#openstack-meeting log

14:00:11 <pranali> #startmeeting glance
14:00:11 <opendevmeet> Meeting started Thu Feb 16 14:00:11 2023 UTC and is due to finish in 60 minutes.  The chair is pranali. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:11 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:11 <opendevmeet> The meeting name has been set to 'glance'
14:00:11 <pranali> #topic roll call
14:00:11 <pranali> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:17 <pranali> o/
14:00:43 <mrjoshi__> o/
14:00:54 <croelandt> o/
14:01:20 <abhishekk> o/
14:02:29 <jokke_> o/
14:02:34 <pranali> shall we start ? I think almost everyone is here
14:03:06 <croelandt> let's go
14:03:08 <pranali> let's start
14:03:12 <pranali> #topic release/periodic jobs updates
14:03:33 <pranali> This is M3 release this week and to tag m3 we need few patches to get merged which we will see in next topic
14:03:52 <pranali> Periodic job all green except TIME_OUT for fips jobs & oslo-master RETRY_LIMIT
14:04:55 <pranali> moving to next
14:04:58 <pranali> #topic Code Reviews
14:05:08 <pranali> #link https://review.opendev.org/c/openstack/glance/+/872522/8 - Enabled new defaults and scope checks by default
14:05:09 <pranali> #link https://review.opendev.org/c/openstack/glance/+/873372/7 - Remove deprecated ``enforce_secure_rbac`` option
14:05:09 <pranali> #link https://review.opendev.org/c/openstack/glance/+/874078/2 -  Refresh Glance example configs for antelope milestone 3
14:05:09 <pranali> #link https://review.opendev.org/c/openstack/glance/+/874079/2 - Release notes for Antelope Milestone 3
14:06:13 <pranali> So, these SRBAC changes we need in m3, so I created a dependency chain for updated config refresh & releasenote patch on top of those
14:06:21 <pranali> Kindly please have a look
14:06:21 <abhishekk> all looks good to me
14:06:28 <croelandt> Yeah the main issue is the CI, isn't it? :)
14:06:36 <pranali> yeah :)
14:06:47 <pranali> fingers crossed ..
14:06:51 <abhishekk> there is one more in queue, https://review.opendev.org/c/openstack/glance/+/866584
14:07:40 <pranali> ohh did we miss this in last review party ?
14:07:48 <croelandt> Do we want this one in the  release?
14:08:05 <abhishekk> this was updated today
14:08:56 <abhishekk> I think we can move it to next cycle but this should be decided by pranali
14:09:41 <pranali> yeah we can move this to next cycle
14:09:52 <jokke_> I'm gonna mention this one more time for the record. We should not default to the new rbac and remove the options before the global adminness of project admins issue has been sorted. But you do what you do with that.
14:10:49 <pranali> jokke_, old policies will be still there but just disabled by default
14:14:40 <abhishekk> and as of now we don't have project admin related policy (admin scoped to project level)
14:16:08 <jokke_> abhishekk: that's the point. Anyone having project scoped admin credentials (for any other services that actually has them implemented) gets treated as global admin by glance. And this has been the issue from the very beginning and was supposed to be addressed before we start defaulting to rbac
14:17:52 <abhishekk> AFAIK none of the project so far has project scoped admin implemented,
14:18:36 <abhishekk> gmann, if you are around, do you have any specific views here?
14:20:18 <pranali> jokke_, it would be helpful if you add your views on the patch so that gmann and other member can share their views there
14:20:59 <pranali> shall we move to next ?
14:22:17 <abhishekk> we can revisit this in open discussion
14:22:23 <pranali> yeah
14:22:30 <pranali> #topic Stable patches - a new, exciting segment!
14:22:55 <pranali> croelandt, is that you ?
14:22:59 <croelandt> yes :)
14:23:07 <croelandt> Items 1 & 3 I will abandon if there is no objection
14:23:14 <croelandt> Item 2 I could use reviews :)
14:23:26 <croelandt> It should be pretty straight-forward as it's a simple backport of a patch already merged
14:23:29 <abhishekk> no objection from me
14:23:47 <abhishekk> what happened to our CVE backports?
14:24:37 <pranali> I need to check those
14:24:47 <croelandt> abhishekk: oh I only linked the yoga & zed backports :)
14:25:04 <croelandt> abhishekk: I think we still have the grenade issue and might need to do backports of gmann's patches as well
14:25:23 <abhishekk> no problem, but I think those needs to be put on priority :)
14:25:59 <pranali> ack
14:26:01 <croelandt> Honestly, they would required a full meeting/email thread since the CI issues are out of our hands
14:26:09 <abhishekk> ++
14:26:58 <pranali> ok, so that's it for today
14:27:04 <pranali> let's move to open discussions
14:27:14 <pranali> #topic Open Discussion
14:29:21 <pranali> anyone has anything else to discuss ?
14:29:23 <abhishekk> I don't have anything rather than CVE backports
14:29:27 * croelandt has nothing
14:29:49 <abhishekk> I think you should send mail mentioning failures and get opinions on how to fix those
14:30:03 <jokke_> nothing from me
14:30:10 <pranali> jokke_, please add your comment on the SRBAC patch, so that we can continue the dicsussion there
14:30:24 <pranali> abhishekk, ack
14:30:41 <abhishekk> include infra,ci,sec groups in subject line
14:31:02 <pranali> ok
14:31:21 <abhishekk> also we need to release stable branches where CVE has been merged
14:31:46 <pranali> ohh yes
14:32:46 <abhishekk> that's it from me
14:33:01 <pranali> cool, let's wrap up then
14:33:13 <pranali> Thanks everyone for joining !
14:33:28 <jokke_> thanks all
14:33:40 <pranali> #endmeeting