Monday, 2015-04-27

« Sunday, 2015-04-26 Index Tuesday, 2015-04-28 »
openstackgerritMichael Simo proposed openstack/security-doc: Removed unneeded word from security-guide  https://review.openstack.org/17762500:23
*** salv-orlando has joined #openstack-security00:43
*** salv-orlando has quit IRC00:50
*** vozcelik has joined #openstack-security01:15
*** sdake has joined #openstack-security01:32
*** sdake_ has joined #openstack-security01:48
*** sdake has quit IRC01:51
*** sdake_ has quit IRC02:35
*** salv-orlando has joined #openstack-security02:46
*** sdake has joined #openstack-security02:52
*** salv-orlando has quit IRC02:56
*** salv-orlando has joined #openstack-security03:02
*** salv-orlando has quit IRC03:04
*** sdake_ has joined #openstack-security03:28
*** sdake has quit IRC03:32
*** dave-mccowan has quit IRC03:56
*** BOYSODOMY has joined #openstack-security04:56
*** BOYSODOMY has quit IRC05:04
*** browne has joined #openstack-security05:09
*** subscope_ has joined #openstack-security05:30
*** subscope_ has quit IRC05:31
*** sweston has quit IRC05:44
*** sweston has joined #openstack-security05:45
*** salv-orlando has joined #openstack-security05:46
*** salv-orlando has quit IRC05:54
*** sdake_ has quit IRC05:56
*** sdake has joined #openstack-security05:56
*** salv-orlando has joined #openstack-security06:42
*** salv-orlando has quit IRC06:44
*** sdake has quit IRC06:58
*** browne has quit IRC07:20
*** markvoelker has joined #openstack-security07:26
*** markvoelker has quit IRC07:30
*** salv-orlando has joined #openstack-security07:36
*** sdake has joined #openstack-security07:42
*** sdake has quit IRC07:42
*** sdake has joined #openstack-security07:42
*** openstackgerrit has quit IRC08:13
*** openstackgerrit has joined #openstack-security08:16
*** markvoelker has joined #openstack-security08:27
*** markvoelker has quit IRC08:32
*** sdake_ has joined #openstack-security08:51
*** sdake has quit IRC08:55
*** sdake_ has quit IRC09:13
*** sdake has joined #openstack-security09:15
*** markvoelker has joined #openstack-security09:27
*** markvoelker has quit IRC09:36
*** markvoelker has joined #openstack-security10:28
*** markvoelker has quit IRC10:33
*** sdake has quit IRC10:41
*** sdake has joined #openstack-security10:52
*** tmcpeak has joined #openstack-security10:55
*** sdake has quit IRC11:10
*** salv-orlando has quit IRC11:23
*** markvoelker has joined #openstack-security11:29
*** markvoelker has quit IRC11:33
*** markvoelker has joined #openstack-security11:38
*** salv-orlando has joined #openstack-security11:45
*** openstackgerrit has quit IRC12:06
*** openstackgerrit has joined #openstack-security12:06
*** bknudson has quit IRC12:31
*** openstackgerrit has quit IRC12:37
*** openstackgerrit has joined #openstack-security12:37
*** bknudson has joined #openstack-security12:56
*** elmiko_ is now known as elmiko13:09
*** openstackgerrit has quit IRC13:21
*** openstackgerrit has joined #openstack-security13:22
*** singlethink has joined #openstack-security13:24
*** dwyde has joined #openstack-security13:46
*** edmondsw has joined #openstack-security14:02
*** gmurphy_ is now known as gmurphy14:02
*** vozcelik has quit IRC14:15
*** voodookid has joined #openstack-security14:16
*** salv-orl_ has joined #openstack-security14:22
*** salv-orlando has quit IRC14:23
openstackgerrittianzichen306 proposed openstack/security-doc: commit 503993fc9e08c5e8014c468d94f47547549dd7a6   Author: tianzichen306   Date:   Mon Apr 27 22:20:46 2015  https://review.openstack.org/17778814:24
openstackgerrittianzichen306 proposed openstack/security-doc: Sentences order adjustment of networking services security best practices  https://review.openstack.org/17778814:27
