| *** rajm <rajm!~robert@82.27.50.32> has joined #cip | 03:35 | |
| *** monstr <monstr!~monstr@nat-35.starnet.cz> has joined #cip | 06:26 | |
| *** frieder <frieder!~frieder@i577B9173.versanet.de> has joined #cip | 07:57 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 08:43 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Quit: Konversation terminated!) | 08:46 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 08:46 | |
| *** sietze <sietze!~Sietze@msw-v.fe.bosch.de> has joined #cip | 12:13 | |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has joined #cip | 12:57 | |
| *** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has joined #cip | 12:58 | |
| *** jki <jki!~jki@195.145.170.189> has joined #cip | 13:00 | |
| jki | hi all | 13:00 |
|---|---|---|
| pave1 | Hi! | 13:00 |
| masami | hello | 13:00 |
| iwamatsu__ | hi | 13:00 |
| patersonc | Hello | 13:00 |
| uli | hello | 13:00 |
| jki | #startmeeting CIP IRC weekly meeting | 13:01 |
| collab-meetbot` | Meeting started Thu Mar 7 13:01:40 2024 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:01 |
| collab-meetbot` | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:01 |
| collab-meetbot` | The meeting name has been set to 'cip_irc_weekly_meeting' | 13:01 |
| *** collab-meetbot` changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 13:01 | |
| jki | #topic AI review | 13:01 |
| *** collab-meetbot` changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 13:01 | |
| jki | - prepare blog entry on SLTS kernel state and challenges [Jan] | 13:01 |
| jki | no progress - should take a day off... | 13:02 |
| jki | - migrate kernelci bot reports away from cip-dev [Chris] | 13:02 |
| patersonc | A mistake was made. Should be fixed soon | 13:02 |
| jki | ok, great | 13:02 |
| jki | other AIs? | 13:02 |
| jki | 5 | 13:02 |
| jki | 4 | 13:02 |
| jki | 3 | 13:02 |
| jki | 2 | 13:02 |
| jki | 1 | 13:03 |
| jki | #topic Kernel maintenance updates | 13:03 |
| *** collab-meetbot` changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 13:03 | |
| masami | This week reported 277 new CVEs and 10 updated CVEs. | 13:03 |
| uli | i pushed 4.4-rc, now reviewing 6.1.80 | 13:03 |
| pave1 | I'm reviewing 6.1.79 & 6.1.81. | 13:03 |
| iwamatsu__ | I reviewd 6.1.79, and reviewing 6.1.80 | 13:03 |
| masami | I added a new script to cip-kernel-sec. which is called import_announce.py. | 13:03 |
| masami | It gathers CVE information from https://git.kernel.org/pub/scm/linux/security/vulns.git/ . | 13:04 |
| pave1 | I'm still reviewing 4.4-st, I'll have some comments there. | 13:04 |
| jki | masami: thanks for that work! | 13:04 |
| pave1 | CVEs: I believe we should stop looking at kernel CVEs until situation improves. | 13:05 |
| jki | still unsure if it will help in the end :-/ | 13:05 |
| pave1 | This is just a bad-faith spam from Greg. | 13:05 |
| masami | this script will help us to track CVEs :) | 13:05 |
| jki | I saw in some CVEs that there are now even commits listed | 13:05 |
| jki | in that regard, tracking improves, no? | 13:06 |
| masami | these CVEs are committed to NVD so we should take care of them :( | 13:06 |
| pave1 | How? | 13:06 |
| masami | I think tracking is better than last week with new script | 13:06 |
| pave1 | Contest every single one? | 13:06 |
| pave1 | Talk to LF to fire Greg? | 13:06 |
| pave1 | Talk to NVD to stop taking thrash from Greg? | 13:07 |
| masami | Some tools (poky's cve checkre) warn CVEs because they look NVD database. | 13:07 |
| pave1 | This will make maintaing 4.4 impossible, BTW. | 13:07 |
| uli | how so? | 13:08 |
| jki | <same question> | 13:08 |
| pave1 | Well, every single bugfix is going to be marked with CVE. | 13:08 |
| pave1 | Maybe 50% of them apply to 6.1, maybe 30 % to 5.10, maybe 20% to 4.19. | 13:08 |
| pave1 | So, for 4.19, 80% of fixes won't apply. | 13:09 |
| pave1 | And that will all have CVE numbers, because "numbering authority" did not do any analysis. | 13:09 |
| jki | so, we are missing a lower boundary for the CVEs, version-wise? | 13:09 |
| pave1 | And we don't have manpower to analyse that, or to contest them. | 13:10 |
| pave1 | "Lower boundary"? | 13:10 |
| jki | CVE applies to any kernel < 6.1.345, 6.6.23 etc. | 13:10 |
| jki | but some may only apply to > 5.10.345 | 13:11 |
| jki | however the CVE will stick to all older kernels right now, that's at least my understanding | 13:11 |
