Wednesday, 2015-08-05

*** zul has joined #openstack-security00:09
*** jmckind has quit IRC00:11
*** elmiko has quit IRC00:21
*** salv-orlando has joined #openstack-security00:59
*** salv-orlando has quit IRC01:04
*** tmcpeak has quit IRC01:20
*** tjt263 has joined #openstack-security01:51
*** pdesai has joined #openstack-security01:52
*** elo has quit IRC02:01
*** tmcpeak has joined #openstack-security02:02
*** sdake_ has quit IRC02:04
*** sdake has joined #openstack-security02:04
*** salv-orlando has joined #openstack-security02:05
*** zul has quit IRC02:09
*** salv-orlando has quit IRC02:12
*** pdesai has quit IRC02:39
*** tmcpeak has quit IRC04:05
*** salv-orlando has joined #openstack-security04:10
*** salv-orlando has quit IRC04:22
*** janonymous has quit IRC04:32
*** pcaruana has quit IRC04:59
*** salv-orlando has joined #openstack-security05:21
*** salv-orlando has quit IRC05:23
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex
*** shohel has joined #openstack-security06:26
*** browne has quit IRC06:34
*** pcaruana has joined #openstack-security06:36
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex
*** b10n1k has joined #openstack-security06:40
*** salv-orlando has joined #openstack-security06:41
*** alex_klimov has joined #openstack-security06:52
*** browne has joined #openstack-security07:30
*** salv-orlando has quit IRC07:38
*** b10n1k has quit IRC07:39
*** b10n1k has joined #openstack-security07:39
*** browne has quit IRC07:40
openstackgerritStanislaw Pitucha proposed openstack/anchor: Implement new API format
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move all plugins to stevedore
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends
*** tkelsey has joined #openstack-security08:15
*** barra204 has quit IRC08:25
*** salv-orlando has joined #openstack-security08:39
*** salv-orlando has quit IRC09:36
*** salv-orlando has joined #openstack-security10:34
*** h00327910__ has quit IRC10:58
*** jmckind_ has joined #openstack-security11:08
*** tmcpeak has joined #openstack-security12:07
*** jmckind_ has quit IRC12:15
*** alejandrito has joined #openstack-security12:19
*** edmondsw has joined #openstack-security12:34
*** salv-orlando has quit IRC12:37
*** salv-orlando has joined #openstack-security12:45
*** hyakuhei has joined #openstack-security13:02
*** elmiko has joined #openstack-security13:03
*** zul has joined #openstack-security13:05
*** edmondsw has quit IRC13:05
*** browne has joined #openstack-security13:06
*** alejandrito has quit IRC13:10
*** sdake has quit IRC13:21
*** dave-mccowan has joined #openstack-security13:23
*** singlethink has joined #openstack-security13:25
*** viraptor has quit IRC13:26
*** bknudson has joined #openstack-security13:28
*** dave-mcc_ has joined #openstack-security13:28
*** dave-mccowan has quit IRC13:29
*** dave-mccowan has joined #openstack-security13:31
tmcpeakhappy days bknudson! :)
*** dave-mcc_ has quit IRC13:33
bknudsontmcpeak: I'll be the other half13:33
*** jmckind has joined #openstack-security13:33
tmcpeakI figured… I do love me my macbook though13:33
bknudsonunless I can install linux on it13:33
tmcpeakyou most certainly can13:33
*** jmckind has quit IRC13:34
tmcpeakI mean really it runs a free-BSD derivative anyway13:34
*** jmckind has joined #openstack-security13:34
miscwell, apple had some crappy uefi firmware working good only with their os in the past13:39
miscso running linux correctly is not something I would take for granted13:40
*** singleth_ has joined #openstack-security13:46
*** singlethink has quit IRC13:49
tmcpeakmisc really? I'm fairly sure bootcamp has smoothed that out13:50
*** salv-orlando has quit IRC13:53
*** singlethink has joined #openstack-security13:54
tmcpeakbrowne, Daviey, sigmavirus24, tkelsey today is the day13:55
tmcpeak , , ,
tmcpeakthese are the 4 that need to land13:55
tmcpeakthen run through and test projects which are using gate and other misc testing13:55
tmcpeakthen merge13:55
tmcpeak13 up up and away13:55
*** sigmavirus24_awa is now known as sigmavirus2413:56
browne has two +2.  ready to merge?13:57
*** singleth_ has quit IRC13:57
tmcpeakbrowne: yep13:57
tmcpeaksigmavirus24, tkelsey: can you do this?
