Thursday, 2016-09-29

« Wednesday, 2016-09-28 Index Friday, 2016-09-30 »
*** browne has quit IRC00:02
*** sdake_ has quit IRC00:25
*** jamielennox is now known as jamielennox|away00:29
*** trisq has joined #openstack-security00:30
*** jamielennox|away is now known as jamielennox00:33
*** sdake has joined #openstack-security00:52
*** gouthamr has joined #openstack-security00:52
*** gouthamr has quit IRC00:58
sdaketmcpeak around at this hour?00:58
*** trisq has quit IRC00:59
*** vinaypotluri has quit IRC01:02
*** markvoelker has joined #openstack-security01:13
*** gouthamr has joined #openstack-security01:18
tmcpeaksdake: hey buddy, off and on, what's up?01:19
sdaketmcpeak just wanted to inform you kolla's dedline for rc2 is oct1001:19
sdakei highly doubt we will have tim eto sort out a ta between then and summit01:20
sdakenot that I don't think its important01:20
sdakeI think its *critical*01:20
sdakebut releasing 3.0.0 on time is more critical if that makes any sense01:20
sdakeso can we circle back around after summit or during summit?01:20
sdakenot sure what succesor ptl has in mind01:21
sdakefor summit that is01:21
sdakeas in scheduling a vmt session or not01:21
tmcpeaksdake: successor PTL, same as old PTL :)01:21
tmcpeaksdake: during summit would be great if you guys have time01:21
sdaketmcpeak nah, i didn't run for kolla ptl this cycle01:21
tmcpeakoooh, successor from your side01:21
tmcpeakgotcha01:21
tmcpeaksdake: let somebody else have some fun?01:22
tmcpeak:)01:22
sdakeya or escape alive depending on your pov ;)01:22
tmcpeakhah, indeed01:22
sdake3 years is a long time to ptl oen project01:23
sdakecan cause wearyness01:23
tmcpeakdamn, I didn't know it was that long01:23
sdakeespecially a project as busy as kolla01:23
sdakewe floundered for the first year01:24
tmcpeakgood man01:24
sdakewe were on fire years 2 and 301:25
sdakeand still are ;)01:25
sdakewe have a prtty big footprint space wise at summit01:25
sdakei'd encourage hyakuhei- to reach out to inc0 to co-schedule a session on ta01:26
sdakemaybe we can get some movement at summit01:26
tmcpeaksdake: cool, I'll let him know01:26
sdakethanks01:26
tmcpeaksdake: let's meet up for a beer at the summit or something :)01:26
sdaketmcpeak if i have time :)01:27
sdaketmcpeak i have alot of commitments to meet01:27
*** trisq has joined #openstack-security01:28
tmcpeaksdake: I bet01:28
sdaketmcpeak re summit cosession, rather then suck up one of the security slots we could use a kolla slot01:29
sdakejust a thought01:29
sdake:)01:29
tmcpeaksdake: that sounds great01:30
tmcpeakbut we'll definitely allocate a slot to security review if needed01:30
sdaketmcpeak i think a conversation between inc0 and hyakuhei- could make that easier01:31
sdakethey dont know each other01:31
sdakeand aren't in each other's universes :)01:31
sdakelets get em connecte01:32
sdaked01:32
tmcpeaksdake: +101:33
sdakei typically try to keep all convos on public maiing lists01:34
sdakebut in this case a personal introduction might help01:34
tmcpeaksdake: sure, hyakuhei- and I can show up to your meeting?01:34
sdakethat works  too, i was thinking email but meeting times soundsgood01:35
tmcpeakcool, when do you guys meet?01:35
tmcpeakI'll for sure show up and hopefully hyakuhei- can too01:36
*** gszafranski has quit IRC01:42
*** jamielennox is now known as jamielennox|away01:42
*** murphy_zhao has quit IRC01:49
*** woodster_ has joined #openstack-security01:51
*** murphy_zhao has joined #openstack-security01:51
*** zhihui has joined #openstack-security01:52
*** trisq has quit IRC01:56
*** trisq has joined #openstack-security01:57
*** gszafranski has joined #openstack-security01:57
sdaketmcpeak our agenda is on the wiki - sometimes we use it sometimes we dont02:00
