Tuesday, 2015-08-25

« Monday, 2015-08-24 Index Wednesday, 2015-08-26 »
*** salv-orl_ has quit IRC00:00
*** daniel1 has joined #openstack-security00:11
*** daniel1 has quit IRC00:11
*** jbasalone has quit IRC00:12
*** jbasalone has joined #openstack-security00:15
*** jbasalone has quit IRC00:28
*** zul has joined #openstack-security00:34
*** sdake_ has quit IRC00:52
*** salv-orlando has joined #openstack-security01:00
*** browne has quit IRC01:07
*** Guest48525 has joined #openstack-security01:12
Guest48525hola01:13
*** Guest48525 has left #openstack-security01:13
*** salv-orlando has quit IRC01:30
*** salv-orlando has joined #openstack-security01:31
*** jhfeng has joined #openstack-security01:34
*** asd112z has joined #openstack-security01:35
*** salv-orlando has quit IRC01:36
*** dave-mccowan has quit IRC01:56
*** elo1 has quit IRC01:59
*** tmcpeak has quit IRC02:23
*** tkelsey has joined #openstack-security02:36
*** tkelsey has quit IRC02:40
*** browne has joined #openstack-security02:49
*** sdake has joined #openstack-security03:22
*** asd112z has quit IRC03:31
*** jhfeng has quit IRC03:34
*** jbasalone has joined #openstack-security03:44
*** elo1 has joined #openstack-security03:47
*** elo2 has joined #openstack-security03:49
*** elo1 has quit IRC03:52
*** sdake_ has joined #openstack-security04:06
*** sdake has quit IRC04:10
*** jbasalone has quit IRC04:18
*** sdake_ is now known as sdake04:18
*** _blue has joined #openstack-security04:20
*** _blue has left #openstack-security04:25
*** asd112z has joined #openstack-security05:32
*** asd112z has quit IRC05:51
*** serverascode has quit IRC06:12
*** serverascode has joined #openstack-security06:15
*** yuanying has quit IRC06:25
*** quie has joined #openstack-security06:35
*** b10n1k_ has joined #openstack-security06:39
*** quie has quit IRC06:39
*** quie has joined #openstack-security06:41
*** b10n1k_ has quit IRC06:44
*** yuanying has joined #openstack-security06:44
*** quie has quit IRC06:49
*** elo2 has quit IRC07:03
*** tkelsey has joined #openstack-security07:04
*** tkelsey has quit IRC07:08
*** browne has quit IRC07:21
*** salv-orlando has joined #openstack-security07:47
*** tkelsey has joined #openstack-security07:47
*** alex_klimov has joined #openstack-security07:54
*** asd112z has joined #openstack-security08:03
*** shohel has joined #openstack-security08:04
*** shohel has quit IRC08:04
*** asd112z has quit IRC08:08
*** alex_klimov has quit IRC08:40
*** alex_klimov has joined #openstack-security08:52
*** tjt263 has quit IRC09:25
*** tjt263 has joined #openstack-security09:26
*** tjt263 has quit IRC09:31
*** tjt263 has joined #openstack-security09:32
*** salv-orlando has quit IRC10:20
*** dave-mcc_ has joined #openstack-security10:23
*** salv-orlando has joined #openstack-security10:43
*** asd112z has joined #openstack-security11:03
*** asd112z has quit IRC11:08
*** shohel has joined #openstack-security11:27
*** shohel has quit IRC11:43
*** shohel has joined #openstack-security11:57
*** tkelsey has quit IRC11:57
*** singlethink has joined #openstack-security12:22
*** edmondsw has joined #openstack-security12:36
*** sigmavirus24_awa is now known as sigmavirus2413:00
*** tmcpeak has joined #openstack-security13:02
*** browne has joined #openstack-security13:10
openstackgerritMerged openstack/security-doc: Corrected security group documentation  https://review.openstack.org/20280113:15
*** singlethink has quit IRC13:30
*** bapalm has quit IRC13:44
*** mpmsimo has joined #openstack-security13:49
*** yaya has joined #openstack-security14:12
*** mpmsimo has quit IRC14:15
*** y_sawai has joined #openstack-security14:24
*** bknudson has joined #openstack-security14:28
*** jian5397 has joined #openstack-security14:29
*** asd112z has joined #openstack-security14:32
*** asd112z has quit IRC14:33
*** asd112z has joined #openstack-security14:33
*** asd112z has quit IRC14:34
*** asd112z has joined #openstack-security14:34
*** voodookid has joined #openstack-security14:34
*** yaya has quit IRC14:38
jelle16:42:08           * | jelle asked his indian collegues for good dishes but they are all vegetarian                                                                               │14:42
