Thursday, 2020-08-13

« Wednesday, 2020-08-12 Index Friday, 2020-08-14 »
*** yamamoto has joined #openstack-meeting00:00
*** hongbin has quit IRC00:04
*** yamamoto has quit IRC00:05
*** hongbin has joined #openstack-meeting00:05
*** gyee has quit IRC00:21
*** mlavalle has quit IRC00:30
*** hongbin has quit IRC00:41
*** hongbin has joined #openstack-meeting01:06
*** rcernin has quit IRC01:11
*** rcernin has joined #openstack-meeting01:11
*** Liang__ has joined #openstack-meeting01:23
*** yamamoto has joined #openstack-meeting01:52
*** hyunsikyang__ has quit IRC02:27
*** hyunsikyang has joined #openstack-meeting02:27
*** lbragstad has quit IRC02:32
*** ykatabam has quit IRC02:59
*** Liang__ has quit IRC03:01
*** ykatabam has joined #openstack-meeting03:02
*** rcernin has quit IRC03:06
*** armax has quit IRC03:08
*** Liang__ has joined #openstack-meeting03:14
*** psachin has joined #openstack-meeting03:31
*** ayoung has quit IRC03:48
*** ayoung has joined #openstack-meeting03:48
*** rcernin has joined #openstack-meeting03:52
*** psahoo has joined #openstack-meeting03:52
*** ayoung has quit IRC03:53
*** ayoung has joined #openstack-meeting03:56
*** Liang__ has quit IRC04:02
*** ricolin has joined #openstack-meeting04:04
*** eharney has quit IRC04:05
*** Liang__ has joined #openstack-meeting04:05
*** manpreet has joined #openstack-meeting04:16
*** eharney has joined #openstack-meeting04:24
*** hongbin has quit IRC04:26
*** vishalmanchanda has joined #openstack-meeting04:32
*** evrardjp has joined #openstack-meeting04:33
*** Liang__ has quit IRC04:34
*** yamamoto has quit IRC04:36
*** yamamoto has joined #openstack-meeting04:39
*** masahito has joined #openstack-meeting05:06
*** sridharg has joined #openstack-meeting05:10
*** masahito has quit IRC05:24
*** masahito has joined #openstack-meeting05:38
*** apetrich has joined #openstack-meeting05:42
*** e0ne has joined #openstack-meeting06:19
*** e0ne has quit IRC06:20
*** markvoelker has joined #openstack-meeting06:45
*** slaweq has joined #openstack-meeting06:46
*** Liang__ has joined #openstack-meeting06:46
*** psahoo has quit IRC06:48
*** markvoelker has quit IRC06:49
*** maciejjozefczyk has joined #openstack-meeting06:57
*** moguimar has joined #openstack-meeting06:59
*** bbowen has quit IRC06:59
*** Liang__ has quit IRC07:23
*** Liang__ has joined #openstack-meeting07:24
*** psahoo has joined #openstack-meeting07:26
*** e0ne has joined #openstack-meeting07:35
*** markvoelker has joined #openstack-meeting07:35
*** markvoelker has quit IRC07:39
*** tosky has joined #openstack-meeting07:42
*** markvoelker has joined #openstack-meeting07:50
*** markvoelker has quit IRC07:51
*** TusharTgite has joined #openstack-meeting07:52
*** Lucas_Gray has joined #openstack-meeting08:01
*** ykatabam has quit IRC08:11
*** Wryhder has joined #openstack-meeting08:14
*** maciejjozefczyk_ has joined #openstack-meeting08:14
*** maciejjozefczyk has quit IRC08:15
*** maciejjozefczyk has joined #openstack-meeting08:15
*** Lucas_Gray has quit IRC08:15
*** Wryhder is now known as Lucas_Gray08:15
*** masahito has quit IRC08:19
*** maciejjozefczyk_ has quit IRC08:19
*** belmoreira has joined #openstack-meeting08:30
*** rcernin has quit IRC09:05
*** Lucas_Gray has quit IRC09:22
*** Liang__ has quit IRC09:24
*** Lucas_Gray has joined #openstack-meeting09:30
*** Lucas_Gray has quit IRC09:48
*** Wryhder has joined #openstack-meeting09:48
*** Wryhder is now known as Lucas_Gray09:49
*** moguimar has quit IRC09:54
*** moguimar has joined #openstack-meeting09:54
*** moguimar has joined #openstack-meeting09:56
*** moguimar has joined #openstack-meeting09:56
*** rcernin has joined #openstack-meeting09:58
*** bbowen has joined #openstack-meeting10:07
*** e0ne has quit IRC10:14
*** e0ne has joined #openstack-meeting10:15
*** jmasud has quit IRC10:31
*** jmasud has joined #openstack-meeting10:33
*** rcernin has quit IRC10:40
*** rcernin has joined #openstack-meeting10:47
*** rcernin has quit IRC11:00
*** yamamoto has quit IRC11:01
*** carloss has joined #openstack-meeting11:08
*** apetrich