15:01:54 #startmeeting security 15:01:54 Meeting started Thu Aug 5 15:01:54 2021 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:54 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:54 The meeting name has been set to 'security' 15:03:11 ahoy! 15:03:54 o/ 15:04:02 #link https://etherpad.opendev.org/p/security-agenda agenda 15:04:17 Nothing really on the agenda 15:04:21 #topic open discussion 15:04:47 I need to update the irc meeting references still 15:05:17 yeah, i'm hoping to start on that keystone ossa today 15:05:33 the pci-dss account oracle one 15:05:47 yup 15:06:01 ping me when you get it up and I'll review it 15:06:02 do you generally agree with the direction i was going with my last comment on that one? 15:06:14 I think so, lemme double check 15:06:17 (not including account lockout as an actual bug) 15:07:36 ok yeah 15:07:45 the lockout part is not the bug focus 15:07:54 more on the oracle 15:08:34 okay, cool. i'll focus on the other two points with the impact description 15:09:43 #link https://launchpad.net/bugs/1688137 PCI-DSS account lock out DoS and account UUID lookup oracle 15:10:14 so i'll retitle the bug and leave the "account lock out DoS" part out of the impact description 15:11:19 sounds good 15:13:04 oh 15:13:15 I'll reserve a timeslot for the PTG as well 15:16:05 hopefully it's not too late 15:17:58 i'm sure they'll be able to squeeze us in, thanks 15:18:17 and sorry i'm so quiet, trying to do three meetings at once again 15:18:51 I am double booked right now too, no worries haha 15:19:08 i'll try to get another set of reminders out to the ml about unresolved public vulnerability reports next week, time permitting 15:19:41 though our list is pretty small now, and there's a couple more about the incomplete rbac situation i plan on marking won't fix for advisory tasks 15:20:02 hmm ok 15:20:47 I need to hop on another call, thanks as always fungi 15:20:51 #endmeeting