sigmavirus24tmcpeak: what do you mean?14:00
openstackgerritMerged openstack/bandit: Rewording subprocess without shell finding
tmcpeaksigmavirus24, browne, tkelsey: I've tested this, if you guys can also test we should be good to merge:
tmcpeaksigmavirus24: approvsies14:00
brownei have comments on that one14:00
tmcpeakbrowne: which?14:01
*** shohel1 has joined #openstack-security14:01
tmcpeakahh ok14:01
browneBut its not a dealbreaker14:02
*** shohel has quit IRC14:02
tmcpeakbrowne: good point14:02
tmcpeakDaviey: fix?14:02
*** edmondsw has joined #openstack-security14:02
openstackgerritMerged openstack/bandit: Convert README to rst
browneha, merge conflict.  let me rebase
brownesame with now14:04
openstackgerritEric Brown proposed openstack/bandit: Update README with latest changes
tmcpeaktkelsey, sigmavirus24: +A por favor:
*** hyakuhei has quit IRC14:06
tmcpeakgreat, so I think we're just waiting on Daviey for this14:07
tmcpeakmeanwhile if you guys have a chance can you do some stability testing?14:08
*** hyakuhei has joined #openstack-security14:10
brownetmcpeak: sure.  also, when you push to pypi, isn't there also supposed to be a wheel for py3?  I see only py2 for bandit 12.014:11
tmcpeakbrowne: I'm not actually doing the push to PyPI openstack CI does it14:11
sigmavirus24browne: it should be one universal wheel14:11
tmcpeakwe should get universal wheel automatically if we have Py2 and Py3 compatibility14:12
sigmavirus24not exactly14:12
sigmavirus24I know what's probablyw rong14:12
sigmavirus24Sending a review now14:12
*** hyakuhei has quit IRC14:12
browneok if its universal, why does it state py2?14:12
brownesigmavirus24: cool14:12
openstackgerritIan Cordasco proposed openstack/bandit: Build universal wheels for PyPI
sigmavirus24browne: because we didn't have ^14:13
tmcpeaklooks simple enough :D14:13
brownesigmavirus24: you're quick!14:13
tmcpeak30 secs for sigmavirus24, 2 hours of painful googling for me14:14
sigmavirus24browne: I know that trick all too well14:14
*** hyakuhei has joined #openstack-security14:15
brownenext time we have to time sigmavirus2414:15
*** hyakuhei has quit IRC14:15
*** shohel has joined #openstack-security14:19
*** shohel1 has quit IRC14:19
*** hyakuhei has joined #openstack-security14:22
*** singleth_ has joined #openstack-security14:25
*** singlethink has quit IRC14:28
tmcpeakbknudson: thanks to you keystone still has the honor of being the only project using voting Bandit checks14:30
tmcpeakallright my testing looks goo14:31
tmcpeakas soon as Daviey can get that small change done and rebase I'll do a final sanity check and we should be gtg14:32
*** hyakuhei has quit IRC14:34
Davieytmcpeak: ok, in meetings until later.. will do it today. promise.14:36
bknudsontmcpeak: change is slow14:37
tmcpeakDaviey: ok cool14:38
tmcpeakwhen that's done we're gtg14:38
openstackgerritMerged openstack/bandit: Update README with latest changes
openstackgerritMerged openstack/bandit: Build universal wheels for PyPI
*** voodookid has joined #openstack-security15:11
*** voodookid1 has joined #openstack-security15:23
*** voodookid has quit IRC15:23
*** voodookid1 has quit IRC15:28
*** bpokorny has joined #openstack-security15:29
*** dwyde has joined #openstack-security15:31
*** shakamunyi has joined #openstack-security15:35
*** voodookid has joined #openstack-security15:40
*** yaya has joined #openstack-security15:46
*** sdake has joined #openstack-security15:50
*** singleth_ has quit IRC15:57
*** yaya has quit IRC16:00
*** salv-orlando has joined #openstack-security16:06
*** singlethink has joined #openstack-security16:06
*** yaya_ has joined #openstack-security16:08
*** shohel has quit IRC16:11
* sigmavirus24 waves to yaya_ 16:22
