15:00:25 #startmeeting manila 15:00:31 Meeting started Thu Sep 1 15:00:25 2016 UTC and is due to finish in 60 minutes. The chair is bswartz. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:32 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:34 The meeting name has been set to 'manila' 15:00:39 hello all 15:00:43 hi 15:00:44 \o 15:00:44 hi 15:00:44 hello 15:00:45 hi 15:00:46 hello 15:00:48 hi 15:00:50 hello o/ 15:00:51 \\// 15:00:51 hi 15:01:09 #topic announcements 15:01:23 Feature freeze is today! 15:01:25 Hi 15:01:34 hey 15:01:44 there are some final patches still working their way through the gate, but I plan to tag our projects ASAP 15:02:16 if you have something that needs merged and it isn't workflowed already, you've missed the train 15:02:25 hello 15:02:32 hi 15:02:57 I'll be in the channel all day today watching things merge 15:02:58 bswartz: has this missed the train? https://review.openstack.org/#/c/284034/20 15:03:43 ganso: no, go aheand and workflow that one if you're happy with it 15:03:47 bswartz: what time are you planning to make the cut today? 15:04:07 xyang2: when the gate empties out 15:04:07 bswartz: waiting for a proper jenkins check before doing so 15:04:31 if we get unlucky a recheck or 2 could be needed 15:04:46 fortunately things aren't as bad now as they've been in past releases 15:05:13 thanks to ganso for fixing our largest gate instability bug last week 15:05:30 o/ 15:05:44 o> 15:05:52 I will be on vacation Friday and Monday 15:06:07 and my vacation will start today as soon as the tags for N-3 merge 15:06:58 but I'll be in the channel until then so ping me if there's anything we missed or anything that needs attention 15:07:06 #topic mascot 15:07:38 the suspense... 15:07:39 so we chose "gorilla" for our official manila team logo, as requested by the foundation 15:08:17 however, it's come to my attention that if you google "manila gorilla" you get some colorful links 15:08:34 including one from urban dictionary about men with very large penises 15:09:01 * dustins thanks bswartz for saving me the google search on the corporate net 15:09:03 * gouthamr adds a downvote 15:09:12 bswartz: and…what's the problem? 15:09:18 lol 15:09:24 also, the term apparently has some (midly) racially offensive undertones 15:09:43 so the foundation has asked us if we want to change the logo 15:09:50 so we can change the project name to "zilla"? 15:10:04 what was the 2nd most voted mascot? 15:10:07 bswartz: what was the second voted choice? 15:10:08 I suggest zorilla again! 15:10:17 personally, I don't think we need to worry about being associated with random things on urban dictionary 15:10:18 Was it the box turtle? 15:10:26 was it kangaroo? 15:10:32 but I wanted to know what you all though 15:10:36 manila ice 15:10:49 Almost gorilla but totally different animal, cute and small skunk 15:10:57 markstur: +1 15:11:00 so the problem is that there was a 3-way tie for #2 in the voting 15:11:11 heh, of course there was 15:11:13 and if we have to choose another we'll have to do the vote over again 15:11:17 tovchinnikova: and stinky? 15:11:29 no 15:11:35 we should probably google it before voting again 15:11:43 looks like skunk, not smells 15:11:57 tovchinnikova: but then the mascot will look exactly like the skunk 15:12:01 and make sure the animal not be used in other project 15:12:02 bswartz: what were the 3 way ties 15:12:17 so let's do a vote to see how much interest there is in dropping gorilla 15:12:33 honey badger + kitty, that's what it looks like 15:12:42 honey badgers are so cool 15:12:48 go badgers! 15:12:53 bswartz: google results look horrible 15:12:58 AND honey badgers dont care))) 15:12:59 #startvote Should we drop the gorilla logo and choose another one? Yes, No 15:13:00 Begin voting on: Should we drop the gorilla logo and choose another one? Valid vote options are Yes, No. 15:13:01 Vote using '#vote OPTION'. Only your last vote counts. 