*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has joined #cip | 05:55 | |
*** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has joined #cip | 07:59 | |
*** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has quit IRC (Quit: Client closed) | 09:56 | |
*** masami <masami!~masami@FL1-211-135-148-63.tky.mesh.ad.jp> has joined #cip | 11:38 | |
*** sietze <sietze!~sietze_va@msw-v.fe.bosch.de> has joined #cip | 11:53 | |
*** pave1 <pave1!~pavel@jabberwock.ucw.cz> has joined #cip | 12:00 | |
pave1 | Hi! | 12:00 |
---|---|---|
sietze | Hello! | 12:00 |
masami | hello | 12:00 |
*** jki <jki!~jki@46.128.188.24> has joined #cip | 12:00 | |
jki | hi all | 12:00 |
*** hiromotai <hiromotai!~hiromotai@240f:75:5bc9:1:6cfe:4da0:61ae:9f52> has joined #cip | 12:00 | |
arisut | Hello! | 12:01 |
masami | hi | 12:01 |
hiromotai | hi | 12:01 |
jki | looks like we are a smaller round today | 12:02 |
jki | let's try nevertheless | 12:02 |
jki | #startmeeting CIP IRC weekly meeting | 12:02 |
collab-meetbot` | Meeting started Thu Aug 17 12:02:41 2023 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot. | 12:02 |
collab-meetbot` | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 12:02 |
collab-meetbot` | The meeting name has been set to 'cip_irc_weekly_meeting' | 12:02 |
*** collab-meetbot` changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 12:02 | |
jki | #topic AI review | 12:02 |
*** collab-meetbot` changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 12:02 | |
jki | 1. create kernelci pipeline for buster images (arisut) | 12:02 |
jki | arisut: your isar-cip-core patch is related, I assume | 12:03 |
jki | so, still ongoing, right? | 12:04 |
arisut | i sended a mail to isar-cip for a patch fir adding buster, bookworm and bullseye | 12:04 |
arisut | Any prospect on merging time? Or questions? | 12:04 |
jki | I'm still wondering about the number of jobs we spawn, and if that is needed for every CI run | 12:05 |
jki | specifically as we seem to hit some wall at git.kernel.org around fetching tarballs | 12:05 |
jki | but let's follow up on the mailing list on that, ok? | 12:06 |
arisut | Yeah i see that, we cannot mirror it anymore? | 12:06 |
jki | we had issues with github - or was it gitlab? - in the past as well | 12:07 |
jki | see commit 73f779e067b75a7fbb09bdcf6f8744b41b3c1802 | 12:08 |
arisut | Ok | 12:08 |
jki | "gitlab.com turned out to be too unreliable for fetching on-the-fly generated kernel tarballs in CI. Let's hope kernel.org will do better." - well... | 12:08 |
arisut | Other than that looks ok? | 12:08 |
jki | but even with that solved, the number of jobs also affects our AWS bill | 12:09 |
jki | and I would like to manage that according to our actual needs, that's why I was challenging the expansion | 12:09 |
arisut | But still isar-cip images need to be tested with the respective linux-cip kernel | 12:10 |
jki | sure, then may drop some other jobs we no longer need after adding your new ones? | 12:10 |
arisut | As we decided same as Debian is doing | 12:10 |
jki | again, let's resume the ML discussion thread, I can follow up after this meeting | 12:11 |
arisut | Buster with 4.19.y-cip bullseye with 5.10.y-cip and bookworm with 6.1.y-cip | 12:11 |
arisut | Ok | 12:11 |
jki | 2. draft press release about 6.1-cip (jan) | 12:11 |
arisut | Also one question I couldn't understand it, sorry | 12:12 |
jki | I started to write, will hopefully send something to the members list later | 12:12 |
jki | yes? do you have one more question? | 12:12 |
arisut | One question you asked in the ML, i replayed to that that I couldn't understand | 12:13 |
jki | ok, will check that again | 12:13 |
arisut | Thanks | 12:13 |
jki | then let's move on | 12:14 |
jki | #topic Kernel maintenance updates | 12:14 |
*** collab-meetbot` changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 12:14 | |
jki | [uli] "reviewing 6.1.45" | 12:14 |
masami | This week reported 2 new CVEs and 19 updated CVEs. | 12:14 |
pave1 | I did reviews, 6.1.44 and renesas patches. | 12:14 |
masami | to all: thank you for answering to Dinesh-san's email. | 12:15 |
pave1 | Speaking about security... | 12:15 |
pave1 | I don't believe CVEs are too useful for us. | 12:16 |
