#pulp-meeting log

15:00:56 <ipanova> #startmeeting Pulp Triage 2021-02-23 go/no-go for 3.11.0 release
15:00:56 <ipanova> #info ipanova has joined triage
15:00:56 <ipanova> !start go/no-go for 3.11.0 release
15:00:56 <pulpbot> Meeting started Tue Feb 23 15:00:56 2021 UTC.  The chair is ipanova. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:56 <pulpbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:00:56 <pulpbot> The meeting name has been set to 'pulp_triage_2021-02-23_go/no-go_for_3.11.0_release'
15:00:56 <pulpbot> ipanova: ipanova has joined triage
15:01:08 <daviddavis> #info daviddavis has joined triage
15:01:08 <daviddavis> !here
15:01:08 <pulpbot> daviddavis: daviddavis has joined triage
15:01:44 <ttereshc> #info ttereshc has joined triage
15:01:44 <ttereshc> !here
15:01:44 <pulpbot> ttereshc: ttereshc has joined triage
15:01:57 <ggainey> #info ggainey has joined triage
15:01:57 <ggainey> !here
15:01:57 <pulpbot> ggainey: ggainey has joined triage
15:02:13 <ipanova> here is our milestone https://pulp.plan.io/versions/174
15:02:36 <x9c4> #info x9c4 has joined triage
15:02:36 <x9c4> !here
15:02:36 <pulpbot> x9c4: x9c4 has joined triage
15:02:40 <ipanova> 3 in assigned state and 1 in post
15:03:16 <daviddavis> 9 in new
15:03:22 <ggainey> of the 9 in NEW, 3 are docs-only, but the other 6 are significant fixes/changes
15:03:29 <ipanova> 3 tech preview label removal, which is leaving us with 6 real issues
15:03:34 <ggainey> gmta
15:03:36 <ipanova> ggainey: heh
15:03:54 <ipanova> the target release date is March 2nd
15:04:14 <daviddavis> this is an epic that can be removed from the milestone https://pulp.plan.io/issues/7960
15:04:16 <mikedep333> #info mikedep333 has joined triage
15:04:16 <mikedep333> !here
15:04:16 <pulpbot> mikedep333: mikedep333 has joined triage
15:04:37 <ipanova> daviddavis: nice ty, i will remove
15:04:37 <bmbouter> #info bmbouter has joined triage
15:04:37 <bmbouter> !here
15:04:37 <pulpbot> bmbouter: bmbouter has joined triage
15:04:40 <ggainey> daviddavis: are we moving individual FIPS issues/tasks onto 3.11 instead?
15:05:07 <dalley> #info dalley has joined triage
15:05:07 <dalley> !here
15:05:07 <pulpbot> dalley: dalley has joined triage
15:05:41 <ipanova> ggainey: did we want to complete all the issues in that epic by 3.11?
15:05:41 <daviddavis> ggainey: yea, not all the issues on the epic are for pulpcore so I think we have to
15:05:50 <bmbouter> makes sense
15:06:47 <bmbouter> daviddavis: so are the pulpcore issues all on the epic and we just need to remove the epic?
15:06:57 <bmbouter> s/on the epic/on the milestone/
15:08:03 <ggainey> bmbouter: the epic makes it easier on the fips-mini-team to find the fips-related issues still to be done
15:08:26 <bmbouter> agreed and we're keeping that I think
15:08:32 <daviddavis> all the fips pulpcore issues that aren't modified are now on the milestone
15:08:39 * bmbouter refreshes
15:08:42 <daviddavis> modified+
15:09:29 <ttereshc> bmbouter,  is https://pulp.plan.io/issues/8231 a blocker for 3.11?
15:09:38 <bmbouter> daviddavis: I'd like to nominate this one also https://pulp.plan.io/issues/8258
15:10:10 <bmbouter> but the other 'installer' fips issue is really in a dependency so I don't think it should block the release https://pulp.plan.io/issues/8095
15:10:15 * bmbouter reads 8231
15:10:56 <bmbouter> ttereshc: it's not a blocker for a stakeholder, I'm ok to move 8231 to 3.12 if we want to reduce the 3.11 blocker count
15:11:24 <daviddavis> bmbouter: I don't think 8258 should block the release personally. there's a lot of non-pulpcore components too (like updating the CI stuff).
