Tuesday, 2015-04-07

« Monday, 2015-04-06 Index Wednesday, 2015-04-08 »
*** tmcpeak has joined #openstack-security00:01
*** nkinder has joined #openstack-security00:09
*** Gue______ has joined #openstack-security00:10
*** markvoelker has joined #openstack-security00:50
*** JAHoagie has quit IRC00:53
*** markvoelker has quit IRC00:55
openstackgerritDarren Chan proposed openstack/security-doc: Removed the password autocomplete section  https://review.openstack.org/16919101:29
*** markvoelker has joined #openstack-security01:51
*** markvoelker has quit IRC01:56
*** Gue______ has quit IRC02:12
*** tmcpeak has quit IRC02:40
*** markvoelker has joined #openstack-security02:52
*** markvoelker has quit IRC02:56
*** jamielennox is now known as jamielennox|away03:47
*** markvoelker has joined #openstack-security03:53
*** markvoelker has quit IRC03:57
*** dave-mccowan has quit IRC04:08
*** bopoh-a has joined #openstack-security04:18
*** elo1 has joined #openstack-security04:26
*** elo1 has quit IRC04:51
*** markvoelker has joined #openstack-security04:53
*** markvoelker has quit IRC04:58
*** markvoelker has joined #openstack-security05:54
*** markvoelker has quit IRC05:58
*** markvoelker has joined #openstack-security06:55
*** aswadr has joined #openstack-security06:58
*** markvoelker has quit IRC06:59
*** tkelsey has joined #openstack-security07:28
*** tkelsey has quit IRC07:30
*** markvoelker has joined #openstack-security07:56
*** markvoelker has quit IRC08:00
*** asrangne has joined #openstack-security08:54
*** aswadr has quit IRC08:56
*** asrangne__ has joined #openstack-security08:56
*** markvoelker has joined #openstack-security08:56
*** asrangne has quit IRC09:00
*** markvoelker has quit IRC09:01
*** JAHoagie has joined #openstack-security09:06
*** JAHoagie has quit IRC09:11
*** markvoelker has joined #openstack-security09:57
*** markvoelker has quit IRC10:02
*** tmcpeak has joined #openstack-security10:03
*** markvoelker has joined #openstack-security10:58
*** markvoelker has quit IRC11:03
*** bopoh-a has quit IRC11:42
*** bopoh-a has joined #openstack-security11:43
*** bopoh-a has left #openstack-security11:43
*** markvoelker has joined #openstack-security11:59
*** markvoelker has quit IRC12:03
*** dave-mccowan has joined #openstack-security12:21
openstackgerritTim Kelsey proposed stackforge/anchor: Updating domain validator to pass if given an empty list  https://review.openstack.org/17004812:47
*** markvoelker has joined #openstack-security12:59
*** markvoelker has quit IRC13:04
*** bknudson has joined #openstack-security13:06
*** JAHoagie has joined #openstack-security13:06
*** openstackgerrit has quit IRC13:07
*** openstackgerrit has joined #openstack-security13:07
*** JAHoagie has quit IRC13:11
*** singlethink has joined #openstack-security13:21
*** JAHoagie has joined #openstack-security13:24
*** markvoelker has joined #openstack-security13:37
openstackgerritTim Kelsey proposed stackforge/anchor: Updating domain validator to pass if given an empty list  https://review.openstack.org/17004813:40
*** JAHoagie has quit IRC14:16
*** sicarie has joined #openstack-security14:25
*** dwyde has joined #openstack-security14:44
*** edmondsw has joined #openstack-security14:47
*** voodookid has joined #openstack-security14:55
*** JAHoagie has joined #openstack-security14:57
*** JAHoagie has quit IRC15:09
*** asrangne__ has quit IRC15:12
*** dwyde has quit IRC15:16
sicarieelmiko: ping15:16
elmikosicarie: pong15:18
sicarieI saw you took a look at https://review.openstack.org/#/c/169191/15:18
elmikoyea, the bug made sense to me15:19
sicarieDo we want to carve out the whole section?15:20
elmikohmm, let me look again15:20
sicarieOr would guidance (such as what tmcpeak put in the bug) be better?15:20
elmikoi think the advice in the bug is valuable to understanding the issue, so i'd be +1 for adding something about it to the section15:21
sicarieOr we could just rip it out (as there is most likely corporate or admin preference around what to do there on a per-environment basis)15:22
*** dwyde has joined #openstack-security15:22
sicarieI'm curious as to what others thing because we just had this come up internally15:22
elmikothat's a good point15:24
elmikoi guess, how much did you want to excise from the dashboard section?15:24
sicarieAnything that makes it better15:24
sicarieOf straight-up removing, I was only looking at the ridiculously long config file15:25
sicarieI'd prefer to rewrite/restate what's there and see if it still applies (as I think a significant portion of it will)15:25
elmikothat probably makes the most sense, much of what is here looks good to me, and it's stuff i would want to be aware of when setting up the dashboard15:26
*** JAHoagie has joined #openstack-security15:26
elmikofor example, cross-site scripting, cookies, and the like15:26
