#openstack-meeting log

15:00:38 <gagehugo> #startmeeting security
15:00:39 <openstack> Meeting started Thu Jul  2 15:00:38 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:40 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:42 <openstack> The meeting name has been set to 'security'
15:00:47 <gagehugo> #linkhttps://etherpad.opendev.org/p/security-agenda agenda
15:01:23 <fungi> ahoy, mateys
15:02:27 <rosmaita> o/
15:03:45 <gagehugo> o/
15:06:23 <fungi> this has to be our most riveting meeting yet ;)
15:07:09 <rosmaita> any security meeting you can walk away from, is a good security meeting
15:08:42 <fungi> fair point
15:08:57 <gagehugo> sorry was distracted
15:09:04 <fungi> no worries!
15:09:05 <gagehugo> #topic next week's meeting
15:09:12 <fungi> i'm a little fried this morning anyway
15:09:15 <gagehugo> I will be out for training, so I'm going to just cancel it
15:09:16 <gagehugo> me too
15:09:25 <gagehugo> I'll send out an email
15:09:30 <gagehugo> #topic open discussion
15:09:33 <gagehugo> floor is open
15:10:56 <rosmaita> we now have cinder releases for all releasable branches that address OSSN-0086
15:12:13 <fungi> thanks rosmaita!
15:12:33 <rosmaita> and hopefully i will never utter the words "OSSN-0086" ever again
15:12:34 <gagehugo> yes, ty rosmaita!
15:13:25 <fungi> someone popped into #openstack-security a little while back asking whether anyone has experience integrating carbonblack's security products with their openstack deployments
15:13:56 <fungi> proprietary stuff, so likely not that relevant for us to discuss, but figured i'd point it out for the log
15:14:19 <fungi> there may be some operators with a common interest around that or similar integrations i guess
15:15:45 <fungi> looks like june 23 was the last time we switched any security-related bugs public, so not much to discuss on the advisory/vmt end of things
15:16:13 <fungi> pretty sure we covered that one in last week's meeting
15:16:59 <gagehugo> yeah
15:17:01 <fungi> i still haven't gotten to writing up the barbican as a base service proposal for openstack/governance like we talked about at the ptg, though it's just about been excavated from my to do pile again
15:18:47 <fungi> i'm quite pleased with how our new 90-day embargo limit is working out though. it's allowed us to air out a bunch of old cobwebs and is keeping our embargo load very manageable
15:19:43 <fungi> that said, it means there are now a bunch of "incomplete" ossa bugtasks on public-security bugs which could use some eyes on them to help us figure out if they're actual vulnerabilities
15:20:22 <fungi> #link https://launchpad.net/bugs/ossa Please help the OpenStack VMT identify actionable vulnerability reports
15:21:07 <fungi> d'oh, i should have tested that url first
15:21:14 <fungi> gagehugo: can you #undo?
15:21:21 <gagehugo> lol
15:21:22 <gagehugo> #undo
15:21:23 <openstack> Removing item from minutes: #link https://launchpad.net/bugs/ossa
15:21:27 <fungi> thanks
15:21:37 <fungi> #link https://bugs.launchpad.net/ossa Please help the OpenStack VMT identify actionable vulnerability reports
15:21:43 <fungi> much better
15:28:04 <gagehugo> thanks fungi
15:28:14 <gagehugo> thanks rosmita
15:28:17 <rosmaita> i think you can close the OSSA parg of https://bugs.launchpad.net/ossa/+bug/1799221 as a WON'T FIX
15:28:17 <openstack> Launchpad bug 1799221 in OpenStack Security Advisory "cinder-volume can create truncated volumes when masking glanceclient errors" [Undecided,New]
15:28:30 <rosmaita> s/parg/part/
15:28:35 <gagehugo> yeah
15:28:52 <fungi> great! if you can leave a comment explaining why, i'm happy to do that
15:29:08 <rosmaita> sure
15:29:34 <fungi> i just don't want it to look like i'm going around closing our advisory tasks without community input
15:30:10 <rosmaita> :)
15:31:46 <fungi> (otherwise i'd go close all of those now for lack of interest)
15:33:33 <gagehugo> fungi: I'll also try to get a new meeting time email out eventually
15:33:44 <gagehugo> this time-slot isn't the greatest
15:34:28 <fungi> sure, sounds good
15:34:33 <fungi> i'm happy to adjust
15:34:50 <gagehugo> thanks everyone, have a good holiday weekend!
15:34:52 <fungi> i'm normally at least double, sometimes triple and occasionally quadruple booked during this hour
15:34:56 <gagehugo> same
15:35:02 <fungi> thanks gagehugo! you too!
15:35:10 <gagehugo> and it's worse once DST begins/ends
15:35:15 <gagehugo> #endmeeting