#pulp-dev log

14:30:39 <mhrivnak> #startmeeting Pulp Triage 2016-04-22 First pulpbot test
14:30:40 <pulpbot> Meeting started Fri Apr 22 14:30:39 2016 UTC and is due to finish in 60 minutes.  The chair is mhrivnak. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:30:40 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:30:40 <pulpbot> The meeting name has been set to 'pulp_triage_2016_04_22_first_pulpbot_test'
14:30:42 <jcline> !pulptriage join
14:30:42 <jcline> #info %s has joined triage
14:30:44 <dkliban> !pulptriage join
14:30:44 <dkliban> #info %s has joined triage
14:30:46 <smyers> #info %s has joined triage
14:30:46 <smyers> !pulptriage join
14:30:58 <bmbouter> !pulptriage join
14:30:58 <bmbouter> #info %s has joined triage
14:31:01 <pcreech> !pulptriage join
14:31:01 <pcreech> #info %s has joined triage
14:31:01 <asmacdo> #info %s has joined triage
14:31:01 <asmacdo> !pulptriage join
14:31:04 <bmbouter> yes!
14:31:10 <mhrivnak> #info %s has joined triage
14:31:10 <mhrivnak> !pulptriage join
14:31:14 <mhrivnak> Are these joins working?
14:31:17 <mhrivnak> !join
14:31:17 <pulpbot> Error: You don't have the admin capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
14:31:18 <pulp-jenkies> mhrivnak you may not issue bot commands in this chat!
14:31:20 <smyers> Yessir
14:31:26 <mhrivnak> Great!
14:31:44 <mhrivnak> !next
14:31:45 <pulpbot> OSTree Support Issue #1773 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:31:46 <pulpbot> No "unprotected/http" option available for ostree repos - http://pulp.plan.io/issues/1773
14:31:47 <pulpbot> 7 issues left to triage
14:31:50 <smyers> I'm not sure how to give feedback on that without being super spammy. Maybe just be super spammy?
14:32:01 <smyers> Topic didn't change, I'm a liar.
14:32:05 <smyers> I'll fix that.
14:32:06 <smyers> :)
14:32:47 <asmacdo> partha responded to that
14:33:02 <mhrivnak> jortel, thoughts?
14:33:41 <mhrivnak> the latest comment is still quite non-conclusive.
14:33:51 <asmacdo> "might need"
14:34:12 <jcline> Well since kickstarts today don't really do https, I think it's reasonable to expect we _will_ need http
14:34:14 * jortel looking, mhrivnak
14:34:50 <smyers> jcline, do kickstart trees not come from the CDN? I don't know enough about them to understand what you mean there.
14:34:55 <jortel> mhrivnak: sorry, late for triage
14:35:00 <mhrivnak> There's a long email thread about it also.
14:35:36 <jcline> smyers: I don't really know either, but I've been told kickstart trees need to be http by people. *shrugs*
14:35:45 <mhrivnak> One of the key questions is if this can be done with apache config to just make all of them available via http, or if we might need to do per-repo selection for http like we do with pulp_rpm.
14:35:51 <jortel> mhrivnak: saw that.  best I can tell, it's still not settled
14:36:01 <jcline> It's pretty odd and I've not looked into why that's what people told me
14:36:03 <preethi> !pulptriage join
14:36:03 <preethi> #info %s has joined triage
14:36:08 <mhrivnak> jortel, my read is similar.
14:36:23 <mhrivnak> jortel, punt another week?
14:36:25 <asmacdo> weve bumped this a few times now, i think we should do normal/low and raise priority later if we need to
14:36:27 <jortel> mhrivnak: yes
14:36:53 <smyers> I don't have a problem with bumping it again, frankly, if we need more info
14:36:58 <mhrivnak> There's active discussion happening about it, so I'm inclined to let that go another week.
14:37:14 <jcline> I don't have a problem bumping it either
14:37:22 <mhrivnak> objections? asmacdo does that work for you?
14:37:32 <asmacdo> !skip
14:37:33 <pulpbot> Pulp Issue #1839 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:37:34 <pulpbot> /login/ is not NFS-safe - http://pulp.plan.io/issues/1839
14:37:35 <pulpbot> 6 issues left to triage
14:37:38 <smyers> And just a reminder that pulpbot will not (yet) control redmine for you
14:37:46 <smyers> asmacdo, don't abuse pulpbot. you are not the meeting chair.
