Friday, 2015-06-12

« Thursday, 2015-06-11 Index Saturday, 2015-06-13 »
*** markvoelker has joined #openstack-security00:12
*** markvoelker has quit IRC00:17
openstackgerritStanislaw Pitucha proposed stackforge/anchor: Force absolute imports rather than relative ones  https://review.openstack.org/19087700:34
*** sigmavirus24 is now known as sigmavirus24_awa00:39
*** salv-orlando has joined #openstack-security00:55
*** salv-orlando has quit IRC01:01
*** browne has quit IRC01:23
*** bpokorny has quit IRC01:25
openstackgerritStanislaw Pitucha proposed stackforge/anchor: Add explicit decoding to asn1 data  https://review.openstack.org/19089001:27
openstackgerritStanislaw Pitucha proposed stackforge/anchor: Explicit long is not needed  https://review.openstack.org/19089201:37
*** sigmavirus24_awa is now known as sigmavirus2401:43
openstackgerritStanislaw Pitucha proposed stackforge/anchor: Explicit long is not needed  https://review.openstack.org/19089201:47
openstackgerritStanislaw Pitucha proposed stackforge/anchor: Add explicit decoding to asn1 data  https://review.openstack.org/19089001:47
*** markvoelker has joined #openstack-security02:01
*** markvoelker has quit IRC02:07
*** browne has joined #openstack-security02:07
*** bknudson has quit IRC02:10
*** salv-orlando has joined #openstack-security02:36
*** salv-orlando has quit IRC02:41
*** tmcpeak has quit IRC03:14
*** sigmavirus24 is now known as sigmavirus24_awa03:18
*** markvoelker has joined #openstack-security03:50
*** markvoelker has quit IRC03:55
*** alex_klimov has quit IRC04:38
*** salv-orlando has joined #openstack-security04:50
*** salv-orlando has quit IRC04:53
*** salv-orlando has joined #openstack-security05:03
*** hyakuhei has quit IRC05:39
*** markvoelker has joined #openstack-security05:39
*** hyakuhei has joined #openstack-security05:43
*** markvoelker has quit IRC05:44
*** zz_naotok has quit IRC05:54
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/19049106:01
*** sdake has quit IRC06:08
*** shohel has joined #openstack-security06:14
*** shohel has quit IRC06:19
*** shohel has joined #openstack-security06:34
*** browne has quit IRC06:53
*** markvoelker has joined #openstack-security07:28
*** markvoelker has quit IRC07:33
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/19097308:32
*** markvoelker has joined #openstack-security09:16
*** markvoelker has quit IRC09:21
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/19097309:50
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/19049109:51
*** hyakuhei has quit IRC10:08
*** hyakuhei1 has joined #openstack-security10:08
*** hyakuhei has joined #openstack-security10:33
*** hyakuhei1 has quit IRC10:33
*** hyakuhei has quit IRC10:39
*** hyakuhei has joined #openstack-security10:46
*** jian5397 has joined #openstack-security11:38
*** markvoelker has joined #openstack-security11:50
*** shohel has quit IRC12:04
*** shohel has joined #openstack-security12:04
*** shohel has quit IRC12:11
*** bknudson has joined #openstack-security12:25
*** jian5397 has quit IRC12:26
*** shohel has joined #openstack-security12:27
*** salv-orl_ has joined #openstack-security12:54
*** salv-orlando has quit IRC12:54
*** shohel has quit IRC12:56
*** shohel has joined #openstack-security12:58
*** singlethink has joined #openstack-security13:00
*** shohel has quit IRC13:06
*** hyakuhei1 has joined #openstack-security13:14
*** hyakuhei has quit IRC13:15
*** tmcpeak has joined #openstack-security13:17
*** shohel has joined #openstack-security13:18
*** sdake has joined #openstack-security13:21
