15:00:30 #startmeeting security 15:00:31 Meeting started Thu Dec 12 15:00:30 2019 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:32 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:34 The meeting name has been set to 'security' 15:00:44 #link https://etherpad.openstack.org/p/security-agenda agenda 15:00:59 o/ 15:01:07 aloha 15:02:05 fungi: o/ 15:04:02 #topic OSSA-2019-006 released 15:04:13 #link https://security.openstack.org/ossa/OSSA-2019-006.html 15:04:27 email went out yesterday, so everyone should be notified now 15:04:46 fungi: any other updates for that ^? 15:05:03 i don't think so 15:05:07 great work there 15:05:22 big thanks to the reporter and the keystone devs for quick action on it 15:05:28 especially cmurphy 15:05:34 agreed 15:07:06 got that fixed very quickly 15:07:49 #topic Next meeting times 15:08:02 No meeting next 2 weeks (Happy Holidays!) 15:08:27 Hopefully everyone gets to take it easy for a bit 15:08:39 We'll meet again on Jan 02nd 15:08:47 also worth noting, while i would normally keep tabs on vulnerability reports on vacation, i'm going to be out to sea from the 18th through the 30th 15:09:14 but we have several other contacts listed at https://security.openstack.org/ who can triage reports 15:09:32 so hopefully one of them will spot any which come in during that timeframe 15:09:45 fungi: I'm out for work for the same dates 18-new year, but I always check my emails 15:10:03 that helps, don't check too often though! enjoy your time off 15:10:08 I will! 15:10:22 #topic newsletter 15:10:33 I'll actually send one out this week for real this time for the month 15:10:45 oh, also if you get time to check the moderation queue for the openstack-security ml a few times while i'm away, that might help 15:10:58 sure 15:11:06 but no big deal if that one languishes for a couple weeks 15:11:39 also I think with the new year, I'm going to move the security sig newsletter to monthly 15:12:04 as I keep either forgetting, or we don't really have much to update on 15:12:22 that seems perfectly reasonable 15:12:38 a lot of sigs don't even provide updates that often (or ever!) 15:12:53 true 15:13:28 I was actually told by a few people that they actually read them, so that was nice 15:13:29 though we're supposed to have some identifiable output, the vmt producing ossas and our weekly meeting logs could suffice in a pinch 15:13:44 but i agree, i like the updates 15:13:54 thanks so much for doing them! 15:14:06 It honestly helps me gather my thoughts too and keeps me focuesed on issues when needed 15:14:20 np! 15:14:24 that's a great point 15:14:31 #topic Open Discussion 15:14:36 fungi: anything else for the year? 15:15:21 nope, still hoping to do a revision on 678426 and switch it to ready for review 15:15:30 hopefully today or tomorrow 15:15:36 we'll see how my day goes 15:15:54 #link https://review.opendev.org/678426 Update vulnerability:managed policy 15:16:04 yeah was just looking that up haha 15:16:06 thanks 15:16:09 sounds good 15:17:14 enjoy your time off! 15:17:26 fungi: thanks for all the help! 15:17:33 you too! enjoy the sea 15:17:49 thanks gagehugo! 15:17:55 #endmeeting