Thursday, 2015-12-17

*** tmcpeak has quit IRC00:02
*** bdpayne has joined #openstack-security00:36
*** rcernin has quit IRC00:50
*** bpokorny has quit IRC01:04
*** bpokorny has joined #openstack-security01:05
*** prometheanfire has joined #openstack-security01:07
prometheanfirebandit had a release (tag) but it's not in pypi yet01:08
chair6i noticed that too, prometheanfire.. probably something that tmcpeak will need to check on01:21
*** tjt263 has joined #openstack-security01:22
prometheanfireya, was l looking for him here01:22
prometheanfireI had a user that wanted it two hours after it came out (packaged that is)01:23
prometheanfire bug 568484 in Applications "=dev-python/bandit-0.17.0 version bump" [Normal,Confirmed] - Assigned to prometheanfire01:23
chair6crikey.. demanding users :)01:25
*** bdpayne has quit IRC01:43
*** bpokorny_ has joined #openstack-security02:12
*** browne has quit IRC02:12
*** bpokorny has quit IRC02:16
*** bpokorny_ has quit IRC02:16
*** tmcpeak has joined #openstack-security02:25
*** elo has quit IRC03:01
*** browne has joined #openstack-security03:13
*** evand_ has joined #openstack-security03:20
*** evand has quit IRC03:20
*** evand_ is now known as evand03:20
*** jamielennox is now known as jamielennox|away03:26
*** jamielennox|away is now known as jamielennox03:31
*** dave-mccowan has quit IRC03:34
*** [_Bill_] has joined #openstack-security03:36
*** [_Bill_] has left #openstack-security03:36
openstackgerritMichael Xin proposed openstack/syntribos: Update tox.ini to include venv and add .gitreview
*** tmcpeak has quit IRC04:25
*** bpokorny has joined #openstack-security05:08
*** bpokorny has quit IRC05:49
*** SEXY has joined #openstack-security06:13
SEXYhola q tal06:14
*** SEXY has left #openstack-security06:16
*** shohel has joined #openstack-security06:59
openstackgerritJamie Finnigan proposed openstack/bandit: Remove show_progress_every from Bandit config file
openstackgerritvenkatamahesh proposed openstack/security-doc: Fix rst markups
*** gocrazy has quit IRC07:53
*** browne has quit IRC08:15
*** rcernin has joined #openstack-security08:26
*** rcernin has quit IRC08:40
*** rcernin has joined #openstack-security08:41
*** evand has quit IRC09:10
*** evand has joined #openstack-security09:12
*** evand has quit IRC09:16
openstackgerritMerged openstack/bandit: Add docs for formatters
openstackgerritMerged openstack/anchor: Replace assertEqual(None, *) with assertIsNone in tests
*** salv-orlando has joined #openstack-security09:28
*** evand has joined #openstack-security09:42
*** openstackgerrit has quit IRC09:47
*** openstackgerrit has joined #openstack-security09:47
*** shakamunyi has quit IRC10:20
*** shakamunyi has joined #openstack-security10:21
*** superflyy has quit IRC10:21
*** barra204 has joined #openstack-security10:21
openstackgerritStanislaw Pitucha proposed openstack/anchor: Add spec for CMC + related rfcs
openstackgerritTim Kelsey proposed openstack/bandit: Adding test IDs
*** salv-orlando has quit IRC11:08
*** salv-orlando has joined #openstack-security11:11
*** salv-orlando has quit IRC11:12
*** salv-orlando has joined #openstack-security11:12
*** salv-orl_ has joined #openstack-security11:15
openstackgerritTim Kelsey proposed openstack/bandit: Adding new screen formatter
*** salv-orlando has quit IRC11:18
*** shohel has quit IRC11:32
*** Pic_Sky has joined #openstack-security11:42
openstackgerritTim Kelsey proposed openstack/bandit: Adding new screen formatter