sdake1600 utc  wednesdays02:00
sdakeif you or hyakuhei- appear, i'll make sure we get an intro going :)02:00
*** salv-orlando has joined #openstack-security02:01
tmcpeaksdake: sounds good, thanks!02:03
*** gouthamr has quit IRC02:05
*** salv-orlando has quit IRC02:05
sdaketmcpeak next week woudl be best i think02:05
sdakeanother option is i can bring inc0 to the security meeting02:06
sdakei think having you and hyakuhei- appear would have more impact tho02:06
sdakewould result in the coresec team in kolla knowing this job neds to be done02:06
sdakethe security team knows it02:06
sdakethe kolla team sort of knows it02:06
sdakelets try to reinforce that :)02:06
tmcpeaksdake: that would be awesome!02:07
tmcpeaktomorrow work?02:07
sdakei'm not sure what inc0s' schedule is02:07
sdakei'll shoot him an email now02:07
sdakewhat time is your meeting in utc again ?02:07
sdake(I have on my calendar in non utc time)02:07
tmcpeak1700 UTC02:07
sdake1700 utc right?02:07
sdakecool so lets try to do both02:08
sdakeget both ptls together in both meetings02:08
tmcpeakcool, sounds good02:08
sdakeunified front and al lthat ;)02:08
*** sarnold has joined #openstack-security02:08
tmcpeakindeed!02:08
sarnoldhello; is the openstack security team / vmt / etc officially supporting oslo.privsep?02:09
tmcpeaksarnold: what do you mean officially sponsor?02:11
sarnoldtmcpeak: it appears that no one can actually see bugs against oslo.privsep that are filed "private security"02:11
tmcpeaksarnold: doesn't have "vulnerability managed" tag here02:12
tmcpeakhttps://governance.openstack.org/reference/projects/oslo.html#oslo-privsep02:12
sarnoldtmcpeak: I'm curious who, if anyone, with the openstack security teams I ought to talk to, or if they'll just say "yeah, not ours" :)02:12
sarnoldtmcpeak: aha, I haven't seen this before. nice.02:12
tmcpeakoslo probably has their own core security team that responds to private security bugs02:13
sarnoldnews to me02:14
sarnoldtmcpeak: thanks for your help; I've hit the 'contact this team's admins' button on https://launchpad.net/~oslo-coresec too -- hopefully I'll have found someone somewhere who's interested in supporting this thing :)02:17
tmcpeaksarnold: sure, no problem02:19
tmcpeakwhat are you trying to do out of curiosity?02:19
tmcpeakyou find something you're trying to get them to address?02:19
sarnoldtmcpeak: yeah; I'm not sure if anything I found is even a bug, but I thought I'd give someone the chance to inspect it without too much pressure if possible02:21
*** knangia has quit IRC02:22
tmcpeakahh ok, yeah file it to them, hopefully they pick it up02:22
sarnoldI filed two of them yesterday; normally someone from the openstack security team replies quickly, even if just a "thanks we'll investigate" -- a day was out of character :)02:22
*** jass93 has joined #openstack-security02:23
tmcpeakyeah, welcome to the world of non-VMT managed :)02:23
sarnold:)02:24
*** yuanying_ has quit IRC02:50
*** sdake has quit IRC02:52
*** yuanying has joined #openstack-security03:05
*** jamielennox|away is now known as jamielennox03:11
*** sdake has joined #openstack-security03:16
*** dave-mccowan has quit IRC03:16
*** sdake has quit IRC03:19
*** sdake has joined #openstack-security03:31
*** yuanying has quit IRC03:33
*** yuanying has joined #openstack-security03:34
*** tmcpeak has quit IRC03:36
*** pcaruana has quit IRC03:47
*** d0ugal has quit IRC03:48
*** yuanying has quit IRC03:49
*** yuanying has joined #openstack-security03:52
*** woodburn has quit IRC03:55
*** woodburn has joined #openstack-security03:56
*** d0ugal has joined #openstack-security03:57
*** pcaruana