Closed fridex closed 2 years ago
I think this might be a good opportunity to show different advises, based on latest -> f35-py310 or security -> ubi8-py39 wdyt?
/priority important-soon /triage accepted
https://bodhi.fedoraproject.org/updates/FEDORA-CONTAINER-2022-84cdd058eb
It looks like the container image is now stable. We could install fedora-35-py310
solver and trigger ingestion. I'm not 100% sure if Python 3.10 parsing from the solver name will be correct in our tooling - worth checking.
I'm not 100% sure if Python 3.10 parsing from the solver name will be correct in our tooling - worth checking.
It is wrong:
>>> from thoth.common import OpenShift
>>> OpenShift.parse_python_solver_name("solver-fedora-35-py310")
{'os_name': 'fedora', 'os_version': '35', 'python_version': '3.1.0'}
/sig stack-guidance /priority important-soon
/assign
/lifecycle active
With respect to #235 that created the f35-py310 solver, the tagged image in quay.io
is showing with a critical vulnerability in the scan (see scan). It appears that the vulnerability lies with pip
. What should be done about this?
Can we close this issue, or is there more that needs to be done here?
It might be a good idea to generate prescriptions for packages packaged as RPMs in Fedora 35 (also might be worth to document this). See https://github.com/thoth-station/thoth-application/issues/1803#issuecomment-878208947 and this issue should state code on how to do that https://github.com/thoth-station/adviser/issues/1961 (might require changes to conform to the current prescriptions structure and https://github.com/thoth-station/prescriptions/issues/59).
BTW it sounds like we could turn on ingestion in stage env?
BTW it sounds like we could turn on ingestion in stage env?
Tracking that in https://github.com/thoth-station/thoth-application/issues/2479
This seems to be done. closing
Is your feature request related to a problem? Please describe.
See https://github.com/sclorg/s2i-python-container/pull/486 - we could plug solver-fedora-35-py310 and start ingestion.