15:00:31 <gagehugo> #startmeeting security
15:00:32 <openstack> Meeting started Thu Apr 12 15:00:31 2018 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:33 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:35 <openstack> The meeting name has been set to 'security'
15:00:53 <jessegler> o/
15:01:04 <gagehugo> ping eeiden fungi gagehugo lhinds nickthetait
15:01:04 <nickthetait> hey
15:01:12 <gagehugo> hey jessegler nickthetait
15:01:38 <gagehugo> will likely be a short meeting today, don't have much in updates
15:01:59 <fungi> as usual, i'm also trying to pay attention in #openstack-tc for office hour
15:02:05 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda
15:02:08 <gagehugo> fungi o/
15:02:57 <fungi> sigmavirus24 doesn't seem to be here right now, but was looking for browne in #openstack-security yesterday
15:03:23 <gagehugo> I think browne is mostly available via email lately
15:03:27 <fungi> (looks like maybe it was day before yesterday actually)
15:04:19 <gagehugo> no updates afaik for spectre/meltdown update
15:04:28 <gagehugo> #topic Bandit
15:04:48 <gagehugo> not much changed from last week, think a couple ps got merged
15:05:14 <gagehugo> #topic Tatu
15:05:27 <gagehugo> ping gdecandia
15:05:57 <gagehugo> #topic Documentation
15:06:25 <gagehugo> no updates here
15:06:35 <gagehugo> #topic OSSN
15:06:46 <nickthetait> I submitted an OSSN draft this week
15:06:48 <nickthetait> :)
15:06:50 <gagehugo> nice
15:07:01 <gagehugo> do you have a link?
15:07:05 <nickthetait> yeah
15:07:10 <nickthetait> https://review.openstack.org/#/c/559440/
15:07:11 <patchbot> patch 559440 - security-doc - Publish a draft of OSSN-0083
15:08:04 <gagehugo> I can take a look later today
15:08:16 <nickthetait> that would be great, thanks
15:08:35 <gagehugo> #topic VMT
15:08:53 <gagehugo> should probably change that to say OSSA instead
15:09:01 <gagehugo> since we have threat analysis on the agenda as well
15:09:14 <gagehugo> no OSSA updates afaik
15:09:34 <gagehugo> #topic Threat Analysis
15:09:51 <gagehugo> keystonemiddleware was approved for the vmt tag \o/
15:10:19 <nickthetait> does that mean it is an official openstack project now?
15:11:02 <gagehugo> nickthetait it means that keystonemiddleware is eligible for being covered under vulnerability management
15:11:08 <gagehugo> lemme find the wiki link
15:11:23 <nickthetait> aha
15:11:28 <gagehugo> https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html#vulnerability-managed
15:11:32 <fungi> keystonemiddleware has been an official openstack deliverable under the keystone team for years (basically for as long as it has existed)
15:11:47 <gagehugo> ^
15:12:20 <gagehugo> fungi I'll email browne about sigmavirus24 looking for him
15:12:22 <gagehugo> btw
15:12:33 <fungi> specifically, that change is an indication that the openstack cross-project vulnerability management team has agreed to coordinate reported vulnerabilities for keystonemiddleware rather than the keystone team having to do that themselves
15:13:04 <nickthetait> okay
15:13:44 <gagehugo> yup!
15:13:54 <gagehugo> #topic General Discussion
15:13:59 <fungi> the openstack vmt is generally willing to assist any official projects with vulnerability report coordination, but specifically prioritizes those with the vulnerability:managed governance tag and does more of the legwork themselves
15:14:32 <fungi> gagehugo: thanks, i missed the call for bandit news earlier in the meeting, but per discussion in #openstack-security sigmavirus24 was looking for bandit maintainers to follow up on moving it to pypa. apparently they mentioned wanting to do that but subsequently disappeared and left the pypa maintainers hanging
15:15:01 <gagehugo> fungi ah, I think browne was handling that for the most part, but I will double check
15:15:18 <fungi> much appreciated
15:15:39 <gagehugo> anyone have anything else?
15:15:46 <nickthetait> nah
15:16:56 <gagehugo> if not then we can end early
15:17:08 <gagehugo> have a good rest of the week everyone!
15:17:14 <nickthetait> later
15:17:18 <gagehugo> o/
15:17:21 <gagehugo> #endmeeting