*** nkinder__ has quit IRC13:23
*** localloo1 has joined #openstack-security13:50
*** singleth_ has joined #openstack-security13:58
*** sigmavirus24_awa is now known as sigmavirus2414:01
*** singlethink has quit IRC14:01
*** localloo1 has quit IRC14:02
*** jian5397 has joined #openstack-security14:09
*** shohel has quit IRC14:10
*** browne has joined #openstack-security14:11
*** shohel has joined #openstack-security14:15
*** nkinder__ has joined #openstack-security14:20
*** singleth_ has quit IRC14:26
*** shohel has quit IRC14:35
*** hyakuhei1 has quit IRC14:37
*** hyakuhei has joined #openstack-security14:38
*** singlethink has joined #openstack-security14:41
*** salv-orl_ has quit IRC14:47
*** dwyde has joined #openstack-security14:59
*** sdake_ has joined #openstack-security15:05
*** sdake has quit IRC15:09
*** sdake has joined #openstack-security15:10
*** salv-orlando has joined #openstack-security15:14
*** sdake_ has quit IRC15:14
*** bpokorny has joined #openstack-security15:16
*** singlethink has quit IRC15:34
openstackgerritjanonymous proposed openstack/security-doc: [security-guide]Change to generalized term database.  https://review.openstack.org/19111915:41
*** shohel has joined #openstack-security15:50
*** kutija has joined #openstack-security15:51
*** kutija_ has quit IRC15:55
*** shohel has quit IRC15:56
*** sdake_ has joined #openstack-security16:12
*** sdake has quit IRC16:16
*** shohel has joined #openstack-security16:23
*** singlethink has joined #openstack-security16:36
*** browne has quit IRC16:43
*** PupUser2beeb1 has joined #openstack-security16:50
PupUser2beeb1hello16:50
sigmavirus24hi PupUser2beeb116:50
PupUser2beeb1how are you16:50
sigmavirus24not bad. yourself?16:50
PupUser2beeb1exactly16:52
PupUser2beeb1where are you from16:52
sigmavirus24Why do you ask?16:52
PupUser2beeb1i wondereded16:53
PupUser2beeb1muhabbet olsun be aga16:56
*** dwyde has quit IRC17:00
sigmavirus24gmurphy: within the context of https://review.openstack.org/#/c/189537/, would we publish an OSSN? If so, when would it be published? And would it be okay if I authored it?17:02
*** salv-orl_ has joined #openstack-security17:08
*** salv-orlando has quit IRC17:11
PupUser2beeb1hi17:18
PupUser2beeb1does they speak turkish17:18
* sigmavirus24 does not speak turkish but can not say whether other people here do or do not speak turkish17:20
*** browne has joined #openstack-security17:20
*** salv-orlando has joined #openstack-security17:25
*** salv-orl_ has quit IRC17:28
*** dwyde has joined #openstack-security17:33
*** PupUser2beeb1 has quit IRC17:33
*** shohel has quit IRC17:33
*** hyakuhei has quit IRC17:34
tmcpeaklol17:40
tmcpeak(sigh)17:41
tmcpeaksigmavirus24: gmurphy is currently in Aussie-land17:41
tmcpeakhis timezone is a little different ;)17:41
sigmavirus24Aha17:41
sigmavirus24That's fine17:41
* sigmavirus24 is just curious17:41
sigmavirus24The bug that the refactor is related to (which I need to add to the spec because I forgot there was one) is linked to a mega CVE for a bunch of services that insecurely talk to backends17:42
tmcpeaksigmavirus24: this looks like solid OSSN territory though17:42
tmcpeakand yeah, if you want to write it that would be awesome17:42
sigmavirus24tmcpeak: Yeah, especially since the Glance team is leaning towards insecure by default for the Liberty release17:42
sigmavirus24Which grinds my gears but upgrades are important too17:42
tmcpeaksigmavirus24: yep, insecure default warnings are one of the primary functions of OSSN17:42
sigmavirus24Cool17:43
