Wednesday, 2018-05-16

« Tuesday, 2018-05-15 Index Thursday, 2018-05-17 »
*** hongbin has joined #openstack-requirements00:57
*** edmondsw has joined #openstack-requirements01:18
*** edmondsw has quit IRC01:22
*** andreas_s has joined #openstack-requirements02:15
*** andreas_s has quit IRC02:19
openstackgerritNguyen Van Trung proposed openstack/requirements master: Allow Pygments in openstack/requirements  https://review.openstack.org/56872902:55
*** hongbin has quit IRC02:57
openstackgerritNguyen Van Trung proposed openstack/requirements master: Allow Pygments in openstack/requirements  https://review.openstack.org/56872903:11
*** edmondsw has joined #openstack-requirements04:32
*** udesale has joined #openstack-requirements05:11
*** snapiri has joined #openstack-requirements05:32
*** andreas_s has joined #openstack-requirements06:14
*** udesale has quit IRC06:27
*** udesale has joined #openstack-requirements06:29
openstackgerritOpenStack Proposal Bot proposed openstack/requirements master: Updated from generate-constraints  https://review.openstack.org/56875806:32
*** edmondsw has quit IRC06:49
*** udesale has quit IRC06:58
openstackgerritTony Breeds proposed openstack/requirements master: Bump zVMCloudConnector to 1.1.1  https://review.openstack.org/56876307:01
*** udesale has joined #openstack-requirements07:07
*** udesale has quit IRC07:19
*** udesale has joined #openstack-requirements07:24
*** florianf has joined #openstack-requirements07:34
*** dims has quit IRC07:59
*** dims has joined #openstack-requirements08:02
*** dims has quit IRC08:07
*** dims has joined #openstack-requirements08:07
*** edmondsw has joined #openstack-requirements08:20
*** edmondsw has quit IRC08:25
*** edmondsw has joined #openstack-requirements10:08
*** edmondsw has quit IRC10:13
*** lxkong has left #openstack-requirements11:15
*** edmondsw has joined #openstack-requirements11:57
*** edmondsw has quit IRC12:01
*** edmondsw has joined #openstack-requirements12:07
*** edmondsw has quit IRC12:07
*** mriedem has joined #openstack-requirements12:25
mriedemprometheanfire: if i'm reading this error correctly, http://logs.openstack.org/25/524425/13/check/requirements-check/e0b71dc/job-output.txt.gz#_2018-05-15_21_31_07_114195 is because i've got oslo.policy>=1.35.0 in nova's requirements.txt https://review.openstack.org/#/c/524425/13/requirements.txt but it's only 1.30.0 in lower-constraints.txt in openstack/requirements https://github.com/openstack/requirements/blob/mast12:25
mriedemower-constraints.txt#L440 is that correct?12:25
mriedemit would be nice if https://docs.openstack.org/requirements/latest/ gave more instruction on updating requirements.txt in a project now regarding any related changes to lower-constraints.txt12:31
*** edmondsw has joined #openstack-requirements12:36
openstackgerritMatt Riedemann proposed openstack/requirements master: Bump oslo.policy to 1.35.0 in lower-constraints  https://review.openstack.org/56883512:54
openstackgerritMatt Riedemann proposed openstack/requirements master: Require wsgi-intercept 1.7.0  https://review.openstack.org/56168713:13
mriedemoh maybe this is because nova has a lower-constraints file now... https://github.com/openstack/nova/blob/master/lower-constraints.txt#L8613:19
mriedemguess i need to rebase13:19
mriedemsmcginnis: dhellmann: do you know if we need to bump lower-constraints in the requirements repo if we also bump requirements in our own repo (nova in this case)?13:20
mriedemthat's how g-r used to work, but i know things are different and weird now13:20
dhellmannmriedem : no, you do not need to modify the lower-constraints list in the requirements repo13:20
dhellmannwe're going to eventually deprecate that, but need to build a tool to merge lower-constraints files from other sources first13:20
mriedemok, why does it exist?13:20
mriedemok13:20
dhellmannit was an early attempt to provide some guidance to deployers/packagers about the overall global lower bounds13:21
dhellmannbut we've determined that it's not the right way to do that13:21
dhellmannmriedem : I would appreciate your feedback on the basic steps outlined for updating requirements in https://docs.openstack.org/project-team-guide/dependency-management.html#update-processes13:31
dhellmannwe probably need to do a better job of communicating those13:31
dhellmanns/we/I/13:31
mriedemdhellmann: oh i wouldn't have even thought to look there, i was looking in the requirements repo docs13:32
