15:00:37 <gagehugo> #startmeeting security
15:00:37 <opendevmeet> Meeting started Thu Jan  6 15:00:37 2022 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:37 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:37 <opendevmeet> The meeting name has been set to 'security'
15:00:43 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:00:46 <gagehugo> o/
15:01:26 <fungi> ohai
15:04:39 <gagehugo> I was out for the last 2 weeks of Dec so I don't really have any major updates.  I didn't see a response about the security-specs repo so I assume we can move forward with retiring it.
15:06:25 <fungi> yes, i assume the same
15:11:25 <gagehugo> fungi: any updates on your end?
15:12:28 <fungi> i started a thread on the ml about log4j vulnerabilities as they relate to openstack
15:13:03 <fungi> mainly trying to gather info from the broader community on any situations they know about where vulnerable software is used in conjunction with openstack deployments
15:13:42 <fungi> though i've really only received questions from two users about it, so not exactly a flood of people asking
15:16:51 <gagehugo> not too many java apps in openstack
15:17:01 <fungi> yeah, approximately none
15:17:11 <gagehugo> but people like to use things like elasticsearch
15:17:27 <gagehugo> or maybe someone is running a minecraft server on openstack
15:18:43 <fungi> #link https://lists.openstack.org/pipermail/openstack-discuss/2022-January/026490.html Log4j vulnerabilities and OpenStack
15:18:54 <fungi> in case anyone's looking for it
15:33:00 <gagehugo> thanks fungi
15:33:44 <gagehugo> Have a good rest of the week!
15:33:46 <gagehugo> #endmeeting