Re: [OpenStack-Infra] Moving DIB to infra
On Fri, Mar 17, 2017, at 05:10 AM, Ian Wienand wrote: > On 03/16/2017 11:34 PM, Jeremy Stanley wrote: > > I'd also like to be certain the current DIB contributors are > > entirely disinterested in forming a separate official team in > > OpenStack as I doubt the TC would reject such a proposal (I'd > > happily support it). > > Assuming "interested" means you had more than a couple of trivial > changes in the last release period would leave a voting group of maybe > 5 people [1]? It seems like a lot of bureaucracy to start up a whole > team for that? > > Quite a lot of brain-power seems to have been spent on this so far. > Personally I don't see the difference between TripleO cores who > technically have power but don't use it or infra cores who technically > have power but don't use it. I'm just finding it hard to find a hook > to engage with the whole thing. If people feel strongly about moving > it under infra ok, but I'm not sure what difference it makes. > > -i > > [1] > http://stackalytics.com/?module=diskimage-builder&metric=commits&release=ocata > OK, now that we've let this topic sit on on both ML's for over a week (in addition to all the previous discussions) I think we can safely say that anyone who might have had an objection has had enough time to voice it. It looks like the governance change is moving forward, so the next steps seem to be wait for that to merge and then work through the few items on the etherpad. Thanks, Greg ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] Moving DIB to infra
Hello folks, I wanted to make sure everyone is aware of the intention to move the DIB project under the infra project team[1]. Based on the ML responses and some discussions with DIB contributors there seems to be a slight preference for moving the project under the infra project team and there weren't any objections to us doing so. I've created an etherpad[2] to try and organize thoughts and steps involved in making this move. Please reply here / update the etherpad with any thoughts, questions, concerns, steps involved which we may have missed. Thanks! -Greg -- 1: https://review.openstack.org/#/c/445617 2: https://etherpad.openstack.org/p/dib-infra-move-deets ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] Openstack-infra puppet-gerrit module xss vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Everyone, It was recently discovered that our puppet-gerrit module configures Gerrit in a way which makes it vulnerable to a XSS attack. This stems from our configuration marking text/html as a 'safe' mimetype[1]. This configuration change was first made in May 2014[2] but we believe it did not begin working until Feb 2015[3]. Using this, a user could potentially craft a review which when visited at the proper url would have access to the account information of any user visiting that url. It is highly recommended that all downstream users of this module apply this commit[4] to protect themselves against this attack. Thanks, Greg 1: https://review.openstack.org/#/c/332219/ 2: http://git.openstack.org/cgit/openstack-infra/puppet-gerrit/commit/?id=346618da6d0527335b67d17dea78f7d6c55fb129 3: http://git.openstack.org/cgit/openstack-infra/puppet-gerrit/commit/?id=c53838ae2246f74fd5206a1bdb7b8cac656529d9 4: http://git.openstack.org/cgit/openstack-infra/puppet-gerrit/commit/?id=8573c2ee172f66c1667de49685c88fdc8883ca8b -- Gregory Haynes g...@greghaynes.net -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJXaYFFAAoJELwhhWqbFNDRb00P+gPHUKoKl8pH7wDn/cCB8AZN yNZ5jlQ0GjB0+UnIqkrMbOQt4+CjPQup4kvQZRDNrBZll6If6J2usQFl1doAuR+T orFObJfe9hL4nJRcHt7FOrCkWESJxOExmMUvHrS2EvHogPhYdATsfJ2trzZFqOpp i/WY1+Ne42FTCvxavX8tPcpYp++ij38CPiM8LdBvKy/x/PYo3hjTQRmeJ9SOG4hL ifsaAFnZcnlUhXE2qyfQE019QDtVG1QJv7sDWlkyde7UmmJNc8uaHZA/BP9HPDFU 7maZgOt/UGV0EQ5ILFC0ikYdpsQLDOdRzpQRFn6hYly/llVm9mtAVDvvUCw7WBnp Kv8RI/MjjSvXlQs0fYmQB2D4sagdBVIEm/qt6SoN3oGNBifSbj3sLVQtb94gaEaY WT6Ix/QYgLTVePyV+uvicVwfBMz6w3/rLn11faUklxegCcxUJDEXbPXLFz4b5YHv rLJMegxraUj2cQn5kQe5D5NTEj6tpOClvC2Pg8kGIjVphbwgGZ4N/RuahArxDlmZ 5D2VRtajYGfpGaCjCzmtbpyAoljJINiv0ffLEQnezV5WF07aAzrgGTARlvhOJ3TV KFuyttTzQk5lKAmylJg+mjwhKhZlP1nhznkAlc5qI7DLSzade2DC15BMJK9FoElT 6jBboGQNImnEd0VCbk/D =0Xkq -END PGP SIGNATURE- ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] A tool for slurping gerrit changes in to bug updates
On Wed, May 25, 2016, at 11:55 AM, Jimmy Mcarthur wrote: > I'm not sure about Infra, but we're in the same boat with one of our bug > trackers. This would be awesome to have and I'm sure we would use it. > > Out of curiosity, what bug tracker are you currently using? GitHub Enterprise, although I think it would make sense (if we were to make this) to make the bug tracker a pluggable backend. I would expect this to be pretty simple to do and would be a requirement to live upstream since GHE certainly isn't a supported thing there. > > Cheers, > Jimmy > > Gregory Haynes wrote: > > Hello -Infra folks, > > > > While setting up an OpenStack-infra style testing infrastructure we have > > run in to the need for a tool to update our issue tracker in a different > > manner than the current Gerrit -> jeepyb system used for OpenStack. Our > > issue boils down to the fact that our bug tracker lives on a network our > > Gerrit cannot initiate a connection in to. As a result we need something > > to connect to Gerrit from within our bug tracker's network. We are > > considering making a small project to connect to and read from the > > Gerrit event stream and then update our bug tracker. > > > > > > My hope with this email was to see if: > > > > Is there something (aside from not having crazy network requirements) > > were missing that might make this project unnecessary? > > > > If we implemented this, would this be something the -infra project would > > like to have live upstream? It seems easy enough to make this generally > > useful to others with similar requirements. > > > > Any other thoughts/comments that might help :). > > > > Thanks, > > Greg > > > ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] A tool for slurping gerrit changes in to bug updates
Hello -Infra folks, While setting up an OpenStack-infra style testing infrastructure we have run in to the need for a tool to update our issue tracker in a different manner than the current Gerrit -> jeepyb system used for OpenStack. Our issue boils down to the fact that our bug tracker lives on a network our Gerrit cannot initiate a connection in to. As a result we need something to connect to Gerrit from within our bug tracker's network. We are considering making a small project to connect to and read from the Gerrit event stream and then update our bug tracker. My hope with this email was to see if: Is there something (aside from not having crazy network requirements) were missing that might make this project unnecessary? If we implemented this, would this be something the -infra project would like to have live upstream? It seems easy enough to make this generally useful to others with similar requirements. Any other thoughts/comments that might help :). Thanks, Greg -- Gregory Haynes g...@greghaynes.net ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra