17:01:14 <gouthamr> #startmeeting tc
17:01:14 <opendevmeet> Meeting started Tue Nov 11 17:01:14 2025 UTC and is due to finish in 60 minutes.  The chair is gouthamr. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:14 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:14 <opendevmeet> The meeting name has been set to 'tc'
17:01:27 <gouthamr> Welcome to the weekly meeting of the OpenStack Technical Committee. A reminder that this meeting is held under the OpenInfra Code of Conduct available at https://openinfra.dev/legal/code-of-conduct.
17:01:30 <gouthamr> Today's meeting agenda can be found at https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee
17:01:32 <gouthamr> #topic Roll Call
17:01:39 <noonedeadpunk> o/
17:02:17 <frickler> \o
17:02:24 <gtema> o/
17:03:03 <gouthamr> courtesy-ping: spotz[m], cardoe, bauzas
17:03:45 <gouthamr> noted absence: m n a si a d k a, t o n y b
17:05:08 <gouthamr> alright, lets get started
17:05:09 <fungi> it's a national holiday in the usa, not sure if that'll impact attendance
17:06:19 <gouthamr> yeah, true..
17:06:23 <noonedeadpunk> well, we don't have a quorum, right?
17:06:25 <gouthamr> #topic Last Week's AIs
17:06:37 <gouthamr> yes, no quorum, but, we only need that if we run any polls
17:06:57 <noonedeadpunk> ack
17:07:01 <gouthamr> (so we'll be sure not to make any final decisions today, but still a good chance to discuss things)
17:07:28 <gouthamr> we took an AI to summarize the PTG:
17:07:29 <gouthamr> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/RX3MZE33GEDV5JDHORZKRUKVDP47UMLJ/ (OS/PTG Summary)
17:07:54 <gouthamr> we still need a volunteer to analyze user survey results
17:08:07 <gouthamr> slaweq shared a script and some notes around his past analysis
17:08:12 <gouthamr> thanks slaweq
17:08:44 * gouthamr hasn't mailed jimmymcarthur on asking if the CSV results can be made downloadable on www.openstack.org/analytics
17:09:18 <gouthamr> we had another AI that's pending, we'll check on it next week:
17:09:18 <gouthamr> Update/document the procedure to preserve project appointment history
17:09:40 <gouthamr> we spoke a little bit about sunsetting the stable/2024.1 branch
17:09:51 <gouthamr> that was done last week, good job release team!
17:10:07 <gouthamr> we took a note to discuss the opt-in state for older unmaintained branches
17:10:27 <gouthamr> i think its a good topic for next week, for our APAC friendly time slot
17:10:51 <gouthamr> i'll add it in the agenda, and leave it up to tony who took the item on the TC tracker
17:10:55 <cardoe> Apologies. I was a bit late.
17:11:02 <gouthamr> that's all the AIs i was tracking, was there anything else?
17:11:12 * gouthamr marks cardoe tardy
17:12:06 <cardoe> I had brought it up after the last meeting and a number of folks discussed it. But there was an interest in clarifying the AI / LLM policy.
17:12:32 <gouthamr> ack, i noted it as an AI that needs a volunteer
17:12:45 <gouthamr> would you be interested to take a shot, cardoe
17:12:57 <cardoe> Sure
17:14:13 <gouthamr> ty! lets add it to the tracker and check on it
17:14:19 <gouthamr> #topic TC Tracker, PTG Follow up
17:14:25 <gouthamr> #link https://etherpad.opendev.org/p/tc-2026.1-tracker (Technical Committee activity tracker - 2026.1)
17:14:33 <gouthamr> ^ i updated some of the topics
17:14:53 <gouthamr> and am yet to add all of the PTG AIs
17:15:10 <gouthamr> will comb through and do that later today
17:15:10 <gouthamr> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/RX3MZE33GEDV5JDHORZKRUKVDP47UMLJ/ (OS/PTG Summary)
17:15:34 <gouthamr> just some "needs volunteers" call outs here:
17:15:34 <gouthamr> - (needs volunteers) The FIPS goal needs rework, especially around
17:15:34 <gouthamr> testing, and any objective refinements.