14:37:48 * mhrivnak wags a finger at asmacdo
14:38:06 <asmacdo> oh sorry, i thought that would propose skip not actually skip
14:38:16 <smyers> Is !skip in the etherpad? :)
14:38:26 <smyers> Stick to the etherpad.
14:38:32 <smyers> mhrivnak, I can manage the topic for you if you'd like.
14:38:53 <mhrivnak> smyers, works for me. :)
14:40:14 <mhrivnak> This does look legit.
14:40:24 <dkliban> yep
14:40:29 <jortel> agreed
14:40:37 <smyers> Is sn.dat being created by pulp, or openssl?
14:40:43 <jortel> pulp
14:40:58 <smyers> So it would actually be trivial to use the db instead?
14:41:11 <jcline> Probably
14:41:12 <jortel> yes
14:41:22 <jcline> I think you can tell openssl to auto-increment it, but we can just not do that
14:41:49 <smyers> So the severity is low?
14:41:52 <jortel> any number of solutions would be fine.  we don't impl CRL so the serial number really is not that important.
14:42:03 <mhrivnak> Impact-wise, this only affects users who run the REST API on multiple machines.
14:42:24 <jortel> right
14:42:40 <mhrivnak> normal / low ?
14:42:48 <smyers> That's what I was thinkin'
14:42:51 <dkliban> works for me
14:42:54 <jortel> +1
14:42:59 <pcreech> +1
14:43:04 <mhrivnak> last call
14:43:05 <jcline> fine with me
14:43:15 <mhrivnak> !next
14:43:16 <pulpbot> Python Support Issue #1840 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:43:17 <pulpbot> Proxy feature not working in pulp_python plugin - http://pulp.plan.io/issues/1840
14:43:18 <pulpbot> 5 issues left to triage
14:43:45 <asmacdo> looks like we can close
14:43:55 <dkliban> close it
14:44:11 <smyers> notabug? worksforme?
14:44:15 * asmacdo resists typing !close
14:44:20 * smyers thinks notabug
14:44:28 <jcline> Yeah
14:44:29 <pcreech> +1 to notabug
14:44:30 <asmacdo> notabug
14:44:31 <mhrivnak> Will close as notabug
14:44:33 <mhrivnak> !next
14:44:34 <pulpbot> Pulp Issue #1847 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:44:35 <pulpbot> last_unit_added is not added in mongo repo collection records - http://pulp.plan.io/issues/1847
14:44:36 <pulpbot> 4 issues left to triage
14:45:41 <mhrivnak> Similar to bmbouter 's question, it's not clear to me that this is a bug. It looks a bit like a new feature request.
14:46:08 <bmbouter> I agree and the issue that it was blocking used what I suggested in comment 3
14:46:11 <jcline> The model defines the field she's talking about
14:46:31 <mhrivnak> oh, it does seem to exist.
14:46:39 <smyers> Surprise field! :)
14:46:47 <mhrivnak> it's mentioned in our rest api docs too.
14:46:51 <smyers> oof
14:46:53 <bmbouter> ok then this is legit
14:46:57 <jcline> Definitely looks like there's a work-around, but sounds like a bug to me
14:47:01 <smyers> normal / low ?
14:47:08 <asmacdo> smyers, +1
14:47:21 <jcline> yeah
14:47:31 <bmbouter> what about normal / normal? a user may rely on this
14:47:47 <bmbouter> the last time a unit was added to the db could be an important integration point
14:47:48 <smyers> Yeah, good call. It's in the docs, it should work
14:47:51 <pcreech> +1 to normal/normal
14:47:53 <mhrivnak> I like normal/medium.
14:47:54 <jortel> +1
14:47:56 <mhrivnak> last call
14:47:59 <bmbouter> yes normal/medium
14:48:01 <jcline> Fine with me
14:48:07 <mhrivnak> !next
14:48:07 <jortel> fine
14:48:08 <pulpbot> Pulp Issue #1851 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:48:09 <pulpbot> Pulp can't handle special characters in password - http://pulp.plan.io/issues/1851
14:48:10 <pulpbot> 3 issues left to triage
14:48:45 <jcline> I'm guessing this password is for a proxy?
14:49:14 <mhrivnak> or it could be for basic auth against the remote feed.
14:49:27 <smyers> Yeah, it's gotta some place where we need to use the password, and not just verify it
14:49:37 <mhrivnak> although it's reported against pulp 2.6, so probably it's proxy auth.
14:49:47 <smyers> That's still a surprise to me. base64 all the things
14:49:52 <mhrivnak> I don't think we had basic auth for the feed back then, right?