has joined #openstack-security03:59
*** salv-orlando has joined #openstack-security04:03
*** mister_coder has joined #openstack-security04:03
*** trisq has quit IRC04:04
*** mister_coder has left #openstack-security04:06
*** salv-orlando has quit IRC04:07
*** tmcpeak has joined #openstack-security04:32
*** trisq has joined #openstack-security04:37
*** salv-orlando has joined #openstack-security04:42
*** salv-orlando has quit IRC04:42
*** salv-orlando has joined #openstack-security04:43
*** dikonoo has joined #openstack-security04:44
*** sdake has quit IRC05:00
openstackgerritMerged openstack/security-doc: Update target OpenStack releases  https://review.openstack.org/37770605:05
*** ccneill has quit IRC05:13
*** ccneill has joined #openstack-security05:14
*** dikonoo has quit IRC05:17
*** dikonoor has joined #openstack-security05:28
*** tmcpeak has quit IRC05:35
*** ccneill has quit IRC05:43
*** codfection has joined #openstack-security05:54
*** codfection has quit IRC05:58
*** woodster_ has quit IRC06:00
*** codfection has joined #openstack-security06:01
*** rcernin has joined #openstack-security06:22
*** dikonoor has quit IRC06:23
*** dikonoor has joined #openstack-security06:27
*** austin987 has quit IRC06:43
*** liverpooler has joined #openstack-security07:15
*** salv-orlando has quit IRC07:37
*** salv-orlando has joined #openstack-security07:50
*** codfection has quit IRC08:23
*** zhihui has quit IRC09:08
*** sdake has joined #openstack-security09:47
*** trisq has quit IRC09:53
*** trisq has joined #openstack-security09:54
*** jass93 has quit IRC09:56
*** trisq has quit IRC10:16
*** ayoung has quit IRC10:27
*** jass93 has joined #openstack-security10:33
*** trisq has joined #openstack-security10:34
*** ayoung has joined #openstack-security10:40
*** salv-orlando has quit IRC10:40
*** salv-orlando has joined #openstack-security10:41
*** salv-orlando has quit IRC10:54
*** dikonoor has quit IRC11:07
*** openstackgerrit has quit IRC11:19
*** openstackgerrit has joined #openstack-security11:19
*** dikonoor has joined #openstack-security11:26
*** codfection has joined #openstack-security11:46
*** dikonoor has quit IRC11:56
*** dave-mccowan has joined #openstack-security12:01
*** edmondsw has joined #openstack-security12:15
*** catintheroof has joined #openstack-security12:18
*** salv-orlando has joined #openstack-security12:25
*** salv-orlando has quit IRC12:30
*** _elmiko is now known as elmiko12:46
*** trisq has quit IRC12:48
*** lamt has joined #openstack-security13:03
*** codfection has quit IRC13:19
*** lamt has quit IRC13:21
*** salv-orlando has joined #openstack-security13:27
*** salv-orlando has quit IRC13:31
*** jmckind has joined #openstack-security13:51
*** liverpooler has quit IRC13:56
*** jmckind_ has joined #openstack-security14:04
*** jmckind has quit IRC14:06
*** datadog327 has joined #openstack-security14:11
*** sdake has quit IRC14:24
*** hongbin has joined #openstack-security14:25
*** sdake has joined #openstack-security14:26
*** salv-orlando has joined #openstack-security14:29
*** sdake_ has joined #openstack-security14:34
*** tmcpeak has joined #openstack-security14:35
*** sdake has quit IRC14:36
*** jamielennox is now known as jamielennox|away14:53
*** sdake_ is now known as sdake_dnd14:53
*** jass93 has quit IRC14:57
*** sdake has joined #openstack-security14:59
*** jamielennox|away is now known as jamielennox15:00
*** sdake_dnd has quit IRC15:00
*** dave-mccowan has quit IRC15:02
*** jmckind has joined #openstack-security15:02
*** jmckind_ has quit IRC15:02
*** vinaypotluri has joined #openstack-security15:03
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37953515:11
