| *** ved_lad has joined #openstack-security | 00:07 | |
| *** malini1 has quit IRC | 00:41 | |
| *** ved_lad has quit IRC | 00:57 | |
| *** gmurphy has quit IRC | 01:08 | |
| *** gmurphy has joined #openstack-security | 01:09 | |
| *** sicarie has joined #openstack-security | 01:56 | |
| *** sicarie has quit IRC | 01:57 | |
| *** tmcpeak has joined #openstack-security | 03:06 | |
| tmcpeak | gmurphy: great catch on that change. I didn't think to check the rest of the source for other places the command was being dumped without being sanitized, just checked the new stuff :) | 03:12 |
|---|---|---|
| gmurphy | thanks. | 03:13 |
| *** paulmo has quit IRC | 03:15 | |
| tmcpeak | gmurphy: where are you from? | 03:18 |
| tmcpeak | on kind of late, aren't you? | 03:18 |
| gmurphy | nope. i'm in australia | 03:19 |
| tmcpeak | gmurphy: ahh nice, you aren't one of hyakuhei's guys, are you? | 03:19 |
| gmurphy | no. i'm with red hat product security. | 03:20 |
| gmurphy | tmcpeak - how about you? late there? | 03:21 |
| tmcpeak | gmurphy: oh cool, are you nkinder's guy? | 03:21 |
| tmcpeak | gmurphy: I know he said he had a guy in Australia | 03:21 |
| gmurphy | different team same company. | 03:21 |
| tmcpeak | gmurphy: oh cool, you guys are doing some good stuff | 03:22 |
| tmcpeak | gmurphy: I'm in SF, just popped on to check some stuff out | 03:22 |
| tmcpeak | gmurphy: where in Australia are you? | 03:22 |
| gmurphy | think that would be umm.. jamie lennox | 03:23 |
| gmurphy | i'm in brisbane. | 03:24 |
| gmurphy | we have a few security guys here. | 03:24 |
| tmcpeak | gmurphy: oh cool, Jamie Lennox sounds right | 03:24 |
| tmcpeak | gmurphy: I'm Symantec btw… to answer your original question | 03:24 |
| tmcpeak | gmurphy: so are you focused on OpenStack or across all RedHat projects? | 03:25 |
| gmurphy | tmcpeak - oh right. geeze must be pretty late there atm. | 03:25 |
| gmurphy | tmcpeak - i do a bunch of different things at red hat | 03:25 |
| gmurphy | tmcpeak - i help out on the openstack vmt in my spare time | 03:25 |
| tmcpeak | gmurphy: it's 8:25 PM, not so late | 03:26 |
| tmcpeak | gmurphy: oh you're VMT? | 03:26 |
| gmurphy | tmcpeak - ah ok that's more reasonable. | 03:26 |
| gmurphy | tmcpeak - yep. | 03:26 |
| tmcpeak | gmurphy: badass, that always sounded like a cool gig | 03:26 |
| tmcpeak | gmurphy: how many are on VMT? | 03:26 |
| gmurphy | tmcpeak - it has its moments :-) | 03:27 |
| gmurphy | tmcpeak - 4 | 03:27 |
| gmurphy | https://launchpad.net/~openstack-vuln-mgmt/+members#active | 03:27 |
| tmcpeak | gmurphy: awesome, how's the workload? you guys have enough resources to chew through everything? | 03:27 |
| tmcpeak | gmurphy: oh yeah, there you are :) | 03:28 |
| tmcpeak | gmurphy: did you reach out to them or them to you? | 03:28 |
| gmurphy | tmcpeak - think we are keeping on top of it. | 03:28 |
| gmurphy | tmcpeak - i volunteered to help | 03:29 |
| tmcpeak | gmurphy: do you guys handle incident response too? | 03:29 |
| gmurphy | tmcpeak - this is our process etc https://wiki.openstack.org/wiki/VulnerabilityManagement | 03:30 |
| gmurphy | tmcpeak - so we get people reporting things related to openstack infrastructure sometimes too if thats what you mean? | 03:31 |
| tmcpeak | gmurphy: yeah, that's part of what I was wondering, also about the notifying downstream stakeholders | 03:31 |
| tmcpeak | gmurphy: the embargo process is fascinating too | 03:33 |
| tmcpeak | gmurphy: I'd like to get somebody from Symantec on that stakeholder list, probably the Dir in charge of security stuff, can I just explain that we are running a large private OpenStack deployment? | 03:35 |
