Ceph Leadership Team Meeting Minutes (2022-08-24)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Cephers,

These are the topics covered in today's meeting:
  • Container vulnerabilities: in the last Ceph Users-Devels Monthly meeting Gaurav Sitlani raised a question about the vulnerabilities reported by quay.io and what the process was to tackle them.
    • Currently Ceph relies on Github's dependabot to scan and fix vulnerable dependencies (mostly NPM packages). However that's not enough for distro package vulnerabilities.
    • Quay.io is very effective at that, but currently the project is not closely inspecting those.
    • Good news is that Quay offers a REST API that could be used to fetch (pull) or notify (push/webhook) the vulnerabilities in the containers.
    • David & myself will have a look at this.
  • Tracking CI failures: there's been a recent surge in the number of CI failures (partly related to the recent upgrade from Ubuntu 20 to 22). Developers sometimes struggle to see whether those come from their PRs or preexisting issues. Some ideas that could help here:
  • Coverity scans: Ceph project relied on coverity scans until 2018, when due to the adoption of newer C++ features (C++17) it stopped working. However, it seems that it's now working again even with C++20 enabled.
  • David Galloway's succession: unfortunately (for the Ceph project) David has decided to move on, so it has been started the conversation to identify all the things that David did (which are a lot) and find back-ups for those.
For a detailed description of the topics above, please visit:
https://pad.ceph.com/p/clt-weekly-minutes

Kind Regards,


Ernesto Puerta

He / Him / His

Principal Software Engineer, Ceph

Red Hat

_______________________________________________
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx

[Index of Archives]     [CEPH Users]     [Ceph Devel]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux