| *** tosky has quit IRC | 00:04 | |
| *** LinPeiWen has joined #openstack-sdks | 01:04 | |
| *** khomesh24 has joined #openstack-sdks | 01:05 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: Add network tests for versioned args https://review.opendev.org/c/openstack/ansible-collections-openstack/+/766013 | 01:20 |
|---|---|---|
| *** enriquetaso has joined #openstack-sdks | 01:20 | |
| *** khomesh24 has quit IRC | 01:58 | |
| *** artom has quit IRC | 02:12 | |
| *** enriquetaso has quit IRC | 02:15 | |
| *** khomesh24 has joined #openstack-sdks | 02:17 | |
| *** dasp has quit IRC | 02:20 | |
| *** dasp has joined #openstack-sdks | 02:21 | |
| *** mordred has quit IRC | 02:38 | |
| *** mordred has joined #openstack-sdks | 02:42 | |
| *** LinPeiWen has quit IRC | 02:45 | |
| *** mgoddard has quit IRC | 02:58 | |
| *** LinPeiWen has joined #openstack-sdks | 03:05 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: Run images tests https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767265 | 03:22 |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: Run images tests https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767265 | 03:22 |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: Separate volume tests from servers tests https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767268 | 03:28 |
| *** udesale has joined #openstack-sdks | 05:22 | |
| *** evrardjp has quit IRC | 05:33 | |
| *** evrardjp has joined #openstack-sdks | 05:33 | |
| *** khomesh24 has quit IRC | 05:58 | |
| *** ricolin has joined #openstack-sdks | 05:59 | |
| *** khomesh24 has joined #openstack-sdks | 06:00 | |
| *** khomesh24 has quit IRC | 07:31 | |
| openstackgerrit | Polina Gubina proposed openstack/ansible-collections-openstack master: Enable update for recordset and add tests for dns and recordset module https://review.opendev.org/c/openstack/ansible-collections-openstack/+/766528 | 07:34 |
| *** slaweq has joined #openstack-sdks | 08:00 | |
| *** gtema has joined #openstack-sdks | 08:02 | |
| openstackgerrit | Merged openstack/openstacksdk master: Change nodepool job to build CentOS-8-stream (unblock gate) https://review.opendev.org/c/openstack/openstacksdk/+/767126 | 08:16 |
| *** rpittau|afk is now known as rpittau | 08:18 | |
| *** tosky has joined #openstack-sdks | 08:33 | |
| *** jawad_axd has joined #openstack-sdks | 08:43 | |
| *** mgoddard has joined #openstack-sdks | 08:46 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: Add network tests for versioned args https://review.opendev.org/c/openstack/ansible-collections-openstack/+/766013 | 08:52 |
| *** jpich has joined #openstack-sdks | 09:03 | |
| *** mgoddard has quit IRC | 09:06 | |
| *** mgoddard has joined #openstack-sdks | 09:07 | |
| *** gtema has quit IRC | 09:18 | |
| *** gtema has joined #openstack-sdks | 09:19 | |
| *** jawad_axd has quit IRC | 09:30 | |
| *** jawad_axd has joined #openstack-sdks | 09:30 | |
| *** tosky_ has joined #openstack-sdks | 09:47 | |
| *** tosky is now known as Guest24372 | 09:49 | |
| *** tosky_ is now known as tosky | 09:49 | |
| *** Guest24372 has quit IRC | 09:50 | |
| openstackgerrit | Merged openstack/ansible-collections-openstack master: Run images tests https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767265 | 09:57 |
| *** dtantsur|afk is now known as dtantsur | 09:59 | |
| *** lbragstad has quit IRC | 10:31 | |
| *** lbragstad has joined #openstack-sdks | 10:31 | |
| *** jpich has quit IRC | 10:53 | |
| *** tkajinam has quit IRC | 10:54 | |
| *** jpich has joined #openstack-sdks | 10:54 | |
| *** artom has joined #openstack-sdks | 11:13 | |
| *** udesale_ has joined #openstack-sdks | 11:24 | |
| *** udesale has quit IRC | 11:26 | |
| *** holser has joined #openstack-sdks | 11:37 | |
| *** jpich has quit IRC | 11:47 | |
