Date   

Re: FW: issue tracker permissions

Lisa Doan <ldoan@...>
 

Hi Guillaume,

I forgot to mention that non-account members will be able to join Public
projects as viewers, and viewers will be able to follow.

Thanks,
Lisa

On Fri, Jan 27, 2017 at 9:10 AM, Chip Childers <cchilders(a)cloudfoundry.org>
wrote:

I'll have Chris Clark, a member of my team, track this down and report
back to everyone.

On Fri, Jan 27, 2017 at 10:38 AM Guillaume Berche <bercheg(a)gmail.com>
wrote:

Hi Lisa,

The Cf community members typically don't have an account which is member
of the Pivotal Enterprise account used by CFF tracker projects. What's the
recommended way for adding them (could be hundreds of members interested in
following stories) to the account ? Is there another alternative than
directly requesting the owner (is that Onsi ?) to invite them (hence my
suggestion about a google form to centralize invitation requests and avoid
email exchanges) ?

Thanks in advance,

Guillaume.




Guillaume.

On Thu, Jan 26, 2017 at 11:09 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi Guillaume,

We introduced a new feature to Enterprise accounts late last year that
allows Project Owners to set their Project Privacy to "Shared with my
company." If a project has this setting, anyone at the organization can
search for and join the project as a viewer.

All of the Cloud Foundry projects belong to an Enterprise account, so
anyone who is a member on those accounts will be able to find and join the
projects once the Project Owner updates the privacy setting. Project Owners
will still also be able to invite users to their projects.

Thanks,
Lisa


On Thu, Jan 26, 2017 at 1:59 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

Hi Lisa,

Thanks for sharing the progress on the "viewers can follow stories"
feature. Can you please detail whether this would still require CF
community members to request the tracker account owner to individually send
them an invite ?

If so, may be the CFF tracker account owner could set up something like a
google form to easily receive invitation requets and track their completion
?

Thanks in advance,

Guillaume.

On Thu, Sep 29, 2016 at 10:12 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:
Thanks Lisa for considering this extra feature to avoid the per-project
invite. I understand an explicit action would still be requested to become
a member of the account owning the CFF projects, for any one willing to
follow, or add projects to workspaces.

The CF community is quite large, so it's possible hundreds of people will
request this. That's be great to have a "request to join owner account"
button, as to avoid wasting time through email requests to the project
owner.

In the meantime until the community gets these self-service accesses,
I'll try maintaining the trackermirror up as a hacky workaround. Please let
me know if ever this causes troubles/inconveniences.

Regards,

Guillaume.

On Thu, Sep 29, 2016 at 9:41 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:
Hi Guillaume,

You need to be invited to be a viewer or member on projects before you
can add them to workspaces. In those screenshots, the only projects
appearing are ones that you are a member or viewer of. In order to have the
CF public projects appear there, you must be invited to the projects.

I understand that it would be burdensome to ask all of the project owners
to invite you to the relevant projects. We are currently working on a
feature that will allow any account member to self-join projects so that
this isn't as difficult. This would require you to become a member of the
account that owns the CF public projects, but once you are a member, you
could join any of the shared or public projects. We expect that to release
later this year (it is part of the body of work that is ahead of Viewers
can follow).

Thanks,
Lisa




Guillaume.

On Thu, Jan 5, 2017 at 11:40 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hello all,

Hope your new year has gotten off to a good start! Just wanted to give
you an update that the feature set to let Viewers follow stories is in
progress.

Thanks,
Lisa

On Thu, Dec 1, 2016 at 12:55 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



Thanks for the update. Further delays are quite unfortunate, and my trust
in that this feature will ever see the light of day is really low. As we're
celebrating now the 1 year anniversary of this feature request, I took the
liberty to mirror my backlog to trello: https://trello.com/b/ZLikX21o/
bosh-openstack-cpi



For now, this was more a proof-of-concept that it is feasible to transfer
everything in an automated way. Next year, I'll be starting to actually
work from there instead of tracker.



In case other people are interested in how to migrate: I created a fork
of the pivotal-to-trello exporter, which can deal with labels as well
https://github.com/voelzmo/pivotal-to-trello



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Wednesday, 30 November 2016 at 18:03

*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>
*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi Marco -- there is a chance we can start this by the end of the year.
It has taken us a little while longer than expected to complete the
features that were ahead of it, but they should be releasing in the next
few weeks, and we then can start to focus on Viewers being able to follow.
Due to the holidays and other year-end distractions, we probably won't
complete the entire feature set by end of year. But it is still very high
on our priority list as we know it is important to you and many of our
customers. My apologies for the delay.



Thanks,

Lisa



On Wed, Nov 30, 2016 at 6:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



How is the "viewers can follow stories" feature coming along? Today is
the last day of November, I haven't seen it in Tracker's release notes or
received any update from your side since the two mails below. Any chance
that we get that feature by the end of the year?



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Monday, 26 September 2016 at 18:26
*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>


*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.


Thanks,

Lisa



On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,



Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.



Thanks,

Lisa



On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before, it
is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/
articles/about-notifications/#types-of-notifications> github feature to
track progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/
articles/searching-github> to search Pivotal Tracker content (e.g.
accross multiple mirrored PT projects, or along with other github
repositories hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/articles/basic-writing-and-
formatting-syntax/#mentioning-users-and-teams> to contact github
accounts associated with PT public projects contributors, in the context
with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>






Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are just
tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently mandatory
for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every
4 weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From my
point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback concerning
this feature to the tracker team – I haven't received any reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it or
whatever is necessary to indicate that there is more than 1 person wanting
this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on our
tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to watch
nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console






















--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815 <(267)%20250-0815>


Re: FW: issue tracker permissions

Chip Childers <cchilders@...>
 

I'll have Chris Clark, a member of my team, track this down and report back
to everyone.

On Fri, Jan 27, 2017 at 10:38 AM Guillaume Berche <bercheg(a)gmail.com> wrote:

Hi Lisa,

The Cf community members typically don't have an account which is member
of the Pivotal Enterprise account used by CFF tracker projects. What's the
recommended way for adding them (could be hundreds of members interested in
following stories) to the account ? Is there another alternative than
directly requesting the owner (is that Onsi ?) to invite them (hence my
suggestion about a google form to centralize invitation requests and avoid
email exchanges) ?

Thanks in advance,

Guillaume.




Guillaume.

On Thu, Jan 26, 2017 at 11:09 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi Guillaume,

We introduced a new feature to Enterprise accounts late last year that
allows Project Owners to set their Project Privacy to "Shared with my
company." If a project has this setting, anyone at the organization can
search for and join the project as a viewer.

All of the Cloud Foundry projects belong to an Enterprise account, so
anyone who is a member on those accounts will be able to find and join the
projects once the Project Owner updates the privacy setting. Project Owners
will still also be able to invite users to their projects.

Thanks,
Lisa


On Thu, Jan 26, 2017 at 1:59 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

Hi Lisa,

Thanks for sharing the progress on the "viewers can follow stories"
feature. Can you please detail whether this would still require CF
community members to request the tracker account owner to individually send
them an invite ?

If so, may be the CFF tracker account owner could set up something like a
google form to easily receive invitation requets and track their completion
?

Thanks in advance,

Guillaume.

On Thu, Sep 29, 2016 at 10:12 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:
Thanks Lisa for considering this extra feature to avoid the per-project
invite. I understand an explicit action would still be requested to become
a member of the account owning the CFF projects, for any one willing to
follow, or add projects to workspaces.

The CF community is quite large, so it's possible hundreds of people will
request this. That's be great to have a "request to join owner account"
button, as to avoid wasting time through email requests to the project
owner.

In the meantime until the community gets these self-service accesses, I'll
try maintaining the trackermirror up as a hacky workaround. Please let me
know if ever this causes troubles/inconveniences.

Regards,

Guillaume.

