| *** ralonsoh_ is now known as ralonsoh | 08:08 | |
| fungi | does anyone know whether any of the members of https://launchpad.net/~murano-drivers/+members are still active? the vmt received a vulnerability report about murano at the beginning of the year, so we opened a private bug in lp for it and subscribed murano-drivers (since there is no murano-coresec group), but they've been unresponsive so far | 13:23 |
|---|---|---|
| fungi | the murano ptl is included in that group, at least | 13:24 |
| elodilles | hi TC o/ in Release Management team we have a task for this week in the cycle to: 'Check with the Technical Committee | 16:08 |
| elodilles | * to make sure Python runtimes have been determined for the next development cycle | 16:08 |
| elodilles | * Zuul job templates have been created to include those runtimes | 16:08 |
| elodilles | could you please check the state of this? ^^^ | 16:08 |
| gmann | elodilles: thanks for reminder. I will work on the testing runtime/template today or tomorrow otherwise. | 18:54 |
| gmann | fungi: I do not think any of them active and murano PTL/core are unresponsive on ML. and I found their gate is also broken when fixing the py3.11 job for them https://review.opendev.org/c/openstack/murano/+/904673 | 18:57 |
| fungi | gmann: thanks. the vmt technically doesn't oversee vulnerability reports for murano (they've never asked us to), but i'm uncomfortable leaving the report private indefinitely and the original reporter who e-mailed it to us is asking for a status update | 19:15 |
| fungi | is there any discussion of inactive status for murano, or have they been active until recently? | 19:15 |
| gmann | fungi: there is no inactive status discussion for now and that is mainly bcz we had PTL for that project. But seeing their gate broken, last chnage on master merged 6 month ago and no response form team/PTL, we should discuss of that. | 19:21 |
| gmann | I can propose it in gerrit for discussion. and also discuss in TC in tomorrow meeting. | 19:21 |
| fungi | thanks. like i said, if the project has nobody to respond to reports of suspected security vulnerabilities after over a month of waiting, i consider that a strong signal that it's not being maintained | 19:23 |
| gmann | at least that way we will get clarity on that and also you can tell them this project is not in good maintenance state and may be they migh jump in to help | 19:23 |
| gmann | fungi: agree | 19:23 |
| opendevreview | Ghanshyam proposed openstack/governance master: Mark Murano project inactive https://review.opendev.org/c/openstack/governance/+/908859 | 20:14 |
| gmann | fungi: tc-members ^^ | 20:14 |
| opendevreview | Ghanshyam proposed openstack/governance master: Define testing runtime for 2024.2 release https://review.opendev.org/c/openstack/governance/+/908862 | 20:37 |
| gmann | elodilles: ^^ testing runtime proposal. I will work on template once it is meged | 20:39 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!