15:00:12 <gagehugo> #startmeeting security
15:00:13 <openstack> Meeting started Thu Jul 30 15:00:12 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:14 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:16 <openstack> The meeting name has been set to 'security'
15:00:21 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:00:28 <gagehugo> o/
15:01:18 <fungi> ahoy
15:04:22 <gagehugo> fungi: o/
15:04:50 <fungi> oh good, i was worried for a moment that o/ was actually the international emoticon for "i'm drowning, help"
15:05:53 <Luzi_> o/
15:06:14 <gagehugo> It could be
15:06:42 <gagehugo> fungi: do you have anything this week?
15:06:53 <gagehugo> unfortunately July was a busy month for me
15:07:47 <fungi> uh, yeah, let's see...
15:08:24 <fungi> #link https://launchpad.net/bugs/1888722 The Nova api permits any possible hostname, including for example "../.." or "; --" or "hostname.openstack.org"
15:08:26 <openstack> Launchpad bug 1888722 in OpenStack Compute (nova) "The Nova api permits any possible hostname, including for example "../.." or "; --" or "hostname.openstack.org"" [Undecided,New]
15:08:51 <fungi> #link https://launchpad.net/bugs/1889055 security issue - some command injection vulnerability found and fixed
15:08:53 <openstack> Launchpad bug 1889055 in OpenStack Security Advisory "security issue - some command injection vulnerability found and fixed" [Undecided,Invalid]
15:09:06 <fungi> those were made public in the past week
15:10:01 <gagehugo> cool
15:10:05 <fungi> unrelated, the open infrastructure summit event organizers at the osf are looking for additional programming committee members to oversee talk selection for the security track
15:10:20 <fungi> they need at least one more, but several would be great
15:10:41 <fungi> if anyone sees this and is interested in helping with that, feel free to reach out to me and i can put you in touch
15:11:44 <gagehugo> Do you know the dates for the selection process?
15:11:52 <fungi> commitment is fairly minimal. a few hours a week for maybe a couple weeks to review talk proposal abstracts, rank them and provide feedback
15:12:08 <gagehugo> I could potentially help if I can plan ahead
15:12:19 <fungi> looking for schedule details now
15:13:44 <fungi> #link https://cfp.openstack.org/ speakers will be informed by mid August 2020
15:13:59 <Luzi_> 10 hours, August 18 - 28 - CFP review and final selection
15:14:09 <fungi> thanks!
15:14:59 <gagehugo> fungi: you can put me down, I will make plans to be available
15:15:20 <fungi> gagehugo: great, i'll let them know to get in touch
15:16:16 <fungi> Luzi_: i think they've also been trying to reach out to you since you did it recently, though i totally understand if that's not something you're up for (i did it a few years myself and got burned out on it)
15:17:53 <Luzi_> fungi, they did ask me, and i am willing to help :)
15:18:19 <fungi> oh, cool i'll make sure they know, it's possible they missed your reply
15:18:27 <Luzi_> they got it
15:18:29 <fungi> and thanks so much!!!
15:18:31 <Luzi_> :)
15:21:55 <fungi> yeah, now i see they contacted you after the last time i checked in with them, cool
15:23:38 <fungi> i don't think i had anything else for this week
15:24:17 <fungi> though i guess that's also a good opportunity to remind everyone the cfp is open, and obviously there's a security track, so feel free to propose stuff you want to give a talk on
15:24:57 <gagehugo> yup
15:26:07 <fungi> and it's a virtual event, so you can give a talk from the comfort of your own porch/living room/dank basement/wherever
15:27:47 <gagehugo> from my patio as a tornado goes by in the background
15:28:11 <fungi> and i'll watch it from inside the eye of a hurricane
15:29:35 <gagehugo> ++
15:30:23 <gagehugo> I need to run, thanks Luzi_ fungi
15:30:28 <gagehugo> #endmeeting