14:30:39 <mhrivnak> #startmeeting Pulp Triage 2016-04-22 First pulpbot test 14:30:40 <pulpbot> Meeting started Fri Apr 22 14:30:39 2016 UTC and is due to finish in 60 minutes. The chair is mhrivnak. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:30:40 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:30:40 <pulpbot> The meeting name has been set to 'pulp_triage_2016_04_22_first_pulpbot_test' 14:30:42 <jcline> !pulptriage join 14:30:42 <jcline> #info %s has joined triage 14:30:44 <dkliban> !pulptriage join 14:30:44 <dkliban> #info %s has joined triage 14:30:46 <smyers> #info %s has joined triage 14:30:46 <smyers> !pulptriage join 14:30:58 <bmbouter> !pulptriage join 14:30:58 <bmbouter> #info %s has joined triage 14:31:01 <pcreech> !pulptriage join 14:31:01 <pcreech> #info %s has joined triage 14:31:01 <asmacdo> #info %s has joined triage 14:31:01 <asmacdo> !pulptriage join 14:31:04 <bmbouter> yes! 14:31:10 <mhrivnak> #info %s has joined triage 14:31:10 <mhrivnak> !pulptriage join 14:31:14 <mhrivnak> Are these joins working? 14:31:17 <mhrivnak> !join 14:31:17 <pulpbot> Error: You don't have the admin capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified. 14:31:18 <pulp-jenkies> mhrivnak you may not issue bot commands in this chat! 14:31:20 <smyers> Yessir 14:31:26 <mhrivnak> Great! 14:31:44 <mhrivnak> !next 14:31:45 <pulpbot> OSTree Support Issue #1773 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:31:46 <pulpbot> No "unprotected/http" option available for ostree repos - http://pulp.plan.io/issues/1773 14:31:47 <pulpbot> 7 issues left to triage 14:31:50 <smyers> I'm not sure how to give feedback on that without being super spammy. Maybe just be super spammy? 14:32:01 <smyers> Topic didn't change, I'm a liar. 14:32:05 <smyers> I'll fix that. 14:32:06 <smyers> :) 14:32:47 <asmacdo> partha responded to that 14:33:02 <mhrivnak> jortel, thoughts? 14:33:41 <mhrivnak> the latest comment is still quite non-conclusive. 14:33:51 <asmacdo> "might need" 14:34:12 <jcline> Well since kickstarts today don't really do https, I think it's reasonable to expect we _will_ need http 14:34:14 * jortel looking, mhrivnak 14:34:50 <smyers> jcline, do kickstart trees not come from the CDN? I don't know enough about them to understand what you mean there. 14:34:55 <jortel> mhrivnak: sorry, late for triage 14:35:00 <mhrivnak> There's a long email thread about it also. 14:35:36 <jcline> smyers: I don't really know either, but I've been told kickstart trees need to be http by people. *shrugs* 14:35:45 <mhrivnak> One of the key questions is if this can be done with apache config to just make all of them available via http, or if we might need to do per-repo selection for http like we do with pulp_rpm. 14:35:51 <jortel> mhrivnak: saw that. best I can tell, it's still not settled 14:36:01 <jcline> It's pretty odd and I've not looked into why that's what people told me 14:36:03 <preethi> !pulptriage join 14:36:03 <preethi> #info %s has joined triage 14:36:08 <mhrivnak> jortel, my read is similar. 14:36:23 <mhrivnak> jortel, punt another week? 14:36:25 <asmacdo> weve bumped this a few times now, i think we should do normal/low and raise priority later if we need to 14:36:27 <jortel> mhrivnak: yes 14:36:53 <smyers> I don't have a problem with bumping it again, frankly, if we need more info 14:36:58 <mhrivnak> There's active discussion happening about it, so I'm inclined to let that go another week. 14:37:14 <jcline> I don't have a problem bumping it either 14:37:22 <mhrivnak> objections? asmacdo does that work for you? 14:37:32 <asmacdo> !skip 14:37:33 <pulpbot> Pulp Issue #1839 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:37:34 <pulpbot> /login/ is not NFS-safe - http://pulp.plan.io/issues/1839 14:37:35 <pulpbot> 6 issues left to triage 14:37:38 <smyers> And just a reminder that pulpbot will not (yet) control redmine for you 14:37:46 <smyers> asmacdo, don't abuse pulpbot. you are not the meeting chair. 