Call for Consensus: node_exporter 1.0.0 release
64 views
Skip to first unread message
Richard Hartmann
Apr 23, 2020, 7:41:10 AM4/23/20
to Prometheus Developers
Dear all,
This is a call for consensus within Prometheus-team on releasing
node_exporter 1.0.0 as-is.
node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features
experimental TLS support[2]. We are planning to use this TLS support
as a template for all other exporters within and outside of Prometheus
proper. To make sure we didn’t build a footgun nor that we’re holding
it wrong, CNCF is sponsoring an external security review by Cure53. We
have not been giving a clear timeline but work should start in week 22
(May 25th) at the latest with no time to completion stated.
There are two positions:
* Wait for the security review to finish before cutting 1.0.0
* Release ASAP, given that this feature is clearly marked as
experimental and it will not see wider testing until we cut 1.0.0
I am asking Prometheus-team to establish rough consensus with a hum.
Should the maintainers (Ben & Fish) be allowed to release without
waiting for the audit to finish?
Best,
Richard
[1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0
[2] https://github.com/prometheus/node_exporter/pull/1277
This is a call for consensus within Prometheus-team on releasing
node_exporter 1.0.0 as-is.
node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features
experimental TLS support[2]. We are planning to use this TLS support
as a template for all other exporters within and outside of Prometheus
proper. To make sure we didn’t build a footgun nor that we’re holding
it wrong, CNCF is sponsoring an external security review by Cure53. We
have not been giving a clear timeline but work should start in week 22
(May 25th) at the latest with no time to completion stated.
There are two positions:
* Wait for the security review to finish before cutting 1.0.0
* Release ASAP, given that this feature is clearly marked as
experimental and it will not see wider testing until we cut 1.0.0
I am asking Prometheus-team to establish rough consensus with a hum.
Should the maintainers (Ben & Fish) be allowed to release without
waiting for the audit to finish?
Best,
Richard
[1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0
[2] https://github.com/prometheus/node_exporter/pull/1277
Ben Kochie
Apr 23, 2020, 7:43:08 AM4/23/20
to Richard Hartmann, Prometheus Developers
Yes, let's release right away.
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAD77%2BgRRHN%2BXfAxXeVitomS9Gz1Nx78ZGw1p%3D6xhtfQmqPJcXg%40mail.gmail.com.
Richard Hartmann
Apr 23, 2020, 7:47:20 AM4/23/20
to Prometheus Developers
Yes
--
Richard
Richard
Matthias Rampke
Apr 23, 2020, 7:53:48 AM4/23/20
to Richard Hartmann, Prometheus Developers
I agree, if we plan on releasing 1.0, have an RC, a security review for a feature marked experimental doesn't need to hold things up. We should make it clear when we consider TLS "ready for serious use" but that's for another release.
/MR
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAD77%2BgTDcHz%2BBtn3wbLJPCRtW1DJ64w63U8jRx_GCtzin5fFMw%40mail.gmail.com.
Julius Volz
Apr 23, 2020, 8:31:47 AM4/23/20
to Matthias Rampke, Richard Hartmann, Prometheus Developers
Agreed as well under these circumstances.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gZJqYJ4LbiwepQXv2X91jHY0oC5j_YR9bkK2f2%3Dwy%2B2iw%40mail.gmail.com.
Brian Brazil
Apr 23, 2020, 8:43:13 AM4/23/20
to Matthias Rampke, Richard Hartmann, Prometheus Developers
On Thu, 23 Apr 2020 at 12:53, Matthias Rampke <matt...@prometheus.io> wrote:
I agree, if we plan on releasing 1.0, have an RC, a security review for a feature marked experimental doesn't need to hold things up. We should make it clear when we consider TLS "ready for serious use" but that's for another release.
Let's be careful here with the word experimental, as that means something very specific in Prometheus terms. "experimental" means that we can make breaking changes to the API across versions, but doesn't say anything about how production-ready code is. For example remote write is classified as experimental, but that's not saying it isn't ready for serious use.
