15:00:12 #startmeeting security 15:00:13 Meeting started Thu Mar 18 15:00:12 2021 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:14 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:16 The meeting name has been set to 'security' 15:00:25 #link https://etherpad.opendev.org/p/security-agenda agenda 15:00:26 ahoy, mateys 15:00:27 o/ 15:00:36 o/ 15:03:05 getting coffee then we can start 15:03:19 yes, priorities 15:05:22 #topic updates 15:05:30 #link https://bugs.launchpad.net/nova/+bug/1552042 15:05:32 Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,Fix released] - Assigned to Balazs Gibizer (balazs-gibizer) 15:05:45 I believe that was closed out yesterday? 15:06:24 yep, merged a few days ago though 15:06:55 looks like the fix for xen is to just disable all unsafe methods in wallaby 15:07:06 not backportable afaik 15:07:32 there's a release note included in the fix at least 15:07:56 ok 15:08:17 if someone feels compelled to write an ossn about it, that might be appropriate, but really the only way it's fixed by default is to upgrade to wallaby 15:09:45 maybe? although idk how useful a note saying "upgrade to W" is haha 15:10:56 right, that's why i wasn't pushing for an ossn 15:11:09 other than it could describe how to disable those other types manually 15:12:21 someone better versed in configuring libvirt directly would probably have to write up the recommendations though 15:12:49 ah ok 15:12:54 #link https://bugs.launchpad.net/nova/+bug/1919357 15:12:55 Launchpad bug 1919357 in OpenStack Compute (nova) ""Secure live migration with QEMU-native TLS in nova"-guide misses essential config option" [High,In progress] - Assigned to Josephine Seifert (josei) 15:13:10 looking at the release note, it might be sufficient to just say you need libguestfs support installed, i dunno 15:13:13 that was made public as well 15:13:32 yeah, i'll let Luzi introduce that 15:14:47 yeah, i found out that a config option which is need to be set to tls was not mentioned in the guide... 15:14:59 https://review.opendev.org/c/openstack/nova/+/781030 15:15:48 that patch should fix the documentation 15:15:51 cool 15:17:18 the problem here is - we found out the config option which needs to be set was introduced in ocata or so? - and you cannot determine that qemu native tls is not working, unless you listen on the ports with tcpdump 15:17:51 once that merges and i guess gets backported, then we can announce an ossn for it so people are more likely to notice that they may not have correctly configured it if they wanted that 15:18:03 yeah, that one is def ossn material 15:18:07 yes 15:20:56 #topic Discuss meeting time change/frequency 15:21:25 So meeting weekly hasn't been quite as productive as it used to have been 15:21:34 often there isn't anything to update on 15:22:09 Changing the frequency of meeting was an idea brought up, perhaps every other week or even monthly meetings 15:22:22 Also this current time seems to get double booked often 15:22:29 so maybe changing the meeting time as well? 15:22:33 Any thoughts? 15:22:53 i'm open to any of that, though the double-booked situation is probably unavoidable for me regardless given my typical meeting load 15:24:41 I'm fine if we want to just reduce the frequency starting off 15:24:53 DST makes this time better for me until Nov 15:25:30 sure, what cadence? monthly? every four weeks? every two? 15:26:24 i think these days, irc-meetings/yaml2ical can accommodate things like "third monday of the month" too 15:27:25 I was thinking monthly 15:27:59 then we can likely use most of the timeslot with updates from the last meeting 15:28:14 and if that is too little, we can always change it to be more frequent 15:28:16 sounds fine to me, thanks 15:28:37 Luzi: any thoughts? 15:29:48 no 15:30:42 alright, I'll make an announcement then and we can figure out a specific day/month 15:31:05 fungi: What's the repo for modifying the meeting info again?> 15:32:31 #link https://opendev.org/opendev/irc-meetings/src/branch/master/meetings/openstack-security-sig-meeting.yaml 15:32:42 danke 15:32:47 bitte 15:32:54 :) 15:33:04 #topic PTG Timeslot 15:33:08 we're making Luzi cringe 15:33:12 LOL 15:33:51 I think that is the extent of my german 15:34:17 I'll say grazie instead then 15:34:20 not really - i am just getting ready to go off 15:34:31 i learn finnish now... kiitos 15:35:11 So the vPTG is coming up, do we want to do similar to previous and have a couple timeslots at different times? Or just a single session on Monday for the SIG portions? 15:35:53 Luzi: I'll add that to my list :D 15:36:55 if its like last year, i will be following several meetings at the same time.. it was possible :D 15:36:58 probably a single session could be sufficient. my main interests would be in trying to better classify the current set of open security bugs, or maybe a working session to divide and conquer on improvements to the security.o.o site content 15:37:07 kiitos = thank you ;) 15:37:10 I can make an agenda etherpad too 15:37:18 thanks! 15:37:45 I think we tried the multiple timeslot approach the last couple times and the 2nd one was basically a wash 15:38:34 one is good imho 15:40:09 ok 15:40:16 #topic open discussion 15:40:22 Anyone have anything else for this meeting? 15:43:20 nothing from my side 15:44:33 fungi Luzi: thanks! Have a good rest of the week! 15:44:39 #endmeeting