12:13:46 <iwamatsu> #startmeeting CIP IRC weekly meeting
12:13:46 <collab-meetbot> Meeting started Thu May 26 12:13:46 2022 UTC and is due to finish in 60 minutes.  The chair is iwamatsu. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:13:46 <collab-meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:13:46 <collab-meetbot> The meeting name has been set to 'cip_irc_weekly_meeting'
12:14:12 <alicefm> thanks iwamatsu
12:14:14 <iwamatsu> #topic AI review
12:14:27 <iwamatsu> 1. Resolve/filter irrelevant failures of KernelCI for 4.4-cip - patersonc & alicefm
12:14:34 <alicefm> no news for me
12:14:38 <patersonc[m]> snap
12:15:44 <uli> hi! sorry, got held up
12:16:02 <alicefm> uli np
12:16:15 <alicefm> we are just starting
12:16:20 <iwamatsu> hi! uli
12:16:27 <iwamatsu> OK
12:16:47 <iwamatsu> next?
12:16:48 <iwamatsu> 3
12:16:50 <iwamatsu> 2
12:16:52 <iwamatsu> 1
12:17:06 <iwamatsu> #topic Kernel maintenance updates
12:17:12 <iwamatsu> #topic Kernel maintenance updates
12:17:42 <masami> There was 6 new CVEs and 3 updated CVEs this week.
12:17:44 <uli> i did 4.4 reviews and backports
12:17:52 <masami> Most of new CVEs are fixed in the mainline and  stable kernels.
12:18:09 <pave1> I was doing reviews, 5.10.117 and 118.
12:18:19 <iwamatsu> I was reviewing 5.10.118.
12:18:51 <pave1> uli -- thanks. I need to take a look and apply them.
12:19:27 <iwamatsu> hi! jki
12:19:38 <iwamatsu> other report?
12:19:40 <jki> sorry, missed the time - public holiday here
12:19:43 <pave1> On TSC meeting there was some demand for document about kernel hardening.
12:19:43 <iwamatsu> 3
12:19:45 <iwamatsu> 2
12:19:54 <iwamatsu> 1
12:20:21 <pave1> I can repost document I started...
12:20:40 <pave1> ...disable bpf, don't give root to bad guys, etc...
12:20:48 <iwamatsu> pave1: thank you.
12:21:14 <pave1> ...but it sounded like there was interest in "'these options are good idea' list
12:21:49 <jki> kernel hardening measures?
12:22:09 <pave1> Yep.
12:22:29 <jki> great - would be helpful to have a start
12:22:55 <pave1> Perhaps we should also tweak defconfigs accordingly -- or create additional configs -- to get such stuff tested.
12:23:40 <jki> my idea was to have a config snippet, to be added to whatever config is used
12:24:23 <pave1> will we maintain docs in git somewhere, or is wiki a better place?
12:24:45 <iwamatsu> defconfig: like as OE?
12:25:39 <jki> wiki could be more handy - or do we need a review process for the docs?
12:26:24 <pave1> I don't think we need to review that. Lets use wiki.
12:26:30 <jki> iwamatsu: what do you mean with like OE?
12:28:23 <iwamatsu> Yocot/OE kernel configuration is divided into functions, and these can be operated when building.
12:29:15 <iwamatsu> I thought CIP's kernel config needed the same function....
12:29:30 <jki> defconfig+snippet is actually not OE-specific, that's why it works in isar-cip-core as well
12:29:46 <jki> we already use that for turning on RT
12:30:24 <iwamatsu> OKay.
12:31:05 <iwamatsu> next?
12:31:10 <iwamatsu> 3
12:31:12 <iwamatsu> 2
12:31:15 <iwamatsu> 1
12:31:21 <iwamatsu> #topic Kernel testing
12:33:34 <iwamatsu> patersonc[m]: do you have report?
12:33:48 <patersonc[m]> oh sorry
12:33:58 <patersonc[m]> No updates from me this week
12:34:45 <iwamatsu> got it
12:35:13 <iwamatsu> next?
12:35:14 <iwamatsu> 3
12:35:16 <iwamatsu> 2
12:35:20 <iwamatsu> 1
12:35:24 <iwamatsu> #topic AOB
12:37:31 <iwamatsu> any topics?
12:38:07 <iwamatsu> 3
12:38:09 <iwamatsu> 2
12:38:11 <iwamatsu> 1
12:38:23 <iwamatsu> #endmeeting