15:19:29 <gwd> #startmeeting Virt SIG
15:19:29 <centbot> Meeting started Tue Mar  6 15:19:29 2018 UTC.  The chair is gwd. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:19:29 <centbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:19:41 <gwd> #chair sbonazzo alynpost
15:19:41 <centbot> Current chairs: alynpost gwd sbonazzo
15:19:48 <anthonyper> gwd: o/
15:19:58 <gwd> #chair anthonyper
15:19:58 <centbot> Current chairs: alynpost anthonyper gwd sbonazzo
15:20:14 <gwd> I'll start this time
15:20:17 <gwd> #topic Xen update
15:20:34 <gwd> #info Xen 4.8 and 4.6 packages with most recent XSAs in testing
15:20:50 <gwd> I think hughesjr updated the kernel package as well
15:21:20 <gwd> #info Working on getting a retpoline-capable compiler for CentOS 7, to be able to enable the Spectre Variant 2 mitigations
15:21:27 * lsm5 here
15:21:31 <gwd> #chair lsm5
15:21:31 <centbot> Current chairs: alynpost anthonyper gwd lsm5 sbonazzo
15:21:38 <gwd> anthonyper, anything else?
15:21:50 <anthonyper> gwd: No, nothing from me.
15:22:01 <gwd> OK, sbonazzo?
15:22:05 <sbonazzo> gwd: ok
15:22:14 <sbonazzo> #topic ovirt updates
15:22:38 <sbonazzo> #info oVirt 4.2.2 entering last rc round, scheduled GA is around March 20th
15:22:59 <sbonazzo> #info Virt SIG packages for oVirt are now available on altarch too:  http://mirror.centos.org/altarch/7/virt/ppc64le/ http://mirror.centos.org/altarch/7/virt/aarch64/
15:23:12 <gwd> Congrats
15:23:15 <sbonazzo> #info release package are being prepared this week and will be available soon
15:23:33 <sbonazzo> gwd thanks, and thanks to Arrfab, kbsingh and the rest of the CentOS team
15:23:38 <hughesjr> gwd: yes ..  a new xen kernel is in the testing repo
15:23:54 <sbonazzo> I think that's all on ovirt side for now
15:24:27 <gwd> sbonazzo: You compile kernels too, right?  Are you in need of a retpoline-enabled compiler?
15:25:56 <sbonazzo> gwd: no, we consume centos kernel as is
15:26:03 <gwd> OK.
15:26:07 <gwd> lsm5, you want to go next?
15:26:30 <lsm5> sure
15:26:37 <lsm5> #topic Container Update
15:26:52 <lsm5> #Info new package added "podman"
15:26:59 <lsm5> #info cri-o bumped to 1.9.8
15:27:28 <lsm5> #action need to push packages to mirror.c.o ...most are in testing already
15:27:31 <lsm5> that's it for me
15:27:35 <lsm5> gwd: back to you
15:27:59 <gwd> lsm5: Same question re retpoline -- do you build your own kernel, and if so, do you need a retpoline-capable gcc?
15:28:24 <lsm5> gwd: nope, not concerned with kernel so far
15:28:35 <gwd> Looks like it's all me then. :-)
15:28:37 <gwd> #topic AoB
15:28:43 <gwd> Anything else?
15:29:21 <gwd> The only thing I have to say is that ATM I'll *probably* be able to get retpoline support for CentOS 7, and thus Spectre V2 mitigations for the C7 packages; but I'm not sure I'll be able to get retpoline support for CentOS 6
15:29:32 <gwd> (And thus the C6 Xen packges may not have the Spectre v2 mitigations)
15:30:15 <gwd> alynpost any opinions on ^ ?
15:31:10 <alynpost> We've been talking about going to CentOS 8 and skipping 7, given that we're still on CentOS 6.
15:31:34 <alynpost> we build our own Xen packages though, we'd be able to use this compiler, then?
15:31:44 * jirkade in (a bit late :-))
15:31:45 <alynpost> I certainly don't also mind building / backporting gcc.
15:32:26 <gwd> alynpost: Sure, or any other compiler that has retpoline support.  The only risk would be suddenly upgrading the compiler version; but I think that should either fail up front or Just Work (TM)
15:33:12 <gwd> The most recent releases of gcc 7 and 8 (released after the Spectre vulnerabilities went public) should have retpoline.
15:33:30 <alynpost> aye, I'd guess we wouldn't be able to live-patch across that upgrade, for instance.
15:33:56 <gwd> Or you could use whatever I come up with for CentOS 7, which will probably be C7's gcc 4.8.5 with SuSE's retpoline backport
15:34:09 * alynpost nods
15:34:29 <alynpost> It's also reasonable to include, as an option "upgrade to CentOS 7"  ::smiles::
15:34:45 <alynpost> In this same basket of problem we'd also like to get to Xen 4.10.
15:34:50 <gwd> Yep. :-)
15:35:23 <gwd> anthonyper: What's the status on xen-410?  Did we get tags for that already?
15:35:59 <anthonyper> gwd: Yes, we've got tags.
15:36:33 <anthonyper> I haven't ask for testing and release repo, so those probably don't exists.
15:36:41 <gwd> No, I don't see directories in buildlogs yet.
15:37:05 <gwd> Well it's a work in progress.
15:37:07 <gwd> Anything else?
15:37:58 <gwd> OK, thanks everyone!
15:38:00 <gwd> #endmeeting