Thursday, 2014-10-16

openstackgerritDeepti Navale proposed a change to openstack/security-doc: Include glossterm tags for Federated Identity topic
*** bdpayne has quit IRC00:50
*** tmcpeak has joined #openstack-security01:12
*** bpokorny has quit IRC01:28
*** salv-orlando has quit IRC02:05
*** tmcpeak has quit IRC02:13
*** vdreamarkitex has quit IRC03:37
*** vdreamarkitex has joined #openstack-security06:10
*** vdreamarkitex has quit IRC06:32
*** salv-orlando has joined #openstack-security08:23
openstackgerritTim Kelsey proposed a change to openstack/security-doc: Adding OSSN-0038: Suds local cache poisoning.
openstackgerritTim Kelsey proposed a change to openstack/security-doc: Adding OSSN-0038: Suds local cache poisoning.
*** openstackgerrit has quit IRC10:19
*** openstackgerrit has joined #openstack-security10:19
*** salv-orlando has quit IRC10:48
*** vdreamarkitex has joined #openstack-security11:07
*** amrith is now known as _amrith_11:11
*** dave-mccowan has joined #openstack-security12:25
*** bknudson has joined #openstack-security12:47
*** tmcpeak has joined #openstack-security12:49
*** tmcpeak has quit IRC13:19
*** dave-mccowan has quit IRC13:53
*** elo1 has quit IRC13:59
*** dave-mccowan has joined #openstack-security14:06
*** tmcpeak has joined #openstack-security14:28
*** voodookid has joined #openstack-security14:30
*** openstackgerrit has quit IRC14:48
*** openstackgerrit has joined #openstack-security14:49
*** _amrith_ is now known as amrith14:53
*** elo1 has joined #openstack-security15:53
*** vdreamarkitex has quit IRC16:06
*** sicarie has joined #openstack-security16:11
*** bdpayne has joined #openstack-security16:23
*** rlpple has joined #openstack-security16:57
*** shohel02 has joined #openstack-security17:00
*** dipak has joined #openstack-security17:40
openstackgerritA change was merged to openstack/security-doc: Update SSL/TTL section in the security guide
*** rlpple has quit IRC17:57
nkinderbdpayne: so I just saw that firefox is going to disable SSLv3 in the 31esr release -
bdpayneyeah, Chrome is disabling it too17:57
bdpaynehopefully this is the final nail in the coffin on v317:58
nkinderupdate is still about a month out though AFAIK17:58
nkinderyeah, would be nice for it to die17:58
bdpaynenow if only people would implement TLS 1.217:58
nkinderthe main mod_nss developer (rcrit) is disabling v3 and adding TLS 1.217:59
nkindermod_ssl has 1.217:59
nkinderso we're good on the httpd side of things at least17:59
*** tmcpeak1 has joined #openstack-security18:01
*** tmcpeak has quit IRC18:01
shohel02bdpayne, did you already sent me email regarding the election18:05
shohel02i did not get one yet18:05
bdpaynecan you PM me your preferred email address?18:05
shohel02okey... i check other mail in yahoo.. got it now18:06
bdpayneah great18:06
bdpayneshohel02 btw, I have a script that will figure out how many meetings someone has attended... so perhaps I can fill in that col on the spreadsheet once you have added any new names to check18:08
bdpayneshohel02 actually, let me back up18:08
bdpaynestep 1 is probably to look at the launchpad group and figure out who has joined since last election18:09
bdpaynestep 2 is to add those names to the spreadsheet at the bottom18:09
bdpaynestep 3 is to then fill out the cols for each new person to see if they are eligible18:09
bdpayneand I have a tool that can help with one of those cols, so let me know when it is time and I can run that and put the data into the spreadsheet18:10
shohel02i take step 1, step 218:10
shohel02then step three is the filling against criteria18:10
shohel02here are multiple criterias..18:11
shohel02you are going to take all that part ?18:11
bdpayneperhaps we can have multiple people help with that18:12
bdpaynewe can each take a col18:12
*** dipak has quit IRC18:12
bdpaynebut I can certainly do the col for meeting attendance18:12
shohel02that sounds good..18:12
shohel02okey let me first fill the new names... and see how many are there18:13
bdpaynegreat, thanks for the help!18:13
shohel02no problem18:13
*** salv-orlando has joined #openstack-security18:15
*** tmcpeak1 has quit IRC18:26
*** tmcpeak has joined #openstack-security18:27
*** tmcpeak has quit IRC18:52
openstackgerritNathaniel Dillon proposed a change to openstack/security-doc: Re-submitting OSSN 25 concerning Swift/Glance public images
*** xen_roger has joined #openstack-security19:35
*** xen_roger has left #openstack-security19:36
*** dipak has joined #openstack-security20:03
*** bknudson has quit IRC20:14
*** dipak has quit IRC20:19
*** gabriela has joined #openstack-security20:26
*** gabriela has left #openstack-security20:26
*** amrith is now known as _amrith_20:31
*** tmcpeak has joined #openstack-security20:35
*** dave-mccowan has quit IRC20:49
*** shohel02 has quit IRC20:50
*** bdpayne has quit IRC20:51
*** bdpayne has joined #openstack-security20:51
tmcpeakso that link that Mr. Payne put in the meeting20:53
tmcpeakmentions that downgrades are a product of browser behavior20:54
tmcpeakdo we have any reason to think that Python libraries are vulnerable to the same behavior?20:54
*** bdpayne has quit IRC20:56
*** bdpayne has joined #openstack-security20:56
*** bdpayne has quit IRC21:01
*** dave-mccowan has joined #openstack-security21:03
tmcpeaknkinder: ^ thoughts?21:03
nkindertmcpeak: they may not be (at least for the downgrade portion of this)21:05
nkindertmcpeak: I would think that the downgrade part is browser specific, but I haven't looked into it21:05
tmcpeaknkinder: if a downgrade isn't possible, then it really shouldn't be much of an issue for OpenStack, surely client and server will agree on something better than SSL3, yeah?21:10
nkindertmcpeak: still would want to disable v321:11
nkindersomething better might be agreed upon, but the recommendation should be to disable v321:11
tmcpeaknkinder: sure, might as well disable it, but… I don't see any urgency without the downgrade dance possibility21:12
nkindertmcpeak: though there's always horizon to worry about21:12
tmcpeaknkinder: yeah, that's true21:16
*** bdpayne has joined #openstack-security21:41
*** dave-mccowan_ has joined #openstack-security21:48
*** dave-mccowan has quit IRC21:49
*** dave-mccowan_ is now known as dave-mccowan21:49
bdpaynenkinder I'd like to start working on the ossn for poodle22:24
bdpaynenkinder I don't see a bug filed for that yet... should I file a bug?22:24
*** tmcpeak has quit IRC22:30
*** _amrith_ is now known as amrith22:40
*** voodookid has quit IRC23:03
*** bdpayne has quit IRC23:16
nkinderdarn, missed bdpayne...23:27
*** sicarie has quit IRC23:41
*** tmcpeak has joined #openstack-security23:59

Generated by 2.14.0 by Marius Gedminas - find it at!