Tuesday, 2015-03-03

« Monday, 2015-03-02 Index Wednesday, 2015-03-04 »
*** markvoelker has quit IRC00:03
*** ljfisher has joined #openstack-security00:07
*** singlethink has quit IRC00:08
*** voodookid has quit IRC00:08
*** bknudson has joined #openstack-security00:37
*** markvoelker has joined #openstack-security01:04
*** JAHoagie has quit IRC01:09
*** markvoelker has quit IRC01:13
*** bpokorny_ has joined #openstack-security01:23
*** ljfisher has quit IRC01:25
*** bpokorny has quit IRC01:26
*** tmcpeak has joined #openstack-security01:30
*** tmcpeak has quit IRC01:38
*** fletcher has quit IRC01:41
*** tmcpeak has joined #openstack-security01:43
*** bdpayne has quit IRC01:45
*** tmcpeak has quit IRC01:45
*** pdesai has joined #openstack-security01:49
*** bpokorny_ has quit IRC02:14
*** pdesai has quit IRC02:22
*** markvoelker has joined #openstack-security02:26
*** browne has quit IRC02:59
*** bdpayne has joined #openstack-security03:07
*** bdpayne has quit IRC03:21
*** vozcelik has joined #openstack-security03:31
*** vozcelik has quit IRC03:34
*** bpokorny has joined #openstack-security03:37
*** browne has joined #openstack-security03:39
*** d0m3n1c has joined #openstack-security04:01
*** d0m3n1c has left #openstack-security04:02
*** bpokorny has quit IRC04:48
*** bpokorny has joined #openstack-security04:49
*** bpokorny has quit IRC04:58
*** markvoelker has quit IRC04:59
*** markvoelker has joined #openstack-security05:00
*** markvoelker has quit IRC05:04
*** JAHoagie has joined #openstack-security05:23
*** markvoelker has joined #openstack-security05:30
*** markvoelker has quit IRC05:35
*** dave-mccowan has quit IRC05:38
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/16064306:01
*** redrobot has quit IRC06:21
*** redrobot has joined #openstack-security06:25
*** redrobot is now known as Guest3254406:25
*** markvoelker has joined #openstack-security06:31
*** markvoelker has quit IRC06:36
*** J1nn has joined #openstack-security06:38
J1nnhows it going06:39
J1nnnice06:40
*** JAHoagie has quit IRC06:42
J1nnanyone know how to bypass av for reverse tcp pdf06:45
*** J1nn has left #openstack-security06:49
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/16064306:55
*** dstufft has quit IRC07:08
*** dstufft has joined #openstack-security07:15
*** openstackgerrit has quit IRC07:22
*** openstackgerrit has joined #openstack-security07:22
*** markvoelker has joined #openstack-security07:32
*** markvoelker has quit IRC07:37
*** browne has quit IRC08:07
*** markvoelker has joined #openstack-security08:33
*** markvoelker has quit IRC08:39
*** markvoelker has joined #openstack-security09:35
*** markvoelker has quit IRC09:39
*** markvoelker has joined #openstack-security10:35
*** markvoelker has quit IRC10:40
*** markvoelker has joined #openstack-security11:36
*** markvoelker has quit IRC11:41
*** tmcpeak has joined #openstack-security12:25
*** markvoelker has joined #openstack-security12:38
*** markvoelker has quit IRC12:42
*** dave-mccowan has joined #openstack-security12:48
*** markvoelker has joined #openstack-security13:04
*** ljfisher has joined #openstack-security14:17
*** nkinder has quit IRC14:24
*** salv-orlando has joined #openstack-security14:43
*** sicarie has joined #openstack-security15:07
*** nkinder has joined #openstack-security15:08
openstackgerritMerged stackforge/bandit: Return the full name used in calls  https://review.openstack.org/16054615:39
*** rkgudboy has joined #openstack-security15:46
*** voodookid has joined #openstack-security15:47
*** tmcpeak1 has joined #openstack-security16:00
*** rkgudboy has quit IRC16:02
*** tmcpeak has quit IRC16:02
tmcpeak1bknudson: where is the keystone meeting going to be?16:04
tmcpeak1also it's in about 2 hours, right? :)16:04
bknudson#openstack-meeting16:04
tmcpeak1cool16:05
bknudsony, it's in 2 hours16:05
tmcpeak1cool, see you then16:05
*** browne has joined #openstack-security16:14
*** dave-mccowan has quit IRC16:15
*** bpokorny_ has joined #openstack-security16:20
*** pdesai has joined #openstack-security16:25
openstackgerritLeon Zachery proposed openstack/security-doc: Add reference links to Openstack Security Guide - Securing Openstack networking services section  https://review.openstack.org/16086816:26
*** canaima_ has joined #openstack-security16:35
*** canaima_ has quit IRC16:35
openstackgerritCaio Oliveira proposed openstack/security-doc: Removal of unnecessary parts of the text about boot process using TSL  https://review.openstack.org/16088116:43
*** Guest32544 is now known as redrobot16:51
*** bpokorny has joined #openstack-security17:01
*** bpokorny_ has quit IRC17:05
*** ljfisher has quit IRC17:05
*** bpokorny has quit IRC17:05
*** bpokorny has joined #openstack-security17:12
openstackgerritPriti Desai proposed openstack/security-doc: Adding Security Checklist  https://review.openstack.org/15716417:24