17:15:34 <gouthamr> - (needs volunteers) Clarifications and instructions pertaining to AI
17:15:35 <gouthamr> Contributions in the Project Team Guide.
17:15:51 <gouthamr> ^ oh wait, that second one is cardoe's now :)
17:16:30 <gouthamr> do we need to discuss anything on the tracker today?
17:16:46 <cardoe> I'll work on some summary and updates and get them to the ML this week and then we can discuss feedback next week if that sounds good.
17:17:38 <gouthamr> yep, that works, although you're probably not going to be at next week's meeting
17:17:42 <cardoe> I wanted to connect with gmaan on the Secure RBAC but -ETIME right now.
17:18:04 <cardoe> I found things a bit muddied between projects at the PTG.
17:19:05 <gouthamr> ah, you could discuss that here after the meeting, or chime in on the etherpad
17:19:10 <cardoe> So my thought was to write up a couple of personas... "Cari the Cloud Operator", "Daniel the DC Operator", "Victor the VM user"
17:19:21 <gouthamr> (the next SRBAC community meeting is on Dec 1st 2025)
17:20:28 <cardoe> Anyway, that's all I had for the meeting.
17:20:38 <gouthamr> nice, don't know if it was something like https://docs.openstack.org/doc-contrib-guide/ux-ui-guidelines/ux-personas.html
17:21:42 * gouthamr could swear we had something like that with RBAC roles
17:22:44 <gouthamr> alright, lets move to the next few topics
17:22:59 <gouthamr> most of these are for awareness, and seeing if we can share any opinions:
17:23:09 <gouthamr> #topic Situation with os-net-config
17:23:56 <gouthamr> you maybe aware of this situation, but the thread clarifies some of our concens
17:23:57 <gouthamr> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/OOUOSYN3MVPJH7ARAAW6WW5F6ZXUF2GP/ (About os-net-config)
17:24:47 <gouthamr> we got a response there, and they did the following:
17:24:47 <gouthamr> removed OpenStack CI from the list of maintainers
17:24:47 <gouthamr> fixed the Author to someone else
17:24:47 <gouthamr> however, they are yet to make all of the doc changes on the github repository and the Pypi project as well
17:25:05 <gouthamr> they're asking if there's anything more to do wrt retirement in the OpenStack community
17:25:11 <fungi> while i didn't bring it up on the thread, it's worth noting that if we'd removed all non-system collaborators from the pypi project like we did with othwe deliverables, this wouldn't have occurred
17:25:34 <fungi> s/othwe/other/
17:25:41 <gouthamr> yep! totally, you did bring this up when we were doing the cleanup earlier too
17:25:53 <JayF> Do they intend to keep using the pypi?
17:26:04 <gouthamr> and i for one dropped the ball on the follow up there - i just sent some messages into the ether, by the looks of it
17:26:09 <gouthamr> JayF: yes
17:26:15 <JayF> It sounded to me like the answer to that was yes, which IMO seems problematic especially if we don't have a handoff (e.g. a resolution) telling them they can
17:26:39 <JayF> I'm not suggesting we say no, I'm suggesting we explicitly say yes so we don't implicitly give up our (moral?) authority to retire openstack projects
17:26:54 <gouthamr> sounds reasonable
17:27:18 <JayF> (I'm also OK if we wanna say no; but that's more of a logistical headache)
17:27:19 <gouthamr> we did one for the quantum handover, this one is handed over - but, a retroactive resolution that we don't have a problem with this?
17:27:39 <fungi> essentially, the risk i see is that people who installed it from pypi when it was an openstack project are continuing to get upgrades from a non-openstack development process now without being actively notified that it's changed (they have to go looking in the package contents or at the pypi page once those get updated, but nothing will probably prompt them to do so)
17:28:18 <fungi> quantum, by comparison, didn't have that risk because we didn't publish actual working packages under the name
17:29:36 <gouthamr> yeah.. it'd be tricky to word this, but i can take a shot
17:29:45 <JayF> ++ The most correct answer is to say no, and for them to publish under a new name
17:30:12 <JayF> but I suspect the value:effort ratio is massively off to pick this fight
17:30:19 <sean-k-mooney> or unretire the project in opendev...
