16:00:11 <bnemec> #startmeeting oslo 16:00:11 <bnemec> Courtesy ping for hberaud, stephenfin, moguimar, jungleboyj, bnemec, johnsom, bcafarel, kgiusti, gmann, valleedelisle, sboyron, damani 16:00:11 <openstack> Meeting started Mon Feb 22 16:00:11 2021 UTC and is due to finish in 60 minutes. The chair is bnemec. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:11 <bnemec> #link https://wiki.openstack.org/wiki/Meetings/Oslo#Agenda_for_Next_Meeting 16:00:12 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:15 <openstack> The meeting name has been set to 'oslo' 16:00:19 <moguimar> o/ 16:00:41 <bnemec> Since it's feature freeze week and hberaud is on PTO, I'm going to run the meeting so we can handle any last-minute stuff. 16:00:41 <damani> hi 16:00:41 <johnsom> o/ 16:03:04 <bnemec> #topic Red flags for/from liaisons 16:04:26 <moguimar> Nothing from barbican 16:04:38 <johnsom> Nothing from Octavia or Designate 16:04:59 <bnemec> Good to hear, thanks 16:05:09 <bnemec> #topic Releases liaison 16:05:18 <bnemec> damani: Anything to report? 16:07:49 <bnemec> I'll take that as "no". :-) 16:07:52 <bnemec> #topic Security liaison 16:08:10 <bnemec> There is actually some security-related news this week! 16:08:31 <bnemec> You may have seen a ML thread about a security bug open against Oslo. 16:08:40 <moguimar> cache? 16:08:49 <bnemec> I took a look at that and the other security-tagged bugs open against our projects. 16:08:55 <bnemec> Yeah, the caching one. 16:09:21 <bnemec> It looks like it was actually a problem with the keystonemiddleware caching code, not the Oslo version. 16:09:27 <moguimar> IIRC we had a release containing that fix 16:09:44 <damani> bnemec, sorry, no nothing to report 16:09:46 <moguimar> changing the default behavior 16:10:07 <bnemec> Different bug, I think. Let me find the link. 16:10:19 <moguimar> ah, ok 16:10:51 <moguimar> I know that keystone authtoken does its own thing and does not use oslo.cache 16:11:56 <bnemec> #link https://launchpad.net/bugs/1883659 16:12:00 <openstack> Launchpad bug 1883659 in keystonemiddleware "keystonemiddleware connections to memcached from neutron-server grow beyond configured values" [Undecided,Confirmed] 16:12:23 <bnemec> It appears that configuring the middleware to use the oslo.cache backend actually fixes the bug, so I closed it against oslo.cache. 16:13:15 <bnemec> We actually had another longstanding private bug against oslo.config that basically was about pyyaml. 16:13:53 <bnemec> It turns out that we didn't necessarily need to do anything about that either, although I did push a patch to bump our pyyaml min version to avoid the potentially bad versions. 16:14:21 <bnemec> The bigger concern there was that we had a security bug open for over a year and nobody knew. :-( 16:14:37 <bnemec> I thought the coresec team got email notifications of private security bugs, but I don't remember ever getting one about that bug. 16:14:50 <bnemec> So we need to keep a closer eye on the security bug list. 16:15:20 <bnemec> I put together a link that should list all of the bugs marked security in oslo: 16:15:23 <bnemec> #link https://bugs.launchpad.net/oslo/+bugs?field.searchtext=&orderby=-importance&search=Search&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.information_type%3Alist=PUBLICSECURITY&field.information_type%3Alist=PRIVATESECURITY&assignee_option=any&field.assignee=&field.bug_reporter=&field. 16:15:23 <bnemec> bug_commenter=&field.subscriber=&field.structural_subscriber=&field.tag=&field.tags_combinator=ANY&field.has_cve.used=&field.omit_dupes.used=&field.omit_dupes=on&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on&field.has_blueprints.used=&field.has_blueprints=on&field.has_no_blueprints.used=&field.has_no_blueprints=on 16:15:39 <bnemec> Oof, should have shortened that. 16:15:40 <stephenfin> bnemec: Related to the keystonemiddleware issue from above, there's a patch against the project to switch the oslo.cache backend on by default 16:15:54 <stephenfin> I don't have core on that project though, but just FYI for anyone that does 16:16:05 <bnemec> stephenfin: Thanks for the update. 16:16:16 <bnemec> I'm not sure we have any keystone cores here. 16:16:24 <stephenfin> probably not 16:16:37 * stephenfin will try find someone who is during the week 16:16:57 <moguimar> lbragstad should be core 16:17:00 <bnemec> Yeah, the keystone team has been a bit quiet lately so you may need to ping people directly. 16:17:32 <stephenfin> ack 16:17:56 <bnemec> If they have a meeting tomorrow that would be a good time to request reviews too. 16:18:32 <bnemec> They have an agenda etherpad here: https://etherpad.opendev.org/p/keystone-weekly-meeting 16:20:27 <bnemec> We should also think about setting up the Oslo projects under the VMT umbrella. Right now I think only a couple are. 16:20:43 <stephenfin> VMT umbrella? 16:21:50 <bnemec> Oops, undefined TLA. Vulnerability Management Team. Basically the people who deal with security disclosures and such for OpenStack. 16:22:11 <bnemec> Right now most of our projects are not covered by that. 16:23:18 <bnemec> I need to follow up on the ML thread anyway, so I'll see if I can get some more information about what is involved in that. 16:23:30 <bnemec> #action bnemec to follow up on security bug ML thread 16:23:34 <stephenfin> Gotcha. That makes sense 16:24:13 <bnemec> It looks like we may need to do some cleanup of our private security bug settings too. The security team doesn't have access to all of our projects, and I found at least one person who does and probably shouldn't anymore. 16:24:38 <bnemec> I don't actually have access to change that though. 16:25:18 <bnemec> Anyway, I don't want to hog any more of the meeting. I'll keep everyone updated on what the outcomes of these discussions are. 16:25:59 <stephenfin> Sounds good. Lemme know if I can help with anything 16:26:10 <bnemec> Will do, thanks. 16:26:20 <bnemec> #topic TaCT SIG liaison 16:26:34 <moguimar> no fire alarms on my end 16:26:51 <bnemec> Good to hear! 16:26:53 <jungleboyj> Ugh, sorry I missed the ping. 16:27:39 <bnemec> jungleboyj: We'll have to dock your pay from the Oslo team. :-P 16:27:48 <jungleboyj> :-) 16:28:42 <bnemec> No action items from last week, so we can skip that. 16:28:50 <bnemec> #topic Weekly Wayward Wallaby Review 16:29:25 <bnemec> My reviewstats is no longer working since the gerrit upgrade, so I don't have a handy list of old reviews, but I think we want to focus on any last feature reviews anyway. 16:29:35 <bnemec> Does anyone have anything they want to get in before feature freeze? 16:30:18 <moguimar> not on my end, got everything I had for oslo.cache 16:30:38 <moguimar> I'll poke the barbican team tomorrow for the patches we have open against castellan 16:30:43 <bnemec> That was mostly backports at this point? 16:31:01 <moguimar> yep, all done 16:31:10 <bnemec> Cool :-) 16:31:13 <moguimar> the last bit on master got a release already 16:32:32 <bnemec> I'll give people another minute to bring up feature reviews and then I guess we'll move on. 16:32:57 <bnemec> If anything comes up this week you can always bring it here or the list too. 16:34:29 <bnemec> #topic Open discussion 16:34:36 <bnemec> Okay, anything else before we close for the week? 16:37:26 <bnemec> Guess that's it. Thanks for joining! 16:37:28 <bnemec> #endmeeting