15:00:49 <fungi> #startmeeting security 15:00:49 <opendevmeet> Meeting started Thu Jul 7 15:00:49 2022 UTC and is due to finish in 60 minutes. The chair is fungi. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:49 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:49 <opendevmeet> The meeting name has been set to 'security' 15:01:03 <fungi> #link https://etherpad.opendev.org/p/security-agenda Meeting Agenda 15:03:34 <fungi> okay, let's get started 15:03:36 <fungi> #topic Prior Actions 15:03:46 <fungi> fungi complete retirement process for security-analysis 15:03:58 <fungi> #link https://review.opendev.org/q/topic:retire-security-analysis Retirement changes for openstack/security-analysis 15:04:09 <fungi> that's done, finally 15:04:21 <fungi> fungi add new volunteers to review groups 15:04:38 <fungi> #link https://review.opendev.org/admin/groups/vmt,members VMT group in Gerrit 15:04:50 <fungi> #link https://launchpad.net/~openstack-vuln-mgmt/+members VMT group in Launchpad 15:05:06 <fungi> #link https://storyboard.openstack.org/#!/admin/team/1 VMT group in StoryBoard 15:06:14 <fungi> i added access for d34dh0r53 to the embargo coordination channel we use in irc and sent him a /invite, though dmendiza[m] doesn't seem to be identified with nickserv 15:06:50 <gagehugo> o/ 15:07:03 <fungi> also it's dawned on me that i didn't add either of them to moderators/owners for the embargo-notice ml either 15:07:29 <fungi> #action fungi add new volunteers to embargo-notice ml 15:08:02 <fungi> and if you want to add openpgp keys to the security.o.o site, feel free to propose them in gerrit 15:08:18 <fungi> #link https://opendev.org/openstack/ossa/src/branch/master/doc/source/index.rst Feel free to propose changes adding OpenPGP keys 15:08:55 <fungi> i should probably also add them to the lp and gerrit groups for ossn/security-doc 15:09:11 <fungi> those also look like they need some cleanup done for older participants who have moved on 15:09:38 <fungi> #action fungi update ossn/security-doc members in gerrit and launchpad 15:10:02 <fungi> as for the last action item from last month, i haven't found time to get the ball rolling on that yet 15:10:14 <fungi> #action fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling 15:10:34 <fungi> questions on any of those? 15:11:39 <fungi> looks like no, so moving along... 15:11:41 <fungi> #topic Pending Reviews 15:11:59 <fungi> #link https://review.opendev.org/q/is:open+project:openstack/ossa Open change reviews for openstack/ossa 15:12:27 <fungi> we have one currently, to update prometheanfire's openpgp key to a newer expiration 15:12:57 <fungi> i've already +2'd it, but since we have more reviewers now i figured i'd let someone else approve 15:13:42 <fungi> gagehugo: d34dh0r53: dmendiza[m]: can one of you please take a look at https://review.opendev.org/846007 and approve if you think it looks okay? 15:14:04 <gagehugo> sure 15:14:45 <fungi> there don't seem to be any open reviews for the security-doc repo at the moment 15:16:16 <fungi> thanks gagehugo! 15:16:38 <fungi> #topic Public Bug Reports 15:17:08 <fungi> #link https://bugs.launchpad.net/ossa/+bugs?field.information_type%3Alist=PUBLIC&field.information_type%3Alist=PUBLICSECURITY Public bug reports for OSSA 15:17:57 <fungi> that query url specifically filters to just the public ones, mainly for the benefit of vmt members who also end up seeing the private ones listed by default 15:18:23 <fungi> unfortunately, lp doesn't make it apparent which is which when you're just looking at a list of bugs 15:19:12 <fungi> i didn't have any new ones to call out specifically this month, but remember that anyone can help confirm and resolve those, doesn't have to be people on the vmt 15:19:47 <fungi> the list is currently down to 6, which is really great, but lower would of course be even better! 15:20:52 <fungi> 2/3 of them are for neutron, so that's an opportunity for someone with network interest to pitch in 15:21:11 <fungi> any comments before we move on? 15:21:47 <fungi> #topic Anything else? 15:22:14 <fungi> now's your opportunity to bring up anything security-related you like 15:22:34 <fungi> if nobody has anything, i'll wrap up the meeting in 5 minutes 15:24:01 <opendevreview> Merged openstack/ossa master: update Matthew Thode's gpg key https://review.opendev.org/c/openstack/ossa/+/846007 15:28:15 <fungi> thanks everyone! next meeting will be at 15:00 utc on thursday august 4 15:28:36 <fungi> feel free to follow up in here or on the openstack-discuss ml if anyone has anything else in the meantime 15:28:48 <fungi> #endmeeting