#openstack-meeting log

14:00:08 <pdeore> #startmeeting glance
14:00:08 <opendevmeet> Meeting started Thu Sep 22 14:00:08 2022 UTC and is due to finish in 60 minutes.  The chair is pdeore. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:08 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:09 <opendevmeet> The meeting name has been set to 'glance'
14:00:09 <pdeore> #topic roll call
14:00:09 <pdeore> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:11 <pdeore> o/
14:00:21 <jokke_> o/
14:00:25 <dansmith> o/
14:00:33 <croelandt> o/
14:00:48 <pdeore> let's start with the 2nd topic first
14:00:50 <pdeore> #topic glance-coresec review
14:00:53 <mrjoshi> o/
14:01:02 <pdeore> #link https://launchpad.net/~glance-coresec
14:01:43 <pdeore> So, how we can add/remove core members here ?
14:02:05 <croelandt> by sending an email on the list? :)
14:02:06 <pdeore> this topic is added by Brian
14:02:47 <dansmith> I think the admins can add people
14:02:53 <dansmith> however, that current list seems okay
14:03:13 <jokke_> correct, admins are for that
14:03:35 <pdeore> ok, so the mail should be only to make the Bug public right ?
14:04:38 <jokke_> Any Private Security bug to be discussed outside of the embargo needs to be coordinated with VMT to be released as Public Security bug
14:05:29 <pdeore> ok
14:06:12 <jokke_> the embargo is there for a reason. I can walk you through this offline if you want
14:06:13 <pdeore> jokke_, so what exactly expected in that email? the bug details only ?
14:06:34 <jokke_> pdeore: What e-mail?
14:06:47 <pdeore> yeah
14:07:35 <dansmith> I think pdeore asked how to add people the the coresec list and croelandt said "send an email"
14:07:48 <dansmith> but I think the answer is not send an email, but "the admins of that group can add people"
14:07:58 <jokke_> ah, yeah
14:08:00 <dansmith> those being rosmaita and abhi
14:08:14 <croelandt> I was referring to 2.2
14:08:15 <dansmith> definitely no discussion of private security bugs in public email :)
14:08:34 <jokke_> pdeore: https://security.openstack.org/vmt-process.html is the process with security bugs and coresec should be familiar with this
14:09:19 <pdeore> ohh yeah, Thanks !!  I was about to ask for this :)
14:09:22 <dansmith> I've never really seen people get proposed in public for coresec, does that happen?
14:10:27 <pdeore> I got confused with the line : PTL can add people, but it's traditional to propose on the ML first so the OpenStack Vulnerabilty Management Team can give input
14:10:46 <jokke_> I don't think so. It's more of a self governing group of people active on the security space with some coverage in each project
14:11:24 <dansmith> yeah, that ^
14:11:28 <jokke_> Yeah, that is just false assumption. There is no even requirement PTL being in that group (I think it's pretty common, but like said, not requirement)
14:11:41 <pdeore> ahh ok
14:11:50 <dansmith> fwiw, the nova ptl hasn't been in that group for several cycles, IIRC :)
14:12:27 <pdeore> :)
14:13:03 <jokke_> Like it's not bad thing if PTL is active and security aware. Makes life easier, the main thing is that there is enough core power to make sure any patches can be landed swiftly when the embargo gets lifted
14:13:13 <dansmith> yup
14:13:26 <dansmith> so tbh, brian has experience there and is familiar with glance,
14:13:44 <dansmith> so the current list seems okay to me unless he really wants to be off it or there's another reason to change
14:13:56 <dansmith> just MHO from a not-on-the-list person :)
14:14:24 <jokke_> Maybe we should dicuss it with him when he is actually present and move on for now
14:14:40 <dansmith> sure
14:15:02 <dansmith> the other thing to consider,
14:15:05 <pdeore> yeah, we can discuss that on glance channel when he is available
14:15:06 <dansmith> which I sometime forget
14:15:26 <dansmith> is that you can cc specific people on a private bug, which lets them participate in the private bug directly
14:15:29 <dansmith> without being on the list
14:15:49 <dansmith> so as long as there's enough cover to rope in the right people for a particular problem, you can dynamically increase the audience as needed
14:15:49 <jokke_> indeed
14:16:55 <jokke_> Quite common to bring SMEs as the patch review on Private Security bugs happens in the launchpad bug rather than gerrit when needed.
