13:00:27 #startmeeting meeting 13:00:27 Meeting started Mon Aug 1 13:00:27 2016 UTC. The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:27 Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:00:27 The meeting name has been set to 'meeting' 13:00:36 .hello mvo 13:00:37 mvollmer: mvo 'Marius Vollmer' 13:00:44 .hello andreasn 13:00:45 andreasn1: andreasn 'Andreas Nilsson' 13:01:05 .hello harishanand 13:01:06 harish: harishanand 'Harish Anand' 13:01:39 #topic Agenda 13:01:44 .hello larsu 13:01:45 larsu: larsu 'Lars Uebernickel' 13:01:55 ah! Another place to change my name :) 13:02:37 * timers 13:03:20 larsu: this will haunt you for years 13:03:28 larsu, congratulations! 13:03:30 uh oh :) 13:03:33 thanks! 13:03:42 larsu, I forgot your new name already again! :) 13:03:43 I imagine it's like chaning address x100 13:03:49 yes, contratulations! 13:04:21 thanks! 13:04:26 congrats larsu!! 13:04:27 mvollmer: Lars Karlitski 13:04:33 thanks harish! 13:05:07 larsu, thanks! I am sure I will have to ask a couple of times more... 13:05:14 * atomic scan 13:05:34 * network teams 13:06:30 6 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-atomic/log.html 13:07:29 alright 13:07:36 #topic timers 13:07:47 andreasn i have added the warning message shown when a user selects 31st of every month. 13:08:06 Is "better avoid end of month days like 31st" okay? 13:08:20 #link https://github.com/cockpit-project/cockpit/pull/4645 13:08:35 ah yes, I just saw 13:08:46 I think the sentence needs to be tweaked slightly 13:08:51 but in general looks good 13:09:05 yeah i though so, i was waiting on dperpeet's input on that 13:09:09 thought* 13:09:51 dperpeet andreasn I have avoided the usage of ServerTime from host.js because it uses dbus while petervo suggested on getting time by spawning. 13:09:57 I have done that and added the tests. 13:10:14 nice 13:10:15 the test doesn't check for a boot timer and no-repeat timer. I will add those tomorrow 13:10:22 rest like repeat hourly, daily, weekly, monthly and yearly and error inputs are checked. 13:10:24 @andreasn1 13:10:26 hi 13:10:37 i've started looking into the design model 13:10:53 2 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-23/log.html 13:10:55 hi! nice! it's further down in the meeting agenda 13:10:58 so lets take it when it comes 13:11:06 okay sure 13:11:18 please just let me know when it comes up 13:11:27 and here is my blog. https://medium.com/@harishanand95/gsoc-week-8-different-dates-issue-testing-41a582ce2aa6#.43jjmtwuv 13:12:48 mvollmer larsu if you have other ideas you could think of on the issue i talked in the blog, just tell me. 13:14:12 hm? why is the time of the test machine considered at all? 13:14:42 (this can probably wait until after the meeting) 13:15:04 larsu, where phantomjs runs matters for browser date 13:15:46 oh for testing we have to select a future time and then check for all cases from there, so i have to set test machine's time. 13:17:05 larsu petervo_ we can have it discussed after meeting? 13:17:11 yes 13:17:46 okay end of topic mvollmer 13:17:52 thanks! 13:17:56 #topic atomic scan 13:18:34 so me, achakrab and dwalsh met on friday and went over the designs 13:19:14 https://raw.githubusercontent.com/cockpit-project/cockpit-design/master/containers/container-security-scanning.png 13:19:29 yeah based on what i understood from the meeting, cockpit is still undergoing changes so it's better to wait before some of the design model is implemented 13:19:29 and we indentified some smaller things that needs to be fixed 13:19:34 like working and such 13:20:04 working/wording 13:20:27 that's a lot of red! :) 13:21:20 since the listing view is not on the containers page yet, that part will be harder to implement 13:21:34 but the box with the scan action and the settings can be implemented today 13:21:43 today/right away 13:21:46 andreasn1, so I was thinking... 13:21:57 @andreasn1, so i can implement the box with scan action 13:22:00 ? 13:22:15 [cockpit] stefwalter opened pull request #4809: test: Make --sit argument on test/containers/run-tests work (master...containers-run-tests-sit) https://git.io/v6vpn 13:22:15 whether or not a image or container is vulnerable is a static property 13:22:22 no? 13:22:37 achakrab: yes 13:22:47 mvollmer: how do you mean? 13:22:49 i mean, once you scan an image, scanning it again will just give the same answer, no? 13:23:11 so you would want to scan images that have never been scanned 13:23:16 mvollmer: no, because since you did the scan, another vunerability might have happened 13:23:24 discovered? 13:23:45 so the scanner might have changed, or the image? 