| pave1 | So.. the bug exists in 3.6 to 6.8 kernels. | 13:11 |
| jki | yes | 13:11 |
| pave1 | Fix is in 6.8, and we have backports to 6.1. | 13:11 |
| pave1 | It no longer applies to 5.10. | 13:11 |
| pave1 | For some bugs we have information when the bug was introduced, for some we don't. | 13:12 |
| masami | Some CVEs don't have Fixes tag. That case we need to analyze them. | 13:12 |
| jki | but then the question is if it actually makes sense / is needed for older kernels, and how to document that | 13:12 |
| pave1 | And where to get 10 engineers analysing that :-(. | 13:12 |
| masami | Most CVE announce contains introduced commit information. so far. | 13:12 |
| jki | we end up with CIP kernels that have tons of unfixed CVEs | 13:13 |
| pave1 | So if it actually has fixes tag and the patch applies to all the kernels that contain the buggy commit we are fine. | 13:14 |
| pave1 | Exactly. We'll have tons on unfixed "CVEs", even without security bugs. | 13:14 |
| patersonc | How often do the new CVEs not have a lower version boundary? | 13:15 |
| pave1 | And I'm not a lawyer, but there's legislation pending which will say we need to care about CVEs. | 13:15 |
| patersonc | Seems to me that the lower boundary should be set when the CVE is created? Isn't it essential info? | 13:15 |
| jki | we as CIP are not in scope of that EU legislation | 13:16 |
| jki | we as commercial CIP users are | 13:16 |
| masami | This week 55 CVEs don't have introduced commit information. | 13:16 |
| patersonc | masami: Okay so that's quite a lot | 13:17 |
| patersonc | Does the information get added over time? | 13:17 |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has quit IRC (Quit: Client closed) | 13:18 | |
| masami | I check patch and original code for older kernels. it takes time.. | 13:18 |
| pave1 | And we probably could check and find that >80% of "CVEs" are invalid. | 13:19 |
| pave1 | But that will take also take time. | 13:19 |
| masami | that's true. | 13:19 |
| jki | we have TSC next week - this shall be a prominent topic for it | 13:20 |
| pave1 | Yes please. That's a good place to solve this :-(. | 13:20 |
| masami | I see. thanks. | 13:20 |
| pave1 | Relevant links -- | 13:20 |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has joined #cip | 13:21 | |
| pave1 | https://lwn.net/Articles/961978/ -- lwn explains that Greg is doing the spamming intentionally. | 13:21 |
| pave1 | https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/ -- security researchers not being happy. | 13:21 |
| masami | pavel: thank you for the links. I'll read. | 13:22 |
| jki | thanks for the link | 13:22 |
| jki | is that second one already covering what is happening the last two weeks? | 13:23 |
| jki | if any one finds such statements elsewhere, please share as well | 13:24 |
| pave1 | I believe so. Problem did not exist two weeks ago. | 13:24 |
| jki | ok | 13:24 |
| jki | need to read carefully | 13:24 |
| masami | That said "A quick count of the linux-cve-announce mailing list shows that over 200 CVEs were assigned in the first 4 days of operation, the majority of which have no demonstrated security impact." | 13:24 |
| jki | yep, almost fresh - there are 800 | 13:25 |
| jki | good | 13:25 |
| jki | or not... | 13:25 |
| jki | other maintenance topics? | 13:25 |
| uli | pave1: you said you had a comment on 4.4? | 13:26 |
| pave1 | I'm still reviewing the patches. I have a missing free at least. | 13:26 |
| jki | anything else? | 13:28 |
| jki | 5 | 13:29 |
| jki | 4 | 13:29 |
| jki | 3 | 13:29 |
| jki | 2 | 13:29 |
| jki | 1 | 13:29 |
| jki | #topic Kernel release status | 13:29 |
| *** collab-meetbot` changes topic to "Kernel release status (Meeting topic: CIP IRC weekly meeting)" | 13:29 | |
| jki | ok, we have a couple of delays, let me check again | 13:29 |
| jki | 4.4 is about to be released, after review | 13:29 |
| jki | 4.4-rt as well? | 13:30 |
| pave1 | Yes. | 13:30 |
| pave1 | Other -rts should be up-to-date now. | 13:30 |
| jki | linux-5.10.y-cip is late as well | 13:30 |
| jki | by one day :) | 13:30 |
| jki | iwamatsu no longer connected, it seems | 13:31 |
| iwamatsu__ | Yes, I am preparing release this week. | 13:32 |
| jki | ok, then we move on | 13:32 |
| jki | ah, perfect | 13:32 |
| jki | good, rest was fine | 13:32 |
| jki | 3 | 13:32 |