| gmurphy | tmcpeak - one thing i would like to get the ossg to help out with is doing audits for projects we are considering adding to our security supported project list | 03:35 |
| gmurphy | (https://wiki.openstack.org/wiki/Security_supported_projects) | 03:35 |
| tmcpeak | gmurphy: oh yeah, that sounds like a great project for us to take a stab at | 03:36 |
| tmcpeak | gmurphy: what do you have in mind for the audits? | 03:37 |
| gmurphy | tmcpeak - what you should do is send through a request via email to everybody in the VMT. we will review and approve etc. | 03:37 |
| tmcpeak | gmurphy: ok cool, I'll help him with it | 03:39 |
| tmcpeak | gmurphy: in terms of the audit, nkinder was working on getting some baseline review of projects | 03:39 |
| tmcpeak | gmurphy: crypto inventory, stored secrets, etc.. | 03:39 |
| gmurphy | tmcpeak - yeah. i think that is a great idea. | 03:39 |
| tmcpeak | gmurphy: he's leading that effort | 03:40 |
| tmcpeak | gmurphy: Keystone has done one, and I'm working on one for Glance (although I'll admit I'm lagging a bit) | 03:40 |
| tmcpeak | gmurphy: I think others may be working on other projects | 03:40 |
| tmcpeak | gmurphy: do you have any reference audits so we could compare what you're looking at versus the ones we're already working on? | 03:40 |
| tmcpeak | gmurphy: these are the ones that nkinder is leading the push for | 03:41 |
| tmcpeak | https://wiki.openstack.org/wiki/Security/Icehouse/Keystone | 03:41 |
| gmurphy | tmcpeak - ok great. i'll check them out. | 03:41 |
| tmcpeak | gmurphy: sounds good | 03:42 |
| tmcpeak | gmurphy: going to run, I'll catch you later | 03:42 |
| gmurphy | tmcpeak - not really. i'll try to put something together about it and send it through to ossg list for feedback. | 03:42 |
| tmcpeak | gmurphy: ok cool | 03:43 |
| gmurphy | tmcpeak k. thanks for the chat. | 03:43 |
| tmcpeak | gmurphy: sounds good | 03:43 |
| tmcpeak | gmurphy: nice talking to you | 03:43 |
| *** tmcpeak has quit IRC | 03:44 | |
| openstackgerrit | Nathaniel Dillon proposed a change to openstack/security-doc: Removing references of out-of-date versions of OpenStack https://review.openstack.org/108569 | 03:58 |
| openstackgerrit | Mike Lange proposed a change to openstack/security-doc: Added sections 1.2 and 1.3 https://review.openstack.org/108570 | 04:02 |
| openstackgerrit | A change was merged to openstack/security-doc: Removed some duplicate spaces https://review.openstack.org/108239 | 04:29 |
| *** voodookid has joined #openstack-security | 04:47 | |
| openstackgerrit | Mike Lange proposed a change to openstack/security-doc: Added sections 1.2 and 1.3 https://review.openstack.org/108570 | 04:51 |
| *** voodookid has quit IRC | 05:50 | |
| openstackgerrit | OpenStack Proposal Bot proposed a change to openstack/security-doc: Imported Translations from Transifex https://review.openstack.org/108585 | 06:05 |
| *** elo has quit IRC | 06:26 | |
| openstackgerrit | A change was merged to openstack/security-doc: Imported Translations from Transifex https://review.openstack.org/108585 | 06:36 |
| *** malini has joined #openstack-security | 07:36 | |
| *** elo has joined #openstack-security | 07:51 | |
| *** malini has quit IRC | 08:42 | |
| *** elo has quit IRC | 08:43 | |
| *** elo has joined #openstack-security | 08:47 | |
| *** openstackgerrit has quit IRC | 09:31 | |
| *** openstackgerrit has joined #openstack-security | 09:32 | |
| *** hyakuhei has quit IRC | 09:54 | |