pave1 | Not everything security related has a CVE, and not nearly all CVEs are security problems that affects us. | 12:16 |
pave1 | I wonder if we could push security team to watch CVEs, and talk to us if there's something that we really need to care about? | 12:17 |
pave1 | I guess they already have to watc the CVEs for everything non-kernel...? | 12:17 |
jki | to my understanding, the security team is not yet in execution mode, rather in gap analysis and process definition mode | 12:18 |
jki | there will likely be more todos as outcomes of their analysis and assessor discussions | 12:18 |
pave1 | May be true. | 12:18 |
masami | I heard from security team creating a script to watch CVEs for packages | 12:18 |
jki | ...and pull from Debian DB? | 12:19 |
jki | all that is done by Debian already | 12:19 |
jki | for their packages, not for our own ones, including the CIP kernel | 12:19 |
masami | yes. it may get CVE information from debian. | 12:19 |
pave1 | But should we push the process in that direction? Security team watches for security bugs, if we have a security bug they don't like, they talk to us? | 12:20 |
masami | and cip-kernel-sec | 12:20 |
pave1 | And we keep the cip-kernel-sec mostly up-to-date, so they can see our status. | 12:20 |
jki | but we need to look at patches ourselves anyway | 12:21 |
pave1 | Yes, we do. | 12:21 |
jki | if some happen to relate to CVEs does not really matter | 12:21 |
pave1 | But the patches we see may or may not have CVE annotation. | 12:21 |
jki | right | 12:21 |
jki | that must be clear in the process documentation that the kernel team is not CVE-driven | 12:22 |
pave1 | Right. | 12:22 |
jki | CVEs are by-products | 12:22 |
jki | no difference to mainline here | 12:22 |
pave1 | Reading CVEs needs special skills. I assume security team has them, and I'd like them to watch the CVE stream for "this needs fixing for CIP" bugs. | 12:23 |
jki | which should generally result in, "yes, we already know" | 12:24 |
jki | concretely: how is the situation beyond 6.1 for recent Downfalls & Co.? | 12:24 |
jki | are there / will there be backports to older kernels? | 12:25 |
pave1 | Yes. But that means we don't need to go through CVE feeds and don't need to have processes for that :-). | 12:25 |
jki | ok, getting that - did we ever spot information in CVEs that weren't already in the stable patch stream? | 12:26 |
pave1 | 6.1.44 has patches for "Gather Data Sampling" and they were queued for 4.14 and up. | 12:27 |
pave1 | 6.1.44 has patches for "Speculative RAS Overflo\ | 12:28 |
pave1 | w mitigation" and they are for 5.10 and up. | 12:28 |
pave1 | jki: Not really. We get the information from stable, not CVEs. Not that we are watching CVEs too closely. | 12:28 |
pave1 | "Gather Data Sampling" is the Intel problem | 12:29 |
pave1 | "Speculative RAS Overflow" is the AMD problem, AFAICT. | 12:29 |
jki | well, masami is reporting here every week - are you reading up details of the CVEs as well? | 12:30 |
masami | yes. if nvd or other source have vulneratiblity details I read it. | 12:31 |
pave1 | I try to go through his emails, yes. (Still need to go through today's one). If something looks interesting, I sometimes do investigate, but that may happen once in two months or so. | 12:32 |
jki | then, would that time elsewhere be invested with even better efficiency? | 12:32 |
jki | and where? | 12:32 |
jki | asking openly | 12:32 |
pave1 | I'm quite happy how it currently works. But I'd hate to have to specify formal rules for CVE investigation. | 12:34 |
jki | well, we have to describe how we work so that others can understand it without having to do it themselves | 12:35 |
jki | doesn't mean that we are bound to only work like that - to my understanding | 12:35 |
jki | i think this is something to discuss, not only with the security team, but they also need to present it to the assessors | 12:37 |
pave1 | My preffered solution would be "security team looks at CVEs". (And we make some informal effort to "already know" if something obvious pops up). | 12:38 |
jki | then follow up on Dinesh email on that point so that also other can see and comment | 12:39 |
jki | including kernel team members on leave right now | 12:40 |
jki | ok, anything else on this topic? | 12:40 |
jki | 5 | 12:40 |
jki | 4 | 12:40 |