openstackgerrittianzichen306 proposed openstack/security-doc: Sentences order adjustment of networking services security best practices  https://review.openstack.org/17778814:28
*** nkinder has joined #openstack-security14:33
*** v4s has quit IRC14:34
*** browne has joined #openstack-security14:38
*** voodookid has quit IRC14:39
*** dave-mccowan has joined #openstack-security14:40
*** v4s has joined #openstack-security14:45
*** tkelsey has joined #openstack-security14:52
*** salv-orl_ has quit IRC14:54
*** voodookid has joined #openstack-security15:00
*** dwyde has quit IRC15:01
*** dwyde has joined #openstack-security15:06
openstackgerrittianzichen306 proposed openstack/security-doc: Fix grammar errors of networking services security best practices  https://review.openstack.org/17781315:10
*** salv-orlando has joined #openstack-security15:16
*** browne has quit IRC15:41
*** sdake has joined #openstack-security15:47
*** salv-orlando has quit IRC15:53
*** browne has joined #openstack-security15:58
*** salv-orlando has joined #openstack-security16:09
*** salv-orl_ has joined #openstack-security16:10
*** salv-orlando has quit IRC16:13
*** singlethink has quit IRC16:28
openstackgerritMerged stackforge/bandit: Add XML vulnerability checking  https://review.openstack.org/17640416:31
*** bpb has joined #openstack-security16:32
*** Mike has joined #openstack-security17:00
*** Mike is now known as Guest4197617:00
*** shelleea007 has joined #openstack-security17:00
*** sicarie has joined #openstack-security17:00
* sicarie waves17:01
shelleea007O/17:01
*** pdesai has joined #openstack-security17:02
sicariehello!17:03
pdesaihi17:03
sicarieso elmiko has a conflict today - I think we’re ready17:04
pdesaii see17:04
sicarieWe have two for triage17:04
sicariehttps://bugs.launchpad.net/openstack-manuals/+bug/144675617:04
openstackLaunchpad bug 1446756 in openstack-manuals "Integrity life-cycle in OpenStack Security Guide - current" [Undecided,New]17:04
sicarieI thought inotify would be good to contribut to this section17:05
sicarieCurrently dmverity is listed, but no discussion of how it works17:05
sicarietripwire could also be mentioned there, again with discussion of hasing and how those are stored/checked and some of the performance tradeoffs17:05
pdesaiyup sounds good17:06
shelleea007that should be a good tasking17:06
pdesailet me check the integrity life cycle ch.17:06
sicarieCool, so I was thinking low severity17:06
shelleea007i concur17:07
sicariehttp://docs.openstack.org/security-guide/content/integrity-life-cycle.html17:07
sicarieThe section in question is at the bottom of the page17:07
pdesaiaah17:07
pdesaiyeah definitely,  we should add some discussion on dmverity and how it works17:08
sicarieyep, i think a bit more on samhain/tripwire/dmverity/inotify would be good17:08
sicariepdesai: any thoughts on severity?17:09
pdesaimed, i think we can have a seperate subsection under fim17:10
sicarieshelleea007: you said low, any thoughts on medium?17:10
sicarie(or any thoughts from lurkers?)17:11
pdesaisomething like, option 1) Samhain option 2) DMVerity  option 3) inotify17:11
sicariepdesai: +117:11
sicarieCool, I’ll set this at medium until shelleea007 gets back17:12
pdesai+117:12
sicarieThe second one is hers: https://bugs.launchpad.net/openstack-manuals/+bug/144775917:12
openstackLaunchpad bug 1447759 in openstack-manuals "Networking services in OpenStack Security Guide - Incomplete Sentences" [Undecided,Incomplete]17:12
shelleea007well, if you want to seperate this out then maybe it could be considered low, however i THINK IT IS FAIRLY IMPORTANT17:13
shelleea007blech my typo is on today17:13
sicarieshelleea007: the file integrity management stuff, or the networking services?17:13
shelleea007FIM stuff17:13
