►
From YouTube: Technical Oversight Committee 2021/07/19
Description
Istio's Technical Oversight Committee for July 19th, 2021.
Topics:
- Review InsecureSkipVerify in DestinationRule
- Review WASM API
A
B
Yes,
so
feature
feeds
is
done.
We
have
the
first
build.
We
started
with
the
asynchronous
testing.
Last
week,
good
news.
We
have
two
automation
tests,
thanks
to
doug
bad
news.
We
still
have
20
tests
which
need
automation,
and
this
is
the
only
week
left
for
automation,
testing,
which
means,
if
they
are
not
done,
the
release
will
be
blocked,
as
we
normally
do
for
p0s
and
that's
on
automation,
just
to
bring
for
the
manual
testing.
There
were
a
lot
of
manual
tests.
B
I
reviewed
with
the
working
group
leads
and
most
of
them
because
they
did
not
change
from
last
release
to
this
release.
We
marked
them
as
p1.
Only
one
of
them
was
changed,
which
was
related
to
security,
so
oliver
and
the
team
took
it
and
they
are
doing
the
manual
testing.
So
at
this
point
honestly,
all
we
have
to
do
is
automation
testing
and
I
really
need
help
to
automate
those
20
tests
which
are
remaining,
and
only
one
week
is
left.
A
C
C
A
C
B
So
marking
them
in
the
sheets
before
john,
but
this
is
literally
from
the
steel.io
website.
So,
as
eric
said,
we
have
to
change
there
and
not
in
the
sheet.
So
would
you
be
okay
to
help
us
out
there,
because
right
now
I
have
a
list
of
20
if
we
can
reduce
that
will
be
awesome,
because
we
have
only
one
week
left
and
I
really
want
to
make
sure
we
have
the
right
test
cases
to
be
automated,
which
can
be
automated.
That
would
be
great.
A
A
C
I
thought
I
had
well,
I
I
was,
I
would
say
what
we
could
do.
John
is
I
mean
we
just
took
the
top
whatever
number
of
docs
that
showed.
You
know
that
they
didn't
have
tests
and
were
the
ones
that
were
hit
the
most
right.
So
we
could
take.
You
know
10
out
of
here
15,
whatever
the
number
is,
but
for
the
next
release
I
mean
we
could
try
to
be
more
proactive
and
saying
you
know.
Looking
at
the
last
release.
C
A
A
C
B
Well,
technically,
all
of
them
were
automated
right,
but
then
we
changed
the
criteria
and
we
just
this
quarter
after
the
road
map.
We
wanted
to
use
the
one
which
is
heavily
visited
and
this
new
test
cases
appear
right.
So
what
we
can
do,
as
johnny
suggested,
let's
review
this
list
right,
which
technically
should
reduce
based
on
some
of
them
or
index
and
may
not
be
automated,
I'm
hoping
they
will
reduce
from
20
to
somewhere
around,
like
708,
based
on
how
you
are
going
through
that
right.
B
That
should
be
like
at
this
point
p
zeroes-
and
this
is
the
list
where
we
said
anything.
More
than
thousand
visits
are
our
p
zeros
and
to
me
after
this
quarter,
all
the
p
zeros
should
be
tested.
Right
remaining
will
be
p,
one
p
two
that
should
then
we
can
distribute
according
to
the
road
map
and
to
which
area
they
belong
to
proactively.
B
Yeah
then
we
can
start
doing
the
p
ones,
but
let's
for
p
zero.
I
think
that's
the
best
approach
we
can
do
sounds
good,
yep,
okay,
okay,
awesome.
So
the
action
item
here
right
now
for
you,
john,
if
you
can
help
right
as
we
discussed,
adding
to
the
header
and
the
sheet,
so
we
can
review
in
the
working
replace
tomorrow.
That
will
be
great.
B
Okay!
Thank
you.
So
that's
on
testing.
Now,
looking
at
the
bugs,
there
are
two
release
blockers.
Of
course
we
just
came
out
of
the
weekend,
so
I
do
not
have
a
good
updates
of
if
we
have
any
mitigation
plans
or
what's
the
progress.
So
if
you
can
go
into
that
filter
john
on
the
release
updates,
yeah
is
john
here
I
know
brian
is
off
any
other
release.
Manager.
A
B
Okay,
then
I'll
work
offline
with
them.
There
are
two
release:
blockers
and
19
p0s,
which
are
scary
at
this
point,
but
I
don't
even
know
their
progress
to
be
honest
if
they
are
being
booked
upon
or
there
is
any.
If
anybody
else
know
about
the
release-
brokers
at
least
speak
up
now
or
I
can
take
it
after.
A
I
know
the
second
one:
well,
I
created
both
of
them.
Actually,
the
second
one
is
just
mostly
looking
at
envoy
release,
notes
very
hard
and
making
sure
that
it's
not
going
to
break
us.
So
it's
not
necessary
that
something's
broken
it's,
that
we
should
make
sure
that
something
isn't
broken
because
that's
hit
us
a
lot
in
the
past.
I
took
a
quick
glance
and
I'm
nothing
was
terribly
concerning,
but
I
would
love
for
a
lot
of
people
to
have
eyes
on
those
the
other
one.
A
B
A
E
F
E
F
E
A
E
E
A
D
A
G
D
G
G
G
Yeah,
so
so
the
so
the
implementation
is
going
to
change
a
little
bit
based
on
some
changes
well
to
the
api,
but
I
don't
expect
the
implementation
to
change
a
lot
and
the
implementation
doesn't
destabilize
anything
else,
because
it's
it's
kind
of
opt-in
by
I
mean
you
have
to
use
the
api
and
until
the
api
is
used,
none
of
the
code
really
kicks
in,
so
that
that's
at
least
my
my
judgment.
What's
like.
A
I
think
I'm
generally
fine
with
it
because,
like
you
said
it's
pretty
isolated
if
it
turns
out
that
we
need
to
make
it,
you
know
a
bit
more
invasive
and
we
start
delaying
this
like
a
week
or
two.
Then
it
may
become
questionable.
But
if
you
know
we
get
the
api
merge
today
the
implementation
emerged
this
week
and
it's
kind
of
isolated.
That
seems
fine
to
me.
D
So
I
do
have
a
quick
question.
Neuron
on
the
api,
you
asked
us
to
review
the
earlier
one:
insecure
skip
verify
so
the
va.
I
saw
there's
a
deprecation
of
verify.
Client.
What
if
I
certificate
a
client,
do
we
know
of
anybody
using
that
it's
the
reason
for
deprecation
is
because
it's
moving
to
config
and
proxy
config,
so
you
can
configure
it
on
a
proxy
basis.