*** rkgudboy has joined #openstack-security17:29
openstackgerritCaio Oliveira proposed openstack/security-doc: Removal of unnecessary parts of the text about boot process using TLS  https://review.openstack.org/16088117:38
*** ljfisher has joined #openstack-security17:47
*** bpokorny_ has joined #openstack-security17:54
*** bpokorny has quit IRC17:57
*** bdpayne has joined #openstack-security18:00
tmcpeak1Bandit in #openstack-meeting during Keystone weekly18:01
*** browne has quit IRC18:02
*** dave-mccowan has joined #openstack-security18:12
tmcpeak1that went great, thanks bknudson18:27
ljfisheryeah, good.18:28
bknudsontmcpeak1: yes, thanks for answering the questions.18:28
bknudsonI think you can see that there would be some concerns if this just popped up.18:28
tmcpeak1:) I'm going to have a mini-party when this gets into Keystone gate18:28
tmcpeak1yeah, was great to talk to the folks ahead of time18:28
ljfishergood to see everyone so receptive18:30
tmcpeak1yeah, definitely18:30
*** bpokorny has joined #openstack-security18:31
ljfisherit does raise the point of if we need to worry about adding new tests without running it at least on openstack projects first. But that is difficult to manage.18:31
tmcpeak1ljfisher: I usually have a run against my OpenStack project directory anyway18:31
ljfisherand you examine all the results every time?18:32
ljfisherevery time you add a new test that is?18:32
tmcpeak1I run them for stability18:33
ljfisherseems like a diff of the json output could be handy for that18:33
ljfisheryeah, that is good18:33
tmcpeak1I'm not currently running them to check and make sure we aren't 0-daying somebody18:33
tmcpeak1but, yeah, we should :)18:33
*** bpokorny_ has quit IRC18:34
ljfishermaybe a tox test to pull OpenStack projects down, run bandit, save json result, and then next run diff against the last18:34
tmcpeak1yeah, that would be awesome18:35
ljfisherdo we have a list of desired features anywhere?18:35
tmcpeak1TODO here: https://wiki.openstack.org/wiki/Security/Projects/Bandit#TODO18:36
tmcpeak1I just added you as Bandit core on there too18:36
ljfisherCan we create todos in launchpad?18:40
ljfisherit seems very bug centric18:41
tmcpeak1ljfisher: yeah, that would be a good place for features too18:42
tmcpeak1wiki TODO kind of sucks18:42
ljfisheresp as the list gets long18:42
ljfisherI think todos are more blueprints in launchpad18:42
tmcpeak1yeah as it is I haven't looked at it in months18:42
tmcpeak1ick18:43
tmcpeak1blueprints18:43
tmcpeak1we need something less rigid than that18:43
ljfishercan we just be less rigid with them? Not sure how much launchpad forces on you18:43
tmcpeak1hmm18:43
tmcpeak1good Q18:43
tmcpeak1let me dig18:43
tmcpeak1hmm ok18:44
tmcpeak1looks like it  should work18:44
gmurphymy 2c (not that it matters) is you should be able to expand most of those todos into bugs. you can always close them as wont-fix if they don't end up requiring code changes. also helps with tracking of who is working on what..18:44
ljfishermy only concern with doing as bugs is can we filter on just those18:45
tmcpeak1gmurphy: you're right, many of these are flat out bugs18:45
gmurphyyou mean group by todos? or group by bandit?18:46
tmcpeak1some are legit TODO though18:46
ljfisherI want to see all todos in bandit18:46
ljfisherin one list18:46
tmcpeak1such as: •Tie reporting / output back to https://wiki.openstack.org/wiki/Security/Guidelines.18:46
*** rkgudboy has quit IRC18:46
ljfisherif there are tags we could probably do it18:46
tmcpeak1Launchpad description seems in favor of using Blueprints for enhancements18:47
ljfisheryeah it looked like that to me also18:48
ljfisherwe just don’t need to do all parts of the blueprint18:48
ljfisherand can be brief as needed18:48
gmurphyi think you can add tags.. then something like https://bugs.launchpad.net/bandit/+bugs?orderby=tag&start=018:49
*** bpokorny_ has joined #openstack-security18:49
tmcpeak1https://blueprints.launchpad.net/bandit/+spec/profile-stacking18:49
tmcpeak1I present the worst written blueprint of all times18:49
tmcpeak1but yeah, it works as a TODO18:49
tmcpeak1so now TODOs are all here18:49
tmcpeak1https://blueprints.launchpad.net/bandit18:49
ljfisher that is sufficient for where Bandit is at18:50
tmcpeak1yep, lgtm18:50
ljfisherand we can link to it and get a list of things to work on18:50
tmcpeak1so me, we, somebody should go through TODO and file bugs or blueprints for all of what we have18:50
tmcpeak1yeah18:51
