blob: 4117519347b64898a3e781b8cd43060ad03455ad [file] [log] [blame] [view]
---
title: "Gerrit ESC Meeting Minutes"
tags: esc
keywords: esc minutes
permalink: 2021-11-03-esc-minutes.html
summary: "Minutes from the ESC meeting held on Nov 3, 2021"
hide_sidebar: true
hide_navtoggle: true
toc: true
---
## Engineering Steering Committee Meeting, Nov 3, 2021
Han-Wen Nienhuys, Luca Milanesio, Saša Živkov, Patrick Hiesel
### Next meeting
Dec 1, 2021
## Minutes
## Action items
Discuss the proposed new maintainer(s) and send nomination(s) for the new maintainer(s).
Check with Milutin about a solution for the Trojan source issue.
## Request from RedHat for a dedicated channel for notifying about the security releases
We discussed some proposals how to use existing communication means:
- add something to the email subject, for example [SECURITY]
- use CVEs
Additional feedback from RedHat is necessary to make a decision.
## Removal of the ElasticSearch support code from Gerrit 3.5
That code was never production ready. The consensus is to remove it.
## Roadmap
The Roadmap on the homepage is likely obsolete. Current roadmap which the ESC considers in
every meeting is too detailed. ESC should only maintain a higher-level roadmap, all other
details in the issue tracker. We should discuss the roadmap on a quarterly basis and on demand.
## Trojan source issue
Using special unicode characters may render a diff view in Gerrit UI which is different from
what the compiler sees.
## Scoped credentials
OpenStack requested a "scoped credentials" feature. Currently, the generated http password is
a kind of scoped credentials where the allowed set of actions is defined by the allowed set
of actions of the user owning these credentials. OpenStack would like to have the possibility
to generate multiple credentials and assign different scopes to each, similar to the OAuth scopes.
We discusssed this requirement. It is not clear how would the "scoped credentials" feature
work together with the (fine grained) permission system in Gerrit and what exactly the possible
set of scopes would be. For example, a "Git" scope which would allow only Git operations could
be imagined. However, in Gerrit it is possible to do many things over the Git protocol, including
setting topics, reviewers, hashtags, etc...
Luca will reach out OpenStack and propose a plugin-like implementation strategy, which could satisfy
their requirements.