15:00:45 <gagehugo> #startmeeting security 15:00:45 <opendevmeet> Meeting started Thu Dec 2 15:00:45 2021 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:45 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:45 <opendevmeet> The meeting name has been set to 'security' 15:01:05 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda 15:01:09 <gagehugo> o/ 15:02:53 <fungi> ohai 15:03:11 <gagehugo> fungi: you around? 15:03:33 <fungi> yes 15:04:08 <fungi> are you seeing me? 15:05:21 <fungi> gagehugo: connectivity problems? 15:08:41 <gagehugo> your messages just appeared for me 15:08:51 <gagehugo> o/ 15:09:29 <fungi> sounds like oftc may have some lag between servers 15:09:54 <gagehugo> hmm maybe 15:11:08 <gagehugo> Nothing on the agenda, seems to have been a quiet month 15:11:37 <fungi> yeah, there was some clarification obtained in the cinder meeting on forward progress for the image encryption effort 15:12:03 <fungi> also the "trojan source" vulnerability ate a lot of discussion bandwidth in general 15:12:20 <fungi> fips testing is coming along, being disucssed in the tc meeting right now 15:14:55 <fungi> also the opendev collaboratory has made a quiet/soft announcement about how to start using 2fa with launchpad/ubuntuone 15:15:21 <gagehugo> oh neat 15:15:38 <fungi> #link http://lists.opendev.org/pipermail/service-discuss/2021-December/000304.html UbuntuOne/Launchpad two-factor authentication 15:16:58 <fungi> per earlier messages in that thread, several of us have been trying it for more than a year now 15:17:10 <gagehugo> I still have the items from the PTG on my todo list, I'll try to get to those this month. 15:17:33 <fungi> yeah, i think i got some minor site updates pushed up 15:17:41 <gagehugo> how's it working so far? 15:17:46 <fungi> can't remember if those merged before the last meeting or before this one 15:18:17 <fungi> teh 2fa? no problems at all. i enrolled totp slots in two of my librem key devices and have been using those 15:19:13 <fungi> i spent more time working out viable command-line access (they're modified nitrokeys, but needs a very new nitrocli build to recognize them) 15:19:20 <gagehugo> ah ok 15:19:37 <fungi> i think clarkb is using google authenticator on an android phone 15:19:47 <fungi> i don't recall if ianw said what he's using 15:20:10 <fungi> anyway, follow up to that service-discuss thread if anyone wants to talk about it more 15:20:35 <fungi> oh, also we retooled the artifact signing key generation/rotation/attestation process for openstack releases 15:21:20 <fungi> basically coping with the collapse of the sks keyserver network and switching to keys.openpgp.org 15:22:22 <fungi> since no well-connected keyservers still carry third-party key signatures, we've moved to more of a caff-style attestation process, where you checkout the public key from git, import it, sign that, re-export it with your new signature and the ones which were already on it, commit that and push it for review 15:23:09 <fungi> previously we only included the self-sig in the export (since that's what sets the expiration) 15:23:52 <fungi> #link https://docs.opendev.org/opendev/system-config/latest/signing.html Signing System 15:24:02 <gagehugo> hmm 15:24:25 <fungi> that documentation is up to date, with the exception of the attestation section which we're still finalizing 15:25:51 <gagehugo> good to know 15:30:14 <gagehugo> fungi: anything else you want to discuss? 15:31:43 <fungi> nah, sucked into python 3.6 deprecation discussion in the tc meeting 15:32:57 <gagehugo> thanks for the updates! Have a good holiday if I don't talk you to before then! 15:33:03 <fungi> thanks, you too! 15:33:05 <gagehugo> #endmeeting