| fungi | https://bugs.launchpad.net/keystone/+bug/2152715 is now public | 17:03 |
|---|---|---|
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Errata 1: Bugfixes in parsing https://review.opendev.org/c/openstack/security-doc/+/993182 | 20:46 |
| JayF | fungi: gouthamr: ^ I am unfamiliar with how we do errata on OSSN-0099 (this may be the first OSSN errata?) ... I took a swing at a format, pleas review | 20:47 |
| JayF | wait, no, this is just wrong | 20:48 |
| JayF | this belongs in a different OSSA, I have no idea why my notes said to revise this one | 20:48 |
| JayF | fungi: please do not rapid merge those, I had reviews out for Ironic'ers too | 20:49 |
| JayF | fungi: also that one was so incredibly invalid I have now abandoned it | 20:49 |
| fungi | thanks, i incorrectly assumed you were in a hurry to send out errata notices | 20:49 |
| fungi | but yes, i was trying to unapprove before i saw you had abandoned it | 20:49 |
| JayF | I wouldn't do it on a Friday at 2pm | 20:49 |
| JayF | we have a config option escape hatch just for this case, so like, doing the right thing is more important than the urgent thing ... | 20:50 |
| fungi | for errata we've generally published as soon as possible, e.g. because the original fix was breaking people's systems already | 20:50 |
| JayF | we parsed too tightly and were rejecting URL encoded characters in kernel CLI | 20:50 |
| fungi | makes sense | 20:50 |
| JayF | we knew this had a larger-than-usual chance of breaking, so we put a knob in that someone could flip to keep the most-security-sensitive checks but not get the whole parsing deal | 20:51 |
| fungi | smart | 20:51 |
| opendevreview | Jay Faulkner proposed openstack/ossa master: [OSSA-2026-017] Errata 1: fix parsing edge cases https://review.opendev.org/c/openstack/ossa/+/993185 | 20:58 |
| JayF | fungi: ^ that should be, you know, the correct bug 🤦♂️ -- if you wanna +2 if it LGT-you, I can land and announce it Monday morning | 20:59 |
| fungi | looking again, and yeah will hold approval since it sounds non-urgent then | 21:03 |
| JayF | the customer of ours impacted by this primarily was metal3, they already knew and wrote the fix before we even were working the next day. Just took a while to get it backported around and advisoried. | 21:19 |
| fungi | oh fun | 21:20 |
| fungi | anyway, lgtm but i'll wait for ironicfolk to weigh in as well | 21:24 |
| fungi | i left you a couple of very minor notes, nothing that demands revision though | 21:24 |
| JayF | I noted something to myself. I'll leave it until it gets other feedback and revise before announcing., | 21:26 |
| fungi | JayF: see ossa-2023-003 for the last time we seem to have done that | 21:29 |
| fungi | that advisory had 3 errata, the first added a second patch for most affected projects, the second added a patch for a previously uninvolved project (tempest, to fix testing) | 21:31 |
| fungi | though that one seems to be a bit of an anomaly, prior examples are ossa-2021-002, ossa-2017-005, ossa-2016-007, and ossa-2014-039 | 21:35 |
| fungi | we haven't really been consistent about how we flag errata-related change urls in the data since errata are infrequent and sort of bolted on as an afterthought | 21:37 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!