Monday, 2015-08-10

*** markvoelker has joined #openstack-security01:39
*** markvoelker has quit IRC01:44
*** tmcpeak has quit IRC02:01
*** alejandrito has joined #openstack-security02:08
*** alejandrito has quit IRC02:37
*** austin_laptop has joined #openstack-security02:52
*** dwyde has joined #openstack-security02:55
*** dwyde has quit IRC02:56
*** markvoelker has joined #openstack-security03:40
*** markvoelker has quit IRC03:45
*** sdake has quit IRC05:01
*** salv-orlando has joined #openstack-security05:41
*** markvoelker has joined #openstack-security05:41
*** markvoelker has quit IRC05:46
*** salv-orlando has quit IRC05:48
openstackgerritStanislaw Pitucha proposed openstack/anchor: Stop mixing IPs and domains
openstackgerritStanislaw Pitucha proposed openstack/anchor: Integrate PyASN1 for certificate operations
*** salv-orlando has joined #openstack-security06:01
*** shohel has joined #openstack-security06:06
*** tjt263 has quit IRC06:15
*** tmoreira has joined #openstack-security07:02
*** tmoreira is now known as tmvieira07:25
*** tmvieira is now known as tmoreira07:26
*** tmoreira is now known as tmoreira|afk07:32
*** Anne-On-A-Moose has joined #openstack-security07:35
*** elo has joined #openstack-security07:38
*** markvoelker has joined #openstack-security07:42
*** markvoelker has quit IRC07:46
Anne-On-A-MooseHi, was wondering if any of you have experience of bad bios?07:52
*** salv-orlando has quit IRC07:54
*** tmoreira|afk is now known as tmoreira07:56
*** shohel has quit IRC08:31
*** shohel1 has joined #openstack-security08:31
*** elo has quit IRC08:59
*** shohel1 has quit IRC09:06
*** shohel has joined #openstack-security09:06
*** tkelsey has joined #openstack-security09:12
*** salv-orlando has joined #openstack-security09:29
*** tmoreira has quit IRC09:42
*** markvoelker has joined #openstack-security09:43
*** markvoelker has quit IRC09:49
*** tmoreira has joined #openstack-security09:53
*** salv-orlando has quit IRC09:58
*** salv-orlando has joined #openstack-security09:58
*** alex_klimov has joined #openstack-security10:11
*** salv-orl_ has joined #openstack-security10:28
*** salv-orlando has quit IRC10:30
*** salv-o___ has joined #openstack-security11:11
*** salv-orl_ has quit IRC11:11
*** sdake has joined #openstack-security11:28
*** jmckind has joined #openstack-security11:29
*** markvoelker has joined #openstack-security11:29
*** jmckind has quit IRC11:30
*** jmckind has joined #openstack-security11:32
*** sdake_ has joined #openstack-security11:32
*** markvoelker has quit IRC11:34
*** sdake has quit IRC11:36
*** jmckind has quit IRC11:36
*** jmckind has joined #openstack-security11:38
*** sdake has joined #openstack-security11:49
*** sdake_ has quit IRC11:52
*** Anne-On-A-Moose has quit IRC11:59
*** dave-mccowan has joined #openstack-security12:01
*** tmoreira has quit IRC12:03
*** markvoelker has joined #openstack-security12:08
*** tmoreira has joined #openstack-security12:08
*** Anne-On-A-Moose has joined #openstack-security12:10
*** tmoreira has quit IRC12:17
*** jmckind has quit IRC12:19
*** salv-o___ has quit IRC12:26
*** salv-orlando has joined #openstack-security12:26
*** edmondsw has joined #openstack-security12:38
*** yaya has joined #openstack-security12:56
*** tjt263 has joined #openstack-security13:01
*** elmiko has joined #openstack-security13:03
*** tmoreira has joined #openstack-security13:05
*** yaya has quit IRC13:14
*** nkinder has joined #openstack-security13:16
*** singlethink has joined #openstack-security13:27
*** salv-orl_ has joined #openstack-security13:28
*** salv-orlando has quit IRC13:31
*** singlethink has quit IRC13:32
*** tmcpeak has joined #openstack-security13:35
*** salv-orl_ has quit IRC13:59
*** tjt263 has quit IRC14:03
*** tkelsey has quit IRC14:08
*** tkelsey has joined #openstack-security14:09
*** yaya has joined #openstack-security14:12
*** voodookid has joined #openstack-security14:18
*** sdake_ has joined #openstack-security14:23
*** sdake has quit IRC14:27
*** sdake has joined #openstack-security14:34
*** yaya has quit IRC14:36
*** sdake_ has quit IRC14:37
*** yaya has joined #openstack-security14:46
*** dave-mcc_ has joined #openstack-security15:00
*** shohel has quit IRC15:00
*** salv-orlando has joined #openstack-security15:01
*** dave-mccowan has quit IRC15:04
*** dave-mccowan has joined #openstack-security15:07
*** dave-mcc_ has quit IRC15:09
*** jmckind has