_posts/2020-11-03-esc-minutes.md - homepage - Git at Google

 ---
 title: "Gerrit ESC Meeting Minutes"
 tags: esc
 keywords: esc minutes
 permalink: 2020-11-03-esc-minutes.html
 summary: "Minutes from the ESC meeting held on November 3rd"
 hide_sidebar: true
 hide_navtoggle: true
 toc: true
 ---

 ## Engineering Steering Committee Meeting, November 3, 2020

 ### Attendees

 Ben Rohlfs, Patrick Hiesel, Luca Milanesio, Saša Zivkov, Edwin Kempin (CM, guest)

 ### Place/Date/Duration

 Online, November 3, 11:00 - 12:30 CET

 ### Next meeting

 The next meeting will be held on December 1, 11:00 CEST.

 ### Organizational

 The meeting minutes for this meeting were under embargo until
 the security issue that was discussed was fixed. The issue was made
 public in December 2020.

 ## Minutes

 ### Security

 Patrick discussed the plan to fix the security issue that makes
 NoteDb content and tags accessible both in the Gerrit branch API
 and in code browsers like Gitiles.

 Edwin talked about the analysis of affected version that he
 performed and suggested to fix 2.15-3.3.

 Luca stated that many users are still on 2.14 and they could have
 impacted also by the problem.

 The consensus is to also try and fix 2.14.

 The ESC discussed how the work can be split up. Google volunteered
 to do the backports and Luca and Marco to do the releases.

 The ESC had consensus that it will inform contributors and admins of
 known larger installations shortly before the public announcement to
 give them a chance to act before the issue becomes public.

 With the public announcement, the ESC will also publish patched
 binaries.

 There is consesus that these meeting notes will be kept under an
 embargo until we have published a fix for the issue.

 ### Testing at scale

 Patrick started a discussion around testing at scale. Ben wanted to
 know if Luca offers hosted solutions to clients. Luca said that most
 clients require on-prem installations.

 Load testing at scale is something we desire but there was no concrete
 AI for anyone to take here.
	---
	title: "Gerrit ESC Meeting Minutes"
	tags: esc
	keywords: esc minutes
	permalink: 2020-11-03-esc-minutes.html
	summary: "Minutes from the ESC meeting held on November 3rd"
	hide_sidebar: true
	hide_navtoggle: true
	toc: true
	---

	## Engineering Steering Committee Meeting, November 3, 2020

	### Attendees

	Ben Rohlfs, Patrick Hiesel, Luca Milanesio, Saša Zivkov, Edwin Kempin (CM, guest)

	### Place/Date/Duration

	Online, November 3, 11:00 - 12:30 CET

	### Next meeting

	The next meeting will be held on December 1, 11:00 CEST.

	### Organizational

	The meeting minutes for this meeting were under embargo until
	the security issue that was discussed was fixed. The issue was made
	public in December 2020.

	## Minutes

	### Security

	Patrick discussed the plan to fix the security issue that makes
	NoteDb content and tags accessible both in the Gerrit branch API
	and in code browsers like Gitiles.

	Edwin talked about the analysis of affected version that he
	performed and suggested to fix 2.15-3.3.

	Luca stated that many users are still on 2.14 and they could have
	impacted also by the problem.

	The consensus is to also try and fix 2.14.

	The ESC discussed how the work can be split up. Google volunteered
	to do the backports and Luca and Marco to do the releases.

	The ESC had consensus that it will inform contributors and admins of
	known larger installations shortly before the public announcement to
	give them a chance to act before the issue becomes public.

	With the public announcement, the ESC will also publish patched
	binaries.

	There is consesus that these meeting notes will be kept under an
	embargo until we have published a fix for the issue.

	### Testing at scale

	Patrick started a discussion around testing at scale. Ben wanted to
	know if Luca offers hosted solutions to clients. Luca said that most
	clients require on-prem installations.

	Load testing at scale is something we desire but there was no concrete
	AI for anyone to take here.