| *** rlandy|rover|biab is now known as rlandy|rover | 00:33 | |
| *** rlandy|rover is now known as rlandy|out | 01:08 | |
| *** tkajinam is now known as Guest2162 | 02:04 | |
| *** tkajinam is now known as Guest2174 | 03:28 | |
| *** yadnesh|away is now known as yadnesh | 04:03 | |
| *** ysandeep|out is now known as ysandeep | 04:49 | |
| *** ysandeep is now known as ysandeep|ruck | 04:49 | |
| *** tkajinam is now known as Guest2179 | 05:36 | |
| *** yadnesh is now known as yadnesh|afk | 08:20 | |
| *** jpena|off is now known as jpena | 08:22 | |
| *** yadnesh|afk is now known as yadnesh | 08:51 | |
| *** jpena is now known as jpena|off | 08:56 | |
| *** jpena|off is now known as jpena | 08:57 | |
| *** dviroel|afk is now known as dviroel | 11:20 | |
| *** rlandy|out is now known as rlandy|rover | 11:23 | |
| *** dviroel_ is now known as dviroel | 11:38 | |
| *** dviroel_ is now known as dviroel | 12:16 | |
| *** dasm|off is now known as dasm | 13:55 | |
| ade_lee__ | fungi, hey -- so where are we with https://review.opendev.org/c/openstack/project-config/+/861457 ? | 14:24 |
|---|---|---|
| ade_lee__ | frickler, fungi - what do we need to do to move this forward? | 14:26 |
| fungi | ade_lee__: i think frickler wanted to get the tc to decide whether it was acceptable for openstack projects to test upstream with privileged access to resources not all developers would be able to install on their own systems (without buying licenses) | 14:34 |
| *** frenzy_friday is now known as frenzy_friday|doc | 14:43 | |
| *** blarnath is now known as d34dh0r53 | 14:53 | |
| ade_lee__ | fungi, even if the relevant resource is available for them to use and download locally - and just not get support? | 14:54 |
| fungi | ade_lee__: i guess that's one thing we could do... not obfuscate the token as a zuul secret in a config project and instead add it in plaintext directly to a playbook in an untrusted project like openstack-zuul-jobs as a normal ansible variable | 15:33 |
| fungi | not sure if that alleviates all of frickler's concerns | 15:33 |
| ade_lee__ | fungi, do we have precedent or any other case where we plan to do something similar? | 15:40 |
| fungi | ade_lee__: precedent is subjective. for example, openstack already mirrors git refs to github (obviously not open source) using a credential encoded as a zuul secret. openstack tests upstream on some kinds of specialized hardware which not every developer has access to. openstack has test jobs which are simply not feasible to try to run locally on developers' systems... none of those is | 15:48 |
| fungi | exactly the same but they do have similar aspects | 15:48 |
| frickler | if "the relevant resource is available for them to use and download locally", why do we need that token at all? | 15:56 |
| frickler | the feedback from the tc so far was vague and there seemed to be diverging opinions there, too | 16:00 |
| *** yadnesh is now known as yadnesh|away | 16:12 | |
| fungi | i think by "relevant resource" he meant the token itself could be downloaded and used (if we switched to a plaintext representation) | 16:16 |
| fungi | frickler: if you are looking for non-vague consensus from the tc, you're really going to have to either put a motion on next week's meeting agenda and hope for sufficient quorum to be able to hold a vote, or propose a resolution to openstack/governance and have the tc members vote through code review | 16:17 |
| *** dviroel is now known as dviroel|lunch | 16:19 | |
| *** dasm is now known as dasm|off | 16:23 | |
| *** dviroel|lunch is now known as dviroel | 17:00 | |
| *** jpena is now known as jpena|off | 17:33 | |
| *** frenzy_friday|doc is now known as frenzy_friday | 17:36 | |
| frickler | I don't think I'm motivated to drive that. I think the path forward best would be to look for votes/reviews from other config-cores | 17:48 |
| fungi | clarkb: ianw: mnaser: ^ as the other config-core reviewers in this channel, feedback on https://review.opendev.org/861457 "Add an Ubuntu FIPS testing token" is requested | 17:57 |
| clarkb | I think adding the secret is probably fine as it will help us learn more. I do think that if openstack wanted to require the testing with fips on ubuntu or similar then openstack should consider these concerns. | 18:01 |
| clarkb | Basically I don't think the line is at investigating making it working. Its more at applying it everywhere or requiring it | 18:01 |
| *** dmellado_ is now known as dmellado | 18:01 | |
| *** dmellado_ is now known as dmellado | 18:04 | |
| *** dasm|off is now known as dasm | 20:31 | |
| *** dviroel is now known as dviroel|afk | 20:37 | |
| *** dasm is now known as dasm|off | 22:25 | |
| *** rlandy|rover is now known as rlandy|out | 23:09 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!