#openstack-meeting log

15:02:06 <gagehugo> #startmeeting security
15:02:07 <openstack> Meeting started Thu Oct  1 15:02:06 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:08 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:10 <openstack> The meeting name has been set to 'security'
15:02:21 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:04:16 <gagehugo> o/
15:04:41 <gagehugo> Not much on the agenda today
15:05:57 <fungi> ohai
15:06:03 <fungi> sorry, lots going on
15:06:43 <fungi> #link https://launchpad.net/bugs/1892852 memcached socket
15:06:45 <openstack> Launchpad bug 1892852 in OpenStack Security Advisory "memcached socket not released upon lbaas API request " [Undecided,Incomplete]
15:06:55 <fungi> er, that should have been "memcached socket
15:06:58 <fungi> not released upon lbaas API request"
15:07:06 <fungi> silly stray newline in my paste buffer
15:07:25 <fungi> that was switched to public this week
15:12:46 <gagehugo> yeah same
15:13:32 <gagehugo> Yup, that one was very similar to another
15:16:27 <gagehugo> Also with the Summit/PTG this month, I was going to cancel this meeting for those 2 weeks
15:16:58 <gagehugo> So the 22nd and 29th
15:18:37 <fungi> makes sense
15:20:57 <gagehugo> fungi: anything else for this week?
15:22:23 <fungi> i've been getting increasingly concerned by the number of open vulnerability reports with little movement from project team contributors, thinking about starting to publish a periodic list sorted by team
15:23:57 <fungi> #link https://bugs.launchpad.net/ossa we have around 30 public reports of suspected vulnerabilities which need help
15:25:01 <fungi> either help confirming, debunking, closing as fixed many releases ago, patches or mitigations written, backports done, et cetera
15:27:19 <gagehugo> hmm ok
15:27:39 <gagehugo> a periodic list might be a good idea
15:28:18 <fungi> the oldest one there was reported 2016-03-02
15:28:24 <fungi> so over 4 years now
15:31:23 <gagehugo> 2016 seems like is was more than 4 years ago now
15:39:15 <gagehugo> thanks fungi: have a good rest of the week!
15:39:17 <gagehugo> #endmeeting