has quit IRC11:11
*** apetrich has joined #openstack-meeting11:23
*** yamamoto has joined #openstack-meeting11:23
*** TusharTgite has quit IRC11:26
*** yamamoto has quit IRC11:29
*** raildo has joined #openstack-meeting11:49
*** rh-jelabarre has joined #openstack-meeting11:55
*** rh-jelabarre has quit IRC11:55
*** rh-jelabarre has joined #openstack-meeting11:56
*** yamamoto has joined #openstack-meeting12:03
*** rfolco has joined #openstack-meeting12:05
*** yamamoto has quit IRC12:11
*** ayoung has quit IRC12:33
*** ayoung has joined #openstack-meeting12:45
*** TrevorV has joined #openstack-meeting12:57
*** dklyle has quit IRC13:07
*** ociuhandu has quit IRC13:09
*** lbragstad has joined #openstack-meeting13:13
*** ociuhandu has joined #openstack-meeting13:24
*** ociuhandu has quit IRC13:29
*** rosmaita has joined #openstack-meeting13:57
*** Steap has joined #openstack-meeting14:01
abhishekk#startmeeting glance14:01
openstackMeeting started Thu Aug 13 14:01:45 2020 UTC and is due to finish in 60 minutes.  The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: glance)"14:01
openstackThe meeting name has been set to 'glance'14:01
abhishekk#topic roll call14:01
*** openstack changes topic to "roll call (Meeting topic: glance)"14:01
dansmitho/14:01
abhishekk#link https://etherpad.openstack.org/p/glance-team-meeting-agenda14:01
abhishekko/14:02
*** ociuhandu has joined #openstack-meeting14:02
Steapo/14:02
jokkeo/14:02
abhishekklets wait couple of minutes for others14:02
abhishekklets start, others will join soon14:03
abhishekk#topic Updates14:03
*** openstack changes topic to "Updates (Meeting topic: glance)"14:03
*** alistarle has joined #openstack-meeting14:03
abhishekkDate for next PTG are out14:04
abhishekkit will be held after one week of W summit14:04
abhishekkbetween October 26th to October 30th, 202014:04
abhishekkregistrations are open for PTG and summit and as it is virtual it is free14:05
abhishekkSummit registration - https://openinfrasummit2020.eventbrite.com14:05
abhishekkPTG registration - https://october2020ptg.eventbrite.com14:05
abhishekkmoving ahead14:05
abhishekk#topic release/periodic job updtes14:05
*** openstack changes topic to "release/periodic job updtes (Meeting topic: glance)"14:05
abhishekkthis is a release week for us14:05
rosmaitao/14:06
abhishekkwe have released python-glanceclient for master and stable/ussuri14:06
abhishekkwe have also released stable/train and stable/ussuri for glance with some important bug fixes14:06
abhishekkglance_store 2.2.0 release patch is in review14:06
abhishekk#link  https://review.opendev.org/74579614:07
patchbotpatch 745796 - releases - Release glance_store 2.2.0 - 1 patch set14:07
abhishekksmcginnis, ^^14:07
*** alistarle has quit IRC14:07
abhishekkWe are approaching towards V3 milestones, which is just 4 weeks away14:07
abhishekkand for non-client release we have 3 weeks14:08
jokkeAlso note, there was some issue in the announce-release job but the release of 3.2.1 itself went through just mail of it wasn't sent out14:08
abhishekkjokke, ++, thank you14:08
jokkethat's for python-glanceclint14:08
abhishekkglance sparse image upload, cinder multiple stores support we are expecting this to be completed on time14:09
*** alistarle has joined #openstack-meeting14:09
abhishekkFor glanceclient we don't have any major addition this time, so we are good on that front14:09
abhishekkAlso for glance apart from cinder multiple stores support related changes and few bug fixes we are going to shift most of the work to next cycle14:10
jokkeAnd I think the final client release is later anyways if we need to get something released from the work that is still to be done14:10
abhishekkPeriodic job, mostly yellow due to requirement constrainsts issue, couple of failures due to timeout and flaky test copy_image_revert_lifecycle14:10
abhishekkjokke, agree14:10
abhishekkdansmith, has found out the cause of timeout issue we were hitting and submitted one patch to reduce its possibility14:11
dansmithwell, that patch should prevent it always,14:12
abhishekkcool14:12