Brian
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gZJqYJ4LbiwepQXv2X91jHY0oC5j_YR9bkK2f2%3Dwy%2B2iw%40mail.gmail.com.
Brian Brazil
Julien Pivotto
Apr 23, 2020, 9:06:38 AM4/23/20
to Richard Hartmann, Prometheus Developers
On 23 Apr 13:40, Richard Hartmann wrote:
> Dear all,
>
> This is a call for consensus within Prometheus-team on releasing
> node_exporter 1.0.0 as-is.
>
> node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features
> experimental TLS support[2]. We are planning to use this TLS support
> as a template for all other exporters within and outside of Prometheus
> proper. To make sure we didn’t build a footgun nor that we’re holding
> it wrong, CNCF is sponsoring an external security review by Cure53. We
> have not been giving a clear timeline but work should start in week 22
> (May 25th) at the latest with no time to completion stated.
>
> There are two positions:
> * Wait for the security review to finish before cutting 1.0.0
> * Release ASAP, given that this feature is clearly marked as
> experimental and it will not see wider testing until we cut 1.0.0
>
> I am asking Prometheus-team to establish rough consensus with a hum.
>
> Should the maintainers (Ben & Fish) be allowed to release without
> waiting for the audit to finish?
Yes
> Dear all,
>
> This is a call for consensus within Prometheus-team on releasing
> node_exporter 1.0.0 as-is.
>
> node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features
> experimental TLS support[2]. We are planning to use this TLS support
> as a template for all other exporters within and outside of Prometheus
> proper. To make sure we didn’t build a footgun nor that we’re holding
> it wrong, CNCF is sponsoring an external security review by Cure53. We
> have not been giving a clear timeline but work should start in week 22
> (May 25th) at the latest with no time to completion stated.
>
> There are two positions:
> * Wait for the security review to finish before cutting 1.0.0
> * Release ASAP, given that this feature is clearly marked as
> experimental and it will not see wider testing until we cut 1.0.0
>
> I am asking Prometheus-team to establish rough consensus with a hum.
>
> Should the maintainers (Ben & Fish) be allowed to release without
> waiting for the audit to finish?
>
>
> Best,
> Richard
>
> [1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0
> [2] https://github.com/prometheus/node_exporter/pull/1277
>
> --
> You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAD77%2BgRRHN%2BXfAxXeVitomS9Gz1Nx78ZGw1p%3D6xhtfQmqPJcXg%40mail.gmail.com.
> You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
--
(o- Julien Pivotto
//\ Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
Richard Hartmann
Apr 23, 2020, 9:32:10 AM4/23/20
to Brian Brazil, Matthias Rampke, Prometheus Developers
On Thu, Apr 23, 2020 at 2:43 PM Brian Brazil
<brian....@robustperception.io> wrote:
> Let's be careful here with the word experimental, as that means something very specific in Prometheus terms. "experimental" means that we can make breaking changes to the API across versions, but doesn't say anything about how production-ready code is. For example remote write is classified as experimental, but that's not saying it isn't ready for serious use.
i would suggest keeping discussion out of the consensus thread for
<brian....@robustperception.io> wrote:
> Let's be careful here with the word experimental, as that means something very specific in Prometheus terms. "experimental" means that we can make breaking changes to the API across versions, but doesn't say anything about how production-ready code is. For example remote write is classified as experimental, but that's not saying it isn't ready for serious use.
clarity. To make it explicit, your hum is for "No", correct?
Goutham Veeramachaneni
Apr 23, 2020, 11:38:42 AM4/23/20
to Prometheus Developers
Yes to release 1.0.0 as is. Lets not block on the security review.
Chris Marchbanks
Apr 23, 2020, 12:12:11 PM4/23/20
to Richard Hartmann, Prometheus Developers
Yes to releasing now.