*** browne has quit IRC16:23
*** pcaruana has quit IRC16:26
* yaya_ waves to sigmavirus2416:27
sigmavirus24tmcpeak: yaya_ is thinking about becoming more involved with bandit16:27
tmcpeakyaya_: oh great!16:28
tmcpeakwe'd love that16:28
tmcpeaklet me know how I/we can help16:28
tmcpeakalso involved as in developer, user, or both?16:29
*** openstackgerrit_ has joined #openstack-security16:30
yaya_both most likely16:30
tmcpeakyaya_ awesome, how familiar are you with Bandit already and what's your background?16:34
*** jhfeng has joined #openstack-security16:40
*** alex_klimov has quit IRC16:46
*** dwyde has quit IRC16:47
*** yaya_ has quit IRC16:49
*** sdake has quit IRC16:58
*** openstackgerrit_ has quit IRC17:05
*** tjt263 has quit IRC17:12
*** browne has joined #openstack-security17:14
*** tkelsey has quit IRC17:20
*** openstackgerrit_ has joined #openstack-security17:24
*** pdesai has joined #openstack-security17:32
*** yaya has joined #openstack-security17:33
*** openstackgerrit_ has quit IRC17:34
yayatmcpeak: sorry I had to leave briefly17:36
tmcpeakno worries17:36
yayaso I’m a sec engineer for rackspace and I’ve used Bandit fairly recently but not not quite extensively yet. I am looking into getting more involved into the upstream sec community  but I don’t yet have any clear plans as to how to go about that so I guess Bandit is my starting point …17:38
tmcpeakyaya: oh cool17:39
tmcpeakwell one thing is to attend the security meetings on Thurs17:39
tmcpeakthat could give you a good sense of the projects we have in flight17:39
yayasigmavirus24 already sent me an invite17:40
tmcpeakare you on michaelxin's team?17:40
tmcpeakor in some way related to him17:40
*** jhfeng has quit IRC17:40
tmcpeakahh ok cool17:40
tmcpeakI think some of your guys are also working on an API fuzzing tool17:40
tmcpeakyaya we have a midcycle coming up too17:41
yayayes michael and a couple of others have been working on sec cafe17:41
tmcpeaknot sure if it's an option for you to go but that's a great way to get involved17:42
tmcpeakyou'll come out with more projects than you know what to do with17:42
*** dwyde has joined #openstack-security17:42
yayasounds interesting17:43
yayahow do I stay in the loop?17:43
tmcpeakdetails here:
tmcpeakmaybe speak to your management and see if there is budget17:43
tmcpeakbest way though is just hang out here and drop by our weekly meetings17:43
tmcpeakf you want to get your feet wet with Bandit try running against some projects, look at findings17:44
tmcpeakDaviey: still swamped in meetings? :)17:45
tmcpeaknot to pester17:46
Davieytmcpeak: Yeah, will be free in 1hr17:48
tmcpeakDaviey: ok cool, thank you17:49
Davieytmcpeak: Oh, i'll bang it out now17:50
tmcpeakeven better :)17:50
tmcpeakyeah should be quick - small text change and a rebase17:50
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim
Davieytmcpeak: rebase done aswell17:55
tmcpeakDaviey: awesome, thank you!17:57
tmcpeakI'm going to do some last minute validation and make sure this last change didn't break things and then 13 is shipping out17:57
*** hyakuhei has joined #openstack-security17:57
tmcpeakbrowne, sigmavirus24: approvies por favor?