mriedemyeah i can check out those docs13:32
dhellmannI guess we need a link then :-)13:32
dhellmannyeah, I've been trying to encourage cross-project teams to update the team guide with stuff we assume to be standard, because often folks don't even know there *is* a team managing something13:33
mriedemyeah i wouldn't expect someone new to know there is a requirements specific repo with it's own docs and process13:42
*** cjloader has joined #openstack-requirements13:47
*** udesale_ has joined #openstack-requirements13:55
*** udesale has quit IRC13:58
prometheanfiremriedem: still need help?15:06
mriedemprometheanfire: don't think so, got my patch passing the requirements job now15:10
mriedemthanks15:10
prometheanfire:D15:11
prometheanfiredhellmann: mind poking https://review.openstack.org/568763 ?  would like to get the webob fix done today15:14
mriedemdhellmann: assume https://docs.openstack.org/project-team-guide/dependency-management.html#format "Version specifiers" should be removed now?15:15
mriedemg-r doesn't have versions in it anymore b/c l-c and u-c handle those now15:15
mriedemhttps://docs.openstack.org/project-team-guide/dependency-management.html#tox is also way out of date i think, everything should be using u-c by now15:15
mriedemhttps://docs.openstack.org/project-team-guide/dependency-management.html#updating-the-minimum-version-of-a-dependency lgtm and is what i was missing earlier15:16
prometheanfiremriedem: format, version specifiers are still permitted, but just for exclusions (and maybe caps if absolutely needed), the section is fine other than that15:18
prometheanfireya, the tox section should be killed15:19
mriedemok15:19
dhellmannprometheanfire : done15:23
dhellmannmriedem : the stuff on version specifiers should be updated to say that we don't take minimum values (>= or >) but do take !=15:24
*** kiennt26 has joined #openstack-requirements15:24
mriedemdhellmann: prometheanfire: want me to push a docs change for those two things?15:25
dhellmannmriedem : sure, that would be great, thanks!15:25
*** kiennt26 has quit IRC15:28
*** andreas_s has quit IRC15:30
*** andreas_s has joined #openstack-requirements15:30
mriedemhttps://review.openstack.org/56888315:35
*** andreas_s has quit IRC15:44
*** andreas_s has joined #openstack-requirements15:49
mugsieprometheanfire: re https://review.openstack.org/568729 - I think sphinx is bringing it in when it hits a code block?15:54
mugsieI really can't tell though15:54
*** mriedem has left #openstack-requirements15:54
openstackgerritGraham Hayes proposed openstack/requirements master: Allow Pygments in openstack/requirements  https://review.openstack.org/56872915:56
*** andreas_s has quit IRC15:58
openstackgerritOpenStack Proposal Bot proposed openstack/requirements stable/queens: update constraint for ovsdbapp to new release 0.10.1  https://review.openstack.org/56889116:00
*** andreas_s has joined #openstack-requirements16:01
*** udesale_ has quit IRC16:02
prometheanfiremugsie: it's possible, but if so, shouldn't it be a dep of sphinx?16:05
mugsieit is ....16:05
mugsiehttps://github.com/sphinx-doc/sphinx/blob/master/setup.py#L2116:06
mugsiewhy didnt that get picked up :/16:06
*** andreas_s has quit IRC16:06
openstackgerritYAMAMOTO Takashi proposed openstack/requirements master: Restore Sphinx in upper-constraints.txt  https://review.openstack.org/56824816:07
*** andreas_s has joined #openstack-requirements16:13
*** edmondsw has quit IRC16:15
*** andreas_s has quit IRC16:18
*** edmondsw_ has joined #openstack-requirements16:18
prometheanfiremugsie: not sure, we are using sphinx-1.6.7 though16:22
prometheanfiresee https://review.openstack.org/56824816:22
*** edmondsw_ has quit IRC16:23
*** florianf has quit IRC16:26
*** ralonsoh has joined #openstack-requirements17:04
*** ralonsoh has quit IRC17:04
openstackgerritMerged openstack/requirements master: Bump zVMCloudConnector to 1.1.1  https://review.openstack.org/56876317:24
*** edmondsw has joined #openstack-requirements18:57
openstackgerritMerged openstack/requirements master: update constraint for oslo.rootwrap to new release 5.14.1  https://review.openstack.org/56843719:17
prometheanfire~1h10m til meeting19:21
*** dtroyer has quit IRC19:28
*** dtroyer has joined #openstack-requirements19:28
*** andreas_s has joined #openstack-requirements20:15
*** andreas_s has quit IRC20:19
prometheanfire#startmeeting requirements20:31
openstackMeeting started Wed May 16 20:31:13 2018 UTC and is due to finish in 60 minutes.  The chair is prometheanfire. Information about MeetBot at http://wiki.debian.org/MeetBot.20:31
