Flock 2018: Day 3
Day 4 jumped right into sessions: Protecting the batcave against the Joker: Fedora infra hardening workshop Michael Scherer. Some interesting vulnerabilities that misc found (but did tell us about in advance), and how they were found and some ideas to help mitigate such things moving forward. The big one was a predictable git checkout in tmp, so we could add noexec to tmp and/or do seperate tmp for all users. Running ansible-lint also is something we should really look at doing. After that I again jumped to hallway track, and then a team lunch, which I was late getting back from. After running back late from lunch I got to the Fedora Infrastructure hacking and planning and hacking workshop session. I wrote up a bunch of areas we wanted to talk about or work on in the coming year. There really wasn't too much discussion on most of them, they were all things we knew we wanted to do it's just a matter of doing them. Neal Gompa did a live demo of the current pagure 5.0 themes and appearence. It looks nice! The list was:
- new cloud - this is just very very close, so we decided to finish it asap.
- project tracking - I will setup a test for this once pagure 5.0 is out.
- replace nagios - many people suggested we look at zabbix again.
- CAIAPI/noggin - asked folks to file requests for features
- Repospanner - very close to existing, just need to finish it off.
- fedora messaging - abompard gave us a overview of where we are and we discussed corner cases like FMN and datanommer.
- sigul 1.0 - pretty much done we just need to have a flag day to update everything in step (since it's not compatible with 0.9)
- copr - we discussed plans to move parts of copr into main infra. Possiblly frontend in openshift and dist git and keysign replaced by sigul.
- python3 all the things
- more openshift
- more ci stuff
- javascript frameworks