15:02:06 #startmeeting security 15:02:07 Meeting started Thu Oct 1 15:02:06 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:02:08 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:02:10 The meeting name has been set to 'security' 15:02:21 #link https://etherpad.opendev.org/p/security-agenda agenda 15:04:16 o/ 15:04:41 Not much on the agenda today 15:05:57 ohai 15:06:03 sorry, lots going on 15:06:43 #link https://launchpad.net/bugs/1892852 memcached socket 15:06:45 Launchpad bug 1892852 in OpenStack Security Advisory "memcached socket not released upon lbaas API request " [Undecided,Incomplete] 15:06:55 er, that should have been "memcached socket 15:06:58 not released upon lbaas API request" 15:07:06 silly stray newline in my paste buffer 15:07:25 that was switched to public this week 15:12:46 yeah same 15:13:32 Yup, that one was very similar to another 15:16:27 Also with the Summit/PTG this month, I was going to cancel this meeting for those 2 weeks 15:16:58 So the 22nd and 29th 15:18:37 makes sense 15:20:57 fungi: anything else for this week? 15:22:23 i've been getting increasingly concerned by the number of open vulnerability reports with little movement from project team contributors, thinking about starting to publish a periodic list sorted by team 15:23:57 #link https://bugs.launchpad.net/ossa we have around 30 public reports of suspected vulnerabilities which need help 15:25:01 either help confirming, debunking, closing as fixed many releases ago, patches or mitigations written, backports done, et cetera 15:27:19 hmm ok 15:27:39 a periodic list might be a good idea 15:28:18 the oldest one there was reported 2016-03-02 15:28:24 so over 4 years now 15:31:23 2016 seems like is was more than 4 years ago now 15:39:15 thanks fungi: have a good rest of the week! 15:39:17 #endmeeting