#openstack-meeting log

14:00:13 <pdeore> #startmeeting glance
14:00:13 <opendevmeet> Meeting started Thu Aug 29 14:00:13 2024 UTC and is due to finish in 60 minutes.  The chair is pdeore. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:13 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:13 <opendevmeet> The meeting name has been set to 'glance'
14:00:13 <pdeore> #topic roll call
14:00:13 <pdeore> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:19 <pdeore> o/
14:00:21 <dansmith> o/
14:00:31 <mrjoshi> o/
14:01:18 <pdeore> lets wait few minutes for others to join
14:01:38 <pdeore> abhishekk, will not be able to join today
14:03:38 <croelandt> o/
14:03:45 <pdeore> I think we should get started
14:03:47 <pdeore> #topic release/periodic jobs updates
14:04:10 <pdeore> As everyone knows this is m3 week and I think we are good to tag m3 today since we have few important things already landed
14:04:32 <pdeore> rest of the patches which we going to discuss in last topic, I think we can merge them before rc1 as well
14:04:41 <dansmith> what's the story on the move to oslo patch?
14:04:49 <dansmith> not really a feature, can that go after m3?
14:04:55 <dansmith> not critical of course, but it'd be nice
14:05:03 <dansmith> we need the tempest change to land first
14:05:40 <pdeore> yeah we can have it before rc1 as well
14:05:45 <dansmith> okay
14:06:49 <pdeore> moving ahead
14:07:10 <pdeore> glanceclient 4.7.0 and glance_store 4.8.1 are released
14:07:21 <pdeore> periodic jobs are all green...
14:07:38 <pdeore> moving to next
14:07:47 <pdeore> #topic Image Encryption with LUKS (please discuss without Luzi & mhen - we have a conflicting meeting)
14:07:56 <pdeore> #link  https://review.opendev.org/q/topic:%22LUKS-image-encryption%22
14:08:06 <pdeore> we still need reviews on glance patches
14:08:28 <dansmith> so,
14:08:35 <pdeore> I have added few suggestions on parameter change patch but I request other cores to have a look at those patches
14:08:39 <dansmith> I feel like we need to revisit a couple things about how we store these images
14:08:49 <dansmith> in light of the giant CVE recently
14:09:07 <dansmith> in that I think we need to have a specific disk_format for luks-encrypted images,
14:09:31 <dansmith> so that we can inspect them with a known target format and reject things that are supposed to be encrypted but aren't (and v-v)
14:10:06 <dansmith> that goes with my proposal to also basically stop using "raw" to mean "image of a PC-like disk or partition"
14:10:17 <dansmith> (in my defender spec)
14:10:36 <dansmith> so I feel like we probably need to discuss that with glance, cinder, and nova people together
14:11:21 <dansmith> much of the complexity in the recent CVE came around the fact that we can never trust the disk_format in glance, and many of the side attack vectors came by putting one format in glance but calling it something else
14:12:01 <pdeore> ohh ok, could you please add your comments on the patch ?
14:12:40 <dansmith> well, I'm not sure which patch that really goes on
14:12:59 <dansmith> maybe "standardization of encrypted images".. I guess I'll have a look at that
14:13:08 <pdeore> #link https://review.opendev.org/c/openstack/glance/+/926295
14:13:31 <dansmith> ack, I will
14:13:33 <pdeore> Thanks
14:13:59 <dansmith> glad to see your "does this have test coverage" comments in there :D
14:14:09 <pdeore> so there is no point in raising FFE for this
14:14:58 <pdeore> :D I don't see that unit test coverage for few things there
14:15:56 <pdeore> BTW, any idea till when a FFE can be raised? in m3 week only or anytime before rc1 week?
14:16:35 <dansmith> I think that's technically your call, but it should get increasingly difficult the closer we get,
14:16:55 <dansmith> and I always say "aim for zero" and only grant an FFE for truly exceptional cases
14:17:02 <dansmith> i.e. things that are "all merged except one patch" etc
14:17:32 <dansmith> the oslo thing should be low-risk, and could be the final step in the recent process if you look at it that way,
14:17:44 <dansmith> but could also be seen as the first in a not-yet-started process, so it's your call :)
14:19:47 <pdeore> yeah that's why i wanted to confirm the exact time to raise FFE, if it's ok to be raised anytime before rc1 then we can surely go ahead with that
14:21:26 <pdeore> I will confirm with the release team after the meeting
14:22:05 <pdeore> moving to next
14:22:11 <pdeore> #Importatnt Reviews
14:22:19 <pdeore> #link https://review.opendev.org/c/openstack/glance/+/927383
14:22:20 <pdeore> #link https://review.opendev.org/c/openstack/glance/+/927291
14:23:13 <pdeore> so kindly please have a look at these so that we can have them before rc1 :)
14:23:33 <pdeore> that's it from me for today
14:23:39 <dansmith> okay I commented on that LUKS patch
14:24:19 <pdeore> ack, Thank you !
14:24:39 <pdeore> let's move to open discussions
14:24:41 <pdeore> #topic Open Discussions
14:25:39 <pdeore> anyone has anything else to highlight ?
14:27:15 <pdeore> seems nothing, so let's wrap up then
14:27:26 <pdeore> Thanks everyone for joining !
14:27:38 <pdeore> #endmeeting