Monday, 2016-01-04

« Sunday, 2016-01-03 Index Tuesday, 2016-01-05 »
*** winterIsLeaving has quit IRC00:02
openstackgerritStanislaw Pitucha proposed openstack/bandit: Fix detached head baseline  https://review.openstack.org/26307200:04
*** salv-orl_ has joined #openstack-security00:06
*** salv-orlando has quit IRC00:09
*** markvoelker has joined #openstack-security00:12
openstackgerritStanislaw Pitucha proposed openstack/bandit: Fix output encoding in baseline  https://review.openstack.org/26307400:26
openstackgerritStanislaw Pitucha proposed openstack/bandit: Display nice error when profile is not found  https://review.openstack.org/26307700:49
openstackgerritStanislaw Pitucha proposed openstack/bandit: Display nice error when profile is not found  https://review.openstack.org/26307701:10
*** salv-orl_ has quit IRC01:11
*** salv-orlando has joined #openstack-security01:12
openstackgerritStanislaw Pitucha proposed openstack/bandit: Use binary mode when reading files  https://review.openstack.org/26309202:43
openstackgerritStanislaw Pitucha proposed openstack/bandit: Split lines only once per file  https://review.openstack.org/26309402:52
openstackgerritStanislaw Pitucha proposed openstack/bandit: Faster loc  https://review.openstack.org/26309502:58
openstackgerritStanislaw Pitucha proposed openstack/bandit: Correct code output on python3  https://review.openstack.org/26310103:37
openstackgerritStanislaw Pitucha proposed openstack/bandit: Fix comment about value returned  https://review.openstack.org/26311004:39
*** shohel has joined #openstack-security04:39
*** salv-orl_ has joined #openstack-security05:07
*** salv-orlando has quit IRC05:07
openstackgerritStanislaw Pitucha proposed openstack/bandit: Use == for str comparison  https://review.openstack.org/26311705:21
*** winterIsLeaving has joined #openstack-security05:26
*** winterIsLeaving has quit IRC05:35
*** markvoelker has quit IRC05:39
openstackgerritStanislaw Pitucha proposed openstack/bandit: WIP: precise #nosec placement  https://review.openstack.org/26312205:53
openstackgerritStanislaw Pitucha proposed openstack/bandit: Split lines only once per file  https://review.openstack.org/26309405:59
*** salv-orlando has joined #openstack-security06:06
*** salv-orl_ has quit IRC06:09
*** markvoelker has joined #openstack-security06:40
*** markvoelker has quit IRC06:45
*** winterIsLeaving has joined #openstack-security06:47
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26315006:51
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26315007:04
*** winterIsLeaving has quit IRC07:05
*** shohel has quit IRC07:14
*** Mainus has joined #openstack-security07:32
*** salv-orlando has quit IRC07:34
*** salv-orlando has joined #openstack-security07:35
*** Mainus has quit IRC07:37
*** salv-orlando has quit IRC07:42
*** salv-orlando has joined #openstack-security07:42
*** Mainus has joined #openstack-security07:43
*** Mainus has quit IRC07:46
openstackgerritMerged openstack/bandit: Fix detached head baseline  https://review.openstack.org/26307208:14
openstackgerritMerged openstack/bandit: Fix comment about value returned  https://review.openstack.org/26311008:15
openstackgerritEric Brown proposed openstack/bandit: Replace logger.warn with logger.warning  https://review.openstack.org/26305908:17
openstackgerritEric Brown proposed openstack/bandit: use six.moves.builtins in python3  https://review.openstack.org/26249708:17
*** salv-orlando has quit IRC08:34
*** salv-orlando has joined #openstack-security08:35
*** liverpooler has joined #openstack-security08:36
*** Crysty has joined #openstack-security08:38
*** shohel has joined #openstack-security08:39
CrystyHy08:39
openstackgerritStanislaw Pitucha proposed openstack/bandit: Use binary mode when reading files  https://review.openstack.org/26309208:41
