#openstack-meeting log

15:00:24 <gagehugo> #startmeeting security
15:00:24 <openstack> Meeting started Thu Mar 21 15:00:24 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:25 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:28 <openstack> The meeting name has been set to 'security'
15:00:40 <gagehugo> ping fungi gagehugo lhinds nickthetait browne redrobot
15:00:52 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda agenda
15:01:14 <fungi> ohai
15:01:24 <redrobot> \o
15:02:19 <Luzi> o/
15:02:44 <gagehugo> o/
15:04:02 <gagehugo> hey fungi redrobot Luzi
15:04:46 <redrobot> igau'
15:04:49 <redrobot> *ohai
15:05:17 <gagehugo> Only got a couple things on the agenda for today
15:05:29 <gagehugo> https://bugs.launchpad.net/nova/+bug/1816727
15:05:31 <openstack> Launchpad bug 1816727 in OpenStack Compute (nova) "nova-novncproxy does not handle TCP RST cleanly when using SSL " [Medium,In progress] - Assigned to melanie witt (melwitt)
15:05:39 <gagehugo> was made public recently
15:06:08 <fungi> #link https://launchpad.net/bugs/1816727 nova-novncproxy does not handle TCP RST cleanly when using SSL
15:06:45 <gagehugo> thanks fungi
15:07:06 <fungi> this was classified as a security hardening opportunity, since the impact is assumed to be roughly the same as someone intentionally opening a lot of connections to the service and not closing them cleanly
15:07:55 <fungi> it's more just a fix to avoid people using certain kinds of load balancer health checks from unintentionally dos'ing their novnc
15:09:03 <fungi> it's still recommended to have some sort of rate limiting/mitigating proxy in front of the service anyway, as it's not really robust in the face of intentional attacks
15:11:25 <fungi> i didn't really have anything else to say on that one
15:12:25 <gagehugo> ok, thanks again fungi
15:12:49 <gagehugo> #topic Denver Summit
15:13:12 * gagehugo is bad about remembering to do the topics
15:13:23 <gagehugo> So I reserved a room for 1 day at the summit for the security sig
15:13:42 <gagehugo> once the schedule gets made I can send out an email to the mailing list
15:13:56 <fungi> (just a heads up, i added something else to the agenda now)
15:14:12 <gagehugo> :)
15:14:32 <gagehugo> #topic ossa-2019-001
15:14:45 <gagehugo> #link https://security.openstack.org/ossa/OSSA-2019-001.html OSSA report
15:15:14 <fungi> OSSA-2019-001: Unsupported dport option prevents applying security groups
15:15:21 <fungi> patch up!
15:15:30 <fungi> it's our first ossa of the year
15:15:58 <fungi> and patches made available by the neutron devs all the way back to stable/ocata
15:18:26 <gagehugo> nice
15:18:50 <gagehugo> fungi anything else?
15:19:45 <fungi> not on my end
15:20:01 <gagehugo> #topic open discussion
15:20:12 <gagehugo> Anyone have anything they want to bring up?
15:20:32 <gagehugo> #link https://etherpad.openstack.org/p/DEN-securitysig-topics
15:20:41 <gagehugo> ^ if anyone has a topic for the summit session or PTG
15:21:31 <gagehugo> otherwise I have nothing else for this week
15:25:37 <gagehugo> thanks for coming everyone!
15:25:39 <gagehugo> have a good weekend
15:25:43 <gagehugo> #endmeeting