15:04:58 <gagehugo> #startmeeting security 15:04:59 <openstack> Meeting started Thu Oct 25 15:04:58 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:03 <openstack> The meeting name has been set to 'security' 15:05:29 * gagehugo totally didn't lose track of time 15:05:47 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda 15:05:52 <Luzi> o/ 15:06:10 <gagehugo> ping eeiden fungi gagehugo lhinds nickthetait browne redrobot 15:06:14 <gagehugo> Luzi: o/ 15:06:52 * fungi is triple-booked between board of directors call, tc office hour and this meeting, just to set expectations ;) 15:09:28 <gagehugo> probably will be a pretty quick meeting, there was one issue in glance 15:09:34 <gagehugo> #link https://bugs.launchpad.net/glance/+bug/1799588 15:09:34 <openstack> Launchpad bug 1799588 in OpenStack Security Advisory "non-admin users can see all tenants' images even when image is private" [Undecided,Incomplete] 15:10:10 <gagehugo> could be a policy/configuration issue, but not sure 15:10:20 <gagehugo> Luzi: Do you have anything? 15:10:28 <gagehugo> these meetings are usually pretty informal 15:10:33 <Luzi> yes 15:10:36 <gagehugo> cool 15:10:51 <Luzi> you might have already read it on the ml or in some projects irc meetings 15:11:07 <Luzi> we want to propose Image encryption to openstack 15:11:22 <Luzi> this is a cross project proposal and should adress the confidentiality of images 15:12:02 <gagehugo> This thread: http://lists.openstack.org/pipermail/openstack-dev/2018-October/135387.html 15:12:05 <gagehugo> ?* 15:12:19 <Luzi> yes 15:12:40 <Luzi> we have already written specs for nova, cinder and glance 15:13:03 <gagehugo> do you have links for those on you? 15:13:10 <gagehugo> #link http://lists.openstack.org/pipermail/openstack-dev/2018-October/135387.html 15:13:17 <Luzi> Glance: https://review.openstack.org/#/c/609667/ 15:13:26 <Luzi> Nova: https://review.openstack.org/#/c/608696/ 15:13:33 <Luzi> Cinder: https://review.openstack.org/#/c/608663/ 15:14:43 <gagehugo> awesome 15:14:50 <Luzi> it would be nice to have also input from the security side :) 15:14:58 <gagehugo> I'll put them on the agenda so I remember to read them later 15:15:01 <gagehugo> :) 15:15:42 <Luzi> thank you, it would be nice to discuss this further maybe next week or in the scurity channel :) 15:16:12 <gagehugo> Luzi: Sure, yeah I'll try to read them over before next meeting 15:16:29 <Luzi> gagehugo, thanks :) 15:17:01 <gagehugo> fungi: Not to bug you, did you have anything for this week? 15:17:10 <fungi> nothing really, no 15:17:12 <fungi> thanks though! 15:17:21 <gagehugo> ok 15:17:27 <fungi> just barely keeping up with all the conversations going on at once, sorry 15:17:36 <gagehugo> fungi: heh 15:17:46 <gagehugo> I put the links on the security agenda for Luzi's specs 15:17:56 <gagehugo> otherwise I think we can end early 15:18:13 <fungi> appreciated! 15:19:39 <gagehugo> Luzi fungi thanks for coming! 15:19:45 <gagehugo> #endmeeting