joined #openstack-security15:11
*** dwyde has joined #openstack-security15:14
*** timkennedy has quit IRC15:26
*** shakamunyi has joined #openstack-security15:27
*** bpokorny has joined #openstack-security15:28
*** singlethink has joined #openstack-security15:32
*** jmckind has quit IRC15:40
*** tmoreira has quit IRC15:41
*** singlethink has quit IRC15:44
*** singlethink has joined #openstack-security15:47
*** Dorfen has joined #openstack-security15:50
*** bknudson has joined #openstack-security15:54
*** elo has joined #openstack-security15:56
*** timkennedy has joined #openstack-security15:57
*** browne has joined #openstack-security16:05
*** alex_klimov has quit IRC16:06
*** singlethink has quit IRC16:08
*** singlethink has joined #openstack-security16:13
*** yaya has quit IRC16:28
*** singleth_ has joined #openstack-security16:30
*** yaya has joined #openstack-security16:31
*** singlethink has quit IRC16:33
*** dwyde has quit IRC16:34
openstackgerritMerged openstack/security-doc: Add missing a white space
openstackgerritMerged openstack/security-doc: Update links that point to other documentation guides
openstackgerritMerged openstack/security-doc: Fix list-tables in Object Storage
*** gmurphy has joined #openstack-security16:51
*** pdesai has joined #openstack-security16:56
*** singlethink has joined #openstack-security16:58
elmikohey sec-doc folks =)16:59
pdesaihi elmiko17:00
elmikoDaviey, you around?17:00
elmikohi pdesai , nice work on catching those few extra bugs =)17:00
pdesaisure :)17:01
*** singleth_ has quit IRC17:01
elmikohey Daviey17:01
elmikook, so let's get rolling17:01
Davieyelmiko: o/17:01
elmikolooks like all the medium bugs have been addressed and merged17:01
pdesaithere is one on block storage i guess17:01
elmikowe've also had a few other bugs fixed which were deployed into rst and xml17:01
elmikopdesai, line# ?17:01
pdesai  Empty (original has 2 paragarphs and a note) (medium) - I see data in the file, so waiting for the below to run checkbuild to validate17:02
pdesaii am not sure what the status is17:02
elmikooh, good call. (missed that one)17:02
elmikohmm, i'm not familiar with this one.17:02
pdesaime neither17:03
elmikoshould the 2 paras from the original be ported to the rst?17:03
pdesaii see the two paras from original in rst17:04
elmikoah, ok17:04
*** sdake_ has joined #openstack-security17:04
elmikothis might be a sicarie question then17:04
pdesaimay be, but looks like there is no outstanding bugs left then17:05
elmikook, yea17:05
*** Anne-On-A-Moose has quit IRC17:05
elmikothe next question will be, should we move out of freeze on the rst and are we in a position to freeze out new work on the docbook?17:05
elmikoDaviey, did the sidebar changes get merged yet?17:06
Davieyelmiko: yes17:06
pdesaiwhat is the chage request?17:06
pdesaioh nice17:06
Davieyelmiko: just waiting for the theme to cut a release17:07
Davieyi will chase this tonorrow17:07
elmikoah ok, still waiting on that then. cool, thanks!17:07
elmikoit sounds like we will be on track to switch over when sicarie gets back17:07
*** sdake has quit IRC17:07
elmikoi suppose we could take a few more of the smaller bugs in the etherpad just to fill things out while awaiting our fearless leader's return17:08
elmikoother than that, i'm not aware of other issues.17:08
elmiko(although there are some old bugs that need addressing)17:09
elmikoeither of you have any issues to bring up?17:09
pdesaiand we need to address two things, after we lift a freeze, (1) getting rid of warning on rst (2)17:09
Davieydo we have a hit list?17:10
pdesai(2) moving away from draft on docs site17:10
elmikothe etherpad has a bunch of low-level stuff that we agreed didn't need to be done before the switch over17:10
elmikopdesai, maybe we should focus on hunting warnings this next week then?17:11
pdesaiyup sounds good17:11
*** jamielennox is now known as jamielennox|away17:11
*** dwyde has joined #openstack-security17:11
elmikoDaviey, not really a hit list, more a low prio trashcan fire list lol17:11
elmikobut i guess, if folks have time, take a look at the warnings generated from the rst build and put up some patches to fix them =)17:12
elmikomaybe we can dump all the warnings into the etherpad just to help coordinate on fixing them?17:12
pdesaiyup that would help17:13
elmikoof course, now that i say that i'm not getting any lol17:13
