Wednesday, 2015-02-04

« Tuesday, 2015-02-03 Index Thursday, 2015-02-05 »
*** markvoelker has quit IRC00:07
*** tmcpeak has quit IRC00:51
*** markvoelker has joined #openstack-security00:52
*** tmcpeak has joined #openstack-security00:56
*** tmcpeak has quit IRC00:58
*** markvoelker has quit IRC01:00
*** jursey has quit IRC01:12
*** mohitsharma has joined #openstack-security01:12
*** jursey has joined #openstack-security01:19
*** markvoelker has joined #openstack-security01:19
*** jamielennox is now known as jamielennox|away01:33
*** amrith is now known as _amrith_01:34
*** coasterz has joined #openstack-security01:36
*** tmcpeak has joined #openstack-security01:39
*** bpokorny has quit IRC02:06
*** tmcpeak has quit IRC02:11
*** jursey has quit IRC02:27
*** salv-orlando has quit IRC02:29
*** jursey has joined #openstack-security02:54
*** bdpayne has quit IRC03:25
*** mitz_ has quit IRC03:56
*** mitz has joined #openstack-security03:56
*** tmcpeak has joined #openstack-security04:02
*** tmcpeak has quit IRC04:03
*** markvoelker has quit IRC06:08
*** markvoelker has joined #openstack-security06:39
*** markvoelker has quit IRC06:43
*** markvoelker has joined #openstack-security07:39
*** markvoelker has quit IRC07:44
*** nkinder has joined #openstack-security08:08
*** markvoelker has joined #openstack-security08:40
*** markvoelker has quit IRC08:45
*** salv-orlando has joined #openstack-security09:37
*** markvoelker has joined #openstack-security09:41
*** markvoelker has quit IRC09:47
*** jursey has quit IRC10:26
*** jursey has joined #openstack-security10:39
*** markvoelker has joined #openstack-security10:43
*** markvoelker has quit IRC10:48
*** De has joined #openstack-security10:52
*** De has quit IRC10:59
*** tkelsey has joined #openstack-security11:04
*** markvoelker has joined #openstack-security11:44
*** markvoelker has quit IRC11:49
*** tkelsey_ has joined #openstack-security12:12
*** tkelsey has quit IRC12:20
*** coasterz has quit IRC12:20
*** mohitsha_ has joined #openstack-security12:23
*** mohitsh__ has joined #openstack-security12:24
*** mohitsharma has quit IRC12:25
*** coasterz has joined #openstack-security12:27
*** mohitsha_ has quit IRC12:27
*** markvoelker has joined #openstack-security12:45
*** markvoelker has quit IRC12:49
*** mohitsh__ has quit IRC13:06
*** mohitsharma has joined #openstack-security13:07
*** mohitsharma has quit IRC13:08
*** nkinder has quit IRC13:10
*** bknudson has joined #openstack-security13:11
*** markvoelker has joined #openstack-security13:20
*** elo has joined #openstack-security13:28
*** _amrith_ is now known as amrith13:54
*** mohitsharma has joined #openstack-security14:01
*** mvangund has joined #openstack-security14:16
*** mvangund is now known as singlethink14:16
*** elo has quit IRC14:28
*** nkinder has joined #openstack-security14:31
*** nkinder has quit IRC15:04
*** nkinder has joined #openstack-security15:06
*** tmcpeak has joined #openstack-security15:22
*** elo has joined #openstack-security15:24
*** jursey has quit IRC15:28
*** voodookid has joined #openstack-security15:35
*** huerte has joined #openstack-security15:36
openstackgerritDoug Chivers proposed openstack/security-doc: OSSN for gethostbyname glibc vuln.  https://review.openstack.org/15251915:57
*** nkinder has quit IRC16:02
*** mohitsha_ has joined #openstack-security16:02
*** mohitsharma has quit IRC16:05
*** nkinder has joined #openstack-security16:06
openstackgerritDoug Chivers proposed openstack/security-doc: OSSN for gethostbyname glibc vuln.  https://review.openstack.org/15251916:11
*** bpokorny has joined #openstack-security16:13
*** tmcpeak has quit IRC16:27
*** mohitsha_ has quit IRC16:32
*** amrith is now known as _amrith_16:48
*** nkinder has quit IRC16:57
*** tmcpeak has joined #openstack-security17:06
*** nkinder has joined #openstack-security17:07
*** elo has quit IRC17:17
*** elo has joined #openstack-security17:17
*** _amrith_ is now known as amrith17:23
*** nkinder has quit IRC17:30
openstackgerritDoug Chivers proposed openstack/security-doc: OSSN for gethostbyname glibc vuln.  https://review.openstack.org/15251917:40
