#openstack-oslo log

15:00:09 <hberaud> #startmeeting oslo
15:00:10 <openstack> Meeting started Mon Oct 12 15:00:09 2020 UTC and is due to finish in 60 minutes.  The chair is hberaud. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:12 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:14 <openstack> The meeting name has been set to 'oslo'
15:00:22 <hberaud> Courtesy ping for bnemec, smcginnis, moguimar, johnsom, stephenfin, bcafarel, kgiusti, jungleboyj, sboyron
15:00:27 <beekneemech> o/
15:00:33 <hberaud> #link https://wiki.openstack.org/wiki/Meetings/Oslo#Agenda_for_Next_Meeting
15:00:37 <stephenfin> o/
15:00:43 <bcafarel> o/
15:00:56 <johnsom> o/
15:01:19 <kgiusti> o/
15:01:20 <moguimar> o/
15:01:28 <sboyron_> o/
15:03:01 <hberaud> #topic Red flags for/from liaisons
15:04:21 <bcafarel> all good for victoria on neutron side
15:04:31 <moguimar> nothing from Barbican
15:04:45 <johnsom> Nothing from Octavia
15:05:22 <hberaud> I don't expect a whole lot of activity on this right now, final release is really near now.
15:06:02 <hberaud> #topic Releases
15:06:33 <hberaud> As said we are now on the final sprint for victoria
15:07:38 <hberaud> #topic Action items from last meeting
15:08:30 <hberaud> Nothing new to bring here either
15:08:55 <hberaud> #topic pre-commit on PBR
15:09:31 <hberaud> as moguimar suggested it could be worth to speak a bit about this https://review.opendev.org/#/c/742160/9/tox.ini
15:10:23 <moguimar> 1st thing is pbr still tests tempest-full, and according to frickler, we can drop it
15:10:30 <hberaud> 99% of the pre-commit patches are now merged but Clark suggested to avoid to call pre-commit with tox
15:10:54 <hberaud> moguimar: good point
15:11:21 <moguimar> which I created a patch to drop it here: https://review.opendev.org/#/c/757309/2
15:11:25 <bnemec> I would assume the reason for running tempest is to verify that the things installed with pbr are actually working.
15:11:42 <bnemec> Unless we're verifying that some other way.
15:12:17 <bnemec> Oh, I see.
15:12:27 <bnemec> It's a python 2 thing, not dropping tempest completely.
15:12:46 <moguimar> yeah, tempest-full-py3 is still there
15:12:47 <hberaud> yep
15:12:51 <sboyron> yes
15:13:52 <bnemec> Hmm, that's a bit problematic though. pbr is branchless so we can't just drop py2 on older releases.
15:14:42 <hberaud> moguimar: so if I understand it correctly it will allow us to continue with our stuff and on the other hand we will keep some testing for py2.7, exact?
15:15:21 <moguimar> this second patch is just to drop tempest-full for python2
15:15:27 <moguimar> as suggested by frickler
15:15:39 <bnemec> Ah, I see Clark suggested a solution to that in his comment.
15:16:09 <moguimar> after I fixed requirements.txt to only install pre-commit for python3+ we don't depend on that patch anymore
15:16:58 <hberaud> I see
15:17:13 <hberaud> I remember this part now
15:17:35 <moguimar> the pre-commit patch was failing cause there is no pre-commit 2.6.0 in py27
15:17:41 <moguimar> and it is in test-requirements
15:17:54 <moguimar> but is only used in the pep8 env
15:18:01 <moguimar> which is py3+
15:18:04 <hberaud> yep
15:19:18 <hberaud> concerning the cache part I asked some feedback from Clark especially on the uniformity of these patches
15:19:57 <hberaud> but I don't expect a positive response
15:20:50 <hberaud> I mean I think he will give the priority to the cache aspects
15:21:32 <openstackgerrit> Moisés Guimarães proposed openstack/pbr master: Adding pre-commit  https://review.opendev.org/742160
15:21:39 <moguimar> I'm rebasing it without the tempest-full drop
15:21:46 <hberaud> nice
15:22:03 <bnemec> Pulling from github in ci is pretty bad.
15:22:50 <moguimar> so now we have 35 bad patches
15:22:55 <hberaud> lol
15:23:18 <bnemec> Is there any chance of getting pre-commit to install from pypi packages instead of source?