14:17:53 <croelandt> Hard stops are coming, shall we move on? :)
14:17:59 <jokke_> ++
14:18:12 <pdeore> yeah, moving to next :)
14:18:14 <pdeore> #topic glance-core review
14:18:22 <pdeore> #link https://review.opendev.org/admin/groups/1d14a0536e224488ae2c442c499ad16dddcdf8b8,members
14:18:45 * croelandt is ok with 3.2.1 and 3.2.2, maybe keep Sean though
14:18:51 <jokke_> I do agree with the proposed cleanup and can do it right away if that's something we decide to do
14:19:14 <croelandt> or if Sean is still pretty active in Cinder, maybe ask him whether he still cares aboutGlance first
14:19:14 <pdeore> ok
14:19:17 <dansmith> yep, sounds good
14:19:44 <jokke_> ok, so clean Flavio's bot and nikhil for now?
14:20:16 <croelandt> +2
14:20:20 <dansmith> +W
14:20:20 <pdeore> ++
14:20:37 <jokke_> done
14:20:46 <pdeore> ok, lets move ahead
14:20:48 <pdeore> #topic release/periodic jobs updates
14:20:48 <jokke_> Now the real Elephant in this room
14:20:52 <jokke_> wait :P
14:21:15 <jokke_> I think while we are reviewing that group there is quite clearly issue with it
14:21:26 <jokke_> I don't see pdeore there!
14:21:45 <pdeore> because I'm not core yet :P
14:21:51 <dansmith> I think it's fine for the ptl to not be in the core team, FWIW
14:21:55 <jokke_> Do we want to have email proposal of that into the mailing list or shall we fix this rather now?
14:22:50 <jokke_> If that's preferred, fine, but tbh I'd rather have her in core by now. ;)
14:23:40 <jokke_> Would be first for us anyways
14:24:03 <pdeore> So it would be like I'm proposing myself as a core ? :D
14:24:43 <croelandt> yes!
14:24:47 <jokke_> That's kind of where I'm coming from ;)
14:25:07 <jokke_> we can discuss this later too as we're on clock here
14:25:17 <pdeore> yeah :)
14:25:22 <jokke_> not urgent thing that needs to happen on this minute
14:25:50 <jokke_> just wanted to bring that us as we were reviewing the group
14:26:11 <pdeore> ack,
14:26:18 <jokke_> we need to get Abhishek to add you into this group too https://review.opendev.org/admin/groups/3a2d24a98c24482a0371a4762ba0c1b3ade078b8,members
14:26:36 <jokke_> So you can start merging stuff in the specs repo
14:26:47 <pdeore> ok
14:26:48 <dansmith> yeah for sure on that :)
14:27:10 <jokke_> ok, next topic
14:27:27 <pdeore> so next week is RC final release,
14:27:38 <pdeore> and I think we are good for final rc
14:28:18 <pdeore> Periodic job all green except TIME_OUT for fips jobs
14:29:13 <pdeore> moving to next
14:29:18 <pdeore> #topic Gate broken for stable yoga/xena
14:29:29 <pdeore> #link https://review.opendev.org/c/openstack/glance-tempest-plugin/+/856989
14:30:01 <pdeore> dansmith, I've updated the commit msg as per your suggestion,
14:31:04 <pdeore> all cores, kindly please have a look at this, the patches on stable branches are pending :/
14:31:56 <pdeore> so, that's it from me ..
14:33:14 <pdeore> moving to open discussions
14:33:16 <pdeore> #topic Open Discussion
14:33:21 <jokke_> ack ... I thought that pinning had happened already.
14:34:02 <pdeore> nope
14:34:10 <jokke_> I just wanted to give kudos to croelandt who's been digging out some very old client bugs and worked/working on them. Good quality of life stuff. Thanks!
14:34:23 <croelandt> until we burn the glance client in favor of OSC :D
14:34:44 <jokke_> I'll just fork it if it comes to that
14:34:55 <jokke_> said it before, still standing behind that
14:35:29 <croelandt> looking forward to that
14:35:32 <jokke_> tht's all from me ;)
14:36:05 <pdeore> anyone has anything else to discuss?
14:36:40 <croelandt> nope
14:37:06 <pdeore> ok, lets wrap up
14:37:15 <pdeore> Thanks everyone for joining !!
14:37:40 <pdeore> #endmeeting