Ben Rohlfs, Patrick Hiesel, Luca Milanesio, Saša Zivkov, Edwin Kempin (CM, guest)
Online, November 3, 11:00 - 12:30 CET
The next meeting will be held on December 1, 11:00 CEST.
The meeting minutes for this meeting were under embargo until the security issue that was discussed was fixed. The issue was made public in December 2020.
Patrick discussed the plan to fix the security issue that makes NoteDb content and tags accessible both in the Gerrit branch API and in code browsers like Gitiles.
Edwin talked about the analysis of affected version that he performed and suggested to fix 2.15-3.3.
Luca stated that many users are still on 2.14 and they could have impacted also by the problem.
The consensus is to also try and fix 2.14.
The ESC discussed how the work can be split up. Google volunteered to do the backports and Luca and Marco to do the releases.
The ESC had consensus that it will inform contributors and admins of known larger installations shortly before the public announcement to give them a chance to act before the issue becomes public.
With the public announcement, the ESC will also publish patched binaries.
There is consesus that these meeting notes will be kept under an embargo until we have published a fix for the issue.
Patrick started a discussion around testing at scale. Ben wanted to know if Luca offers hosted solutions to clients. Luca said that most clients require on-prem installations.
Load testing at scale is something we desire but there was no concrete AI for anyone to take here.