On Thu, Sep 29, 2016 at 9:41 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:
Hi Guillaume,

You need to be invited to be a viewer or member on projects before you can
add them to workspaces. In those screenshots, the only projects appearing
are ones that you are a member or viewer of. In order to have the CF public
projects appear there, you must be invited to the projects.

I understand that it would be burdensome to ask all of the project owners
to invite you to the relevant projects. We are currently working on a
feature that will allow any account member to self-join projects so that
this isn't as difficult. This would require you to become a member of the
account that owns the CF public projects, but once you are a member, you
could join any of the shared or public projects. We expect that to release
later this year (it is part of the body of work that is ahead of Viewers
can follow).

Thanks,
Lisa




Guillaume.

On Thu, Jan 5, 2017 at 11:40 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hello all,

Hope your new year has gotten off to a good start! Just wanted to give you
an update that the feature set to let Viewers follow stories is in progress.

Thanks,
Lisa

On Thu, Dec 1, 2016 at 12:55 AM, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Lisa,



Thanks for the update. Further delays are quite unfortunate, and my trust
in that this feature will ever see the light of day is really low. As we're
celebrating now the 1 year anniversary of this feature request, I took the
liberty to mirror my backlog to trello:
https://trello.com/b/ZLikX21o/bosh-openstack-cpi



For now, this was more a proof-of-concept that it is feasible to transfer
everything in an automated way. Next year, I'll be starting to actually
work from there instead of tracker.



In case other people are interested in how to migrate: I created a fork of
the pivotal-to-trello exporter, which can deal with labels as well
https://github.com/voelzmo/pivotal-to-trello



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Wednesday, 30 November 2016 at 18:03

*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>
*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi Marco -- there is a chance we can start this by the end of the year. It
has taken us a little while longer than expected to complete the features
that were ahead of it, but they should be releasing in the next few weeks,
and we then can start to focus on Viewers being able to follow. Due to the
holidays and other year-end distractions, we probably won't complete the
entire feature set by end of year. But it is still very high on our
priority list as we know it is important to you and many of our customers.
My apologies for the delay.



Thanks,

Lisa



On Wed, Nov 30, 2016 at 6:54 AM, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Lisa,



How is the "viewers can follow stories" feature coming along? Today is the
last day of November, I haven't seen it in Tracker's release notes or
received any update from your side since the two mails below. Any chance
that we get that feature by the end of the year?



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Monday, 26 September 2016 at 18:26
*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>


*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.


Thanks,

Lisa



On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,



Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.



Thanks,

Lisa



On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before, it
is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal Tracker
(PT) stories into github issues. See pivotaltrackermirror at [1], and the
experimental mirror of the buildpack tracker at [2]. I'd like to thanks the
buildpacks team for accepting to join
this experiment and providing us with feedback in the past few weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <
https://help.github.com/articles/about-notifications/#types-of-notifications>
github feature to track progress on public pivotal trackers projects: all
stories or selected stories of interest.
2. allow use of
github search features <
https://help.github.com/articles/searching-github> to search Pivotal
Tracker content (e.g. accross multiple mirrored PT projects, or along with
other github repositories hosting the associated code)
3. allow use of
github @mentions <
https://help.github.com/articles/basic-writing-and-formatting-syntax/#mentioning-users-and-teams>
to contact github accounts associated with PT public projects contributors,
in the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would also
cover use-case #1 (get notifications for all stories in a tracker). I'm not
yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>






Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are just
tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently mandatory
for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a few
of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every 4
weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature should
be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From my
point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback concerning
this feature to the tracker team – I haven't received any reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the same
problem here: This seems like a fire-and-forget solution. Where does this
item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it or
whatever is necessary to indicate that there is more than 1 person wanting
this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at the
top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that this
is a frustration I have too. There are several stories in the various CF
teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on our
tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not sure
what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like the
best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to watch
nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console






















--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815


Re: Fairwell

Jamie OMeara
 

Good luck on your new adventures Chris!

*Jamie O'Meara*
Platform Architect
303.898.5437
jomeara(a)pivotal.io
www.pivotal.io

On Fri, Jan 27, 2017 at 8:49 AM, Christopher Frost <cfrost(a)pivotal.io>
wrote:


Nine and a half years ago I started work at Interface21* and today is my
last day at Pivotal.

It's been a long and exciting journey, many things have changed but my
office chair has not.

It's time for new challenges and a new chair, I wish Pivotal and you all
well whatever lies ahead.


Feel free to get in touch through the medium of your choice;
Twitter - cgfrost
Facebook - cgfrost
LinkedIn - cgfrost
GitHub - cgfrost


Until next time folks,
Chris.

* https://spring.io/blog/2006/12/16/why-the-name-interface21


Christopher Frost - Pivotal UK
Spring Cloud Services Team


Fairwell

Christopher Frost
 

Nine and a half years ago I started work at Interface21* and today is my
last day at Pivotal.

It's been a long and exciting journey, many things have changed but my
office chair has not.

It's time for new challenges and a new chair, I wish Pivotal and you all
well whatever lies ahead.


Feel free to get in touch through the medium of your choice;
Twitter - cgfrost
Facebook - cgfrost
LinkedIn - cgfrost
GitHub - cgfrost


Until next time folks,
Chris.

* https://spring.io/blog/2006/12/16/why-the-name-interface21


Christopher Frost - Pivotal UK
Spring Cloud Services Team


Re: FW: issue tracker permissions

Guillaume Berche
 

Hi Lisa,

The Cf community members typically don't have an account which is member of
the Pivotal Enterprise account used by CFF tracker projects. What's the
recommended way for adding them (could be hundreds of members interested in
following stories) to the account ? Is there another alternative than
directly requesting the owner (is that Onsi ?) to invite them (hence my
suggestion about a google form to centralize invitation requests and avoid
email exchanges) ?

Thanks in advance,

Guillaume.




Guillaume.

On Thu, Jan 26, 2017 at 11:09 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi Guillaume,

We introduced a new feature to Enterprise accounts late last year that
allows Project Owners to set their Project Privacy to "Shared with my
company." If a project has this setting, anyone at the organization can
search for and join the project as a viewer.

All of the Cloud Foundry projects belong to an Enterprise account, so
anyone who is a member on those accounts will be able to find and join the
projects once the Project Owner updates the privacy setting. Project Owners
will still also be able to invite users to their projects.

Thanks,
Lisa


On Thu, Jan 26, 2017 at 1:59 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:

Hi Lisa,

Thanks for sharing the progress on the "viewers can follow stories"
feature. Can you please detail whether this would still require CF
community members to request the tracker account owner to individually send
them an invite ?

If so, may be the CFF tracker account owner could set up something like a
google form to easily receive invitation requets and track their completion
?

Thanks in advance,

Guillaume.

On Thu, Sep 29, 2016 at 10:12 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:
Thanks Lisa for considering this extra feature to avoid the per-project
invite. I understand an explicit action would still be requested to become
a member of the account owning the CFF projects, for any one willing to
follow, or add projects to workspaces.

The CF community is quite large, so it's possible hundreds of people will
request this. That's be great to have a "request to join owner account"
button, as to avoid wasting time through email requests to the project
owner.

In the meantime until the community gets these self-service accesses,
I'll try maintaining the trackermirror up as a hacky workaround. Please let
me know if ever this causes troubles/inconveniences.

Regards,

Guillaume.

On Thu, Sep 29, 2016 at 9:41 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:
Hi Guillaume,

You need to be invited to be a viewer or member on projects before you
can add them to workspaces. In those screenshots, the only projects
appearing are ones that you are a member or viewer of. In order to have the
CF public projects appear there, you must be invited to the projects.

I understand that it would be burdensome to ask all of the project owners
to invite you to the relevant projects. We are currently working on a
feature that will allow any account member to self-join projects so that
this isn't as difficult. This would require you to become a member of the
account that owns the CF public projects, but once you are a member, you
could join any of the shared or public projects. We expect that to release
later this year (it is part of the body of work that is ahead of Viewers
can follow).

Thanks,
Lisa




Guillaume.