*** sdake is now known as sdake_dnd15:26
*** mvaldes has joined #openstack-security15:30
*** codfection has joined #openstack-security15:47
*** sicarie has joined #openstack-security15:49
hyakuhei-Hey sicarie15:49
*** openstackgerrit has quit IRC15:49
*** openstackgerrit has joined #openstack-security15:50
*** coreycb has joined #openstack-security16:01
*** trisq has joined #openstack-security16:02
*** pcaruana has quit IRC16:03
*** woodster_ has joined #openstack-security16:03
coreycbtrisq, or anyone else, is there a reason why oslo.privsep is not covered by the openstack VMT or is that just a missing tag?16:04
*** rcernin has quit IRC16:05
*** knangia has joined #openstack-security16:10
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37953516:13
*** dave-mccowan has joined #openstack-security16:19
*** mdong has joined #openstack-security16:22
coreycbnkinder, hi, would you possibly have any insight to my question above?16:25
*** sdake_dnd is now known as sdake16:27
nkindercoreycb: I'm not sure16:28
coreycbnkinder, any idea who might know?16:28
nkindercoreycb: tristanC might now16:40
coreycbnkinder, thanks.  I guess I pinged the wrong nick above.16:41
tmcpeakgmurphy: ^16:41
*** gfhellma has joined #openstack-security16:45
*** dave-mccowan has quit IRC16:46
*** dave-mccowan has joined #openstack-security16:46
*** browne has joined #openstack-security16:54
*** tkelsey has joined #openstack-security16:54
brownecan someone who is an anchor core, please approve https://review.openstack.org/#/c/342979/16:55
brownewe keep getting duplicate patches16:56
tmcpeaktkelsey: ^16:58
tkelseyit already has my +216:59
tmcpeakahh16:59
tmcpeakneed another16:59
tmcpeakhyakuhei-: ^16:59
tkelseydg____16:59
*** gfhellma has quit IRC17:04
*** jass93 has joined #openstack-security17:08
openstackgerritMerged openstack/anchor: Remove discover from test-requirements  https://review.openstack.org/34297917:09
*** trisq has quit IRC17:12
tmcpeaklhinds: the struggles are almost over17:15
tmcpeakI wrote a blog post this week on secure development guidance and Bandit17:16
tmcpeakif you're being good children you'll have noticed its announcement on the ML17:16
tmcpeakhttps://openstack-security.github.io/organization/2016/09/26/python-secure-development.html17:16
tmcpeakblog posts are easy and a good way to make our work known to the community17:16
tmcpeakunrahul: I'd encourage you guys to do a quick one for Syntribos17:16
unrahulagreed tmcpeak !.. we will definitely do a retrospective on the testing and on the tool soon..17:18
tmcpeakcool, just mention the kind of bugs you're finding17:18
tmcpeakthis is good stuff17:18
unrahulyup tmcpeak ... it would hopefully make the tool bit more popular as well.. so that others will also start using it.17:23
tmcpeakyeah17:24
*** mvaldes has quit IRC17:25
*** sicarie has quit IRC17:34
*** inc0 has joined #openstack-security17:36
sdakehey tmcpeak - inc0 here17:36
inc0hey:) nice to meet you guys17:36
tmcpeakhi inc0 how's it going?17:36
sdakeso i think best plan on this is meeting next wed in kolla's slot topic on TA17:37
inc0pretty well, thanks, still adjusting to new role17:37
inc0sorry for being late17:37
tmcpeakno worries :)17:37
sdakeinc0 everyone has to eat lucnh :)17:37
sdakei doo iff my wife feeds me ;)17:37
inc0tmcpeak, so we do want our VMT finished out, do you guys have any feedback/prework we could do before summit to streamline the process?17:38
inc0we want to be super secure deployment tool;)17:38
sdakeinc0 the step we need for vmt is ta17:38
sdakeeverything else falls into place17:39
sdakeand security team needs some beta testers :)17:39
inc0so TA was started in Austin right?17:39
inc0we've prepared bunch of docs on how Kolla is wired17:39