*** sicarie has joined #openstack-security18:12
*** bdpayne has joined #openstack-security18:34
*** sicarie has quit IRC18:37
*** elo has quit IRC18:39
*** sicarie has joined #openstack-security18:45
*** vozcelik has joined #openstack-security18:52
*** vozcelik has quit IRC18:52
openstackgerritMerged openstack/security-doc: Clarified timeline in Vulnerability Management Triage section  https://review.openstack.org/15240718:57
openstackgerritMerged openstack/security-doc: Change link reference from icehouse to juno  https://review.openstack.org/15266318:58
openstackgerritMerged openstack/security-doc: OSSN for gethostbyname glibc vuln.  https://review.openstack.org/15251919:00
*** amrith is now known as _amrith_19:52
*** tkelsey_ has quit IRC20:01
*** _amrith_ is now known as amrith20:18
*** sicarie has quit IRC20:20
*** tmcpeak has quit IRC20:30
*** tmcpeak has joined #openstack-security20:33
openstackgerritHareesh Puthalath proposed openstack/security-doc: Add intro and reference to the Alice and Bob case study  https://review.openstack.org/15258120:47
openstackgerritMerged openstack/security-doc: Rephrase intro to Hypervisor Selection section  https://review.openstack.org/15147920:52
openstackgerritMerged openstack/security-doc: Fix sentence fragment  https://review.openstack.org/15162520:55
*** elmiko has joined #openstack-security20:59
elmikoyo20:59
elmikodang these spammers...20:59
tmcpeakelmiko: who now?21:00
elmikohuerte21:01
tmcpeakbdpayne: ^21:01
tmcpeakoh yeah, I got him21:01
elmikolike, as soon as i joined i got a private msg21:01
tmcpeakyeah, I also got one for typing in the channel21:01
elmikoheh lol21:01
elmikobdpayne: we doing a meeting today?21:02
tmcpeaksame MO as jursey, I wonder if it's the same IP21:02
bdpayneheyyo21:02
tmcpeakbpdyane: time to dust off your beating stick21:02
elmikoi checked out that link they keep sending, but didn't see anything too weird21:02
* bdpayne gets on that21:02
tmcpeakelmiko: you clicked it? gutsy21:03
*** ChanServ sets mode: +o bdpayne21:03
elmikotmcpeak: nah, wget21:03
bdpaynewell, elmiko is owned21:03
tmcpeak;)21:03
elmikoi did load it on a vm, it was some weirdo fish tank video21:03
*** huerte was kicked by bdpayne (for spamming via PM)21:04
*** huerte has joined #openstack-security21:04
tmcpeakaren't they always?21:04
bdpayneweee, this is fun21:04
elmikolol21:04
tmcpeakoh, it's a different IP too21:04
tmcpeakstill got "jursey" in his name21:04
bdpayneclassic21:05
*** bdpayne sets mode: +b *!*@213.143.60.22421:05
*** huerte was kicked by bdpayne (for spamming via PM)21:05
tmcpeakbuhbye21:06
* elmiko waves21:06
*** sicarie has joined #openstack-security21:06
bdpaynealrighty then21:06
bdpaynehey there elmiko and sicarie21:06
elmikohey21:06
sicariehello21:06
bdpaynelet me pull up our bugs webpage, one sec21:06
bdpaynehere we go https://bugs.launchpad.net/openstack-manuals/+bugs?field.tag=sec-guide21:07
bdpayneone more sec while I get organized21:07
elmikono prob21:07
bdpayneok, I think this is the next one https://bugs.launchpad.net/openstack-manuals/+bug/134429121:09
bdpayneon a side note, lots of contribution activity over the past week, which is great21:09
elmikonice21:09
elmikochap43? this must be old21:10
sicarieYep, it's the old location, but the content itself just seemed more 'user-guide' material to me21:10
sicarieI should probably let this go for the moment, I haven't done anything on it in 2 weeks21:10
* elmiko looking at the content21:10
elmikothat does seem a little out of scope for the security stuff21:11
sicarieAnd it's only a small subset of filters too21:11
bdpayneyeah, agreed21:11
bdpayneI think this ticket is good where it sits21:12
bdpayneany discussion?21:12
elmikowell, i could see this being incomplete given the recommendations21:13
elmikowe're basically asking for more from the nova folks21:13