dansmithbut it just fixes a bug that causes us to deadlock, not the actual problem14:12
dansmithdebugging of the real issue here: https://bugs.launchpad.net/glance/+bug/189119014:12
openstackLaunchpad bug 1891190 in Glance "test_reload() functional test causes hang and jobs TIMED_OUT" [Undecided,New]14:12
dansmithbut not to the bottom of it yet14:12
jokkeSo I'm not exactly sure how that is the case (I assume we're talking about the bug 1891352)14:13
openstackbug 1891352 in Glance "Failed import of one store will remain in progress forever if all_stores_must_succeed=True" [Undecided,In progress] https://launchpad.net/bugs/189135214:13
abhishekkok, thank you for debugging it14:13
dansmithjokke: that's why I wrote the functional reproducer, so it's clear14:13
dansmith(for 1891352)14:13
jokkedansmith: oh sorry ... actually looking at the code I do see why that is happening ... I read that condition wrong way around14:15
abhishekkthe scenario here is when all_stores_must_succeed is True and import failed to one of the store then that store was never added to failed list, and the test which I have written for it sometimes proceed before removing the location of previously imported stores14:15
jokkefor some reason my brain flipped that boolean around when reading the bug14:16
abhishekk:D, it happened with me as well14:16
abhishekkOk, moving ahead14:17
abhishekk#topic Work moved to next cycle14:17
jokkeI was wondering "What in earth fails the task when we're catching all exceptions" ;)14:17
*** openstack changes topic to "Work moved to next cycle (Meeting topic: glance)"14:17
abhishekkWe are moving most of the work to next cycle due to time crunch and ferry of bug fixes occurred this cycle14:18
abhishekkBelow is the list, which we will shift to next cycle14:18
abhishekkImage encryption - Will wait one more week to here from Luzi14:18
abhishekkOptimize Ceph store network usage - https://review.opendev.org/#/c/740980/14:18
abhishekkUpdate proposal for duplication image download - https://review.opendev.org/73468314:18
abhishekkCache API - https://review.opendev.org/#/c/66525814:18
abhishekkCluster awareness -14:18
patchbotpatch 740980 - glance-specs - Optimize Ceph store network usage - 2 patch sets14:18
abhishekkRemove single store configuration14:18
patchbotpatch 734683 - glance-specs - Update proposal for duplication image download - 3 patch sets14:18
patchbotpatch 665258 - glance-specs - Spec for Glance cache API - 4 patch sets14:18
abhishekkAny suggestion/objection?14:19
*** ociuhandu_ has joined #openstack-meeting14:19
abhishekkalistarle, would you like to share the progress of sparse image upload?14:20
alistarleSure14:20
jokkeabhishekk: taken the sparse image upload is available, I'll see what I can do about some of the rbd things next week. Don't pull trigger on that just yet14:21
abhishekkjokke, ack14:21
alistarleWe decided to split the two optimization in two commit, first the write optim, which is quite easy, and then the second one, more difficult because it touch some old glance code14:21
*** ociuhandu has quit IRC14:22
abhishekkalistarle, sounds good, but we should expect it in this cycle, right?14:22
alistarleI will submit the first commit this week, it is fully functionnal and tested in production14:22
alistarlesure14:22
jokkealistarle: that sounds like a good approach at this point of the cycle14:22
abhishekk++14:23
abhishekkand please let us know if you need any help in understanding glance code14:23
abhishekkthank you alistarle for updates14:24
abhishekkmoving to next topic14:24
*** andrebeltrami has joined #openstack-meeting14:24
abhishekk#topic doc updates in python-glanceclient14:25
*** openstack changes topic to "doc updates in python-glanceclient (Meeting topic: glance)"14:25
abhishekkpython-glanceclient still shows create-image-via-import as experimental14:25
abhishekkhttps://docs.openstack.org/python-glanceclient/latest/cli/details.html#glance-image-create-via-import14:25
abhishekkSo this section shows glance-image-create-via-import as experimental and also states that it might be removed in future14:25
