15:00:49 <fungi> #startmeeting security
15:00:49 <opendevmeet> Meeting started Thu Jul  7 15:00:49 2022 UTC and is due to finish in 60 minutes.  The chair is fungi. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:49 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:49 <opendevmeet> The meeting name has been set to 'security'
15:01:03 <fungi> #link https://etherpad.opendev.org/p/security-agenda Meeting Agenda
15:03:34 <fungi> okay, let's get started
15:03:36 <fungi> #topic Prior Actions
15:03:46 <fungi> fungi complete retirement process for security-analysis
15:03:58 <fungi> #link     https://review.opendev.org/q/topic:retire-security-analysis Retirement changes for openstack/security-analysis
15:04:09 <fungi> that's done, finally
15:04:21 <fungi> fungi add new volunteers to review groups
15:04:38 <fungi> #link https://review.opendev.org/admin/groups/vmt,members VMT group in Gerrit
15:04:50 <fungi> #link https://launchpad.net/~openstack-vuln-mgmt/+members VMT group in Launchpad
15:05:06 <fungi> #link https://storyboard.openstack.org/#!/admin/team/1 VMT group in StoryBoard
15:06:14 <fungi> i added access for d34dh0r53 to the embargo coordination channel we use in irc and sent him a /invite, though dmendiza[m] doesn't seem to be identified with nickserv
15:06:50 <gagehugo> o/
15:07:03 <fungi> also it's dawned on me that i didn't add either of them to moderators/owners for the embargo-notice ml either
15:07:29 <fungi> #action fungi add new volunteers to embargo-notice ml
15:08:02 <fungi> and if you want to add openpgp keys to the security.o.o site, feel free to propose them in gerrit
15:08:18 <fungi> #link     https://opendev.org/openstack/ossa/src/branch/master/doc/source/index.rst Feel free to propose changes adding OpenPGP keys
15:08:55 <fungi> i should probably also add them to the lp and gerrit groups for ossn/security-doc
15:09:11 <fungi> those also look like they need some cleanup done for older participants who have moved on
15:09:38 <fungi> #action fungi update ossn/security-doc members in gerrit and launchpad
15:10:02 <fungi> as for the last action item from last month, i haven't found time to get the ball rolling on that yet
15:10:14 <fungi> #action fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling
15:10:34 <fungi> questions on any of those?
15:11:39 <fungi> looks like no, so moving along...
15:11:41 <fungi> #topic Pending Reviews
15:11:59 <fungi> #link https://review.opendev.org/q/is:open+project:openstack/ossa Open change reviews for openstack/ossa
15:12:27 <fungi> we have one currently, to update prometheanfire's openpgp key to a newer expiration
15:12:57 <fungi> i've already +2'd it, but since we have more reviewers now i figured i'd let someone else approve
15:13:42 <fungi> gagehugo: d34dh0r53: dmendiza[m]: can one of you please take a look at https://review.opendev.org/846007 and approve if you think it looks okay?
15:14:04 <gagehugo> sure
15:14:45 <fungi> there don't seem to be any open reviews for the security-doc repo at the moment
15:16:16 <fungi> thanks gagehugo!
15:16:38 <fungi> #topic Public Bug Reports
15:17:08 <fungi> #link https://bugs.launchpad.net/ossa/+bugs?field.information_type%3Alist=PUBLIC&field.information_type%3Alist=PUBLICSECURITY Public bug reports for OSSA
15:17:57 <fungi> that query url specifically filters to just the public ones, mainly for the benefit of vmt members who also end up seeing the private ones listed by default
15:18:23 <fungi> unfortunately, lp doesn't make it apparent which is which when you're just looking at a list of bugs
15:19:12 <fungi> i didn't have any new ones to call out specifically this month, but remember that anyone can help confirm and resolve those, doesn't have to be people on the vmt
15:19:47 <fungi> the list is currently down to 6, which is really great, but lower would of course be even better!
15:20:52 <fungi> 2/3 of them are for neutron, so that's an opportunity for someone with network interest to pitch in
15:21:11 <fungi> any comments before we move on?
15:21:47 <fungi> #topic Anything else?
15:22:14 <fungi> now's your opportunity to bring up anything security-related you like
15:22:34 <fungi> if nobody has anything, i'll wrap up the meeting in 5 minutes
15:24:01 <opendevreview> Merged openstack/ossa master: update Matthew Thode's gpg key  https://review.opendev.org/c/openstack/ossa/+/846007
15:28:15 <fungi> thanks everyone! next meeting will be at 15:00 utc on thursday august 4
15:28:36 <fungi> feel free to follow up in here or on the openstack-discuss ml if anyone has anything else in the meantime
15:28:48 <fungi> #endmeeting