On Thu, Jan 5, 2017 at 11:40 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hello all,

Hope your new year has gotten off to a good start! Just wanted to give
you an update that the feature set to let Viewers follow stories is in
progress.

Thanks,
Lisa

On Thu, Dec 1, 2016 at 12:55 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



Thanks for the update. Further delays are quite unfortunate, and my
trust in that this feature will ever see the light of day is really low. As
we're celebrating now the 1 year anniversary of this feature request, I
took the liberty to mirror my backlog to trello:
https://trello.com/b/ZLikX21o/bosh-openstack-cpi



For now, this was more a proof-of-concept that it is feasible to
transfer everything in an automated way. Next year, I'll be starting to
actually work from there instead of tracker.



In case other people are interested in how to migrate: I created a fork
of the pivotal-to-trello exporter, which can deal with labels as well
https://github.com/voelzmo/pivotal-to-trello



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Wednesday, 30 November 2016 at 18:03

*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>, Dan Podsedly <dpodsedly(a)pivotal.io>,
Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>
*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi Marco -- there is a chance we can start this by the end of the year.
It has taken us a little while longer than expected to complete the
features that were ahead of it, but they should be releasing in the next
few weeks, and we then can start to focus on Viewers being able to follow.
Due to the holidays and other year-end distractions, we probably won't
complete the entire feature set by end of year. But it is still very high
on our priority list as we know it is important to you and many of our
customers. My apologies for the delay.



Thanks,

Lisa



On Wed, Nov 30, 2016 at 6:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



How is the "viewers can follow stories" feature coming along? Today is
the last day of November, I haven't seen it in Tracker's release notes or
received any update from your side since the two mails below. Any chance
that we get that feature by the end of the year?



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Monday, 26 September 2016 at 18:26
*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>, Dan Podsedly <dpodsedly(a)pivotal.io>,
Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>


*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.


Thanks,

Lisa



On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,



Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.



Thanks,

Lisa



On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before,
it is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See
[5] for more detailed coverage. This should enable community members to
watch the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the
next days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit
unconference on monday might be a good place for this, I'd propose a
subject if I receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few
weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/artic
les/about-notifications/#types-of-notifications> github feature to
track progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/artic
les/searching-github> to search Pivotal Tracker content (e.g. accross
multiple mirrored PT projects, or along with other github repositories
hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/artic
les/basic-writing-and-formatting-syntax/#mentioning-users-and-teams>
to contact github accounts associated with PT public projects contributors,
in the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more
trackers listed in [5] (in a rate of a few projects per week). Please
report issues on [3] if you observe negative side effects, or reply to this
email if you have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues
<https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>






Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are
just tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently
mandatory for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to
do the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back
every 4 weeks with him and what I’ve heard so far is ideas. I haven’t seen
a prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From
my point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g.
trello, but if the requirements of a large open-source community aren’t
heard, then I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback
concerning this feature to the tracker team – I haven't received any
reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it
or whatever is necessary to indicate that there is more than 1 person
wanting this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible
demand for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on
our tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with
that as well. Any ideas on how to solve this? Is this a feature that the
tracker team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/1
05493826
>>
>>
>>I do have an account but it seems I don't have permissions to
watch nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console


















Introducing cf-deployment

David Sabeti
 

Hi cf-dev,


In addition to managing the release lifecycle of cf-release, the CF
Relation Integration team has been working on a new way to deploy CF. There
are a lot goals we're trying to accomplish with a new approach, and we
think we have accomplished (or will accomplish) most of them with
cf-deployment <https://github.com/cloudfoundry/cf-deployment>. We just
wanted to give the community a head's up and ask for feedback.

tl;dr:

- The Release Integration team is building cf-deployment
<https://github.com/cloudfoundry/cf-deployment> as a replacement for
manifest generation scripts in cf-release. It uses new BOSH features and
the new BOSH CLI to significantly simplify manifest generation.

- cf-deployment is *still under construction* and should be used primarily
in dev or test environments. We expect it to be ready for general
consumption sometime in March.

- We're working on a migration path from cf-release.

- cf-deployment deploys Diego instead of DEAs.

- Have questions or feedback? Feel free to open github issues or PRs. You
can also get a hold of us in the #cf-deployment
<https://cloudfoundry.slack.com/messages/cf-deployment/> channel of the
Cloud Foundry slack.


First of all, what is cf-deployment?

cf-deployment is, more or less, a BOSH deployment manifest for deploying
Cloud Foundry. It will eventually replace the manifest generation scripts
in cf-release. In fact, it will replace cf-release entirely.

Smaller, composable releases

One thing you might notice if you take a look at cf-deployment is that
we're using quite a few releases
<https://github.com/cloudfoundry/cf-deployment/blob/0994ecee65f5e77cc47bfcec08c23a4dbc1cdfbb/cf-deployment.yml#L1444-L1524>.
Well, cf-release has always been using these releases, but secretly and as
submodules. Those submodules are absent from cf-deployment, because you can
specify releases by their download url in a bosh manifest. The big payoff
here is really for the release teams -- they can iterate more quickly and
test more often against the changes made by other release teams. The effect
to deployers is that in time, we will deprecate cf-release and there will
no longer be a single bosh release that tries to contain all of Cloud
Foundry. Instead, this manifest will encode all of the releases that are
part of the core CF platform and will be the source of truth for how to
deploy CF.

Timelines (sort of)

cf-deployment is still *under construction* and shouldn't be used for
production environments. But we would LOVE for people to start using it for
test and development environments. In the next several weeks, we're going
to make sure that all the release teams are able to move their test
environments over to cf-deployment. After that, the next big milestone for
us will be to develop a clear migration path from cf-release to
cf-deployment. Once we iron that out, the RelInt team will feel comfortable
making cf-deployment the officially supported mechanism for deploying CF
(with BOSH, at least). We expect that there will be a few months where we
support both cf-deployment and cf-release before we deprecate cf-release
entirely.

Making Diego the default backend

One of the primary motivations for cf-deployment is to end-of-life the DEAs
<https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.cloudfoundry.org/thread/PFXSJMKSQ6UNR2I5U5Q2H2QTXTCAEIJR/>
and make Diego the default backend deployed with any CF. Currently, a
typical CF deployment (as defined by the manifest templates in cf-release
<https://github.com/cloudfoundry/cf-release/tree/master/templates>) deploys
DEAs, but none of the Diego components. Operators looking to include Diego
commonly deploy diego-release with a separate BOSH manifest
<https://github.com/cloudfoundry/diego-release/tree/develop/manifest-generation>
and must manage the two deployments (CF and Diego) separately. This setup
is harder to manage, relies on passing information between the two manifests
<https://github.com/cloudfoundry/diego-release/blob/develop/manifest-generation/config-from-cf.yml>,
and continues to treat Diego like an optional or experimental part of the
CF ecosystem. It's time to bring it into the fold. Accordingly,
cf-deployment includes all the Diego components and does not deploy DEAs.

Simplifying manifest generation

Another part of the mission of cf-deployment is to make it easier for
deployers to build their manifests. The spiff templates in cf-release have
become unwieldy and give first-time deployers a mountain of work to do
before they can see their first successful BOSH deploy of CF. Instead,
cf-deployment uses the new bosh cli
<https://github.com/cloudfoundry/bosh-cli> to achieve the following:

1. Deployers don't need to generate credentials. cf-deployments has a
`variables`
section
<https://github.com/cloudfoundry/cf-deployment/blob/a88d00538aad484c351ac05d3bfe5a8a12111d02/cf-deployment.yml#L1235>
in the manifest describing how all credentials needed by the CF deployment
should be generated. The bosh cli reads this section and generates
credentials for the deployer, and saves them to a file based on the
`--vars-store` parameter. Deployers can save those credentials however they
like. (Future work on this front includes leveraging BOSH config server
<https://github.com/cloudfoundry/bosh-notes/blob/master/config-server.md>
instead).