*** jmckind_ has joined #openstack-security18:03
tmcpeakbrowne: what's your platform? are you able to test it?18:03
tmcpeaksigmavirus24: you want to put the +A on it?18:05
*** jmckind has quit IRC18:05
sigmavirus24tmcpeak: way ahead of yo18:05
sigmavirus24well not very far18:05
*** singlethink has quit IRC18:10
tmcpeakdamn is zuul backed up again?18:14
*** pdesai1 has joined #openstack-security18:16
Davieysigmavirus24: I used githubs own url shortener, so it seemed reasonable18:17
sigmavirus24tmcpeak: yeah18:17
sigmavirus24since yesterday18:17
sigmavirus24Daviey: url shorteners are the devil18:17
sigmavirus24The real URL sometimes has context in it so that when the shortener breaks (as so many do) things can still be googled about it18:17
sigmavirus24And hopefully archives can be found18:18
tmcpeakplus that by 95% of rick-rolls are caused by URL shorteners18:18
*** pdesai has quit IRC18:19
sigmavirus24Daviey: firewall blocked that18:19
tmcpeakI may or may not have been a victim :\18:19
Davieytmcpeak: Question is, are 95% of users of url shortners also victims of rickrolls?18:20
tmcpeakthat sounds reasonable18:20
*** elo has joined #openstack-security18:21
DavieyI tend not to open random urls on corp network :)18:21
brownetmcpeak: my platofrm of choice is Ubuntu 1418:22
tmcpeakahh cool18:23
Davieybrowne: you have my sympathies18:25
browneDaviey: ha, why?  I like Ubuntu18:26
DavieyStockholm syndrome18:26
tmcpeaksigmavirus24: do something! can you use your clout, influence, bribery, threats, etc to get this moved through Zuul?18:26
browneits not my dev env.  i have a macbook.18:26
sigmavirus24tmcpeak: who do you think I am?18:28
tmcpeakyou've got mega projects juice18:28
tmcpeakyou're like the underboss of the internet, aren't you?18:29
* sigmavirus24 backs into the darkness slowly18:29
*** sdake has joined #openstack-security18:32
*** pdesai has joined #openstack-security18:33
*** pdesai1 has quit IRC18:36
openstackgerritMerged openstack/bandit: Actually default to /etc/ rather than just claim
jelleoh nice, does that change also install it to /etc/bandit?18:36
tmcpeakjelle: yeah it will try to18:37
jelletmcpeak: cool18:37
jellethat will fix a packaging issue in Arch Linux I think ;)18:37
tmcpeakjelle: awesome!18:37
jellesince the config file ended up somewhere in /usr/lib/python2.718:37
tmcpeakwell it should be up on pip very shortly18:37
jellethe new release?18:37
jellecool, I'll update the package in our repos then ;)18:38
*** openstackgerrit has quit IRC18:46
tmcpeakI do this new Bandit version stuff just infrequently enough to forget how it's done each time18:46
*** openstackgerrit has joined #openstack-security18:46
tmcpeakahh, there it is!18:47
tmcpeakthanks sigmavirus24, browne, tkelsey, Daviey, bknudson and all others18:48
tmcpeakanother release out the door :)18:49
* sigmavirus24 ^5s tmcpeak 18:49
bknudsontmcpeak: and this will not break keystone.18:49
tmcpeakbknudson: it will not.  If I test one thing it's keystone ;)18:49
sigmavirus24oh right18:50
sigmavirus24we never added gates to bandit to test it against consumers we knwo about18:50
sigmavirus24e.g., keystone,18:50
tmcpeaknot yet :(18:50
tmcpeakcould be a cool activity for midcycle18:50
tmcpeakactually I'm going to add that to plans18:50
tmcpeaksigmavirus24: you've got to hitchhike out there or something18:51
brownetmcpeak: do you have an etherpad of the plans?18:51
tmcpeakbrowne: hyakuhei started throwing it together
hyakuheiThere’s also the sprints page18:52
tmcpeakspeak of the devil18:52
brownebtw, my flight and hotel is booked.  i'll be there18:52
hyakuheiI also did a bunch of work on the Security Project WIKI page but it’s pretty crap right now18:53
