15:34:17 <fao89> #startmeeting Pulp Triage 2021-02-12
15:34:17 <fao89> #info fao89 has joined triage
15:34:17 <fao89> !start
15:34:17 <pulpbot> Meeting started Fri Feb 12 15:34:17 2021 UTC.  The chair is fao89. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:34:17 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:34:17 <pulpbot> The meeting name has been set to 'pulp_triage_2021-02-12'
15:34:17 <pulpbot> fao89: fao89 has joined triage
15:34:21 <bmbouter> #info bmbouter has joined triage
15:34:21 <bmbouter> !here
15:34:21 <pulpbot> bmbouter: bmbouter has joined triage
15:34:24 <ttereshc> #info ttereshc has joined triage
15:34:24 <ttereshc> !here
15:34:24 <pulpbot> ttereshc: ttereshc has joined triage
15:34:38 <ppicka> #info ppicka has joined triage
15:34:38 <ppicka> !here
15:34:38 <pulpbot> ppicka: ppicka has joined triage
15:35:24 <fao89> topic:  3.10 release party
15:35:49 <bmbouter> most of us are wrapping up another meeting
15:35:51 <bmbouter> we late sry
15:36:17 <ttereshc> ah we can probably wait a bit
15:36:27 <gerrod> #info gerrod has joined triage
15:36:27 <gerrod> !here
15:36:27 <pulpbot> gerrod: gerrod has joined triage
15:37:15 <ttereshc> especially the release party topic can't be discussed without x9c4  :)
15:38:47 <mikedep333> #info mikedep333 has joined triage
15:38:47 <mikedep333> !here
15:38:47 <pulpbot> mikedep333: mikedep333 has joined triage
15:39:52 <daviddavis> #info daviddavis has joined triage
15:39:52 <daviddavis> !here
15:39:52 <pulpbot> daviddavis: daviddavis has joined triage
15:39:59 <ggainey> #info ggainey has joined triage
15:39:59 <ggainey> !here
15:39:59 <pulpbot> ggainey: ggainey has joined triage
15:40:05 <bmbouter> we rdy
15:40:16 <fao89> lets pick a date for the paaarty!
15:40:30 <fao89> this time daviddavis is so excited about it
15:40:33 <daviddavis> partying is such sweet sorrow
15:40:49 <x9c4> I hear party!
15:40:52 <x9c4> #info x9c4 has joined triage
15:40:52 <x9c4> !here
15:40:52 <pulpbot> x9c4: x9c4 has joined triage
15:41:19 <daviddavis> I'm happy to schedule it but will probably send the invitations to /dev/null
15:43:04 <fao89> should we move to the next topic?
15:43:22 <ipanova> #info ipanova has joined triage
15:43:22 <ipanova> !here
15:43:22 <pulpbot> ipanova: ipanova has joined triage
15:44:04 <dalley> !join
15:44:04 <pulpbot> dalley: Error: You don't have the admin capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
15:44:24 <bmbouter> daviddavis: yeah I'd say schedule it and we can move on
15:44:31 <ggainey> +1
15:44:35 <x9c4> +1
15:44:53 <daviddavis> who's scheduling it? if it's me, I'll schedule it for 2030
15:45:02 <fao89> topic: 3.11 - removing md5 and sha1 by default
15:45:19 <x9c4> I can find a date.
15:45:25 <daviddavis> x9c4++
15:45:25 <pulpbot> daviddavis: x9c4's karma is now 95
15:45:25 <ipanova> daviddavis:  is a party buster :D
15:45:32 <fao89> February 30
15:45:38 <daviddavis> just virtual parties mostly
15:45:47 <ttereshc> daviddavis, x9c4 , I have an idea, I can email pulp-internal to share it with everyone and/or schedule the party later
15:46:04 <daviddavis> sounds good
15:46:12 <ipanova> daviddavis: heh , i hear you on this
15:46:55 <x9c4> ttereshc, thank you!
15:47:06 <fao89> next topic: 3.11 - removing md5 and sha1 by default
15:47:24 <daviddavis> so we want to remove md5 and sha1 by default
15:47:29 <daviddavis> from ALLOWED_CONTENT_CHECKSUMS
15:47:35 <bmbouter> yup, the fips mini-group reached this conclusion
15:47:38 <daviddavis> bmbouter wrote a proposal https://hackmd.io/vuW2zLSuRvSGpMleEDXXlw
15:47:44 <x9c4> Will this impact running installations?
15:47:51 <daviddavis> yes
15:48:00 <daviddavis> if they're using the default for ALLOWED_CONTENT_CHECKSUMS
15:48:10 <x9c4> ok
15:48:33 <bmbouter> to my knowledge this is really an issue that affects rpm but no other plugin, and I keep listening for more info if thats true/false
15:48:55 <bmbouter> I know it doesn't affect ansible or file
15:48:59 <ttereshc> bmbouter,  I left a long comment on the migration plugin in the hackmd
15:49:36 <bmbouter> ty let me read
15:49:40 <bmbouter> also what about pulp_container?