17:30:24 <sean-k-mooney> but also that
17:30:32 <sean-k-mooney> lots of effort for little reward
17:30:46 <JayF> I am more concerned about us using this as motivation to close the long-tail of projects with remaining access to others
17:30:49 <fungi> and they'd have to return control of the pypi project to our account for that to work
17:31:27 <fungi> they essentially performed an uncoordinated and unannounced takeover of the pypi project, then informed us after
17:32:06 <JayF> I am trying hard to consider the "they" in this case "A single rogue employee" and not "Red Hat"
17:32:41 <fungi> but i agree with JayF, this one may be a lost cause and our effort is better spent locking down the remaining projects we control so that it doesn't happen again
17:32:42 <gouthamr> haha, its not so hard JayF; some of the loudest voices that called this out are Red Hatters
17:32:59 <gouthamr> +1 fungi
17:33:13 <JayF> gouthamr: We know that as individuals working on the project. Someone externally observing all the facts of the situation may not have that context.
17:33:39 <gouthamr> true, and that's one thing i see value in the resolution clarifying
17:34:02 <JayF> gouthamr: and I'd also feel, if I were an employee of that company, a responsibility to do an internal RCA to discover what happened and prevent it in the future
17:34:49 <gouthamr> +1
17:34:50 <noonedeadpunk> we totally need to finilize left projects access...
17:35:05 <noonedeadpunk> this is smth we forgot to track and follow-up on for a while now
17:35:20 <noonedeadpunk> pretty much up to block releasing of such projects
17:35:58 <gouthamr> noonedeadpunk: do you mean other PyPi projects like this one where we have non-CI maintainers?
17:37:28 <noonedeadpunk> yes
17:37:40 <JayF> noonedeadpunk: the main issue with that proposal (although I agree with getting aggressive about it) is that in many of these cases, the individuals who retain access aren't active in OpenStack whatsoever
17:37:42 <noonedeadpunk> and which are still under our governance
17:38:40 <fungi> the only places that poses a challenge are when the openstack-ci account is not a project owner and some other unresponsive account is
17:38:56 <sean-k-mooney> not form a pypi point of view right ^
17:39:25 <noonedeadpunk> not from pypi, but from our governance repo prespective
17:39:30 <sean-k-mooney> the source repos my be under openstack governace but the pypi project is not alwasy owned by the bot
17:39:42 <noonedeadpunk> I can recall we had a list of such projects somewhere in etherpad...
17:39:58 <noonedeadpunk> and that is exactly the problem kinda
17:40:21 <fungi> yes, really we just need to resume that effort from where we left off last time
17:40:22 <noonedeadpunk> as then we really can't say that what is published is actually the code that is in repo
17:40:39 <gouthamr> #link https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup
17:40:44 <noonedeadpunk> so either we need to be explicit in saying - "don'
17:40:56 <noonedeadpunk> don't trust or install openstack from pypi
17:41:20 <noonedeadpunk> or consider such projects running with basically a backdor
17:42:10 <noonedeadpunk> so if they are unresponsive, we potentially should be considering re-naming the package in pypi
17:42:13 * gouthamr doesn't find os-net-config in that etherpad :( ugh, is there a better way to get this list besides crawling pypi?
17:42:44 <fungi> sadly, pypi's project management ui isn't backed by any kind of api
17:43:01 <gouthamr> does the openstackci account page (after logging in) provide a list of packages?