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.20:31
*** openstack changes topic to " (Meeting topic: requirements)"20:31
openstackThe meeting name has been set to 'requirements'20:31
prometheanfire#topic rollcall20:31
*** openstack changes topic to "rollcall (Meeting topic: requirements)"20:31
prometheanfiretonyb, prometheanfire, number80, dirk, coolsvap, toabctl, smcginnis, dhellmann20:31
prometheanfireo/20:31
dhellmanno/20:31
tonyb\o20:31
smcginniso/20:31
prometheanfire:D20:33
prometheanfire#topic Any controversies in the Queue?20:33
*** openstack changes topic to "Any controversies in the Queue? (Meeting topic: requirements)"20:33
prometheanfirehttps://review.openstack.org/558604 I'd say20:33
smcginnisHmm, I think you are right about it being a security issue.20:35
tonybI though we discuessed that20:35
tonybhow is it a security issue?20:35
prometheanfiretonyb: I think we did, the main change now is that 3.25.1 is out20:35
smcginnisIsn't not exposing plain text passwords a security issue?20:36
prometheanfirehttps://github.com/openstack/oslo.concurrency/commit/0c4718fcb77e9f4e3a22ae458869b7294b7bc91f20:36
prometheanfire#link https://github.com/openstack/oslo.concurrency/commit/0c4718fcb77e9f4e3a22ae458869b7294b7bc91f20:37
tonybsmcginnis: IIIUC it's transalating /dev/mapper/vg-my-lv-called-password into /dev/mapper/vg-my-lv-called-p***20:37
tonybwhich seems to be doing to opposite to exposing passwords ;P20:37
prometheanfire#link https://bugs.launchpad.net/oslo.utils/+bug/148238220:38
openstackLaunchpad bug 1482382 in Cinder "mask_password is overzealous" [Undecided,In progress] - Assigned to prashkre (prashkre)20:38
prometheanfireya, bug title makes it sound like it's going the other way20:38
tonybSo if my reading is right *and* the fix is in 3.25.1 we can close the requirements bump20:39
tonybthen the cinder team can just backport the fix20:39
prometheanfireit is looking like that20:40
tonybideally it'd add an extra hunk to detect the version of oslo.concurrency and "do the rigth thing" but IMO that isn't *required*20:40
smcginnisSo you're saying Cinder would detect which version of oslo.concurreny is being used and perform the santization itself if it's an older one?20:41
tonybsmcginnis: No20:41
tonybsmcginnis: cinder would detect the version of oslo.concurreny and bypass it to *avoid* sanitizin the output on older versions (or those without the sanitize_stdout kwarg20:42
tonybsmcginnis: but I don't really think that's required20:43
smcginnisSince it's pretty much the only thing in 3.25.1, it seems like bumping that would be the safer approach.20:45
tonybsmcginnis: We'd need to look at the versions that $distros have packaged20:46
prometheanfiresafer, but since queens still should be syncing reqs that means re-releases20:46
prometheanfire     Available versions:  3.21.1 3.25.0 ~3.25.1 {test PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6"}20:46
prometheanfirehere20:46
smcginnisYeah20:46
prometheanfireisn't stable yet, but 'soon'20:47
tonybsmcginnis: we don't bump minimums on stable branches as that makes all the distros do extar work which they've balked at befoer20:47
dhellmannwe usually just update the constraint for the new release and leave it up to downstream to pull it in20:47
prometheanfireif it's not a security vuln that's fixed (and it doesn't look like this is) then we don't need to bump or exclude anything I don't think20:48
dhellmannit could offer a dos vector if the volume can't be deleted20:48
tonybdhellmann: Yup, and that's what I'm proposing as I don't think this meets our guidlines for minimum bumps on stable/*20:48
dhellmannit's not clear why the parameters to the command are being sanitized though20:49
dhellmannbefore it's run, that is20:49
dhellmannoh, looking at the patch I get it20:49
tonybwe're calling command_b with the output from command_b and that output is being sanitized IIUC20:49
dhellmannso yeah, I don't think cinder needs to do anything here if we update the constraint20:50
prometheanfirehttps://github.com/openstack/requirements/blob/stable/queens/upper-constraints.txt#L2420:50
prometheanfirealready updated20:50
dhellmanncool20:51
prometheanfireok, going to close it20:51
smcginnis+120:51
prometheanfireI'll abandon with a message20:51
dhellmannthinking about this sort of thing for the future, we may want to automate some sort of block on changing minimum values on stable branches20:52
