►
From YouTube: 2020-07-28 - Security Release as part of auto-deploy.
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
so
welcome
to
another
meeting
just
very
quickly:
let's
go
to
the
progress
updates.
I
am
currently
working
on
the
implementation
details.
They
are
all
outlined
on
the
issue
and
well,
I
have
some
up
and
merge
requests
that
are
on
review
right
now,
robert.
B
Yes,
so
continuing
the
auto
deployment
security
experiment.
Last
week
there
was
a
problem
with
deployment
tracking
that
we
seem
to
figure
that
out
now
where
we,
when
the
flag
is
enabled
we
track
both
in
security
on
the
auto
deploy
branch
and
then
also
create
another
deployment
on
canonical,
but
using
the
master
branch
so
that
the
merge
requests
still
get
notified.
B
There
was
a
problem
at
the
end
of
my
day
yesterday
that
I've
just
investigated
and
figured
out
what
cause
was
because
the
previous
deploy
in
security
prior
to
this
was
a
month
ago,
the
latest
deploy
thought
we
had
just
deployed
like
8
000
commits,
and
it
timed
out
trying
to
notify
all
of
those
merge
requests
so
yeah.
We
can
avoid
that
in
the
future
by
just
copying
the
latest,
deploy
from
canonical
to
security
and
continue
on
with
the
experiment.
B
I
would
like
to
turn
it
on
again,
probably
after
this
meeting
or
after
my
one-on-one
and
then
kind
of
just
babysit
it
for
the
rest
of
the
week.
So
we
can
kind
of
see
the
full
breadth
of
our
auto
deploy
stuff
working
with
the
flag
on
before
we
conduct
the
experiment.
For
myra's
work,
which
leads
us
to
myra's
experiment.
C
C
Okay,
maybe
if
it
fails
but.
C
Yeah,
maybe
if
it
fails
this
experiment
now,
like
the
next
time,
we
go
through
a
set
of
action
right,
creating
attack,
creating
a
branch,
cherry
picking,
blah
blah
and
so
long
yeah
ever
driven
development.
B
Yeah
no,
my
resident,
I
think
we
can
kind
of
build
a
plan
of
what
should
be
working
and
what
we
expect
to
work.
A
Okay,
so
moving
on
to
the
discussion,
so
I
have
broke
down
depending
items
that
we
need
before
starting
the
experiment.
A
So
the
first
one
is
going
to
depend
on
the
thing
that
robert
is
doing
right
now.
So
I
think
it
is
all
leading
down
to
having
the
auto
deploy
branch
on
security.
B
A
Awesome,
so
I
think
we
are
all
in
agreement
okay.
So
the
next
point
is
updating,
like
the
diverge
branches
between
canonical
and
security,
and
if
we
only
have
master
branch
between
those
two
master
receiving
regular
fixes
on
canonical
and
master
on
security
receiving
receiving
security
fixes,
I
think
they
can
be
updated
through
merge
train.
A
I
mean
in
the
event
we
have
to,
I
hope
not,
but
if,
if,
if
it
happens,
production
is
going
to
be
hot
patch,
a
merch
request
needs
to
be
created
on
canonical
and
merge
into
master,
and
then
the
merge
train
is
going
to
bring
those
changes
into
master
security.
So
I
believe
we
are
cover
unless
I
am
missing
something
in
the
big
picture.
There.
C
C
A
Yeah,
that
is
a
good
point,
since
we
don't
have
the
auto
deploy
branch
on
canonical.
I
think,
if
that
happens,
we
so
far.
We
are
going
to
need
some
manual
action
from
the
release
manager
to
pick
it
into
auto,
deploy
on
security,
unless
we
can
think
of
something
like
this
20
minutes
to
make
it
more
automated.
A
D
Yeah-
that's
probably
fine,
oh!
So
if
we
enable
your
experiment
today,
robert
so
we're
saying
that
for
the
next
week
any
hot
patches
would
have
a
manual
action
on
them.
C
Let's
call
them,
as
speaking
to
auto,
deploy,
merge,
requests,
something
like
that.
Like.
B
C
That's
the
main
problem
I
mean
what
we
could
do
also
is
to
see
what
how
big
of
a
problem
this
will
actually
be
meaning
take
a
look
from
the
moment
we
created
daily,
auto
deploys,
take
a
look,
how
many
actual
cherry
picks
we
did
in
the
auto
deploy
branch
compared
to.
C
I
don't
know
a
month
before
that
when
we
had
two
times
a
week,
but
that
feels
like
just
a
lot
of
work
together
already
what
we
kind
of
feel
in
our
guts,
which
is
it's
gonna,
be
really
annoying
and
frustrating
in
a
situation
where
everyone
is
already
almost
in
the
incident-like
situation.