17:43:26 <fungi> yes, it's paginated and is very many pages long
17:44:19 <gouthamr> ack, that might be one source for our re-audit if we do it
17:44:33 <fungi> it might be possible to craft an html scraping and parsing script that iterates over all the pages, but last i looked it's just an unordered list of projects the account is a collaborator on, so would still need to have the script descend into each project page after that
17:45:00 <gouthamr> in the past we looked at the governance repo, identified all the deliverables and used a script to hit the project pages on PyPi and parse the list of maintainers
17:45:17 <fungi> oh, though yiou don't need to log in for that
17:45:23 <gouthamr> yes we didn't
17:45:23 <gouthamr> https://gist.github.com/knikolla/7303a65a5ddaa2be553fc6e54619a7a1
17:45:24 <fungi> #link https://pypi.org/user/openstackci/
17:45:43 <clarkb> but it doesn't differentiate between owner and uploader iirc
17:46:00 <fungi> right, which is why i said you still have to descend into each project page
17:46:30 <fungi> oh, actually even the project page doesn't differentiate, you're right
17:46:56 <fungi> it just calls them all "maintainers"
17:47:11 <clarkb> right I Think that extra info requires logging in
17:47:16 <fungi> so you do need to be a logged in collaborator to see the assigned roles on each project
17:47:21 <clarkb> its possible that one of those third party db scraper services pypi has exposes the info though
17:47:54 <clarkb> though thoseseem to be geared around metrics instead
17:50:08 <gouthamr> okay, feels like we need to do some more work here. first off is the AI regarding the os-net-config resolution
17:50:43 <gouthamr> do we think there's anything left to do in the openstack retirement process for this project? i'll draft the TC resolution and we can edit it together
17:51:57 <fungi> looks like it may have missed the docs redirect to readme
17:51:57 <gouthamr> sounds like no; i don't know if we can delete https://docs.openstack.org/os-net-config/latest/
17:52:12 <fungi> we normally redirect
17:52:52 <gouthamr> ah, to the git repo's README
17:52:56 <fungi> #link https://docs.openstack.org/project-team-guide/repository.html#step-7-remove-docs-openstack-org-content
17:53:25 <gouthamr> perfect, i can propose that change
17:53:49 <gouthamr> and will seek the docs link removed from the pypi page and the github repo
17:54:15 <fungi> they'll have to push a new release to pypi to make that happen
17:54:26 <gouthamr> yes
17:54:45 <fungi> one other related possibility this situation brings up is whether we want to start taking advantage of pypi's new "archived" project state
17:55:02 <fungi> #link https://blog.pypi.org/posts/2025-01-30-archival/
17:55:47 <fungi> not urgent, just keep the option in mind
17:56:08 <gouthamr> +1 we could add it to the list of retirement steps right away
17:56:23 <gouthamr> we'll have a lot of button clicking to do on all the retired ones
17:56:39 <fungi> i think it'll require a manual action by one of our admins who has access to the openstack-ci account credentials, yes
17:56:58 <gouthamr> +1
17:57:06 <fungi> since, as previously mentioned, pypi has no real api for any of this
17:57:17 <gouthamr> WHYNOAPI, PYPI
17:57:35 <gouthamr> okay, we've three minutes left
17:58:26 <gouthamr> anything else for $topic?
17:58:26 <gouthamr> i'd like to get back to the concern that noonedeadpunk raised regarding existing projects perhaps once we've dealt with os-net-config
17:59:29 <gouthamr> alright, we'll punt the next couple of topics as well to next week
17:59:38 <gouthamr> we have a minute to note anything else for the minutes
17:59:47 <gouthamr> #topic Open Discussion
18:00:33 <frickler> trixie mirroring has completed, thx fungi, and a devstack job is now available
18:00:42 <gouthamr> w00t
18:00:58 <fungi> clarkb was the one who pushed the addition change, i just babysat it through the weekend
18:01:36 <gouthamr> good stuff, ty both
18:01:39 <gouthamr> please do share your thoughts on a couple of ongoing threads:
18:01:39 <gouthamr> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/3V3CNPQLB77SKFVLZ6LXJ5NPNYWW4QFD/ (Request for guidance on improving Python PTI doc to include pytest for Horizon plugins testing)
18:01:39 <gouthamr> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/IW2ZMYXGZQFPSLJRVT5OKFFX7XRGM2FF/ (Proposing oslo.wsgi)
18:01:55 <gouthamr> a reminder that next week's meeting is at 0800 UTC
18:02:08 <gouthamr> lets sync here in between now and then
18:02:14 <gouthamr> thank you for attending!
18:02:17 <gouthamr> #endmeeting