abhishekkIMO there is a need to correct it and also backport it to some stable branches14:26
jokkeyeah ... so the original plan was to change image-crete using the Import workflow and get rid of the mai long image-create-via-import once the code was stable enough to do so14:26
rosmaitathat's my recollection too14:27
abhishekkbut we are not moving it, right?14:27
jokkePersonally I'm not sure if we want to keep that via-import around but instead merge that with image-create with perhaps some flag indicating which way to go14:27
jokkeit would be cleaner to use, but I'm open for suggestions14:28
abhishekkhmm14:28
jokkeI'd kind of prefer just one image-create command14:28
abhishekkOne command sounds good to me as well14:29
rosmaitaright, and since we're talking about CLI here and not changing the rest of the client code, shouldn't impact any services14:29
dansmithwell,14:29
jokkeI could do it to utilize --method ... so if import method is provided that flow will be used14:29
dansmithpeople write scripts based on the CLI so I wouldn't say it won't break anyone14:29
dansmithnot any services, true, but..14:29
rosmaitaparty pooper14:30
jokkedansmith: yeah, there is reason why it's flagged experimental with warning it may go away :P14:30
dansmithis it flagged that way in the CLI output?14:30
abhishekkit is not flagged in CLI output but in the documentation IMO14:31
jokkeyes14:31
dansmithyeah, then nobody noticed :)14:31
jokkeIf you take the help text of the command (which you would need to know what parameters to use) there is like 10 line EXPERIMENTAL: warning on it14:31
dansmithso there is in the CLI?14:32
abhishekkAlso I think, its lot to do in this cycle, so we should do it in next cycle14:32
jokkeyup14:32
dansmithack, though abhishekk said not14:32
jokke`glance help image-create-via-import`14:32
rosmaita"EXPERIMENTAL: Create a new image via image import."14:33
rosmaitaeven in all caps14:33
*** dklyle has joined #openstack-meeting14:33
dansmithso this was just a shortcut for doing create..stage..import all in one go?14:34
abhishekkcool, I never looked at help message as I known all the parameters14:34
jokkedansmith: correct14:34
rosmaitayes, the idea was that it would be a drop-in replacement for glance image-create14:34
dansmithwell, just MHO, but I'm sure lots of people interested in import used that instead of the three separate calls...14:35
rosmaita(for some definition of "drop-in")14:35
abhishekkI am glad that I didn't removed experimental directly and decided to bring it here14:35
dansmithI'd not have been in favor of a temporary command in the CLI in the first place, so I'm a little biased, but...14:35
jokkedansmith: yeah, that's why I prefer to kind of squash it with image-create so people could keep doing that with very minimal change14:36
abhishekkI also think it will be tricky for copy-image support14:36
dansmithit's little stuff like this that people hate about upgrading in openstack.. even if the get all the hard ducks in a row, there's still stuff like this to make it painful.. but, you warned them, so I guess you're safe :)14:36
jokkeas image-create is already doing different stages depending of the parameters it's given14:36
dansmithwhat's the cost of keeping it for compatibility? just weight on our conscience?14:37
jokkedansmith: since the initial explosion around v1->v2 we have been pretty darn good flagging stuff we expect might change once the feedback comes in as experimental14:38
jokkedansmith: and clutter in the client commands ... the list os already long14:38
jokkes/os/is/14:38
dansmithit is, and confusingly overlapping14:39
jokkeyup14:39
*** armax has joined #openstack-meeting14:40
jokkeSo I'd like to see i I can get the feature set in image-create before I start my holidays, so we can mark that experimental,deprecated and we could clean it out next cycle. I don't want to not give any transition period for those who are cripting on it14:40
abhishekkSo to be on safe side, we will keep this command as deprectaed this cycle as well and remove it next cycle14:41