14:50:12 <dkliban> let's ask for more details
14:50:15 <smyers> could it be misfiled
14:50:17 <smyers> ?
14:50:27 <mhrivnak> It could.
14:50:35 <mhrivnak> Either way, it's still a bug.
14:50:36 <asmacdo> agree with dkliban.
14:51:13 <smyers> I think more info could help, but we can probably fix this now with the info that's there.
14:51:16 <mhrivnak> Do we need more detail to triage it? Or to fix it?
14:51:20 <jcline> And whatever password field it was for they should all be handled the same
14:51:37 <mhrivnak> I think we can triage with the info we have, but more info might help to fix it.
14:51:43 <dkliban> mhrivnak: agreed
14:51:49 <dkliban> normal/normal
14:51:53 <smyers> I agree, and think probably prio normal, sev med
14:52:03 <dkliban> that's what i meant :)
14:52:09 <smyers> *highfive*
14:52:14 <mhrivnak> other thoughts?
14:52:15 <mhrivnak> last call
14:52:27 <mhrivnak> !next
14:52:28 <pulpbot> Puppet Support Issue #1853 [NEW] (unassigned) - Priority: Normal | Severity: Medium
14:52:29 <pulpbot> pulp-puppet-module-builder should not overwrite existing module files - http://pulp.plan.io/issues/1853
14:52:30 <pulpbot> 2 issues left to triage
14:54:28 <mhrivnak> speechless? :)
14:54:31 <asmacdo> mhrivnak, can you provide a link to the downstream report?
14:54:43 <mhrivnak> asmacdo, it's linked from the issue.
14:54:45 <dkliban> asmacdo: bugzilla link
14:54:49 <smyers> That behavior is what I would expect to happen generically from a thing that builds a thing
14:54:50 <dkliban> asmacdo: you have to be logged in
14:55:03 <jcline> Yeah.
14:55:05 <mhrivnak> smyers, I had the same thought.
14:55:06 <asmacdo> gotcha
14:55:11 <smyers> I think it's probably low priority, low severity, but I have some ideas on how to help it out
14:55:28 <smyers> Mainly just add a flag to not overwrite files without prompting
14:55:32 <jcline> Agreed
14:56:06 <jortel> agreed
14:56:08 <mhrivnak> proposed: low/low
14:56:10 <mhrivnak> last call
14:56:17 <jortel> +1
14:56:32 <smyers> Oh, a quick note about pulpbot, my math might be off by one on the "issues left to triage counter" :D
14:56:38 <mhrivnak> !next
14:56:40 <pulpbot> Pulp Issue #1854 [ASSIGNED] (rbarlow) - Priority: Normal | Severity: Medium
14:56:41 <pulpbot> CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg - http://pulp.plan.io/issues/1854
14:56:42 <pulpbot> 1 issues left to triage
14:56:59 <jcline> It's assigned and being worked on
14:57:18 <jcline> Leave it the way it is and mark it triaged?
14:57:22 <asmacdo> +1
14:57:29 <bmbouter> +1
14:57:53 <mhrivnak> or change to high/high? If it's worth working on immediately, seem like it should be high priority?
14:58:32 <smyers> Is it reasonable to default to high priority for security issues?
14:58:33 <asmacdo> mhrivnak, high priority will put it on QE radar,
14:58:34 <jcline> I don't have an opinion one way or the other since it's not going to change how we respond to it
14:59:28 <mhrivnak> high does seem like a reasonable default for security issues.
14:59:40 <mhrivnak> proposed: high/high
14:59:45 <mhrivnak> last call
14:59:56 <asmacdo> i think high/med
15:00:21 <asmacdo> its important bc security, but its not a severe sec bug
15:00:25 <mhrivnak> that's reasonable.
15:00:53 <smyers> srt labeled it low impact, even, but I'm happen with medium
15:00:55 <smyers> happy
15:01:14 <smyers> https://access.redhat.com/security/cve/CVE-2016-3696
15:01:15 <mhrivnak> proposed: high/med
15:01:15 <pulpbot> Title: CVE-2016-3696 - Red Hat Customer Portal (at access.redhat.com)
15:01:22 <mhrivnak> last call
15:01:53 * mhrivnak wonders what will happen with the next command
15:01:54 <mhrivnak> !next
15:01:54 <pulpbot> No more issues to triage.
15:02:00 <mhrivnak> !end
15:02:00 <mhrivnak> #endmeeting