09:00:05 <freesky-edward> #startmeeting infrastructure
09:00:05 <openeuler-ci-bot> Meeting started Tue Feb 25 09:00:05 2020 UTC and is due to finish in 60 minutes.  The chair is freesky-edward. Information about MeetBot at https://openeuler.org/en/meetings.html.
09:00:05 <openeuler-ci-bot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:05 <openeuler-ci-bot> The meeting name has been set to 'infrastructure'
09:00:09 <freesky-edward> hi
09:00:31 <tommylikehu_> hey guys.
09:00:44 <imjoey_> Hi all
09:00:57 <freesky-edward> tommylikehu_ imjoey how are you?
09:01:10 <genedna> Hi
09:01:15 <tommylikehu_> genedna:  welcome
09:01:30 <freesky-edward> genedna welcome
09:01:36 <imjoey_> genedna: welcome
09:01:43 <genedna> Thanks, everyone
09:01:47 <freesky-edward> ok, let's start our topics
09:02:10 <freesky-edward> please refer to wiki for the schedule . https://gitee.com/openeuler/infrastructure/wikis/Meeting%20Schedule
09:02:32 <freesky-edward> please feel free to add topic if you have later.
09:02:35 <fred_li> hi all
09:02:50 <freesky-edward> hi, fred_li,
09:02:51 <imjoey_> Hi fred_li
09:03:02 <freesky-edward> #topic CVE management
09:03:24 <freesky-edward> this is a topic added by myself.
09:03:58 <fred_li> welcome @genedna @shinwell
09:04:02 <freesky-edward> as there is no issue or PR, so let me tell the more detailed information about it
09:04:32 <fred_li> thanks @freesky-edward
09:05:05 <freesky-edward> as you may know, there is generally a page to show the CVE state in almost every community or open source project.
09:05:16 <freesky-edward> so is openEuler.
09:05:42 <fred_li> #link https://openeuler.org/zh/security.html
09:06:25 <freesky-edward> but I think there is a little difference, that is openEuler is going to manage the 3rd CVE state.
09:07:12 <freesky-edward> but others always only to manage their own CVEs.
09:08:42 <fred_li> Yes.
09:08:46 <fred_li> @im
09:09:08 <freesky-edward> so, I throw this topic out for two reasons: 1. get your idea how to build the management system. 2. get help who will help me to make it working
09:09:09 <fred_li> @imjoey_ I am not sure you have the background or not.
09:09:21 <shinwell> 其他社区也会映射自己的安全漏洞到upstream漏洞啊
09:09:46 <shinwell> 为什么说"others always only to manage their own CVEs"
09:09:59 <fred_li> We suppose if openEuler community manages all the CVEs from dependencies, OS venders may benefit.
09:10:01 <freesky-edward> shinwell, hi
09:10:12 <shinwell> hi
09:10:27 <freesky-edward> fred_li, yes , that's the reason. thanks
09:10:35 <imjoey_> fred_li: sorry for not enough background for now. I will try to catch up with you all as soon as possible.
09:10:55 <imjoey_> fred_li: Yes, that would be surely very helpful for os vendors.
09:11:04 <imjoey_> freesky-edward:
09:11:47 <freesky-edward> imjoey_, please
09:12:40 <freesky-edward> any suggestion
09:13:02 <freesky-edward> or any other background should I provide?
09:13:17 <imjoey_> I meant  your expression about OS vendors could benefit is great. :)
09:13:44 <freesky-edward> imjoey_ thanks
09:14:09 <fred_li> @shinwell to clarify, I would give you an example about OpenStack. https://wiki.openstack.org/wiki/Security_Notes
09:14:28 <fred_li> These CVEs are only from OpenStack itself, not dependencies.
09:15:15 <freesky-edward> if not, I will open an issue for my general design spec to get more comments. and also any comments would be appreciated.
09:15:17 <fred_li> I tried to find fedora, openSUSE, but not found the ones for dependencies. Maybe I was wrong.
09:17:23 <freesky-edward> shinwell, do you have any suggestion since this IRC is not friendly to Chinese char.
09:18:36 <freesky-edward> if no one and no suggestion, let's move next. #action freesky-edward open issue for CVE design spec.
09:18:40 <shinwell> https://www.debian.org/security/2019/dsa-4596
09:18:56 <shinwell> 用这个做例子,Debian Security Advisory
09:18:56 <fred_li> OK
09:19:03 <shinwell> 有到CVE的reference
09:19:27 <shinwell> 这些本质上是在管tomcat的安全漏洞
09:19:31 <freesky-edward> shinwell thanks very much
09:20:04 <freesky-edward> I will refer to it for more detail.
09:20:12 <fred_li> thanks a lot.
09:20:20 <freesky-edward> #topic task state
09:21:03 <freesky-edward> tommylikehu_ would you please sync the state of OBS
09:22:09 <tommylikehu_> ok, I already set up the multiple backends for OBS
09:22:39 <freesky-edward> is all ready?