| *** jpich has joined #openstack-sdks | 11:48 | |
| *** mgariepy has quit IRC | 12:02 | |
| *** brinzhang_ has joined #openstack-sdks | 12:17 | |
| *** LinPeiWen has quit IRC | 12:20 | |
| *** brinzhang has quit IRC | 12:21 | |
| *** jpich has quit IRC | 12:50 | |
| *** jpich has joined #openstack-sdks | 12:50 | |
| *** mgariepy has joined #openstack-sdks | 13:09 | |
| *** brinzhang_ has quit IRC | 13:29 | |
| *** brinzhang_ has joined #openstack-sdks | 13:29 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: WIP add designate to install with devstack https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767352 | 13:36 |
| *** gtema has quit IRC | 13:45 | |
| *** lbragstad has quit IRC | 13:54 | |
| *** lbragstad has joined #openstack-sdks | 13:57 | |
| *** lbragstad has quit IRC | 13:57 | |
| *** lbragstad has joined #openstack-sdks | 13:58 | |
| *** enriquetaso has joined #openstack-sdks | 14:01 | |
| *** lbragstad_ has joined #openstack-sdks | 14:03 | |
| *** gtema has joined #openstack-sdks | 14:04 | |
| *** lbragstad has quit IRC | 14:05 | |
| *** brinzhang_ has quit IRC | 14:31 | |
| *** brinzhang_ has joined #openstack-sdks | 14:32 | |
| *** belmoreira has joined #openstack-sdks | 15:01 | |
| *** ralonsoh has quit IRC | 15:15 | |
| *** ralonsoh has joined #openstack-sdks | 15:15 | |
| *** ricolin_ has joined #openstack-sdks | 15:15 | |
| *** ade_lee has joined #openstack-sdks | 15:58 | |
| ade_lee | fungi, hey - I need to add some changes to allow openstacksdk to work under fips -- in particular to handle md5() | 16:00 |
| ade_lee | fungi, for example this is what we did for glance --- https://review.opendev.org/c/openstack/glance/+/756158 | 16:01 |
| fungi | looking | 16:01 |
| ade_lee | in that we referenced an encapsulation of md5() which we had put into oslo | 16:01 |
| ade_lee | oslo.utils | 16:01 |
| ade_lee | but I see there are no references to oslo in openstacksdk - and I'm gusessing thats deliberate? | 16:02 |
| mordred | very | 16:03 |
| ade_lee | I figured that -- I can put in an implementation of that then -- just like I did for swift | 16:03 |
| *** mgariepy has quit IRC | 16:04 | |
| mordred | ade_lee: you said python hashlib.md5 has been updaed with the notforsecurity param? | 16:04 |
| ade_lee | as in https://review.opendev.org/c/openstack/swift/+/751966/16/swift/common/utils.py (line 4864 -> 4888) | 16:05 |
| ade_lee | mordred, not everywhere yet | 16:05 |
| mordred | ade_lee: nod. well - yeah - I thnik what you've got in swift would be fine - the uses in openstacksdk are also not for security | 16:06 |
| ade_lee | mordred, cool - I'll get up a patch soon. | 16:07 |
| fungi | ade_lee: so, putting on my paranoid security wonk afdb for a moment, it's entirely possible that the image checksums in glance are relied on for security, and could even be susceptible to exploiting collision attacks, however the exploit scenarios i can think of are a bit specious (if someone has the ability to substitute an image with a malicious alternative, then they've almost certainly also got | 16:08 |
| fungi | more direct ways to compromiose the entire system) | 16:08 |
| mordred | fungi: yeah - the only think we use image checksums for is just to avoid duplicate uploads. as in "have I already uploaded this image" | 16:09 |
| fungi | i think as long as we document that checksums are being used to spot file corruption/truncation and that users should not rely on them to catch malicious activity, then it's fine | 16:09 |
| mordred | and the REAL reason we use them is that we've been putting them there long enough that they're part of the contract. we also do sha256 sums | 16:10 |
| mordred | ++ | 16:10 |
| mordred | like, we cannot remove them | 16:10 |
| fungi | or, yeah, for process optimization in your example | 16:10 |