| *** viraptor1 has quit IRC | 09:54 | |
| *** hyakuhei has joined #openstack-security | 09:55 | |
| *** viraptor1 has joined #openstack-security | 09:55 | |
| openstackgerrit | KATO Tomoyuki proposed a change to openstack/security-doc: Use the right name and add reference to. https://review.openstack.org/108645 | 11:11 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Changes wording from "spin it up" to "create an instance" https://review.openstack.org/108663 | 12:02 |
| *** bknudson has quit IRC | 13:10 | |
| *** nkinder has quit IRC | 13:18 | |
| *** bknudson has joined #openstack-security | 13:29 | |
| openstackgerrit | A change was merged to openstack/security-doc: Changes wording from "spin it up" to "create an instance" https://review.openstack.org/108663 | 14:01 |
| *** paulmo has joined #openstack-security | 14:02 | |
| *** nkinder has joined #openstack-security | 14:04 | |
| *** voodookid has joined #openstack-security | 14:15 | |
| *** elo has quit IRC | 14:28 | |
| *** elo has joined #openstack-security | 14:30 | |
| *** gabriela has joined #openstack-security | 14:43 | |
| gabriela | HELLO | 14:43 |
| gabriela | BXLG | 14:43 |
| gabriela | hola volvi | 14:56 |
| *** sicarie has joined #openstack-security | 15:10 | |
| gabriela | : * | 15:13 |
| gabriela | đ€ßðđłsf | 15:13 |
| *** gabriela has left #openstack-security | 15:17 | |
| *** sicarie_ has joined #openstack-security | 15:28 | |
| *** sicarie has quit IRC | 15:29 | |
| *** sicarie_ is now known as sicarie | 15:29 | |
| *** viraptor1 has quit IRC | 15:49 | |
| *** elo has quit IRC | 16:13 | |
| *** tmcpeak has joined #openstack-security | 16:36 | |
| tmcpeak | woohoo, glance change made it upstream | 16:39 |
| tmcpeak | good learning experience to tackle it end to end | 16:39 |
| tmcpeak | now time to fix all the things :P | 16:39 |
| paulmo | Wow, congrats! Pushing upstream is not always easy. :) | 16:48 |
| tmcpeak | paulmo: thanks! | 16:49 |
| tmcpeak | paulmo: this was actually a tiny change but great to get my feet wet | 16:49 |
| paulmo | It is all downhill now | 16:49 |
| paulmo | (well, on a bumpy road maybe hah) | 16:50 |
| *** ved_lad has joined #openstack-security | 17:02 | |
| tmcpeak | paulmo: LOL | 17:05 |
| tmcpeak | I have an idea for new content for the book | 17:06 |
| tmcpeak | I spoke to gmurphy last night about VMT a little bit | 17:07 |
| tmcpeak | what about a section on workflow for applying security patches in a timely manner | 17:07 |
| tmcpeak | plus I think we should call out the ability to get early access to new vulnerability patches if you are a stakeholder | 17:07 |
| tmcpeak | which I think is important information to make available and isn't the kind of thing people would think of by themselves | 17:08 |
| tmcpeak | nkinder: this is a good point about affected versions | 17:11 |
| tmcpeak | are we going back and adding new versions to old notes? | 17:11 |
| nkinder | tmcpeak: we haven't, but that's a good idea | 17:13 |
| tmcpeak | nkinder: yeah, otherwise people may assume that newer versions aren't affected, which in some cases they may not be, but in some they almost certainly are | 17:14 |
| tmcpeak | nkinder: there's a fair amount of work to be done to sort them out, but it's probably worth it | 17:14 |
| tmcpeak | nkinder: otherwise the notes get kind of stale | 17:14 |
| nkinder | tmcpeak: a good portion of the notes have been written since Icehouse, so we're good there | 17:14 |
| tmcpeak | nkinder: I'm mostly concerned with what happens when Juno is released | 17:15 |
| nkinder | tmcpeak: we should audit through them when juno release candidates start landing | 17:15 |