sdakeright however the process has changed17:39
tmcpeakinc0: yeah we've changed TA (security review) to scale better17:39
tmcpeakso we'll need to map over what's been done to new process and finish up17:39
tmcpeakshouldn't be too much work17:39
inc0ok, so how does it look like now and how can we help?17:39
tmcpeakinc0: if you guys have time the first step is producing a DFD like we did for Barbican17:41
tmcpeak#link https://etherpad.openstack.org/p/barbican-threat-analysis17:41
tmcpeak#link https://drive.google.com/file/d/0B0osRPn3qBq5Ml9JOUVETDhJbVk/view17:42
tmcpeakonce that's ready we'll review with you guys to determine assets and security threats to those assets17:43
*** inc0_ has joined #openstack-security17:45
inc0_hey, sorry, my vpn died on me17:45
inc0_looking at docs17:45
tmcpeakno worries17:45
*** inc0 has quit IRC17:48
inc0_ok, so we already ran through assets I think17:48
inc0_generally, we might need to revise it in terms of new service additions17:48
tmcpeakinc0_: separately? what we did in Austin is a little different17:48
inc0_I see17:49
inc0_ok, so, we need to repeat this excersize right?17:49
tmcpeakinc0_: yeah, but we can map some over17:49
tmcpeakwhat we did before isn't a wash17:49
inc0_we can do it just after next Wed meeting, so we won't need to rush things by meeting agenda17:49
tmcpeakinc0_: review assets? ok cool17:50
tmcpeakhopefully dg and hyakuhei can join17:50
sdakeinc0_ i think thats one approach - another is to inform the team in the meeting its a prioirty :)17:50
sdakemaybe both can be used17:50
inc0_sdake, I want to talk about this on meeting too, but we have other stuff going on17:51
inc0_and we don't need full community for it;)17:51
*** ccneill has joined #openstack-security17:51
sdakeinc0_ right -this is just the coresec team from our side17:51
inc0_I'll just make sure that we have enough people with deep arch knowledge of kolla to answer all the questions17:51
sdakeinc0_ but we do need to recruit a capable coresec team17:51
tmcpeaksdake: +117:52
sdakehencethe meeting time :)17:52
inc0_anyway, let's do this later on, one thing at the time17:52
tmcpeakinc0_, sdake cool17:52
tmcpeakI'll join next week and we can discuss further17:52
inc0_we already have volunteers from before17:52
sdakeinc0_ some of those folks have dropped of the core team17:52
inc0_sure, thanks tmcpeak and feel free to ping me on whatever you need17:52
inc0_I'm at your disposal17:52
tmcpeakinc0_: great, nice to meet you!17:53
inc0_thing is, I'd expect every core reviewer to have security in mind17:53
sdakeinc0_ right17:53
sdakeit should be prioirty #117:53
inc0_so instead of making coresec team I'd rather educate our whole core team;)17:53
sdakeinc0_ vmt requries a subset of team17:53
sdakehowever educating whle team is useful imo17:54
sdakevmt wants max 5 people17:54
*** jass93 has quit IRC17:54
*** gfhellma has joined #openstack-security17:55
sdakelets just reintroduce the idea - should take less then 5 minutes during the meeting17:55
inc0_sdake, we are making this a agenda point, yes17:55
inc0_but after meeting we can start actual analysys17:55
sdakesounds good to me17:55
sdakenice plan inc0_17:55
inc0_so we kick off some work right away17:55
tmcpeaksounds good17:56
sdakecool maybe we can get it done beffore summit then tmcpeak17:56
sdakealthough hard to say17:56
inc0_if we just get to know what kind of info you guys need, we can fill out blanks on our own17:56
inc0_and you'll review it afterwards17:56
tmcpeakthat would be awesome17:56
tmcpeakI'll bring the other security review folks to your meeting so we can overview17:56
tmcpeakdg has links to recent version of our guidance17:56
