13:00:27 <mvollmer> #startmeeting meeting 13:00:27 <zodbot> Meeting started Mon Aug 1 13:00:27 2016 UTC. The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:27 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:00:27 <zodbot> The meeting name has been set to 'meeting' 13:00:36 <mvollmer> .hello mvo 13:00:37 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com> 13:00:44 <andreasn1> .hello andreasn 13:00:45 <zodbot> andreasn1: andreasn 'Andreas Nilsson' <anilsson@redhat.com> 13:01:05 <harish> .hello harishanand 13:01:06 <zodbot> harish: harishanand 'Harish Anand' <harishanand95@gmail.com> 13:01:39 <mvollmer> #topic Agenda 13:01:44 <larsu> .hello larsu 13:01:45 <zodbot> larsu: larsu 'Lars Uebernickel' <lars@uebernic.de> 13:01:55 <larsu> ah! Another place to change my name :) 13:02:37 <harish> * timers 13:03:20 <andreasn1> larsu: this will haunt you for years 13:03:28 <mvollmer> larsu, congratulations! 13:03:30 <larsu> uh oh :) 13:03:33 <larsu> thanks! 13:03:42 <mvollmer> larsu, I forgot your new name already again! :) 13:03:43 <andreasn1> I imagine it's like chaning address x100 13:03:49 <andreasn1> yes, contratulations! 13:04:21 <larsu> thanks! 13:04:26 <harish> congrats larsu!! 13:04:27 <larsu> mvollmer: Lars Karlitski 13:04:33 <larsu> thanks harish! 13:05:07 <mvollmer> larsu, thanks! I am sure I will have to ask a couple of times more... 13:05:14 <andreasn1> * atomic scan 13:05:34 <mvollmer> * network teams 13:06:30 <cockpitbot> 6 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-atomic/log.html 13:07:29 <mvollmer> alright 13:07:36 <mvollmer> #topic timers 13:07:47 <harish> andreasn i have added the warning message shown when a user selects 31st of every month. 13:08:06 <harish> Is "better avoid end of month days like 31st" okay? 13:08:20 <harish> #link https://github.com/cockpit-project/cockpit/pull/4645 13:08:35 <andreasn1> ah yes, I just saw 13:08:46 <andreasn1> I think the sentence needs to be tweaked slightly 13:08:51 <andreasn1> but in general looks good 13:09:05 <harish> yeah i though so, i was waiting on dperpeet's input on that 13:09:09 <harish> thought* 13:09:51 <harish> dperpeet andreasn I have avoided the usage of ServerTime from host.js because it uses dbus while petervo suggested on getting time by spawning. 13:09:57 <harish> I have done that and added the tests. 13:10:14 <andreasn1> nice 13:10:15 <harish> the test doesn't check for a boot timer and no-repeat timer. I will add those tomorrow 13:10:22 <harish> rest like repeat hourly, daily, weekly, monthly and yearly and error inputs are checked. 13:10:24 <achakrab> @andreasn1 13:10:26 <achakrab> hi 13:10:37 <achakrab> i've started looking into the design model 13:10:53 <cockpitbot> 2 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-23/log.html 13:10:55 <andreasn1> hi! nice! it's further down in the meeting agenda 13:10:58 <andreasn1> so lets take it when it comes 13:11:06 <achakrab> okay sure 13:11:18 <achakrab> please just let me know when it comes up 13:11:27 <harish> and here is my blog. https://medium.com/@harishanand95/gsoc-week-8-different-dates-issue-testing-41a582ce2aa6#.43jjmtwuv 13:12:48 <harish> mvollmer larsu if you have other ideas you could think of on the issue i talked in the blog, just tell me. 13:14:12 <larsu> hm? why is the time of the test machine considered at all? 13:14:42 <larsu> (this can probably wait until after the meeting) 13:15:04 <petervo_> larsu, where phantomjs runs matters for browser date 13:15:46 <harish> oh for testing we have to select a future time and then check for all cases from there, so i have to set test machine's time. 13:17:05 <harish> larsu petervo_ we can have it discussed after meeting? 13:17:11 <larsu> yes 13:17:46 <harish> okay end of topic mvollmer 13:17:52 <mvollmer> thanks! 