)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":16708,"name":"Kendall Nelson","display_name":"Kendall (diablo_rojo)","email":"kennelson11@gmail.com","username":"kjnelson"},"change_message_id":"989f9446eea18fdca051ae90776a56bcdfb9ed1b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f9ae52f2_9348a338","updated":"2022-04-26 21:45:33.000000000","message":"Looks like a reasonable update to me. Its nice to have it documented somewhere :) ","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"5eef33a3_e48a1a77","updated":"2022-04-29 00:54:07.000000000","message":"Thanks Ade for the proposal. Please see few comments inline. overall proposal looks fine to me just need to explain few of the targets explicitly. \n\nAlso while this goal was proposed, I added a mandatory checklist which we will review during the goal selection. can you please add the same in this goal doc too\n\n- https://github.com/openstack/governance/blob/master/goals/template.rst#goal-checklist","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":7198,"name":"Jay Bryant","email":"jungleboyj@electronicjungle.net","username":"jsbryant"},"change_message_id":"3671b5fb06c096fae93071584e74536f47b0ef8c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"32db9d7d_f4363914","updated":"2022-04-28 16:49:34.000000000","message":"This looks fine.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"d22bfc19ea7406253adac0e23321e44aa110c925","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"442ae7eb_f58ce438","updated":"2022-04-29 12:39:54.000000000","message":"Waiting to vote until Ghanshyam\u0027s comments have been addressed.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"7e9562bd6cf69be49826534e711d5153deab3425","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"596c6723_6763c686","updated":"2022-05-06 01:53:50.000000000","message":"almost lgtm, just a 1 comment to mention about c9s stability in dependency section. rest all is perfect.","commit_id":"5277f4f9173bb84cd4aa700d0d02516d874eb50a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"217fb719a1a6f1675b837eff3163280e3e7c908d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"96244106_f509975e","updated":"2022-05-06 14:34:03.000000000","message":"Thanks Ade, lgtm","commit_id":"9b6103d5c64a723f310371700998a7271da4bbdc"}],"goals/proposed/fips.rst":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":56,"context_line":""},{"line_number":57,"context_line":"  fips-compatibility or fips-compliance"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Completion Criteria for FIPS compatibility"},{"line_number":60,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"Milestone 1: Zed-cycle release:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"8f104981_026fa706","line":59,"range":{"start_line":59,"start_character":0,"end_line":59,"end_character":42},"updated":"2022-04-29 00:54:07.000000000","message":"let\u0027s remove this as a separate section and instead mention both FIPS Compatibility and Compliance in single Completion Criteria. please see below comment","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"Milestone 1: Zed-cycle release:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. Projects that curently have FIPS CI jobs in-flight should have these"},{"line_number":65,"context_line":"   jobs merged. These jobs should be sufficient to test base functionality"},{"line_number":66,"context_line":"   and in particular those areas expected to be affected by FIPS. The"},{"line_number":67,"context_line":"   tests should pass. Any limitations uncovered should be documented."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"#. The current role to enable FIPS mode should be enhanced to allow FIPS to"},{"line_number":70,"context_line":"   be enabled on Ubuntu environments. Jobs using Ubuntu will need to be"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ee117477_ce90fbcb","line":67,"range":{"start_line":64,"start_character":1,"end_line":67,"end_character":69},"updated":"2022-04-29 00:54:07.000000000","message":"as we discussed in PTG or in TC meeting, is proposal to have FIPs job in check as well as in gate pipeline or periodic? It will be clear to mention that here.\n\nAnd as there is dependency on distro like FIPs is running on centos-9-stream are still not stable so we agreed to have them in periodic pipeline. and once that is stable or we get ubuntu image with FIPs enable to test we cannot move them to check/gate pipeline as voting job.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":70,"context_line":"   be enabled on Ubuntu environments. Jobs using Ubuntu will need to be"},{"line_number":71,"context_line":"   tested using Python 3.9, as this is the earliest release that supports the"},{"line_number":72,"context_line":"   usedforsecurity parameter on hashlib.md5()."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Milestone 2: AA-cycle release:"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"#. All OpenStack projects should have at least one job to test functionality"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3500cfbb_1c9e8107","line":73,"range":{"start_line":73,"start_character":0,"end_line":73,"end_character":0},"updated":"2022-04-29 00:54:07.000000000","message":"also, this goal is to run the job from master(zed) onwards right? not for stable branches to backport? I saw few patches proposed to add FIPs job in stable branches so we should make it clear what is out goal. I am not against of running them to stable but we can mention that as mandatory or \u0027good to have\u0027 things so that projects do not object when you backport the jobs ni stable branch.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Milestone 2: AA-cycle release:"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"#. All OpenStack projects should have at least one job to test functionality"},{"line_number":77,"context_line":"   when FIPS is enabled. These tests should pass with limitations documented."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"#. Run Refstack tests in FIPS mode. These tests should pass. It is expected"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2f22a7c5_bbb31810","line":76,"updated":"2022-04-29 00:54:07.000000000","message":"this seems voting job target here so in \u0027Milestone 1\u0027 above we are targeting FIPs job to run on periodic and make it stable?\n\nand here we can add explicitly whether target is to have a voting job or non-voting. I know you are targetting voting which seems good but let\u0027s explicitly mention that to have project clear view about goal.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":76,"context_line":"#. All OpenStack projects should have at least one job to test functionality"},{"line_number":77,"context_line":"   when FIPS is enabled. These tests should pass with limitations documented."