Hi Cephers, These are the topics covered in today's meeting: - *Container vulnerabilities*: in the last Ceph Users-Devels Monthly meeting Gaurav Sitlani raised a question about the vulnerabilities reported by quay.io <https://quay.io/repository/ceph/ceph/manifest/sha256:e4abc23698c84996b04a5bf7706ed7e8cc88b9b716dc98cd83681b178aa7631f?tab=vulnerabilities> and what the process was to tackle them. - Currently Ceph relies on Github's dependabot to scan and fix vulnerable dependencies (mostly NPM packages). However that's not enough for distro package vulnerabilities. - Quay.io is very effective at that, but currently the project is not closely inspecting those. - Good news is that Quay offers a REST API that could be used to fetch (pull) or notify (push/webhook) the vulnerabilities in the containers. - David & myself will have a look at this. - *Tracking CI failures*: there's been a recent surge in the number of CI failures (partly related to the recent upgrade from Ubuntu 20 to 22). Developers sometimes struggle to see whether those come from their PRs or preexisting issues. Some ideas that could help here: - Reporting test/CI failures to https://tracker.ceph.com and adding the 'test-failure' tag <https://tracker.ceph.com/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=issue_tags&op%5Bissue_tags%5D=%3D&v%5Bissue_tags%5D%5B%5D=test-failure> . - Using the Jenkins Failure Cause Analyzer <https://jenkins.ceph.com/failure-cause-management/> (already done for some CI jobs, like the API). - *Coverity scans*: Ceph project relied on coverity scans until 2018, when due to the adoption of newer C++ features (C++17) it stopped working. However, it seems that it's now working again even <https://scan.coverity.com/projects/ceph?tab=overview> with C++20 enabled. - *David Galloway's succession*: unfortunately (for the Ceph project) David has decided to move on, so it has been started the conversation to identify all the things that David did (which are a lot) and find back-ups for those. For a detailed description of the topics above, please visit: https://pad.ceph.com/p/clt-weekly-minutes Kind Regards, Ernesto Puerta He / Him / His Principal Software Engineer, Ceph Red Hat <https://www.redhat.com/> <https://www.redhat.com/> _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |