| mikal | Ummm, I am silly and not entirely sure I followed https://security.openstack.org/vmt-process.html right. I am meant to file a private security bug in the affected project right? Not some shared "VMT project"? | 02:11 |
|---|---|---|
| gouthamr | feel free to give me the bug in private | 02:12 |
| gouthamr | mikal: | 02:12 |
| mikal | Well, given its locked down I can just do it here can't I? | 02:12 |
| mikal | Regardless, I did thing. | 02:13 |
| gouthamr | this one is a public channel, ty | 02:13 |
| gouthamr | I got your ping | 02:13 |
| gouthamr | mikal: security by obscurity i think :) launchpad URLs contain the project name.. and we (vmt) don't know for sure if project trackers are secured well enough.. | 02:20 |
| gouthamr | you did the right thing btw, all good.. | 02:21 |
| mikal | Ok cool. I shall proceed to do nothing until someone talks at me. | 02:26 |
| fungi | mikal: for reference, in case you only found our vmt process documentation, the instructions for reporting suspected vulnerabilities are much shorter and can be found at https://security.openstack.org/reporting.html (linked from the "How to report security issues to OpenStack" heading at the top of the main security.openstack.org page) | 13:38 |
| opendevreview | Goutham Pacha Ravi proposed openstack/ossa master: Add OSSA-2026-021 (CVE-2026-pending) https://review.opendev.org/c/openstack/ossa/+/991514 | 14:07 |
| opendevreview | Merged openstack/ossa master: Add OSSA-2026-021 (CVE-2026-pending) https://review.opendev.org/c/openstack/ossa/+/991514 | 14:38 |
| fungi | gouthamr: https://security.openstack.org/ossa/OSSA-2026-021.html is live now, don't forget to update the bug title | 14:40 |
| gouthamr | thank you fungi | 14:51 |
| fungi | of course. i'm also on hand to do openstack-announce moderation when you're ready | 14:52 |
| fungi | gouthamr: looks like your OSSN-0098 was waiting in the openstack-announce queue so i went ahead and approved that | 14:54 |
| gouthamr | ah ty! just sent the emails | 15:00 |
| fungi | approved now too | 15:03 |
| JayF | https://bugs.launchpad.net/ironic/+bug/2154288 is now public | 18:26 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 19:46 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 19:47 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 19:50 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 19:56 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 20:02 |
| opendevreview | Goutham Pacha Ravi proposed openstack/ossa master: OSSA-2026-021: Errata 1 - add CVE https://review.opendev.org/c/openstack/ossa/+/991737 | 20:24 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 20:41 |
| opendevreview | Jay Faulkner proposed openstack/security-doc master: [OSSN-0099] Service DoS in Ironic https://review.opendev.org/c/openstack/security-doc/+/991729 | 21:05 |
| opendevreview | Merged openstack/ossa master: OSSA-2026-021: Errata 1 - add CVE https://review.opendev.org/c/openstack/ossa/+/991737 | 21:45 |
| gouthamr | ty fungi | 21:46 |
| fungi | of course | 21:46 |
| fungi | i should be the one thanking you | 21:46 |
| gouthamr | :P crossing Ts dotting Is before I go away and leave you with the mess | 21:47 |
| fungi | but instead i need to figure out dinner once i approve things through openstack-announce | 21:47 |
| gouthamr | my bad on openstack-discuss, i was testing whether subject mangling will preserve threading | 21:56 |
| gouthamr | i preserved the original subject on openstack-announce | 21:57 |
| fungi | approved it | 22:01 |
| fungi | and yeah, threading in most mail clients is done by looking at the in-reply-to and references headers | 22:01 |
| fungi | for a reply, in-reply-to holds the message-id of the message it's a reply to, and references often has a list of several prior message-id values from the thread depending on the sender's composing client | 22:02 |
| fungi | i think gmail may attempt to associate messages by subject header, which is nonstandard behavior | 22:03 |
| gouthamr | ugh, pbkac actually, ty for explaining.. i was matching the in-reply-to and actually saw the mess up | 22:06 |
| fungi | if it's your own post you want to thread up to, going into your sent mail and replying to the copy there should work in theory (just make sure you set the address to the list rather than to yourself) | 22:10 |
| gouthamr | ++ worked well for the two other lists | 22:16 |
| fungi | awesome | 22:16 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!