15:00:29 #startmeeting security 15:00:29 Meeting started Thu Jul 26 15:00:29 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:30 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:33 The meeting name has been set to 'security' 15:01:15 ping eeiden fungi gagehugo lhinds nickthetait browne redrobot 15:01:20 anyone around? 15:01:23 hey 15:01:35 nickthetait o/ 15:03:39 I think fungi is out on vacation 15:03:45 not sure if lhinds is around 15:04:22 nickthetait do you have anything you wanna discuss? 15:05:11 no 15:06:11 will you be at the ptg? 15:06:12 hey all, gagehugo did the agenda by the looks of it 15:06:31 sorry about last week, really bad stomach bug wiped out my whole house 15:06:41 99% I will gagehugo 15:06:48 lhinds_ :( 15:06:54 that's no fun 15:07:03 feel better 15:07:13 yep, it was just a 24 hour thing 15:07:29 #topic Bandit Migration 15:07:47 lhinds_ any update on the openstack specific plugin issue with bandit? 15:07:58 gagehugo: apologies, no not yet 15:08:08 its on my list 15:08:24 i bit swamped with stuff to clear at the moment 15:08:50 lhinds_ same :( 15:09:21 #topic OSSA 15:09:27 https://security.openstack.org/ossa/OSSA-2018-002.html was released yesterday 15:09:36 relevant changes were merged in keystone 15:09:57 gagehugo: I saw that one, was that the API leak? 15:10:03 yeah 15:10:24 what type of info can be leaked? 15:10:45 nickthetait https://bugs.launchpad.net/keystone/+bug/1779205 15:10:45 Launchpad bug 1779205 in OpenStack Identity (keystone) "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad) 15:10:53 thx 15:11:18 idk if there is any other updates for ossa/ossn 15:11:33 not from me atm 15:11:53 #topic documentation 15:12:02 no updates on my end here 15:12:13 lhinds_ anything from you? 15:12:32 I started this one, mainly as the docs need a really good overview, there are quite a few incorrect key / value directives in there 15:12:39 deprecated values 15:13:16 I have not had time to look at this, was hoping some volunteers could be found, but openstack is really down on contributes overall 15:13:28 contributors * 15:14:36 yeah unfortunately :( 15:15:06 it is how it is, its not just for us. 15:15:19 maybe we will get some new people interested at the PTG 15:15:31 yes, that would be good 15:15:57 #topic threat analysis 15:16:12 there's 3 drafts up, I still need to get around to reviewing them 15:16:30 otherwise no other updates from me 15:16:40 thanks gagehugo 15:16:50 my ever growing backlog 15:16:56 #topic PTG 15:17:00 kudos for getting the drafts up 15:17:18 I think they're pretty close, but I need to re-read them 15:17:25 I will be at the PTG all week 15:17:38 the schedule is a bit weird though, keystone is Mon/Thur/Fri 15:17:49 with Mon as the "cross-project" day 15:17:53 but I should be around 15:18:12 I unfortunately won't be there. 15:18:21 security is sharing a room with Barbican Mon/Tue I believe 15:18:24 lhinds_ :( 15:18:46 yep, I let ade the PTL know that we might be light on numbers. 15:18:57 that;s np, as its the same for them too :) 15:19:08 ok, cool 15:19:59 we should probably come up with something to discuss there (like recruiting new people) 15:20:24 indeed 15:20:38 o/ 15:20:46 jessegler o/ 15:20:53 #topic general discussion 15:21:09 the floor is open if anyone wants to bring something up 15:21:27 otherwise we can end early 15:21:46 nothing from me, apart from I am on PTO for next three weeks 15:21:59 lhinds_ vacation? 15:22:04 gagehugo yup 15:22:07 nice 15:22:20 yep, looking forward to it 15:23:01 I'll have some exciting news to share next week :) 15:23:08 you're ok still cover gagehugo ? 15:23:19 nickthetait \o/ 15:23:27 lhinds_ yup 15:23:35 thanks gagehugo 15:23:52 np! 15:24:05 thanks for coming everyone 15:24:12 o/ 15:24:15 #endmeeting