15:00:38 #startmeeting security 15:00:39 Meeting started Thu Jul 2 15:00:38 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:40 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:42 The meeting name has been set to 'security' 15:00:47 #linkhttps://etherpad.opendev.org/p/security-agenda agenda 15:01:23 ahoy, mateys 15:02:27 o/ 15:03:45 o/ 15:06:23 this has to be our most riveting meeting yet ;) 15:07:09 any security meeting you can walk away from, is a good security meeting 15:08:42 fair point 15:08:57 sorry was distracted 15:09:04 no worries! 15:09:05 #topic next week's meeting 15:09:12 i'm a little fried this morning anyway 15:09:15 I will be out for training, so I'm going to just cancel it 15:09:16 me too 15:09:25 I'll send out an email 15:09:30 #topic open discussion 15:09:33 floor is open 15:10:56 we now have cinder releases for all releasable branches that address OSSN-0086 15:12:13 thanks rosmaita! 15:12:33 and hopefully i will never utter the words "OSSN-0086" ever again 15:12:34 yes, ty rosmaita! 15:13:25 someone popped into #openstack-security a little while back asking whether anyone has experience integrating carbonblack's security products with their openstack deployments 15:13:56 proprietary stuff, so likely not that relevant for us to discuss, but figured i'd point it out for the log 15:14:19 there may be some operators with a common interest around that or similar integrations i guess 15:15:45 looks like june 23 was the last time we switched any security-related bugs public, so not much to discuss on the advisory/vmt end of things 15:16:13 pretty sure we covered that one in last week's meeting 15:16:59 yeah 15:17:01 i still haven't gotten to writing up the barbican as a base service proposal for openstack/governance like we talked about at the ptg, though it's just about been excavated from my to do pile again 15:18:47 i'm quite pleased with how our new 90-day embargo limit is working out though. it's allowed us to air out a bunch of old cobwebs and is keeping our embargo load very manageable 15:19:43 that said, it means there are now a bunch of "incomplete" ossa bugtasks on public-security bugs which could use some eyes on them to help us figure out if they're actual vulnerabilities 15:20:22 #link https://launchpad.net/bugs/ossa Please help the OpenStack VMT identify actionable vulnerability reports 15:21:07 d'oh, i should have tested that url first 15:21:14 gagehugo: can you #undo? 15:21:21 lol 15:21:22 #undo 15:21:23 Removing item from minutes: #link https://launchpad.net/bugs/ossa 15:21:27 thanks 15:21:37 #link https://bugs.launchpad.net/ossa Please help the OpenStack VMT identify actionable vulnerability reports 15:21:43 much better 15:28:04 thanks fungi 15:28:14 thanks rosmita 15:28:17 i think you can close the OSSA parg of https://bugs.launchpad.net/ossa/+bug/1799221 as a WON'T FIX 15:28:17 Launchpad bug 1799221 in OpenStack Security Advisory "cinder-volume can create truncated volumes when masking glanceclient errors" [Undecided,New] 15:28:30 s/parg/part/ 15:28:35 yeah 15:28:52 great! if you can leave a comment explaining why, i'm happy to do that 15:29:08 sure 15:29:34 i just don't want it to look like i'm going around closing our advisory tasks without community input 15:30:10 :) 15:31:46 (otherwise i'd go close all of those now for lack of interest) 15:33:33 fungi: I'll also try to get a new meeting time email out eventually 15:33:44 this time-slot isn't the greatest 15:34:28 sure, sounds good 15:34:33 i'm happy to adjust 15:34:50 thanks everyone, have a good holiday weekend! 15:34:52 i'm normally at least double, sometimes triple and occasionally quadruple booked during this hour 15:34:56 same 15:35:02 thanks gagehugo! you too! 15:35:10 and it's worse once DST begins/ends 15:35:15 #endmeeting