jellewoops14:42
sigmavirus24lol jelle14:42
*** yaya has joined #openstack-security14:43
elmikothere are some great vegetarian indian dishes14:43
jelleelmiko: probably :)14:43
elmiko=)14:44
sigmavirus24there are very good ones14:45
sigmavirus24there are also good ¬vegetarian ones14:45
elmikotrue14:45
sigmavirus24There are really good vegan korean dishes, and good ones that are ¬vegan14:46
jellewell they must have good vegetarian dishes, if they only eat vegetarian :)14:46
elmikothere's just some great indian good regardless14:46
sigmavirus24Yep14:46
elmiko*food14:46
elmikovegan korean dishes?14:46
sigmavirus24Went to a really good korean restaurant this weekend with a vegan friend and it was delicious14:46
elmikonice14:46
elmiko<3 korean food14:46
elmikoof course, i <3 indian food too lol14:47
* sigmavirus24 <3s food14:59
elmikohehe14:59
elmikowhat is the security group policy on debug logs, i know this has come up before but i'm blanking on it now14:59
elmikoi think i've found another situation where tokens are being leaked through debug logs15:00
sigmavirus24I think "not a big problem, but would be better if it didn't" is what I remember15:03
sigmavirus24but I could be wrong15:04
sigmavirus24The idea being that no one would/should use `debug = true` in prod15:04
sigmavirus24(I take it whoever came up with that has never deployed openstack in productiono =P)15:04
elmikoyea, i remember this came up on an ossn i worked on and we thought about issuing a blanket statement about debug mode. iirc we decided not to so that issues didn't get glossed over.15:05
*** dave-mcc_ has quit IRC15:12
sigmavirus24fair15:14
*** jian5397 has quit IRC15:17
*** dwyde has joined #openstack-security15:19
*** jian5397 has joined #openstack-security15:22
elmikois there a doc somewhere about addressing security bugs, do we need to submit a patch on the bug report?15:25
*** dave-mcc_ has joined #openstack-security15:26
elmikoah, found it15:34
*** yaya has quit IRC15:57
*** jian5397 has quit IRC15:58
*** yaya has joined #openstack-security16:04
*** alex_klimov has quit IRC16:12
*** elo1 has joined #openstack-security16:31
*** dwyde has quit IRC16:49
*** shohel has quit IRC17:10
*** elo2 has joined #openstack-security17:11
*** elo1 has quit IRC17:15
*** elo1 has joined #openstack-security17:17
*** elo2 has quit IRC17:17
openstackgerritAndreas Jaeger proposed openstack/security-doc: Fix URLs  https://review.openstack.org/21680417:21
*** dwyde has joined #openstack-security17:22
*** yaya has quit IRC17:24
*** elo2 has joined #openstack-security17:30
*** elo1 has quit IRC17:32
*** yaya has joined #openstack-security17:55
*** singlethink has joined #openstack-security17:57
openstackgerritvenkatamahesh proposed openstack/security-doc: Link for OpenStack VMT is updated  https://review.openstack.org/21682418:01
*** browne has quit IRC18:06
*** paola has joined #openstack-security18:10
*** paola has left #openstack-security18:11
*** _sigmavirus24 has joined #openstack-security18:17
*** tjt263 has quit IRC18:17
*** sigmavirus24 has quit IRC18:17
*** _sigmavirus24 is now known as sigmavirus2418:20
*** sigmavirus24 has joined #openstack-security18:20
*** b10n1k_ has joined #openstack-security18:22
*** yaya has quit IRC18:24
*** sdake_ has joined #openstack-security18:25
*** juzo has joined #openstack-security18:28
juzohola18:28
*** sdake has quit IRC18:29
*** juzo has left #openstack-security18:33
*** timkennedy has joined #openstack-security18:35
tmcpeak:( I probably encouraged this18:45
tmcpeak^18:45
*** yaya has joined #openstack-security18:45
elmikohaha18:46