2. Deployers don't need to use spiff. The bosh cli includes a `-v` flag
that allows the deployer to provide a variable to be templated in to the
manifest. Coupled with credential generation, this means that deployers
need specify only their `system_domain` in order to generate a functional
manifest. Deploying from scratch looks like this:

bosh deploy cf-deployment.yml \

-v system_domain=my-cf.com \

--vars-store credentials.yml \

-d cf

3. Deployers can encode their custom configuration in a simple, repeatable
way. If you haven't seen BOSH ops files yet, allow me to introduce you. Ops
files implement a yaml version of json patch <http://jsonpatch.com/> that
allows deployers to specify mutations to cf-deployment. This empowers
deployers to make arbitrary changes to the manifest, and thus achieve their
desired configuration. For example, if a deployer wants to scale up the
number of API instances, they can run

bosh deploy cf-deployment.yml \

-v system_domain=my-cf.com \

--vars-store credentials.yml \

-d cf \

-o scale-api.yml

With the syntax for scale-api.yml looking like this:

---

- type: replace

path: /instance_groups/name=api/instances

value: 10

Feel free to take a look at the ops files provided in cf-deployment
<https://github.com/cloudfoundry/cf-deployment/tree/develop/operations> for
more examples.

Get in touch

Lastly, the team is eager for feedback on cf-deployment and any kind of
tooling we can build around it. We pay close attention to github issues on
the cf-deployment repo and the #cf-deployment channel in the CF Slack.
We'll try to publish more information to this email list as we discover
other important things that will be valuable to the wider community.


I'm also linking to a doc containing the exact same information
<https://docs.google.com/document/d/1UWNcgDtE4SxNPFumMfHKX5lH72CLGUNH-6Svie_vwN4/edit?usp=sharing>
to allow comments and discussion on specific points. I'll do my best to
answer any questions or concerns both in this email thread or in the doc.


Happy deploying!
David Sabeti
Product Manager, CF Release Integration Team


Re: CF-extensions monthly recurring (last Monday) meeting - next on Monday 30, January 2017

Michael Maximilien
 

Thanks. I plan to be at Pivotal for this. Those there please join me. I
will add a room once I have one reserved in the AM.

I could setup a Google Hangout. Any other suggestions? If I hear nothing I
will setup Google Hangout.

Best,

Max

On Thu, Jan 26, 2017 at 8:33 AM, Dieu Cao <dcao(a)pivotal.io> wrote:

Hi Max,

I highly recommend not using appear.in for meetings with multiple people.
I've had many bad experiences lately when more than one person is on the
call.

-Dieu

On Mon, Jan 23, 2017 at 1:42 PM, Michael Maximilien <maxim(a)us.ibm.com>
wrote:

fyi...

Join me on 30 January 2017 @ 11a PDT for our monthly recurring meeting.

Online meeting: https://appear.in/cf-extensions

Use the following link to add it to your calendar:

https://calendar.google.com/calendar/event?action=TEMPLATE&
tmeid=NWtjNzJja21hOGJpcmFtZmFxcnU5MGljOGdfMjAxNzAxMzBUMTkwMD
AwWiBtbWF4aW1pbGllbkBt&tmsrc=mmaximilien%40gmail.com

I plan to hold the meeting at Pivotal when I am there, so ping me on the
#cf-extensions slack channel if you want to participate live. All other
details are on the Google Calendar invite link. Talk soon.

Best,

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org


Re: FW: issue tracker permissions

Lisa Doan <ldoan@...>
 

Hi Guillaume,

We introduced a new feature to Enterprise accounts late last year that
allows Project Owners to set their Project Privacy to "Shared with my
company." If a project has this setting, anyone at the organization can
search for and join the project as a viewer.

All of the Cloud Foundry projects belong to an Enterprise account, so
anyone who is a member on those accounts will be able to find and join the
projects once the Project Owner updates the privacy setting. Project Owners
will still also be able to invite users to their projects.

Thanks,
Lisa

On Thu, Jan 26, 2017 at 1:59 PM, Guillaume Berche <bercheg(a)gmail.com> wrote:

Hi Lisa,

Thanks for sharing the progress on the "viewers can follow stories"
feature. Can you please detail whether this would still require CF
community members to request the tracker account owner to individually send
them an invite ?

If so, may be the CFF tracker account owner could set up something like a
google form to easily receive invitation requets and track their completion
?

Thanks in advance,

Guillaume.

On Thu, Sep 29, 2016 at 10:12 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:
Thanks Lisa for considering this extra feature to avoid the per-project
invite. I understand an explicit action would still be requested to become
a member of the account owning the CFF projects, for any one willing to
follow, or add projects to workspaces.

The CF community is quite large, so it's possible hundreds of people will
request this. That's be great to have a "request to join owner account"
button, as to avoid wasting time through email requests to the project
owner.

In the meantime until the community gets these self-service accesses, I'll
try maintaining the trackermirror up as a hacky workaround. Please let me
know if ever this causes troubles/inconveniences.

Regards,

Guillaume.

On Thu, Sep 29, 2016 at 9:41 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:
Hi Guillaume,

You need to be invited to be a viewer or member on projects before you can
add them to workspaces. In those screenshots, the only projects appearing
are ones that you are a member or viewer of. In order to have the CF public
projects appear there, you must be invited to the projects.

I understand that it would be burdensome to ask all of the project owners
to invite you to the relevant projects. We are currently working on a
feature that will allow any account member to self-join projects so that
this isn't as difficult. This would require you to become a member of the
account that owns the CF public projects, but once you are a member, you
could join any of the shared or public projects. We expect that to release
later this year (it is part of the body of work that is ahead of Viewers
can follow).

Thanks,
Lisa




Guillaume.

On Thu, Jan 5, 2017 at 11:40 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hello all,

Hope your new year has gotten off to a good start! Just wanted to give
you an update that the feature set to let Viewers follow stories is in
progress.

Thanks,
Lisa

On Thu, Dec 1, 2016 at 12:55 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



Thanks for the update. Further delays are quite unfortunate, and my
trust in that this feature will ever see the light of day is really low. As
we're celebrating now the 1 year anniversary of this feature request, I
took the liberty to mirror my backlog to trello:
https://trello.com/b/ZLikX21o/bosh-openstack-cpi



For now, this was more a proof-of-concept that it is feasible to
transfer everything in an automated way. Next year, I'll be starting to
actually work from there instead of tracker.



In case other people are interested in how to migrate: I created a fork
of the pivotal-to-trello exporter, which can deal with labels as well
https://github.com/voelzmo/pivotal-to-trello



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Wednesday, 30 November 2016 at 18:03

*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>
*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi Marco -- there is a chance we can start this by the end of the year.
It has taken us a little while longer than expected to complete the
features that were ahead of it, but they should be releasing in the next
few weeks, and we then can start to focus on Viewers being able to follow.
Due to the holidays and other year-end distractions, we probably won't
complete the entire feature set by end of year. But it is still very high
on our priority list as we know it is important to you and many of our
customers. My apologies for the delay.



Thanks,

Lisa



On Wed, Nov 30, 2016 at 6:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



How is the "viewers can follow stories" feature coming along? Today is
the last day of November, I haven't seen it in Tracker's release notes or
received any update from your side since the two mails below. Any chance
that we get that feature by the end of the year?



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Monday, 26 September 2016 at 18:26
*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>


*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.


Thanks,

Lisa



On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,



Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.



Thanks,

Lisa



On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before,
it is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few
weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/artic
les/about-notifications/#types-of-notifications> github feature to
track progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/artic
les/searching-github> to search Pivotal Tracker content (e.g. accross
multiple mirrored PT projects, or along with other github repositories
hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/artic
les/basic-writing-and-formatting-syntax/#mentioning-users-and-teams> to
contact github accounts associated with PT public projects contributors, in
the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>






Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are
just tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently
mandatory for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every
4 weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From
my point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback
concerning this feature to the tracker team – I haven't received any
reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it
or whatever is necessary to indicate that there is more than 1 person
wanting this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on
our tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to
watch nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console


















Re: FW: issue tracker permissions

Guillaume Berche
 

Hi Lisa,

Thanks for sharing the progress on the "viewers can follow stories"
feature. Can you please detail whether this would still require CF
community members to request the tracker account owner to individually send
them an invite ?

