*** rajm <rajm!~robert@82.27.50.32> has joined #cip | 03:35 | |
*** monstr <monstr!~monstr@nat-35.starnet.cz> has joined #cip | 06:26 | |
*** frieder <frieder!~frieder@i577B9173.versanet.de> has joined #cip | 07:57 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 08:43 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Quit: Konversation terminated!) | 08:46 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 08:46 | |
*** sietze <sietze!~Sietze@msw-v.fe.bosch.de> has joined #cip | 12:13 | |
*** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has joined #cip | 12:57 | |
*** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has joined #cip | 12:58 | |
*** jki <jki!~jki@195.145.170.189> has joined #cip | 13:00 | |
jki | hi all | 13:00 |
---|---|---|
pave1 | Hi! | 13:00 |
masami | hello | 13:00 |
iwamatsu__ | hi | 13:00 |
patersonc | Hello | 13:00 |
uli | hello | 13:00 |
jki | #startmeeting CIP IRC weekly meeting | 13:01 |
collab-meetbot` | Meeting started Thu Mar 7 13:01:40 2024 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:01 |
collab-meetbot` | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:01 |
collab-meetbot` | The meeting name has been set to 'cip_irc_weekly_meeting' | 13:01 |
*** collab-meetbot` changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 13:01 | |
jki | #topic AI review | 13:01 |
*** collab-meetbot` changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 13:01 | |
jki | - prepare blog entry on SLTS kernel state and challenges [Jan] | 13:01 |
jki | no progress - should take a day off... | 13:02 |
jki | - migrate kernelci bot reports away from cip-dev [Chris] | 13:02 |
patersonc | A mistake was made. Should be fixed soon | 13:02 |
jki | ok, great | 13:02 |
jki | other AIs? | 13:02 |
jki | 5 | 13:02 |
jki | 4 | 13:02 |
jki | 3 | 13:02 |
jki | 2 | 13:02 |
jki | 1 | 13:03 |
jki | #topic Kernel maintenance updates | 13:03 |
*** collab-meetbot` changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 13:03 | |
masami | This week reported 277 new CVEs and 10 updated CVEs. | 13:03 |
uli | i pushed 4.4-rc, now reviewing 6.1.80 | 13:03 |
pave1 | I'm reviewing 6.1.79 & 6.1.81. | 13:03 |
iwamatsu__ | I reviewd 6.1.79, and reviewing 6.1.80 | 13:03 |
masami | I added a new script to cip-kernel-sec. which is called import_announce.py. | 13:03 |
masami | It gathers CVE information from https://git.kernel.org/pub/scm/linux/security/vulns.git/ . | 13:04 |
pave1 | I'm still reviewing 4.4-st, I'll have some comments there. | 13:04 |
jki | masami: thanks for that work! | 13:04 |
pave1 | CVEs: I believe we should stop looking at kernel CVEs until situation improves. | 13:05 |
jki | still unsure if it will help in the end :-/ | 13:05 |
pave1 | This is just a bad-faith spam from Greg. | 13:05 |
masami | this script will help us to track CVEs :) | 13:05 |
jki | I saw in some CVEs that there are now even commits listed | 13:05 |
jki | in that regard, tracking improves, no? | 13:06 |
masami | these CVEs are committed to NVD so we should take care of them :( | 13:06 |
pave1 | How? | 13:06 |
masami | I think tracking is better than last week with new script | 13:06 |
pave1 | Contest every single one? | 13:06 |
pave1 | Talk to LF to fire Greg? | 13:06 |
pave1 | Talk to NVD to stop taking thrash from Greg? | 13:07 |
masami | Some tools (poky's cve checkre) warn CVEs because they look NVD database. | 13:07 |
pave1 | This will make maintaing 4.4 impossible, BTW. | 13:07 |
uli | how so? | 13:08 |
jki | <same question> | 13:08 |
pave1 | Well, every single bugfix is going to be marked with CVE. | 13:08 |
pave1 | Maybe 50% of them apply to 6.1, maybe 30 % to 5.10, maybe 20% to 4.19. | 13:08 |
pave1 | So, for 4.19, 80% of fixes won't apply. | 13:09 |
pave1 | And that will all have CVE numbers, because "numbering authority" did not do any analysis. | 13:09 |
jki | so, we are missing a lower boundary for the CVEs, version-wise? | 13:09 |
pave1 | And we don't have manpower to analyse that, or to contest them. | 13:10 |
pave1 | "Lower boundary"? | 13:10 |
jki | CVE applies to any kernel < 6.1.345, 6.6.23 etc. | 13:10 |
jki | but some may only apply to > 5.10.345 | 13:11 |
