15:00:29 <gagehugo> #startmeeting security 15:00:29 <openstack> Meeting started Thu Jul 26 15:00:29 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:33 <openstack> The meeting name has been set to 'security' 15:01:15 <gagehugo> ping eeiden fungi gagehugo lhinds nickthetait browne redrobot 15:01:20 <gagehugo> anyone around? 15:01:23 <nickthetait> hey 15:01:35 <gagehugo> nickthetait o/ 15:03:39 <gagehugo> I think fungi is out on vacation 15:03:45 <gagehugo> not sure if lhinds is around 15:04:22 <gagehugo> nickthetait do you have anything you wanna discuss? 15:05:11 <nickthetait> no 15:06:11 <gagehugo> will you be at the ptg? 15:06:12 <lhinds_> hey all, gagehugo did the agenda by the looks of it 15:06:31 <lhinds_> sorry about last week, really bad stomach bug wiped out my whole house 15:06:41 <nickthetait> 99% I will gagehugo 15:06:48 <gagehugo> lhinds_ :( 15:06:54 <gagehugo> that's no fun 15:07:03 <nickthetait> feel better 15:07:13 <lhinds_> yep, it was just a 24 hour thing 15:07:29 <gagehugo> #topic Bandit Migration 15:07:47 <gagehugo> lhinds_ any update on the openstack specific plugin issue with bandit? 15:07:58 <lhinds_> gagehugo: apologies, no not yet 15:08:08 <lhinds_> its on my list 15:08:24 <lhinds_> i bit swamped with stuff to clear at the moment 15:08:50 <gagehugo> lhinds_ same :( 15:09:21 <gagehugo> #topic OSSA 15:09:27 <gagehugo> https://security.openstack.org/ossa/OSSA-2018-002.html was released yesterday 15:09:36 <gagehugo> relevant changes were merged in keystone 15:09:57 <lhinds_> gagehugo: I saw that one, was that the API leak? 15:10:03 <gagehugo> yeah 15:10:24 <nickthetait> what type of info can be leaked? 15:10:45 <gagehugo> nickthetait https://bugs.launchpad.net/keystone/+bug/1779205 15:10:45 <openstack> Launchpad bug 1779205 in OpenStack Identity (keystone) "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad) 15:10:53 <nickthetait> thx 15:11:18 <gagehugo> idk if there is any other updates for ossa/ossn 15:11:33 <lhinds_> not from me atm 15:11:53 <gagehugo> #topic documentation 15:12:02 <gagehugo> no updates on my end here 15:12:13 <gagehugo> lhinds_ anything from you? 15:12:32 <lhinds_> I started this one, mainly as the docs need a really good overview, there are quite a few incorrect key / value directives in there 15:12:39 <lhinds_> deprecated values 15:13:16 <lhinds_> I have not had time to look at this, was hoping some volunteers could be found, but openstack is really down on contributes overall 15:13:28 <lhinds_> contributors * 15:14:36 <gagehugo> yeah unfortunately :( 15:15:06 <lhinds_> it is how it is, its not just for us. 15:15:19 <gagehugo> maybe we will get some new people interested at the PTG 15:15:31 <lhinds_> yes, that would be good 15:15:57 <gagehugo> #topic threat analysis 15:16:12 <gagehugo> there's 3 drafts up, I still need to get around to reviewing them 15:16:30 <gagehugo> otherwise no other updates from me 15:16:40 <lhinds_> thanks gagehugo 15:16:50 <gagehugo> my ever growing backlog 15:16:56 <gagehugo> #topic PTG 15:17:00 <lhinds_> kudos for getting the drafts up 15:17:18 <gagehugo> I think they're pretty close, but I need to re-read them 15:17:25 <gagehugo> I will be at the PTG all week 15:17:38 <gagehugo> the schedule is a bit weird though, keystone is Mon/Thur/Fri 15:17:49 <gagehugo> with Mon as the "cross-project" day 15:17:53 <gagehugo> but I should be around 15:18:12 <lhinds_> I unfortunately won't be there. 15:18:21 <gagehugo> security is sharing a room with Barbican Mon/Tue I believe 15:18:24 <gagehugo> lhinds_ :( 15:18:46 <lhinds_> yep, I let ade the PTL know that we might be light on numbers. 15:18:57 <lhinds_> that;s np, as its the same for them too :) 15:19:08 <gagehugo> ok, cool 15:19:59 <gagehugo> we should probably come up with something to discuss there (like recruiting new people) 15:20:24 <nickthetait> indeed 15:20:38 <jessegler> o/ 15:20:46 <gagehugo> jessegler o/ 15:20:53 <gagehugo> #topic general discussion 15:21:09 <gagehugo> the floor is open if anyone wants to bring something up 15:21:27 <gagehugo> otherwise we can end early 15:21:46 <lhinds_> nothing from me, apart from I am on PTO for next three weeks 15:21:59 <gagehugo> lhinds_ vacation? 15:22:04 <lhinds_> gagehugo yup 15:22:07 <gagehugo> nice 15:22:20 <lhinds_> yep, looking forward to it 15:23:01 <nickthetait> I'll have some exciting news to share next week :) 15:23:08 <lhinds_> you're ok still cover gagehugo ? 15:23:19 <gagehugo> nickthetait \o/ 15:23:27 <gagehugo> lhinds_ yup 15:23:35 <lhinds_> thanks gagehugo 15:23:52 <gagehugo> np! 15:24:05 <gagehugo> thanks for coming everyone 15:24:12 <gagehugo> o/ 15:24:15 <gagehugo> #endmeeting