►
From YouTube: 2020-09-29 - Security Release as part of auto-deploy.
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Awesome
so
thank
you
again
for
joining
to
this
meeting
and
we
have
some
items.
So,
let's
just
get
started
from
the
progress
update,
we
are
triggering
now
pipelines
for
merge
results
on
security,
merge
requests,
which
is
awesome
if
this
is
only
available
for
gitlab
security,
merge
requests
and
for
omnibus
security,
merge
requests
for
the
other
ones
we
just
trigger.
We
just
merge
immediately
and
regarding
modifying
our
tooling
for
this
new
kind
of
generation
of
processing
security,
merge
requests.
We
completed
like
the
remaining
steps
about
updating,
docs
and
templates.
A
The
security
release
that
is
in
progress
is
using
this
new
process,
so
that
is
awesome,
and
the
only
thing
that
is
missing
is
basically
to
announce
this
change
to
the
engineering
departments
and
everything
and
everyone
else
that
is
related.
So
everyone
is
kind
of
on
the
same
page
and
inform
about
it.
A
B
Sure,
okay
sounds
good,
probably
be
worth
as
well
just
letting
absec,
no
specifically
just
since
they
surely
are
the
ones
who
are
going
to
be
most
interested
in
it
today
and
tomorrow,
so
probably
worth
just
giving
them
sort
of
personalized
view.
A
Yeah
thanks
just
confirm
that
upsex
channel
is
also
listed
like
on
the
to-do
steps
that
on
the
issue
so
yeah.
C
Cool
yeah,
the
auto,
deploy
on
security
feature
flag's
been
removed.
Now
the
only
behavior
we
only
create
auto
deploy
wrenches
on
the
security
mirror,
so
that
allowed
us
to
delete
a
bunch
of
like
conditional
stuff
in
the
in
the
release
tools,
codes.
That
was
good.
I
sent
out
the
stand
bad
signal
for
the
transient
mirror
failure.
He
had
an
interesting
theory
that
I
think
is
hopefully
going
to
pan
out.
C
So
basically,
when
we
initiate
a
mirror,
we
first
gather
the
local
refs,
which
is
fast,
of
course,
and
then
we
and
then
we
ask
for
the
remote
refs,
which
can
take
a
while.
So
there's
a
timing
issue
where,
if
the
remote
reps
take
a
long
time
to
come
back
the
they
could
have
the
local
refs,
they
could
be
ahead
of
the
local
reps.
If
that
makes
sense,
like
we've
gathered
a
local
ref,
something
gets
pushed
mirrored
to
the
security
remote,
and
then
we
gather
those
and
they're
already
ahead
of
what
we
gathered
previously.
C
So
now
we
just
swap
the
order,
so
hopefully
that
works.
The
patch
should
be
on
production.
Hopefully,
if
deploy
went
out
this
morning,
so
I'm
excited
to
check
that,
hopefully
that
works
and
then
yeah
myra
didn't
mention
it
in
her
updates.
But
there's
her
changes
to
the
chat.
Ops
command
are
live
and
it
looks
great.
That's
all.
I
got.
A
Awesome
so,
regarding
the
discussions
I
just
wanted
to
mention
the
follow-ups
I'm
gonna
share
my
screen,
so
we
can
all
see
same
thing.
A
I
think
it's
this
one
yep,
I
am
assuming
you
can
see
my
screen
and
I
tried
to
order
like
these
six
follow-ups
in
priority,
so
the
first
one
is
for
allowing
patch
release
to
be
created.
In
the
same
time,
we
start
merging
security,
merge
requests.
The
next
one
is
to
notify
release
manager.
A
If
a
security
merge
request
was
not
merged
for
some
reason,
because
there
is
a
failure
in
the
pipeline
or
because
there
are
conflicts
or
well
whatever
right
now
we
don't
get
any
any
notification,
so
this
is
sort
of
a
manual
task,
and
then
we
also
need
to
update
italy
version
like
the
task
that
we
have
in
our
tooling.
We
need
to
move
it
to
security,
probably
when
we
start
merging
security
fixes
well
this
one
about
improving
the
command.
That
is
the
one
that
I
am
currently
working.
A
Then
we
also
need
to
create,
like
the
schedule
pipeline
task,
to
start
automatically
merging
the
security
merge
request,
rather
than
relying
on
our
release
manager
to
do
it
automatically
well
manually
and
then
fix
this
validation
about
preventing
security,
merge
requests
to
be
merged
once
the
pipeline
was
triggered
and
if,
at
the
same
time
the
validation
is
also
triggered.
It's
going
to
classify
that
merchant
was
like
no,
there
is
a
pending
pipeline.
I
cannot
merge
this.
C
I
would
say
the
notify
release
manager,
one
that
happened
to
me
yesterday,
where
we
had
a
broken
master
and
I
had
created
a
pipeline
during
that
time
and
they
just
didn't
get
merged
and
I
had
to
like
go
back
and
check
and
they
ran
manual
pipeline.
