)]}'
{"id":"openstack%2Fpython-novaclient~658181","triplet_id":"openstack%2Fpython-novaclient~master~Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40","project":"openstack/python-novaclient","branch":"master","hashtags":[],"change_id":"Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40","subject":"Use SHA256 instead of MD5 in completion cache","status":"MERGED","created":"2019-05-09 18:44:24.000000000","updated":"2019-05-10 06:50:39.000000000","submitted":"2019-05-10 06:50:39.000000000","submitter":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"total_comment_count":1,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"658181-1557471039723-e62a4e3b","meta_rev_id":"d46121293a2faafa760f539961afbb0efea7085f","_number":658181,"virtual_id_number":658181,"owner":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"actions":{},"labels":{"Verified":{"approved":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"value":0,"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},{"value":0,"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},{"value":0,"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},{"value":2,"date":"2019-05-10 06:50:39.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"all":[{"value":0,"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},{"value":2,"date":"2019-05-10 03:02:50.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},{"value":2,"date":"2019-05-09 19:38:04.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"all":[{"value":0,"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},{"value":1,"date":"2019-05-10 03:02:50.000000000","permitted_voting_range":{"min":1,"max":1},"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},{"value":0,"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true},"Review-Priority":{"all":[{"value":0,"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},{"value":0,"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},{"value":0,"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{" 0":"Default Priority","+1":"Contributor Review Promise","+2":"Core Review Promise"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2019-05-09 19:38:04.000000000","updated_by":{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},"reviewer":{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},"state":"REVIEWER"},{"updated":"2019-05-10 03:02:50.000000000","updated_by":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"reviewer":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"state":"REVIEWER"},{"updated":"2019-05-10 06:50:39.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"}],"messages":[{"id":"4bc563d04244ada04ea6545b584071faadfb7bc1","author":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"date":"2019-05-09 18:44:24.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"9100a396e00b7f78510c1f486f459fc8599d2231","author":{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},"date":"2019-05-09 19:28:17.000000000","message":"Patch Set 1:\n\n(1 comment)\n\nI find the premise behind this change interesting.  I of course knew that MD5 was strongly disrecommended for security-sensitive applications, but I had no idea that it was actually blocked from being used, period.  It seems like MD5 is generally used in non-sensitive applications like keying a cache (as here) or detecting an updated web page all throughout the standards, so such a block seems rather extreme, but I certainly approve of getting rid of it where possible :)\n\nI am wondering about test coverage, and I\u0027m reviewing this before Zuul gets done, but I would have expected a test failure without a test being updated…","accounts_in_message":[],"_revision_number":1},{"id":"168faf99d4fbfdf4ef58df40948bb4b5858350c1","author":{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},"date":"2019-05-09 19:28:24.000000000","message":"Patch Set 1: Code-Review+2","accounts_in_message":[],"_revision_number":1},{"id":"ed645c1bba4240d77dff9a7c6090cc0e2e7505fa","author":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"date":"2019-05-09 19:35:49.000000000","message":"Patch Set 1:\n\n\u003e (1 comment)\n \u003e \n \u003e I find the premise behind this change interesting.\n\nYep, took my by surprise as well. FWIW, here\u0027s our internal bug for this: https://bugzilla.redhat.com/show_bug.cgi?id\u003d1702454\n\n \u003e I of course\n \u003e knew that MD5 was strongly disrecommended for security-sensitive\n \u003e applications, but I had no idea that it was actually blocked from\n \u003e being used, period.  