15:00:34 <gagehugo> #startmeeting security
15:00:36 <openstack> Meeting started Thu Feb  7 15:00:34 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:37 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:40 <openstack> The meeting name has been set to 'security'
15:01:21 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda
15:01:41 <gagehugo> ping fungi gagehugo lhinds nickthetait browne redrobot
15:01:50 <fungi> howdy
15:02:07 <gagehugo> fungi: o/
15:04:41 <gagehugo> fungi anything new?
15:05:17 <gagehugo> I saw the thing about asking if the Security SIG wanted a room for the PTG
15:07:23 <fungi> yeah, i think the ptg organizers reached out to all the sig chairs, so just wanted to remind you to respond to them soonish once you get a feel for whether there's a reason to have a spot there
15:08:16 <gagehugo> was there an email?
15:08:21 <gagehugo> I don't remember seeing one
15:14:06 <gagehugo> I wonder if they just emailed lhinds
15:15:33 <gagehugo> fungi: I'll ask around then and see about a spot, I may talk to barbican and see if we can share a room for half a day or something again
15:20:05 <fungi> i can find out who they reached out to
15:20:52 <gagehugo> I briefly looked through my email and didn't see anything, I could have missed it though haha
15:27:34 <gagehugo> fungi: thanks, yeah if you find out let me know and I will figure out what we can do for Denver
15:30:58 <fungi> i've asked them but they may not be awake yet
15:33:10 <gagehugo> ok, heh
15:34:32 <gagehugo> fungi: thanks!
15:34:48 <gagehugo> was there anything else that came up this week?
15:35:29 <gagehugo> I saw https://bugs.launchpad.net/ceilometer/+bug/1811098
15:35:31 <openstack> Launchpad bug 1811098 in Ceilometer "[SRU] ceilometer writing snmp credentials to log file" [Undecided,In progress] - Assigned to Edward Hope-Morley (hopem)
15:35:41 <fungi> yep, i was just about to link that
15:36:20 <fungi> maybe of interest to some who want to pitch in on helping the telemetry team out (ceilometer isn't technically vulnerability:managed by the openstack vmt)
15:36:39 <fungi> i've been providing some guidance and feedback there so far
15:38:59 <fungi> as was mentioned in the tc meeting which just wrapped up a few minutes ago, the telemetry team doesn't have much (if any) in the way of regular contributors any longer, so people who are interested in using and keeping it secure need to step up and pitch in
15:39:16 <gagehugo> ah ok
15:39:29 <gagehugo> do we want to write an OSSA even if they aren't technically covered?
15:39:41 <gagehugo> or maybe an OSSN
15:43:11 <gagehugo> or just a CVE for now perhaps
15:45:03 <fungi> ideally someone on the telemetry team would send out some sort of an announcement, but it's not strictly mandatory
15:45:23 <gagehugo> ok
15:45:31 <fungi> and if someone wants a cve to track that particular defect, they can ask mitre or a cna to assign one
15:46:05 <fungi> (ubuntu is a cna so they could allocate one themselves if they wanted)
15:47:21 <fungi> the ceilometer reviewers did at least get the fix and associated backports (as far back as stable/rocky anyway) merged within the span of a week, so they're surprisingly on top of it
15:47:45 <gagehugo> yeah I saw it seemed to get fixed
15:51:44 <gagehugo> fungi: thanks for coming, I'll be around today if you hear back about the PTG
15:51:49 <gagehugo> #endmeeting