sicarietmcpeak: thoughts on your bug (and the proposed fix)?15:26
sicarieSo with this section I'd advocate for keeping the heading and outlining pros and cons of pw managers with caveat if you're going to allow it, to disable browser and allow desktop15:29
*** JAHoagie has quit IRC15:30
tmcpeakyo15:30
sicarieYou recently submitted bug https://bugs.launchpad.net/openstack-manuals/+bug/1438418 on browers password managers15:31
openstackLaunchpad bug 1438418 in openstack-manuals "OpenStack Security Guide Bad Advice for Saved Password" [Medium,In progress] - Assigned to Darren Chan (dazzachan)15:31
sicarieAnd the proposed fix removes the section completely: https://review.openstack.org/#/c/169191/2/security-guide/ch_dashboard.xml15:31
tmcpeakone sec15:32
tmcpeaklet me check it out15:32
sicariefor sure15:32
sicarieWhat's your opinion on removing (as proposed) vs discussing pros/cons of password managers (in general), and then saying "if you do allow pw managers, disable browser and allow desktop"?15:33
tmcpeakI'm definitely in favor of putting forward information15:33
tmcpeakpros and cons seems like a good approach15:34
tmcpeakyanking out this section is better than nothing, pros and cons is even better15:34
sicarieCool15:34
elmiko+115:34
sicariesweet!15:34
sicarieI'll review the bug15:34
sicarieThanks!15:34
elmikomakes sense to let the yank go through, then add a new patch15:34
tmcpeakyep15:35
sicarieelmiko: good call15:35
openstackgerritMerged openstack/security-doc: Removed the password autocomplete section  https://review.openstack.org/16919115:42
openstackgerritTim Kelsey proposed stackforge/anchor: Added tests to bring coverage up to 100% of validators  https://review.openstack.org/17125715:45
*** dwyde has quit IRC16:43
*** tkelsey has joined #openstack-security16:49
*** dwyde has joined #openstack-security16:51
*** dave-mccowan has quit IRC16:58
*** JAHoagie has joined #openstack-security17:00
*** tmcpeak has quit IRC17:00
*** dave-mccowan has joined #openstack-security17:26
*** bdpayne has joined #openstack-security17:26
*** bpokorny has joined #openstack-security17:27
*** tmcpeak has joined #openstack-security17:29
*** dwyde has quit IRC17:34
*** dwyde has joined #openstack-security17:36
*** JAHoagie has quit IRC17:41
*** JAHoagie has joined #openstack-security17:51
*** bpokorny_ has joined #openstack-security17:59
*** bpokorn__ has joined #openstack-security17:59
*** tkelsey has quit IRC18:00
*** bpokorny has quit IRC18:01
*** jamielennox|away is now known as jamielennox18:01
*** bpokorny_ has quit IRC18:03
*** bdpayne has quit IRC18:08
*** dwyde has quit IRC18:10
*** JAHoagie has quit IRC18:15
*** subscope_ has joined #openstack-security18:16
*** bpokorny has joined #openstack-security18:17
*** bpokorn__ has quit IRC18:20
*** dwyde has joined #openstack-security18:40
*** JAHoagie has joined #openstack-security19:09
*** subscope_ has quit IRC19:22
*** openstackgerrit has quit IRC19:22
*** openstackgerrit has joined #openstack-security19:22
*** subscope_ has joined #openstack-security19:37
*** dwyde has quit IRC19:44
*** tkelsey has joined #openstack-security19:46
*** tkelsey has quit IRC19:50
*** dwyde has joined #openstack-security19:59
*** bdpayne has joined #openstack-security20:19
*** subscop__ has joined #openstack-security20:20
*** subscope_ has quit IRC20:23
*** subscop__ has quit IRC20:25
*** bdpayne has quit IRC20:54
*** bpokorny_ has joined #openstack-security21:11
*** bpokorny has quit IRC21:14
*** openstackgerrit has quit IRC21:37
*** openstackgerrit has joined #openstack-security21:37
*** dwyde has quit IRC21:45
*** tkelsey has joined #openstack-security21:47
*** singleth1nk has joined #openstack-security21:48
*** tkelsey has quit IRC21:51
*** singlethink has quit IRC21:53
*** edmondsw has quit IRC22:02
*** bdpayne has joined #openstack-security22:03
*** dwyde has joined #openstack-security22:05
*** singleth1nk has quit IRC22:05
*** bpokorny has joined #openstack-security22:17
*** sicarie has left #openstack-security22:20
*** bpokorny_ has quit IRC22:21
*** bknudson has quit IRC22:33
*** jeanmanuel has joined #openstack-security22:42
*** dwyde has quit IRC22:42
jeanmanuelhola perros muertos22:42
*** jeanmanuel has left #openstack-security22:43
*** bknudson has joined #openstack-security22:56
*** bknudson1 has joined #openstack-security22:58
*** voodookid has quit IRC22:59
*** tmcpeak has quit IRC22:59
*** bknudson has quit IRC23:00
*** dave-mccowan has quit IRC23:04
*** tmcpeak has joined #openstack-security23:21
*** bdpayne has quit IRC23:49
*** bdpayne has joined #openstack-security23:51
*** bdpayne has quit IRC23:52
*** bdpayne has joined #openstack-security23:53
« Monday, 2015-04-06 Index Wednesday, 2015-04-08 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!