15:01:51 #startmeeting security 15:01:52 Meeting started Thu Aug 9 15:01:51 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:54 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:56 The meeting name has been set to 'security' 15:02:14 ping eeiden fungi gagehugo lhinds nickthetait browne redrobot 15:02:17 o/ 15:02:25 #link https://etherpad.openstack.org/p/security-agenda 15:03:00 redrobot o/ 15:03:17 gagehugo, 👋 15:03:39 yup, also in tc office hour as usual 15:04:55 probably will be a shorter meeting 15:05:07 #topic OSSN/OSSA 15:05:16 fungi any updates? 15:05:31 let's see... 15:06:25 #link https://launchpad.net/bugs/1784259 Neutron RBAC not working for multiple extensions 15:06:25 Launchpad bug 1784259 in OpenStack Security Advisory "Neutron RBAC not working for multiple extensions" [Undecided,Incomplete] 15:06:45 that's been switched to public as of saturday 15:07:28 the corresponding fixes are still under review 15:07:58 hmm 15:08:00 and no confirmed status from the vmt that it's a vulnerability in need of an ossa (which will depend somewhat on how the fixes for it shake out) 15:08:37 if anyone has opinions on this issue or wants to help out, you're very welcome to do so 15:09:08 policy is always fun 15:10:06 i don't think there are any other public developments worth mentioning since last week 15:10:50 fungi: thanks! 15:11:01 #topic Documentation 15:11:13 I don't have any updates for this 15:12:09 #topic Threat Analysis Documents 15:12:25 there is a review for pycadf: https://review.openstack.org/#/c/529945/ 15:12:41 I think that is pretty close 15:12:59 keystonemiddleware - https://review.openstack.org/#/c/526476/ 15:13:02 also pretty close 15:13:46 fungi not sure about your availability, but when lhinds gets back I was wondering if we could schedule time to review the pycadf one 15:13:57 it's pretty simple imo 15:14:16 sure can try. no promises, but yes sounds good 15:14:56 keystonemiddleware will likely take more involvement 15:15:11 that's all I got for that though 15:15:17 #topic PTG 15:15:32 I created an etherpad for the security sig 15:15:39 #link https://etherpad.openstack.org/p/security-stein-ptg 15:16:12 as always, i'll be at the ptg. if you're getting into a topic you want me to weigh in on definitely give me a heads up in #openstack-ptg or something so i can switch rooms/hats 15:16:21 I will reach out to Ade about how barbican is wanting to schedule their agenda, and see where we can figure in our topics 15:16:59 fungi: sounds good 15:17:09 we share a room on Mon/Tue 15:17:32 I think the keystone cross-project is scheduled for monday so that will probably take a good portion of my day 15:17:46 #topic General Discussion 15:18:02 #link https://review.openstack.org/586896 Remove Security project team 15:18:05 that merged on monday 15:18:10 the security team is dead, long live the security sig 15:18:28 heh 15:19:00 I was going to suggest canceling next week's meeting (unless anyone want's to chair) 15:19:10 I will be out, and I believe lhinds is out as well 15:19:46 fine with me. i'd be a poor chair since i'm already splitting my time during this slot 15:20:56 I will mark it as canceled then for next week (and send out an email to the ML) 15:21:11 otherwise this room is available at this time next week if anyone wants to use it 15:21:23 that's all I got 15:21:44 redrobot do you have anything? 15:21:59 gagehugo, negative, just lurking 15:22:17 ok 15:22:24 thanks for coming everyone, have a good weekend! 15:22:28 #endmeeting