*** markvoelker has joined #openstack-security08:41
*** Crysty has quit IRC08:43
*** markvoelker has quit IRC08:45
*** agireud has quit IRC08:51
*** agireud has joined #openstack-security09:31
*** agireud has quit IRC09:39
*** agireud has joined #openstack-security09:47
*** goodygum has joined #openstack-security09:50
*** openstackgerrit has quit IRC10:02
*** openstackgerrit has joined #openstack-security10:02
*** markvoelker has joined #openstack-security10:42
*** markvoelker has quit IRC10:46
*** shohel has quit IRC11:55
*** salv-orl_ has joined #openstack-security12:06
*** salv-orl_ has quit IRC12:07
*** salv-orl_ has joined #openstack-security12:07
*** salv-orlando has quit IRC12:09
*** markvoelker has joined #openstack-security12:12
*** markvoelker has quit IRC12:17
*** zul has quit IRC12:47
*** zul has joined #openstack-security12:47
*** markvoelker has joined #openstack-security12:55
*** dave-mccowan has joined #openstack-security13:08
*** salv-orl_ has quit IRC13:13
*** salv-orlando has joined #openstack-security13:14
*** edmondsw has joined #openstack-security13:20
*** elmiko has joined #openstack-security13:28
openstackgerritTim Kelsey proposed openstack/bandit: Putting plugin config in code  https://review.openstack.org/26328214:23
*** sigmavirus24_awa is now known as sigmavirus2415:01
*** timkennedy has joined #openstack-security15:14
*** shakamunyi has quit IRC15:15
*** barra204 has quit IRC15:15
*** tmcpeak has joined #openstack-security15:28
*** shakamunyi has joined #openstack-security15:29
*** timkennedy1 has joined #openstack-security15:31
*** nkinder has joined #openstack-security15:31
*** timkennedy has quit IRC15:33
*** timkennedy has joined #openstack-security15:37
*** timkennedy2 has joined #openstack-security15:38
*** shohel has joined #openstack-security15:39
*** timkennedy1 has quit IRC15:40
*** timkennedy1 has joined #openstack-security15:41
*** timkennedy has quit IRC15:42
*** timkennedy2 has quit IRC15:43
*** liverpooler has quit IRC16:07
openstackgerritMerged openstack/bandit: Correct code output on python3  https://review.openstack.org/26310116:10
openstackgerritMerged openstack/bandit: Fix output encoding in baseline  https://review.openstack.org/26307416:14
*** ccneill has joined #openstack-security16:35
openstackgerritMerged openstack/bandit: Display nice error when profile is not found  https://review.openstack.org/26307716:37
*** michaelx- has quit IRC16:39
*** timkennedy has joined #openstack-security16:43
sigmavirus24So sad it couldn't have been an angry error ^16:45
*** timkennedy1 has quit IRC16:47
elmikolol16:50
*** barra204 has joined #openstack-security16:51
*** shakamunyi has quit IRC16:51
tmcpeakwe used to have an angry error16:52
tmcpeakI'm sure we'll get more, don't worry16:52
openstackgerritMichael Dong proposed openstack/syntribos: Test runner and test result class now use Issues  https://review.openstack.org/25687817:03
*** timkennedy1 has joined #openstack-security17:09
*** timkennedy has quit IRC17:12
openstackgerritMerged openstack/bandit: Use binary mode when reading files  https://review.openstack.org/26309217:15
*** ccneill has quit IRC17:24
*** ccneill has joined #openstack-security17:25
*** salv-orl_ has joined #openstack-security18:06
*** salv-orl_ has quit IRC18:06
*** salv-orl_ has joined #openstack-security18:07
*** salv-orlando has quit IRC18:08
*** openstackgerrit has quit IRC18:32
*** openstackgerrit has joined #openstack-security18:32
*** bpokorny has joined #openstack-security18:43
openstackgerritMerged openstack/bandit: Use == for str comparison  https://review.openstack.org/26311719:14
*** ccneill has quit IRC19:23
openstackgerritMerged openstack/bandit: Replace logger.warn with logger.warning  https://review.openstack.org/26305919:24
*** browne has joined #openstack-security19:25
*** winterIsLeaving has joined #openstack-security19:28
openstackgerritTravis McPeak proposed openstack/bandit: TEST BANDIT GATE - DO NOT MERGE  https://review.openstack.org/26340119:30
*** ccneill has joined #openstack-security19:33
openstackgerritMerged openstack/bandit: use six.moves.builtins in python3  https://review.openstack.org/26249719:45
*** shohel has quit IRC19:49
openstackgerritTravis McPeak proposed openstack/bandit: TEST BANDIT GATE - DO NOT MERGE  https://review.openstack.org/26340119:52