15:23:29 <moguimar> could we work with upstream pre-commit to also accept a package?
15:25:20 <hberaud> bnemec: we chosen this way as some persons asked for more security by avoiding to pull unchecked versions
15:25:46 <hberaud> bnemec: so we proposed to pull a specific commit rather than a specific version
15:26:20 <hberaud> moguimar: which package?
15:26:37 <bnemec> How is installing from source more secure than installing from a release?
15:26:43 <moguimar> we would need flake8 and the pre-commit hoops
15:26:53 <moguimar> hooks
15:27:23 <hberaud> moguimar: yep
15:27:48 <moguimar> so we would need https://github.com/pre-commit/pre-commit-hooks
15:27:56 <moguimar> I'm not sure if it is relased as a package
15:28:10 <moguimar> thing is pre-commit was always from source
15:28:16 <moguimar> then we pinned the versions
15:28:35 <moguimar> and someone complained that tags could be relabeled
15:28:44 <moguimar> so we pinned to commit hash
15:30:09 <hberaud> pre-commit and flake8 are mainstream projects so if a security hole appear I think it will appear on pypi too
15:30:45 <moguimar> I think we are losing the point
15:30:52 <hberaud> yep
15:31:06 <moguimar> so, there is no install from pypi now
15:31:11 <moguimar> we only have source install
15:31:20 <hberaud> moguimar: do you want to lead some related actions this week?
15:31:22 <moguimar> how do we go on from here?
15:31:36 <moguimar> I can reach out to pre-commit folks upsream
15:31:46 <hberaud> awesome
15:31:53 <bnemec> That would be a good first step.
15:32:04 <bnemec> Then depending on how that discussion goes we can figure out what to do.
15:32:10 <hberaud> #action moguimar to reach pre-commit people
15:32:24 <hberaud> +1
15:32:46 <hberaud> anything else about this?
15:32:53 <moguimar> I guess we can go on
15:33:11 <hberaud> #topic Weekly Wayward Wallaby Review
15:33:38 <hberaud> #link https://review.opendev.org/#/c/640057/
15:34:33 <hberaud> we are now branched so I assume that we could continue with that
15:35:06 <bnemec> It's only in the generator, so I think it's unlikely we would have an 11th hour bug fix touching this code.
15:35:07 <hberaud> #topic Open discussion
15:35:28 <hberaud> anything else?
15:35:37 <bnemec> Yep, a couple of things.
15:35:49 <bnemec> First, the PTG.
15:36:20 <bnemec> Currently the only topic on the etherpad is the retrospective, and a cross-project for the policy popup which will happen elsewhere.
15:36:49 <bnemec> So at this point I'm thinking we don't need to meet at all, if there's nothing to discuss.
15:37:00 <hberaud> agreed
15:37:15 <moguimar> not even to see each other on video instead of text =P
15:37:23 <hberaud> :)
15:37:36 <bnemec> I mean, it's during the regular meeting time so we could also jump on a meetpad. :-)
15:37:39 <moguimar> we can also discuss the DPL
15:37:50 <bnemec> That was actually my next topic.
15:38:04 <hberaud> moguimar: I planed to bring this point here
15:38:06 <bnemec> We'll need to at least assign official liaisons for the three required positions.
15:38:18 <hberaud> #link https://governance.openstack.org/tc/resolutions/20200803-distributed-project-leadership.html#process-for-opting-in-to-distributed-leadership
15:39:54 <hberaud> as said I'm volunteer for the release liaison but at least we need more than that, any volunteer?
15:40:53 <hberaud> (and I'm volunteer on the meeting facilitator role too)
15:40:58 <bnemec> I guess I can stay on as the security liaison. It's a pretty low time commitment and I'm already admin of the oslo-coresec team. ;-)
15:41:11 <hberaud> bnemec: awesome, thanks
15:41:32 <moguimar> so what is the 3rd missing?
15:41:43 <bnemec> tact-sig (essentially, infra)
15:42:21 <hberaud> any volunteer?
15:44:36 <sboyron> I'm not a core, so I won't be official tag-sig but I can help
15:44:48 <damani> just one question it's necesarry be core to be liaison ?
15:44:50 <bnemec> I'm probably not a good choice for that one since I can't commit to dealing with ci fire drills in a timely fashion anymore.
