14:00:08 <pdeore> #startmeeting glance 14:00:08 <opendevmeet> Meeting started Thu Sep 22 14:00:08 2022 UTC and is due to finish in 60 minutes. The chair is pdeore. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:08 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:09 <opendevmeet> The meeting name has been set to 'glance' 14:00:09 <pdeore> #topic roll call 14:00:09 <pdeore> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:00:11 <pdeore> o/ 14:00:21 <jokke_> o/ 14:00:25 <dansmith> o/ 14:00:33 <croelandt> o/ 14:00:48 <pdeore> let's start with the 2nd topic first 14:00:50 <pdeore> #topic glance-coresec review 14:00:53 <mrjoshi> o/ 14:01:02 <pdeore> #link https://launchpad.net/~glance-coresec 14:01:43 <pdeore> So, how we can add/remove core members here ? 14:02:05 <croelandt> by sending an email on the list? :) 14:02:06 <pdeore> this topic is added by Brian 14:02:47 <dansmith> I think the admins can add people 14:02:53 <dansmith> however, that current list seems okay 14:03:13 <jokke_> correct, admins are for that 14:03:35 <pdeore> ok, so the mail should be only to make the Bug public right ? 14:04:38 <jokke_> Any Private Security bug to be discussed outside of the embargo needs to be coordinated with VMT to be released as Public Security bug 14:05:29 <pdeore> ok 14:06:12 <jokke_> the embargo is there for a reason. I can walk you through this offline if you want 14:06:13 <pdeore> jokke_, so what exactly expected in that email? the bug details only ? 14:06:34 <jokke_> pdeore: What e-mail? 14:06:47 <pdeore> yeah 14:07:35 <dansmith> I think pdeore asked how to add people the the coresec list and croelandt said "send an email" 14:07:48 <dansmith> but I think the answer is not send an email, but "the admins of that group can add people" 14:07:58 <jokke_> ah, yeah 14:08:00 <dansmith> those being rosmaita and abhi 14:08:14 <croelandt> I was referring to 2.2 14:08:15 <dansmith> definitely no discussion of private security bugs in public email :) 14:08:34 <jokke_> pdeore: https://security.openstack.org/vmt-process.html is the process with security bugs and coresec should be familiar with this 14:09:19 <pdeore> ohh yeah, Thanks !! I was about to ask for this :) 14:09:22 <dansmith> I've never really seen people get proposed in public for coresec, does that happen? 14:10:27 <pdeore> I got confused with the line : PTL can add people, but it's traditional to propose on the ML first so the OpenStack Vulnerabilty Management Team can give input 14:10:46 <jokke_> I don't think so. It's more of a self governing group of people active on the security space with some coverage in each project 14:11:24 <dansmith> yeah, that ^ 14:11:28 <jokke_> Yeah, that is just false assumption. There is no even requirement PTL being in that group (I think it's pretty common, but like said, not requirement) 14:11:41 <pdeore> ahh ok 14:11:50 <dansmith> fwiw, the nova ptl hasn't been in that group for several cycles, IIRC :) 14:12:27 <pdeore> :) 14:13:03 <jokke_> Like it's not bad thing if PTL is active and security aware. Makes life easier, the main thing is that there is enough core power to make sure any patches can be landed swiftly when the embargo gets lifted 14:13:13 <dansmith> yup 14:13:26 <dansmith> so tbh, brian has experience there and is familiar with glance, 14:13:44 <dansmith> so the current list seems okay to me unless he really wants to be off it or there's another reason to change 14:13:56 <dansmith> just MHO from a not-on-the-list person :) 14:14:24 <jokke_> Maybe we should dicuss it with him when he is actually present and move on for now 14:14:40 <dansmith> sure 14:15:02 <dansmith> the other thing to consider, 14:15:05 <pdeore> yeah, we can discuss that on glance channel when he is available 14:15:06 <dansmith> which I sometime forget 14:15:26 <dansmith> is that you can cc specific people on a private bug, which lets them participate in the private bug directly 14:15:29 <dansmith> without being on the list 14:15:49 <dansmith> so as long as there's enough cover to rope in the right people for a particular problem, you can dynamically increase the audience as needed 14:15:49 <jokke_> indeed 14:16:55 <jokke_> Quite common to bring SMEs as the patch review on Private Security bugs happens in the launchpad bug rather than gerrit when needed. 