| *** diablo_rojo is now known as Guest5475 | 01:59 | |
| opendevreview | Takashi Kajinami proposed openstack/governance master: Retire puppet-senlin https://review.opendev.org/c/openstack/governance/+/817329 | 02:24 |
|---|---|---|
| ade_lee | clarkb, fungi so it seems we can get paramiko to be mostly fips compatible - we just need to allow the md5 notforsecurity parameter | 03:35 |
| ade_lee | https://github.com/vakwetu/paramiko/commit/b4beb535d7293447f25afd12051dbc45bb1e6ddc | 03:35 |
| ade_lee | I plan to put that up for paramiko tonight - though of course the pull you mentioned would work for us too. | 03:36 |
| ade_lee | fingerprints appear to be the one part where they use md5s regardless of which key type they use | 03:37 |
| ade_lee | and with either patch they can be worked around | 03:37 |
| ade_lee | they also use md5 when creating a key while decrypting a encrypted pem file - which is not something that we work around - but thats only if using keys in an encrypted pem file not generated by openssh. | 03:38 |
| ade_lee | so if we run into this, we just need to find the place where the key is generated and replace it. | 03:39 |
| ade_lee | but this brings up the other salient point though - which is, that paramiko implements a bunch of its own crypto - and as far as I understand, that makes it something that will not be fips certified - without someone spending $$ of money and time | 03:41 |
| ade_lee | so while we can get to fips compatibility with paramiko - we can't get to fips compliance | 03:41 |
| ade_lee | for that we need libssh or pylibssh or something else | 03:42 |
| *** akahat|rover is now known as akahat|lunch | 08:44 | |
| *** ykarel is now known as ykarel|lunch | 08:51 | |
| *** akahat|lunch is now known as akahat|rover | 09:13 | |
| *** ykarel|lunch is now known as ykarel | 09:57 | |
| *** melwitt is now known as Guest5508 | 10:12 | |
| *** whoami-rajat__ is now known as whoami-rajat | 14:00 | |
| gmann | ade_lee: I can add it as separate topic too. will you be there to join tomorrow meeting for giving a brief ? | 14:10 |
| gmann | ade_lee: done https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee#Agenda_Suggestions | 14:16 |
| ade_lee | gmann, thanks. I do plan to be there | 14:29 |
| gmann | ade_lee: thanks | 14:30 |
| gmann | tc-members: lbragstad : reminder just in case, RBAC discussion continuing in ~20 from now @ https://meet.google.com/uue-adpp-xsm | 14:41 |
| jungleboyj | gmann: I had a conflict scheduled over that again. :-( | 14:42 |
| jungleboyj | Nothing on my calendar is sacred. | 14:42 |
| gmann | jungleboyj: ohk, it will be for 1 hr in case you join late, or this is etherpad we will use , feel free to add any query/comment you have https://etherpad.opendev.org/p/policy-popup-yoga-ptg | 14:43 |
| jungleboyj | ++ | 14:43 |
| *** ykarel is now known as ykarel|away | 15:12 | |
| lbragstad | gmann new meeting link? | 15:58 |
| gmann | lbragstad: https://meet.google.com/agv-hdpy-pmx | 15:58 |
| gmann | just in case, we are continuing RBAC discussion @ https://meet.google.com/agv-hdpy-pmx | 15:58 |
| *** akahat|rover is now known as akahat|lunch | 16:03 | |
| *** akahat|lunch is now known as akahat|dinner | 16:03 | |
| *** akahat|dinner is now known as akahat|rover | 16:52 | |
| opendevreview | Lance Bragstad proposed openstack/governance master: Rework the yoga secure RBAC community goal https://review.opendev.org/c/openstack/governance/+/815158 | 21:52 |
| gmann | lbragstad: dansmith added meetpad link to continue the rbac biweekly video meeting here https://wiki.openstack.org/wiki/Consistent_and_Secure_Default_Policies_Popup_Team#Meeting | 22:52 |
| gmann | it is Thursday biweekly-even at 18:00 UTC. next meeting I on 25th Nov | 22:52 |
| gmann | let me know if time is ok. we can change in case of any conflict | 22:53 |
| lbragstad | nov 25th is a US holiday - just a heads up | 22:53 |
| gmann | ohk | 22:53 |
| gmann | we can continue skip that one and continue from 9th Dec onwards? or you want to schedule on different day so that we meet after 2 weeks from today call? | 22:55 |
| gmann | *we can skip | 22:55 |
| lbragstad | i can meet next week and i'll adjust my schedule to work | 23:02 |
| lbragstad | i can be flexible | 23:02 |
| lbragstad | i'm willing to meet as soon as possible so we can keep making progress | 23:02 |
| gmann | ok, so let's move that to biweekly odd then so that we meet next week. and Thursday 16 UTC ok or we change time? | 23:03 |
| gmann | means next meetings on 18th Nov, 2nd Dec .... | 23:04 |
| lbragstad | that time works for me | 23:05 |
| lbragstad | but again - i can shuffle my schedule if a better time works for others | 23:05 |
| gmann | that time is ok for me too. dansmith ? | 23:06 |
| gmann | or any other member interested to join? | 23:06 |
| gmann | tc-members: please vote on 'decoupling goal from release cycle', so that we can migrate RBAC goal with new template https://review.opendev.org/c/openstack/governance/+/816387 | 23:10 |
| dansmith | gmann: I haven't done my calculations yet, but I will probably be out for most/all of december, unfortunately :/ | 23:39 |
| dansmith | so other than not being around for a long time, that time on thursday works for me :D | 23:40 |
| gmann | dansmith: thanks, sounds good. | 23:40 |
| opendevreview | Ghanshyam proposed openstack/governance master: Remove office hours in favour of weekly meetings https://review.opendev.org/c/openstack/governance/+/817493 | 23:45 |
| opendevreview | Merged openstack/governance master: Propose changes to the stable core team https://review.opendev.org/c/openstack/governance/+/810721 | 23:54 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!