| 27 Nov 2024 |
 crertel | Wasn't one of the things from earlier this year folks not really knowing who was alerted when about 2.24 puckipedia thing? I don't have a lot of visibility into that, but audit logs of emails and touchpoints seem like they would've been helpful there when people were debugging later what went wrong.
The thing about manual cc'ing is that it makes it's a manual process, and any manual process will get goofed up eventually--so, a mailing list or some other automated system would probably help.
If I'm understanding you correctly, the biggest issue with a mailing list is the lack of PGP support for encrypted reports? Or did I misunderstand you? | 02:13:32 |
| crertel | * Wasn't one of the things from earlier this year folks not really knowing who was alerted when about 2.24 puckipedia thing? I don't have a lot of visibility into that, but audit logs of emails and touchpoints seem like they would've been helpful there when people were debugging later what went wrong.
The thing about manual cc'ing is that it makes ia manual process, and any manual process will get goofed up eventually--so, a mailing list or some other automated system would probably help.
If I'm understanding you correctly, the biggest issue with a mailing list is the lack of PGP support for encrypted reports? Or did I misunderstand you? | 02:13:57 |
| crertel | * Wasn't one of the things from earlier this year folks not really knowing who was alerted when about 2.24 puckipedia thing? I don't have a lot of visibility into that, but audit logs of emails and touchpoints seem like they would've been helpful there when people were debugging later what went wrong.
The thing about manual cc'ing is that it makes a manual process, and any manual process will get goofed up eventually--so, a mailing list or some other automated system would probably help.
If I'm understanding you correctly, the biggest issue with a mailing list is the lack of PGP support for encrypted reports? Or did I misunderstand you? | 02:14:05 |
 hexa | a list adds complexity, it can be done, but it is not a must | 02:15:13 |
| hexa | and if you asked puck she would probably tell you that these issues had nothing to do with the security team | 02:16:05 |
| hexa | * and if you asked puck she would probably tell you that these issues had nothing to do with this security team | 02:16:09 |
| crertel | ¯\_(ツ)_/¯ everybody sees a different part of the elephant lol | 02:17:00 |
| crertel | And then another question...looking at the github, I see a label for "status:wait-for-upstream"...is that for "there's nothing we as packagers can do on this except wait for the package to fix it"? | 02:17:06 |
| hexa | we did eventually package schleuder some time ago to look into an encrypted mailing list, but the priorities are just elsewhere right now | 02:17:19 |
| hexa | yes, means "nothing" we can do downstream | 02:17:46 |
| crertel | and schleuder would be...infra team, not security team, I'm guessing? | 02:18:08 |
| * hexa puts on his infra hat | 02:18:31 |
| crertel | lol | 02:18:44 |
| crertel | what're the current priorities re: infra? there's the ofborg decommissioning/move out of equinix, right? | 02:20:10 |
| hexa | replacing all that we loose at EOY to some degree | 02:21:34 |
| hexa | and long-term planning for a more sustainable future | 02:21:53 |
| hexa | upgrade hydra for more parallel build capacity | 02:22:15 |
| crertel | was there any progress/attempt at getting a little more time so y'all don't have to rush around the holidays? | 02:22:22 |
| hexa | and get the s3 bucket size and cost under control | 02:22:38 |
| crertel | (doing all this work with Christmas, New Years, and CCC coming up probably sucks and is stressful) | 02:22:49 |
| crertel | is there a deadline on the S3 thing, or is that just a known "we really need to fix this before it gets worse" sort of deal? | 02:23:25 |
| hexa | most of the work will be needed for ofborg either way, hydra's setup is just simple remote builders | 02:23:26 |
| crertel | ah, okay, so there's that at least! silver linings! | 02:23:42 |
| hexa | it costs money, do it sooner rather than later, before amazon stops sponsoring part of the bill | 02:24:01 |
| crertel | the current best solution for that is glacier for old stuff and a sort of general garbage collect, or did I read the wrong thing? | 02:24:55 |
| hexa | yeah | 02:26:24 |
| hexa | gc paths that are unreachable from channels | 02:26:39 |
| hexa | and put the rest into glacier | 02:26:45 |
| crertel | alright, I'll bug about schleuger then some other time...sounds like y'all got your hands full. | 02:28:25 |
| crertel | but, you had mentioned kinda that maybe security@ could be helpful another way? | 02:28:39 |