DavieyConsidering how many times i have built RST locally.. you'd think i'd have noticed we had SOME warnings.. but i don't remember seeing any!17:13
pdesaielmiko, lets talk more then :)17:14
*** sdake_ is now known as sdake17:14
elmikopdesai, are these warnings coming out of the niceness checks?17:14
pdesaii havent seen any warnings17:15
pdesaii generally run tox -e docs17:15
elmikook, until we find warnings, let's focus on getting more of the low/very low bugs out of the way17:15
Davieypdesai: Ah, same here.. might explain why we have been excused the warnings17:16
elmikojust grab some out of the etherpad and post links to reviews, i'll go through and keep them updated17:16
*** salv-orlando has quit IRC17:16
pdesaiyup sounds good17:16
elmikoi just re-ran tox against a fresh build and didn't see any warnings, so let's just move on till we find them =)17:16
elmikosounds good then17:17
pdesaii checked one of the latest review request and did nto find any warnings, niceness or deletions17:17
elmikoi don't have any other topics17:18
Davieyshall we go home?17:18
elmikoi think so17:18
elmikounless pdesai has something?17:18
pdesainope nothing from myside, waiting for the freeze lift :)17:18
Davieypdesai: I don't think you need to wait on content for the freeze lift...17:19
*** Anne-On-A-Moose has joined #openstack-security17:19
DavieyI *think* we agreed that landing stuff soley in RST was acceptable now.. just not expecting it in prod yet17:19
pdesaioh awesome, didnt catch that17:20
elmikoi don't have an issue accepting reviews for new material to rst only17:20
elmikowe are close enough that i imagine the switch over will happen next week when sicarie is back17:20
elmikoso, makes sense imo to start reviewing new content17:20
elmikoi can confirm with the docs team though just to make sure before we start merging17:21
Davieyelmiko: What needs confirming?17:21
elmikoDaviey, i just want to make sure we're not missing some detail that i'm not aware of17:22
elmikomainly because sicarie has been more involved with the rst conversion efforts upstream17:22
*** Anne-On-A-Moose has left #openstack-security17:22
elmikootherwise i'd say we could probably switch over to rst =)17:23
DavieyWell.. i just checked, and the release notes have now been merged for openstacksdocstheme.. so it really is just blocked on someone cutting a release of the theme17:24
DavieySo i'm guessing that will happen today/tomorrow17:24
elmikoDaviey, where to check for when that is released?17:24
Davieyelmiko: i guess pypi or the openstack-docs ML17:25
elmikoack, thanks17:26
*** dave-mccowan has quit IRC17:26
Davieyelmiko: Worth looking at ?17:26
DavieyIt renames sections.. but does it in the old and new world17:26
*** yaya has quit IRC17:26
elmikohmm, looks like andreas gave it +A17:27
elmikoi also gave some +A to older changes that fixed rst and xml17:27
elmikobut going forward i think we can start to work on just rst17:27
elmikoi don't think it's a big issue to fix the xml stuff along with the rst stuff, but we should stop doing it soon(TM)17:28
elmikoonce the theme stuff lands we will be in a good position to really cut over and stop accepting xml changes17:29
elmikoagain though, i'd like to sync up with the doc team just make sure we're not moving too fast or over-stepping some boundary i'm not aware of17:30
elmikodoes that make sense?17:30
DavieyDD"Move fast and break stuff" -- somefoo17:30
elmikook, then, we're over time. thanks pdesai and Daviey17:31
*** sdake_ has joined #openstack-security17:32
Davieythanks elmiko17:32
tmcpeakDaviey: thanks for taking over that change17:32
tmcpeaklooks good17:32
pdesaithanks guys17:32
openstackgerritMerged openstack/security-doc: Renamed Future section and added domain information
*** yaya has joined #openstack-security17:35
*** sdake has quit IRC17:35
Davieyelmiko: Actually, this change triggers a release when it is merged -
elmikoDaviey, oh, very nice!17:37
tmcpeakbknudson: nice!!17:43
tmcpeak(on your testing stuff)17:43