inc0_and on summit we'll go through it together and work out framework to keep it up to date and all17:57
* tmcpeak back in a bit17:57
inc0_sounds good, thanks!17:57
*** tkelsey has quit IRC18:01
*** cleong has joined #openstack-security18:03
*** jass93 has joined #openstack-security18:16
*** mvaldes has joined #openstack-security18:18
*** woodster_ has quit IRC18:20
*** jmckind has quit IRC18:22
*** sdake has quit IRC18:50
*** sdake has joined #openstack-security18:50
*** mvaldes has quit IRC18:51
*** lamt has joined #openstack-security18:55
*** salv-orlando has quit IRC18:56
*** evand has quit IRC18:58
*** mvaldes has joined #openstack-security19:15
*** salv-orlando has joined #openstack-security19:18
*** yarkot has quit IRC19:39
*** purp_too has quit IRC19:39
*** purp has joined #openstack-security19:40
*** yarkot has joined #openstack-security19:42
*** Afterglow has quit IRC19:43
*** Aftergl0w has joined #openstack-security19:43
*** Aftergl0w is now known as Afterglow19:43
*** Afterglow has joined #openstack-security19:43
*** salv-orl_ has joined #openstack-security19:44
*** salv-orlando has quit IRC19:47
*** jass93 has quit IRC19:50
*** knangia has quit IRC19:54
*** woodster_ has joined #openstack-security19:54
*** knangia has joined #openstack-security19:56
*** ayoung has quit IRC20:01
sigmavirusccneill: is there some kind of OSSA goal for syntribos/OSIC that I'm unaware of?20:01
*** sdake has quit IRC20:08
*** lamt has quit IRC20:12
*** mvaldes has quit IRC20:12
ccneillnope - not that worried about getting an OSSA at this point. just want to make sure we're not sweeping something under the rug that is more prevalent than one would assume based on the current launchpad discussion. the only drive for OSSAs is based on whether everyone agrees that one is needed20:12
ccneillbut by myself I can't determine exactly how prevalent it is - hence my explanations20:13
*** datadog327 has quit IRC20:26
*** ayoung has joined #openstack-security20:27
*** catintheroof has quit IRC20:32
*** browne has quit IRC20:37
*** edmondsw has quit IRC20:37
*** ayoung has quit IRC20:39
*** julian1_ has joined #openstack-security20:41
*** julian1 has quit IRC20:42
*** lamt has joined #openstack-security20:56
*** cleong has quit IRC20:57
*** mvaldes has joined #openstack-security21:00
*** lamt has quit IRC21:02
*** inc0_ has quit IRC21:07
*** sdake has joined #openstack-security21:13
*** alien__ has joined #openstack-security21:34
*** alien__ has quit IRC21:34
*** mvaldes1 has joined #openstack-security21:34
*** mvaldes has quit IRC21:37
*** browne has joined #openstack-security21:53
*** woodster_ has quit IRC22:00
*** jass93 has joined #openstack-security22:03
*** mdong has quit IRC22:07
*** mvaldes1 has quit IRC22:21
*** nkinder has quit IRC22:24
*** codfection has quit IRC22:27
*** ayoung has joined #openstack-security22:28
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/37109422:30
*** tmcpeak has quit IRC22:56
*** hongbin has quit IRC23:00
*** gouthamr has joined #openstack-security23:04
*** tmcpeak has joined #openstack-security23:04
*** ayoung has quit IRC23:06
*** jamielennox is now known as jamielennox|away23:11
*** sdake has quit IRC23:12
*** markvoelker has quit IRC23:36
openstackgerritCharles Neill proposed openstack/syntribos: Adding Cinder extension support to templates  https://review.openstack.org/37985623:45
*** austin987 has joined #openstack-security23:49
*** ayoung has joined #openstack-security23:51
*** browne has quit IRC23:52
*** jamielennox|away is now known as jamielennox23:52
*** sdake has joined #openstack-security23:55
« Wednesday, 2016-09-28 Index Friday, 2016-09-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!