15:13:06 xyang2, <-- just had to google it 15:13:09 #vote no 15:13:12 #vote No 15:13:25 #vote yes 15:13:27 #vote No 15:13:31 #vote no 15:13:37 #vote no 15:13:41 #vote yes 15:13:43 #vote yes 15:13:47 #vote yes 15:13:53 #vote yes 15:13:56 #vote yes 15:13:59 #vote no 15:14:00 #vote no 15:14:00 #vote yes 15:14:06 30 more seconds 15:14:15 #vote no 15:14:18 I wwould have said maybe, but was afraid you'd make me the tie breaker 15:14:22 Is Victoria here? 15:14:42 #endvote 15:14:45 Voted on "Should we drop the gorilla logo and choose another one?" Results are 15:14:46 Yes (7): ganso, tovchinnikova, Yogi1, zhongjun_, aovchinnikov, xyang2, dustins 15:14:47 No (8): bswartz, toabctl, rraja, gouthamr, cknight, vponomaryov, markstur, jseiler_ 15:14:54 Hmm it's close 15:15:13 I'm going to err on the side of caution and say we should probably change the logo 15:15:22 if half the people here are worried about it, then we have a problem 15:16:06 bswartz: good call 15:16:12 #link https://etherpad.openstack.org/p/manila-mascot-brainstorm 15:16:23 I will start a new poll with the options from this etherpad, minus gorilla 15:17:48 also I'm less than satisfied with surveymonkey so I'm going to try to do a more proper vote like we do for elections 15:18:24 expect a voting link on the ML 15:18:40 we won't have long to make a new decision because artwork is already being produced 15:18:47 zorilla's are darn cute, but I question tovchinnikova about "almost a gorilla" 15:18:57 the foundation kindly put us at the end of the artwork queue due to the concerns about our selection 15:19:28 okay enough on that topic 15:19:36 markstur, I meant literally, one letter to change 15:19:45 #topic Vulnerability Management 15:20:03 tovchinnikova: could have the argument that it was mispelled 15:20:12 #link http://lists.openstack.org/pipermail/openstack-dev/2016-August/102548.html 15:20:53 so we applied for the vulnerability:managed project tag from the TC and discovered that it's not a small amount of work 15:22:10 we need volunteers to step up and take on the responsibilities outlined in fungi's ML post if we're going to get that tag 15:22:54 I was in favor of getting the tag when I thought that it was just a matter of doing embargoed disclosure of security bugs 15:23:18 but all of the rest of this is more like a part time job for somebody 15:23:39 bswartz: yep, that's why we outlined the requirements in the tag description 15:23:50 bswartz: agreed it's non trivial. how important is having the tag? 15:23:59 fungi: indeed 15:24:15 it's the only way to scale the vmt, which is otherwise necessarily size constrained to keep vulnerabilities under wraps successfully until they can be disclosed in a coordinated manner 15:24:26 cknight: that's precisely my question 15:25:05 bswartz: so you need volunteers for "a reasonable subset of 15:25:05 those who are willing to act as the next line of triage after the 15:25:05 VMT hands off a suspected vulnerability report under embargo." 15:25:09 right? 15:25:12 is there anyone who urgently needs manila to follow the whole VMT process, or are people happy with the old way of handling security issues 15:26:02 I can check if we have a business need. 15:26:05 I'm willing to be the point of contact person and to manage embargoed disclosure of bugs, but there is the issue of the independent security review team 15:26:06 me too 15:26:47 tbarron, toabctl: thanks 15:27:08 and fungi: thanks for making us aware of the scope of the requirements 15:27:15 if we do, then I would expect that we'd step up 15:27:30 I had applied for the tag only half understanding what it implied 15:27:53 bswartz: no problem, fwiw i think manila is pretty close to meeting most of them. we also are starting to go back over the previously grandfathered in projects and stenforce the same requirements 15:28:10 s/stenforce/enforce/ 15:28:44 tbarron toabctl: I suggest you reply to that ML thread if/when you find out what the business requirements are from your respective distros 15:28:47 but the vmt also is working on additional solutions to make more self-service options available for projects to do a lot of things themselves without having to directly involve us 15:29:39 (for example, turning the embargoed downstream stakeholders notice process into a private mailman listserv on lists.o.o) 15:29:39 #topic open discussion 15:29:56 thanks fungi 15:30:07 so that wraps up our agenda for today 15:30:17 anything else we need to discuss? 15:31:22 okay thanks everyone 15:31:36 ping me in the channel about any gate issues you see, but I'll be watching the last few patches closely 15:31:50 #endmeeting