#openstack-meeting log

15:00:38 <gagehugo> #startmeeting security
15:00:39 <openstack> Meeting started Thu Apr 30 15:00:38 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:40 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:42 <openstack> The meeting name has been set to 'security'
15:01:02 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:01:48 <fungi> heya
15:01:55 <gagehugo> o/
15:03:27 <gagehugo> #topic Virtual PTG Timeslots
15:04:51 <gagehugo> I tentatively picked some timeslots for the security sig to meet for the ptg
15:04:53 <gagehugo> 1500 - 1700 UTC & 2100 - 2300 UTC Monday June 1st 2020
15:05:17 <fungi> sounds good, thanks for scheduling!
15:05:55 <gagehugo> I'll send out an email to the mailing list today as well
15:06:34 <redrobot> I should be able to make at least the first slot
15:07:07 <gagehugo> I think it was recommended that SIGs meet the first couple days
15:07:25 <gagehugo> there is also an etherpad for topics
15:07:27 <gagehugo> #link https://etherpad.opendev.org/p/security-sig-ptg-victoria
15:08:41 <gagehugo> please take a look when you get time
15:09:04 <gagehugo> #topic public bug
15:09:18 <gagehugo> #link https://bugs.launchpad.net/keystone/+bug/1872737
15:09:18 <openstack> Launchpad bug 1872737 in OpenStack Identity (keystone) "Keystone doesn't check signature TTL of the EC2 credential auth method" [Medium,In progress] - Assigned to Colleen Murphy (krinkle)
15:09:22 <gagehugo> That was made public this week
15:11:49 <gagehugo> #topic open discussion
15:12:01 <gagehugo> fungi redrobot: anything you want to discuss this week?
15:13:21 <redrobot> Nope... was hoping to schedule barbican ptg time this week, but no one showed up to the weekly meeting. 😭
15:13:44 <fungi> #link https://launchpad.net/bugs/1875439 glance requires md5 implementation be available
15:13:44 <openstack> Launchpad bug 1875439 in Glance "glance requires md5 implementation be available" [High,Triaged]
15:13:57 <fungi> that's another security-related one filed in the past week
15:14:08 <gagehugo> ah yeah, thanks fungi
15:15:47 <fungi> #link https://launchpad.net/bugs/1786646 Domain Existence Leaking without authentication
15:15:47 <openstack> Launchpad bug 1786646 in OpenStack Identity (keystone) "Domain Existence Leaking without authentication" [High,Confirmed]
15:15:51 <fungi> that's another
15:16:36 <fungi> not filed, but dsiclosed
15:16:48 <fungi> (that last one was old-ish, but no longer relevant)
15:17:36 <gagehugo> only ~2 years old
15:19:10 <fungi> oh, i did add reminder comments to any private reports for projects where embargoes are due to expire in a month, if they hadn't seen any other activity since my original comment on them two months ago
15:19:49 <gagehugo> yup
15:20:31 <fungi> i don't think i've got anything else for the meeting
15:23:38 <gagehugo> redrobot: I will try to attend the barbican ptg
15:23:53 <redrobot> gagehugo, yay! :D
15:24:03 <gagehugo> depends on how double/triple booked everything is
15:24:23 <gagehugo> might just end up with a cacophony of calls going on at once
15:24:25 <redrobot> We were thinking of doing stuff around the same time we have the weekly meeting
15:24:33 <fungi> i still think getting barbican listed as a base service might be a good goal
15:24:40 <redrobot> so like Tuesday ~1600 UTC
15:24:53 <fungi> #link https://governance.openstack.org/tc/reference/base-services.html Base services
15:24:57 <redrobot> fungi, Castellan-compatible service was a good start
15:25:13 <fungi> yeah, i didn't get much pushback on that one
15:25:17 <fungi> and it's been in there for a while now
15:26:03 <fungi> i feel like barbican could be in a similar class to keystone there though, really
15:26:41 <fungi> especially as we see more efforts like the image encryption one arise
15:27:30 <fungi> anyway, ideas for stuff which might be interesting to talk about at the ptg, from a security sig perspective
15:27:36 <fungi> i'll add to the etherpad
15:27:57 <gagehugo> def
15:28:51 <fungi> and done
15:29:23 <gagehugo> thanks fungi redrobot !
15:29:29 <fungi> thanks gagehugo!
15:29:31 <gagehugo> Have a good rest of the week
15:29:32 <redrobot> :D
15:29:34 <gagehugo> #endmeeting