It seems like MD5 is generally used in\n \u003e non-sensitive applications like keying a cache (as here) or\n \u003e detecting an updated web page all throughout the standards, so such\n \u003e a block seems rather extreme, but I certainly approve of getting\n \u003e rid of it where possible :)\n \u003e \n \u003e I am wondering about test coverage, and I\u0027m reviewing this before\n \u003e Zuul gets done, but I would have expected a test failure without a\n \u003e test being updated…\n\nI hadn\u0027t actually run unit tests locally before posting this. I have now, and they all pass, so looks like we\u0027re missing some coverage for that function.","accounts_in_message":[],"_revision_number":1},{"id":"441a630b1b46f6c42f5c8737bd0c12f80fcb13d5","author":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"date":"2019-05-09 19:35:54.000000000","message":"Uploaded patch set 2: Commit message was updated.","accounts_in_message":[],"_revision_number":2},{"id":"9096e6047a78eebbe4894a03918defc44e658de1","author":{"_account_id":679,"name":"Kevin L. Mitchell","email":"klmitch@mit.edu","username":"klmitch"},"date":"2019-05-09 19:38:04.000000000","message":"Patch Set 2: Code-Review+2\n\nYep.  Given the trivial nature of this change, I\u0027m willing to accept that adding test coverage would be out of scope, but we should probably address that in future :)","accounts_in_message":[],"_revision_number":2},{"id":"c4a7349db2585d82f53330577a49f5881664b3cb","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2019-05-09 21:28:14.000000000","message":"Patch Set 2: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttp://docs.openstack.org/infra/manual/developers.html#automated-testing\n\n\n- tempest-full http://logs.openstack.org/81/658181/2/check/tempest-full/33b8471/ : FAILURE in 1h 48m 25s\n- tempest-full-py3 http://logs.openstack.org/81/658181/2/check/tempest-full-py3/96d9154/ : SUCCESS in 1h 37m 35s\n- openstack-tox-cover http://logs.openstack.org/81/658181/2/check/openstack-tox-cover/37c46ac/cover/ : SUCCESS in 4m 19s\n- openstack-tox-lower-constraints http://logs.openstack.org/81/658181/2/check/openstack-tox-lower-constraints/6429fd4/ : SUCCESS in 6m 54s\n- openstack-tox-pep8 http://logs.openstack.org/81/658181/2/check/openstack-tox-pep8/86d5da8/ : SUCCESS in 3m 08s\n- openstack-tox-py27 http://logs.openstack.org/81/658181/2/check/openstack-tox-py27/cd8914d/ : SUCCESS in 5m 40s\n- openstack-tox-py36 http://logs.openstack.org/81/658181/2/check/openstack-tox-py36/223815d/ : SUCCESS in 3m 53s\n- openstack-tox-py37 http://logs.openstack.org/81/658181/2/check/openstack-tox-py37/adbeafc/ : SUCCESS in 3m 51s\n- openstack-tox-docs http://logs.openstack.org/81/658181/2/check/openstack-tox-docs/19da57c/html/ : SUCCESS in 3m 10s\n- novaclient-dsvm-functional http://logs.openstack.org/81/658181/2/check/novaclient-dsvm-functional/3064599/ : SUCCESS in 1h 05m 37s","accounts_in_message":[],"_revision_number":2},{"id":"6947fb0d3a0c08155d63bf6d358f8d8f5b589af0","author":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"date":"2019-05-10 03:02:50.000000000","message":"Patch Set 2: Code-Review+2 Workflow+1","accounts_in_message":[],"_revision_number":2},{"id":"a6ff9b2806db26d0135710b86175b544691d94f1","author":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"date":"2019-05-10 03:03:05.000000000","message":"Patch Set 2:\n\nrecheck timeout","accounts_in_message":[],"_revision_number":2},{"id":"68578b4c73c88d7f15057da769e73ac23ddca885","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2019-05-10 04:51:07.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\n\n- tempest-full http://logs.openstack.org/81/658181/2/check/tempest-full/f8e33dd/ : SUCCESS in 1h 43m 00s\n- tempest-full-py3 http://logs.openstack.org/81/658181/2/check/tempest-full-py3/8e830e1/ : SUCCESS in 1h 24m 50s\n- openstack-tox-cover http://logs.openstack.org/81/658181/2/check/openstack-tox-cover/d244051/cover/ : SUCCESS in 3m 58s\n- openstack-tox-lower-constraints http://logs.openstack.org/81/658181/2/check/openstack-tox-lower-constraints/3bbf863/ : SUCCESS in 3m 58s\n- openstack-tox-pep8 http://logs.openstack.org/81/658181/2/check/openstack-tox-pep8/d07f750/ : SUCCESS in 3m 36s\n- openstack-tox-py27 http://logs.openstack.org/81/658181/2/check/openstack-tox-py27/83d23a1/ : SUCCESS in 3m 42s\n- openstack-tox-py36 http://logs.openstack.org/81/658181/2/check/openstack-tox-py36/cdb304b/ : SUCCESS in 3m 48s\n- openstack-tox-py37 http://logs.openstack.org/81/658181/2/check/openstack-tox-py37/9ef79e7/ : SUCCESS in 3m 40s\n- openstack-tox-docs http://logs.openstack.org/81/658181/2/check/openstack-tox-docs/136773d/html/ : SUCCESS in 3m 02s\n- novaclient-dsvm-functional http://logs.openstack.org/81/658181/2/check/novaclient-dsvm-functional/eda4af0/ : SUCCESS in 1h 02m 43s","accounts_in_message":[],"_revision_number":2},{"id":"9b7a33c519032eb4c904a8c4c6d7b2cf3e728387","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2019-05-10 04:51:18.000000000","message":"Patch Set 2: -Verified\n\nStarting gate jobs.","accounts_in_message":[],"_revision_number":2},{"id":"48884121e60ed92706cfeec602b9827256a45a2b","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2019-05-10 06:50:39.000000000","message":"Change has been successfully merged by Zuul","accounts_in_message":[],"_revision_number":2},{"id":"d46121293a2faafa760f539961afbb0efea7085f","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2019-05-10 06:50:39.000000000","message":"Patch Set 2: Verified+2\n\nBuild succeeded (gate pipeline).