Jump to: navigation, search

Difference between revisions of "Meetings/Swift"

(Add swiftclient SSL certificate validation topic)
(830 intermediate revisions by 45 users not shown)
Line 1: Line 1:
Meeting Time: Every other Wednesday at 19:00 UTC
+
{| class="wikitable"
 +
|-
 +
! '''2100 UTC Meeting'''
 +
|-
 +
| '''Next meeting:''' February 24th, 2021
 +
|-
 +
| '''Chair:''' timburke
 +
|-
 +
|
 +
<!-- List 2100UTC meeting items below here -->
 +
* Sharding backports
 +
** [https://review.opendev.org/q/topic:%22victoria-sharding%22+(status:open%20OR%20status:merged) Victoria]: 3 of 4 merged
 +
** [https://review.opendev.org/q/topic:%22ussuri-sharding%22+(status:open%20OR%20status:merged) Ussuri]: 0 of 12 merged
 +
** [https://review.opendev.org/q/topic:%22train-sharding%22+(status:open%20OR%20status:merged) Train]: 6 of 18 merged (rest need rebasing)
 +
* CORS tests
 +
** https://review.opendev.org/c/openstack/swift/+/533028
 +
* Shrinking
 +
* Relinker
 +
* from test.X import debug_logger
 +
** https://review.opendev.org/c/openstack/swift/+/772092
 +
* System-level read-only role
 +
** https://review.opendev.org/c/openstack/swift/+/771158 - keystone (merged)
 +
** https://review.opendev.org/c/openstack/swift/+/774539 - tempauth
 +
<!--
 +
** jerasure support in pyeclib/libec
 +
-->
 +
<!-- End 2100UTC meeting items -->
 +
|}
  
Next Meeting: Jan 8, 2014 (no meeting Dec 25)
+
{| class="wikitable"
 +
|-
 +
| '''Meeting Logs''' || http://eavesdrop.openstack.org/meetings/swift/2021/
 +
|-
 +
|'''Useful Commands'''|| #link #info #agreed #topic and #startmeeting
 +
|}
  
Agenda:
+
----
  
* python-swiftclient status
+
When adding an item, please include your IRC nickname with it.
  
* python-swiftclient SSL certificate validation, facts:
+
----
** Actual https client implementation does not validate server certificate with CA (and will blindly accept self-signed certificate which allow MITM attack).
 
** python-swiftclient have been removed from Debian testing because of this vulnerability.
 
** Fix is in progress (since Jun 2013): https://review.openstack.org/#/c/33473/.
 
  
* python-swiftclient SSL certificate validation, solutions:
+
[[Category:ObjectStorage]]
** Finish the fix in progress:
 
*** pro: it tackles both vulnerability (MITM and CRIME).
 
*** con: it implements a custom SSL validation just for swiftclient, and this is not a good idea as there's lots of sharp edges, and getting it wrong doesn't fail with obvious failures.
 
** Switch to request module
 
*** pro: common implementation which would remove complexity from swiftclient
 
*** con: does not implement the SSL compression disabling yet. (This open another vulnerability because of the CRIME attack, though it could be overcome by disabling compression at the server side)
 
 
 
* log #openstack-swift
 
** pro: lets people who don't use bouncers see what was said
 
** con: people are less free with opinions since it will live forever
 
 
 
* sysmeta status
 
 
 
* Swift 1.12.0 release
 

Revision as of 20:30, 24 February 2021

2100 UTC Meeting
Next meeting: February 24th, 2021
Chair: timburke
Meeting Logs http://eavesdrop.openstack.org/meetings/swift/2021/
Useful Commands #link #info #agreed #topic and #startmeeting

When adding an item, please include your IRC nickname with it.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Meetings/Swift&oldid=177740"