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"#. Run Refstack tests in FIPS mode. These tests should pass. It is expected"},{"line_number":80,"context_line":"   that some FIPS specific configuration may be required [3], or that some"},{"line_number":81,"context_line":"   tests/features would be invalid under FIPS [4]. These configurations and"},{"line_number":82,"context_line":"   limitations should be well documented."}],"source_content_type":"text/x-rst","patch_set":1,"id":"8fab41ea_931bc9b0","line":79,"range":{"start_line":79,"start_character":7,"end_line":79,"end_character":16},"updated":"2022-04-29 00:54:07.000000000","message":"there are no refstack tests, I think you mean tempest tests?","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":81,"context_line":"   tests/features would be invalid under FIPS [4]. These configurations and"},{"line_number":82,"context_line":"   limitations should be well documented."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"Completion Criteria for FIPS compliance"},{"line_number":85,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Milestone 3: Zed-cycle release:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"eb4bcb33_c5c76b84","line":84,"range":{"start_line":84,"start_character":0,"end_line":84,"end_character":39},"updated":"2022-04-29 00:54:07.000000000","message":"this can be removed as a separate section.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b579f61ddf58b994842b643323720b4d08870319","unresolved":true,"context_lines":[{"line_number":81,"context_line":"   tests/features would be invalid under FIPS [4]. These configurations and"},{"line_number":82,"context_line":"   limitations should be well documented."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"Completion Criteria for FIPS compliance"},{"line_number":85,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Milestone 3: Zed-cycle release:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"#. A review of crypto used within OpenStack should be completed. This review"},{"line_number":90,"context_line":"   should identify crypto that is not FIPS certified and propose alternatives."},{"line_number":91,"context_line":"   Depending on which libraries are identified and the projected impact, a"},{"line_number":92,"context_line":"   schedule for replacement can be decided at that time.  An initial review of"},{"line_number":93,"context_line":"   crypto in OpenStack is documented here. [14]"},{"line_number":94,"context_line":"#. A plan should be formulated to provide a FIPS compliant replacement option"},{"line_number":95,"context_line":"   to paramiko across OpenStack projects."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Milestone 4: AA-cycle release:"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"#. A FIPS compliant replacement for paramiko should be implemented as an option"},{"line_number":100,"context_line":"   across the major OpenStack projects.  See details under \"Current Issues\" below."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"Milestone 5: BB-cycle-release:"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"#. A FIPS compliant replacement for paramiko should be implemented as an option"},{"line_number":105,"context_line":"   across all OpenStack projects."},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"Current Status"},{"line_number":108,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4b53a7b2_6d9ce0e6","line":105,"range":{"start_line":84,"start_character":0,"end_line":105,"end_character":33},"updated":"2022-04-29 00:54:07.000000000","message":"let\u0027s move these work also in the above section. I mean combine FIPS Compatibility and Compliance work item together so that we know from one place that what all work to be done for each miletone.","commit_id":"8a6ad2bd1e7dd7d39fe8b658706038fcd18db97c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"7e9562bd6cf69be49826534e711d5153deab3425","unresolved":true,"context_lines":[{"line_number":64,"context_line":"The jobs that have been completed or are in progress are listed in [10]."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Is there any dependency or blocker?"},{"line_number":67,"context_line":"Status: NO"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Achieving FIPS compliance will necessarily require an audit to determine"},{"line_number":70,"context_line":"which external software implements crytography, and whether it is FIPS"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9fe325d5_86245d2b","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":10},"updated":"2022-05-06 01:53:50.000000000","message":"not a blocker but good to mention about c9s stability and having a voting job depends on c9s stability or ubuntu FIPS enabled image.","commit_id":"5277f4f9173bb84cd4aa700d0d02516d874eb50a"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"f31391778e26709c6b5fe639e282a09bb8517ea1","unresolved":true,"context_lines":[{"line_number":50,"context_line":"Status: YES"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"The plan is simply to create voting CI jobs with FIPS enaled in all the"},{"line_number":53,"context_line":"OpenStack projects, and fix ior document any issues that arise.  This work"},{"line_number":54,"context_line":"has been underway for some time, and you can see the status (and the work"},{"line_number":55,"context_line":"that has been completed) in the \"Current Status\" section below."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"789372ff_26ba28e6","line":53,"range":{"start_line":53,"start_character":28,"end_line":53,"end_character":31},"updated":"2022-05-06 14:38:26.000000000","message":"nitty nit: s/ior/or","commit_id":"9b6103d5c64a723f310371700998a7271da4bbdc"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"f31391778e26709c6b5fe639e282a09bb8517ea1","unresolved":true,"context_lines":[{"line_number":70,"context_line":"stable or being able to use FIPS-enabled Ubuntu images."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Achieving FIPS compliance will necessarily require an audit to determine"},{"line_number":73,"context_line":"which external software implements crytography, and whether it is FIPS"},{"line_number":74,"context_line":"compliant.  An initial audit was conducted in [14]. So far, only a few"},{"line_number":75,"context_line":"software modules are of concern."},{"line_number":76,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"f4ab1596_4d870008","line":73,"range":{"start_line":73,"start_character":35,"end_line":73,"end_character":46},"updated":"2022-05-06 14:38:26.000000000","message":"nitty nit: cryptography","commit_id":"9b6103d5c64a723f310371700998a7271da4bbdc"}]}