If so, may be the CFF tracker account owner could set up something like a
google form to easily receive invitation requets and track their completion
?

Thanks in advance,

Guillaume.

On Thu, Sep 29, 2016 at 10:12 PM, Guillaume Berche <bercheg(a)gmail.com>
wrote:
Thanks Lisa for considering this extra feature to avoid the per-project
invite. I understand an explicit action would still be requested to become
a member of the account owning the CFF projects, for any one willing to
follow, or add projects to workspaces.

The CF community is quite large, so it's possible hundreds of people will
request this. That's be great to have a "request to join owner account"
button, as to avoid wasting time through email requests to the project
owner.

In the meantime until the community gets these self-service accesses, I'll
try maintaining the trackermirror up as a hacky workaround. Please let me
know if ever this causes troubles/inconveniences.

Regards,

Guillaume.

On Thu, Sep 29, 2016 at 9:41 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:
Hi Guillaume,

You need to be invited to be a viewer or member on projects before you can
add them to workspaces. In those screenshots, the only projects appearing
are ones that you are a member or viewer of. In order to have the CF public
projects appear there, you must be invited to the projects.

I understand that it would be burdensome to ask all of the project owners
to invite you to the relevant projects. We are currently working on a
feature that will allow any account member to self-join projects so that
this isn't as difficult. This would require you to become a member of the
account that owns the CF public projects, but once you are a member, you
could join any of the shared or public projects. We expect that to release
later this year (it is part of the body of work that is ahead of Viewers
can follow).

Thanks,
Lisa




Guillaume.

On Thu, Jan 5, 2017 at 11:40 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hello all,

Hope your new year has gotten off to a good start! Just wanted to give you
an update that the feature set to let Viewers follow stories is in progress.

Thanks,
Lisa

On Thu, Dec 1, 2016 at 12:55 AM, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Lisa,



Thanks for the update. Further delays are quite unfortunate, and my trust
in that this feature will ever see the light of day is really low. As we're
celebrating now the 1 year anniversary of this feature request, I took the
liberty to mirror my backlog to trello: https://trello.com/b/ZLikX21o/
bosh-openstack-cpi



For now, this was more a proof-of-concept that it is feasible to transfer
everything in an automated way. Next year, I'll be starting to actually
work from there instead of tracker.



In case other people are interested in how to migrate: I created a fork
of the pivotal-to-trello exporter, which can deal with labels as well
https://github.com/voelzmo/pivotal-to-trello



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Wednesday, 30 November 2016 at 18:03

*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>
*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi Marco -- there is a chance we can start this by the end of the year.
It has taken us a little while longer than expected to complete the
features that were ahead of it, but they should be releasing in the next
few weeks, and we then can start to focus on Viewers being able to follow.
Due to the holidays and other year-end distractions, we probably won't
complete the entire feature set by end of year. But it is still very high
on our priority list as we know it is important to you and many of our
customers. My apologies for the delay.



Thanks,

Lisa



On Wed, Nov 30, 2016 at 6:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Lisa,



How is the "viewers can follow stories" feature coming along? Today is
the last day of November, I haven't seen it in Tracker's release notes or
received any update from your side since the two mails below. Any chance
that we get that feature by the end of the year?



Warm regards

Marco



*From: *Lisa Doan <ldoan(a)pivotal.io>
*Date: *Monday, 26 September 2016 at 18:26
*To: *"Voelz, Marco" <marco.voelz(a)sap.com>
*Cc: *Guillaume Berche <bercheg(a)gmail.com>, "Discussions about Cloud
Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>,
Dan Podsedly <dpodsedly(a)pivotal.io>, Chip Childers <
cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <cholick(a)gmail.com>


*Subject: *Re: [cf-dev] Re: FW: issue tracker permissions



Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.


Thanks,

Lisa



On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,



Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.



Thanks,

Lisa



On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before, it
is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/artic
les/about-notifications/#types-of-notifications> github feature to track
progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/artic
les/searching-github> to search Pivotal Tracker content (e.g. accross
multiple mirrored PT projects, or along with other github repositories
hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/artic
les/basic-writing-and-formatting-syntax/#mentioning-users-and-teams> to
contact github accounts associated with PT public projects contributors, in
the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>






Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are just
tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently mandatory
for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every
4 weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From my
point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback concerning
this feature to the tracker team – I haven't received any reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it or
whatever is necessary to indicate that there is more than 1 person wanting
this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on our
tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to watch
nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console


















Command Injection Vulnerability

Rasheed Abdul-Aziz
 

The Cloud Foundry Foundation and Pivotal Inc discovered an exploit for
remote command injection. It's long been fixed, however we realized that
many community projects still contain the exploit.

If you are responsible for any of the following repositories, please
consider patching them soon. The patch is described in the detailed report
<https://docs.google.com/document/d/1MOJPOR_fNjvhu2zcEvLm632Dmd2HGp71UCrSmyOHcFs/pub>

This exploit <http://pivotal.io/security/cve-2016-6655>exists in the
following projects. We've highlighted the affected lines

*docker-registry-boshrelease*
https://github.com/cloudfoundry-community/docker-registry-boshrelease/blob/
master/src/common/utils.sh#L4-L5

*stackdriver-tools*
https://github.com/cloudfoundry-community/stackdriver-tools/blob/master/
src/common/utils.sh#L3-L4

*hazelcast*
https://github.com/cloudfoundry-community/hazelcast/blob/master/
hazelcast-enterprise-for-pcf/release/src/common/utils.sh#L4-L5
https://github.com/cloudfoundry-community/hazelcast/blob/master/
hazelcast-for-pcf/release/src/common/utils.sh#L4-L5
https://github.com/cloudfoundry-community/hazelcast/blob/master/
hazelcast-mancenter-for-pcf/release/src/common/utils.sh#L4-L5

*gogs-boshrelease*
https://github.com/cloudfoundry-community/gogs-boshrelease/blob/master/src/
common/utils.sh#L4-L5

*bosh-softlayer-pool-server-release*
https://github.com/cloudfoundry-community/bosh-
softlayer-pool-server-release/blob/master/jobs/vps/
templates/pid_utils.sh.erb#L3-L4

Kind Regards,
Rasheed Abdul-Aziz And Zamir Johl
Pivotal Inc Security Triage Team.


Re: CF-extensions monthly recurring (last Monday) meeting - next on Monday 30, January 2017

Dieu Cao <dcao@...>
 

Hi Max,

I highly recommend not using appear.in for meetings with multiple people.
I've had many bad experiences lately when more than one person is on the
call.

-Dieu

On Mon, Jan 23, 2017 at 1:42 PM, Michael Maximilien <maxim(a)us.ibm.com>
wrote:

fyi...

Join me on 30 January 2017 @ 11a PDT for our monthly recurring meeting.

Online meeting: https://appear.in/cf-extensions

Use the following link to add it to your calendar:

https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=
NWtjNzJja21hOGJpcmFtZmFxcnU5MGljOGdfMjAxNzAxMzBUMTkwMDAwWiBt
bWF4aW1pbGllbkBt&tmsrc=mmaximilien%40gmail.com

I plan to hold the meeting at Pivotal when I am there, so ping me on the
#cf-extensions slack channel if you want to participate live. All other
details are on the Google Calendar invite link. Talk soon.

Best,

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org


Re: Routing for Isolation Segments

Guillaume Berche
 

Hi Shannon,

Thanks for the feedback solicitation on this feature, and for sharing the
inception summary material with the community.

In the case of Orange, the partitioned routing table is a must for running
IS in production. The Access control would be useful as to enhance the user
experience in the CLI, and reduce troubleshooting burden to CF operators,
but wouldn't account to the security ratings evaluated for onboarding
sensitive apps in CF. We see it important as well but of lower priority
than partitioned routing table.

