| *** patersonc has quit IRC | 06:35 | |
| *** yoshidak[m] has quit IRC | 06:35 | |
| *** patersonc has joined #cip | 06:41 | |
| *** rajm has joined #cip | 06:45 | |
| *** yoshidak[m] has joined #cip | 06:55 | |
| *** monstr has joined #cip | 07:11 | |
| *** masashi910 has joined #cip | 08:11 | |
| *** fujita has joined #cip | 08:47 | |
| *** pavelm1 has joined #cip | 08:59 | |
| masashi910 | #startmeeting CIP IRC weekly meeting | 09:00 |
|---|---|---|
| brlogger` | Meeting started Thu Oct 8 09:00:00 2020 UTC and is due to finish in 60 minutes. The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot. | 09:00 |
| brlogger` | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 09:00 |
| brlogger` | The meeting name has been set to 'cip_irc_weekly_meeting' | 09:00 |
| *** brlogger` changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | #topic rollcall | 09:00 |
| *** brlogger` changes topic to "rollcall (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | please say hi if you're around | 09:00 |
| pavelm1 | hi | 09:00 |
| wens | hi | 09:00 |
| masashi910 | Today yoshidak[m] and iwamatsu are not here, so I will share their status. | 09:01 |
| masashi910 | #topic AI review | 09:01 |
| *** brlogger` changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 09:01 | |
| masashi910 | 1. Combine root filesystem with kselftest binary - iwamatsu | 09:01 |
| masashi910 | Quote from Iwamatsu-san "No update." | 09:01 |
| masashi910 | 2. Check whether CVE-2020-25284 needs to be backported to 4.4-rt | 09:01 |
| masashi910 | -> Delete rbd ( Ceph block device ) from 4.4-rt x86 config - iwamatsu | 09:01 |
| masashi910 | -> Done, so I close it. | 09:01 |
| masashi910 | https://lore.kernel.org/cip-dev/OSBPR01MB29833C0DA59C4F77B159DE2492300@OSBPR01MB2983.jpnprd01.prod.outlook.com/ | 09:02 |
| masashi910 | any other topics? | 09:02 |
| masashi910 | 3 | 09:02 |
| masashi910 | 2 | 09:02 |
| masashi910 | 1 | 09:02 |
| masashi910 | #topic Kernel maintenance updates | 09:02 |
| *** brlogger` changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 09:02 | |
| masashi910 | == Quote from iwamatsu == | 09:02 |
| masashi910 | I reviewed 4.4.y-rc. | 09:02 |
| masashi910 | ==== | 09:02 |
| pavelm1 | I have released v4.19.148-cip35-rt15, and reviewed 4.19.150. | 09:02 |
| wens | Five new CVEs: | 09:03 |
| wens | - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for | 09:03 |
| wens | mainline and 4.19+ | 09:03 |
| wens | - This is enabled in Siemens x86 configs for both 4.4 and 4.19 | 09:03 |
| wens | and we should probably backport them. | 09:03 |
| wens | - CVE-2020-25643 [hdlc_ppp] - Fixed in all current stable kernels | 09:03 |
| wens | - CVE-2020-26541 [UEFI secure boot] - Fix posted but hasn't landed | 09:03 |
| wens | I also reviewed some patches from Daniel for cip-kernel-sec on the mailing list | 09:03 |
| masashi910 | pavelm1, wens: Thanks for your reports! | 09:03 |
| pavelm1 | v4.19.148-cip35-rt15 has problems on arm64_renesas. | 09:04 |
| pavelm1 | Question is if we should release -rt16 cca next week to fix them. | 09:04 |
| masashi910 | pavelm1: Thanks for raising this. Does anyone have any opinion? | 09:05 |
| patersonc | If it's not too much hassle it may be worth doing. | 09:05 |
| patersonc | We should try and keep things working on our reference platforms if possible imho | 09:06 |
| pavelm1 | I was wondering if someone is using realtime branch on renesas. | 09:06 |
| patersonc | Renesas is. We have a RT version of our BSP based on cip-rt. | 09:07 |
| pavelm1 | Ok. | 09:07 |
| patersonc | That said, we don't follow every release, so it's not a showstopper for us | 09:07 |
| pavelm1 | So I'll do -rt16 when new -cip is available. | 09:07 |
| masashi910 | pavelm1, patersonc: Thanks for your discussion. | 09:07 |
| patersonc | Thank you for your efforts pavelm1 | 09:07 |
| masashi910 | Any other topics? | 09:09 |
| masashi910 | wens: BTW, you mention that - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for | 09:10 |
| masashi910 | <wens> mainline and 4.19+ | 09:10 |
| wens | yes. | 09:10 |
| pavelm1 | i40e stuff. I'll take a look. | 09:10 |
| wens | i40e is a high-end 10/40G ethernet adapter | 09:10 |
| masashi910 | wens: Does it mean LTS4.4 backporting might be needed? | 09:10 |
| wens | makes sense Siemens might use it on their servers | 09:10 |
| pavelm1 | If someone has git hashes, that is more useful than CVE numbers. | 09:10 |
| wens | the hashes are in cip-kernel-sec | 09:11 |
| wens | just a min. | 09:11 |
| pavelm1 | Ok, let's talk after the meeting. | 09:11 |
| pavelm1 | I'll need to learn to pull them myself. | 09:11 |
| wens | https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/75/diffs | 09:11 |
| wens | so the annoying thing about this group of CVEs is that Intel failed to tag the mainline patches | 09:12 |
| pavelm1 | Thank you. | 09:12 |
| wens | they later requested backports of four patches # https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html | 09:12 |
| masashi910 | wens, pavelm1: thanks. If needed, let's discuss offline. | 09:12 |
| pavelm1 | wens: Well, that used to be common policy. Don't talk about CVEs in commit logs. | 09:12 |
| wens | but it is unclear which patch fixes what issue, or whether they are sufficient | 09:12 |
| wens | pavelm1: I meant they didn't add Fixes tags | 09:13 |
| wens | masashi910: ok | 09:13 |
| masashi910 | Thanks for your works! | 09:13 |
| wens | pavelm1: I won't be around after the meeting, so please send me an email. | 09:13 |
| pavelm1 | wens: aha. That's unfortunate :-(. | 09:13 |
| masashi910 | so, shall we move on? | 09:13 |
| wens | sure. | 09:13 |
| masashi910 | Thanks. | 09:13 |
| masashi910 | #topic Kernel testing | 09:14 |
| *** brlogger` changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 09:14 | |
| patersonc | Hi, sorry | 09:14 |
| masashi910 | Chris-san, please. | 09:14 |
| patersonc | I've started work on upgrading our LAVA master + workers to the latest version of lava-docker/lava | 09:14 |
| patersonc | https://gitlab.com/cip-project/cip-testing/lava-docker/-/merge_requests/28 | 09:14 |
| patersonc | Now just waiting on feedback before merging. Then we'll need to schedule a time to do the upgrade on production | 09:14 |
| patersonc | That's about it from me I think... | 09:14 |
| masashi910 | patersonc: Thanks for your works! | 09:15 |
| masashi910 | any other topics? | 09:15 |
| masashi910 | 3 | 09:15 |
| masashi910 | 2 | 09:15 |
| masashi910 | 1 | 09:15 |
| masashi910 | #topic CIP Security | 09:15 |
| *** brlogger` changes topic to "CIP Security (Meeting topic: CIP IRC weekly meeting)" | 09:15 | |
| masashi910 | == Quote from yoshidak[m] == | 09:15 |
| masashi910 | Both minor updates were once reported, but since they are protracted, I will summarize again here. | 09:15 |
| masashi910 | Major updates: | 09:15 |
| masashi910 | There is no major update this week. | 09:15 |
| masashi910 | Minor updates: | 09:15 |
| masashi910 | 1. Gap assessment for the development process (IEC 62443-4-1): | 09:15 |
| masashi910 | The report from the certification body, whether development process for OSS meets to the IEC 62443-4-1 standard, is delayed. | 09:15 |
| masashi910 | But, perhaps we can get it the end of this week. | 09:15 |
| masashi910 | And then, we'll plan to share the documents on the development process that reflects the feedback from the report. | 09:15 |
| masashi910 | 2. Gap assessment for security features of security packages we suggested (IEC 62443-4-2): | 09:15 |
| masashi910 | We started review security features of security packages we suggested to add as CIP core packages. | 09:15 |
| masashi910 | The completion date is scheduled by the end of December. | 09:15 |
| masashi910 | any other topics? | 09:16 |
| masashi910 | 3 | 09:16 |
| masashi910 | 2 | 09:16 |
| masashi910 | 1 | 09:16 |
| masashi910 | #topic AOB | 09:16 |
| *** brlogger` changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 09:16 | |
| masashi910 | Are there any business to discuss? | 09:16 |
| pavelm1 | I guess we should talk to Siemens. | 09:16 |
| pavelm1 | Their kernel config contains... everything. | 09:16 |
| wens | the x86 ones? | 09:17 |
| pavelm1 | It would be good to strip it down, so we can focus on things they actually use. | 09:17 |
| pavelm1 | Yes, x86: siemens_server_defconfig. | 09:17 |
| masashi910 | pavelm1: OK, then, shall I ask them? | 09:17 |
| wens | they probably used some generic one as the template :( | 09:17 |
| pavelm1 | masashi910: Yes please, that would be nice. | 09:17 |
| pavelm1 | CONFIG_NE2K_PCI=m is example of driver they probably don't use. | 09:18 |
| wens | rofl | 09:18 |
| masashi910 | pavelm1: Sure! | 09:18 |
| pavelm1 | Thank you! | 09:18 |
| masashi910 | Welcome! | 09:18 |
| masashi910 | So, if there are no other topics, let's close the meeting today. | 09:19 |
| masashi910 | 3 | 09:19 |
| masashi910 | 2 | 09:19 |
| masashi910 | 1 | 09:19 |
| masashi910 | #endmeeting | 09:19 |
| brlogger` | Meeting ended Thu Oct 8 09:19:34 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 09:19 |
| brlogger` | Minutes: https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.html | 09:19 |
| brlogger` | Minutes (text): https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.txt | 09:19 |
| brlogger` | Log: https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.log.html | 09:19 |
| *** brlogger` changes topic to "Civil Infrastructure Platform Project. Find the logs at https://irclogs.baserock.org/cip/" | 09:19 | |
| pavelm1 | Thank you, stay safe. | 09:19 |
| masashi910 | Thanks, Bye! | 09:19 |
| pavelm1 | wens: You gave me pointer to the git, I think I can find it now. Thanks! | 09:19 |
| wens | pavelm1: ok :) | 09:21 |
| *** masashi910 has quit IRC | 09:43 | |
| *** fujita has quit IRC | 09:52 | |
| *** pavelm1 has quit IRC | 10:03 | |
| *** monstr has quit IRC | 16:20 | |
| *** rajm has quit IRC | 22:01 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!