15:03:47 #startmeeting security 15:03:48 Meeting started Thu May 17 15:03:47 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:49 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:03:52 The meeting name has been set to 'security' 15:04:05 o/ 15:04:06 hey all 15:04:13 hi 15:04:26 hey! 15:04:40 #link https://etherpad.openstack.org/p/security-agenda 15:04:56 #topic PTG Denver 15:05:03 anyone know if they are attending? 15:05:24 looks like I might struggle to get to this one, but that might change 15:05:31 not looking promising though 15:05:39 I'll be there 15:05:47 I'll probably be there 15:06:01 haven't gotten official confirmation yet 15:06:05 should I get in touch about the room with kendell? 15:06:17 *sharing with barbican? 15:06:22 lhinds sure 15:06:29 no probs, leave with me. 15:06:49 that would probably be better 15:07:49 i am sure the barbican folks will be fine with that 15:08:12 sounds good 15:08:32 #topic LCOO 15:08:38 eeiden o/ 15:08:41 o/ 15:08:48 floor is yours 15:08:49 We'll be having a working group session on Tuesday morning at 9! 15:08:51 https://etherpad.openstack.org/p/LCOO-Vancouver-WG 15:08:53 Etherpad is here ^ 15:09:51 lhinds will you be at the summit? 15:09:54 We'd love for any and all of you to join -- we're planning on discussing for half the session current approaches and pain points that large operators have within the security realm 15:10:02 gagehugo: unfortunately not 15:10:08 :( 15:10:38 i know , a few people asked. 15:10:48 will deffo next one though 15:10:51 berlin i think 15:10:51 I wont be making it to vancouver, but can people not working for a large operator company still go to LCOOs? 15:12:14 You can definitely attend the working group! It's just discussing the problems/solutioning for large operators--any feedback from non-large-operator would be really helpful 15:12:22 Or just attending to see what's going on in the large operator space 15:12:39 Okay 15:13:38 I can attend and take notes 15:13:47 and we can sync up after the summit 15:13:48 I'll be sure the etherpad is updated with everything that happens at the WG and will send it out to you guys afterwards 15:13:52 Nice, thanks Gage 15:14:16 anything else eeiden? 15:14:25 Nope, that's all 15:14:39 If anyone has any questions that come up later, feel free to reach out 15:15:03 eeiden thanks! 15:15:08 #topic Documentation 15:15:41 I don't think there's any updates here 15:15:57 lhinds are you aware of any? 15:16:05 don't look like it, docs needs a bit of love, but we are all quite busy 15:16:16 yup :( 15:16:24 is there a particular issue that you can point to? 15:17:51 i think the whole doc just needs attention, make sure its still up to date with how the code base / functionality is now 15:18:11 quite often config key / values change and depreciate 15:18:23 that's one example 15:19:26 yeah.. 15:20:15 #topic OSSN 15:20:25 * gagehugo realized he forgot to ping people at the start 15:20:30 ping fungi 15:20:52 #action lhinds go over ossn's and triage 15:21:00 recently there were some fixes made to https://bugs.launchpad.net/ossn/+bug/1699573 15:21:02 Launchpad bug 1699573 in OpenStack Security Notes "ScaleIO volumes contain previous data" [Undecided,New] 15:21:12 but I'm not sure if it is ready for an OSSN yet 15:21:36 looks like the fix merged 15:21:58 https://review.openstack.org/#/c/555546/ 15:22:57 ok think I'll tackle that one this week 15:23:46 thx nickthetait 15:24:01 nice 15:24:14 #topic OSSA 15:24:15 * fungi is around, as usual more focused on tc office hour 15:24:47 fungi o/ 15:24:51 i don't think we have anything new this week 15:25:09 #link https://bugs.launchpad.net/ossa/ potential security advidories for public vulnerability reports 15:25:20 as always, people looking over those is a huge help to the vmt 15:25:34 we try to keep the bare minimum private/embargoed 15:27:08 sounds good, thanks fungi 15:27:25 #topic Threat Analysis Docs 15:28:04 the pycadf and oslo.cache are still on my backlog to review, been busy lately with the summit/work and I've neglected them :( 15:29:27 #topic Tatu 15:30:20 lhinds have you heard from the creator about any updates to Tatu? 15:30:51 gagehugo: no I have not heard from him, I did drop him an email, but no response 15:31:03 ok 15:31:12 #topic General Discussion 15:31:26 Would you all be fine with canceling the meeting next week? 15:31:36 I will be at the summit so I cannot chair 15:31:38 that's ok for me gagehugo 15:31:45 no problem 15:31:49 I think its common we do that for the summit / ptg 15:31:54 yeah 15:32:01 I'll send out an email today 15:32:13 Does anyone have anything else? 15:33:25 nope from me 15:34:03 Looking to make my first functional contribution. If anyone has suggestions on something openstack-beginner & security related I'm all ears 15:34:34 nickthetait: might be some stuff over on bandit 15:34:51 although no longer a openstack project (but used by openstack) 15:35:32 that would be good 15:35:35 nickthetait: https://github.com/PyCQA/bandit/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22 15:35:53 you can ping me for how to go about the patches etc. 15:36:28 ok. is there any equivalent issue tagging/filtering system in launchpad? 15:38:34 low hanging fuit 15:38:45 but not sure how to look for those accross all projects 15:38:53 gage do you have LHF in keystone? 15:39:07 lhinds yes 15:39:40 https://bugs.launchpad.net/keystone/+bugs?field.tag=low-hanging-fruit 15:39:55 excellent, thanks for the suggestions 15:40:31 k, i got to dash, enjoy the summit! 15:40:47 Thanks everyone! 15:40:52 #endmeeting