One use case we have for IS is to have an IS for production internet facing
application, and one IS for intranet facing application.The partitioned
routing table protects intranet facing applications being exposed on the
internet in case of a faulty load balancer configuration.

I added also some misc comments to the inception summary slides.

Besides, I did not see mention in the summary material of the access
control to NATS or routing API per isolation segment, as to account for the
discussed compromise scenario [1] below. This is likely to be a must for
our organization to be able to leverage isolation segments: CVE-2016-6655
[2] makes some people in our organization judge that such vulnerabilities
make the compromise scenario below realistic and too risky for some of our
applications that would have liked to benefit a CF instance leveraging IS.

Compromise scenario: the compromise of an IS1 could allow an attacker to
compromise another IS2 through the shared control plane (NATS or routing
API in this case). Potentially exploitable compromise across IS could be
(in the case of the shared routing control plane) to alter another IS
routing table resulting in:
- denial of service (unregistering all routes into another IS),
- routing traffic to a malicious route service, being therefore able to
sniff all traffic from another IS.

I wonder whether there is still a 2nd phase plan to address this compromise
scenario and if so, if you could share some details.

Thanks again,

Guillaume.

[1]
https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?disco=AAAAA4X5De0
[2]
http://cf-dev.70369.x6.nabble.com/cf-dev-CVE-2016-6655-Utility-script-command-injection-tt5922.html#a5961

On Wed, Jan 25, 2017 at 3:12 AM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Got it, so what I said before hold. We view access control as a must and
partitioned routing table a nice to have.

Thanks,
Mike

On Tue, Jan 24, 2017 at 6:36 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Hi Mike,

Thank you for the feedback.

Without access control for domains, a developer could map route
foo.example.com (for which the LB will route requests only to the router
group for IS-1) to an app in a space associated with IS-2.

If the routing table is not partitioned, both router groups will have the
route in their routing tables. If the LB is correctly configured, it will
route requests for foo.example.com only to the router group for IS-1.
The routers will attempt to route the request. Assuming the firewalls are
configured correctly, the routers will return a 502.

If the routing table is partitioned, only the router group for IS-2 will
have the route in its routing table. If the LB is correctly configured, it
will route requests for foo.example.com only to the router group for
IS-1. The routers will reject the request immediately, returning a 404.

Either way, the developer is set up for failure.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jan 24, 2017 at 9:05 AM, Mike Youngstrom <youngm(a)gmail.com>
wrote:

Question, Just want to make sure I'm following you. In your Access
Control example you mention that without access control a developer would
be able to create a route to foo.example.com in a space associated with
IS-2, but, that "route will fail". Is this example assuming that the
"Partitioning the Routing Table" feature was implemented, a properly
configured firewalls, or would the route fail for some other reason?

I think for our use cases we only require Access Control. We are
capable of configuring our firewalls and such correctly. :) Partitioned
routing tables would be nice too but I think a lower priority.

Mike

On Mon, Jan 23, 2017 at 6:24 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Last week the CF Routing team incepted on enhancements for dedicated
deployments of the CF routers for isolation segments.

- Original proposal
<https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing>
- Summary
<https://docs.google.com/presentation/d/1D4aguVXHtTGdhFPAqAC1exZd0Nrh2o4VO3PR4kmHvq4/edit?usp=sharing>


For those of you who are looking forward to leveraging isolation
segments for your use cases, we'd like to know whether you would be
inclined to use dedicated routing tiers for isolation groups in production
without the proposed enhancements below, or whether you would require
either/both of the enhancements we have in mind.

*Current Support*

With compute-only isolation, an application can be deployed to an
isolated pool of Diego Cells. On its own, this design will rely on a shared
routing tier with access to all isolation segments. This requires an
operator to carefully configure their load balancer and firewall rules to
prevent an attacker using a spoofed Host header to reach an application
that shouldn't be publicly routable.

An operator can currently deploy dedicated deployments of routers for
an isolation segment but the routing table will be shared among them.
Should a misconfigured load balancer forward a request to routers for an
app on another isolation segment, the routers will attempt to route the
request. If the firewall is correctly configured, the router will return a
502. If the firewall is misconfigured, a private app may be publicly
accessible.

*Proposed Enhancement: Partitioning the Routing Table*

By partitioning the routing table, routers dedicated to a isolation
segment will only route requests for apps in an associated isolation
segment; if a load balancer were misconfigured, and a request for an app in
another isolation segment were forwarded to the routers, a 404 would be
returned.

*Proposed Enhancement: **Access Control*

An org may have multiple domains and multiple isolation segments. A
space is associated with only one isolation segment.

Example: if the operator has configured their LB to point *.
foo.example.com at routers for isolation segment IS-1 and *.
bar.example.com at routers for isolation segment IS-2, there's nothing
preventing an app developer from creating a route from domain
foo.example.com in a space associated with IS-2. Requests to the route
will fail and the developer would not know why. To prevent this, we'll
enable API clients to filter domains by targeted space, so that a developer
only sees domains from which they can create working routes.

*Your Feedback*

Please let us know if you would require either of these enhancements
for routing to isolation segments in your production environments.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.




[it-infrastructure-alerts] Thursday, January 25th, 6PM PT Mailman 3 Upgrade

Chip Childers <cchilders@...>
 

FYI Lists will blip

---------- Forwarded message ---------
From: Jordan Evans <jevans(a)linuxfoundation.org>
Date: Wed, Jan 25, 2017 at 4:45 PM
Subject: [it-infrastructure-alerts] Thursday, January 25th, 6PM PT Mailman
3 Upgrade
To: IT Infrastructure Alerts <it-infrastructure-alerts(a)linuxfoundation.org>


What: Core IT's Mailman 3 web interface will be brought down for a
minor upgrade. Expected downtime is 10 minutes.
Two further emails will be sent when the maintenance begins and when
it is complete.

When: 6:00 PM PT, January 25th 2017

Affected:

lists.cloudfoundry.org
lists.zephyrproject.org
lists.odpi.org

All mailman 2 hosts are unaffected by this.

--
You received this message because you are subscribed to the Google Groups
"IT Infrastructure Alerts" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to it-infrastructure-alerts+unsubscribe(a)linuxfoundation.org.

--
You received this message because you are subscribed to the Google Groups
"Foundation Staff" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foundation-staff+unsubscribe(a)cloudfoundry.org.
To post to this group, send email to foundation-staff(a)cloudfoundry.org.
To view this discussion on the web visit
https://groups.google.com/a/cloudfoundry.org/d/msgid/foundation-staff/CAJSkqOyrgf3t1nYn0MxRpsnBD5eMTDn-dcrqFbbKtAhQmB17ZA%40mail.gmail.com
.
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815


Re: Incubation proposal: Abacus Service Broker

Hristo Iliev
 

Thanks Max.

Using the opportunity to remind of the Abacus Broker inception on January
31st @ 10a PST

Use the following link to add it to your calendar:
https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=
dDJwNmg5Z3ViN2NpOGozdGxoZ3Y0b3ZpamMgaHNpbGlldkBt&tmsrc=hsiliev%40gmail.com

All connection details are on the Google Calendar invite link.

Regards,
Hristo Iliev


2017-01-21 0:15 GMT+02:00 Michael Maximilien <mmaximilien(a)gmail.com>:

Hi,

As discussed today, I will be happy to help you run the inception.

If anyone else (with more experience) was interested in helping, please
ping me and Hristo.

See you all (virtually) online on the 31st.

Best,

Max

On Mon, Nov 28, 2016 at 1:29 PM, Michael Maximilien <mmaximilien(a)gmail.com
wrote:
Hi, all,

Thanks to SAP and Hristo for moving this forward.

Since I don't see any questions nor comments on this proposal, other than
mine. As such, I propose to include this into the CF-Extensions PMC.

Next step is to do an inception and start the project.