So
I
would
almost
kick
that
one
up
to
a
p1.
That
seems
like
her
biggest
issue
right
now
and
the
allow
for
patch
releases.
C
B
I
can
say
some
of
these
definitely
feel
like
things
that
I'd
be
interested
to
see
once
urix
got
all
of
his
code
merged
and
tested.
B
What
what
some
of
this
stuff
looks
like,
like,
certainly
that
patch
release
one
even
the
italy
version
like
uric's,
got
some
issues
around
gidley
it'd
be
great
for
us
to
kind
of
come
together
and
work
out
like
what
what
we
want
to
do
with
that
stuff.
Like
does
it?
How
does
it
affect
auto?
Deploys.
A
So
when
we
start
merging
yes
yeah
yeah,
just
I
was
trying
to
remember
to
remember
the
context,
but
right
now
we
don't
merge
italy,
security,
merch,
requests
like
during
the
early
merge
phase.
A
We
only
merge
the
ones
related
to
gitlab
and
two
opnibus
and
at
some
point
we
are
going
to
want
to
start
merging
italy
once
too.
So
we
can
also
like
protect
gitlab
from
italy
vulnerabilities.
A
But
if
we
do
that
and
the
italy
the
italy
update
task
happens
on
canonical,
it
is
going
to
kind
of
silently
override
the
security
fixes,
because
it
is
only
going
to
notice
the
the
sha
from
canonical
instead
of
the
one
from
security.
So
we
need
it
is
the
same
problem
with
the
auto
deploy
branch.
We
need
to
happen
that
on
security,
probably
when
we
start
merging
security,
merge
request
or
like
like
forever,
I'm
not
sure
we
we
we
kind
of
need
to
analyze.
This
situation
does.
B
That
make
sense
or
yeah.
That
makes
sense.
I
mean
it
feels
like
it's,
possibly
maybe
a
p3
to
me:
okay,
just
as
a
kind
of
whole
and
like
decide
what
we
do
with
getting
but
eye.
A
A
Okay,
so
I
updated
the
epic
yesterday
and
it
is
looking
great.
I
mean
seeing
this
kind
of
makes
me
very,
very,
very
happy
very
pleased,
and
I
was
reading
like
the
exit
criteria
yesterday
and
I
think
well,
I
don't
think
I
it
is
already
addressed,
so
the
auto
deploy
branches
are
going
to
continue
to
be
created
at
the
same
pace
that
is
kind
of
check.
A
We
already
do
that
so
checked
and
we
are
ensuring
that
security
fixes
are
only
available
to
the
public
once
the
security
releases
population
not
leaked
before,
which
also
we
are
already
doing
that,
because
we
are
only
processing,
the
ones
that
are
associated
to
the
release
tracking
issue
so
check,
and
I
think
well,
the
only
thing
that
is
missing
is
we're
completing
this
issue
about
changing
the
way
we
process
security,
merge
requests,
and
the
only
thing
that
is
missing
for
this
issue
is
the
announcement
so
yeah
and
of
course,
I
also
like.
B
Was
like
this
right
so
like
very
exciting,
fantastic
work
well
done
like
that
is
quite
a
long
list
of
green
ticks
so
like
this
is
huge.
I'm
very
excited
by
this
by
the
official
kind
of
closing
epic
ceremony
can.
A
A
So
yeah
it
feels
great.
So,
regarding
the
follow-ups,
I
I
associated
the
follow-ups
that
we
just
discussed
to
this
other
epic,
about
technical
theft.
There
are
some
here
and
also
another
one
is
related
to
the
release
tools
issue.
A
I
couldn't
associate
this
into
this
section
because
there
are
on
other
namespace,
so
this
is
kind
of
a
follow-up,
and
also
it
is
too
early
to
talk
about
this,
and
probably
you
can
take
a
break
about
security
releases,
but
I
just
want
to
mention
it
that
I
think
it
would
be
nice
at
some
point
to
also
have
security
releases
on
demand.
Basically,
the
same
way,
we
have
it
about
patch
releases
right
that
we
have
four
security
issues
ready.
A
There
is
nothing
stopping
us
like
from
starting
up
a
security
release
like
now,
instead
of
having
this
fixed
timeline,
so
just
something
to
discuss
in
the
upcoming
iterations,
but
right
now
I
guess
we
can
all
take
a
break
from
this.
B
Yeah,
I
think
spot
on
from
my
point
of
view,
like
I
think
like
we
should
gather
up
stuff
on
these
other
epics
and
I'll
add
them
on
to
the
release
velocity
kind
of
parent
epic,
as
that
in
our
kind
of
later
column,
and
we
can
choose
when
to
prioritize
them
like
we
should
definitely
just
having
a
look
at
like
long.
Our
long
term
kind
of
it's
a
heading
vision.
B
Long
term
vision
is
to
have
fully
automated
releases
for
self-managed
users.