elmikodude, didn't you know that #openstack-security is *the* place to be for spanish language irc?18:47
tmcpeakapparently18:48
elmikono no, aparentemente18:48
elmikowe are gonna be so ready for summit in barcelona =)18:49
tmcpeaklol18:51
*** sdake_ is now known as sdake18:54
*** sdake_ has joined #openstack-security19:15
*** jian5397 has joined #openstack-security19:15
*** y_sawai_ has joined #openstack-security19:17
*** sdake has quit IRC19:18
*** y_sawai has quit IRC19:20
*** elo2 has quit IRC19:21
*** sdake_ is now known as sdake19:23
*** tjt263 has joined #openstack-security19:27
*** jian5397 has quit IRC19:30
sigmavirus24LOL19:31
elmikotmcpeak: do you know what the next step for this bug is? https://bugs.launchpad.net/sahara/+bug/148855919:32
openstackelmiko: Error: malone bug 1488559 not found19:32
* tmcpeak looking19:32
elmikothanks19:33
tmcpeakis it private?19:33
elmikooh yea, whoops19:33
elmikoi don't think i should have made it private19:33
elmikook, added you to it19:34
tmcpeakok checking19:34
elmikoi should probably make this public security19:34
tmcpeakgood find19:36
elmikothanks, i'm just not sure how to apply the patch at this point19:36
elmikodo i just make a regular review?19:36
tmcpeakyeah I think so19:37
tmcpeakif it's public you can19:37
elmikowell, it's still private security, but the sahara ptl is cool with the patch i posted in the bug19:37
tmcpeakI'd keep it private for now19:37
elmikook19:37
elmikoand at some point we make it public security, then release the patch through gerrit?19:38
tmcpeakso I guess you'll want to propose patches for the other branches too?19:38
tmcpeakJuno/Kilo etc19:38
elmikogood point19:38
elmikogotta double check the other branches, i'm not sure when this got introduced19:38
tmcpeakI think once all the patches are ready to go you make it public, I'm not sure though19:39
tmcpeakgmurphy: ^19:39
elmikoyea, i'm a little fuzzy on the details of how this works19:40
openstackgerritMerged openstack/security-doc: Fix URLs  https://review.openstack.org/21680419:51
gmurphyelmiko: the process that we follow is outlined here - https://security.openstack.org/vmt-process.html19:52
elmikogmurphy: thanks, i'll study up ;)19:54
gmurphyhowever in this instance we typically classify that type of bug as c1, or d meaning we typically don't issue an advisory for it.19:54
gmurphyso in those cases we open and fix as normal generally.19:54
elmikothat makes sense, i know this has come up a bunch recently19:54
elmikook, cool. i'll prepare the patches and when it goes public i'll send then through the review process19:55
*** browne has joined #openstack-security20:05
*** y_sawai_ has quit IRC20:56
*** dave-mcc_ has quit IRC21:21
*** singlethink has quit IRC21:26
*** yaya has quit IRC21:30
*** singlethink has joined #openstack-security21:33
*** bknudson has quit IRC21:42
*** sdake_ has joined #openstack-security21:45
*** sdake has quit IRC21:48
*** edmondsw has quit IRC21:58
*** sdake_ is now known as sdake22:01
*** singlethink has quit IRC22:21
*** sdake_ has joined #openstack-security22:21
*** sdake has quit IRC22:24
*** sdake_ is now known as sdake22:24
openstackgerritJamie Finnigan proposed openstack/bandit: Add basic metric generation and associated tests  https://review.openstack.org/21688522:24
*** singlethink has joined #openstack-security22:28
openstackgerritJamie Finnigan proposed openstack/bandit: Add basic metric generation and associated tests  https://review.openstack.org/21688522:30
*** singlethink has quit IRC22:32
*** dwyde has left #openstack-security22:54
*** asd112z has quit IRC22:59
*** voodookid has quit IRC23:06
*** bitblt has joined #openstack-security23:28
*** bitblt has quit IRC23:28
*** misc has quit IRC23:33
*** misc has joined #openstack-security23:34
*** profor has joined #openstack-security23:44
*** dave-mccowan has joined #openstack-security23:49
« Monday, 2015-08-24 Index Wednesday, 2015-08-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!