Monday, 2019-02-11

« Sunday, 2019-02-10 Index Tuesday, 2019-02-12 »
*** sdake has quit IRC03:08
*** sdake has joined #openstack-requirements03:08
*** udesale has joined #openstack-requirements04:02
*** hongbin has joined #openstack-requirements04:25
*** hongbin has quit IRC04:53
openstackgerritOpenStack Proposal Bot proposed openstack/requirements master: Updated from generate-constraints  https://review.openstack.org/63609106:14
*** e0ne has joined #openstack-requirements07:23
*** toabctl has joined #openstack-requirements07:26
*** e0ne has quit IRC07:47
*** e0ne has joined #openstack-requirements08:00
*** e0ne has quit IRC08:05
*** ccamacho has joined #openstack-requirements08:06
*** hberaud|gone is now known as hberaud08:46
*** finucannot is now known as stephenfin08:51
*** tosky has joined #openstack-requirements08:54
*** bnemec-pto has quit IRC08:57
*** bnemec has joined #openstack-requirements08:59
*** jpich has joined #openstack-requirements09:21
*** dtantsur|afk is now known as dtantsur09:48
*** hberaud is now known as hberaud|lunch11:44
*** udesale has quit IRC12:05
*** udesale has joined #openstack-requirements12:06
*** hberaud|lunch is now known as hberaud12:10
*** edmondsw has quit IRC13:46
openstackgerritTerry Wilson proposed openstack/requirements stable/rocky: Update ovsdbapp to 0.12.3 in stable/rocky  https://review.openstack.org/63613314:22
openstackgerritTerry Wilson proposed openstack/requirements stable/queens: Update ovsdbapp to 0.10.3 in stable/queens  https://review.openstack.org/63613414:23
*** edmondsw has joined #openstack-requirements14:27
openstackgerritsean mooney proposed openstack/requirements master: [DNM] test change  https://review.openstack.org/63613914:45
*** abhi89 has joined #openstack-requirements15:05
*** snapiri has quit IRC15:08
abhi89Hi All.. if i want to open a openstack bug whose fix would be updating version of a package in upper-constraints.txt or requirements file, then what project should i choose?15:12
abhi89this bug is not specific to any openstack service15:13
abhi89prometheanfire15:14
abhi89prometheanfire: ^^15:14
abhi89there is vulnerability in python-requests package before version 2.20.0 (https://nvd.nist.gov/vuln/detail/CVE-2018-18074)15:37
abhi89in stein's upper-constraints.txt, we have requests===2.21.0. no worries here, we are above 2.20.015:38
abhi89but in ocata, pike & queens, the version is below 2.20 & the vulerability exists.. should we be updating the version requirement for python-requests package?15:39
abhi89tonyb: ^^15:39
*** e0ne has joined #openstack-requirements16:04
*** udesale has quit IRC16:15
*** e0ne has quit IRC16:17
prometheanfireabhi89: reqs if it's requests16:17
prometheanfireabhi89: the problem you'll run in to is that projects on those old versions may not work with newer versions of requests16:18
prometheanfireabhi89: a ML thread may be good given it's impact16:18
*** e0ne has joined #openstack-requirements16:21
*** e0ne has quit IRC16:26
*** abhi89 has quit IRC16:28
*** e0ne has joined #openstack-requirements16:36
*** abhi89 has joined #openstack-requirements16:52
abhi89prometheanfire: i don't see any reqs project while trying to raise a bug!16:53
abhi89prometheanfire: sorry, i didnot follow the ML thread thing.. what does it mean16:53
prometheanfireabhi89: https://storyboard.openstack.org/#!/project/openstack/requirements16:54
prometheanfireabhi89: mailing list thread16:54
prometheanfireopenstack-discuss16:54
abhi89ok16:54
abhi89prometheanfire, tonyb: created this story https://storyboard.openstack.org/#!/story/2004978. Please have a look sometime.17:06
prometheanfireabhi89: 404?17:07
prometheanfireabhi89: you mark it as 'security' or something?17:08
