============================= #openstack-security: security ============================= Meeting started by fungi at 15:05:05 UTC. The full logs are available at https://meetings.opendev.org/meetings/security/2022/security.2022-06-02-15.05.log.html . Meeting summary --------------- * LINK: https://etherpad.opendev.org/p/security-agenda Meeting Agenda (fungi, 15:05:30) * Prior actions (fungi, 15:05:51) * LINK: https://review.opendev.org/844444 (openstack/ossa) repos-overseen: VMT is happy to assist any project (fungi, 15:06:23) * LINK: https://review.opendev.org/844446 (openstack/governance-sigs) Security SIG chair rotation (fungi, 15:06:59) * LINK: https://review.opendev.org/844448 (opendev/irc-meetings) Security SIG chair rotation (fungi, 15:07:15) * LINK: https://review.opendev.org/844451 (openstack/ossa) Drop references for the old security blog (fungi, 15:07:46) * LINK: https://lists.openstack.org/pipermail/openstack-discuss/2022-June/028816.html Retiring security-analysis process and repo (fungi, 15:08:23) * LINK: https://review.opendev.org/844463 (openstack/governance) Remove security-analysis repo from Security SIG (fungi, 15:08:53) * LINK: https://review.opendev.org/844468 (openstack/security-doc) Use permalink for Barbican security analysis (fungi, 15:09:09) * LINK: https://review.opendev.org/844490 (openstack/security-analysis) Retirement Step 2: Remove Project Content (fungi, 15:09:23) * ACTION: fungi complete retirement process for security-analysis (fungi, 15:10:04) * ACTION: fungi add new volunteers to review groups (fungi, 15:12:54) * ACTION: fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling (fungi, 15:13:19) * Activities: Publishing OSSNs (fungi, 15:14:28) * LINK: https://opendev.org/openstack/security-doc/src/branch/master/security-notes Security Notes in Git (fungi, 15:15:16) * LINK: https://wiki.openstack.org/wiki/OSSN Security Notes in Wiki (fungi, 15:15:37) * Recently public security bug reports (fungi, 15:21:39) * LINK: https://launchpad.net/bugs/1975830 Horizon doesn't provide ACL on Instance level (fungi, 15:22:24) * Recent vulnerabilities in or related to OpenStack (fungi, 15:25:32) * Anything else? (fungi, 15:30:33) * LINK: https://openinfra.dev/summit-schedule#track=390&view=calendar OpenInfra Summit Security Track Sessions (fungi, 15:34:42) Meeting ended at 15:45:06 UTC. Action items, by person ----------------------- * fungi * fungi complete retirement process for security-analysis * fungi add new volunteers to review groups * fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling People present (lines said) --------------------------- * fungi (63) * opendevmeet (3) * gagehugo (2) * d34dh0r53 (2) Generated by `MeetBot`_ 0.1.4