dhellmannalthough that can lead to broken gates, I guess20:52
smcginnisYeah, I think there's always exceptions that need subjective evaluation.20:52
dhellmannbut now that the lower bounds are controlled by project teams, it will be harder to catch "but we had a bug in a library" updates20:52
smcginnisAutomatic blocking could cause issues.20:53
smcginnisTrue20:53
tonybYup20:53
prometheanfireI'm going to abandon the rsd-lib and rsdclient bumps as well20:53
tonybwe can brainstorm it befoer August ;P20:53
dhellmannso maybe it's just a matter of reminding folks about that20:53
tonybprometheanfire: I thought they were okay just waiting for input?20:53
prometheanfirethe sphinx 1.7.x change needs a ml thread, because it's a breaking thing20:53
prometheanfiretonyb: it's been a week20:53
tonybprometheanfire: your call but I'm not sure they need to be rejected20:54
tonybprometheanfire: Yeah it seems like we can't use 1.6 or 1.7 without braking someone20:54
prometheanfirethey can be re-opened (and I'll note as such)20:54
tonybmy feel is go back to 1.7.4 and get the affetced projects to fix the docs20:55
prometheanfireagreed20:55
prometheanfireguess I'll email the list about that20:55
tonybprometheanfire: danke20:56
prometheanfirenothing else for me20:56
prometheanfireI'd like someone to review the uc bot bump (finally on the new webob :D20:56
tonybprometheanfire: Okay I'll look it over today20:57
prometheanfirethanks20:57
prometheanfirethe only thing we should have to chage in the bot update is pika now20:57
* tonyb was thinking we should add a "manual-updates.txt" into the repo so that as we find $things that we know are broken we can add them to that file and therefore avoid the bot updating those things20:58
tonybI feel like that'd save a bunch of manual messing with the generated changes20:59
prometheanfireI kinda like having the anoying stuff21:00
prometheanfiremakes me want to fix it21:00
prometheanfire#topic Open Discussion21:00
*** openstack changes topic to "Open Discussion (Meeting topic: requirements)"21:00
tonybprometheanfire: Okay, I feel like it slows us down21:00
prometheanfiretonyb: probably does21:01
prometheanfiregonna close this unless someone speaks up21:02
* tonyb is good21:02
prometheanfireeyes on https://review.openstack.org/568729 would be nice, but that's it21:02
prometheanfire#endmeeting21:03
*** openstack changes topic to "OpenStack Requirements - IRC meetngs on Wednesdays @ 07:00 UTC in here in #openstack-requirements - See agenda @ http://tinyurl.com/h44ryuw - IRC channel is *LOGGED* @ http://tinyurl.com/j38rk24"21:03
openstackMeeting ended Wed May 16 21:03:50 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:03
openstackMinutes:        http://eavesdrop.openstack.org/meetings/requirements/2018/requirements.2018-05-16-20.31.html21:03
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/requirements/2018/requirements.2018-05-16-20.31.txt21:03
openstackLog:            http://eavesdrop.openstack.org/meetings/requirements/2018/requirements.2018-05-16-20.31.log.html21:03
tonybI looked at it but need to mul it over, I think we need it added to blacklist.txt and possible lower-constarints.txt21:04
smcginniso/21:04
prometheanfirewas wondering why we didn't get fails for it, I did see it in UC.txt at least21:04
prometheanfirestill wondering why they need to pull it in explicitly21:04
*** cjloader_ has joined #openstack-requirements21:57
*** cjloader has quit IRC21:57
*** cjloader has joined #openstack-requirements22:02
*** cjloader_ has quit IRC22:02
*** cjloader has quit IRC22:07
*** otherwiseguy has quit IRC22:15
*** pabelanger has quit IRC22:15
*** otherwiseguy has joined #openstack-requirements22:22
*** otherwiseguy has quit IRC22:26
*** pabelanger has joined #openstack-requirements22:34
*** otherwiseguy has joined #openstack-requirements22:36
*** edmondsw has quit IRC22:50
openstackgerritMerged openstack/requirements master: Updated from generate-constraints  https://review.openstack.org/56845122:56
*** edmondsw has joined #openstack-requirements23:11
*** pabelanger has quit IRC23:17
*** otherwiseguy has quit IRC23:18
*** pabelanger has joined #openstack-requirements23:20
*** otherwiseguy has joined #openstack-requirements23:21
openstackgerritMerged openstack/requirements master: Restore Sphinx in upper-constraints.txt  https://review.openstack.org/56824823:56
« Tuesday, 2018-05-15 Index Thursday, 2018-05-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!