Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revise flavor naming standard according to review criticism #332

Merged
merged 8 commits into from
Aug 17, 2023
Merged

Revise flavor naming standard according to review criticism #332

merged 8 commits into from
Aug 17, 2023

Conversation

mbuechse
Copy link
Contributor

Resolves #327

@mbuechse
Drop two flavor-name examples w/FIXME as discussed in #327
79489e9 
Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse
Drop sentence referring to a document that may never exist, as per #327
8acb56b 
Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse
Attempt to clarify suffix as per #327
2f4a87e 
Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse
Dropped language about compliance, as this is not a matter of the sta…
a6dc38e 
…ndard, but of the certification (which standards have to be complied with)

Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse mbuechse requested a review from garloff August 16, 2023 09:44
@mbuechse
Fix grammar
3720ea3 
Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse
Satisfy markdownlint
c0bf2fd 
Signed-off-by: Matthias Büchse <[email protected]>
garloff
garloff reviewed Aug 16, 2023
View reviewed changes
Standards/scs-0100-v3-flavor-naming.md Outdated

Alternatively, if this commitment is not opportune — i.e.,
microcode updates needed for mitigation are lacking for longer than a month, default kernel/hypervisor
mitigations are disabled, or hyperthreading is enabled despite the CPU being susceptible to L1TF —,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here my suggestion:
If a provider does not want to commit to deploy available microcode fixes and upstream kernel/hypervisor updates within a month or if the provider wants to enable hyperthreading on compute hosts despite having CPUs susceptible to L1TF there (and no SCS-accepted core-scheduling mechanism is used for mitigation), the flavors must be declared insecure with the i suffix.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I will implement the suggestion.

garloff and others added 2 commits August 16, 2023 18:21
@garloff
Found a typo in the disk types.
fd45c82 
Signed-off-by: Kurt Garloff <[email protected]>
@mbuechse
Implement suggestion by @garloff
b5acf2c 
Signed-off-by: Matthias Büchse <[email protected]>
garloff
garloff approved these changes Aug 17, 2023
View reviewed changes
Copy link
Member

@garloff garloff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@garloff garloff merged commit 26fb468 into main Aug 17, 2023
3 checks passed
@garloff garloff deleted the issue/327 branch August 17, 2023 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garloff garloff garloff approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Revise flavor naming standard according to review criticism
2 participants
@mbuechse @garloff