15:00:34 <gagehugo> #startmeeting security 15:00:36 <openstack> Meeting started Thu Feb 7 15:00:34 2019 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:37 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:40 <openstack> The meeting name has been set to 'security' 15:01:21 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda 15:01:41 <gagehugo> ping fungi gagehugo lhinds nickthetait browne redrobot 15:01:50 <fungi> howdy 15:02:07 <gagehugo> fungi: o/ 15:04:41 <gagehugo> fungi anything new? 15:05:17 <gagehugo> I saw the thing about asking if the Security SIG wanted a room for the PTG 15:07:23 <fungi> yeah, i think the ptg organizers reached out to all the sig chairs, so just wanted to remind you to respond to them soonish once you get a feel for whether there's a reason to have a spot there 15:08:16 <gagehugo> was there an email? 15:08:21 <gagehugo> I don't remember seeing one 15:14:06 <gagehugo> I wonder if they just emailed lhinds 15:15:33 <gagehugo> fungi: I'll ask around then and see about a spot, I may talk to barbican and see if we can share a room for half a day or something again 15:20:05 <fungi> i can find out who they reached out to 15:20:52 <gagehugo> I briefly looked through my email and didn't see anything, I could have missed it though haha 15:27:34 <gagehugo> fungi: thanks, yeah if you find out let me know and I will figure out what we can do for Denver 15:30:58 <fungi> i've asked them but they may not be awake yet 15:33:10 <gagehugo> ok, heh 15:34:32 <gagehugo> fungi: thanks! 15:34:48 <gagehugo> was there anything else that came up this week? 15:35:29 <gagehugo> I saw https://bugs.launchpad.net/ceilometer/+bug/1811098 15:35:31 <openstack> Launchpad bug 1811098 in Ceilometer "[SRU] ceilometer writing snmp credentials to log file" [Undecided,In progress] - Assigned to Edward Hope-Morley (hopem) 15:35:41 <fungi> yep, i was just about to link that 15:36:20 <fungi> maybe of interest to some who want to pitch in on helping the telemetry team out (ceilometer isn't technically vulnerability:managed by the openstack vmt) 15:36:39 <fungi> i've been providing some guidance and feedback there so far 15:38:59 <fungi> as was mentioned in the tc meeting which just wrapped up a few minutes ago, the telemetry team doesn't have much (if any) in the way of regular contributors any longer, so people who are interested in using and keeping it secure need to step up and pitch in 15:39:16 <gagehugo> ah ok 15:39:29 <gagehugo> do we want to write an OSSA even if they aren't technically covered? 15:39:41 <gagehugo> or maybe an OSSN 15:43:11 <gagehugo> or just a CVE for now perhaps 15:45:03 <fungi> ideally someone on the telemetry team would send out some sort of an announcement, but it's not strictly mandatory 15:45:23 <gagehugo> ok 15:45:31 <fungi> and if someone wants a cve to track that particular defect, they can ask mitre or a cna to assign one 15:46:05 <fungi> (ubuntu is a cna so they could allocate one themselves if they wanted) 15:47:21 <fungi> the ceilometer reviewers did at least get the fix and associated backports (as far back as stable/rocky anyway) merged within the span of a week, so they're surprisingly on top of it 15:47:45 <gagehugo> yeah I saw it seemed to get fixed 15:51:44 <gagehugo> fungi: thanks for coming, I'll be around today if you hear back about the PTG 15:51:49 <gagehugo> #endmeeting