shelleea007thats a huge thing for compliance17:14
shelleea007especially in the PCI realm17:14
sicarieso the current section already references Samhain and dm-verity17:14
shelleea007yeah... but those dont really report out well for what I am talking about17:14
sicarieas well as giving (some) guidance on what to monitor with them17:14
sicarieand for some reason I’m thinking it was set on low17:15
sicarieYes, it was set to medium priority17:15
shelleea007so I think it would be beneficial in setting it to medium based on consideration that there is some focus on compliance17:15
sicariesorry - i’ve only had one cup of coffee :)17:15
sicariegreat17:15
sicarieshelleea007: do you want to give an overview of the networking services bug?17:15
shelleea007the one you just pasted?17:15
sicarieyes17:16
shelleea007I see that aNDREAS asked why it was considered to have incomplete sentences17:16
sicarieI’m inclined to agree - while these are complex ideas, I can make sense of the statements17:16
shelleea007I believe that the 1st set beginning with the term "however" appears to be incomplete17:17
sicarieThough I’m all about clarity - I definitely think they could be explained a bit more17:17
sicariequote coming17:17
sicarieIf nodes that run either neutron-l3-agent or neutron-dhcp-agent use overlapping IP addresses, those nodes must use Linux network namespaces. By default, the DHCP and L3 agents use Linux network namespaces. However, if the host does not support these namespaces, run the DHCP and L3 agents on different hosts.17:17
shelleea007yeah17:17
shelleea007I still think the two could be concatenated togeter17:18
sicariei can see that17:18
sicariepdesai?17:18
shelleea007I kind of hate when people begin a sentence with "however"17:18
pdesai+1 to quotes17:19
sicarieMy understanding is that is not against a grammatical rule, though17:19
shelleea007i know its not, its a personal preference17:19
sicarieHehe, I think we should stick to grammatical ruling for bugs - though I can definitely see one being opened to clarify these points a bit more17:20
Guest41976So I think the consensus is that it needs to be rewritten then.17:20
sicarieGuest41976: you’re for re-writing?17:20
Guest41976No, shelleea007 seems to have a handle on it17:21
sicarieSo my preference is that a new bug be opened for clarity, this be marked ‘Invalid’ as it’s grammatically correct17:21
pdesai+117:22
shelleea007ok, or I can just modify that bug17:22
sicarieGuest41976: apologies, not looking for volunteers, but asking if you thought it should be rewritten by someone17:22
sicarieshelleea007: not sure what convention on that is, I think a new bug would be easier to track17:22
Guest41976that it is being discussed here back and forth should be evidence enough that it needs to be rewritten17:22
shelleea007hmmm, i didnt know there was a convention. I change bugs often, usually before they are reviewed17:23
sicarieshelleea007: cool, then go for it17:23
shelleea007ok so, change it to be re-written for clarity17:24
sicarie+117:24
sicarieAnd then we have a set of new changes that just came in17:25
sicarieLooks like elmiko hit one, and Andreas hit another, but I still see a few with no reviews17:25
sicarie(including none by me!)17:26
sicarieSo lots of links coming - eyes are appreciated on:17:26
sicariehttps://review.openstack.org/#/c/174727/17:26
sicariehttps://review.openstack.org/#/c/177622/17:26
*** salv-orlando has joined #openstack-security17:26
sicariehttps://review.openstack.org/#/c/177624/17:26
sicariehttps://review.openstack.org/#/c/177625/17:26
sicariehttps://review.openstack.org/#/c/177623/17:26
sicariehttps://review.openstack.org/#/c/177788/17:26
sicarieFor the benefit of anyone who hasn’t watched the project17:26
