)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b7e190b13908761f78cf6589e20a198897d6676e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b6e08588_3463e35f","updated":"2022-10-18 02:30:11.000000000","message":"(allow me to leave -1 until I get some clarification about the update bits)","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"8fec620f461da723d7f36367794903f3a948234b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"4dbe7f83_2c0e5aa2","updated":"2022-11-21 15:49:23.000000000","message":"@Takashi, the managing of directories permissions script is complicated, it requires changes in t-h-t script and the tripleo-ansible plugin version of it.\nI propose to address the main security concern *umask for files*, then follow-up the directories permissions changes, as it appeared to be surprisingly non-trivial effort to finish the latter. Please reconsider to merge the former first.","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"d864855d76012d8b8b9a95ed5d9fb1bfddd2578f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b4c0d779_b3a429c7","updated":"2022-10-04 15:21:57.000000000","message":"PTAL","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"78a527328822c7e695f47beff0f6f50aef885084","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e53917d2_174f3b20","updated":"2022-10-14 12:38:35.000000000","message":"could you also merge this 2nd one in the topic","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"3fc4dd809441354ccf77a07952c6a4aa51e5af4e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e1119fa5_0bed663a","updated":"2022-11-23 13:41:07.000000000","message":"here it is https://review.opendev.org/c/openstack/tripleo-heat-templates/+/865425\n\nthe 2nd should go to tripleo-ansible now (not sure which one is used there...)","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"481d08e4eaf17311ff0df646f116e7d9257affbe","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d89d4837_7968db9b","updated":"2022-10-14 08:47:20.000000000","message":"just wondering whether we want to provide the option to change the umask instead of hard-coding it, in case any external toolings require access to these image data.","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"6c9a9459aabd2b9b081aa3515afb3d1af12e0b24","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"327721c3_62f18950","updated":"2022-10-03 11:33:02.000000000","message":"recheck ipa","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"c10f46856e3669d7bfcdafe67b656f63df96d229","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e1d546ba_b9491a08","updated":"2022-10-03 11:36:26.000000000","message":"virtqemud container\u0027s umask had been set as expected","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"008fe1b4434a5ea3ac6815a8a163ecbf97b18e9e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9362a3d2_8f06cfc5","in_reply_to":"4dbe7f83_2c0e5aa2","updated":"2022-11-21 23:58:31.000000000","message":"OK. We probably want to leave TODO comments but I\u0027m merging this because it has been kept for a while.","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"95fac3537c37524d3f06a3a6a4c0cfd6a97aaa4b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ee6c016d_400d7ed7","in_reply_to":"86859536_9f6e8d88","updated":"2022-10-18 02:29:36.000000000","message":"Do you have any plan to implement update task to remove 027 bits from existing files ? We need the automated(or at least manual) steps to chmod existing files otherwise we leave files in inconsistent modes during upgrade.\n\nIf we change the default behavior then IMHO we should consider the proper update path to adapt to the new mode, and it that is still TODO then I tend to make the change optional now (Add the option like NovaSecureUmask and keep the current behavior without umask as default)","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"54e06de0f3bdfeade86687b2362ac201ebf3d2d8","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ae96ceb7_bb89b339","in_reply_to":"8d3b5dd5_884ac012","updated":"2022-11-02 13:05:40.000000000","message":"we should not keep this in status que as this fixes a security issue.\ninconsistency state for minor updates is something to address though","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"50febb59ff34f4b5d03a83ea51289e33b5dcd861","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"86859536_9f6e8d88","in_reply_to":"d89d4837_7968db9b","updated":"2022-10-14 12:40:01.000000000","message":"Sure we can map some t-h-t param for this TRIPLEO_KOLLA_UMASK. Would a follow-up work for you?","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"163ca7b80b6c3182f6c65a2fdc0a6ce752bd2396","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"8d3b5dd5_884ac012","in_reply_to":"ee6c016d_400d7ed7","updated":"2022-10-20 14:39:14.000000000","message":"I will take a look into the https://github.com/openstack/tripleo-heat-templates/blob/c084e9e312ef6dd2508d7400292ff53411dd8605/container_config_scripts/nova_statedir_ownership.py#L1 file to address the upgrades impact","commit_id":"7bba86fc582b6d599117be06c23d0a3d91332cfd"}]}