15:00:38 #startmeeting security 15:00:39 Meeting started Thu Apr 30 15:00:38 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:40 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:42 The meeting name has been set to 'security' 15:01:02 #link https://etherpad.opendev.org/p/security-agenda agenda 15:01:48 heya 15:01:55 o/ 15:03:27 #topic Virtual PTG Timeslots 15:04:51 I tentatively picked some timeslots for the security sig to meet for the ptg 15:04:53 1500 - 1700 UTC & 2100 - 2300 UTC Monday June 1st 2020 15:05:17 sounds good, thanks for scheduling! 15:05:55 I'll send out an email to the mailing list today as well 15:06:34 I should be able to make at least the first slot 15:07:07 I think it was recommended that SIGs meet the first couple days 15:07:25 there is also an etherpad for topics 15:07:27 #link https://etherpad.opendev.org/p/security-sig-ptg-victoria 15:08:41 please take a look when you get time 15:09:04 #topic public bug 15:09:18 #link https://bugs.launchpad.net/keystone/+bug/1872737 15:09:18 Launchpad bug 1872737 in OpenStack Identity (keystone) "Keystone doesn't check signature TTL of the EC2 credential auth method" [Medium,In progress] - Assigned to Colleen Murphy (krinkle) 15:09:22 That was made public this week 15:11:49 #topic open discussion 15:12:01 fungi redrobot: anything you want to discuss this week? 15:13:21 Nope... was hoping to schedule barbican ptg time this week, but no one showed up to the weekly meeting. 😭 15:13:44 #link https://launchpad.net/bugs/1875439 glance requires md5 implementation be available 15:13:44 Launchpad bug 1875439 in Glance "glance requires md5 implementation be available" [High,Triaged] 15:13:57 that's another security-related one filed in the past week 15:14:08 ah yeah, thanks fungi 15:15:47 #link https://launchpad.net/bugs/1786646 Domain Existence Leaking without authentication 15:15:47 Launchpad bug 1786646 in OpenStack Identity (keystone) "Domain Existence Leaking without authentication" [High,Confirmed] 15:15:51 that's another 15:16:36 not filed, but dsiclosed 15:16:48 (that last one was old-ish, but no longer relevant) 15:17:36 only ~2 years old 15:19:10 oh, i did add reminder comments to any private reports for projects where embargoes are due to expire in a month, if they hadn't seen any other activity since my original comment on them two months ago 15:19:49 yup 15:20:31 i don't think i've got anything else for the meeting 15:23:38 redrobot: I will try to attend the barbican ptg 15:23:53 gagehugo, yay! :D 15:24:03 depends on how double/triple booked everything is 15:24:23 might just end up with a cacophony of calls going on at once 15:24:25 We were thinking of doing stuff around the same time we have the weekly meeting 15:24:33 i still think getting barbican listed as a base service might be a good goal 15:24:40 so like Tuesday ~1600 UTC 15:24:53 #link https://governance.openstack.org/tc/reference/base-services.html Base services 15:24:57 fungi, Castellan-compatible service was a good start 15:25:13 yeah, i didn't get much pushback on that one 15:25:17 and it's been in there for a while now 15:26:03 i feel like barbican could be in a similar class to keystone there though, really 15:26:41 especially as we see more efforts like the image encryption one arise 15:27:30 anyway, ideas for stuff which might be interesting to talk about at the ptg, from a security sig perspective 15:27:36 i'll add to the etherpad 15:27:57 def 15:28:51 and done 15:29:23 thanks fungi redrobot ! 15:29:29 thanks gagehugo! 15:29:31 Have a good rest of the week 15:29:32 :D 15:29:34 #endmeeting