#openstack-security log

15:01:54 <gagehugo> #startmeeting security
15:01:54 <opendevmeet> Meeting started Thu Aug  5 15:01:54 2021 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:54 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:54 <opendevmeet> The meeting name has been set to 'security'
15:03:11 <fungi> ahoy!
15:03:54 <gagehugo> o/
15:04:02 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:04:17 <gagehugo> Nothing really on the agenda
15:04:21 <gagehugo> #topic open discussion
15:04:47 <gagehugo> I need to update the irc meeting references still
15:05:17 <fungi> yeah, i'm hoping to start on that keystone ossa today
15:05:33 <fungi> the pci-dss account oracle one
15:05:47 <gagehugo> yup
15:06:01 <gagehugo> ping me when you get it up and I'll review it
15:06:02 <fungi> do you generally agree with the direction i was going with my last comment on that one?
15:06:14 <gagehugo> I think so, lemme double check
15:06:17 <fungi> (not including account lockout as an actual bug)
15:07:36 <gagehugo> ok yeah
15:07:45 <gagehugo> the lockout part is not the bug focus
15:07:54 <gagehugo> more on the oracle
15:08:34 <fungi> okay, cool. i'll focus on the other two points with the impact description
15:09:43 <fungi> #link https://launchpad.net/bugs/1688137 PCI-DSS account lock out DoS and account UUID lookup oracle
15:10:14 <fungi> so i'll retitle the bug and leave the "account lock out DoS" part out of the impact description
15:11:19 <gagehugo> sounds good
15:13:04 <gagehugo> oh
15:13:15 <gagehugo> I'll reserve a timeslot for the PTG as well
15:16:05 <gagehugo> hopefully it's not too late
15:17:58 <fungi> i'm sure they'll be able to squeeze us in, thanks
15:18:17 <fungi> and sorry i'm so quiet, trying to do three meetings at once again
15:18:51 <gagehugo> I am double booked right now too, no worries haha
15:19:08 <fungi> i'll try to get another set of reminders out to the ml about unresolved public vulnerability reports next week, time permitting
15:19:41 <fungi> though our list is pretty small now, and there's a couple more about the incomplete rbac situation i plan on marking won't fix for advisory tasks
15:20:02 <gagehugo> hmm ok
15:20:47 <gagehugo> I need to hop on another call, thanks as always fungi
15:20:51 <gagehugo> #endmeeting