*** evand has quit IRC11:48
*** evand has joined #openstack-security11:57
*** rcernin has quit IRC12:00
*** Pic_Sky has quit IRC12:01
*** evand has quit IRC12:03
*** rcernin has joined #openstack-security12:15
*** evand has joined #openstack-security12:40
*** salv-orl_ has quit IRC13:04
*** salv-orlando has joined #openstack-security13:09
*** dave-mccowan has joined #openstack-security13:09
*** rcernin has quit IRC13:21
*** evand has quit IRC13:22
*** evand has joined #openstack-security13:22
*** evand_ has joined #openstack-security13:30
*** nkinder has quit IRC13:38
*** sigmavirus24_awa is now known as sigmavirus2413:39
*** markvoelker has quit IRC14:21
*** markvoelker has joined #openstack-security14:29
*** dslev has joined #openstack-security15:01
*** evand_ has quit IRC15:02
*** tmcpeak has joined #openstack-security15:19
*** timkennedy has joined #openstack-security15:23
michaelxinhi, guys15:31
michaelxinSorry that our team will not make to today's IRC meeting.15:31
michaelxinWe will have a team out.15:31
tmcpeakmichaelxin: cool, no worries15:32
tmcpeaksee you guys.. new year?15:33
michaelxinyup. It is our holiday party before everyone takes off.15:33
elmikoooh, nice15:33
elmikomichaelxin: have fun!15:34
michaelxinelmiko: Thanks.15:34
michaelxintmcpeak: If the release of the project failed, how can I re-try? Thanks.15:38
tmcpeakmichaelxin: release of the project?15:42
michaelxinTrying to do an initial release for syntribos to pypi.15:43
michaelxinI followed their instructions15:44
michaelxinTo verify that the release machinery works, push a signed tag to the “gerrit” remote. Use the smallest version number possible. If this is the first release, use “0.1.0”. If other releases of the project exist, choose an appropriate next version number15:44
michaelxin$ git tag -s -m "descriptive message" $version15:44
michaelxin$ git push gerrit $version15:44
tmcpeakand it failed?15:44
michaelxinIt failed because of my tox.ini15:45
michaelxinIs there a way to re-try it after fixing tox.ini?15:45
tmcpeakwhich specific step failed though?15:45
michaelxinmissing a defintion in tox.ini15:46
tmcpeakcan you just type the comment "recheck" in gerrit?15:46
michaelxintmcpeak: Will try it.15:50
openstackgerritMichael Xin proposed openstack/syntribos: Update tox.ini to include venv and add .gitreview
*** jhfeng has joined #openstack-security16:04
*** gocrazy has joined #openstack-security16:21
*** bpokorny has joined #openstack-security16:29
prometheanfiretmcpeak: bandit was released but not to pypi?16:31
tmcpeakprometheanfire: it should be on pypi too16:31
tmcpeakprometheanfire: oh crap, interesting16:31
tmcpeakI've got to ask the CI guys about that16:31
tmcpeakthanks for pointing that out16:32
prometheanfirehave fun, thanks :D16:32
*** browne has joined #openstack-security16:38
*** tkelsey has joined #openstack-security16:48
*** tmcpeak has quit IRC16:51
*** hyakuhei has joined #openstack-security17:03
*** salv-orl_ has joined #openstack-security17:15
*** salv-orlando has quit IRC17:18
*** shohel has joined #openstack-security17:22
*** elo has joined #openstack-security17:27
*** jhfeng has quit IRC17:28
*** jhfeng has joined #openstack-security17:30
*** hyakuhei has quit IRC17:48
*** jhfeng has quit IRC17:58
*** browne has quit IRC18:09
chair6i do quite like how the new gerrit makes the in-line comments visible on the main review screen..18:16
sigmavirus24chair6: also related branches are all linked from each review's screen18:16
openstackgerritMerged openstack/bandit: Remove show_progress_every from Bandit config file
*** nkinder has joined #openstack-security18:41
*** browne has joined #openstack-security18:55
*** dslev has quit IRC19:22
*** zul has quit IRC19:25
*** zul has joined #openstack-security19:27
*** c00p3r has quit IRC19:35
*** c00p3r has joined #openstack-security19:38
*** c00p3r has quit IRC19:40
*** c00p3r has joined #openstack-security19:40
*** salv-orl_ has quit IRC20:01
*** hansw_ has joined #openstack-security20:08
hansw_Hi all, anyone able to answer some questions regarding security audits?20:09
hansw_Ok, let's give it a shot. Currently we have a situation with another product. Scanned it with nessus and found issues. We are wondering if there have been larger projects (openstack) where nessus found lots of issues. We are even looking for a system (remote) we might be able to scan to see how openstack holds up.20:15