dansmithcan we reno that it _will_ be remove next cycle?14:41
abhishekkjust for confirmation image-stage and image-import will stay as it is14:42
jokkeabhishekk: experimental at least, if I get the squash of the features done this cycle, then deprecated. Otherwise I get it done next cycle and we can deprecate it then and remove following14:42
jokkeabhishekk: correct14:42
jokkejust like image-upload14:42
abhishekkdansmith, the patch jokke will push will have releasenote saying it is deprecated and will be removed in next cycle14:42
*** alistarle has quit IRC14:42
abhishekkjokke, ACK14:43
jokkedansmith: for sure, I've been quite decent with renos too ;)14:43
jokkeeven no-one reads them, no docs14:43
abhishekkok, moving into open discussion14:43
*** psahoo has quit IRC14:44
abhishekk#topic Open discussion14:44
*** openstack changes topic to "Open discussion (Meeting topic: glance)"14:44
abhishekkwe need reviews on copy-image race condition patches14:44
jokkeoh, the favorite14:44
abhishekkits almost in last phase and will be good enough if we have it merged before vacation period starts14:45
abhishekkjokke, rosmaita kindly have a look at those patches14:45
rosmaitaabhishekk: ack ... can you give me a list?14:45
dansmithI think the new functional test is pretty easy to read also14:45
*** alistarle has joined #openstack-meeting14:45
dansmithso it should be find to start from there to get the idea14:45
dansmith*fine14:45
abhishekkrosmaita, https://review.opendev.org/74359714:45
patchbotpatch 743597 - glance - Implement time-limited import locking - 16 patch sets14:45
jokkeI think there is still that one revert that will more likely break than not before it hits the code that is supposed to not break it14:46
dansmithI didn't parse that14:46
jokkeThe _CompleteTask ... I flagged in one of the previous PSs14:47
rosmaitadansmith: nice commit message on 74359714:47
abhishekkwe also need to backport it to stable/ussuri14:47
dansmithjokke: I replied to a comment of yours in _CompleteTask but never saw a reply, from PS814:48
dansmithnot sure if that's what you're referring to or not14:48
dansmithbut if you think something is broken, kindly highlight it again and I'll try to cover that concern with tests14:49
jokkedansmith: likely yes. How about I reply to it in the PS8 so no need to hop back and forth trying to follow the convo. IIRC nothing in that part changed between14:50
dansmithack14:50
jokkekk will do it after the meeting14:50
abhishekkdansmith, how tough it will be to backport to stable/ussuri (considering we need to backport your ImportAction work as well)?14:50
dansmithnote that we're actively hitting this race in the nova jobs14:51
dansmithso it would definitely be good to get this in14:51
dansmithabhishekk: I dunno, seems like a big backport14:51
jokkeyeah we've been bikeshedding around this for what almost two months now14:51
abhishekkyeah, I suspect that14:51
dansmiththe biggest problem is with copy-image.. when did that become a thing? first in ussuri?14:51
abhishekkyes, in ussuri14:52
dansmithyeah, so that's as far back as I'd want to take it, but still.. eesh, it'd be a big backport14:52
*** sridharg has quit IRC14:52
abhishekkright14:52
jokkemhm ... also the whole race got introduced with that copy-image, it did not exist before14:52
abhishekk:D14:53
jokkewell not on the obvious scale14:53
abhishekkJust for FYI tomorrow I will not be around14:54
dansmithsame14:54
jokkesame for all of us14:54
abhishekk(I guess most of us will not be)14:54
jokkepretty much14:54
abhishekkThat's it from me for today14:54
abhishekkwe have 5 minutes left before closing14:55
jokkeI don't think I had anything else either14:55
jokkethanks abhishekk for reminding about the -via-import I had kind of forgotten that whole thing already14:55
abhishekkI found one small bug in it14:56
abhishekkand that's when I noticed it14:56
abhishekkthere is '-' missing in 'create-image-via import'14:56
*** ayoung has quit IRC14:56
abhishekkactually its not me but my teammate rajat found it :P14:57
abhishekkLets wrap up for today14:57
