15:00:08 <gagehugo> #startmeeting security
15:00:09 <openstack> Meeting started Thu May 30 15:00:08 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:12 <openstack> The meeting name has been set to 'security'
15:00:19 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda agenda
15:00:22 <gagehugo> o/
15:00:30 <fungi> hi there
15:01:02 <nickthetait> hey
15:01:30 <gagehugo> give it a few minutes before we start, agenda is light this week so far
15:04:02 <redrobot> \o
15:05:48 <gagehugo> #topic Open Discussion
15:05:55 <gagehugo> #link https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
15:06:05 <gagehugo> interesting article fungi linked (yesterday?)
15:07:27 <gagehugo> otherwise does anyone have anything?
15:07:40 <nickthetait> i have some good news :)
15:08:11 <nickthetait> A project I'll be dedicating one workday per week to is updating the security guide docs
15:08:36 <gagehugo> nice!
15:08:59 <nickthetait> my goal today is to gague how up to date these bugs are https://bugs.launchpad.net/ossp-security-documentation/
15:09:18 <nickthetait> and if there are any obviously missing bugs I should create
15:10:09 <fungi> excellent, thank you so much for picking this up!
15:10:23 <nickthetait> welcome
15:11:06 <nickthetait> is there somewhere I can get a handle on what security features have been added during a release? Looking at the release notes is a starting point I imagine
15:11:37 <gagehugo> fungi: speaking of security docs, I emailed the security-doc-core group list, haven't heard back from anyone unfortunately
15:11:53 <gagehugo> quite a few of the emails were returned as invalid as well
15:12:53 <fungi> gagehugo: not surprising
15:13:09 <fungi> nickthetait: maybe start by going through release highlights? and then move on to release notes
15:13:16 <nickthetait> okay
15:13:18 * fungi gets the highlights link
15:14:05 <fungi> for example...
15:14:13 <fungi> #link https://releases.openstack.org/stein/highlights Stein release highlights
15:14:40 <fungi> the idea is that projects publish a list of their most important developments in a given release
15:15:00 <nickthetait> thats handy
15:15:19 <fungi> they go back as far as queens, which is precisely where you wanted to start anyway i think?
15:15:34 <fungi> (the guide claims to be updated for pike already)
15:15:56 <gagehugo> yeah
15:16:20 <fungi> quality of the notes may vary, they're primarily meant as a source for media/analyst types drafting press releases
15:16:50 <nickthetait> nice
15:16:50 <fungi> but at least they provide a starting point, and should correspond to more detailed stuff in release notes and/or project docs
15:17:12 <fungi> just require a bit of digging to make those connections probably
15:20:03 <nickthetait> and its okay for me to start making noise on these bugs? https://bugs.launchpad.net/ossp-security-documentation/
15:20:19 <nickthetait> closing old ones, changing tags, creating new...
15:22:11 <gagehugo> I would say sure, start triaging things would be ok
15:22:30 <gagehugo> look into existing ones
15:22:46 <nickthetait> great
15:23:52 <nickthetait> ok that's all the questions I have for now
15:24:19 <gagehugo> I'll subscribe and follow up on changes then when I can
15:24:29 <nickthetait> thx
15:24:52 <fungi> yeah, please do whatever you like with the bug reports
15:25:21 <fungi> i'd like to promise i could subscribe and follow up on them without prompting, but i doubt i have the bandwidth
15:25:34 <fungi> however, if there's one you feel needs input from me, please do bring it to my attention
15:25:39 <nickthetait> I understand that ;)
15:25:55 <fungi> find me in #openstack-security or feel free to e-mail me or whatever
15:32:51 <gagehugo> thanks for coming everyone, have a good weekend!
15:33:11 <gagehugo> nickthetait you can ping me as well if needed or email
15:33:17 <gagehugo> #endmeeting