Hristo, happy to help you. Please let's connect offline or during
CF-Abacus weekly meetings von Friday. You can then announce details here
afterwards.

Welcome. Best,

Max

On Wed, Nov 16, 2016 at 3:51 PM, Michael Maximilien <
mmaximilien(a)gmail.com> wrote:

Thank you Hirsto and SAP for submitting this proposal. A nice extension
for CF.

Made some minor editorial changes but overall proposal looks great.
Looking forward to see feedback (if any) from community.

Best,

Max

On Tue, Nov 15, 2016 at 8:03 AM, Iliev, Hristo <hristo.iliev(a)sap.com>
wrote:

Hello,

I would like to propose to the Extensions PMC a new incubation project
around Abacus.

Project name: Abacus Service Broker
Project proposal: https://docs.google.com/docume
nt/d/1zGYi0jGRX9kodn8WR8OHn6CSjo3BTorfuza121aIeuU/edit?usp=sharing
Proposed Project Lead: Hristo Iliev (SAP)
Proposed Scope: See the "Goals" and "Non-goals" sections in the
proposal
Development Operating Model: Distributed Committer Model
Technical Approach: Refer to "Programming language" and "Deliverables"
in the proposal
Initial team committed: 3 engineers from SAP

I look forward to any questions or comments.

Regards,
Hristo Iliev, SAP




--
max
http://maximilien.org
http://blog.maximilien.com


--
max
http://maximilien.org
http://blog.maximilien.com


--
max
http://maximilien.org
http://blog.maximilien.com


Re: Routing for Isolation Segments

Mike Youngstrom
 

Got it, so what I said before hold. We view access control as a must and
partitioned routing table a nice to have.

Thanks,
Mike

On Tue, Jan 24, 2017 at 6:36 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Hi Mike,

Thank you for the feedback.

Without access control for domains, a developer could map route
foo.example.com (for which the LB will route requests only to the router
group for IS-1) to an app in a space associated with IS-2.

If the routing table is not partitioned, both router groups will have the
route in their routing tables. If the LB is correctly configured, it will
route requests for foo.example.com only to the router group for IS-1. The
routers will attempt to route the request. Assuming the firewalls are
configured correctly, the routers will return a 502.

If the routing table is partitioned, only the router group for IS-2 will
have the route in its routing table. If the LB is correctly configured, it
will route requests for foo.example.com only to the router group for
IS-1. The routers will reject the request immediately, returning a 404.

Either way, the developer is set up for failure.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jan 24, 2017 at 9:05 AM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Question, Just want to make sure I'm following you. In your Access
Control example you mention that without access control a developer would
be able to create a route to foo.example.com in a space associated with
IS-2, but, that "route will fail". Is this example assuming that the
"Partitioning the Routing Table" feature was implemented, a properly
configured firewalls, or would the route fail for some other reason?

I think for our use cases we only require Access Control. We are capable
of configuring our firewalls and such correctly. :) Partitioned routing
tables would be nice too but I think a lower priority.

Mike

On Mon, Jan 23, 2017 at 6:24 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Last week the CF Routing team incepted on enhancements for dedicated
deployments of the CF routers for isolation segments.

- Original proposal
<https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing>
- Summary
<https://docs.google.com/presentation/d/1D4aguVXHtTGdhFPAqAC1exZd0Nrh2o4VO3PR4kmHvq4/edit?usp=sharing>


For those of you who are looking forward to leveraging isolation
segments for your use cases, we'd like to know whether you would be
inclined to use dedicated routing tiers for isolation groups in production
without the proposed enhancements below, or whether you would require
either/both of the enhancements we have in mind.

*Current Support*

With compute-only isolation, an application can be deployed to an
isolated pool of Diego Cells. On its own, this design will rely on a shared
routing tier with access to all isolation segments. This requires an
operator to carefully configure their load balancer and firewall rules to
prevent an attacker using a spoofed Host header to reach an application
that shouldn't be publicly routable.

An operator can currently deploy dedicated deployments of routers for an
isolation segment but the routing table will be shared among them. Should a
misconfigured load balancer forward a request to routers for an app on
another isolation segment, the routers will attempt to route the request.
If the firewall is correctly configured, the router will return a 502. If
the firewall is misconfigured, a private app may be publicly accessible.

*Proposed Enhancement: Partitioning the Routing Table*

By partitioning the routing table, routers dedicated to a isolation
segment will only route requests for apps in an associated isolation
segment; if a load balancer were misconfigured, and a request for an app in
another isolation segment were forwarded to the routers, a 404 would be
returned.

*Proposed Enhancement: **Access Control*

An org may have multiple domains and multiple isolation segments. A
space is associated with only one isolation segment.

Example: if the operator has configured their LB to point *.
foo.example.com at routers for isolation segment IS-1 and *.
bar.example.com at routers for isolation segment IS-2, there's nothing
preventing an app developer from creating a route from domain
foo.example.com in a space associated with IS-2. Requests to the route
will fail and the developer would not know why. To prevent this, we'll
enable API clients to filter domains by targeted space, so that a developer
only sees domains from which they can create working routes.

*Your Feedback*

Please let us know if you would require either of these enhancements for
routing to isolation segments in your production environments.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.




Re: Routing for Isolation Segments

Shannon Coen
 

Hi Mike,

Thank you for the feedback.

Without access control for domains, a developer could map route
foo.example.com (for which the LB will route requests only to the router
group for IS-1) to an app in a space associated with IS-2.

If the routing table is not partitioned, both router groups will have the
route in their routing tables. If the LB is correctly configured, it will
route requests for foo.example.com only to the router group for IS-1. The
routers will attempt to route the request. Assuming the firewalls are
configured correctly, the routers will return a 502.

If the routing table is partitioned, only the router group for IS-2 will
have the route in its routing table. If the LB is correctly configured, it
will route requests for foo.example.com only to the router group for IS-1.
The routers will reject the request immediately, returning a 404.

Either way, the developer is set up for failure.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jan 24, 2017 at 9:05 AM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Question, Just want to make sure I'm following you. In your Access Control
example you mention that without access control a developer would be able
to create a route to foo.example.com in a space associated with IS-2,
but, that "route will fail". Is this example assuming that the
"Partitioning the Routing Table" feature was implemented, a properly
configured firewalls, or would the route fail for some other reason?

I think for our use cases we only require Access Control. We are capable
of configuring our firewalls and such correctly. :) Partitioned routing
tables would be nice too but I think a lower priority.

Mike

On Mon, Jan 23, 2017 at 6:24 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Last week the CF Routing team incepted on enhancements for dedicated
deployments of the CF routers for isolation segments.

- Original proposal
<https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing>
- Summary
<https://docs.google.com/presentation/d/1D4aguVXHtTGdhFPAqAC1exZd0Nrh2o4VO3PR4kmHvq4/edit?usp=sharing>


For those of you who are looking forward to leveraging isolation segments
for your use cases, we'd like to know whether you would be inclined to use
dedicated routing tiers for isolation groups in production without the
proposed enhancements below, or whether you would require either/both of
the enhancements we have in mind.

*Current Support*

With compute-only isolation, an application can be deployed to an
isolated pool of Diego Cells. On its own, this design will rely on a shared
routing tier with access to all isolation segments. This requires an
operator to carefully configure their load balancer and firewall rules to
prevent an attacker using a spoofed Host header to reach an application
that shouldn't be publicly routable.

An operator can currently deploy dedicated deployments of routers for an
isolation segment but the routing table will be shared among them. Should a
misconfigured load balancer forward a request to routers for an app on
another isolation segment, the routers will attempt to route the request.
If the firewall is correctly configured, the router will return a 502. If
the firewall is misconfigured, a private app may be publicly accessible.

*Proposed Enhancement: Partitioning the Routing Table*

By partitioning the routing table, routers dedicated to a isolation
segment will only route requests for apps in an associated isolation
segment; if a load balancer were misconfigured, and a request for an app in
another isolation segment were forwarded to the routers, a 404 would be
returned.

