| opendevreview | Seyeong Kim proposed openstack/nova master: libvirt: Support boot_index for multiple block devices https://review.opendev.org/c/openstack/nova/+/963665 | 00:45 |
|---|---|---|
| *** mhen_ is now known as mhen | 02:15 | |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: create generic check for mem encryption support by host https://review.opendev.org/c/openstack/nova/+/967969 | 07:27 |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: stop using _get_mem_encryption_config() for SEV checks https://review.opendev.org/c/openstack/nova/+/967970 | 07:27 |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: remove explicit SEV dependency from nova.scheduler.utils https://review.opendev.org/c/openstack/nova/+/967971 | 07:27 |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: make RP creation independent of specific encryption models https://review.opendev.org/c/openstack/nova/+/967972 | 07:27 |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: fix code that assumes SEV in configuring guests https://review.opendev.org/c/openstack/nova/+/967973 | 07:27 |
| opendevreview | Taketani Ryo proposed openstack/nova master: mem-enc: fix requirement checks for mem_encryption guests https://review.opendev.org/c/openstack/nova/+/967974 | 07:27 |
| opendevreview | Artem Vasilyev proposed openstack/nova master: Fix functional tests on macOS https://review.opendev.org/c/openstack/nova/+/937727 | 08:38 |
| opendevreview | Artem Vasilyev proposed openstack/nova master: Fix functional tests on macOS https://review.opendev.org/c/openstack/nova/+/937727 | 08:38 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/nova-specs master: [spec] Add Cross-AZ scheduling blueprint https://review.opendev.org/c/openstack/nova-specs/+/900296 | 16:16 |
| thill | Hello! Looking for additional feedback on this spec https://review.opendev.org/c/openstack/nova-specs/+/968065. Hoping to work through ideas/concerns to find a solution to our problem and it's proving to be a bit more difficult than anticipated. | 16:41 |
| sean-k-mooney | thill: ignoring the detail of the spec for a minute teh spec freeze for this cycle was last thursday meaing that by defult this will have to be repropsoed for 2026.2 | 18:35 |
| sean-k-mooney | in general usign teh nvoa user to allwo access to a resuce that a user could not otherwise use si privldage eslcaltion so allwoign a user to boot form a image they canot normally download is generally a security problem | 18:37 |
| sean-k-mooney | the user can exfiltrate any data form teh image by just booting form a rescue image and copyint the block device or chreating a snapshot and download that | 18:38 |
| sean-k-mooney | so im not really seaing a compleing reason to supprot booting from an image you cant download | 18:38 |
| jgwentworth | sean-k-mooney: that's my thought on it as well ... if you can boot an instance from an image, you can effectively download the image. I appreciate that having to copy it is more difficult than being able to use the download API ... but the fact that the user can still effectively download it makes the idea of "can boot but cannot download" not so compelling to me either | 19:01 |
| *** jgwentworth is now known as melwitt | 19:01 | |
| thill | Fair enough! I don't have any arguments against that logic at this point. I'll bubble this up and see what we want to do going forward. Thank you! | 19:38 |
| opendevreview | Merged openstack/nova master: Use consistent program name for wsgi scripts and entry points https://review.opendev.org/c/openstack/nova/+/942605 | 22:18 |
| *** melwitt is now known as jgwentworth | 22:31 | |
| *** jgwentworth is now known as melwitt | 22:32 | |
| JayF | Stable patch for Ironic 2024.2, already +2 from Elod, everything applied cleanly, if someone would help me land it'd be awesome: https://review.opendev.org/c/openstack/nova/+/969833 | 23:02 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!