Dear all, This is a call for consensus within Prometheus-team on releasing node_exporter 1.0.0 as-is. node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features experimental TLS support[2]. We are planning to use this TLS support as a template for all other exporters within and outside of Prometheus proper. To make sure we didn’t build a footgun nor that we’re holding it wrong, CNCF is sponsoring an external security review by Cure53. We have not been giving a clear timeline but work should start in week 22 (May 25th) at the latest with no time to completion stated. There are two positions: * Wait for the security review to finish before cutting 1.0.0 * Release ASAP, given that this feature is clearly marked as experimental and it will not see wider testing until we cut 1.0.0 I am asking Prometheus-team to establish rough consensus with a hum. Should the maintainers (Ben & Fish) be allowed to release without waiting for the audit to finish? Best, Richard [1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0 [2] https://github.com/prometheus/node_exporter/pull/1277
Bartłomiej Płotka
Apr 23, 2020, 12:18:40 PM4/23/20
to Chris Marchbanks, Richard Hartmann, Prometheus Developers
Yes to release now.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/00199Q.0BW99PEPRXG62%40gmail.com.
GANESH VERNEKAR
Apr 23, 2020, 12:20:58 PM4/23/20
to Richard Hartmann, Prometheus Developers
Yes to release now
Bjoern Rabenstein
Apr 23, 2020, 7:15:01 PM4/23/20
to Richard Hartmann, Prometheus Developers
On 23.04.20 13:40, Richard Hartmann wrote:
>
> Should the maintainers (Ben & Fish) be allowed to release without
> waiting for the audit to finish?
If that's their wish, yes, sure.
>
> Should the maintainers (Ben & Fish) be allowed to release without
> waiting for the audit to finish?
Under the described circumstances, I don't see a reason to block them.
--
Björn Rabenstein
[PGP-ID] 0x851C3DA17D748D03
[email] bjo...@rabenste.in
Julien Pivotto
Apr 23, 2020, 7:20:23 PM4/23/20
to Bjoern Rabenstein, Richard Hartmann, Prometheus Developers
On 24 Apr 01:14, Bjoern Rabenstein wrote:
> On 23.04.20 13:40, Richard Hartmann wrote:
> >
> > Should the maintainers (Ben & Fish) be allowed to release without
> > waiting for the audit to finish?
>
> If that's their wish, yes, sure.
>
> Under the described circumstances, I don't see a reason to block them.
I would however draw the attention to the fact that the current config is
> On 23.04.20 13:40, Richard Hartmann wrote:
> >
> > Should the maintainers (Ben & Fish) be allowed to release without
> > waiting for the audit to finish?
>
> If that's their wish, yes, sure.
>
> Under the described circumstances, I don't see a reason to block them.
far from what Prometheus offers (regarding config key names).
I have filled in https://github.com/prometheus/node_exporter/pull/1685
to make it look similar to what we have in the prometheus server.
> --
> You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/20200423231459.GJ2315%40jahnn.
> You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
Frederic Branczyk
Apr 24, 2020, 2:42:26 AM4/24/20
to Julien Pivotto, Bjoern Rabenstein, Prometheus Developers, Richard Hartmann
I think it’s your call to release 1.0, so if you feel it’s right then go ahead :)
I do think we should make sure we do our best not to have inconsistencies or possible breaking changes, so Julien’s PR about the config consistency should probably be included.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/20200423232018.GA1315860%40oxygen.
Richard Hartmann
Apr 25, 2020, 6:55:10 AM4/25/20
to Prometheus Developers
Dear all,
from the amount of people who hummed and by who hummed, or did not
hum, it is my understanding that we have reached consensus.
Thank you,
Richard
PS: I agree that Julien's PR should make it into 1.0.0 proper.
--
Richard
from the amount of people who hummed and by who hummed, or did not
hum, it is my understanding that we have reached consensus.
Thank you,
Richard
PS: I agree that Julien's PR should make it into 1.0.0 proper.
Richard
Matt Layher
Apr 25, 2020, 2:06:12 PM4/25/20
to Prometheus Developers
Apologies for the delay, but YES to releasing now.
Reply all
Reply to author
Forward
0 new messages