| Tengu | hello there | 07:38 |
|---|---|---|
| Tengu | fungi: heya! fyi, I appear to be the (new) Security Liaison for TripleO. I'm starting reading things about Security-SIG and related, and am wondering if there's any specific ML I should subscribe? | 07:43 |
| fungi | Tengu: none, we post to openstack-discuss with [security-sig] in the subject line | 11:17 |
| fungi | Tengu: we also hold a meeting in here on the first thursday of every month, and we have a ptg session tomorrow if you want to join | 11:20 |
| Tengu | fungi: ah, perfect, I don't have anything yet for tomorrow! | 11:42 |
| Tengu | I'll add a new filter for security-sig as well. | 11:42 |
| Tengu | fungi: tripleo is wanting to move to DPL, meaning we'll have to do some homework and proper communication. afaik there's also a page where the security liaison is mentioned. Is there something like a "what to do" and related? i.e. I don't really know *what* is expected from me :) | 11:45 |
| Tengu | ah, just seeing the session tomorrow. 3pm UTC, in Diablo. perfect. | 11:46 |
| fungi | Tengu: well, the room link is to meetpad so it's not really *in* the diablo zoom, but if you click the session on the ptg schedule it'll take you to the right place | 11:48 |
| Tengu | fungi: ah, yeah, ok. is there some etherpad with some agenda btw? | 11:48 |
| fungi | yes, the etherpad in the etherpads list on the ptg site | 11:49 |
| Tengu | oh, didn't see the link at the top. | 11:49 |
| Tengu | meh. | 11:49 |
| fungi | as for the liaison role, for repositories officially overseen by the vmt it's #6 at https://security.openstack.org/repos-overseen.html#requirements | 11:49 |
| fungi | tripleo hasn't opted into official vmt oversight, but there's still a need for a primary point of escalation for security issues if tripleo's security review team | 11:51 |
| fungi | is otherwise unresponsive on them | 11:51 |
| Tengu | sounds good. tripleo itself isn't just one repository. it's... well. "a huge pile of things". | 11:52 |
| Tengu | I'll check with the current PTL if we want to opt in, what would be the expectations, what repositories would be affected and so on. I see there's python client repos, maybe python-tripleoclient might join the feast. maybe with tripleo-heat-templates. | 11:53 |
| fungi | right. tripleo could choose to opt some of its repositories into vmt oversight if it feels like asserting compliance with the list of requirements on that page i linked | 11:53 |
| Tengu | (and tripleo-ansible - that's becoming the "heart" of tripleo nowadays) | 11:53 |
| Tengu | 'k. I don't want to make a revolution, but still... having some proper security management won't hurt, really. | 11:54 |
| gagehugo | fungi: the security session is tomorrow at this time right? | 15:05 |
| fungi | gagehugo: correct | 15:05 |
| gagehugo | ok cool | 15:06 |
| fungi | i would have done it on thursday at our typical meeting time but there were too many conflicts | 15:06 |
| gagehugo | yeah thursdays are usually bad for me | 15:08 |
| fungi | should we also talk about rescheduling our monthly meetings? | 15:08 |
| fungi | our usual thursday time also conflicts with weekly tc meetings, which i normally try to attend when i'm not chairing ours | 15:09 |
| gagehugo | Don't do it on my behalf, but yeah if we did I wouldn't be opposed | 15:10 |
| fungi | cool, i'll add it to the agenda | 15:12 |
| fungi | https://launchpad.net/bugs/1988310 is now public | 16:10 |
| fungi | https://launchpad.net/bugs/1980349 is now public | 17:20 |
| fungi | https://launchpad.net/bugs/1977516 is now public | 17:26 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!