15:49:48 <ipanova> PMs are ok with that?
15:49:53 <ipanova> bmbouter:  container plugin is ok
15:49:59 <ipanova> it mostly cares about sha256
15:50:09 <bmbouter> cool
15:50:13 <daviddavis> ipanova: this is purely upstream
15:50:18 <ttereshc> ipanova, I think PMs do not care, katello can configure their installation the way they want
15:50:36 <bmbouter> yeah katello, and all downstreams will be setting this setting
15:50:41 <ggainey> +1
15:50:50 <ipanova> cool ok
15:51:56 <bmbouter> so for plugins that are affected (migration and rpm) there are two options after 3.11 disables md5 and sha1
15:52:03 <bmbouter> these are option A and option B in the hackmd
15:52:30 <bmbouter> ttereshc: your comments kind of mirror those options also either a) plugins will have to re-enable them or b) users will have to
15:52:42 <ttereshc> yeah, I agree
15:53:03 <ttereshc> just tried to explain why/how the migration plugin is affected
15:53:19 <bmbouter> yeah it makes sense
15:53:29 <daviddavis> I thought through option A a bit and I think it's a bad idea depending on how it's implemented
15:53:45 <x9c4> If the error message produced by the sync is not too cryptic, i thing option B is the safe way.
15:53:50 <bmbouter> yeah I think having users make the choice is probably a good idea
15:54:13 <daviddavis> me too. it makes them aware of the problem that there is insecure content out there.
15:54:25 <ttereshc> I'm +1 to option B, not to create any special cases
15:54:33 <bmbouter> option B is my preference because it values choice with knowledge and safety over easyness
15:54:40 <daviddavis> option B should include docs though
15:54:54 <daviddavis> lots of docs. like charles dickens novels.
15:54:54 <ggainey> +1
15:55:02 <daviddavis> ok maybe not lots of docs
15:55:02 <ipanova> +1
15:55:05 <x9c4> And options A would need a way to opt out for secure environments.
15:55:08 <bmbouter> yeah and pulpcore mini-team needs to make sure the error messages produced are very clear
15:55:19 <daviddavis> yes
15:55:20 <ttereshc> and proper release notes if anyone reads them
15:55:32 <daviddavis> I keep them on my nightstand and read them before bed
15:55:44 <ttereshc> see! I knew it!
15:55:58 <daviddavis> they put me right to sleep
15:56:49 <ipanova> lol
15:56:49 <ttereshc> :D
15:56:49 <bmbouter> lol
15:56:49 <daviddavis> let's send this proposal out?
15:56:49 <bmbouter> yes but given the convo we should revise it some
15:56:57 <daviddavis> yea, let's add a line or two to option b about clear error messages and docs
15:57:07 <bmbouter> there is clear support for option B so we should identify this as "the plan" and ask for questions/concerns about it
15:57:13 <daviddavis> +1
15:57:13 <ggainey> +1
15:57:21 <x9c4> +1
15:57:28 <bmbouter> I can make those edits and send it, it'll go to pulp-dev and pulp-list
15:57:29 <ttereshc> +1
15:58:18 <bmbouter> ok that'll work. ty all. next topic?
15:58:54 <fao89> triage!
15:58:58 <bmbouter> oh I have onemore
15:59:01 <bmbouter> sorry
15:59:51 <fao89> topic: things that go into the installer don't follow Pulp everywhere it goes
16:00:08 <bmbouter> yeah so I learned a lesson recently data_migrations > installer_handling_things
16:00:20 <bmbouter> we have downstreams that don't use the installer
16:00:29 <bmbouter> galaxy_ng as an upstream in their dev environments doesn't use the installer
16:00:37 <bmbouter> the contianer build environments don't use the installer
16:01:10 <bmbouter> so to the extent we can, we need to find ways to do things in our application code instead of letting the installer handle them
16:01:38 <bmbouter> and for example the MEDIA_ROOT change in 3.10 would have been a candidate for this
16:01:42 <bmbouter> so this is my little retro PSA
16:02:11 <bmbouter> no problems with that work specifically, it's just a convenient example, there are more
16:04:04 <fao89> maybe we need add more info here: https://pulpproject.org/2021/02/04/pulpcore-3.10-is-now-generally-available/#update-to-the-default-pulp-deployment-layout
16:04:32 <bmbouter> more info would have been good, but not having to provide it at all would have been better
16:04:45 <bmbouter> e.g. we could have made a data migration that moved this data
16:05:40 <fao89> I agree, but it is done now and we have to warn users who want to upgrade to 3.10
16:07:08 <fao89> triage?