09:22:41 <tommylikehu_> also here comes the pr that updates the document and some scripts used to setting up the backend
09:22:42 <tommylikehu_> https://gitee.com/openeuler/tool-collections/pulls/2
09:23:08 <tommylikehu_> oops, this one: https://gitee.com/openeuler/infrastructure/pulls/328
09:23:37 <tommylikehu_> freesky-edward:  it's works as we expect now.
09:24:05 <freesky-edward> great, thanks
09:24:29 <imjoey_> tommylikehu_: that's great, thank you very much.
09:24:37 <freesky-edward> #action all please review https://gitee.com/openeuler/infrastructure/pulls/328
09:24:38 <tommylikehu_> freesky-edward:  but we still need some time to see if there are some potential issues.
09:24:47 <tommylikehu_> imjoey_:  my pleasure:)
09:25:26 <freesky-edward> #action fred_li imjoey_ freesky-edward review PR: https://gitee.com/openeuler/infrastructure/pulls/328
09:25:37 <freesky-edward> tommylikehu_ that's fine
09:26:18 <fred_li> #link https://www.debian.org/security/
09:26:19 <tommylikehu_> freesky-edward:  my next job would be supporting the creating private packages in obs
09:27:16 <freesky-edward> imjoey_ how about the closing comments, has gitee udpated the API or not, could you please update the state, thanks
09:27:57 <freesky-edward> tommylikehu_, great, thanks
09:28:34 <fred_li> @tommylikehu_ great job, thanks a lot.
09:29:53 <freesky-edward> The last one is network issue we met, now, it seems some of the servers cannot parse the `gitee.com` domain.
09:30:54 <freesky-edward> I followed this issue for a while, it is still in process. if anyone meet the same problem. pelase let me know
09:31:38 <freesky-edward> any other state update here?
09:31:52 <imjoey_> freesky-edward: sorry for my network connection seems down for a while.
09:32:24 <imjoey_> Gitee API will support that feature within this week, then we could disable all our repos.
09:32:31 <freesky-edward> imjoey_ :)
09:32:47 <freesky-edward> imjoey_ great news, thanks
09:33:07 <fred_li> ping to test network
09:33:26 <fred_li> I meant my local network :-(
09:33:32 <tommylikehu_> fred_li:  tests well
09:33:34 <imjoey_> fred_li: I receive it
09:34:31 <freesky-edward> fred_li it's fine
09:34:48 <freesky-edward> if nothing update ,let's move to next
09:34:49 <shinwell> pong
09:35:02 <freesky-edward> #topic open discussion
09:35:27 <freesky-edward> please feel free to sync your proposal if have
09:35:57 <imjoey_> freesky-edward: Hi, for this pr https://gitee.com/openeuler/go-gitee/pulls/9 , have you ever encountered the same problem in go1.13.x?
09:36:50 <freesky-edward> sorry, still now, I only test v1.12.
09:37:14 <imjoey_> v1.12 looks everything ok in your case?
09:37:14 <freesky-edward> I will update my version to v1.13 and test again.
09:37:26 <freesky-edward> yeah, it works
09:37:55 <imjoey_> yep, thanks for reviewing.
09:38:16 <freesky-edward> imjoey_ thanks for mentioning it, I will update comments after testing on v1.13
09:38:26 <imjoey_> freesky-edward: ok, thanks.
09:38:38 <tommylikehu_> freesky-edward:  for the OBS things, I recommand we need someone who already worked on OBS to writ the document on how to use and develop with obs.
09:38:50 <tommylikehu_> maybe someone from hufeng
09:39:32 <freesky-edward> tommylikehu_ sounds a good idea
09:40:23 <freesky-edward> tommylikehu_ could you pelase check where should this doc be housed, in community or website?
09:40:51 <freesky-edward> I would suggest to open an issue for this
09:40:57 <tommylikehu_> it belongs to the developer things,
09:41:27 <fred_li> agree to create an issue and then ask Hufeng for help.
09:41:35 <tommylikehu_> +1
09:42:00 <freesky-edward> fred_li could you pelase check whether should this issue be on community?
09:43:14 <fred_li> you mean, on community repo or on infrastructure repo? I think it is the latter, as the doc is for OBS.
09:43:27 <freesky-edward> on community or website?
09:43:29 <tommylikehu_> + website  here? https://gitee.com/openeuler/website/tree/master/content/zh/community
09:44:11 <tommylikehu_> we need an intro
09:44:35 <freesky-edward> +1
09:44:46 <fred_li> I think it is part of how to contribute, thus both on website and community
09:46:23 <freesky-edward> +1
09:47:23 <freesky-edward> #action tommylikehu_ open issue for OBS use-guide on community and website.
09:48:00 <freesky-edward> any other topics?
09:49:47 <freesky-edward> ok, I think that's all.
09:49:50 <fred_li> I don't have.
09:49:52 <fred_li> thanks to all
09:49:59 <freesky-edward> thank you all
09:50:03 <imjoey_> ok, thank you all.
09:50:06 <freesky-edward> see you next time
09:50:15 <imjoey_> see you all.
09:50:20 <freesky-edward> bye
09:50:24 <fred_li> thanks, bye
09:50:30 <freesky-edward> #endmeeting