jki | however the CVE will stick to all older kernels right now, that's at least my understanding | 13:11 |
pave1 | So.. the bug exists in 3.6 to 6.8 kernels. | 13:11 |
jki | yes | 13:11 |
pave1 | Fix is in 6.8, and we have backports to 6.1. | 13:11 |
pave1 | It no longer applies to 5.10. | 13:11 |
pave1 | For some bugs we have information when the bug was introduced, for some we don't. | 13:12 |
masami | Some CVEs don't have Fixes tag. That case we need to analyze them. | 13:12 |
jki | but then the question is if it actually makes sense / is needed for older kernels, and how to document that | 13:12 |
pave1 | And where to get 10 engineers analysing that :-(. | 13:12 |
masami | Most CVE announce contains introduced commit information. so far. | 13:12 |
jki | we end up with CIP kernels that have tons of unfixed CVEs | 13:13 |
pave1 | So if it actually has fixes tag and the patch applies to all the kernels that contain the buggy commit we are fine. | 13:14 |
pave1 | Exactly. We'll have tons on unfixed "CVEs", even without security bugs. | 13:14 |
patersonc | How often do the new CVEs not have a lower version boundary? | 13:15 |
pave1 | And I'm not a lawyer, but there's legislation pending which will say we need to care about CVEs. | 13:15 |
patersonc | Seems to me that the lower boundary should be set when the CVE is created? Isn't it essential info? | 13:15 |
jki | we as CIP are not in scope of that EU legislation | 13:16 |
jki | we as commercial CIP users are | 13:16 |
masami | This week 55 CVEs don't have introduced commit information. | 13:16 |
patersonc | masami: Okay so that's quite a lot | 13:17 |
patersonc | Does the information get added over time? | 13:17 |
*** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has quit IRC (Quit: Client closed) | 13:18 | |
masami | I check patch and original code for older kernels. it takes time.. | 13:18 |
pave1 | And we probably could check and find that >80% of "CVEs" are invalid. | 13:19 |
pave1 | But that will take also take time. | 13:19 |
masami | that's true. | 13:19 |
jki | we have TSC next week - this shall be a prominent topic for it | 13:20 |
pave1 | Yes please. That's a good place to solve this :-(. | 13:20 |
masami | I see. thanks. | 13:20 |
pave1 | Relevant links -- | 13:20 |
*** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has joined #cip | 13:21 | |
pave1 | https://lwn.net/Articles/961978/ -- lwn explains that Greg is doing the spamming intentionally. | 13:21 |
pave1 | https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/ -- security researchers not being happy. | 13:21 |
masami | pavel: thank you for the links. I'll read. | 13:22 |
jki | thanks for the link | 13:22 |
jki | is that second one already covering what is happening the last two weeks? | 13:23 |
jki | if any one finds such statements elsewhere, please share as well | 13:24 |
pave1 | I believe so. Problem did not exist two weeks ago. | 13:24 |
jki | ok | 13:24 |
jki | need to read carefully | 13:24 |
masami | That said "A quick count of the linux-cve-announce mailing list shows that over 200 CVEs were assigned in the first 4 days of operation, the majority of which have no demonstrated security impact." | 13:24 |
jki | yep, almost fresh - there are 800 | 13:25 |
jki | good | 13:25 |
jki | or not... | 13:25 |
jki | other maintenance topics? | 13:25 |
uli | pave1: you said you had a comment on 4.4? | 13:26 |
pave1 | I'm still reviewing the patches. I have a missing free at least. | 13:26 |
jki | anything else? | 13:28 |
jki | 5 | 13:29 |
jki | 4 | 13:29 |
jki | 3 | 13:29 |
jki | 2 | 13:29 |
jki | 1 | 13:29 |
jki | #topic Kernel release status | 13:29 |
*** collab-meetbot` changes topic to "Kernel release status (Meeting topic: CIP IRC weekly meeting)" | 13:29 | |
jki | ok, we have a couple of delays, let me check again | 13:29 |
jki | 4.4 is about to be released, after review | 13:29 |
jki | 4.4-rt as well? | 13:30 |
pave1 | Yes. | 13:30 |
pave1 | Other -rts should be up-to-date now. | 13:30 |
jki | linux-5.10.y-cip is late as well | 13:30 |
jki | by one day :) | 13:30 |
jki | iwamatsu no longer connected, it seems | 13:31 |
iwamatsu__ | Yes, I am preparing release this week. | 13:32 |
jki | ok, then we move on | 13:32 |
jki | ah, perfect | 13:32 |