elmikoi dunno, i guess the bug itself isn't incomplete.. tough call21:13
bdpayneI think I'd look for something between (1) and (2) here21:14
bdpaynelist the filters that have a security impact21:14
bdpayneand provide some discussion around best practices / recommendations for those21:14
elmikothat makes sense21:15
sicarieThe reason I didn't want to do #1 is if the list of filters grows21:15
sicariebut it does make sense21:15
sicarieand I suppose that's work you really only have to do once21:15
bdpayneok, I'll comment on this ticket21:15
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/134698621:16
sicarieI really like this one, but I wonder if it might encourage more effort if each # was a ticket?21:17
sicaries/ticket/bug21:17
bdpayneif anything, perhaps this should be broken out into separate bugs21:17
elmikoyea, seems like a big bug21:17
bdpayneheh, yeah21:17
bdpaynecould one of you take an action item to break this up after this meeting?21:18
sicarieSure!21:18
bdpaynethanks sicarie21:18
sicarienp21:18
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/134954021:19
elmiko+1 for this one21:19
sicarieI think you created this one last week?21:19
bdpaynehrm, I feel like there was another bug related to this21:19
bdpayneb/c this was filed last summer21:20
sicarieI think it may have been this https://bugs.launchpad.net/openstack-manuals/+bug/141300121:20
bdpayneahh21:21
bdpayneso let's close that one as a dup of the first?21:21
sicarie+121:21
elmiko+121:21
bdpayneI don't see a dup option, made a comment and chose won't fix21:22
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/134955521:22
bdpayneI think this one looks good as it21:23
bdpayne*as is21:23
elmikomark as duplicate is on the right hand side near the top21:23
sicarie+1, I have seen a few chapters without21:24
bdpayneah cool, dup properly marked now21:25
bdpayneok, moving forward21:25
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/141521821:25
bdpayneactually, we did this one last week21:25
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/134236921:26
elmikoyea, i'm making good progress. should have a first review up soon(TM).21:26
bdpayneI'm actually not sure about this one21:27
elmikoyea, the intro para isn't that bad imo21:27
bdpaynethe ask feels pretty similar to what is there today21:27
bdpaynethoughts?21:27
elmikoagreed21:27
bdpayneok, so I'll comment and close21:28
bdpaynehttps://bugs.launchpad.net/openstack-manuals/+bug/136009521:29
bdpayneahh, at first I was reading this thinking that it looked like a code change21:30
bdpayneand it is21:30
bdpaynedocimpact21:30
bdpayneso this makes sense21:30
sicarieYeah, it looks like a good thing ot have and an even better feature to have documented21:30
bdpayneperhaps a higher priority would be useful?21:30
bdpaynemedium?21:30
elmikonot sure i understand this one, are they talking about audit_ids in the links of the guide?21:31
bdpaynethis is a new keystone feature21:31
elmikoahh ok21:31
sicarieelmiko: my interpretation was the documentation of a new feature21:31
bdpaynethat they want documented21:31
elmikocool, yea i'd go medium or even high21:32
sicarie+1 to medium for m21:32
sicariee21:32
elmikoi'm good with that21:32
bdpayneok, bumped to medium21:32
bdpayneok that's all for today... we will pick up with https://bugs.launchpad.net/openstack-manuals/+bug/1261735 next week21:33
elmikosounds good, thanks =)21:33
bdpaynethanks guys!21:33
sicarieSounds good - thanks!21:34
*** sicarie has quit IRC21:43
elmikowould it be more appropriate to refer to the policy.json files as RBAC or ACL?22:32
elmiko(i'm thinking RBAC makes more sense)22:33
*** bpokorny has quit IRC22:33
*** tmcpeak has quit IRC22:43
*** tmcpeak has joined #openstack-security22:44
*** amrith is now known as _amrith_22:57
bdpayneelmiko yes, I'd agree that RBAC makes more sense23:19
elmikobdpayne: thanks23:21
*** singlethink has quit IRC23:50
*** markvoelker has quit IRC23:56
« Tuesday, 2015-02-03 Index Thursday, 2015-02-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!