abhishekkhave a nice long weekend guys14:58
jokkeThanks all14:58
jokkeindeed!14:58
abhishekkthank you all14:58
abhishekk#endmeeting14:58
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:58
openstackMeeting ended Thu Aug 13 14:58:31 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:58
openstackMinutes:        http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-08-13-14.01.html14:58
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-08-13-14.01.txt14:58
openstackLog:            http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-08-13-14.01.log.html14:58
*** alistarle has quit IRC15:00
gagehugo#startmeeting security15:01
openstackMeeting started Thu Aug 13 15:01:59 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:02
*** openstack changes topic to " (Meeting topic: security)"15:02
openstackThe meeting name has been set to 'security'15:02
fungiahoy, y'all15:02
*** Steap has left #openstack-meeting15:02
gagehugo#link https://etherpad.opendev.org/p/security-agenda agenda15:03
gagehugoo/15:03
*** rosmaita has left #openstack-meeting15:04
*** alistarle has joined #openstack-meeting15:04
*** alistarle has quit IRC15:06
gagehugo#topic https://bugs.launchpad.net/nova/+bug/188872215:07
*** openstack changes topic to "https://bugs.launchpad.net/nova/+bug/1888722 (Meeting topic: security)"15:07
openstackLaunchpad bug 1888722 in OpenStack Compute (nova) "The Nova api permits any possible hostname, including for example "../.." or "; --" or "hostname.openstack.org"" [Undecided,New]15:07
fungithis was one the vmt and nova devs basically considered not a bug15:07
fungibut some users find it surprising, so i felt it was worth calling out15:08
gagehugoSo OSSN?15:08
fungiwell, basically there's no obvious vulnerability here, though if people try to use instance names in places where those characters are dangerous, then that could be a risk15:09
gagehugoor just a warning I guess?15:09
*** moguimar has quit IRC15:10
fungithough one of the examples given was that of "." in instance names, the reporter seemed legitimately concerned about instances with names which looked like fqdns15:10
*** mlavalle has joined #openstack-meeting15:10
fungii and others actually like to use fqdns as instance names, so this really seemed like a matter of personal taste15:10
fungianyway, i figured i'd point this one out in case anyone has concerns similar to those of the reporter15:12
fungithe suggestion to disallow "." in instance names, for example, was dismissed fairly quickly15:12
fungibut also the idea of making a configurable filter for allowed characters was (rightly in my opinion) seen as hindering interoperability15:13
gagehugohmm ok15:14
gagehugo#topic security issue - some command injection vulnerability found and fixed15:15
*** openstack changes topic to "security issue - some command injection vulnerability found and fixed (Meeting topic: security)"15:15
gagehugo#link https://bugs.launchpad.net/cinder/+bug/188905515:15
openstackLaunchpad bug 1889055 in OpenStack Security Advisory "security issue - some command injection vulnerability found and fixed" [Undecided,Invalid]15:15
gagehugoI see also invalid15:16
fungiyeah, this one was a good example of a researcher running code analysis on a repository and assuming a vulnerability without knowing how that part of the software was used15:19
fungibugs like that serve as reminders that reports of suspected vulnerabilities without any idea of what the exploit scenario would be are not terribly useful, and we would much prefer folks research the bugs they think they've found before reporting them as suspected vulnerabilities15:21
gagehugoah ok15:28
gagehugo#topic CVE-2020-11984 mod_proxy_uwsgi buffer overflow15:28
*** openstack changes topic to "CVE-2020-11984 mod_proxy_uwsgi buffer overflow (Meeting topic: security)"15:28
gagehugo#link https://httpd.apache.org/security/vulnerabilities_24.html15:30
*** vishalmanchanda has quit IRC15:32
fungithis was more a heads up, i know lots of openstack deployments utilize apache mod_proxy_uwsgi and this is a pretty significant remote exploit15:32