| jki | 2 | 13:32 |
| jki | 1 | 13:32 |
| jki | #topic Kernel testing | 13:32 |
| *** collab-meetbot` changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 13:32 | |
| patersonc | Pavel I saw your email about squad - sorry I haven't replied yet | 13:32 |
| patersonc | I also have an MR for cip-core CI/testing to review on my todo list | 13:33 |
| patersonc | Our new EC2 tag tracking seems to be working | 13:33 |
| patersonc | So we have a better understanding of what project is running more CI | 13:34 |
| pave1 | patersonc: I'm starting to look at the squad before doing the releases, but don't mind being doublechecked for now. | 13:34 |
| patersonc | I'll explain more in the TSC | 13:34 |
| patersonc | Thanks pave1 | 13:34 |
| pave1 | 13:36 | |
| patersonc | I think that's all I have this week | 13:37 |
| jki | any other testing topics? | 13:38 |
| sietze | I am working on an automated way to generate these test reports | 13:38 |
| sietze | As a replacement of Chris's emails | 13:38 |
| jki | sietze: cool - if that is possible | 13:39 |
| pave1 | It looked like the pages were now simple enough that we could understand and check them before release. | 13:40 |
| pave1 | I expect emails to be obsolete in month or so. | 13:40 |
| sietze | Setting up the known issues also helped I guess | 13:41 |
| pave1 | Yes! :-) | 13:41 |
| pave1 | Now if I could have single green line "everything is okay in commit ABCD" I'd be happy. | 13:42 |
| pave1 | So far I'm checking gitlab to see if tests are done | 13:42 |
| pave1 | and then squad to see if there are any fails... | 13:42 |
| jki | great to see this evolving! | 13:43 |
| jki | further topics? | 13:44 |
| patersonc | sietze: thanks for the update | 13:46 |
| jki | 5 | 13:46 |
| jki | 4 | 13:46 |
| jki | 3 | 13:46 |
| jki | 2 | 13:46 |
| jki | 1 | 13:46 |
| jki | #topic AOB | 13:46 |
| *** collab-meetbot` changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 13:46 | |
| jki | anything else for today? | 13:46 |
| jki | 5 | 13:47 |
| jki | 4 | 13:47 |
| jki | 3 | 13:47 |
| jki | 2 | 13:47 |
| jki | 1 | 13:47 |
| jki | #endmeeting | 13:47 |
| collab-meetbot` | Meeting ended Thu Mar 7 13:47:55 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:47 |
| collab-meetbot` | Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.html | 13:47 |
| collab-meetbot` | Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.txt | 13:47 |
| collab-meetbot` | Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2024/03/cip.2024-03-07-13.01.log.html | 13:47 |
| *** collab-meetbot` changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev | CIP kernel meeting every Thursday at 13:00 UTC | Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/" | 13:47 | |
| jki | thanks, all! | 13:48 |
| sietze | Thanks! | 13:48 |
| uli | thanks | 13:48 |
| pave1 | Thank you! | 13:48 |
| masami | thanks | 13:48 |
| iwamatsu__ | Thank you! | 13:48 |
| *** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has quit IRC (Quit: Leaving) | 13:48 | |
| patersonc | ttfa | 13:48 |
| *** jki <jki!~jki@195.145.170.189> has quit IRC (Quit: Leaving) | 13:55 | |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@2405:6581:5360:1800:d155:3246:88f5:33be> has quit IRC (Ping timeout: 250 seconds) | 14:35 | |
| *** sietze <sietze!~Sietze@msw-v.fe.bosch.de> has quit IRC (Quit: Leaving) | 15:38 | |
| *** monstr <monstr!~monstr@nat-35.starnet.cz> has quit IRC (Remote host closed the connection) | 16:02 | |
| *** frieder <frieder!~frieder@i577B9173.versanet.de> has quit IRC (Remote host closed the connection) | 19:34 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 264 seconds) | 20:56 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.90> has joined #cip | 20:57 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.90> has quit IRC (Ping timeout: 246 seconds) | 21:01 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 21:02 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 255 seconds) | 22:05 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 22:06 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has quit IRC (Ping timeout: 255 seconds) | 22:12 | |
| *** prabhakalad <prabhakalad!~prabhakar@147.161.225.85> has joined #cip | 22:12 | |
| *** rajm <rajm!~robert@82.27.50.32> has quit IRC (Ping timeout: 268 seconds) | 22:45 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!