#cip log

13:01:46 <jki> #startmeeting CIP IRC weekly meeting
13:01:46 <collab-meetbot`> Meeting started Thu Jul  4 13:01:46 2024 UTC and is due to finish in 60 minutes.  The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:01:46 <collab-meetbot`> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:01:46 <collab-meetbot`> The meeting name has been set to 'cip_irc_weekly_meeting'
13:01:53 <jki> #topic AI review
13:01:58 <jki> - prepare blog entry on SLTS kernel state and challenges [Jan]
13:02:02 <jki> no news
13:02:13 <jki> and nothing else from last time
13:02:17 <jki> so...
13:02:25 <jki> 5
13:02:26 <jki> 4
13:02:28 <jki> 3
13:02:29 <jki> 2
13:02:31 <jki> 1
13:02:33 <jki> #topic Kernel maintenance updates
13:02:45 <uli> i've been preparing the next 4.4 release
13:03:02 <masami> This week reported 1 new CVEs and 0 updated CVEs. It was quiet week.
13:03:10 <iwamatsu__> I am reviewing 6.1.96.
13:04:29 <jki> anything else?
13:04:46 <pave1> I'm reviewing .1..
13:04:51 <pave1> 6.1.96.
13:06:07 <pave1> There's recent -rt release, so I'll likely do matching 6.1-cip and then -cip-rt.
13:06:30 <jki> both are due these days anyway
13:08:18 <jki> ok, them moving on
13:08:21 <jki> 5
13:08:24 <jki> 4
13:08:24 <iwamatsu__> I will release  linux-6.1.y-cip with 6.1.96. :-)
13:08:43 <jki> perfect
13:08:48 <jki> 3
13:08:50 <jki> 2
13:08:52 <jki> 1
13:08:57 <jki> #topic Kernel release status
13:08:57 <pave1> iwamatsu> ok, thanks, that will help me.
13:09:12 <jki> all green, next to come we already discussed :)
13:09:37 <jki> almost: 5.10 and 4.19 are also due soon
13:09:52 <jki> anyway - any blockers in sight?
13:10:30 <pave1> I don't see any.
13:10:39 <jki> 5
13:10:41 <jki> 4
13:10:42 <jki> 3
13:10:44 <jki> 2
13:10:46 <jki> 1
13:10:48 <jki> #topic Kernel testing
13:10:57 <arisut> sent issue #2594 for creating a development tool on KernelCI that can send locally changes to tests https://github.com/kernelci/kernelci-core/issues/2594
13:11:19 <jki> Siemens lab is up again
13:11:34 <arisut> currently is under discussion
13:11:55 <arisut> jki: nice
13:12:08 <patersonc> jki: Ah right, I didn't notice :D
13:12:09 <patersonc> Thanks
13:12:21 <jki> correction - except for the de0-nano-soc
13:12:57 <jki> we need to check that again
13:13:33 <patersonc> jki: Shall I delete the lab-cip-siemens-prague worker?
13:14:23 <arisut> the KernelCI client could be used for testing local CIP kernel sources directly on KernelCI, with extended flexibility (like decide if publish results or which laboratory to use)
13:14:35 <jki> patersonc: we are still hoping to eventually get it online
13:14:41 <jki> just the "when" is unclear
13:14:53 <patersonc> arisut: That sounds useful
13:15:01 <arisut> also CIP patches could be tested
13:15:06 <patersonc> jki: Okay, I'll leave it then - thanks
13:16:05 <arisut> it should improve kernel development
13:16:08 <pave1> Yes, ability to test local tree without git commit would be nice.
13:16:38 <arisut> yes buildbot try already allow such feature
13:17:23 <arisut> is few years that I'm talking about having something similar to what buildbot does
13:18:56 <jki> cool!
13:18:59 <arisut> after many discussion I decided to just open a issue somewhere about such features
13:20:40 <arisut> probably will be created as an extension of kci tool
13:22:38 <jki> anything else on testing?
13:22:47 <patersonc> Not from me
13:23:25 <jki> 5
13:23:26 <jki> 4
13:23:28 <jki> 3
13:23:30 <jki> 2
13:23:32 <jki> 1
13:23:35 <jki> #topic AOB
13:24:00 <jki> Dinesh: you wanted to discuss about BV feedback
13:24:07 <Dinesh> Yes
13:24:17 <Dinesh> Shall I briefly explain?
13:24:27 <jki> jup
13:24:55 <Dinesh> For meeting DM-3 requirement of IEC-62443-4-1 (Asessing security related issues) It expects documented process to assess security issues
13:25:15 <Dinesh> SWG documented based on upstream https://gitlab.com/cip-project/cip-documents/-/blob/master/process/Security_issues_handling.md?ref_type=heads#dm-3-assessing-security-related-issues-
13:25:37 <Dinesh> When we had discussion with BV, they mentioned kernel WG will be doing some assessment to select fewer security issues for CIP out of large number of issues
13:26:15 <Dinesh> So the main point we have to discuss the criteria used to select fewer issues by kernel WG
13:26:21 <pave1> Ummm. Not kernel wg.
13:27:00 <jki> one element we are starting to look into: CVE filtering based on kernel config
13:27:09 <Dinesh> ok
13:27:48 <Dinesh> Jan you mentioned for filtering automation in TSC
13:27:59 <jki> I mentioned that a few weeks ago, it's scheduled on our side to look into options and caveats
13:28:11 <jki> not yet there, though :)
13:28:12 <Dinesh> ok understood
13:28:28 <pave1> Or better yet. It depends on 'select from where'
13:28:46 <pave1> CVEs for kernel contain too much noise to be useful.
13:29:19 <jki> yeah, this is not going to be noise cancelation
13:29:35 <Dinesh> :)
13:29:44 <pave1> We can filter based on config, and it may eliminate 50% issues,
13:29:56 <jki> but, conceptually, it could also just be applied on any interesting commit in newer kernels
13:30:02 <pave1> but that's still way too much noise.
13:30:27 <Dinesh> At least based on kernel config seems quite relevant
13:30:36 <pave1> So.. someone needs to come with less noisy security issues source.
13:32:02 <jki> that's why I said in the TSC that coupling our backport procedures with what is today called "CVE" may not be helpful
13:32:57 <jki> still, the general task remains: indentify /relevant/ fixes from upstream for our kernels
13:34:27 <jki> Dinesh: anything else you'd like to discuss?
13:34:36 <Dinesh> Yeah so as of now SWG will mark it as in-progress
13:34:46 <Dinesh> No that's all I had for discussion
13:34:53 <pave1> (Or with additional manpower. Filtering CVEs might be half-time to full-time job).
13:35:51 <jki> right, that is the risk
13:36:42 <jki> and if that should become a hard requirement for us, we need to make this transparent as early as possible
13:37:00 <pave1> +1
13:37:06 <jki> Dinesh: are there any indications in that direction?
13:37:24 <Dinesh> No hard requirement
13:37:46 <jki> good :)
13:38:29 <jki> any other business for today?
13:38:58 <jki> 5
13:39:00 <jki> 4
13:39:01 <jki> 3
13:39:03 <jki> 2
13:39:04 <jki> 1
13:39:06 <jki> #endmeeting