►
From YouTube: 2020-07-28 - Security Release as part of auto-deploy.
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Yes,
so
continuing
the
auto
deployment
security
experiment.
Last
week
there
was
a
problem
with
deployment
tracking
that
we
seem
to
figure
that
out
now
where
we,
when
the
flag
is
enabled
we
track
both
in
security
on
the
auto
deploy
branch
and
then
also
create
another
deployment
on
canonical,
but
using
the
master
branch
so
that
the
merge
requests
still
get
notified.
B
There
was
a
problem
at
the
end
of
my
day
yesterday
that
I've
just
investigated
and
figured
out
what
cause
was
because
the
previous
deploy
in
security
prior
to
this
was
a
month
ago,
the
latest
deploy
thought
we
had
just
deployed
like
8
000
commits,
and
it
timed
out
trying
to
notify
all
of
those
merge
requests
so
yeah.
We
can
avoid
that
in
the
future
by
just
copying
the
latest,
deploy
from
canonical
to
security
and
continue
on
with
the
experiment.
B
I
would
like
to
turn
it
on
again,
probably
after
this
meeting
or
after
my
one-on-one
and
then
kind
of
just
babysit
it
for
the
rest
of
the
week.
So
we
can
kind
of
see
the
full
breadth
of
our
auto
deploy
stuff
working
with
the
flag
on
before
we
conduct
the
experiment.
For
myra's
work,
which
leads
us
to
myra's
experiment.
C
A
B
A
Awesome,
so
I
think
we
are
all
in
agreement
okay.
So
the
next
point
is
updating,
like
the
diverge
branches
between
canonical
and
security,
and
if
we
only
have
master
branch
between
those
two
master
receiving
regular
fixes
on
canonical
and
master
on
security
receiving
receiving
security
fixes,
I
think
they
can
be
updated
through
merge
train.
A
I
mean
in
the
event
we
have
to,
I
hope
not,
but
if,
if,
if
it
happens,
production
is
going
to
be
hot
patch,
a
merch
request
needs
to
be
created
on
canonical
and
merge
into
master,
and
then
the
merge
train
is
going
to
bring
those
changes
into
master
security.
So
I
believe
we
are
cover
unless
I
am
missing
something
in
the
big
picture.
There.
C
C
A
Yeah,
that
is
a
good
point,
since
we
don't
have
the
auto
deploy
branch
on
canonical.
I
think,
if
that
happens,
we
so
far.
We
are
going
to
need
some
manual
action
from
the
release
manager
to
pick
it
into
auto,
deploy
on
security,
unless
we
can
think
of
something
like
this
20
minutes
to
make
it
more
automated.
D
B
A
I
understand
so
yeah
yeah,
I
I
understand
so
if
we
are
going
to
have
enabled
they
have
to
deploy
branch
of
security
after
this
meeting
or
after
roberts
one
on
one,
I
think
we
can
just
confirm
how
it's
going
to
behave
right.
We
can
just
cherry
pick
something
and
see
propagates
to
security
and
well
analyze
that
situation.
D
A
Probably,
if
someone
well
not
someone
if
a
critical
security
release
is
triggered,
that
might
complicate
things
a
bit
because
the
fixes
will
be
already
on
master
and
then
a
critical
security
fix
will
also
be
merging
to
master.
And
then
the
critical
release
will
contain
all
the
security
fixes
merged
so
far,
plus
the
critical
security
fix,
which
it
might
not
be.
What
is
expected,
but.
A
C
C
Okay,
so
so
sorry,
just
to
to
to
answer
amy's
question,
I
can't
imagine
anything
so
we
have
a
situation
covered
where
we
need
to
rush
through
a
fix
to
deploy
we're
going
to
confirm
that
next
there
are
no
other
situations
that
we
are
handling
day
to
day.
It
is
deploy
what
is
deployed
in
autodeploy
branch
during
the
day
right,
like
security
releases
from
the
sides.
Critical
security
security
release
is
the
topic
critical
security
release.
C
I
guess
the
worst
possible
thing
that
can
happen
is
that
I
think
I
have
a
the
worst
possible
thing
that
can
happen.
Merge,
train,
merges
from
canonical
master
into
security
master
and
because
of
the
way
merge
train
is
made
it's
going
to
ignore
the
source
conflict.
So
there
is
a
conflict
between
the
merge
and
I
think
we
use
ours
strategy
in
merge
train,
which
means
that
the
the
the
target
wins,
no,
the
source
wins,
which
means
source
wins,
which
would
mean
that
canonical
would
override
some
of
the
security
fixes
inside
of
master
branch
insecurity.
C
D
A
C
I
think
that
would
be
great
for
this
specific
case.
