Saturday, 2023-03-11

vanouJayF: Thanks for reply. Preparation for conference should have higher priority :) And nice article! Even there comes layers of abstraction (like cloud), still hardware is important. Because new tech stems from new evolution in physical world, we should continue to craft/design things around hardware/os layer.00:11
vanouJayF: Agree to add Ironic to VMT managed list. Agree to let unofficial libraries have their own disclosure process&doc. One thing I'm worried is, when needed, how Ironic community and unoffical library owner collaborate in resolving vulnerability. Such case will occur when both Ironic and unofficial library need to be modified to resolve vulnerability.00:22
vanouJayF: In such case, we need brief policy of how Ironic community and owner of unofficial library collaborate. One idea is 1)Report Ironic vulnerability, whose cause is in Ironic or both Ironic and unoffical library, through same process as VMT. 2)Ironic community and owner of unofficial library communicate through private channel to determine how to collaborate. 3)Create00:30
vanoupatches of Ironic and unoffcial library, with VMT process regarding Ironic & unoffcial library process regarding unofficial library. 4)Publish patches of both Ironic and unoffcial library at same time00:30
JayFvanou: My opinion on those issues is mainly that we shouldn't need a policy for events that are extremely rare. We should be able to trust that Ironic core contributors and library core contributors will work together in good faith to resolve the issue.01:19
JayFvanou: In fact; if you think this is worth pursuit, it likely is something that may be better suited for governance at the OpenStack-wide level, as Ironic is not the only hardware-driver-consuming project in OpenStack.01:19
vanouJayF: In such rare case, even we don't create detailed policy, it's worth to put basic policy. When I consult Ironic about vul I resolved, I'm worried if 1)Ironic community is open to collaborate with me to solve vul. 2)Ironic community collaborate in reasonable manner to handle vul, e.g. collaborate in private way to create patch.01:53
vanouJayF: Just put 2 things in doc is enough I think: If Ironic community is asked by owner of unofficial library, 1)Ironic community is open and willing to collaborate to solve such rare vul 2)Ironic community is willing to collaborate in resonable manner, which means follwing good manner to handle vul (e.g. craft vul patch in private till fix is published), to handle vul.01:58
TheJuliasschmitt_: well, if memory serves, those are pids still using the device. That feels like buffered IO is not getting flushed out in time, or there is a connectivity loss which is hanging the processes. I suspect you’d need to monitor free/buffered ram and evaluate the kernel log for connectivity loss02:04
TheJuliaThat would be on the conductor, for what it is worth.02:04

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!