15:00:12 <gagehugo> #startmeeting security
15:00:13 <openstack> Meeting started Thu Mar 18 15:00:12 2021 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:14 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:16 <openstack> The meeting name has been set to 'security'
15:00:25 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:00:26 <fungi> ahoy, mateys
15:00:27 <gagehugo> o/
15:00:36 <Luzi> o/
15:03:05 <gagehugo> getting coffee then we can start
15:03:19 <fungi> yes, priorities
15:05:22 <gagehugo> #topic updates
15:05:30 <gagehugo> #link https://bugs.launchpad.net/nova/+bug/1552042
15:05:32 <openstack> Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,Fix released] - Assigned to Balazs Gibizer (balazs-gibizer)
15:05:45 <gagehugo> I believe that was closed out yesterday?
15:06:24 <fungi> yep, merged a few days ago though
15:06:55 <fungi> looks like the fix for xen is to just disable all unsafe methods in wallaby
15:07:06 <fungi> not backportable afaik
15:07:32 <fungi> there's a release note included in the fix at least
15:07:56 <gagehugo> ok
15:08:17 <fungi> if someone feels compelled to write an ossn about it, that might be appropriate, but really the only way it's fixed by default is to upgrade to wallaby
15:09:45 <gagehugo> maybe? although idk how useful a note saying "upgrade to W" is haha
15:10:56 <fungi> right, that's why i wasn't pushing for an ossn
15:11:09 <fungi> other than it could describe how to disable those other types manually
15:12:21 <fungi> someone better versed in configuring libvirt directly would probably have to write up the recommendations though
15:12:49 <gagehugo> ah ok
15:12:54 <gagehugo> #link https://bugs.launchpad.net/nova/+bug/1919357
15:12:55 <openstack> Launchpad bug 1919357 in OpenStack Compute (nova) ""Secure live migration with QEMU-native TLS in nova"-guide misses essential config option" [High,In progress] - Assigned to Josephine Seifert (josei)
15:13:10 <fungi> looking at the release note, it might be sufficient to just say you need libguestfs support installed, i dunno
15:13:13 <gagehugo> that was made public as well
15:13:32 <fungi> yeah, i'll let Luzi introduce that
15:14:47 <Luzi> yeah, i found out that a config option which is need to be set to tls was not mentioned in the guide...
15:14:59 <Luzi> https://review.opendev.org/c/openstack/nova/+/781030
15:15:48 <Luzi> that patch should fix the documentation
15:15:51 <gagehugo> cool
15:17:18 <Luzi> the problem here is - we found out the config option which needs to be set was introduced in ocata or so? - and you cannot determine that qemu native tls is not working, unless you listen on the ports with tcpdump
15:17:51 <fungi> once that merges and i guess gets backported, then we can announce an ossn for it so people are more likely to notice that they may not have correctly configured it if they wanted that
15:18:03 <gagehugo> yeah, that one is def ossn material
15:18:07 <Luzi> yes
15:20:56 <gagehugo> #topic Discuss meeting time change/frequency
15:21:25 <gagehugo> So meeting weekly hasn't been quite as productive as it used to have been
15:21:34 <gagehugo> often there isn't anything to update on
15:22:09 <gagehugo> Changing the frequency of meeting was an idea brought up, perhaps every other week or even monthly meetings
15:22:22 <gagehugo> Also this current time seems to get double booked often
15:22:29 <gagehugo> so maybe changing the meeting time as well?
15:22:33 <gagehugo> Any thoughts?
15:22:53 <fungi> i'm open to any of that, though the double-booked situation is probably unavoidable for me regardless given my typical meeting load
15:24:41 <gagehugo> I'm fine if we want to just reduce the frequency starting off
15:24:53 <gagehugo> DST makes this time better for me until Nov
15:25:30 <fungi> sure, what cadence? monthly? every four weeks? every two?
15:26:24 <fungi> i think these days, irc-meetings/yaml2ical can accommodate things like "third monday of the month" too
15:27:25 <gagehugo> I was thinking monthly
15:27:59 <gagehugo> then we can likely use most of the timeslot with updates from the last meeting
15:28:14 <gagehugo> and if that is too little, we can always change it to be more frequent
15:28:16 <fungi> sounds fine to me, thanks
15:28:37 <gagehugo> Luzi: any thoughts?
15:29:48 <Luzi> no
15:30:42 <gagehugo> alright, I'll make an announcement then and we can figure out a specific day/month
15:31:05 <gagehugo> fungi: What's the repo for modifying the meeting info again?>
15:32:31 <fungi> #link https://opendev.org/opendev/irc-meetings/src/branch/master/meetings/openstack-security-sig-meeting.yaml
15:32:42 <gagehugo> danke
15:32:47 <fungi> bitte
15:32:54 <gagehugo> :)
15:33:04 <gagehugo> #topic PTG Timeslot
15:33:08 <fungi> we're making Luzi cringe
15:33:12 <gagehugo> LOL
15:33:51 <gagehugo> I think that is the extent of my german
15:34:17 <gagehugo> I'll say grazie instead then
15:34:20 <Luzi> not really - i am just getting ready to go off
15:34:31 <Luzi> i learn finnish now... kiitos
15:35:11 <gagehugo> So the vPTG is coming up, do we want to do similar to previous and have a couple timeslots at different times? Or just a single session on Monday for the SIG portions?
15:35:53 <gagehugo> Luzi: I'll add that to my list :D
15:36:55 <Luzi> if its like last year, i will be following several meetings at the same time.. it was possible :D
15:36:58 <fungi> probably a single session could be sufficient. my main interests would be in trying to better classify the current set of open security bugs, or maybe a working session to divide and conquer on improvements to the security.o.o site content
15:37:07 <Luzi> kiitos = thank you ;)
15:37:10 <gagehugo> I can make an agenda etherpad too
15:37:18 <fungi> thanks!
15:37:45 <gagehugo> I think we tried the multiple timeslot approach the last couple times and the 2nd one was basically a wash
15:38:34 <Luzi> one is good imho
15:40:09 <gagehugo> ok
15:40:16 <gagehugo> #topic open discussion
15:40:22 <gagehugo> Anyone have anything else for this meeting?
15:43:20 <Luzi> nothing from my side
15:44:33 <gagehugo> fungi Luzi: thanks!  Have a good rest of the week!
15:44:39 <gagehugo> #endmeeting