sicariepdesai: hows the barbican section/chapter coming? Anything we can help with?17:27
*** salv-orl_ has quit IRC17:27
pdesaii talked to Jason, who is going to be writing that ch., there is no progress yet, but he is coming to summit and would like to join us for our mini design session17:28
sicarieawesome17:28
shelleea007ok i rewrote the task description17:28
shelleea007https://bugs.launchpad.net/openstack-manuals/+bug/144775917:28
openstackLaunchpad bug 1447759 in openstack-manuals "Networking services in OpenStack Security Guide - Rewrite for clarity" [Undecided,Incomplete]17:28
sicarieI think we have our space confirmed, so I hope to get the guide session publicized17:28
sicarieshelleea007: +117:29
sicarieI’d say medium severity?17:29
sicarieWell, we hit the half hour mark, so I’m going to drop this here: https://etherpad.openstack.org/p/sec-guide-case-studies17:30
shelleea007ok17:30
sicariePlease feel free to grab a section or edit the ones marked as ready17:30
pdesaiyup17:30
shelleea007works for me17:30
sicarieGuest41976: please feel free to take a look at the compliance section!17:31
shelleea007i will work on that since I now have both of the sections I took earlier completed17:31
sicarieawesome, thanks17:31
sicarieanything else?17:31
pdesainope, nothing from myside17:31
sicarieawesome, sorry for going over, and thanks for all the good work!17:32
Guest41976I'll try as time allows17:33
Guest41976work is being work17:33
sicariethanks!17:33
pdesaino worries, thanks everyone17:33
*** Guest41976 has quit IRC17:33
*** sicarie has quit IRC17:33
*** sdake_ has joined #openstack-security17:34
*** shelleea007 has quit IRC17:34
*** sdake has quit IRC17:36
*** pdesai has quit IRC17:38
*** sdake has joined #openstack-security17:45
*** sdake_ has quit IRC17:48
openstackgerritMichael Simo proposed openstack/security-doc: Fix grammatical errors in security-guide  https://review.openstack.org/17762418:08
openstackgerritMichael Simo proposed openstack/security-doc: Fix grammatical errors in security-guide  https://review.openstack.org/17762218:59
*** singlethink has joined #openstack-security19:01
openstackgerritMichael Simo proposed openstack/security-doc: Fix unnecessary capitalization in security-guide  https://review.openstack.org/17762319:02
openstackgerritMichael Simo proposed openstack/security-doc: Removed unneeded word from security-guide  https://review.openstack.org/17762519:03
*** sdake_ has joined #openstack-security19:22
*** sdake has quit IRC19:26
*** sdake_ has quit IRC19:35
*** sdake has joined #openstack-security19:35
*** singlethink has quit IRC20:05
*** singlethink has joined #openstack-security20:08
*** tkelsey has quit IRC21:00
*** singlethink has quit IRC21:05
*** sdake_ has joined #openstack-security21:07
*** sdake has quit IRC21:11
*** sdake has joined #openstack-security21:15
*** sdake_ has quit IRC21:19
*** dave-mccowan has quit IRC21:30
*** dave-mccowan has joined #openstack-security21:31
*** sdake_ has joined #openstack-security21:46
*** dave-mccowan has quit IRC21:47
*** dave-mccowan has joined #openstack-security21:48
*** sdake has quit IRC21:49
*** yeison has joined #openstack-security21:50
yeisonhola q hay :D21:52
yeison.(21:52
*** yeison1 has joined #openstack-security21:54
*** yeison has quit IRC21:54
*** yeison1 has quit IRC22:02
*** yeison has joined #openstack-security22:02
*** yeison has left #openstack-security22:02
*** bknudson has quit IRC22:03
*** salv-orlando has quit IRC22:09
*** salv-orlando has joined #openstack-security22:29
*** bpb has quit IRC22:34
*** dwyde has quit IRC22:51
*** sdake_ has quit IRC22:57
*** voodookid has quit IRC23:03
« Sunday, 2015-04-26 Index Tuesday, 2015-04-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!