jki | good, rest was fine | 13:32 |
jki | 3 | 13:32 |
jki | 2 | 13:32 |
jki | 1 | 13:32 |
jki | #topic Kernel testing | 13:32 |
*** collab-meetbot` changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 13:32 | |
patersonc | Pavel I saw your email about squad - sorry I haven't replied yet | 13:32 |
patersonc | I also have an MR for cip-core CI/testing to review on my todo list | 13:33 |
patersonc | Our new EC2 tag tracking seems to be working | 13:33 |
patersonc | So we have a better understanding of what project is running more CI | 13:34 |
pave1 | patersonc: I'm starting to look at the squad before doing the releases, but don't mind being doublechecked for now. | 13:34 |
patersonc | I'll explain more in the TSC | 13:34 |
patersonc | Thanks pave1 | 13:34 |
pave1 | 13:36 | |
patersonc | I think that's all I have this week | 13:37 |
jki | any other testing topics? | 13:38 |
sietze | I am working on an automated way to generate these test reports | 13:38 |
sietze | As a replacement of Chris's emails | 13:38 |
jki | sietze: cool - if that is possible | 13:39 |
pave1 | It looked like the pages were now simple enough that we could understand and check them before release. | 13:40 |
pave1 | I expect emails to be obsolete in month or so. | 13:40 |
sietze | Setting up the known issues also helped I guess | 13:41 |
pave1 | Yes! :-) | 13:41 |
pave1 | Now if I could have single green line "everything is okay in commit ABCD" I'd be happy. | 13:42 |
pave1 | So far I'm checking gitlab to see if tests are done | 13:42 |
pave1 | and then squad to see if there are any fails... | 13:42 |
jki | great to see this evolving! | 13:43 |
jki | further topics? | 13:44 |
patersonc | sietze: thanks for the update | 13:46 |
jki | 5 | 13:46 |
jki | 4 | 13:46 |
jki | 3 | 13:46 |
jki | 2 | 13:46 |
jki | 1 | 13:46 |
jki | #topic AOB | 13:46 |
*** collab-meetbot` changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 13:46 | |
jki | anything else for today? | 13:46 |
jki | 5 | 13:47 |
jki | 4 | 13:47 |
jki | 3 | 13:47 |
jki | 2 | 13:47 |
jki | 1 | 13:47 |
jki | #endmeeting | 13:47 |
collab-meetbot` | Meeting ended Thu Mar 7 13:47:55 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:47 |
collab-meetbot` | Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.html | 13:47 |
collab-meetbot` | Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.txt | 13:47 |
collab-meetbot` | Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.log.html | 13:47 |
*** collab-meetbot` changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev | CIP kernel meeting every Thursday at 13:00 UTC | Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/" | 13:47 | |
jki | thanks, all! | 13:48 |
sietze | Thanks! | 13:48 |
uli | thanks | 13:48 |
pave1 | Thank you! | 13:48 |
masami | thanks | 13:48 |
iwamatsu__ | Thank you! | 13:48 |
*** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has quit IRC (Quit: Leaving) | 13:48 | |
patersonc | ttfa | 13:48 |
*** jki <jki!~jki@195.145.170.189> has quit IRC (Quit: Leaving) | 13:55 | |
*** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has quit IRC (Ping timeout: 250 seconds) | 14:35 | |
*** sietze <sietze!~Sietze@msw-v.fe.bosch.de> has quit IRC (Quit: Leaving) | 15:38 | |
*** monstr <monstr!~monstr@nat-35.starnet.cz> has quit IRC (Remote host closed the connection) | 16:02 | |
*** frieder <frieder!~frieder@i577B9173.versanet.de> has quit IRC (Remote host closed the connection) | 19:34 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 264 seconds) | 20:56 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.90> has joined #cip | 20:57 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.90> has quit IRC (Ping timeout: 246 seconds) | 21:01 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 21:02 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 255 seconds) | 22:05 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 22:06 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 255 seconds) | 22:12 | |
*** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 22:12 | |
*** rajm <rajm!~robert@82.27.50.32> has quit IRC (Ping timeout: 268 seconds) | 22:45 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!