Ceph Leadership Team Meeting Minutes (2022-08-24)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Cephers,

These are the topics covered in today's meeting:

   - *Container vulnerabilities*: in the last Ceph Users-Devels Monthly
   meeting Gaurav Sitlani raised a question about the vulnerabilities reported
   by quay.io
   <https://quay.io/repository/ceph/ceph/manifest/sha256:e4abc23698c84996b04a5bf7706ed7e8cc88b9b716dc98cd83681b178aa7631f?tab=vulnerabilities>
and
   what the process was to tackle them.
      - Currently Ceph relies on Github's dependabot to scan and fix
      vulnerable dependencies (mostly NPM packages). However that's not enough
      for distro package vulnerabilities.
      - Quay.io is very effective at that, but currently the project is not
      closely inspecting those.
      - Good news is that Quay offers a REST API that could be used to
      fetch (pull) or notify (push/webhook) the vulnerabilities in the
containers.
      - David & myself will have a look at this.
   - *Tracking CI failures*: there's been a recent surge in the number of
   CI failures (partly related to the recent upgrade from Ubuntu 20 to 22).
   Developers sometimes struggle to see whether those come from their PRs or
   preexisting issues. Some ideas that could help here:
      - Reporting test/CI failures to https://tracker.ceph.com and adding
      the 'test-failure' tag
      <https://tracker.ceph.com/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=issue_tags&op%5Bissue_tags%5D=%3D&v%5Bissue_tags%5D%5B%5D=test-failure>
      .
      - Using the Jenkins Failure Cause Analyzer
      <https://jenkins.ceph.com/failure-cause-management/> (already done
      for some CI jobs, like the API).
   - *Coverity scans*: Ceph project relied on coverity scans until 2018,
   when due to the adoption of newer C++ features (C++17) it stopped working.
   However, it seems that it's now working again even
   <https://scan.coverity.com/projects/ceph?tab=overview> with C++20
   enabled.
   - *David Galloway's succession*: unfortunately (for the Ceph project)
   David has decided to move on, so it has been started the conversation to
   identify all the things that David did (which are a lot) and find back-ups
   for those.

For a detailed description of the topics above, please visit:
https://pad.ceph.com/p/clt-weekly-minutes

Kind Regards,


Ernesto Puerta

He / Him / His

Principal Software Engineer, Ceph

Red Hat <https://www.redhat.com/>
<https://www.redhat.com/>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux