Our virtual user conference SaltConf21 will be November 3-4! Call for Speakers will be open June 14 - July 26.

Open Hour 2020-APR-23

Agenda

  • Salt News & Updates
  • CVE Release & Response
  • Towncrier and Changelog
  • PR Port Jam
  • Open Community Discussion & Questions

Salt News & Updates

Cassandra Faris

CVE Release & Response

Moe Anderson

  • A security vulnerability has been identified that is classified as a high priority (critical)
  • Team has been working on making a CVE release available and wants people to know that’s coming out next Wednesday, 4/29. It will be titled 3000.2. There will also be support for 2019.2.
  • Full details will be exposed soon, in the mean time, we’ll be sharing information that guides people to precautionary actions. Following Hardening Salt guide will help ensure that security vulnerabilities are minimized (https://docs.saltstack.com/en/latest/topics/hardening.html#general-hardening-tips)
  • A Salt upgrade will be required in order to implement this

Towncrier & Changelog

Megan Wilhite

  • Last week, we discussed Towncrier vs. conventional commits. Goal is to make the changelog more readable. We’ll be taking the Towncrier approach
  • Towncrier PR will be out and include documentation on what will change when making commits

PR Merge Jam Discussion

  • Internal PR Merge Jam
    • During the internal PR Merge Jam, the core team merged 104 outstanding community PRs into the Sodium release. The PR backlog is now at ~300 items from the ~900 at the beginning of the release
    • The team will do one more crack at ports, then have community help with what’s left behind and should be part of the sodium
  • Community PR Merge Jam
    • We will set aside a block of time, identify PRs, assign them out, and work together on them
    • Knowing which are higher priorities would be helpful, right now some are taking the approach of working from oldest to newest.
    • During the internal jam, we discovered that a number of ports were already merged or made unnecessary since they were superseded by something more recent. It would be helpful for people to look at the backlog and verify whether something still needs ported
    • PR Ports Project Board: https://github.com/saltstack/salt/projects/5 – will create a dedicated board for that jam