| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 959428: Fix provider quota calculation https://review.opendev.org/c/zuul/zuul/+/959428 | 09:20 | |
| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 959428: Fix provider quota calculation https://review.opendev.org/c/zuul/zuul/+/959428 | 09:25 | |
| -@gerrit:opendev.org- Benjamin Schanzel proposed on behalf of Tobias Henkel: [zuul/nodepool] 775797: Log openstack requests https://review.opendev.org/c/zuul/nodepool/+/775797 | 09:27 | |
| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 959428: Fix provider quota calculation https://review.opendev.org/c/zuul/zuul/+/959428 | 09:39 | |
| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 959428: Fix provider quota calculation https://review.opendev.org/c/zuul/zuul/+/959428 | 10:36 | |
| -@gerrit:opendev.org- Tobias Henkel proposed: [zuul/zuul-jobs] 960275: Allow fetching zookeeper from local mirrors https://review.opendev.org/c/zuul/zuul-jobs/+/960275 | 15:00 | |
| @clarkb:matrix.org | I removed my WIP vote on https://review.opendev.org/c/zuul/zuul-jobs/+/958605 as today is the day I announced this change would merge. Reviews welcome to make that happen on time | 15:32 |
|---|---|---|
| @jim:acmegating.com | it's got a +2 from me... i didn't immediately +w but feel free after you reckon it's been sufficient time | 15:45 |
| @clarkb:matrix.org | ack I can probably give it a couple of hours this morning | 15:46 |
| @fajfer:reszka.org | what timezone are you guys in? | 16:05 |
| @clarkb:matrix.org | I'm in pacific time UTC -7 now but will be -8 in a month or so | 16:07 |
| @clarkb:matrix.org | apparently we don't change off of DST until November 2 | 16:07 |
| @fajfer:reszka.org | oh, good morning then:) | 16:08 |
| @fajfer:reszka.org | I'm asking since I have a change that is scheduled for merging tomorrow | 16:08 |
| @fajfer:reszka.org | and another one where I managed to bump React dependencies, however it requires another look to simplify package.json and clean it up, at least it passes all tests | 16:09 |
| @fajfer:reszka.org | but I'm only mentioning this since I saw you, Clark, tinkering with zuul-web | 16:09 |
| @fajfer:reszka.org | (the cleanup is something I will do so no worries lol) | 16:12 |
| @clarkb:matrix.org | re changing dependencies we should be extra cautious that https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised didn't sneak in via those updates. I suspect not as the window of time those packages were available is small | 16:13 |
| @clarkb:matrix.org | and at this point they should all be unavailable too | 16:13 |
| @fajfer:reszka.org | it was done few weeks ago already | 16:13 |
| @clarkb:matrix.org | that said its probably worth waiting for a bit to ensure that others don't pop up as apparently duckdb was also hit | 16:13 |
| @clarkb:matrix.org | ack | 16:13 |
| @fajfer:reszka.org | we're using such old packages that I don't think they're vector of attack for cybercriminals XD | 16:14 |
| @jangutter:matrix.org | fajfer: I have a saying: the longer you defer to update, the more bugs you get to classify as features. "remote root as a service". | 19:01 |
| @jangutter:matrix.org | We have _so many features_ | 19:01 |
| @fajfer:reszka.org | I'm afraid migration from current framework is inevitable because it's long deprecated, the old packages are just the tip of the iceberg and they probably block it in the current state but I didn't really research that and I'm not comfortable picking new framework for Zuul | 19:05 |
| @jangutter:matrix.org | Oh, Zuul is brand new from our point of view... | 19:06 |
| @fajfer:reszka.org | I mean the frontend | 19:06 |
| @fajfer:reszka.org | it's just a small part | 19:06 |
| @fajfer:reszka.org | zuul-web | 19:07 |
| @jangutter:matrix.org | Yeah, it does get hilariously tricky with frontend stuff. But the attack surface for zuul-web is very different from something like a site where people can change stuff. | 19:11 |
| @jangutter:matrix.org | It's not a free pass though. But I do gawk at the sheer amount of deps pulled in during a build. | 19:12 |
| @jangutter:matrix.org | Biggest worry is a set of zero days with privilege escalation of course | 19:13 |
| @fungicide:matrix.org | i also feel like zuul's dashboard has an insane number of js dependencies, but since i'm not a js developer it's probably just my lack of perspective. maybe thousands of dependencies is the norm | 19:15 |
| @jangutter:matrix.org | I mean, after reading about left-pad I think it's the norm. | 19:16 |
| -@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [zuul/zuul-jobs] 958605: Default configure_mirrors_extra_repos to False in configure-mirrors https://review.opendev.org/c/zuul/zuul-jobs/+/958605 | 19:40 | |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!