17:04:14 #startmeeting security 17:04:15 Meeting started Thu Dec 7 17:04:14 2017 UTC and is due to finish in 60 minutes. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:04:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:04:19 The meeting name has been set to 'security' 17:04:24 \o 17:04:36 was just trying to work out why weechat has screwed up. 17:04:46 windows are all wrong 17:04:49 ok.. 17:04:52 #topic agena 17:05:05 #link https://etherpad.openstack.org/p/security-agenda 17:05:37 so one topic I have is the PTG (feel free to add if you have anything) 17:05:41 #topic PTG 17:06:07 So my thinking is for this PTG, is have a room on hand to use under the Security SIG 17:06:34 and send out an email to -dev and see if projects have any topics they want to bring to the SIG discussions. 17:06:53 I expect this will mean more topics on the table and a better audience around security 17:07:07 what do you think gagehugo , fungi ? 17:07:18 i'll be present, but as usual i'm spread really thin (infra, tc, foundation) and so likely won't have a lot of time to spend in the security room but am happy to pop in if anything vmt-related comes up 17:07:33 sounds good to me 17:07:50 sounds good fungi , maybe some project mights be interested in becoming security managed. 17:07:53 i think it sounds like a good idea, whether i personally am in the room or not ;) 17:08:30 I omitted to mention, I will drop out an offical 'we are turning into SIG' email a couple of days before. 17:08:32 it's likely i'll be the only vmt member present again (not sure whether tristanC or kmalloc are planning to come yet) 17:09:07 gagehugo: do you know if you're going yet? 17:09:21 nope, likely won't know until after the 1st of the year 17:09:34 gagehugo: ack, I think its that way for a lot of folks. 17:09:48 thinking if there might be some keystone topics 17:10:05 that need cross-project collaobration / consensus etc. 17:10:08 maybe? I can ask in the keystone meeting 17:10:14 thx, sounds good 17:10:36 k 17:10:40 #topic bandit 17:11:02 so we have a clean queue for patches now 17:11:04 everything merged 17:11:38 I just verifed Pavlo's patch after your tests gagehugo 17:11:50 cool 17:12:07 I still have not looked at the pycrypto issue I said I would adopt 17:12:34 gagehugo: I can't recall what we decided, but we discussed abandoning old patches. 17:12:43 did you get a chance to do anything there? 17:12:56 lhinds nah, I was just curious what you thought about the idea 17:13:11 we had discussed the same thing in keystone at the denver ptg 17:13:25 some ps just get left there for years 17:13:43 We have less than 10 just now? 17:13:47 yeah 17:13:54 it's not that bad imo 17:14:13 I think we can let them sit for now, but let's do this.. 17:14:33 do you stil have the abandoned URL query to hand that you posted last week? 17:14:53 or rather old patches 17:15:01 https://review.openstack.org/#/q/project:openstack/bandit+status:abandoned 17:15:34 soz, I meant the one that showed over a year since upate 17:15:48 https://review.openstack.org/#/q/project:openstack/bandit+status:open 17:16:08 that's it 17:16:10 I think there's a way to only show after a date, idk how 17:16:24 my gerrit url-fu is weak 17:16:30 Let's put it on the etherpad, and we can then track going over those. 17:16:42 yeah, it's the "after" query parameter 17:16:46 I will certainlty take a look at what can be salavged 17:17:02 *salvaged 17:17:05 fungi ah ok 17:18:26 ok, will skip OSSN as I have not had a chance to move on that the pass 2 weeks, have it on my table for next week before the xmas break. 17:18:34 #topic threat-analysis 17:18:46 ok, i need to get my finger out here and so something. 17:18:57 #link https://review.openstack.org/Documentation/user-search.html#search-operators 17:19:07 I have been slacking on this. 17:19:23 oh nice, thanks fungi 17:19:23 * gagehugo bookmarks that 17:19:36 lhinds: yeah, i started looking over the draft rendering and the architecture page lgtm 17:19:40 #link http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/artifacts/keystonemiddleware/pike/architecture-page.html.gz 17:19:59 obviously the findings still need to be integrated from the etherpad 17:20:10 thx fungi , so I will start migrating the etherpad contents over 17:20:23 then we just need to meet with keystone to discuss the findings. 17:20:30 ok 17:20:46 gagehugo: do you think its viable to get a spot on the keystone meeting? 17:20:58 also noticing we don't really have any proper indexing for the analyses yet... nothing links to them from the top-level html at http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/ 17:21:04 #link http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/ 17:21:14 yes 17:21:57 I can make a note to fix that 17:22:07 thx gagehugo , we can either [A] go over it on IRC, or [B] do it at the PTG 17:22:18 sure 17:22:50 ok, it think that wraps all up, last topic is xmas break 17:23:43 I'll be out the last week in dec 17:23:50 same for me 17:23:59 Should we make the next meeting the last of the year, and reconvene on the 4th? 17:24:25 wfm 17:24:27 I'm fine with that 17:24:41 cool, I will add that to the pad. 17:24:46 k, thx guys! 17:24:59 unless you have anyting else...? 17:25:03 *anything 17:25:17 I'll bring those two things up at the keystone meeting next week 17:25:31 thx gagehugo 17:25:49 thanks! 17:26:00 see you both next week 17:26:02 #endmeeting