13:17:56 <mvollmer> #topic atomic scan 13:18:34 <andreasn1> so me, achakrab and dwalsh met on friday and went over the designs 13:19:14 <andreasn1> https://raw.githubusercontent.com/cockpit-project/cockpit-design/master/containers/container-security-scanning.png 13:19:29 <achakrab> yeah based on what i understood from the meeting, cockpit is still undergoing changes so it's better to wait before some of the design model is implemented 13:19:29 <andreasn1> and we indentified some smaller things that needs to be fixed 13:19:34 <andreasn1> like working and such 13:20:04 <andreasn1> working/wording 13:20:27 <larsu> that's a lot of red! :) 13:21:20 <andreasn1> since the listing view is not on the containers page yet, that part will be harder to implement 13:21:34 <andreasn1> but the box with the scan action and the settings can be implemented today 13:21:43 <andreasn1> today/right away 13:21:46 <mvollmer> andreasn1, so I was thinking... 13:21:57 <achakrab> @andreasn1, so i can implement the box with scan action 13:22:00 <achakrab> ? 13:22:15 <github> [cockpit] stefwalter opened pull request #4809: test: Make --sit argument on test/containers/run-tests work (master...containers-run-tests-sit) https://git.io/v6vpn 13:22:15 <mvollmer> whether or not a image or container is vulnerable is a static property 13:22:22 <mvollmer> no? 13:22:37 <andreasn1> achakrab: yes 13:22:47 <andreasn1> mvollmer: how do you mean? 13:22:49 <mvollmer> i mean, once you scan an image, scanning it again will just give the same answer, no? 13:23:11 <mvollmer> so you would want to scan images that have never been scanned 13:23:16 <andreasn1> mvollmer: no, because since you did the scan, another vunerability might have happened 13:23:24 <mvollmer> discovered? 13:23:45 <mvollmer> so the scanner might have changed, or the image? 13:23:57 <andreasn1> like if I did a scan last week, and heartbleed came up, it won't show that shellshock came up yesterday 13:24:01 <andreasn1> until I scan again 13:24:04 <mvollmer> right 13:24:09 <andreasn1> if I understood things correctly at least 13:24:20 <andreasn1> but I might have gotten something backwards 13:24:21 <mvollmer> but cockpit can know when scanning is necessary, right? 13:24:29 <mvollmer> when the scanner database has been updates 13:24:32 <mvollmer> *updated 13:24:38 <cockpitbot> 3 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-testing/log.html 13:24:48 <mvollmer> or in other words, how does the user know when to hit "scan again"? 13:25:31 <achakrab> yeah because right now the information will be based on a previous scan 13:25:41 <achakrab> so if a new vulnerability is present in a container or image 13:25:54 <achakrab> then it wouldn't show up until you scan again 13:25:59 <larsu> is scanning an expensive process? 13:26:34 <andreasn1> not super expensive I think, ideally it would happen ASAP and automated 13:26:40 <larsu> right 13:27:01 <mvollmer> can we give a hint that scanning is now a useful thing to do? 13:27:05 <andreasn1> right now it's possible to set it up so it scans say, once a day, once a week, or maybe once an hour 13:27:11 <mvollmer> like: new image or container: scan it! 13:27:21 <mvollmer> and: vuln db updated, scan again! 13:27:33 <mvollmer> where is the vuln db? 13:27:49 <andreasn1> it's this massive tar.gz 13:28:01 <mvollmer> that comes in a rpm or ostree, right? 13:28:09 <andreasn1> not sure 13:28:31 <mvollmer> anyway, maybe we should not go on here. 13:28:55 <andreasn1> but yeah, if there was a way for everything to be scanned again once the db got updated somehow, that would be a superior model I think 13:28:57 <andreasn1> it 13:29:07 <andreasn1> it's an interesting idea, but not sure if it's possible or not 13:29:38 <achakrab> you could then call scan --all 13:29:45 <andreasn1> yeah 13:29:46 <achakrab> once the db ever gets updated right? 