15:11:38 <ttereshc> bmbouter, ok, just so we know that it should not affect go/no-go decision
15:12:00 <bmbouter> ttereshc: agreed it should not
15:12:52 <bmbouter> the reasoning for 8258 is that pulp is doing an unsafe practice for our users so even if the release gets delayed I think that is right
15:13:19 <bmbouter> we can't be on the release train for django's CVEs or giving people bits in production environments from our fork of django and non pypi
15:13:26 <bmbouter> is what I think about
15:13:55 <daviddavis> it's not a new issue though. and I don't think of it as a security issue looking at the django patch
15:14:22 <bmbouter> I believe we neglected to update for the latest CVE release of django
15:14:24 <ipanova> if we put #8258 who is going to have capacity to get it into 3.11?
15:14:26 <daviddavis> also, our branch django is up to date and I'm happy to maintain that until we get the dev and test envs working
15:14:51 <bmbouter> we said that before but then we exposed our users to a CVE
15:15:14 <daviddavis> well dependabot wasn't working before though so we didn't know our django requirement was out of date
15:15:43 <bmbouter> so let me ask this differently, what's driving our 3.11 date again?
15:16:48 <daviddavis> let me state my concern differently: I wouldn't feel comfortable merging 8258 without ensuring we have working fips dev and test envs
15:16:48 <ipanova> bmbouter: what about api secrets, are these the main driver of the release?
15:17:12 <daviddavis> if we want to delay the release with that in mind, then that's fine to make 8258 a blocker for 3.11
15:17:57 <bmbouter> ipanova: for api secrets it's not required by a specific date
15:18:04 <bmbouter> daviddavis: I can get on board with that
15:18:25 <bmbouter> I suspect 3.11 is going to delay like 2-3 weeks with all the work I see here
15:18:28 <ggainey> 8231 blocks 8192, which is marked as 3.12
15:19:00 <ggainey> yeah, there's a lot to do here, and we have 3-1/2 work days between now and the 2nd - I see at *least* a week slip
15:19:18 <daviddavis> the secrets stuff is basically done FWIW
15:19:30 <bmbouter> yup agreed, it's no secret
15:19:31 <ggainey> coolio
15:19:50 <bmbouter> so for the purposes of this meeting I think it's 'no go, delay a week' and we do this again in a week
15:19:53 <ggainey> for the purposes of this meeting, I'm a no-go for the second
15:19:55 <ggainey> and
15:20:02 <ggainey> dammit brian, you're too fast
15:20:03 <ggainey> :)
15:20:04 <bmbouter> and we've cleaned up the bloker list a lot
15:20:45 <ipanova> alright, i will schedule another meeting in a week and so far we are delaying the release by a week
15:20:58 <ggainey> +1
15:21:01 <daviddavis> +1
15:21:08 <ipanova> do we have any other installer issues to look at?
15:21:26 <x9c4> +1
15:21:39 <bmbouter> daviddavis: so are we tagging 8258 on the release for now at least?
15:21:51 <ggainey> +1 to 8258
15:21:51 <daviddavis> bmbouter: yes
15:21:52 <bmbouter> with our understanding that we don't merge without fips in CI
15:21:59 <bmbouter> thanks
15:22:01 <daviddavis> and dev env
15:22:07 <daviddavis> I believe ttereshc needs to test
15:22:15 <daviddavis> and I would like to too
15:22:48 <ttereshc> yes
15:22:51 <ipanova> i have put the milestone
15:23:00 <ttereshc> if we delay 3.11 a lot, will we release 3.12 close to it then? I'm now concerned about auto-publish deadlines
15:23:06 <bmbouter> yup we can do all of that
15:23:24 <bmbouter> we may put out two y-releases closer together?
15:23:37 <ipanova> bmbouter: we might need to
15:23:39 <ggainey> ttereshc: if we push 3.11 twice, I'm going to vote that we just roll forward and release 3.11 at end-of-march (instead of calling that 3.12)
15:23:41 <dalley> fwiw, it wouldn't be hard to split my PR in half, push through the auto-publish stuff without the auto-distribute stuff
15:23:57 <daviddavis> ggainey: 3.12 might be incompatible with plugins
15:24:03 <dalley> in 3.11 even
15:24:04 <bmbouter> yup
15:24:06 <ggainey> daviddavis: mm, fair point
15:24:15 <bmbouter> dalley: that is a good idea overall, I think we should do what we can in 3.11
15:24:24 <bmbouter> split the work up
15:25:41 <ipanova> ok, last call for the go/no-go?
15:27:14 <ipanova> see you guys in a week
15:27:16 <ipanova> #endmeeting
15:27:16 <ipanova> !end