15:00:20 <gagehugo> #startmeeting security
15:00:21 <openstack> Meeting started Thu May 21 15:00:20 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:22 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:24 <openstack> The meeting name has been set to 'security'
15:00:33 <gagehugo> #agenda https://etherpad.opendev.org/p/security-agenda agenda
15:00:42 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:00:47 <gagehugo> o/
15:02:04 <fungi> aloha, y'all
15:03:38 <gagehugo> #topic Virtual PTG Schedule
15:03:55 <gagehugo> #link https://etherpad.opendev.org/p/security-sig-ptg-victoria
15:04:00 <gagehugo> I see one topic on there
15:04:02 <gagehugo> \o/
15:06:27 <gagehugo> #topic open discussion
15:06:34 <gagehugo> fungi: o/
15:06:41 <gagehugo> Do you have anything this week?
15:06:51 <gagehugo> I've been a bit pre-occupied
15:07:05 <fungi> let's see...
15:07:37 <fungi> i do have a couple of minor vmt process documentation changes up which could use some movement
15:08:01 <fungi> #link https://review.opendev.org/720291 Remove UUID guessing example from C1 report class
15:08:02 <patchbot> patch 720291 - ossa - Remove UUID guessing example from C1 report class - 2 patch sets
15:08:43 <fungi> #link https://review.opendev.org/729346 Clarify expiration conditions in embargo template
15:08:43 <patchbot> patch 729346 - ossa - Clarify expiration conditions in embargo template - 1 patch set
15:09:19 <gagehugo> lemme look
15:09:50 <gagehugo> approved, simple change
15:09:58 <gagehugo> for ossa
15:10:52 <fungi> thanks
15:11:12 <fungi> also next week is when the first batch of embargo expirations will occur
15:11:29 <gagehugo> yup
15:12:50 <fungi> seeing if there's anything else which pinged the security ml from any hardening bugs
15:14:12 <fungi> #link https://launchpad.net/bugs/1872733 ec2 credential "trust_id" can be updated to null
15:14:12 <openstack> Launchpad bug 1872733 in OpenStack Identity (keystone) "[OSSA-2020-004] Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID (CVE-2020-12691)" [High,Fix released] - Assigned to Colleen Murphy (krinkle)
15:14:43 <fungi> that was a bug which got invalidated by the fix for OSSA-2020-004
15:15:46 <fungi> looks like some e-m patches also got proposed for backports of recent ossa fixes some of the older keystone branches
15:19:35 <fungi> i don't think i have anything else
15:19:48 <fungi> i expect we'll have plenty to talk about next week once a bunch of old bugs become public
15:21:16 <gagehugo> hmm
15:21:17 <gagehugo> ok
15:21:55 <gagehugo> yeah true
15:22:12 <gagehugo> fungi: thanks, have a good long weekend
15:22:19 <gagehugo> #endmeeting