*** austin_laptop has quit IRC17:48
*** dave-mccowan has joined #openstack-security17:56
*** pdesai has quit IRC17:58
*** dave-mcc_ has joined #openstack-security17:58
*** dave-mccowan has quit IRC18:01
*** salv-orlando has joined #openstack-security18:10
*** salv-orlando has quit IRC18:22
*** salv-orlando has joined #openstack-security18:31
*** yaya has quit IRC18:32
*** sdake_ is now known as sdake18:35
*** yaya has joined #openstack-security18:40
*** yaya_ has joined #openstack-security18:42
*** yaya has quit IRC18:44
*** yaya_ is now known as yaya18:44
*** dave-mcc_ has quit IRC18:55
*** austin_laptop has joined #openstack-security19:06
*** dave-mccowan has joined #openstack-security19:07
*** austin_laptop has quit IRC19:07
*** browne has quit IRC19:18
*** austin_laptop has joined #openstack-security19:23
*** sdake_ has joined #openstack-security19:29
*** sdake has quit IRC19:33
*** dwyde has quit IRC19:34
*** JAHoagie has joined #openstack-security19:35
*** sdake has joined #openstack-security19:35
*** dwyde has joined #openstack-security19:37
*** sdake_ has quit IRC19:38
*** jhfeng has joined #openstack-security19:50
*** yaya has quit IRC19:56
*** salv-orlando has quit IRC19:57
*** bpokorny has quit IRC20:01
*** salv-orlando has joined #openstack-security20:02
*** yaya has joined #openstack-security20:02
*** yaya has quit IRC20:04
*** b10n1k has joined #openstack-security20:07
*** yaya has joined #openstack-security20:08
*** browne has joined #openstack-security20:14
*** tkelsey has quit IRC20:19
*** alex_klimov has joined #openstack-security20:26
*** elo1 has joined #openstack-security20:27
*** elo has quit IRC20:29
*** elo1 has quit IRC20:35
*** singleth_ has joined #openstack-security20:55
*** singlethink has quit IRC20:57
*** wverdugo500 has joined #openstack-security20:58
austin_laptopbandit is warning for chmod 755; this is for a python project that packs system images into a tarball, its pretty common to need to chmod 755, is this warning really necessary (or really a medium severity?)20:59
*** yaya has quit IRC21:00
*** elo has joined #openstack-security21:01
*** tkelsey has joined #openstack-security21:12
*** b10n1k has quit IRC21:15
*** tkelsey has quit IRC21:16
*** b10n1k has joined #openstack-security21:18
*** JAHoagie has quit IRC21:21
*** elo has quit IRC21:23
tmcpeakaustin_laptop: the reason it's warning is because it's world readable21:31
tmcpeakthat's generally a bad idea21:31
tmcpeakif it's really not an issue in this case we have the "#nosec" tag which indicates a human has looked at it and deemed that it isn't a security risk that you are creating that file world readable21:32
austin_laptoptmcpeak, okay, thanks21:36
*** JAHoagie has joined #openstack-security21:36
tmcpeakaustin_laptop: sure21:37
*** b10n1k has quit IRC21:39
*** yaya has joined #openstack-security21:43
*** yaya has quit IRC22:00
*** nkinder has quit IRC22:01
*** sdake has quit IRC22:01
*** nkinder has joined #openstack-security22:04
*** nkinder has quit IRC22:09
*** nkinder has joined #openstack-security22:11
*** austin_laptop has quit IRC22:21
*** austin_laptop has joined #openstack-security22:22
*** edmondsw has quit IRC22:25
*** dwyde has quit IRC22:27
*** salv-orl_ has joined #openstack-security22:31
*** salv-orlando has quit IRC22:33
Davieyaustin_laptop: Sure you need *7*55?22:36
Davieyaustin_laptop: Wouldn't 644 be more suitable?22:36
Daviey(and this is what the bandit check does.. make you think about it :)22:37
austin_laptopDaviey, for something like /dev, no22:37
austin_laptopDaviey, sure :)22:37
DavieyAh, i see22:37
austin_laptopI had missed the #nosec when I originally read the README22:38
*** jamielennox|away is now known as jamielennox22:38
austin_laptopso solved now, thanks for the quick replies :)22:38
Davieyaustin_laptop: You can create a profile excluding this test.. but it is pretty cheap to add #nosec IMO22:38
austin_laptopDaviey, yeah, I passed that along to the maintainer of that codebase. It's a small enough issue that it's easier to annotate than blindly disable all22:39
DavieyAnd by adding #nosec to git, you are adding an audit log of your analysis :)22:39
austin_laptopDaviey, though I was curious of the format for doing that22:39
austin_laptopI could only find the default bandit.yaml, wasn't sure how to blacklist that call (for testing)22:39
DavieyIn the latest release the sample bandit.yaml contains a Profile for ALL.. which you can use as a reference22:40
*** singleth_ has quit IRC22:42
*** alex_klimov has quit IRC22:54
*** yaya has joined #openstack-security23:00
*** yaya has quit IRC23:07
*** voodookid has quit IRC23:18
*** sdake has joined #openstack-security23:31
*** jhfeng has quit IRC23:33
*** sdake has quit IRC23:53
*** sdake has joined #openstack-security23:56
*** viraptor has joined #openstack-security23:58

Generated by 2.14.0 by Marius Gedminas - find it at!