14:37:48 * mhrivnak wags a finger at asmacdo 14:38:06 <asmacdo> oh sorry, i thought that would propose skip not actually skip 14:38:16 <smyers> Is !skip in the etherpad? :) 14:38:26 <smyers> Stick to the etherpad. 14:38:32 <smyers> mhrivnak, I can manage the topic for you if you'd like. 14:38:53 <mhrivnak> smyers, works for me. :) 14:40:14 <mhrivnak> This does look legit. 14:40:24 <dkliban> yep 14:40:29 <jortel> agreed 14:40:37 <smyers> Is sn.dat being created by pulp, or openssl? 14:40:43 <jortel> pulp 14:40:58 <smyers> So it would actually be trivial to use the db instead? 14:41:11 <jcline> Probably 14:41:12 <jortel> yes 14:41:22 <jcline> I think you can tell openssl to auto-increment it, but we can just not do that 14:41:49 <smyers> So the severity is low? 14:41:52 <jortel> any number of solutions would be fine. we don't impl CRL so the serial number really is not that important. 14:42:03 <mhrivnak> Impact-wise, this only affects users who run the REST API on multiple machines. 14:42:24 <jortel> right 14:42:40 <mhrivnak> normal / low ? 14:42:48 <smyers> That's what I was thinkin' 14:42:51 <dkliban> works for me 14:42:54 <jortel> +1 14:42:59 <pcreech> +1 14:43:04 <mhrivnak> last call 14:43:05 <jcline> fine with me 14:43:15 <mhrivnak> !next 14:43:16 <pulpbot> Python Support Issue #1840 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:43:17 <pulpbot> Proxy feature not working in pulp_python plugin - http://pulp.plan.io/issues/1840 14:43:18 <pulpbot> 5 issues left to triage 14:43:45 <asmacdo> looks like we can close 14:43:55 <dkliban> close it 14:44:11 <smyers> notabug? worksforme? 14:44:15 * asmacdo resists typing !close 14:44:20 * smyers thinks notabug 14:44:28 <jcline> Yeah 14:44:29 <pcreech> +1 to notabug 14:44:30 <asmacdo> notabug 14:44:31 <mhrivnak> Will close as notabug 14:44:33 <mhrivnak> !next 14:44:34 <pulpbot> Pulp Issue #1847 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:44:35 <pulpbot> last_unit_added is not added in mongo repo collection records - http://pulp.plan.io/issues/1847 14:44:36 <pulpbot> 4 issues left to triage 14:45:41 <mhrivnak> Similar to bmbouter 's question, it's not clear to me that this is a bug. It looks a bit like a new feature request. 14:46:08 <bmbouter> I agree and the issue that it was blocking used what I suggested in comment 3 14:46:11 <jcline> The model defines the field she's talking about 14:46:31 <mhrivnak> oh, it does seem to exist. 14:46:39 <smyers> Surprise field! :) 14:46:47 <mhrivnak> it's mentioned in our rest api docs too. 14:46:51 <smyers> oof 14:46:53 <bmbouter> ok then this is legit 14:46:57 <jcline> Definitely looks like there's a work-around, but sounds like a bug to me 14:47:01 <smyers> normal / low ? 14:47:08 <asmacdo> smyers, +1 14:47:21 <jcline> yeah 14:47:31 <bmbouter> what about normal / normal? a user may rely on this 14:47:47 <bmbouter> the last time a unit was added to the db could be an important integration point 14:47:48 <smyers> Yeah, good call. It's in the docs, it should work 14:47:51 <pcreech> +1 to normal/normal 14:47:53 <mhrivnak> I like normal/medium. 14:47:54 <jortel> +1 14:47:56 <mhrivnak> last call 14:47:59 <bmbouter> yes normal/medium 14:48:01 <jcline> Fine with me 14:48:07 <mhrivnak> !next 14:48:07 <jortel> fine 14:48:08 <pulpbot> Pulp Issue #1851 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:48:09 <pulpbot> Pulp can't handle special characters in password - http://pulp.plan.io/issues/1851 14:48:10 <pulpbot> 3 issues left to triage 14:48:45 <jcline> I'm guessing this password is for a proxy? 14:49:14 <mhrivnak> or it could be for basic auth against the remote feed. 14:49:27 <smyers> Yeah, it's gotta some place where we need to use the password, and not just verify it 14:49:37 <mhrivnak> although it's reported against pulp 2.6, so probably it's proxy auth. 14:49:47 <smyers> That's still a surprise to me. base64 all the things 14:49:52 <mhrivnak> I don't think we had basic auth for the feed back then, right? 