tmcpeaksigmavirus24: so create a LP bug for it and assign to yourself?17:43
tmcpeakhttps://launchpad.net/ossn17:43
sigmavirus24Should I just mark the existing bug as affecting OSSN?17:43
tmcpeakahh, yeah, that's a good way to do it17:44
sigmavirus24Cool17:44
*** hyakuhei has joined #openstack-security17:45
nkinder__sigmavirus24: yeah, just adding 'ossn' as an affected project is the right way to do it17:51
sigmavirus24So... as for timing, what's the process?17:53
sigmavirus24This won't be part of anything until Liberty is released. Do I write the note and wait until Liberty before it's merged?17:53
* sigmavirus24 is new to all of this17:54
*** bpokorny_ has joined #openstack-security17:58
*** bpokorn__ has joined #openstack-security18:01
*** bpokorny has quit IRC18:02
*** bpokorny_ has quit IRC18:04
*** hyakuhei has quit IRC18:05
*** hyakuhei has joined #openstack-security18:05
*** sdake_ is now known as sdake18:34
*** bknudson has quit IRC18:39
*** sdake_ has joined #openstack-security19:18
*** sdake has quit IRC19:21
*** sdake_ is now known as sdake19:26
*** tmcpeak has quit IRC19:47
*** tmcpeak has joined #openstack-security19:59
tmcpeaksigmavirus24: interesting question, did you get an an answer?20:02
sigmavirus24nope20:02
tmcpeaknkinder__ is probably the one who would know20:02
sigmavirus24not urgent either obviously20:02
tmcpeaknkinder__ do we release notes for things that aren't an issue until Liberty?20:02
dstufftsigmavirus24: insecure defaults should be abolished from the world20:06
sigmavirus24dstufft: preaching to the choir20:06
*** redrobot has quit IRC20:07
sigmavirus24I'm tempted to point at Python 2.7.9 and such and be like "SEE! IT'S OKAY!" but I know someone, somewhere is going to throw a tantrum if I do that20:07
dstufft2.7.9-- I mean 2.820:08
sigmavirus24That said, the spec needs to be updated to reflect the final decision, e.g., "insecure during L with vocal warnings that M will be secure by default"20:08
*** redrobot has joined #openstack-security20:08
*** redrobot is now known as Guest6707420:08
nkinder__sigmavirus24: I think it's fine to release an OSSN before the L release actually lands20:23
nkinder__sigmavirus24: people might be deploying test environments with pre-release code20:24
tmcpeak++20:24
tmcpeakand yeah, dstufft - amen20:24
sigmavirus24cool20:24
sigmavirus24I'll work on that stuff this weekend20:24
tmcpeaksigmavirus24: awesome man!20:25
sigmavirus24Did everyone see https://securityblog.redhat.com/2015/06/10/the-hidden-costs-of-embargoes/ btw?20:31
sigmavirus24dstufft: 2.7.9̅20:45
*** bpokorn__ has quit IRC20:56
*** bpokorny has joined #openstack-security20:56
*** voodookid has joined #openstack-security20:59
*** edmondsw has joined #openstack-security21:14
*** edmondsw_ has joined #openstack-security21:27
*** sdake_ has joined #openstack-security21:36
*** edmondsw_ has quit IRC21:36
*** jian5397 has quit IRC21:38
*** sdake has quit IRC21:40
*** edmondsw has quit IRC21:40
*** nkinder__ has quit IRC21:42
*** sdake_ has quit IRC21:44
*** dwyde has quit IRC22:00
*** sdake has joined #openstack-security22:44
*** JAHoagie has joined #openstack-security22:50
*** sigmavirus24 is now known as sigmavirus24_awa22:54
*** JAHoagie has quit IRC23:01
*** singlethink has quit IRC23:03
*** voodookid has quit IRC23:07
*** salv-orlando has quit IRC23:08
*** tmcpeak has quit IRC23:14
*** openstackgerrit has quit IRC23:22
*** openstackgerrit has joined #openstack-security23:22
« Thursday, 2015-06-11 Index Saturday, 2015-06-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!