\n\n- tempest-full http://logs.openstack.org/81/658181/2/gate/tempest-full/7e5e23d/ : SUCCESS in 1h 54m 27s\n- tempest-full-py3 http://logs.openstack.org/81/658181/2/gate/tempest-full-py3/1e7c323/ : SUCCESS in 1h 34m 55s\n- openstack-tox-lower-constraints http://logs.openstack.org/81/658181/2/gate/openstack-tox-lower-constraints/be01217/ : SUCCESS in 4m 29s\n- openstack-tox-pep8 http://logs.openstack.org/81/658181/2/gate/openstack-tox-pep8/c3d360f/ : SUCCESS in 3m 13s\n- openstack-tox-py27 http://logs.openstack.org/81/658181/2/gate/openstack-tox-py27/40cb326/ : SUCCESS in 3m 33s\n- openstack-tox-py36 http://logs.openstack.org/81/658181/2/gate/openstack-tox-py36/595ae50/ : SUCCESS in 3m 23s\n- openstack-tox-py37 http://logs.openstack.org/81/658181/2/gate/openstack-tox-py37/001953b/ : SUCCESS in 4m 18s\n- openstack-tox-docs http://logs.openstack.org/81/658181/2/gate/openstack-tox-docs/e373611/html/ : SUCCESS in 3m 23s\n- novaclient-dsvm-functional http://logs.openstack.org/81/658181/2/gate/novaclient-dsvm-functional/e9e37b7/ : SUCCESS in 1h 00m 49s","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"2595bac2294ce05e389eaab6636977963d5fc66c","revisions":{"13f94f20f20c75343d012d19657ee6053dff9075":{"kind":"REWORK","_number":1,"created":"2019-05-09 18:44:24.000000000","uploader":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"ref":"refs/changes/81/658181/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/python-novaclient","ref":"refs/changes/81/658181/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/1"}}},"commit":{"parents":[{"commit":"f7f5df9c1d7c6304f05fbabc42d57c071a51b5d5","subject":"Merge \"Drop py35 tests\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/f7f5df9c1d7c6304f05fbabc42d57c071a51b5d5"}]}],"author":{"name":"Artom Lifshitz","email":"alifshit@redhat.com","date":"2019-05-09 18:34:35.000000000","tz":-240},"committer":{"name":"Artom Lifshitz","email":"alifshit@redhat.com","date":"2019-05-09 18:34:35.000000000","tz":-240},"subject":"Use SHA56 instead of MD5 in completion cache","message":"Use SHA56 instead of MD5 in completion cache\n\nFIPS 140 are U.S. government computer security standards that specify\nrequirements for cryptography modules. MD5 is not FIPS compliant [1].\nPreviously, MD5 was used as the hash algorithm for the bash completion\ncache. Hosts running in FIPS mode [2] block execution of the MD5 hash.\nThis makes python-novaclient unusable on FIPS-enabled machines. This\npatch replaces MD5 with SHA356, which is FIPS compliant.\n\n[1] https://csrc.nist.gov/projects/hash-functions\n[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations\n\nChange-Id: Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/13f94f20f20c75343d012d19657ee6053dff9075"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/13f94f20f20c75343d012d19657ee6053dff9075"}]},"branch":"refs/heads/master"},"2595bac2294ce05e389eaab6636977963d5fc66c":{"kind":"NO_CODE_CHANGE","_number":2,"created":"2019-05-09 19:35:54.000000000","uploader":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"ref":"refs/changes/81/658181/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/python-novaclient","ref":"refs/changes/81/658181/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/python-novaclient refs/changes/81/658181/2"}}},"commit":{"parents":[{"commit":"f7f5df9c1d7c6304f05fbabc42d57c071a51b5d5","subject":"Merge \"Drop py35 tests\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/f7f5df9c1d7c6304f05fbabc42d57c071a51b5d5"}]}],"author":{"name":"Artom Lifshitz","email":"alifshit@redhat.com","date":"2019-05-09 18:34:35.000000000","tz":-240},"committer":{"name":"Artom Lifshitz","email":"alifshit@redhat.com","date":"2019-05-09 19:32:33.000000000","tz":-240},"subject":"Use SHA256 instead of MD5 in completion cache","message":"Use SHA256 instead of MD5 in completion cache\n\nFIPS 140 are U.S. government computer security standards that specify\nrequirements for cryptography modules. MD5 is not FIPS compliant [1].\nPreviously, MD5 was used as the hash algorithm for the bash completion\ncache. Hosts running in FIPS mode [2] block execution of the MD5 hash.\nThis makes python-novaclient unusable on FIPS-enabled machines. This\npatch replaces MD5 with SHA256, which is FIPS compliant.\n\n[1] https://csrc.nist.gov/projects/hash-functions\n[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations\n\nChange-Id: Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/2595bac2294ce05e389eaab6636977963d5fc66c"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-novaclient/commit/2595bac2294ce05e389eaab6636977963d5fc66c"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}