#openstack-meeting log

15:00:26 <gagehugo> #startmeeting security
15:00:27 <openstack> Meeting started Thu Oct 15 15:00:26 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:30 <openstack> The meeting name has been set to 'security'
15:01:25 <gagehugo> o/
15:04:48 <gagehugo> Not much on the agenda today
15:04:54 <gagehugo> #topic Next 2 meetings cancelled
15:05:15 <gagehugo> Next week is the summit, and the following is the PTG, so I am proposing cancelling the next 2 weeks of meetings
15:05:49 * redrobot nods
15:06:30 <fungi> oh, hi, sorry, firefighting right now
15:06:47 <fungi> i mentioned some bugs in #openstack-security
15:07:31 <gagehugo> fungi: no worries
15:07:36 <fungi> and yes, cancelling the next two weeks sounds good
15:08:23 <gagehugo> I'll send out an email today about cancelling them
15:08:30 <gagehugo> #topic bug updates
15:08:41 <gagehugo> #link https://bugs.launchpad.net/nova/+bug/1799298
15:08:42 <openstack> Launchpad bug 1799298 in OpenStack Compute (nova) rocky "Metadata API cross joining instance_metadata and instance_system_metadata" [Medium,Triaged]
15:08:59 <gagehugo> This was switched to public security today, thanks fungi
15:09:13 <gagehugo> also this merged last night
15:09:16 <gagehugo> #link https://review.opendev.org/#/c/757465/
15:09:17 <patchbot> patch 757465 - ossa - Add OSSA-2020-007 (CVE-2020-26943) (MERGED) - 1 patch set
15:10:36 <fungi> priteau isn't around today i guess, but the rst version can be copied from https://security.openstack.org/_sources/ossa/OSSA-2020-007.rst if he wants to send that to any of the mailing lists mentioned at the end of https://security.openstack.org/vmt-process.html#openstack-security-advisories-ossa
15:10:38 <gagehugo> #topic PTG Agenda
15:10:45 <gagehugo> oh whoops
15:10:53 <gagehugo> fungi: sure
15:11:21 <fungi> #link https://launchpad.net/bugs/1899229 Nova compute log can get the password info from the user_data
15:11:22 <openstack> Launchpad bug 1899229 in OpenStack Compute (nova) "Nova compute log can get the password info from the user_data" [Wishlist,Confirmed]
15:11:29 <fungi> that was also switched to public in the past week
15:12:10 <gagehugo> ok
15:13:09 <gagehugo> #link https://etherpad.opendev.org/p/security-sig-wallaby-ptg
15:13:20 <gagehugo> ^ agenda for the PTG, if anyone wants to add topics
15:13:39 <gagehugo> I will send that out in the mailing list as well
15:14:00 <gagehugo> fungi: if priteau isn't around by EoD, do we want to send out the email then regardless?
15:14:05 <gagehugo> I can do that
15:15:21 <fungi> gagehugo: it can probably wait until he's around to confirm
15:15:33 <gagehugo> ok
15:15:41 <gagehugo> #topic open discussion
15:15:47 <gagehugo> Anything else for this week?
15:15:48 <fungi> he seemed to think that there was probably only one user of that feature, and he helped them mitigate it before the bug became public
15:15:54 <gagehugo> ah ok
15:16:04 <gagehugo> we can let him confirm it then
15:16:15 <fungi> so circulating the advisory more widely is likely not urgent
15:18:09 <fungi> i didn't have anything else really
15:18:46 <gagehugo> fungi: thanks, have a good rest of the week
15:18:50 <gagehugo> #endmeeting