13:29:59 <achakrab> by db you mean if any images are added to the repo 13:30:02 <achakrab> ? 13:30:20 <andreasn1> no, the csv database 13:30:36 <achakrab> okay 13:31:14 <achakrab> also @andreasn1, we are also looking at highlighting vulnerable images and containers red right? 13:31:21 <andreasn1> yes, that is key 13:31:26 <achakrab> right okay 13:31:39 <achakrab> i'm working on getting the list of containers from the dbus api 13:31:48 <andreasn1> cool 13:33:23 <andreasn1> next topic? 13:34:39 <mvollmer> #topic network teaming 13:35:11 <mvollmer> so, couple of weeks ago we decided to attack this properly, with use cases and mockups, and black jack 13:35:52 <mvollmer> andreasn1, how shall we start this? I can try to get you into contact with the (few) contacts I have. 13:36:06 <andreasn1> is there a trello card for it already? 13:36:13 <mvollmer> kind of 13:36:23 <mvollmer> https://trello.com/c/Be49zuYD/327-throw-everything-but-the-kitchen-sink-at-network-teams 13:36:37 <mvollmer> that's one option 13:36:52 <mvollmer> I just go and bring teams to the same level as bonds 13:36:54 <andreasn1> but yes, if we can get info from folks who know this stuff, that would be great 13:37:07 <mvollmer> and at the same time we try to make a better UI 13:37:10 <andreasn1> just send me the list of names 13:37:17 <mvollmer> alright 13:37:25 <andreasn1> I mean, you can send the list of names over e-mail 13:37:30 <mvollmer> yep 13:37:39 <andreasn1> nice! 13:38:12 <mvollmer> i am afraid that a really good and useful UI will need changes down in NetworkManager 13:38:26 <mvollmer> it doesn't really report any state of a team, for example 13:38:47 <andreasn1> lets see if we can push for that, but if not, we can do the best we can 13:38:58 <mvollmer> so you don't really know whether your active backup team is in backup mode right now 13:39:16 <mvollmer> (h, you can see the traffic...) 13:39:52 <mvollmer> so, we have a deadline for teams, since we promised this so that GNOME can take it out. 13:40:28 <mvollmer> because of that, I propose to work on the risk-free option as well: just put all those controls into the UI 13:40:43 <andreasn1> right 13:40:52 <mvollmer> and concurrently take the time to figure this out correctly 13:41:23 <andreasn1> yup 13:41:37 <mvollmer> it could even be as simple as asking a couple of people "look at what we have now, how can we improve this?" 13:41:40 <andreasn1> is the deadline for the GNOME 3.22 release? 13:41:52 <andreasn1> yeah 13:41:54 <mvollmer> Fedora 25, I guess 13:43:38 <andreasn1> code freeze for 3.22 is Sep 12: https://wiki.gnome.org/Schedule 13:44:00 <mvollmer> oho 13:44:26 <mvollmer> I'll hopefully be changing diapers then 13:44:39 <andreasn1> oh yes 13:44:41 <andreasn1> :) 13:45:16 <mvollmer> I'll prioritize teams over more docker storage stuff then. 13:45:47 <andreasn1> sounds good 13:46:20 <cockpitbot> 8 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-24/log.html 13:46:28 <achakrab> @mvollmer 13:46:33 <andreasn1> I'll start looking into the design 13:46:35 <achakrab> is there any chance i can speak with you today 13:46:40 <achakrab> on bluejeans? 13:46:53 <andreasn1> but in worst case, lets just make a separate "Team" button 13:47:06 <andreasn1> and have a bunch of extra nobs in there 13:47:13 <mvollmer> andreasn1, right 13:47:33 <mvollmer> achakrab, unfortunately not... 13:47:47 <achakrab> hmm okay 13:47:52 <achakrab> any time this week? 13:48:34 <mvollmer> yeah, I hope tomorrow... 13:48:39 <mvollmer> achakrab, do you have a PR open? 13:48:58 <achakrab> i do have a POC on 13:49:01 <achakrab> one* 13:49:06 <mvollmer> yep, #4774 13:49:32 <mvollmer> #topic AOB 13:49:45 <achakrab> yes 13:53:45 <andreasn1> AOB? 13:54:46 <mvollmer> any othe rbusiness 13:54:56 <mvollmer> none, I guess. :) 13:55:00 <mvollmer> #endmeeting