tmcpeak1anybody interested in chopping the wiki TODO with me?18:51
ljfisheradd it as a todo :)18:51
tmcpeak1haha18:51
tmcpeak1on wiki or in launchpad?18:51
ljfisheroh bother…18:51
ljfisherYou want to start from top andn I’ll start from bottom?18:52
*** bpokorny has quit IRC18:52
ljfishertie reporting is about middle18:53
tmcpeak1I'd call that enhancement18:53
tmcpeak1there's nothing wrong with it as is, it works. Just could be better18:53
tmcpeak1ljfisher: want to take first half of list (through consider helper funcs)18:54
tmcpeak1and I'll take second half?18:54
tmcpeak1just make a judgement call18:54
tmcpeak1also make sure whatever bug isn't already there :)18:54
tmcpeak1could be fun...18:54
ljfisherok18:55
tmcpeak1cool18:55
tmcpeak1thank you sir18:55
ljfisherwhy did you want ot switch halfs?18:55
tmcpeak1oh I did18:55
tmcpeak1?18:56
tmcpeak1we don't have to18:56
tmcpeak1oh, didn't see your comment18:56
tmcpeak1lol18:56
tmcpeak1yeah, I'll take first half18:56
tmcpeak1that's fine18:56
ljfisherwhatever18:56
tmcpeak1we'll stick with what you said ;)18:56
ljfisheryou go first, I’ll take second18:56
tmcpeak1cool18:56
ljfishersome other stuff to do so will work on through the day18:57
tmcpeak1yeah, no worries18:57
tmcpeak1ljfisher: this is fixed, right?18:57
ljfisherwhat is ‘this’?18:58
tmcpeak1lol18:58
tmcpeak1oops18:58
tmcpeak1https://bugs.launchpad.net/bandit/+bug/142288718:58
openstackLaunchpad bug 1422887 in Bandit "Hundreds of "module not on sys.path" warnings" [Medium,Fix released]18:58
ljfisheryes18:59
tmcpeak1we should start having a triage meeting or something19:00
ljfisheryeah probably. Maybe on demand or not too often for now19:03
tmcpeak1yeah19:03
*** browne has joined #openstack-security19:05
*** dwyde has joined #openstack-security19:15
tmcpeak1ljfisher: is this one done? "Review / revisit result collection structure / format."19:20
tmcpeak1ljfisher: also I screwed up and ended doing the second half19:21
ljfisheri don’t think so19:21
ljfisherok, good I didn’t start yet19:21
tmcpeak1had copied into textpad and forgot to update19:21
ljfisherno worries19:21
tmcpeak1ljfisher: isn't that what you guys already did with the decorators for severity and stuff?19:22
*** amrith is now known as _amrith_19:23
ljfishernot sure, actually. That would touch the results. In any case, I don’t know if that is done yet19:23
tmcpeak1ok, ill file and we'll kill it if it's done19:23
*** browne has quit IRC20:01
*** browne has joined #openstack-security20:02
*** tmcpeak1 has quit IRC21:14
*** _amrith_ is now known as amrith21:15
*** tmcpeak has joined #openstack-security21:21
*** browne has quit IRC21:22
*** browne has joined #openstack-security21:23
*** browne has quit IRC21:39
*** browne has joined #openstack-security21:39
*** pdesai has quit IRC21:42
*** pdesai has joined #openstack-security21:54
*** edmondsw has joined #openstack-security22:07
edmondswnkinder, do you know where I can find the .te, .fc, etc. files that go into keystone.pp on RHEL?22:09
*** dave-mccowan has quit IRC22:11
nkinderedmondsw: it should be in the source of the openstack-selinux package22:11
nkinderedmondsw: ...but, there is also some policy in the base OS policy (selinux-policy-targeted)22:11
edmondswnkinder, right... meant for the OS22:15
edmondswnkinder, and why are there both? Will the openstack-selinux one go away?22:15
nkinderedmondsw: maybe...  It's sort of the way it is since there are two different release vehicles (the OS and OpenStack)22:17
nkinderedmondsw: I think it will ultimately get to one or the other (not both)22:17
edmondswnkinder, so for the time being, apply the openstack-selinux package on top of whatever the base OS has... they shouldn't conflict, at least, I hope?22:18
edmondswis the source for the base OS's policy available somewhere so I can compare the two?22:19
openstackgerritDavid Wyde proposed stackforge/bandit: Refactor functional tests to clarify scoring.  https://review.openstack.org/16100522:25
openstackgerritbruce-benjamin proposed openstack/security-doc: Added input re- volume encryption feature  https://review.openstack.org/16101222:36
openstackgerritDavid Wyde proposed stackforge/bandit: Refactor functional tests to clarify scoring  https://review.openstack.org/16100522:46
*** openstackgerrit has quit IRC22:51
*** openstackgerrit has joined #openstack-security22:51
openstackgerritJamie Finnigan proposed stackforge/bandit: Clean up test property decorators after refactor  https://review.openstack.org/16102423:01
*** nkinder has quit IRC23:04
*** tmcpeak has quit IRC23:39
*** edmondsw has quit IRC23:49
*** dwyde has quit IRC23:59
« Monday, 2015-03-02 Index Wednesday, 2015-03-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!