ROOT Team Meeting

Europe/Zurich
32/1-A24 (CERN)

32/1-A24

CERN

40
Show room on map
Axel Naumann (CERN), Lorenzo Moneta (CERN)
Description

Zoom link in announcement email; please contact rootdev@cern.ch if you did not receive it!

Zoom Meeting ID
97374667082
Host
Axel Naumann
Alternative hosts
Bertrand Bellenot, Lorenzo Moneta, Enrico Guiraud, Jakob Blomer, Danilo Piparo, Vincenzo Eduardo Padulano
Useful links
Join via phone
Zoom URL

News:
Not going to discuss issues anymore, to give more time for topics; link in meeting invitation
ROOT LDs: Jonas and Vincenzo
RISC-V machine from INFN (64 cores, 128 GB)
LLVM upgrade merged this morning (among others, RISC-V support out-of-the-box)

Shift handover:
Monica: summary on Mattermost
Next shifter is Olivier

Meetings:
TMVA / RooFit: no meetings
PPP: Hans Dembinski, comparing RooFit with iMinuit Numba; meeting this week on Apache Kafka
Planning / Godparents: in contact with ATLAS regarding security issue (recommending users to create rootrc)
LIM: nothing
I/O: presentation from Marco Meyer on data formats for gravitational waves (also HDF5); large-scale testing with IT starting

WebGUI security:
idea: move security related functionality into separate file(s), security review
Jakob: avoid honeypot, call it extended review
Vincenzo: need label? would code ownership be enough? discussion: probably
Jonas / Sergei: client not as security relevant, unless somebody able to manipulate messages
Florine: code review more regularly? discussion: maybe every two years, or before relases if there are bigger architecture changes
Jakob: recommend experiments to setup proxies
Jakob: IT might ask about supply chain, ie security issues in dependencies; Axel: part of the release procedure to check builtins
Jakob: have an "open socket" to be informed about CVEs; Bertrand and Jakob will follow up
JonasH: legitimate reason for opening public ports? Axel: not that we are aware of
Discussion: how to generate tokens? should not use ROOT PRNG, likely need platform-specific implementations
JonasH: what about rootlogon? long discussion, maybe rename interface to enable web graphics?
Axel: done for patch releases: default to non-web graphics, ignore loopback configuration
Danilo: plan for next patch releases: "impossible" to have insecure ROOT
Axel: should we disable in master as well? JonasR: yes, consider LCG nightlies as "used release"

There are minutes attached to this event. Show them.
    • 16:00 16:01
      Find notetaker 1m
    • 16:01 16:05
      News 4m
    • 16:05 16:10
      Shift handover 5m
    • 16:10 16:20
      Meeting Summaries and Plans 10m
      • I/O
      • TMVA
      • RooFit
      • PPP
      • Planning / Godparents /...
      • LIM
    • 16:20 17:00
      Topics 40m
      • WebGUI security
      Doc
    • 17:00 17:25
      Round Table 25m
    • 17:25 17:30
      A.O.B. 5m
      • Release lunch