13:23:57 like if I did a scan last week, and heartbleed came up, it won't show that shellshock came up yesterday 13:24:01 until I scan again 13:24:04 right 13:24:09 if I understood things correctly at least 13:24:20 but I might have gotten something backwards 13:24:21 but cockpit can know when scanning is necessary, right? 13:24:29 when the scanner database has been updates 13:24:32 *updated 13:24:38 3 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-testing/log.html 13:24:48 or in other words, how does the user know when to hit "scan again"? 13:25:31 yeah because right now the information will be based on a previous scan 13:25:41 so if a new vulnerability is present in a container or image 13:25:54 then it wouldn't show up until you scan again 13:25:59 is scanning an expensive process? 13:26:34 not super expensive I think, ideally it would happen ASAP and automated 13:26:40 right 13:27:01 can we give a hint that scanning is now a useful thing to do? 13:27:05 right now it's possible to set it up so it scans say, once a day, once a week, or maybe once an hour 13:27:11 like: new image or container: scan it! 13:27:21 and: vuln db updated, scan again! 13:27:33 where is the vuln db? 13:27:49 it's this massive tar.gz 13:28:01 that comes in a rpm or ostree, right? 13:28:09 not sure 13:28:31 anyway, maybe we should not go on here. 13:28:55 but yeah, if there was a way for everything to be scanned again once the db got updated somehow, that would be a superior model I think 13:28:57 it 13:29:07 it's an interesting idea, but not sure if it's possible or not 13:29:38 you could then call scan --all 13:29:45 yeah 13:29:46 once the db ever gets updated right? 13:29:59 by db you mean if any images are added to the repo 13:30:02 ? 13:30:20 no, the csv database 13:30:36 okay 13:31:14 also @andreasn1, we are also looking at highlighting vulnerable images and containers red right? 13:31:21 yes, that is key 13:31:26 right okay 13:31:39 i'm working on getting the list of containers from the dbus api 13:31:48 cool 13:33:23 next topic? 13:34:39 #topic network teaming 13:35:11 so, couple of weeks ago we decided to attack this properly, with use cases and mockups, and black jack 13:35:52 andreasn1, how shall we start this? I can try to get you into contact with the (few) contacts I have. 13:36:06 is there a trello card for it already? 13:36:13 kind of 13:36:23 https://trello.com/c/Be49zuYD/327-throw-everything-but-the-kitchen-sink-at-network-teams 13:36:37 that's one option 13:36:52 I just go and bring teams to the same level as bonds 13:36:54 but yes, if we can get info from folks who know this stuff, that would be great 13:37:07 and at the same time we try to make a better UI 13:37:10 just send me the list of names 13:37:17 alright 13:37:25 I mean, you can send the list of names over e-mail 13:37:30 yep 13:37:39 nice! 13:38:12 i am afraid that a really good and useful UI will need changes down in NetworkManager 13:38:26 it doesn't really report any state of a team, for example 13:38:47 lets see if we can push for that, but if not, we can do the best we can 13:38:58 so you don't really know whether your active backup team is in backup mode right now 13:39:16 (h, you can see the traffic...) 13:39:52 so, we have a deadline for teams, since we promised this so that GNOME can take it out. 13:40:28 because of that, I propose to work on the risk-free option as well: just put all those controls into the UI 13:40:43 right 13:40:52 and concurrently take the time to figure this out correctly 13:41:23 yup 13:41:37 it could even be as simple as asking a couple of people "look at what we have now, how can we improve this?" 13:41:40 is the deadline for the GNOME 3.22 release? 13:41:52 yeah 13:41:54 Fedora 25, I guess 13:43:38 code freeze for 3.22 is Sep 12: https://wiki.gnome.org/Schedule 13:44:00 oho 13:44:26 I'll hopefully be changing diapers then 13:44:39 oh yes 13:44:41 :) 13:45:16 I'll prioritize teams over more docker storage stuff then. 13:45:47 sounds good 13:46:20 8 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-24/log.html 13:46:28 @mvollmer 13:46:33 I'll start looking into the design 13:46:35 is there any chance i can speak with you today 13:46:40 on bluejeans? 13:46:53 but in worst case, lets just make a separate "Team" button 13:47:06 and have a bunch of extra nobs in there 13:47:13 andreasn1, right 13:47:33 achakrab, unfortunately not... 13:47:47 hmm okay 13:47:52 any time this week? 13:48:34 yeah, I hope tomorrow... 13:48:39 achakrab, do you have a PR open? 13:48:58 i do have a POC on 13:49:01 one* 13:49:06 yep, #4774 13:49:32 #topic AOB 13:49:45 yes 13:53:45 AOB? 13:54:46 any othe rbusiness 13:54:56 none, I guess. :) 13:55:00 #endmeeting