14:17:53 <croelandt> Hard stops are coming, shall we move on? :) 14:17:59 <jokke_> ++ 14:18:12 <pdeore> yeah, moving to next :) 14:18:14 <pdeore> #topic glance-core review 14:18:22 <pdeore> #link https://review.opendev.org/admin/groups/1d14a0536e224488ae2c442c499ad16dddcdf8b8,members 14:18:45 * croelandt is ok with 3.2.1 and 3.2.2, maybe keep Sean though 14:18:51 <jokke_> I do agree with the proposed cleanup and can do it right away if that's something we decide to do 14:19:14 <croelandt> or if Sean is still pretty active in Cinder, maybe ask him whether he still cares aboutGlance first 14:19:14 <pdeore> ok 14:19:17 <dansmith> yep, sounds good 14:19:44 <jokke_> ok, so clean Flavio's bot and nikhil for now? 14:20:16 <croelandt> +2 14:20:20 <dansmith> +W 14:20:20 <pdeore> ++ 14:20:37 <jokke_> done 14:20:46 <pdeore> ok, lets move ahead 14:20:48 <pdeore> #topic release/periodic jobs updates 14:20:48 <jokke_> Now the real Elephant in this room 14:20:52 <jokke_> wait :P 14:21:15 <jokke_> I think while we are reviewing that group there is quite clearly issue with it 14:21:26 <jokke_> I don't see pdeore there! 14:21:45 <pdeore> because I'm not core yet :P 14:21:51 <dansmith> I think it's fine for the ptl to not be in the core team, FWIW 14:21:55 <jokke_> Do we want to have email proposal of that into the mailing list or shall we fix this rather now? 14:22:50 <jokke_> If that's preferred, fine, but tbh I'd rather have her in core by now. ;) 14:23:40 <jokke_> Would be first for us anyways 14:24:03 <pdeore> So it would be like I'm proposing myself as a core ? :D 14:24:43 <croelandt> yes! 14:24:47 <jokke_> That's kind of where I'm coming from ;) 14:25:07 <jokke_> we can discuss this later too as we're on clock here 14:25:17 <pdeore> yeah :) 14:25:22 <jokke_> not urgent thing that needs to happen on this minute 14:25:50 <jokke_> just wanted to bring that us as we were reviewing the group 14:26:11 <pdeore> ack, 14:26:18 <jokke_> we need to get Abhishek to add you into this group too https://review.opendev.org/admin/groups/3a2d24a98c24482a0371a4762ba0c1b3ade078b8,members 14:26:36 <jokke_> So you can start merging stuff in the specs repo 14:26:47 <pdeore> ok 14:26:48 <dansmith> yeah for sure on that :) 14:27:10 <jokke_> ok, next topic 14:27:27 <pdeore> so next week is RC final release, 14:27:38 <pdeore> and I think we are good for final rc 14:28:18 <pdeore> Periodic job all green except TIME_OUT for fips jobs 14:29:13 <pdeore> moving to next 14:29:18 <pdeore> #topic Gate broken for stable yoga/xena 14:29:29 <pdeore> #link https://review.opendev.org/c/openstack/glance-tempest-plugin/+/856989 14:30:01 <pdeore> dansmith, I've updated the commit msg as per your suggestion, 14:31:04 <pdeore> all cores, kindly please have a look at this, the patches on stable branches are pending :/ 14:31:56 <pdeore> so, that's it from me .. 14:33:14 <pdeore> moving to open discussions 14:33:16 <pdeore> #topic Open Discussion 14:33:21 <jokke_> ack ... I thought that pinning had happened already. 14:34:02 <pdeore> nope 14:34:10 <jokke_> I just wanted to give kudos to croelandt who's been digging out some very old client bugs and worked/working on them. Good quality of life stuff. Thanks! 14:34:23 <croelandt> until we burn the glance client in favor of OSC :D 14:34:44 <jokke_> I'll just fork it if it comes to that 14:34:55 <jokke_> said it before, still standing behind that 14:35:29 <croelandt> looking forward to that 14:35:32 <jokke_> tht's all from me ;) 14:36:05 <pdeore> anyone has anything else to discuss? 14:36:40 <croelandt> nope 14:37:06 <pdeore> ok, lets wrap up 14:37:15 <pdeore> Thanks everyone for joining !! 14:37:40 <pdeore> #endmeeting