* prometheanfire should have perms there, being on the vmt17:09
abhi89prometheanfire: strange! i have marked the story as private, but added you and tony as users who can view this story17:09
abhi89yes17:09
prometheanfireok, let me ping someone17:09
abhi89prometheanfire: ok let me know if you still cannot access it17:10
prometheanfireabhi89: yep, asking a storyboard/vmt person17:10
abhi89ok17:10
prometheanfire11:13 <           fungi > the vmt has to be explicitly added unless the url they followed to create the story included a url parameter to add us17:12
prometheanfire11:14 <           fungi > by default, private stories are only visible to the account which created them17:12
prometheanfireabhi89: ^17:12
*** sdake has quit IRC17:12
prometheanfirefungi: could talk here I suppose17:13
fungiyup17:14
fungialso be aware suspected vulnerability report for the openstack/requirements project aren't officially overseen by the openstack vmt, so adding permission for a project-specific team to that story is appropriate17:15
fungi(or for specific members of that project team, e.g. the ptl or a security reviewer liaison)17:15
prometheanfirefungi: this seems like an upstream (public thing) anyway https://nvd.nist.gov/vuln/detail/CVE-2018-1807417:15
prometheanfireat least in this case17:15
fungiyep, probably fine to switch that story to public17:16
*** sdake has joined #openstack-requirements17:16
*** e0ne has quit IRC17:20
abhi89ok, changing the visibility to public17:20
prometheanfiredon't see it yet17:26
abhi89prometheanfire: the tool wasn't letting me to change the visibility.. had to invalidate that story & create new one.. check this -> https://storyboard.openstack.org/#!/story/200497917:31
prometheanfireok, that may be a bug? fungi ^17:33
prometheanfireI can open that one17:33
fungium, to make it public you just edit the story properties and uncheck the private checkbox, then save17:33
fungihow did you try to do it? did it give you an error?17:34
abhi89fungi: yeah, i just edited the story & unchecked the private checkbox.. the save option was not activated.. didnot allow me to save17:37
fungithat's definitely odd17:39
fungii have certainly seen some flaky interaction with javascript validations not firing, so it's possible it didn't activate the save button because it didn't realize you had altered any of the form fields17:40
*** abhi89 has quit IRC17:55
*** jpich has quit IRC17:57
*** sdake has quit IRC18:01
*** sdake has joined #openstack-requirements18:04
*** dtantsur is now known as dtantsur|afk18:07
*** sdake has quit IRC18:27
*** sdake has joined #openstack-requirements18:30
*** sdake has quit IRC18:32
*** hberaud is now known as hberaud|gone18:49
*** openstackgerrit has quit IRC18:51
*** sdake has joined #openstack-requirements18:55
*** sdake has quit IRC19:09
*** e0ne has joined #openstack-requirements19:41
*** e0ne has quit IRC20:08
*** gouthamr has quit IRC20:38
*** dmellado has quit IRC20:39
*** e0ne has joined #openstack-requirements21:34
*** gouthamr has joined #openstack-requirements21:39
*** e0ne has quit IRC21:41
*** dmellado has joined #openstack-requirements21:43
*** sdake has joined #openstack-requirements22:20
*** sdake has quit IRC22:51
*** sdake has joined #openstack-requirements22:55
*** sdake has quit IRC22:59
*** sdake has joined #openstack-requirements23:07
*** sdake has quit IRC23:31
*** dtantsur has joined #openstack-requirements23:39
*** stephenfin_ has joined #openstack-requirements23:45
*** dtantsur|afk has quit IRC23:46
*** TheJulia has quit IRC23:46
*** stephenfin has quit IRC23:46
*** coreycb has quit IRC23:46
« Sunday, 2019-02-10 Index Tuesday, 2019-02-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!