hyakuheiIf anyone wants to tart it up further please feel free!18:53
tmcpeakbrowne: awesome!18:55
tmcpeakjust sent out a notification to dev about new Bandit18:55
tmcpeakof course I instructed people to use the 'Security' tag in response but I forgot the tag myself18:56
tmcpeakI so smart18:56
tmcpeakif that's a rickroll I'll be upset18:57
tmcpeaksigmavirus24: looks like universal wheel worked too :)18:59
jellehrrm actually facing an issue after python install19:00
sigmavirus24tmcpeak: woot woot19:01
tmcpeakjelle: what's up?19:01
*** yaya has quit IRC19:02
jelletmcpeak: missing appdir19:02
tmcpeakoh noz, did we forget to add that to our requirements?19:02
jelleoh let me check19:02
tmcpeakhmm jelle: it's there19:02
tmcpeakit should be installed19:02
jellethen it's my fault19:02
tmcpeakthank god19:02
tmcpeakI hate instantly having to release the x.x.119:02
*** yaya has joined #openstack-security19:08
sigmavirus24tmcpeak: that's what they're there for19:09
tmcpeakyep, just about19:09
*** pdesai1 has joined #openstack-security19:12
*** pdesai has quit IRC19:12
openstackgerritAndreas Jaeger proposed openstack/security-doc: Adding file permissions section
*** yaya has quit IRC19:18
openstackgerritAndreas Jaeger proposed openstack/security-doc: Fix list-tables in Object Storage
*** yaya has joined #openstack-security19:24
*** sigmavirus24 is now known as sigmavirus24_awa19:24
*** sigmavirus24_awa is now known as sigmavirus2419:24
*** dwyde has quit IRC19:27
*** dwyde has joined #openstack-security19:29
Davieytmcpeak: Hey, are you doing the release management bug handling stuff?19:35
tmcpeakDaviey: I'm not sure what you mean but the answer is I'm probably not19:44
tmcpeakI'd like to get some better versioning, a more refined release management flow, etc but it always falls under the waterline of things I'll work on today :\19:44
Davieytmcpeak: there is tooling to close bugs that this release fixed and upload tarballs etc19:45
tmcpeakyeah, we're not using any :)19:47
Davieytmcpeak: Also tooling to list changes this release did19:47
tmcpeakI'm integrated with openstack-ci so I tag a version and it automatically pushes to PyPI that's about it19:47
DavieyIIRC there is also one to generate emails19:47
tmcpeakDaviey: that would be really cool19:47
tmcpeakI should carve off a few hours to poke around19:47
tmcpeakdoing it manually sucks19:47
tmcpeakalthough I don't do it often enough to automate19:47
Davieywell it's already been done.. just need to run the tools19:48
tmcpeakeven better :D19:48
*** jmckind_ has quit IRC20:08
*** jmckind has joined #openstack-security20:11
*** jmckind has quit IRC20:12
*** jmckind has joined #openstack-security20:13
*** jmckind has quit IRC20:13
*** jmckind has joined #openstack-security20:14
*** jmckind has quit IRC20:15
*** jmckind has joined #openstack-security20:16
*** jmckind has quit IRC20:19
*** hyakuhei has quit IRC20:23
*** hyakuhei has joined #openstack-security20:33
*** sigmavirus24 is now known as sigmavirus24_awa20:36
*** sigmavirus24_awa is now known as sigmavirus2420:36
openstackgerritDave Walker proposed openstack/bandit: Add info: License, Source, Bugs and Docs to README
*** yaya has quit IRC20:48
*** pdesai has joined #openstack-security20:58
*** pdesai1 has quit IRC20:59
*** pdesai2 has joined #openstack-security20:59
*** pdesai1 has joined #openstack-security21:00
*** pdesai2 has quit IRC21:00
*** pdesai has quit IRC21:02
*** jmckind has joined #openstack-security21:07
*** dave-mccowan has quit IRC21:08
tmcpeakbrowne: good catch on HTTPS ;)21:10
*** pdesai has joined #openstack-security21:15
brownetmcpeak: eagle eyes21:17
*** pdesai1 has quit IRC21:18
*** alex_klimov has joined #openstack-security21:18
tmcpeakthat's good, I've been the opposite - all the typos get by me :)21:19