14:50:12 <dkliban> let's ask for more details 14:50:15 <smyers> could it be misfiled 14:50:17 <smyers> ? 14:50:27 <mhrivnak> It could. 14:50:35 <mhrivnak> Either way, it's still a bug. 14:50:36 <asmacdo> agree with dkliban. 14:51:13 <smyers> I think more info could help, but we can probably fix this now with the info that's there. 14:51:16 <mhrivnak> Do we need more detail to triage it? Or to fix it? 14:51:20 <jcline> And whatever password field it was for they should all be handled the same 14:51:37 <mhrivnak> I think we can triage with the info we have, but more info might help to fix it. 14:51:43 <dkliban> mhrivnak: agreed 14:51:49 <dkliban> normal/normal 14:51:53 <smyers> I agree, and think probably prio normal, sev med 14:52:03 <dkliban> that's what i meant :) 14:52:09 <smyers> *highfive* 14:52:14 <mhrivnak> other thoughts? 14:52:15 <mhrivnak> last call 14:52:27 <mhrivnak> !next 14:52:28 <pulpbot> Puppet Support Issue #1853 [NEW] (unassigned) - Priority: Normal | Severity: Medium 14:52:29 <pulpbot> pulp-puppet-module-builder should not overwrite existing module files - http://pulp.plan.io/issues/1853 14:52:30 <pulpbot> 2 issues left to triage 14:54:28 <mhrivnak> speechless? :) 14:54:31 <asmacdo> mhrivnak, can you provide a link to the downstream report? 14:54:43 <mhrivnak> asmacdo, it's linked from the issue. 14:54:45 <dkliban> asmacdo: bugzilla link 14:54:49 <smyers> That behavior is what I would expect to happen generically from a thing that builds a thing 14:54:50 <dkliban> asmacdo: you have to be logged in 14:55:03 <jcline> Yeah. 14:55:05 <mhrivnak> smyers, I had the same thought. 14:55:06 <asmacdo> gotcha 14:55:11 <smyers> I think it's probably low priority, low severity, but I have some ideas on how to help it out 14:55:28 <smyers> Mainly just add a flag to not overwrite files without prompting 14:55:32 <jcline> Agreed 14:56:06 <jortel> agreed 14:56:08 <mhrivnak> proposed: low/low 14:56:10 <mhrivnak> last call 14:56:17 <jortel> +1 14:56:32 <smyers> Oh, a quick note about pulpbot, my math might be off by one on the "issues left to triage counter" :D 14:56:38 <mhrivnak> !next 14:56:40 <pulpbot> Pulp Issue #1854 [ASSIGNED] (rbarlow) - Priority: Normal | Severity: Medium 14:56:41 <pulpbot> CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg - http://pulp.plan.io/issues/1854 14:56:42 <pulpbot> 1 issues left to triage 14:56:59 <jcline> It's assigned and being worked on 14:57:18 <jcline> Leave it the way it is and mark it triaged? 14:57:22 <asmacdo> +1 14:57:29 <bmbouter> +1 14:57:53 <mhrivnak> or change to high/high? If it's worth working on immediately, seem like it should be high priority? 14:58:32 <smyers> Is it reasonable to default to high priority for security issues? 14:58:33 <asmacdo> mhrivnak, high priority will put it on QE radar, 14:58:34 <jcline> I don't have an opinion one way or the other since it's not going to change how we respond to it 14:59:28 <mhrivnak> high does seem like a reasonable default for security issues. 14:59:40 <mhrivnak> proposed: high/high 14:59:45 <mhrivnak> last call 14:59:56 <asmacdo> i think high/med 15:00:21 <asmacdo> its important bc security, but its not a severe sec bug 15:00:25 <mhrivnak> that's reasonable. 15:00:53 <smyers> srt labeled it low impact, even, but I'm happen with medium 15:00:55 <smyers> happy 15:01:14 <smyers> https://access.redhat.com/security/cve/CVE-2016-3696 15:01:15 <mhrivnak> proposed: high/med 15:01:15 <pulpbot> Title: CVE-2016-3696 - Red Hat Customer Portal (at access.redhat.com) 15:01:22 <mhrivnak> last call 15:01:53 * mhrivnak wonders what will happen with the next command 15:01:54 <mhrivnak> !next 15:01:54 <pulpbot> No more issues to triage. 15:02:00 <mhrivnak> !end 15:02:00 <mhrivnak> #endmeeting