#openstack-meeting log

15:00:39 <gagehugo> #startmeeting security
15:00:40 <openstack> Meeting started Thu Nov 12 15:00:39 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:41 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:43 <openstack> The meeting name has been set to 'security'
15:01:35 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:01:47 <fungi> ohai
15:01:56 <gagehugo> o/
15:06:47 <fungi> might be just us
15:07:00 <fungi> people may have been confused by local time changes
15:07:30 <gagehugo> I am still confused
15:07:39 <gagehugo> #topic Nov 26th meeting
15:07:54 <gagehugo> Since it's thanksgiving in the US, I will cancel that week's meeting
15:11:12 <fungi> works for me
15:11:27 <fungi> i'll likely be around, but will probably be trying to stay off the computer
15:11:42 <gagehugo> same
15:11:52 <gagehugo> #topic open discussion
15:11:57 <gagehugo> fungi: anything for this week?
15:13:24 <fungi> #link https://launchpad.net/bugs/1901207 Application credentials of other users can be deleted when knowing the ID
15:13:26 <openstack> Launchpad bug 1901207 in OpenStack Identity (keystone) "Application credentials of other users can be deleted when knowing the ID" [High,In progress] - Assigned to Lance Bragstad (lbragstad)
15:13:35 <fungi> #link https://launchpad.net/bugs/1902917 Anti-spoofing bypass using Open vSwitch
15:13:36 <openstack> Launchpad bug 1902917 in OpenStack Security Advisory "Anti-spoofing bypass using Open vSwitch" [Undecided,Incomplete]
15:13:46 <fungi> #link https://launchpad.net/bugs/1903531 Update of neutron-server breaks compatibility to previous neutron-agent version
15:13:47 <openstack> Launchpad bug 1903531 in neutron "Update of neutron-server breaks compatibility to previous neutron-agent version" [Critical,Confirmed]
15:13:57 <fungi> those have all been made public since the last meeting, i think
15:15:15 <fungi> i don't see any others
15:18:08 <fungi> administrative changes for opendev's gerrit have been proceeding too
15:18:58 <fungi> #link https://docs.opendev.org/opendev/system-config/latest/sysadmin.html#gerrit-admins Split admin/non-admin Gerrit accounts
15:19:53 <fungi> the gerrit admin accounts no longer have openids logins, and admins are using separate accounts for non-administrative day to day interactions
15:20:20 <fungi> we're also trying out launchpad's two-factor authentication option
15:21:29 <fungi> i've purchased a pair of purism librem keys (nitrokey clones with some additional features in firmware) as totp authenticators, but running into typical bleeding-edge/early-adopter hardware support challenges
15:22:46 <gagehugo> interesting
15:24:31 <gagehugo> yeah, 2FA is probably a good path forward haha
15:27:02 <gagehugo> https://review.opendev.org/#/c/759940/ is still in review
15:27:03 <patchbot> patch 759940 - keystone - Hide AccountLocked exception from end users - 3 patch sets
15:28:05 <fungi> is the tempest failure related or random?
15:28:37 <gagehugo> random I think, it failed 4 mins in running
15:28:51 <fungi> ahh, okay
15:29:05 <fungi> just wondering if that's why it's not garnered any reviews yet
15:29:28 <fungi> might be worth bringing the security relevancy to the attention of keystone reviewers
15:29:43 <gagehugo> Once it passes I'll bug some keystone reviewers
15:33:16 <gagehugo> thanks fungi: have a good rest of the week!
15:33:21 <gagehugo> #endmeeting