*Proposed Enhancement: **Access Control*

An org may have multiple domains and multiple isolation segments. A space
is associated with only one isolation segment.

Example: if the operator has configured their LB to point *.
foo.example.com at routers for isolation segment IS-1 and *.
bar.example.com at routers for isolation segment IS-2, there's nothing
preventing an app developer from creating a route from domain
foo.example.com in a space associated with IS-2. Requests to the route
will fail and the developer would not know why. To prevent this, we'll
enable API clients to filter domains by targeted space, so that a developer
only sees domains from which they can create working routes.

*Your Feedback*

Please let us know if you would require either of these enhancements for
routing to isolation segments in your production environments.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.




Re: Pending Proposals for CF-Extensions for 2017

Michael Maximilien
 

Thanks. Updated. Best,

max

On Mon, Jan 23, 2017 at 8:28 PM, Takahito SEYAMA <t.seyama20(a)gmail.com>
wrote:

Hi Michael,

Thank you for adding "Private Stacks" to the list.

I'm sorry I haven't told you about my affiliation.
Please fix it to "owner company: NTT Communications" .

Regards,

NTT Communications
t.seyama


2017-01-21 7:54 GMT+09:00 Michael Maximilien <maxim(a)us.ibm.com>:

Hi, all,

I am trying to get a handle on all pending proposals to CF-Extensions as
well as anything proposed to CF that is now orphaned or would like to be
considered in the CF-Extensions PMC. I have a list [1], however, I am sure
it is not complete.

Please, if you have a proposal pending fitting above and it's not listed
please add it or respond here or to me directly so I add and start tracking.

Thanks,

[1] https://docs.google.com/document/d/1aKmxFdGC4GnXBIZMx0qd
IawHrEIRSjBOzB-spoPlbM8/edit?usp=sharing

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org


--
max
http://maximilien.org
http://blog.maximilien.com


Re: Routing for Isolation Segments

Mike Youngstrom
 

Question, Just want to make sure I'm following you. In your Access Control
example you mention that without access control a developer would be able
to create a route to foo.example.com in a space associated with IS-2, but,
that "route will fail". Is this example assuming that the "Partitioning
the Routing Table" feature was implemented, a properly configured
firewalls, or would the route fail for some other reason?

I think for our use cases we only require Access Control. We are capable
of configuring our firewalls and such correctly. :) Partitioned routing
tables would be nice too but I think a lower priority.

Mike

On Mon, Jan 23, 2017 at 6:24 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

Last week the CF Routing team incepted on enhancements for dedicated
deployments of the CF routers for isolation segments.

- Original proposal
<https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing>
- Summary
<https://docs.google.com/presentation/d/1D4aguVXHtTGdhFPAqAC1exZd0Nrh2o4VO3PR4kmHvq4/edit?usp=sharing>


For those of you who are looking forward to leveraging isolation segments
for your use cases, we'd like to know whether you would be inclined to use
dedicated routing tiers for isolation groups in production without the
proposed enhancements below, or whether you would require either/both of
the enhancements we have in mind.

*Current Support*

With compute-only isolation, an application can be deployed to an isolated
pool of Diego Cells. On its own, this design will rely on a shared routing
tier with access to all isolation segments. This requires an operator to
carefully configure their load balancer and firewall rules to prevent an
attacker using a spoofed Host header to reach an application that shouldn't
be publicly routable.

An operator can currently deploy dedicated deployments of routers for an
isolation segment but the routing table will be shared among them. Should a
misconfigured load balancer forward a request to routers for an app on
another isolation segment, the routers will attempt to route the request.
If the firewall is correctly configured, the router will return a 502. If
the firewall is misconfigured, a private app may be publicly accessible.

*Proposed Enhancement: Partitioning the Routing Table*

By partitioning the routing table, routers dedicated to a isolation
segment will only route requests for apps in an associated isolation
segment; if a load balancer were misconfigured, and a request for an app in
another isolation segment were forwarded to the routers, a 404 would be
returned.

*Proposed Enhancement: **Access Control*

An org may have multiple domains and multiple isolation segments. A space
is associated with only one isolation segment.

Example: if the operator has configured their LB to point *.
foo.example.com at routers for isolation segment IS-1 and *.
bar.example.com at routers for isolation segment IS-2, there's nothing
preventing an app developer from creating a route from domain
foo.example.com in a space associated with IS-2. Requests to the route
will fail and the developer would not know why. To prevent this, we'll
enable API clients to filter domains by targeted space, so that a developer
only sees domains from which they can create working routes.

*Your Feedback*

Please let us know if you would require either of these enhancements for
routing to isolation segments in your production environments.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.




Re: Pending Proposals for CF-Extensions for 2017

Takahito SEYAMA
 

Hi Michael,

Thank you for adding "Private Stacks" to the list.

I'm sorry I haven't told you about my affiliation.
Please fix it to "owner company: NTT Communications" .

Regards,

NTT Communications
t.seyama


2017-01-21 7:54 GMT+09:00 Michael Maximilien <maxim(a)us.ibm.com>:

Hi, all,

I am trying to get a handle on all pending proposals to CF-Extensions as
well as anything proposed to CF that is now orphaned or would like to be
considered in the CF-Extensions PMC. I have a list [1], however, I am sure
it is not complete.

Please, if you have a proposal pending fitting above and it's not listed
please add it or respond here or to me directly so I add and start tracking.

Thanks,

[1] https://docs.google.com/document/d/1aKmxFdGC4GnXBIZMx0qdIawHrEIRS
jBOzB-spoPlbM8/edit?usp=sharing

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org


Routing for Isolation Segments

Shannon Coen
 

Last week the CF Routing team incepted on enhancements for dedicated
deployments of the CF routers for isolation segments.

- Original proposal
<https://docs.google.com/document/d/1FFW8YwKeBK1DuSXFHH_wxGpSZpOpkPN5yOUB-03whsI/edit?usp=sharing>
- Summary
<https://docs.google.com/presentation/d/1D4aguVXHtTGdhFPAqAC1exZd0Nrh2o4VO3PR4kmHvq4/edit?usp=sharing>


For those of you who are looking forward to leveraging isolation segments
for your use cases, we'd like to know whether you would be inclined to use
dedicated routing tiers for isolation groups in production without the
proposed enhancements below, or whether you would require either/both of
the enhancements we have in mind.

*Current Support*

With compute-only isolation, an application can be deployed to an isolated
pool of Diego Cells. On its own, this design will rely on a shared routing
tier with access to all isolation segments. This requires an operator to
carefully configure their load balancer and firewall rules to prevent an
attacker using a spoofed Host header to reach an application that shouldn't
be publicly routable.

An operator can currently deploy dedicated deployments of routers for an
isolation segment but the routing table will be shared among them. Should a
misconfigured load balancer forward a request to routers for an app on
another isolation segment, the routers will attempt to route the request.
If the firewall is correctly configured, the router will return a 502. If
the firewall is misconfigured, a private app may be publicly accessible.

*Proposed Enhancement: Partitioning the Routing Table*

By partitioning the routing table, routers dedicated to a isolation segment
will only route requests for apps in an associated isolation segment; if a
load balancer were misconfigured, and a request for an app in another
isolation segment were forwarded to the routers, a 404 would be returned.

*Proposed Enhancement: **Access Control*

An org may have multiple domains and multiple isolation segments. A space
is associated with only one isolation segment.

Example: if the operator has configured their LB to point *.foo.example.com
at routers for isolation segment IS-1 and *.bar.example.com at routers for
isolation segment IS-2, there's nothing preventing an app developer from
creating a route from domain foo.example.com in a space associated with
IS-2. Requests to the route will fail and the developer would not know why.
To prevent this, we'll enable API clients to filter domains by targeted
space, so that a developer only sees domains from which they can create
working routes.

*Your Feedback*

Please let us know if you would require either of these enhancements for
routing to isolation segments in your production environments.

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

3081 - 3100 of 9421