fungithis might be something someone who's interested in writing an ossn might be interested in tackling15:33
fungi#info CVE-2020-11984 may be a good opportunity for an OSSN to alert OpenStack deployers to potential risks in unpatched Apache mod_proxy_uwsgi15:33
gagehugoDo we cover non-openstack services? Or is that specific to OSSAs?15:34
gagehugoIt makes sense imo15:34
fungiin the past we've used ossn to alert users to critical vulnerabilities in our dependencies15:37
funginot often, but there are some examples in the record15:38
gagehugook cool15:38
fungii think the most recent one was on spectre/meltdown15:38
fungianyway, i just figured i'd bring it to the attention of meeting attendees or anyone reading the logs/minutes/summary, in case there's maybe a lurker who wants to get involved, since this could be a fairly easy one15:39
fungifeel free to hit us up in the #openstack-security channel on freenode or the openstack-discuss ml if there are questions about the ossn process15:40
gagehugosounds good!15:41
gagehugoI need to run, thanks as always fungi!15:41
gagehugo#endmeeting15:41
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:41
openstackMeeting ended Thu Aug 13 15:41:27 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:41
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2020/security.2020-08-13-15.01.html15:41
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2020/security.2020-08-13-15.01.txt15:41
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2020/security.2020-08-13-15.01.log.html15:41
*** belmoreira has quit IRC15:42
fungithanks!15:42
fungigagehugo: also maybe worth bringing up next time, ptg dates have been announced and reg is open: http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016424.html15:42
fungiweek after summit, save the date!15:42
gagehugogood idea15:43
*** e0ne_ has joined #openstack-meeting15:45
*** priteau has joined #openstack-meeting15:47
*** e0ne has quit IRC15:47
*** armstrong has joined #openstack-meeting15:54
*** manuvakery has joined #openstack-meeting16:11
*** psachin has quit IRC16:25
*** TrevorV has quit IRC16:26
*** Lucas_Gray has quit IRC16:36
*** gyee has joined #openstack-meeting16:40
*** ociuhandu_ has quit IRC16:43
*** tosky has quit IRC16:43
*** ociuhandu has joined #openstack-meeting16:44
*** ociuhandu has quit IRC16:50
*** ociuhandu has joined #openstack-meeting16:57
*** ociuhandu has quit IRC17:04
*** priteau has quit IRC17:36
*** manpreet has quit IRC17:36
*** priteau has joined #openstack-meeting17:45
*** e0ne_ has quit IRC17:50
*** priteau has quit IRC17:53
*** andrebeltrami has quit IRC18:03
*** manuvakery has quit IRC18:21
*** armstrong has quit IRC18:24
*** maciejjozefczyk has quit IRC18:47
*** armstrong has joined #openstack-meeting18:51
*** e0ne has joined #openstack-meeting19:01
*** e0ne has quit IRC19:15
*** andrebeltrami has joined #openstack-meeting19:40
*** e0ne has joined #openstack-meeting19:59
*** e0ne has quit IRC20:02
*** hyunsikyang has quit IRC20:07
*** e0ne has joined #openstack-meeting20:07
*** e0ne has quit IRC20:07
*** tosky has joined #openstack-meeting20:10
*** yamamoto has joined #openstack-meeting20:13
*** yamamoto has quit IRC20:18
*** slaweq has quit IRC20:37
*** slaweq has joined #openstack-meeting20:43
*** slaweq has quit IRC20:48
*** rfolco has quit IRC20:51
*** armstrong has quit IRC20:54
*** raildo has quit IRC20:59
*** yamamoto has joined #openstack-meeting21:55
*** rcernin has joined #openstack-meeting22:00
*** patchbot has quit IRC22:02
*** armax has quit IRC22:07
*** rfolco has joined #openstack-meeting22:12
*** andrebeltrami has quit IRC22:23
*** yamamoto has quit IRC22:31
*** armax has joined #openstack-meeting22:49
*** ociuhandu has joined #openstack-meeting23:00
*** ayoung has joined #openstack-meeting23:02
*** ociuhandu has quit IRC23:05
*** mlavalle has quit IRC23:08
*** tosky has quit IRC23:09
*** ircuser-1 has quit IRC23:29
« Wednesday, 2020-08-12 Index Friday, 2020-08-14 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!