So
that's
going
to
include
security
as
well
right,
so
in
order
to
get
that
the
next
step,
uri
is
security
on
demand
as
easy
as
it
is
to
do
a
regular
patch,
and
then
we
can
automate
the
whole
thing
so
yeah,
but
I
think
it
makes
sense
from
certainly
from
where
I
am
that
we
take
a
break
like
celebrate.
B
What
we've
done
watch
how
it
plays
out
like
how
the
security
release
goes
tomorrow,
plus,
as
I
say,
we
can
actually
then
see
what
impact
does
the
api
release
code
have?
What
like?
Maybe
that
introduces
some
new
stuff
we
want
to
like
address.
Maybe
it
removes
some
issues
as
well
and
then
we
can
decide
how
we
prioritize
the
next
step.
A
C
C
B
We
should
on
that
issue,
though,
work
out
a
solution.
Was
that
that's
the
one
that
you
opened
the
other
day
myra?
Is
that
right?
That's
the
the
issue
you
raised
about,
basically
that
we
need
to
find
there's
not
enough.
We
don't
have
an
obvious
idea
right
now
of
how
we
do
this,
but
we
do
like
from
a
release
manager,
point
of
view
right.
We
need
to
know
when
something's
failing
to
merge
right.
A
Yeah,
basically,
we
need
some
sort
of
status
about
what
is
the
status
of
merchandise
that
just
got
triggered,
because
we
there
is
no
way
for
us
to
know.
The
notification
now
is
sent
to
the
the
user
that
triggers
the
pipeline,
which
is
in
this
case
it's
the
bot.
So
we
don't
see
it
so
yeah.
I
think
a
short-term
solution
is
to
build
something
or
tooling
to
just
probably
like
iterate,
every
over
over
every
merge
request
and
start
seeing
like.
Oh,
is
it
merged
yet
or
not,
or
something
like
that?
A
So,
after
closing
the
epic
well,
I
have
two
questions
and
the
first
one
is:
what
should
we
do
about
this
meeting?
Should
we
cancel
it.
B
I
think
that
probably
makes
sense
right.
I
think
we
fulfilled
the
purpose
of
this
meeting,
so
we
can
always
reinstate
later
if
we
need
to
but
yeah
for
now
it
feels
that
like
async
should
be
good
enough
for
now.
I
think.
A
Awesome
and
how
shall
we
handle
the
follow-ups
like,
I
think
at
least
the
p1?
It
might
be
important
to
address
it
as
soon
as
possible,
and
then
I
don't
know
like
do
we
want
to
take
a
break?
Do
we
want
to
continue
working
on
security
release?
B
I
think
a
p1
yeah.
We
have
to
drop
something
to
pick
it
up
as
a
definition
of
p1,
so
yeah,
let's
definitely
get
onto
onto
the
p1
and
get
that
sorted
out.
I
think
it
would
be
worth
us
taking
a
look
at
the
other
issues
alongside
other
things.
We
have
on
the
board
because
say
what
I
want
to
make
sure
is.
We
have
some
time
to
actually
like
validate
the
stuff
and
see
how
the
release
the
api
stuff
looks.
B
So
I
don't
want
us
to
do
stuff
today,
if
in
two
weeks
time,
actually
it
might
be
a
whole
lot
different
or
clearer
or
maybe
even
gone
away,
but
at
the
same
time,
if
it's
something
which
we
know
is
going
to
be
a
pain
for
the
next
security
release
as
well,
then
we
could
prioritize
it,
but
I
think
we
could
probably
just
prioritize
these
issues
by
issue
against
other
things
we
have
going
on
like,
if
that,
like,
I
guess,
mario
you're
out
for
most
this
time
anyway.
B
So
do
you
need
to
pick
something
up
before
you
go?
Do
you
think.
C
B
And
then
we
can
just
like
prioritize
over
the
next
couple
of
weeks.
We
can
kind
of
prioritize
these
issues
against
other
things.
We've
got
quite
a
few
other
sort
of
issues
coming
up
as
well,
so
it'll
be
certainly
interesting
to
to
decide
which
one's
going
to
give
us
the
best.
Like
return.
C
A
Awesome
so
robert,
how
do
you
feel
about
taking
that
p1
issue?
Because
I
I'm
going
to
be
out
for
the
next
three
weeks
or
I
don't
know
if
that
works.
C
A
Awesome:
okay,
so
we
have
10
minutes.
Do
we
do
someone
wants
to
bring
a
topic
before
we
discuss
action
items.
A
Awesome,
okay,
so
for
the
next
action
items,
I
guess
I'm
going
to
finish,
I'm
going
to
prepare
the
announcement
and
I'm
going
to
pink
both
of
you,
so
you
can
proofread
it
before.
I
actually
announce
it
to
the
public
and
then
robert
is
going
to
take
the
p1
issue
and
I'm
going
to
still
working
on
the
chat
ups
command
and
the
epic
is
going
to
be
close
as
soon
as
the
announcement
is
made
so
yay,
okay!
Well,
thank
you
for
your
time
and
I
will
see
you
around
amazing.
Thank
you.
So.