#openstack-meeting log

15:00:30 <gagehugo> #startmeeting security
15:00:31 <openstack> Meeting started Thu Dec 12 15:00:30 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:34 <openstack> The meeting name has been set to 'security'
15:00:44 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda agenda
15:00:59 <gagehugo> o/
15:01:07 <fungi> aloha
15:02:05 <gagehugo> fungi: o/
15:04:02 <gagehugo> #topic OSSA-2019-006 released
15:04:13 <gagehugo> #link https://security.openstack.org/ossa/OSSA-2019-006.html
15:04:27 <gagehugo> email went out yesterday, so everyone should be notified now
15:04:46 <gagehugo> fungi: any other updates for that ^?
15:05:03 <fungi> i don't think so
15:05:07 <fungi> great work there
15:05:22 <fungi> big thanks to the reporter and the keystone devs for quick action on it
15:05:28 <fungi> especially cmurphy
15:05:34 <gagehugo> agreed
15:07:06 <gagehugo> got that fixed very quickly
15:07:49 <gagehugo> #topic Next meeting times
15:08:02 <gagehugo> No meeting next 2 weeks (Happy Holidays!)
15:08:27 <gagehugo> Hopefully everyone gets to take it easy for a bit
15:08:39 <gagehugo> We'll meet again on Jan 02nd
15:08:47 <fungi> also worth noting, while i would normally keep tabs on vulnerability reports on vacation, i'm going to be out to sea from the 18th through the 30th
15:09:14 <fungi> but we have several other contacts listed at https://security.openstack.org/ who can triage reports
15:09:32 <fungi> so hopefully one of them will spot any which come in during that timeframe
15:09:45 <gagehugo> fungi: I'm out for work for the same dates 18-new year, but I always check my emails
15:10:03 <fungi> that helps, don't check too often though! enjoy your time off
15:10:08 <gagehugo> I will!
15:10:22 <gagehugo> #topic newsletter
15:10:33 <gagehugo> I'll actually send one out this week for real this time for the month
15:10:45 <fungi> oh, also if you get time to check the moderation queue for the openstack-security ml a few times while i'm away, that might help
15:10:58 <gagehugo> sure
15:11:06 <fungi> but no big deal if that one languishes for a couple weeks
15:11:39 <gagehugo> also I think with the new year, I'm going to move the security sig newsletter to monthly
15:12:04 <gagehugo> as I keep either forgetting, or we don't really have much to update on
15:12:22 <fungi> that seems perfectly reasonable
15:12:38 <fungi> a lot of sigs don't even provide updates that often (or ever!)
15:12:53 <gagehugo> true
15:13:28 <gagehugo> I was actually told by a few people that they actually read them, so that was nice
15:13:29 <fungi> though we're supposed to have some identifiable output, the vmt producing ossas and our weekly meeting logs could suffice in a pinch
15:13:44 <fungi> but i agree, i like the updates
15:13:54 <fungi> thanks so much for doing them!
15:14:06 <gagehugo> It honestly helps me gather my thoughts too and keeps me focuesed on issues when needed
15:14:20 <gagehugo> np!
15:14:24 <fungi> that's a great point
15:14:31 <gagehugo> #topic Open Discussion
15:14:36 <gagehugo> fungi: anything else for the year?
15:15:21 <fungi> nope, still hoping to do a revision on 678426 and switch it to ready for review
15:15:30 <fungi> hopefully today or tomorrow
15:15:36 <fungi> we'll see how my day goes
15:15:54 <fungi> #link https://review.opendev.org/678426 Update vulnerability:managed policy
15:16:04 <gagehugo> yeah was just looking that up haha
15:16:06 <gagehugo> thanks
15:16:09 <gagehugo> sounds good
15:17:14 <fungi> enjoy your time off!
15:17:26 <gagehugo> fungi: thanks for all the help!
15:17:33 <gagehugo> you too! enjoy the sea
15:17:49 <fungi> thanks gagehugo!
15:17:55 <gagehugo> #endmeeting