#openstack-meeting log

15:00:29 <gagehugo> #startmeeting security
15:00:29 <openstack> Meeting started Thu Jul 26 15:00:29 2018 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:33 <openstack> The meeting name has been set to 'security'
15:01:15 <gagehugo> ping eeiden fungi gagehugo lhinds nickthetait browne redrobot
15:01:20 <gagehugo> anyone around?
15:01:23 <nickthetait> hey
15:01:35 <gagehugo> nickthetait o/
15:03:39 <gagehugo> I think fungi is out on vacation
15:03:45 <gagehugo> not sure if lhinds is around
15:04:22 <gagehugo> nickthetait do you have anything you wanna discuss?
15:05:11 <nickthetait> no
15:06:11 <gagehugo> will you be at the ptg?
15:06:12 <lhinds_> hey all, gagehugo did the agenda by the looks of it
15:06:31 <lhinds_> sorry about last week, really bad stomach bug wiped out my whole house
15:06:41 <nickthetait> 99% I will gagehugo
15:06:48 <gagehugo> lhinds_ :(
15:06:54 <gagehugo> that's no fun
15:07:03 <nickthetait> feel better
15:07:13 <lhinds_> yep, it was just a 24 hour thing
15:07:29 <gagehugo> #topic Bandit Migration
15:07:47 <gagehugo> lhinds_ any update on the openstack specific plugin issue with bandit?
15:07:58 <lhinds_> gagehugo: apologies, no not yet
15:08:08 <lhinds_> its on my list
15:08:24 <lhinds_> i bit swamped with stuff to clear at the moment
15:08:50 <gagehugo> lhinds_ same :(
15:09:21 <gagehugo> #topic OSSA
15:09:27 <gagehugo> https://security.openstack.org/ossa/OSSA-2018-002.html was released yesterday
15:09:36 <gagehugo> relevant changes were merged in keystone
15:09:57 <lhinds_> gagehugo: I saw that one, was that the API leak?
15:10:03 <gagehugo> yeah
15:10:24 <nickthetait> what type of info can be leaked?
15:10:45 <gagehugo> nickthetait https://bugs.launchpad.net/keystone/+bug/1779205
15:10:45 <openstack> Launchpad bug 1779205 in OpenStack Identity (keystone) "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad)
15:10:53 <nickthetait> thx
15:11:18 <gagehugo> idk if there is any other updates for ossa/ossn
15:11:33 <lhinds_> not from me atm
15:11:53 <gagehugo> #topic documentation
15:12:02 <gagehugo> no updates on my end here
15:12:13 <gagehugo> lhinds_ anything from you?
15:12:32 <lhinds_> I started this one, mainly as the docs need a really good overview, there are quite a few incorrect key / value directives in there
15:12:39 <lhinds_> deprecated values
15:13:16 <lhinds_> I have not had time to look at this, was hoping some volunteers could be found, but openstack is really down on contributes overall
15:13:28 <lhinds_> contributors *
15:14:36 <gagehugo> yeah unfortunately :(
15:15:06 <lhinds_> it is how it is, its not just for us.
15:15:19 <gagehugo> maybe we will get some new people interested at the PTG
15:15:31 <lhinds_> yes, that would be good
15:15:57 <gagehugo> #topic threat analysis
15:16:12 <gagehugo> there's 3 drafts up, I still need to get around to reviewing them
15:16:30 <gagehugo> otherwise no other updates from me
15:16:40 <lhinds_> thanks gagehugo
15:16:50 <gagehugo> my ever growing backlog
15:16:56 <gagehugo> #topic PTG
15:17:00 <lhinds_> kudos for getting the drafts up
15:17:18 <gagehugo> I think they're pretty close, but I need to re-read them
15:17:25 <gagehugo> I will be at the PTG all week
15:17:38 <gagehugo> the schedule is a bit weird though, keystone is Mon/Thur/Fri
15:17:49 <gagehugo> with Mon as the "cross-project" day
15:17:53 <gagehugo> but I should be around
15:18:12 <lhinds_> I unfortunately won't be there.
15:18:21 <gagehugo> security is sharing a room with Barbican Mon/Tue I believe
15:18:24 <gagehugo> lhinds_ :(
15:18:46 <lhinds_> yep, I let ade the PTL know that we might be light on numbers.
15:18:57 <lhinds_> that;s np, as its the same for them too :)
15:19:08 <gagehugo> ok, cool
15:19:59 <gagehugo> we should probably come up with something to discuss there (like recruiting new people)
15:20:24 <nickthetait> indeed
15:20:38 <jessegler> o/
15:20:46 <gagehugo> jessegler o/
15:20:53 <gagehugo> #topic general discussion
15:21:09 <gagehugo> the floor is open if anyone wants to bring something up
15:21:27 <gagehugo> otherwise we can end early
15:21:46 <lhinds_> nothing from me, apart from I am on PTO for next three weeks
15:21:59 <gagehugo> lhinds_ vacation?
15:22:04 <lhinds_> gagehugo yup
15:22:07 <gagehugo> nice
15:22:20 <lhinds_> yep, looking forward to it
15:23:01 <nickthetait> I'll have some exciting news to share next week :)
15:23:08 <lhinds_> you're ok still cover gagehugo ?
15:23:19 <gagehugo> nickthetait \o/
15:23:27 <gagehugo> lhinds_ yup
15:23:35 <lhinds_> thanks gagehugo
15:23:52 <gagehugo> np!
15:24:05 <gagehugo> thanks for coming everyone
15:24:12 <gagehugo> o/
15:24:15 <gagehugo> #endmeeting