*** winterIsLeaving has quit IRC20:03
tmcpeakelmiko: how you feel about Bandit baseline gate for Sahara?21:30
elmikotmcpeak: i haven't played with it enough yet, but i think once we get green on the bandit test we should probably start using it21:30
tmcpeakwe need a guinea pig, ermmm, target, ermm, beta customer, ermmm… one of those but less negative connotations ;)21:30
elmikohaha21:31
elmikowe could certainly start using it as a test, our gate is non-voting21:31
tmcpeakwe've got one for Bandit itself already21:31
tmcpeakwell, in this case you'd put it as part of your voting flake8 tests21:31
elmikobut i have been trying to get the sahara code base cleaned up so that we get green on that gate21:31
elmikoah, interesting21:31
tmcpeakwe don't need green anymore21:31
tmcpeakit would just make sure new issues aren't introduced21:31
elmikoyea21:32
elmikoi will bring it up at our next team meeting and see what the group thinks21:32
tmcpeakok cool, sounds good21:32
elmikosadly, i don't think i will be able to make it to the midcycle =(21:33
tmcpeakelmiko: bummer!21:34
tmcpeakwe're going to miss you man21:34
elmikoyea, i'm bummed too. i thought it was really productive in seattle :/21:35
elmikonot to mention fun ;)21:36
openstackgerritStanislaw Pitucha proposed openstack/bandit: Faster loc  https://review.openstack.org/26309521:39
openstackgerritStanislaw Pitucha proposed openstack/bandit: Split lines only once per file  https://review.openstack.org/26309421:39
*** timkennedy1 has quit IRC21:49
openstackgerritMerged openstack/bandit: Faster loc  https://review.openstack.org/26309522:06
openstackgerritMerged openstack/bandit: Split lines only once per file  https://review.openstack.org/26309422:14
*** salv-orl_ has quit IRC22:15
*** edmondsw has quit IRC23:17
*** avarner has joined #openstack-security23:40
avarnerHi, does anyone have information about the bandit refactoring?23:40
chair6hi avarner .. the spec for it is at https://github.com/openstack/security-specs/blob/master/specs/mikata/bandit/config-change.rst23:44
chair6but essentially, we're working on a) removing the need for a configuration file and b) making it easier for projects to adopt bandit as a gate23:45
chair6a) is addressed by the spec above, and b) is addressed by the recent work around bandit-baseline which is worth a look23:45
avarnerchair6, thanks23:45
chair6tmcpeak or tkelsey are doing most of the work and could tell you more.. :)23:45
tmcpeakyo23:46
tmcpeakavarner: which part in particular are you curious about?23:46
chair6work is underway, there is at least one active review on the config stuff, and with the security midcycle next week there should be some good progress23:46
tmcpeak++23:46
avarnertmcpeak, I couldn't find any info about it, so that link should be enough23:46
*** sigmavirus24 is now known as sigmavirus24_awa23:46
avarnerI'm working on adding bandit to glance_store right now, but I'll maybe wait until this refactor is done23:47
tmcpeakavarner: ok cool, yeah basically what chair6 said - projects have expressed the config file as a pain point, so we're aiming to get rid of it23:47
avarnerhttps://review.openstack.org/#/c/263411/23:47
tmcpeakavarner: I think a bandit-baseline gate might be best for you23:47
tmcpeakyou don't need a separate config, you can just use severity + confidence filtering to start like we currently do23:47
avarnerok23:48
tmcpeakthat will get you at least something, and then once we've implemented our new profiles you can add a few more tests23:48
avarnerThanks, I'll try it23:48
tmcpeakavarner: see "Bandit Baseline Gate" here: https://wiki.openstack.org/wiki/Security/Projects/Bandit23:48
tmcpeakif you have any questions or problems let me know23:49
avarnerthanks, I may have some tomorrow. For now, good night :)23:50
*** yuanying has quit IRC23:50
tmcpeaksounds good!23:50
*** yuanying has joined #openstack-security23:51
« Sunday, 2016-01-03 Index Tuesday, 2016-01-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!