tmcpeakI think I need electroshock therapy or something21:19
brownebandit approved in cinder21:20
openstackgerritDave Walker proposed openstack/bandit: Add info: License, Source, Bugs and Docs to README
DavieyYeah, normally using https is something i pick up on.. but i diff gud by copy and pasting.21:25
Davieybrowne: Is it ironic to have (or not have) bandit gate support on bandit itself?21:26
*** b10n1k has quit IRC21:27
browneDaviey: its like inception21:28
brownewould it ever find any issues you think?21:28
*** kcaj has left #openstack-security21:28
Davieyyou'd hope it would find the samples..21:28
*** pdesai has quit IRC21:28
browneDaviey: that's true.  that might be interesting21:29
tmcpeakif it does find things not in samples I'll be bummed21:29
Davieysurely i am not the only one that tests changes with $ bandit -r bandit/ (but don't read the output)21:30
*** jmckind has quit IRC21:31
dwydebandit loaded the config with `yaml.load` back in March — found that by bandit-ception :-)21:32
Davieyit looks like we have a real missuse of assert in utils?21:32
*** pdesai has joined #openstack-security21:33
DavieyUsage of xml.etree.cElementTree is ok as we aren't parsing.21:33
tmcpeakDaviey: crap, really?21:36
DavieyI mean, it isn't a big deal..21:37
Davieyfunnily enough, that is from Genesis commit.21:38
openstackgerritSean McGinnis proposed openstack/bandit: Fix takes_config in try_catch_pass plugin
*** zul has quit IRC21:45
*** smcginnis has joined #openstack-security21:52
smcginnisWondering if anyone can answer some bandit questions.21:53
smcginnisIs there a reference or knowledge base somewhere that describes what to do for items flagged by bandit?21:53
smcginnisIdeally something like: reason it may be an issue, recommendations for alternatives, conditions where it may not be an issue, etc.21:54
tmcpeaksmcginnis: we have secure development guidelines here:21:54
*** b10n1k has joined #openstack-security21:54
tmcpeaksmcginnis: also in next version we're introducing comprehensive documentation of all plugins21:55
smcginnistmcpeak: Great, thanks!21:56
smcginnistmcpeak: Would be great if bandit would output a code for each type of issue that could be referenced in the guidelines, kind of like hacking check codes.21:56
tmcpeaksmcginnis: it's definitely on our radar :)21:56
tmcpeakI'd expect something like that in the next release or two21:56
smcginnistmcpeak: Sweet.21:57
smcginnisWhile I'm at it, having an html output report like the unit test coverage report would be cool too. :)21:57
tmcpeaksmcginnis: yeah for sure, that should be a fairly easy formatter to generate too21:58
tmcpeaksmcginnis: would you mind adding as a "bug" in Launchpad?21:58
tmcpeakthat's where we track all the things21:58
smcginnistmcpeak: Sure!21:58
tmcpeaksmcginnis: awesome, thank you21:58
smcginnisNice work to all that have worked on bandit. Very happy to see something like that.21:58
brownesmcginnis: check codes is exactly what i'd prefer too21:59
smcginnisbrowne: I could see a lot of benefit in being able to reference specific topics that way.21:59
brownesmcginnis: feel free to open blueprints on these things21:59
*** hyakuhei has quit IRC22:00
*** edmondsw has quit IRC22:00
*** dwyde has quit IRC22:11
*** alex_klimov has quit IRC22:18
openstackgerritBrant Knudson proposed openstack/bandit: Clean up test_config
*** sigmavirus24 is now known as sigmavirus24_awa22:27
*** bknudson has quit IRC22:33
*** voodookid has quit IRC23:09
*** pdesai has quit IRC23:22
*** pdesai has joined #openstack-security23:30
*** sdake has quit IRC23:56

Generated by 2.14.0 by Marius Gedminas - find it at!