16:08:43 <bmbouter> yup. also more notes there would be fine in terms of that specific issue
16:09:59 <fao89> !next
16:10:00 <pulpbot> fao89: 4 issues left to triage: 8251, 8242, 8241, 8235
16:10:00 <fao89> #topic https://pulp.plan.io/issues/8251
16:10:01 <pulpbot> RM 8251 - bmbouter - ASSIGNED - Traceback in 2.21.5 when logging during task.on_failure()
16:10:02 <pulpbot> https://pulp.plan.io/issues/8251
16:10:26 <daviddavis> accept and add to sprint?
16:10:48 <ttereshc> +1
16:10:55 <ggainey> +1
16:11:13 <bmbouter> +1
16:11:13 <fao89> #idea Proposed for #8251: accept and add to sprint
16:11:13 <fao89> !propose other accept and add to sprint
16:11:13 <pulpbot> fao89: Proposed for #8251: accept and add to sprint
16:11:17 <fao89> #agreed accept and add to sprint
16:11:17 <fao89> !accept
16:11:17 <pulpbot> fao89: Current proposal accepted: accept and add to sprint
16:11:18 <fao89> #topic https://pulp.plan.io/issues/8242
16:11:18 <pulpbot> fao89: 3 issues left to triage: 8242, 8241, 8235
16:11:19 <pulpbot> RM 8242 - mdellweg - NEW - Group object permissions cannot be managed for groups and repository_versions
16:11:20 <pulpbot> https://pulp.plan.io/issues/8242
16:11:58 <fao89> #idea Proposed for #8242: Leave the issue as-is, accepting its current state.
16:11:58 <fao89> !propose accept
16:11:58 <pulpbot> fao89: Proposed for #8242: Leave the issue as-is, accepting its current state.
16:12:15 <x9c4> This is because their pk is not uuid
16:12:44 <ttereshc> x9c4, any stakeholders impacted?
16:12:57 <ttereshc> I think repo versions are not needed at the moment
16:13:05 <ttereshc> it's all repo permissions at the moment
16:13:19 <ttereshc> what about groups?
16:13:28 <ttereshc> just trying to understand priority
16:13:40 <bmbouter> I also had these questions
16:13:45 <x9c4> probably not that high
16:13:53 <x9c4> it may be related to https://pulp.plan.io/issues/8048
16:14:24 <ttereshc> then I'm +1 to just accept for now
16:14:29 <x9c4> ok
16:15:17 <daviddavis> +1 from me
16:15:21 <fao89> #agreed Leave the issue as-is, accepting its current state.
16:15:21 <fao89> !accept
16:15:21 <pulpbot> fao89: Current proposal accepted: Leave the issue as-is, accepting its current state.
16:15:22 <fao89> #topic https://pulp.plan.io/issues/8241
16:15:22 <pulpbot> fao89: 2 issues left to triage: 8241, 8235
16:15:23 <pulpbot> RM 8241 - mdellweg - NEW - GroupPermission endpoints (2) are missing the ability to filter
16:15:24 <pulpbot> https://pulp.plan.io/issues/8241
16:15:39 <x9c4> this is really not high.
16:15:54 <fao89> #idea Proposed for #8241: Leave the issue as-is, accepting its current state.
16:15:55 <fao89> !propose accept
16:15:56 <pulpbot> fao89: Proposed for #8241: Leave the issue as-is, accepting its current state.
16:16:03 <ttereshc> and easy fix likely
16:16:04 <ggainey> +1
16:16:07 <ttereshc> +!
16:16:09 <ttereshc> +1
16:16:09 <x9c4> +1
16:16:17 <x9c4> ttereshc, yes
16:16:19 <fao89> #agreed Leave the issue as-is, accepting its current state.
16:16:19 <fao89> !accept
16:16:19 <pulpbot> fao89: Current proposal accepted: Leave the issue as-is, accepting its current state.
16:16:20 <fao89> #topic https://pulp.plan.io/issues/8235
16:16:20 <pulpbot> fao89: 1 issues left to triage: 8235
16:16:21 <pulpbot> RM 8235 - daviddavis - NEW - AttributeError: 'Settings' object has no attribute 'CONTENT_ORIGIN'
16:16:22 <pulpbot> https://pulp.plan.io/issues/8235
16:16:49 <fao89> #idea Proposed for #8235: accept and add sprint
16:16:49 <fao89> !propose other accept and add sprint
16:16:49 <pulpbot> fao89: Proposed for #8235: accept and add sprint
16:17:05 <ttereshc> +1
16:17:08 <ggainey> sure, seems simple enough
16:17:10 <ggainey> +1
16:17:14 <daviddavis> works for me
16:17:16 <ttereshc> ugly indeed
16:17:33 <ipanova> +1 yeah
16:17:52 <fao89> #agreed accept and add sprint
16:17:52 <fao89> !accept
16:17:52 <pulpbot> fao89: Current proposal accepted: accept and add sprint
16:17:53 <pulpbot> fao89: No issues to triage.
16:18:09 <fao89> #endmeeting
16:18:09 <fao89> !end