elmikoi don't think i've heard of anyone using nessus against openstack20:15
elmikodoesn't mean people aren't trying, but i don't think it is on the security project's radar currently20:16
elmikohansw_: i see that nessus is a for-pay product, do they have an open source offering as well?20:17
hansw_I would love to have a go at it, not to break it but to get an idea of how well it is.20:17
elmikoi'll bet the security project would love to hear reports back from anyone who runs nessus against an openstack installation20:18
hansw_Jups, a paid one, I am sure kali would have found simular issues20:18
hansw_I would be able to scan, but only with a written agreement from the owner :-)20:18
elmikoah, ok20:19
elmikomight be worth sending an email to the openstack operators mailing list to see if anyone would be interested in participating20:19
hansw_Might ask someone from Fairbanks in the Netherlands to give permission20:19
elmikootherwise, i suppose you could run it against a devstack installation, but that's hardly got security tuning out of the box20:20
elmikolikewise, you could play with something like the RDO installer to stand up a stack, then run20:20
*** shohel has quit IRC20:20
hansw_Yes, suppose so. But I am looking for an alternative product (preferably opensource). Just need to make a case before I would bring it to manegemant20:21
hansw_damn English, sorry for the mistakes :-)20:21
elmikono worries, you write english quite well =)20:22
elmikoah, ok20:22
elmikoare you trying to convince management to use openstack and need a security audit first?20:22
hansw_Switching 3 times a day between Dutch, English and German20:22
elmikoooph, better than i would do ;)20:23
hansw_That might be the idea yes20:23
elmikowell, i don't think we have any published audits available. it is similar to a topic we have been discussing, namely threat analysis of openstack20:24
hansw_And yes, as a whitehat I would first contact the team, and not bring it out as zero days20:24
elmikoif you are interested, here are our sites that contain most of our information about the security project practices (including vulnerability assessment)20:24
hansw_hmm, might be interesting.20:24
*** markvoelker has quit IRC20:24
elmikonot sure if you've seen those20:25
hansw_Been reading that one this evening, that is why I am here :-)20:25
hansw_Been to some of the openstack meetings too.20:25
elmikoooh nice =)20:25
hansw_The problem was they never discuss security there.20:26
elmikoyea, it's been getting more and more attention over the last year20:26
elmikowe've had a bunch of good security related sessions at the last 2 openstack summits20:26
*** jhfeng has joined #openstack-security20:26
hansw_I will contact the fairbanks people and see if we can make a case there.20:27
elmikosadly, we just had our last meeting for the year, but if you want more engagement we have a security related mailing list you could post questions to, and our next meeting will be in the new year20:27
hansw_I am sure they have enough demo place to setup20:27
elmikok, good luck!20:28
hansw_Thanks for the info, might lurk a bit more in here :-)20:28
elmikoplease do, we are open to the public =)20:28
*** jhfeng has quit IRC20:32
*** timkennedy has quit IRC20:36
*** tkelsey has quit IRC20:36
*** dave-mccowan has quit IRC20:50
*** salv-orl_ has joined #openstack-security21:06
*** tkelsey has joined #openstack-security21:07
*** dave-mccowan has joined #openstack-security21:13
*** dave-mcc_ has joined #openstack-security21:15
*** dave-mccowan has quit IRC21:18
*** markvoelker has joined #openstack-security21:25
*** jhfeng has joined #openstack-security21:27
*** markvoelker has quit IRC21:30
*** browne has quit IRC21:36
*** browne has joined #openstack-security21:41
*** jhfeng has quit IRC21:43
*** hansw_ has quit IRC21:50
*** tmcpeak has joined #openstack-security22:02
openstackgerritTravis McPeak proposed openstack/bandit: Adding Bandit Baseline Tox Target