A
I
understand
so
yeah
yeah,
I
I
understand
so
if
we
are
going
to
have
enabled
they
have
to
deploy
branch
of
security
after
this
meeting
or
after
roberts
one
on
one,
I
think
we
can
just
confirm
how
it's
going
to
behave
right.
We
can
just
cherry
pick
something
and
see
propagates
to
security
and
well
analyze
that
situation.
D
D
A
Probably,
if
someone
well
not
someone
if
a
critical
security
release
is
triggered,
that
might
complicate
things
a
bit
because
the
fixes
will
be
already
on
master
and
then
a
critical
security
fix
will
also
be
merging
to
master.
And
then
the
critical
release
will
contain
all
the
security
fixes
merged
so
far,
plus
the
critical
security
fix,
which
it
might
not
be.
What
is
expected,
but.
A
C
C
Okay,
so
so
sorry,
just
to
to
to
answer
amy's
question,
I
can't
imagine
anything
so
we
have
a
situation
covered
where
we
need
to
rush
through
a
fix
to
deploy
we're
going
to
confirm
that
next
there
are
no
other
situations
that
we
are
handling
day
to
day.
It
is
deploy
what
is
deployed
in
autodeploy
branch
during
the
day
right,
like
security
releases
from
the
sides.
Critical
security
security
release
is
the
topic
critical
security
release.
C
I
guess
the
worst
possible
thing
that
can
happen
is
that
I
think
I
have
a
the
worst
possible
thing
that
can
happen.
Merge,
train,
merges
from
canonical
master
into
security
master
and
because
of
the
way
merge
train
is
made
it's
going
to
ignore
the
source
conflict.
So
there
is
a
conflict
between
the
merge
and
I
think
we
use
ours
strategy
in
merge
train,
which
means
that
the
the
the
target
wins,
no,
the
source
wins,
which
means
source
wins,
which
would
mean
that
canonical
would
override
some
of
the
security
fixes
inside
of
master
branch
insecurity.
C
D
A
B
C
I
think
that
would
be
great
for
this
specific
case.
I
know
we're
not
doing
that
for
foss,
but
for
us
we
have
a
bit
more
room
to
react
for
auto
deploys.
We
are
on
a
super
tight
schedule
and
anything
that
would
slip
past
us
and
us
not
having
the
test
coverage
that
we
need
to
have
the
integration
test
coverage.
It
would
be
very
scary.
A
So
if
it
fails
and
how
do
we
notice
that
it
failed.
B
We
do
get
pipeline
failure,
notifications
in
slack
for
merge
strain,
but
they
might
not
be.
I
worry,
they're
not
forceful
enough
like
it.
Just
it
just
looks
like
a
pipeline
failure.
It's
not
necessarily
like
hey.
This
failed
because
there's
a
conflict
in
this
critical
branch.
C
We
haven't
had
one
in
a
while.
That's
why
you're
asking
this,
because
it
usually
works
fine,
but
you
know
that
as
soon
as
we
enable
this
next
week,
it's
gonna
break
right.
That's
how
it
works
the
world
in
the
world's
possible
moment,
so
it
might
be,
might
be
worthwhile
verifying
that
as
well,
that
it
failed
fails
loudly
and
that
we
have
some
notification
and
then
I
guess
the
action
item.
What
is
the
action
item
then
create
a
merge
request
from
canonical
mastering
to
security
master,
resolve
the
conflict
and
have
someone
review
right.
B
D
B
C
D
A
Yeah,
that
was
a
part
of
my
next
point,
so
there
is
like
another
item
that
we
need
to
do
that
are
like
the
implementation
details
that
actually
like
to
implement
this
in
our
tooling,
but
well,
we
are
working
towards
it,
so
nothing
that
complicated
okay.
So
the
next
point
is
like
actually
like
running
the
experiment,
so
the
merch
request,
targeting
master,
will
be
merged
when
the
chat
ups
command
is
executed.
A
So
now
that,
given
that
me
and
robert
are
both
like
in
a
in
america
time
zone,
I
propose
that
we
execute
that
command
on
our
time
zone,
whether
manually
or
by
a
pipeline
schedule.
A
D
C
No,
I'm
not
I'm
not
worried.
I
think
it's
a
good
approach
to
be
a
bit
more
careful.
C
C
This
is
how
you
go
back
and
we'll
take
a
look
at
how
to
get
out
of
it
rather
than
leaving
a
decision
in
the
europe
time
to
try
to
dismantle
this
whole
situation.
A
Yes,
yes,
you
are
so
I
think
it
is
worth
clarifying
that
there
are
probably
two
things
here.
The
first
one
is
the
auto
deployment
security
that
creates
the
auto
deploy
branch
only
on
security,
but
it
does
not
execute
the
command
the
chat
ups
command.
