmanchanda | rdopiera: is it a private bug? | 15:25 |
| rdopiera | so I am not sure if it actually requires the referer | 15:26 |
| rdopiera | it's launchpad 1980349 | 15:26 |
| amotoki | I think there is no document on websso implementation | 15:26 |
| rdopiera | I mean the specification for the protocol | 15:27 |
| rdopiera | not our implementatin | 15:27 |
| rdopiera | o | 15:27 |
| amotoki | I tried to understand the implementation when I glanced that bug, but could have enough time :-( | 15:27 |
| amotoki | got it | 15:27 |
| rdopiera | we know what our code does, but how do we know if that's correct? | 15:28 |
| vishalmanchanda | rdopiera: sorry, I completely forgot about this bug. will a look at it tomorrow. | 15:30 |
| vishalmanchanda | rdopiera: are you able to reproduce this bug? | 15:33 |
| rdopiera | No , I don't have a setup with websso | 15:34 |
| rdopiera | but looking at the code, I see no reason why the exploit wouldn't work | 15:35 |
| amotoki | it seems https://review.opendev.org/c/openstack/keystone-specs/+/133529/ is the original design of our websso. | 15:35 |
| amotoki | commit 7b57608ad000bd099f29ee9f9fa31d36b725cfea implemented it in horizon | 15:35 |
| rdopiera | great find, thank you | 15:36 |
| vishalmanchanda | amotoki: thanks for the links | 15:37 |
| amotoki | vishalmanchanda: back to Django 4.0 topic, why do we need to migrate to Django 4.0? | 15:38 |
| amotoki | Django 4.0 is NOT an LTS version, so we should keep the support for Django 3.2 at least. | 15:38 |
| amotoki | extra support of Django 4.0 is okay (as long as we have a bandwidth to do it) but it is completely optional | 15:39 |
| vishalmanchanda | amotoki: the only reason I am asking is because we can support FIPs tests then | 15:41 |
| vishalmanchanda | https://review.opendev.org/c/openstack/horizon/+/825875 | 15:41 |
| vishalmanchanda | if django 4.0 support is added in horizon | 15:41 |
| vishalmanchanda | There is some issue with django and FIPS which is fixed in django 4.0 | 15:43 |
| vishalmanchanda | that's why I am asking | 15:43 |
| amotoki | I am okay with either. Perhaps my patch series fixes UT at least. I don't know more though. | 15:44 |
| vishalmanchanda | Does anyone have any other topic to discuss? | 15:46 |
| vishalmanchanda | if nothing more to discuss, let's end this meeting. | 15:48 |
| vishalmanchanda | Thanks everyone for joing! | 15:48 |
| vishalmanchanda | #endmeeting | 15:49 |
| opendevmeet | Meeting ended Wed Nov 30 15:49:05 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:49 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/horizon/2022/horizon.2022-11-30-15.00.html | 15:49 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/horizon/2022/horizon.2022-11-30-15.00.txt | 15:49 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/horizon/2022/horizon.2022-11-30-15.00.log.html | 15:49 |
| *** Guest305 is now known as atmark | 21:07 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!