| tmcpeak | nkinder: yep, for sure | 17:15 |
| tmcpeak | nkinder: you see the bit above about the new section for the book? | 17:16 |
| openstackgerrit | Nathaniel Dillon proposed a change to openstack/security-doc: Removing references of out-of-date versions of OpenStack https://review.openstack.org/108780 | 17:17 |
| nkinder | tmcpeak: yeah, it's good to mention (but there are vast differences in how updates should be applied depending on the distribution) | 17:17 |
| tmcpeak | nkinder: yeah for sure, I just mean some rough discussion about what sample workflows might look like | 17:18 |
| nkinder | tmcpeak: open a doc bug so we don't lose track of it | 17:18 |
| tmcpeak | nkinder: cool, will do | 17:18 |
| tmcpeak | nkinder: that's here, right? https://bugs.launchpad.net/openstack-manuals | 17:19 |
| nkinder | tmcpeak: yeah, but you need to add the sec-guide tag - https://bugs.launchpad.net/openstack-manuals/+bugs?field.tag=sec-guide | 17:20 |
| tmcpeak | nkinder: ahh cool, thank you | 17:21 |
| openstackgerrit | Nathaniel Dillon proposed a change to openstack/security-doc: Removing references of out-of-date versions of OpenStack https://review.openstack.org/108569 | 17:25 |
| tmcpeak | https://bugs.launchpad.net/openstack-manuals/+bug/1347057 | 17:27 |
| *** sicarie_ has joined #openstack-security | 18:00 | |
| *** sicarie has quit IRC | 18:03 | |
| *** sicarie_ is now known as sicarie | 18:06 | |
| *** elo has joined #openstack-security | 18:10 | |
| *** sicarie has quit IRC | 18:12 | |
| *** ved_lad_ has joined #openstack-security | 18:14 | |
| *** ved_lad has quit IRC | 18:15 | |
| *** ved_lad_ has quit IRC | 18:21 | |
| *** nkinder has quit IRC | 18:32 | |
| *** nkinder has joined #openstack-security | 18:44 | |
| *** ved_lad has joined #openstack-security | 18:46 | |
| *** elo has quit IRC | 19:21 | |
| *** ved_lad has quit IRC | 19:46 | |
| *** ved_lad has joined #openstack-security | 20:08 | |
| *** ved_lad has quit IRC | 20:45 | |
| *** tmcpeak1 has joined #openstack-security | 21:34 | |
| *** tmcpeak has quit IRC | 21:37 | |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Add link to management security domain to security guide https://review.openstack.org/108851 | 21:39 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Add link to management security domain to security guide https://review.openstack.org/108851 | 21:42 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Add link to management security domain to security guide https://review.openstack.org/108851 | 21:43 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Add link to management security domain to security guide https://review.openstack.org/108851 | 21:49 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Cleaning up grammer and wording, avoiding 2nd person https://review.openstack.org/108855 | 22:12 |
| openstackgerrit | Dan Sneddon proposed a change to openstack/security-doc: Cleaning up grammer and wording, avoiding 2nd person https://review.openstack.org/108855 | 22:14 |
| *** paulmo has quit IRC | 22:21 | |
| openstackgerrit | A change was merged to openstack/security-doc: Removing references of out-of-date versions of OpenStack https://review.openstack.org/108569 | 22:35 |
| *** tmcpeak1 has quit IRC | 22:50 | |
| *** tmcpeak has joined #openstack-security | 22:56 | |
| *** bknudson has quit IRC | 22:57 | |
| *** nkinder has quit IRC | 22:59 | |
| *** tmcpeak has quit IRC | 23:01 | |
| *** voodookid has quit IRC | 23:10 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!