We
still
don't
have
an
implementation
on
that,
so
that
one,
I
think
we
can
lift,
leave
it
on
on
friday.
Unless
something
happens
and
the
chat
ups
command.
A
C
B
Myra
one
thing
we
talked
about
that,
I
don't
know
if
we
ever
made
a
decision
on
is
what
do
we
do
in
the
event
that
we
like?
We
merge
something:
we'd
merge
a
security,
mastermind
request
and
then
at
some
point
we
have
to
abandon
this
experiment.
How
do
we?
What
do
we
do
with
master
at
that
point?
Do
we
just
sync
it
until
it's
time
for
the
actual
release.
A
Yeah,
I
think
we
talked
about
it
briefly
on
one
comment
and
well,
my
answer
was
not
a
very
good
one.
Right
like
I
was
saying
that,
since
the
security
release
is
about
to
start,
perhaps
having
diverge
branches
between
canonical
and
security
for
two
days
is
not
going
to
be
the
end
of
the
world.
A
So,
returning
to
your
point
marine,
I
mean
if
time
allows
we
can
try
to
merge
something
on
friday.
A
C
So
the
thing
is
the
the
thing
that
concerns
me
there
is
that
will
one
day
be
enough
for
this
experiment,
which
is
effectively
what
you
have
if
you
do
monday,
your
time,
you
have
your
work
day
and
then
the
second
workday
as
well
is
two
days
enough
to
do
this.
If
we
start
a
tiny
bit
early,
no
one
is
going
to
be
affected,
but
we
have
a
bit
of
a
longer
period
that
is
also
safe
when
it
comes
to
deployment.
C
If
it
complicates
things,
it
might
be
easier
to
just
keep
on
with
your
plan.
I
think
your
plan
is
good.
I
was
just
thinking
like
how
can
we
get
a
bigger
bank
for
a
buck
and
we
want
to
do
these
experiments
like
to
wait
for
another
month
to
do
the
next
one,
because
we
forgot
an
edge
case
or
something
like
that.
I
would
want
to
get
all
the
data.
C
We
need
right
now,
obviously
as
much
as
possible
and
then
have
the
next
security
release,
be
not
an
experiment
but
a
regular
process,
because
the
our
return
cycle
right,
like
feedback
cycle,
is
really
long
like
it's
a
a
one-month
cycle
which
you
know
exactly
matter.
How
that
affects
your
development,
I
don't
want
you
to
work
on
these
things
for
the
next
six
months
is
basically
both
you
and
robert
robert
is
gonna
turn
a
year
really
soon
on
dealing
with
security
staff.
A
C
You
started
in
your
shift.
Sorry
if
I
misunderstood
you,
but
like
you
started
in
your
shift
on
friday
right,
so
you
have
a
full
friday.
We
have
the
weekend
and
then,
if
something
does
happen,
past
your
schedule
over
the
weekend,
we
give
you
some
directions
on
monday
morning
or
in
his
case
afternoon,
to
to
react
right
like
to
do
something
to
unblock
the
deploys
or
right
until
you
come
online.
Basically,
both
of
you.
A
A
Okay,
so
we
have
four
minutes
to
wrap
up
the
meeting.
I
guess
the
next
items
is
that
well
robert.
I
think
you
already
confirmed
that
something.
B
B
C
A
Works.
Okay,
so
robert,
can
you
take
care
of
that
of
confirming
that
all
this
auto
deploy
path
works?
And
if
you
can
also
help
me
with
the
merge
train
like
to
configure
between
the
canonical
master
and
the
security
master,
because
I
think
last
time
we
configured
to
have
security
security
master
right?
A
Okay,
and
so
I
can
continue
working
on
the
implementation
details.
A
Oh
yes,
so
I
was
saying
that
if
you
can't
take
care
of
confirming
that,
when
a
merch
request
is
merged
into
canonical,
it
can
also
be
like
included
on
the
auto
deploy
branch
on
security,
because
the
branch
on
canonical
won't
exist,
which
I
think
you
already
confirmed.
Something.
A
Yes,
so
that
is
one
thing
and
another
one
is
to
configure
the
merge
train
from
canonical
master
to
security
master,
because
I
think
the
last.
The
last
example
of
what
I
saw
is
what
that
we
were
using
security,
slash
master
on
security,
and
we
now
need
to
use
security
master.
A
Does
that
clarify
things
a
bit
robert
cool
and
then
I
will
take
care
of
the
implementation
details
that
are
missing,
and
I
also
need
to
update
the
agenda
without
the
things
that
discussed
awesome.
So
I
think
we
are
on
time
well,
thank
you,
everyone
for
joining,
and
I
will
see
you
around.