15:00:56 <vishalmanchanda> #startmeeting horizon
15:00:56 <opendevmeet> Meeting started Wed Aug 25 15:00:56 2021 UTC and is due to finish in 60 minutes.  The chair is vishalmanchanda. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:56 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:56 <opendevmeet> The meeting name has been set to 'horizon'
15:01:46 <vishalmanchanda> hi anyone around for horizon meeting?
15:03:31 <rdopiera> o/
15:03:35 <tmazur> o/
15:04:13 <vishalmanchanda> ok let's start.
15:04:20 <vishalmanchanda> #topic Notices
15:04:55 <vishalmanchanda> Next week is Xena-3 milestone.
15:05:03 <vishalmanchanda> Xena Schedule https://releases.openstack.org/xena/schedule.html
15:05:39 <vishalmanchanda> Also Feature freeze so please let me know if you are working on any feature and want to get it reviewed.
15:06:39 <rdopiera> I will probably not be able to push my work before freeze, so it will go to Yoga
15:06:58 <vishalmanchanda> rdopiera: np.
15:08:01 <vishalmanchanda> TC & PTL Nominations was ended yesterday and I am again up for PTL for yoga cycle.
15:08:36 <vishalmanchanda> that's all update from my side for this week.
15:09:20 <vishalmanchanda> #topic open-discussion
15:09:45 <vishalmanchanda> We have one security bug reported in horizon changed to public, please take a look at https://bugs.launchpad.net/horizon/+bug/1940450 if it's valid or not?
15:10:05 <vishalmanchanda> I nice to have more eyes on the bug.
15:10:09 <rdopiera> I already commented on it. They are basically right in comment #7
15:11:32 <vishalmanchanda> so no action required from our side?
15:12:14 <amotoki> one question is whether we should use the recommended version of xstatic version of bootstrap?
15:12:24 <rdopiera> I don't think so. I think that CVE was one of the main reasons why I upgraded that package in the first place.
15:12:42 <vishalmanchanda> rdopiera: thanks for confirmation.
15:13:35 <amotoki> it is not an easy situation for folks who deploy horizon using pip
15:14:07 <amotoki> do we need a message not to trust the version of xstatic versions and to suggest the upstream of xstatic packages?
15:14:57 <rdopiera> what do you mean by not trusting the xtstatic versions?
15:15:04 <rdopiera> they are correct
15:16:35 <amotoki> sorry I was confused that we need to upgrade bootstrap-scss to 3.4.1 but this is the current vesion.
15:17:52 <rdopiera> the only problem is that Ubuntu didn't upgrade
15:18:02 <amotoki> I read thru it again and you are all right.
15:20:14 <vishalmanchanda> Does anyone have any other topic to discuss?
15:20:29 <rdopiera> I don't
15:21:40 <tmazur> Nothing from me
15:21:48 <amotoki> perhaps xenial is too old and ubuntu cares only xstatic versions shipped with horizon in xenial.
15:22:27 <amotoki> they might not track independent releases like this. this bug would be a good notice.
15:22:36 <amotoki> nothing from me more
15:23:02 <vishalmanchanda> then let's end this meeting.
15:23:45 <vishalmanchanda> Thanks everyone for joining, see you next week.
15:24:09 <vishalmanchanda> #endmeeting