jki | 3 | 12:40 |
pave1 | Yep, will follow up in the email. | 12:40 |
jki | 2 | 12:40 |
jki | 1 | 12:40 |
jki | #topic Kernel release status | 12:41 |
*** collab-meetbot` changes topic to "Kernel release status (Meeting topic: CIP IRC weekly meeting)" | 12:41 | |
jki | 4.4 | 12:41 |
pave1 | uli released 4.4-cip, I follwed up with 4.4-cip-rt. Should be ok. | 12:41 |
jki | 4.19 | 12:41 |
pave1 | 4.19-cip-rt was released, based on slightly old versions. | 12:42 |
jki | older than latest plain cip? | 12:42 |
jki | nope | 12:42 |
pave1 | Not that old, but not completely fresh either. | 12:42 |
jki | yeah, a new release for base 4.19-cip should be due soon | 12:43 |
jki | ok | 12:43 |
jki | 5.10 | 12:43 |
pave1 | -rt is due in September, we should be ok. | 12:43 |
jki | vanilla should come soon | 12:44 |
jki | 6.1 | 12:44 |
jki | looks all recent | 12:44 |
jki | ok... | 12:45 |
jki | #topic Kernel testing | 12:45 |
pave1 | I'll need to check, I don't think I have suitable -rt, 6.1-rt is due soon. | 12:45 |
*** collab-meetbot` changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 12:45 | |
jki | ok, thanks | 12:45 |
jki | anything for testing today? | 12:45 |
arisut | only the isar-cip patch and discussion | 12:45 |
arisut | From me | 12:46 |
arisut | patersonc: ? | 12:46 |
jki | right, we already had that above | 12:46 |
jki | I think he is on leave | 12:46 |
arisut | Ok | 12:46 |
jki | then... moving on? | 12:47 |
jki | 5 | 12:47 |
jki | 4 | 12:47 |
jki | 3 | 12:47 |
sietze | I realized to get some tests sent to our SQUAD staging instance | 12:47 |
jki | 2 | 12:47 |
jki | ah, cool! | 12:47 |
sietze | Note sure if anybody is interested in that; this is how it currently looks like: http://squad.ciplatform.org:8000/cip-kernel/linux-cip/build/6.1.38-cip1_093191f30/ | 12:47 |
sietze | We're still testing though and we still need to get https going | 12:48 |
jki | what will be the key benefits in the end when everything works? | 12:48 |
jki | single page summary? those compare features? | 12:49 |
sietze | Yes, better test overview, test results vs time, abilitiy to include other tests than kernel tests | 12:50 |
jki | ok, great | 12:50 |
jki | ok - anything else? | 12:51 |
jki | 3 | 12:51 |
jki | 2 | 12:52 |
jki | 1 | 12:52 |
jki | #topic AOB | 12:52 |
*** collab-meetbot` changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 12:52 | |
jki | question: do you have options to host your cip releases as tarballs somewhere? | 12:52 |
jki | would that be useful beyond the CI case? | 12:53 |
jki | ok, will try to ask that also on the mailing list as follow up | 12:54 |
jki | other topic: I'm off next week, who can take over? | 12:55 |
pave1 | I can take over, I guess. | 12:55 |
jki | pavel: thanks! | 12:55 |
pave1 | You are welcome :-). | 12:55 |
jki | anything else for today? | 12:56 |
jki | 3 | 12:56 |
jki | 2 | 12:57 |
jki | 1 | 12:57 |
jki | #endmeeting | 12:57 |
collab-meetbot` | Meeting ended Thu Aug 17 12:57:03 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 12:57 |
collab-meetbot` | Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/08/cip.2023-08-17-12.02.html | 12:57 |
collab-meetbot` | Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/08/cip.2023-08-17-12.02.txt | 12:57 |
collab-meetbot` | Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/08/cip.2023-08-17-12.02.log.html | 12:57 |
*** collab-meetbot` changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev | CIP kernel meeting every Thursday at 12:00 UTC | Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/" | 12:57 | |
jki | thank you! | 12:57 |
pave1 | Thank you, have a nice holidays! | 12:57 |
hiromotai | thank you | 12:57 |
masami | thank you | 12:57 |
*** masami <masami!~masami@FL1-211-135-148-63.tky.mesh.ad.jp> has quit IRC (Quit: Leaving) | 12:57 | |
arisut | Thank you | 12:57 |
*** hiromotai <hiromotai!~hiromotai@240f:75:5bc9:1:6cfe:4da0:61ae:9f52> has quit IRC (Quit: Leaving) | 12:57 | |
*** jki <jki!~jki@46.128.188.24> has quit IRC (Quit: Leaving) | 12:57 | |
*** sietze <sietze!~sietze_va@msw-v.fe.bosch.de> has quit IRC (Quit: Leaving) | 12:58 | |
*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has quit IRC (Ping timeout: 250 seconds) | 21:44 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!