Thursday, 2024-08-29

« Wednesday, 2024-08-28 Index Friday, 2024-08-30 »
*** bauzas_ is now known as bauzas00:24
*** mhen_ is now known as mhen01:46
*** bauzas_ is now known as bauzas03:02
*** bauzas_ is now known as bauzas11:33
pdeore#startmeeting glance14:00
opendevmeetMeeting started Thu Aug 29 14:00:13 2024 UTC and is due to finish in 60 minutes.  The chair is pdeore. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'glance'14:00
pdeore#topic roll call14:00
pdeore#link https://etherpad.openstack.org/p/glance-team-meeting-agenda14:00
pdeoreo/14:00
dansmitho/14:00
mrjoshio/14:00
pdeorelets wait few minutes for others to join14:01
pdeoreabhishekk, will not be able to join today14:01
croelandto/14:03
pdeoreI think we should get started14:03
pdeore#topic release/periodic jobs updates14:03
pdeoreAs everyone knows this is m3 week and I think we are good to tag m3 today since we have few important things already landed14:04
pdeorerest of the patches which we going to discuss in last topic, I think we can merge them before rc1 as well14:04
dansmithwhat's the story on the move to oslo patch?14:04
dansmithnot really a feature, can that go after m3?14:04
dansmithnot critical of course, but it'd be nice14:04
dansmithwe need the tempest change to land first14:05
pdeoreyeah we can have it before rc1 as well14:05
dansmithokay14:05
pdeoremoving ahead14:06
pdeoreglanceclient 4.7.0 and glance_store 4.8.1 are released 14:07
pdeoreperiodic jobs are all green...14:07
pdeoremoving to next14:07
pdeore#topic Image Encryption with LUKS (please discuss without Luzi & mhen - we have a conflicting meeting)14:07
pdeore#link  https://review.opendev.org/q/topic:%22LUKS-image-encryption%2214:07
pdeorewe still need reviews on glance patches14:08
dansmithso,14:08
pdeore I have added few suggestions on parameter change patch but I request other cores to have a look at those patches14:08
dansmithI feel like we need to revisit a couple things about how we store these images14:08
dansmithin light of the giant CVE recently14:08
dansmithin that I think we need to have a specific disk_format for luks-encrypted images,14:09
dansmithso that we can inspect them with a known target format and reject things that are supposed to be encrypted but aren't (and v-v)14:09
dansmiththat goes with my proposal to also basically stop using "raw" to mean "image of a PC-like disk or partition"14:10
dansmith(in my defender spec)14:10
dansmithso I feel like we probably need to discuss that with glance, cinder, and nova people together14:10
dansmithmuch of the complexity in the recent CVE came around the fact that we can never trust the disk_format in glance, and many of the side attack vectors came by putting one format in glance but calling it something else14:11
pdeoreohh ok, could you please add your comments on the patch ? 14:12
dansmithwell, I'm not sure which patch that really goes on14:12
dansmithmaybe "standardization of encrypted images".. I guess I'll have a look at that14:12
pdeore#link https://review.opendev.org/c/openstack/glance/+/92629514:13
dansmithack, I will14:13
pdeoreThanks14:13
dansmithglad to see your "does this have test coverage" comments in there :D14:13
pdeoreso there is no point in raising FFE for this14:14
pdeore:D I don't see that unit test coverage for few things there 14:14
pdeoreBTW, any idea till when a FFE can be raised? in m3 week only or anytime before rc1 week?14:15
dansmithI think that's technically your call, but it should get increasingly difficult the closer we get,14:16
dansmithand I always say "aim for zero" and only grant an FFE for truly exceptional cases14:16
dansmithi.e. things that are "all merged except one patch" etc14:17
dansmiththe oslo thing should be low-risk, and could be the final step in the recent process if you look at it that way,14:17
dansmithbut could also be seen as the first in a not-yet-started process, so it's your call :)14:17
pdeoreyeah that's why i wanted to confirm the exact time to raise FFE, if it's ok to be raised anytime before rc1 then we can surely go ahead with that14:19
pdeoreI will confirm with the release team after the meeting14:21
pdeoremoving to next14:22
pdeore#Importatnt Reviews14:22
pdeore#link https://review.opendev.org/c/openstack/glance/+/92738314:22
pdeore#link https://review.opendev.org/c/openstack/glance/+/92729114:22
pdeoreso kindly please have a look at these so that we can have them before rc1 :)14:23
pdeorethat's it from me for today14:23
dansmithokay I commented on that LUKS patch14:23
pdeoreack, Thank you !14:24
pdeorelet's move to open discussions 14:24
pdeore#topic Open Discussions14:24
pdeoreanyone has anything else to highlight ?14:25
pdeoreseems nothing, so let's wrap up then14:27
pdeoreThanks everyone for joining !14:27
pdeore#endmeeting14:27
opendevmeetMeeting ended Thu Aug 29 14:27:38 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:27
opendevmeetMinutes:        https://meetings.opendev.org/meetings/glance/2024/glance.2024-08-29-14.00.html14:27
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/glance/2024/glance.2024-08-29-14.00.txt14:27
opendevmeetLog:            https://meetings.opendev.org/meetings/glance/2024/glance.2024-08-29-14.00.log.html14:27
*** pdeore is now known as pdeore|afk14:39
*** bauzas_ is now known as bauzas14:56
*** bauzas_ is now known as bauzas20:34
« Wednesday, 2024-08-28 Index Friday, 2024-08-30 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!