*** bpokorny_ has joined #openstack-security22:25
*** bpokorny has quit IRC22:28
*** alejandrito has joined #openstack-security22:32
*** markvoelker has joined #openstack-security22:33
*** tjt263 has quit IRC22:37
tmcpeakprometheanfire: it's fixed now :)22:43
prometheanfiretmcpeak: yep, packaged already :p22:43
tmcpeakwow, you're fast22:43
prometheanfiredid it 4 hours ago :P22:44
tmcpeakI guess the fire in your name is deserved22:44
openstackgerritMerged openstack/bandit: Adding Bandit Baseline Tox Target
*** tkelsey has quit IRC22:57
tmcpeaksigmavirus24: you around?23:00
sigmavirus24tmcpeak: totes23:00
sigmavirus24what's up buddy?23:00
tmcpeakthe tox target I just added for Bandit is not doing good things23:00
sigmavirus24In 259202?23:01
tmcpeakit can't find the Bandit config file23:01
tmcpeakso it seems like it isn't installing Bandit properly in the tox environment23:01
tmcpeakthe bandit config file is the bane of my existence23:02
tmcpeakany ideas?23:02
*** tkelsey has joined #openstack-security23:02
*** yuanying has joined #openstack-security23:12
sigmavirus24tmcpeak: I'm looking23:13
sigmavirus24(sorry, trying to also unwedge glance's gate)23:13
tmcpeaksigmavirus24: cool, thanks man23:13
*** tkelsey has quit IRC23:16
*** bpokorny_ has quit IRC23:17
*** bpokorny has joined #openstack-security23:17
*** dave-mcc_ has quit IRC23:23
*** ccneill has joined #openstack-security23:24
sigmavirus24tmcpeak: so there's no etc. directory created in the virtualenv directory23:27
sigmavirus24i wonder23:27
tmcpeakright, there definitely should be though, right?23:27
sigmavirus24well, I think I know what's happening23:28
sigmavirus24I'm just confirm23:28
sigmavirus24tmcpeak: question, why can't a git repo be dirty?23:29
sigmavirus24Yep figured it out23:30
tmcpeaksigmavirus24: because it's changing branches, unstaged changes would be wiped out23:30
* sigmavirus24 will push a review23:30
sigmavirus24tmcpeak: is there a bug?23:30
tmcpeaksigmavirus24: you are awesome23:30
tmcpeaka bug?23:30
sigmavirus24for this work23:30
sigmavirus24or should I push a review sans bug?23:30
prometheanfiresigmavirus24: hi23:30
tmcpeakoh, yeah, should probably file a bug23:30
sigmavirus24prometheanfire: I'm on vacation. Get out of here :P23:31
sigmavirus24prometheanfire: want to build a bug tracker for me?23:31
prometheanfirewho takes 'vacation'23:31
prometheanfireLOL, nope23:31
prometheanfireI don't think we'd be satisfied with anything, too many other systemic problems23:32
sigmavirus24prometheanfire: no I know23:35
prometheanfireI love those meetings, talking in circles...23:36
sigmavirus24tmcpeak: bug#?23:41
tmcpeaksigmavirus24: hang on, I'll file one23:42
openstackLaunchpad bug 1527415 in Bandit "Tox not installing Bandit correctly" [Undecided,New]23:43
openstackgerritIan Cordasco proposed openstack/bandit: Fix codesec tox env
sigmavirus24tmcpeak: ^23:44
*** tjt263 has joined #openstack-security23:44
tmcpeaksigmavirus24: you sir, are a freaking genius23:45
sigmavirus24tmcpeak: no23:45
sigmavirus24not a genius23:45
sigmavirus24just sadly experienced in the ways of python packaging23:45
sigmavirus24and all of its associated pain23:45
tmcpeakit's a good thing somebody is23:46
tmcpeakI have NFI about these things23:46
sigmavirus24And we thought we got spammed severely here,
sigmavirus24quick before github deletes all of those comments23:47
tmcpeak"I need a new organization do you want to be my organization ?"23:50
tmcpeakmy new favorite pickup line23:50
elmikodude, wtf...23:50
sigmavirus24GitHub gets so much spam23:53
elmikoi never realized23:53
openstackgerritMerged openstack/bandit: Fix codesec tox env
*** ccneill has quit IRC23:59

Generated by 2.14.0 by Marius Gedminas - find it at!