I
know
we're
not
doing
that
for
foss,
but
for
us
we
have
a
bit
more
room
to
react
for
auto
deploys.
We
are
on
a
super
tight
schedule
and
anything
that
would
slip
past
us
and
us
not
having
the
test
coverage
that
we
need
to
have
the
integration
test
coverage.
It
would
be
very
scary.
B
C
We
haven't
had
one
in
a
while.
That's
why
you're
asking
this,
because
it
usually
works
fine,
but
you
know
that
as
soon
as
we
enable
this
next
week,
it's
gonna
break
right.
That's
how
it
works
the
world
in
the
world's
possible
moment,
so
it
might
be,
might
be
worthwhile
verifying
that
as
well,
that
it
failed
fails
loudly
and
that
we
have
some
notification
and
then
I
guess
the
action
item.
What
is
the
action
item
then
create
a
merge
request
from
canonical
mastering
to
security
master,
resolve
the
conflict
and
have
someone
review
right.
B
D
B
C
D
A
Yeah,
that
was
a
part
of
my
next
point,
so
there
is
like
another
item
that
we
need
to
do
that
are
like
the
implementation
details
that
actually
like
to
implement
this
in
our
tooling,
but
well,
we
are
working
towards
it,
so
nothing
that
complicated
okay.
So
the
next
point
is
like
actually
like
running
the
experiment,
so
the
merch
request,
targeting
master,
will
be
merged
when
the
chat
ups
command
is
executed.
A
D
C
A
Yes,
yes,
you
are
so
I
think
it
is
worth
clarifying
that
there
are
probably
two
things
here.
The
first
one
is
the
auto
deployment
security
that
creates
the
auto
deploy
branch
only
on
security,
but
it
does
not
execute
the
command
the
chat
ups
command.
We
still
don't
have
an
implementation
on
that,
so
that
one,
I
think
we
can
lift,
leave
it
on
on
friday.
Unless
something
happens
and
the
chat
ups
command.
A
C
B
Myra
one
thing
we
talked
about
that,
I
don't
know
if
we
ever
made
a
decision
on
is
what
do
we
do
in
the
event
that
we
like?
We
merge
something:
we'd
merge
a
security,
mastermind
request
and
then
at
some
point
we
have
to
abandon
this
experiment.
How
do
we?
What
do
we
do
with
master
at
that
point?
Do
we
just
sync
it
until
it's
time
for
the
actual
release.
A
A
A
C
So
the
thing
is
the
the
thing
that
concerns
me
there
is
that
will
one
day
be
enough
for
this
experiment,
which
is
effectively
what
you
have
if
you
do
monday,
your
time,
you
have
your
work
day
and
then
the
second
workday
as
well
is
two
days
enough
to
do
this.
If
we
start
a
tiny
bit
early,
no
one
is
going
to
be
affected,
but
we
have
a
bit
of
a
longer
period
that
is
also
safe
when
it
comes
to
deployment.
C
If
it
complicates
things,
it
might
be
easier
to
just
keep
on
with
your
plan.
I
think
your
plan
is
good.
I
was
just
thinking
like
how
can
we
get
a
bigger
bank
for
a
buck
and
we
want
to
do
these
experiments
like
to
wait
for
another
month
to
do
the
next
one,
because
we
forgot
an
edge
case
or
something
like
that.
I
would
want
to
get
all
the
data.
C
We
need
right
now,
obviously
as
much
as
possible
and
then
have
the
next
security
release,
be
not
an
experiment
but
a
regular
process,
because
the
our
return
cycle
right,
like
feedback
cycle,
is
really
long
like
it's
a
a
one-month
cycle
which
you
know
exactly
matter.
How
that
affects
your
development,
I
don't
want
you
to
work
on
these
things
for
the
next
six
months
is
basically
both
you
and
robert
robert
is
gonna
turn
a
year
really
soon
on
dealing
with
security
staff.
A
C
You
started
in
your
shift.
Sorry
if
I
misunderstood
you,
but
like
you
started
in
your
shift
on
friday
right,
so
you
have
a
full
friday.
We
have
the
weekend
and
then,
if
something
does
happen,
past
your
schedule
over
the
weekend,
we
give
you
some
directions
on
monday
morning
or
in
his
case
afternoon,
to
to
react
right
like
to
do
something
to
unblock
the
deploys
or
right
until
you
come
online.
Basically,
both
of
you.
A
A
B
B
C
A
Works.
Okay,
so
robert,
can
you
take
care
of
that
of
confirming
that
all
this
auto
deploy
path
works?
And
if
you
can
also
help
me
with
the
merge
train
like
to
configure
between
the
canonical
master
and
the
security
master,
because
I
think
last
time
we
configured
to
have
security
security
master
right?