15:45:13 <bnemec> Not necessarily, but it's helpful in case there are patches that need to be pushed through.
15:45:16 <johnsom> Yeah, sorry, but I am already over extended.
15:45:41 <bnemec> However, as long as there are cores available that you can ping it would probably be okay to have a non-core as the liaison here.
15:46:20 <hberaud> sboyron, damani: I've no idea about if we need to be core for this job, I guess yes, but we could ask to TC members about this point
15:46:36 <bnemec> And, frankly, if no cores volunteer then it's clearly better to have a non-core than no liaison at all. :-)
15:46:41 <hberaud> I agreed with bnemec
15:47:22 <bnemec> I could also see it being a good path to becoming a core, if that's a goal you have.
15:47:32 <damani> sboyron, are you volunteer ?
15:47:33 <hberaud> sboyron: so you're interested by the tact-sig?
15:47:34 <bnemec> Fighting ci fires will teach you a lot about how the projects work and interact.
15:47:51 <hberaud> damani: are you interesting by the release liaison job?
15:48:06 <damani> hberaud, yes
15:48:10 <hberaud> s/interesting/interested
15:48:26 <damani> i'm really interested
15:48:33 <hberaud> damani: nice
15:48:35 <moguimar> damani++
15:48:36 <sboyron> hberaud I am really interrested to help
15:48:36 <bnemec> It would be good to have more than one release liaison, for the same reason we always had two people who could ack release requests in the past.
15:48:49 <bnemec> (PTL + liaison)
15:48:57 <hberaud> sboyron: awesome
15:49:03 <moguimar> I can help hberaud with the releases
15:49:19 <hberaud> moguimar: damani is volunteer too
15:49:25 <moguimar> ah, I see
15:49:32 <sboyron> I'll need some help since I do not know all process yet, but tact-sig or release liaison are some interresting subject
15:49:43 <bnemec> How do we want to keep track of this? Maybe a policy spec doc so we can review proposed liaisons in the normal way?
15:49:45 <moguimar> I thought he was volunteering for tact-sig
15:50:03 <hberaud> moguimar: maybe you can create a pair tact-sig with sboyron
15:50:36 <moguimar> sounds good, although I have no idea at all of tact-sig responsibilities
15:50:39 <hberaud> a pair of core/non-core and mentoring sboyron and damani
15:50:42 <sboyron> it's ok for me to work in a pair, sound goods
15:51:01 <hberaud> and help them to become core developer on oslo with us
15:51:02 <bnemec> moguimar: Basically be the point of contact for infra if something in our ci jobs breaks.
15:51:23 <bnemec> It doesn't necessarily mean you have to fix all the ci breakages, but it helps if you know who to pull in to fix them.
15:51:27 <moguimar> sboyron, what is your timezone?
15:51:33 <sboyron> CEST
15:51:44 <damani> hberaud, moguimar, sounds really good
15:51:46 <sboyron> what about yours moguimar ?
15:51:54 <moguimar> same I guess
15:52:05 <moguimar> Czech Republic
15:52:08 <hberaud> excellent! I think we reached a great step
15:52:26 <sboyron> same yes, great
15:52:47 <bnemec> Thinking some more on this, maybe it's better to keep track of our liaisons on the wiki.
15:52:58 <bnemec> We already have a contact list here: https://wiki.openstack.org/wiki/Oslo#The_Oslo_Team
15:53:07 <hberaud> johnsom: are you interested for some of these roles?
15:53:11 <bnemec> We could add a liaisons section to that.
15:53:23 <hberaud> bnemec: good idea
15:53:44 <hberaud> bnemec: do you want to lead that?
15:53:53 <johnsom> hberaud I can continue as a TaskFlow core and the security group, but I cannot take on new responsibilities at this time.
15:54:02 <bnemec> Yeah, I can do that quick.
15:54:04 <hberaud> johnsom: ack np
15:54:10 <hberaud> bnemec: awesome thanks
15:54:28 <hberaud> #action bnemec to keep track of our liaisons on the wiki.
15:54:44 <hberaud> anything else?
15:56:03 <bnemec> That's all I had.
15:56:05 <hberaud> Ok then I think we are done
15:56:21 <hberaud> Thanks for joining!
15:56:26 <sboyron> hberaud, Thanks
15:56:27 <hberaud> #endmeeting