#openstack-security: security

Meeting started by fungi at 15:00:18 UTC (full logs).

Meeting summary

    1. https://etherpad.opendev.org/p/security-agenda (fungi, 15:01:22)

  2. PTG recap (fungi, 15:03:28)
    1. https://etherpad.opendev.org/p/security-sig-ptg-zed (fungi, 15:05:17)
    2. ACTION: fungi adjust the repos-overseen doc to also mention the vmt is available to assist projects even if their repos are not explicitly opted into oversight (fungi, 15:09:36)

  3. Interim SIG chair (fungi, 15:12:02)
    1. http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028251.html (fungi, 15:13:03)
    2. https://review.opendev.org/839632 (fungi, 15:15:43)
    3. ACTION: fungi push/amend sig chair update changes (fungi, 15:16:44)

  4. Activities: retiring security-analysis repository (fungi, 15:19:36)
    1. ACTION: fungi send an announcement to the openstack-discuss list about moving documentation out of security-analysis to individual project repos (fungi, 15:21:58)
    2. ACTION: fungi follow retirement process from project teams guide/infra manual to retire security-analysis (fungi, 15:22:24)

  5. Activities: horizon xstatic javascript library wrappers plan (fungi, 15:24:32)
    1. ACTION: fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling (fungi, 15:29:44)

  6. Activities: removing references to defunct security blog (fungi, 15:31:19)
    1. ACTION: fungi propose change to remove security blog references from ossa repo (fungi, 15:36:53)

  7. Recently public security bug reports (fungi, 15:38:08)
    1. https://launchpad.net/bugs/1970932 (fungi, 15:38:52)

  8. Recent vulnerabilities in or related to OpenStack (fungi, 15:42:02)
    1. https://www.openwall.com/lists/oss-security/2022/05/05/1 (fungi, 15:42:36)
    2. https://www.openwall.com/lists/oss-security/2022/05/05/2 (fungi, 15:42:47)

  9. Anything else? (fungi, 15:46:57)


Meeting ended at 15:50:59 UTC (full logs).

Action items

  1. fungi adjust the repos-overseen doc to also mention the vmt is available to assist projects even if their repos are not explicitly opted into oversight
  2. fungi push/amend sig chair update changes
  3. fungi send an announcement to the openstack-discuss list about moving documentation out of security-analysis to individual project repos
  4. fungi follow retirement process from project teams guide/infra manual to retire security-analysis
  5. fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling
  6. fungi propose change to remove security blog references from ossa repo


Action items, by person

  1. fungi
    1. fungi adjust the repos-overseen doc to also mention the vmt is available to assist projects even if their repos are not explicitly opted into oversight
    2. fungi push/amend sig chair update changes
    3. fungi send an announcement to the openstack-discuss list about moving documentation out of security-analysis to individual project repos
    4. fungi follow retirement process from project teams guide/infra manual to retire security-analysis
    5. fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling
    6. fungi propose change to remove security blog references from ossa repo


People present (lines said)

  1. fungi (63)
  2. gagehugo (4)
  3. opendevmeet (3)
  4. d34dh0r53 (2)
  5. dmendiza[m] (1)


Generated by MeetBot 0.1.4.