| mordred | but we can document their appropriate uses | 16:10 |
| fungi | but if we're going to be tacking on the notforsecurity flag in our uses of md5() we do need to be very clear to users that these checksums are internal implementation details and not security mechanisms | 16:10 |
| fungi | it's also worth noting that the currently feasible exploits known for md5 would essentially require the malicious actor to create the original image as well so that (using a chosen prefix attack) they could create a second compromised image and then pull a bait-and-switch after users had inspected the original | 16:15 |
| fungi | and even that's a bit theoretical, since it would depend on them being able to choose prefixes which still produce usable image files | 16:16 |
| *** camelCaser has quit IRC | 16:20 | |
| *** ccamel has joined #openstack-sdks | 16:21 | |
| *** jawad_axd has quit IRC | 16:23 | |
| *** ricolin_ has quit IRC | 16:31 | |
| *** mgariepy has joined #openstack-sdks | 16:41 | |
| *** udesale_ has quit IRC | 16:56 | |
| openstackgerrit | Merged openstack/ansible-collections-openstack master: Migrating network from AnsibleModule to OpenStackModule https://review.opendev.org/c/openstack/ansible-collections-openstack/+/764411 | 16:59 |
| *** ralonsoh is now known as ralonsoh|afk | 17:00 | |
| *** jpich has quit IRC | 17:04 | |
| *** jpich has joined #openstack-sdks | 17:05 | |
| *** rpittau is now known as rpittau|afk | 17:11 | |
| openstackgerrit | Merged openstack/ansible-collections-openstack master: Add network tests for versioned args https://review.opendev.org/c/openstack/ansible-collections-openstack/+/766013 | 17:11 |
| openstackgerrit | Polina Gubina proposed openstack/ansible-collections-openstack master: Enable update for recordset and add tests for dns and recordset module https://review.opendev.org/c/openstack/ansible-collections-openstack/+/766528 | 17:21 |
| *** jpich has quit IRC | 17:26 | |
| *** belmoreira has quit IRC | 17:34 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: WIP add designate to install with devstack https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767352 | 17:39 |
| openstackgerrit | Artem Goncharov proposed openstack/openstacksdk master: Modify cloud.get_aggregate to use proxy.find https://review.opendev.org/c/openstack/openstacksdk/+/767176 | 18:12 |
| *** gtema has quit IRC | 18:47 | |
| *** dtantsur is now known as dtantsur|afk | 18:50 | |
| *** gtema has joined #openstack-sdks | 19:10 | |
| *** gtema has quit IRC | 19:20 | |
| *** brtknr has quit IRC | 19:37 | |
| *** brtknr has joined #openstack-sdks | 19:40 | |
| *** lbragstad_ is now known as lbragstad | 19:54 | |
| openstackgerrit | Ade Lee proposed openstack/openstacksdk master: encapsulate md5 calls for fips https://review.opendev.org/c/openstack/openstacksdk/+/767411 | 20:03 |
| openstackgerrit | Ade Lee proposed openstack/openstacksdk master: encapsulate md5 calls for fips https://review.opendev.org/c/openstack/openstacksdk/+/767411 | 20:27 |
| *** enriquetaso has quit IRC | 20:49 | |
| *** brinzhang0 has joined #openstack-sdks | 21:42 | |
| *** brinzhang_ has quit IRC | 21:45 | |
| openstackgerrit | Shnaidman Sagi (Sergey) proposed openstack/ansible-collections-openstack master: WIP add designate to install with devstack https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767352 | 21:50 |
| *** ralonsoh|afk has quit IRC | 22:09 | |
| openstackgerrit | Emilien Macchi proposed openstack/ansible-collections-openstack master: networking/port: add support for tags https://review.opendev.org/c/openstack/ansible-collections-openstack/+/767219 | 22:39 |
| *** slaweq has quit IRC | 22:42 | |
| *** tkajinam has joined #openstack-sdks | 22:59 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!