15:00:12 <gagehugo> #startmeeting security 15:00:13 <openstack> Meeting started Thu Jul 30 15:00:12 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:14 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:16 <openstack> The meeting name has been set to 'security' 15:00:21 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda 15:00:28 <gagehugo> o/ 15:01:18 <fungi> ahoy 15:04:22 <gagehugo> fungi: o/ 15:04:50 <fungi> oh good, i was worried for a moment that o/ was actually the international emoticon for "i'm drowning, help" 15:05:53 <Luzi_> o/ 15:06:14 <gagehugo> It could be 15:06:42 <gagehugo> fungi: do you have anything this week? 15:06:53 <gagehugo> unfortunately July was a busy month for me 15:07:47 <fungi> uh, yeah, let's see... 15:08:24 <fungi> #link https://launchpad.net/bugs/1888722 The Nova api permits any possible hostname, including for example "../.." or "; --" or "hostname.openstack.org" 15:08:26 <openstack> Launchpad bug 1888722 in OpenStack Compute (nova) "The Nova api permits any possible hostname, including for example "../.." or "; --" or "hostname.openstack.org"" [Undecided,New] 15:08:51 <fungi> #link https://launchpad.net/bugs/1889055 security issue - some command injection vulnerability found and fixed 15:08:53 <openstack> Launchpad bug 1889055 in OpenStack Security Advisory "security issue - some command injection vulnerability found and fixed" [Undecided,Invalid] 15:09:06 <fungi> those were made public in the past week 15:10:01 <gagehugo> cool 15:10:05 <fungi> unrelated, the open infrastructure summit event organizers at the osf are looking for additional programming committee members to oversee talk selection for the security track 15:10:20 <fungi> they need at least one more, but several would be great 15:10:41 <fungi> if anyone sees this and is interested in helping with that, feel free to reach out to me and i can put you in touch 15:11:44 <gagehugo> Do you know the dates for the selection process? 15:11:52 <fungi> commitment is fairly minimal. a few hours a week for maybe a couple weeks to review talk proposal abstracts, rank them and provide feedback 15:12:08 <gagehugo> I could potentially help if I can plan ahead 15:12:19 <fungi> looking for schedule details now 15:13:44 <fungi> #link https://cfp.openstack.org/ speakers will be informed by mid August 2020 15:13:59 <Luzi_> 10 hours, August 18 - 28 - CFP review and final selection 15:14:09 <fungi> thanks! 15:14:59 <gagehugo> fungi: you can put me down, I will make plans to be available 15:15:20 <fungi> gagehugo: great, i'll let them know to get in touch 15:16:16 <fungi> Luzi_: i think they've also been trying to reach out to you since you did it recently, though i totally understand if that's not something you're up for (i did it a few years myself and got burned out on it) 15:17:53 <Luzi_> fungi, they did ask me, and i am willing to help :) 15:18:19 <fungi> oh, cool i'll make sure they know, it's possible they missed your reply 15:18:27 <Luzi_> they got it 15:18:29 <fungi> and thanks so much!!! 15:18:31 <Luzi_> :) 15:21:55 <fungi> yeah, now i see they contacted you after the last time i checked in with them, cool 15:23:38 <fungi> i don't think i had anything else for this week 15:24:17 <fungi> though i guess that's also a good opportunity to remind everyone the cfp is open, and obviously there's a security track, so feel free to propose stuff you want to give a talk on 15:24:57 <gagehugo> yup 15:26:07 <fungi> and it's a virtual event, so you can give a talk from the comfort of your own porch/living room/dank basement/wherever 15:27:47 <gagehugo> from my patio as a tornado goes by in the background 15:28:11 <fungi> and i'll watch it from inside the eye of a hurricane 15:29:35 <gagehugo> ++ 15:30:23 <gagehugo> I need to run, thanks Luzi_ fungi 15:30:28 <gagehugo> #endmeeting