Thursday, 2015-06-25

« Wednesday, 2015-06-24 Index Friday, 2015-06-26 »
*** salv-orlando has joined #openstack-security00:05
*** nkinder has joined #openstack-security00:09
*** salv-orlando has quit IRC00:12
*** edmondsw has joined #openstack-security00:16
*** edmondsw_ has joined #openstack-security00:16
*** edmondsw_ has quit IRC00:17
*** salv-orlando has joined #openstack-security00:21
*** salv-orlando has quit IRC00:27
*** localloop127 has joined #openstack-security00:39
*** localloop127 has quit IRC00:45
*** edmondsw has quit IRC00:47
openstackgerritIan Cordasco proposed stackforge/bandit: Remove unnecessary code that should have been replaced by entry-points  https://review.openstack.org/19536700:49
openstackgerritIan Cordasco proposed stackforge/bandit: Remove unnecessary code that should have been replaced by entry-points  https://review.openstack.org/19536700:50
*** nkinder has quit IRC00:53
openstackgerritIan Cordasco proposed stackforge/bandit: Actually rely on entry-points for formatters  https://review.openstack.org/19536700:56
sigmavirus24tmcpeak: ^ should take care of that second issue you mentioned =P00:56
*** sigmavirus24 is now known as sigmavirus24_awa00:58
*** tmcpeak has quit IRC01:01
*** localloop127 has joined #openstack-security01:12
*** sdake has joined #openstack-security01:28
*** sdake_ has joined #openstack-security01:29
*** sdake has quit IRC01:33
*** dontalton has quit IRC01:56
*** bpokorny has quit IRC01:59
*** sdake has joined #openstack-security02:13
*** sdake_ has quit IRC02:17
*** salv-orl_ has joined #openstack-security02:29
*** nkinder has joined #openstack-security02:33
*** salv-orl_ has quit IRC02:34
*** dave-mccowan has quit IRC02:59
*** amit213 has quit IRC03:12
*** zul has quit IRC03:13
*** amit213 has joined #openstack-security03:13
*** zul has joined #openstack-security03:16
*** localloop127 has quit IRC03:28
*** dave-mccowan has joined #openstack-security03:37
*** dave-mcc_ has joined #openstack-security03:37
*** salv-orlando has joined #openstack-security04:41
*** salv-orlando has quit IRC04:47
*** markvoelker has quit IRC05:43
*** browne has quit IRC06:01
*** shohel has joined #openstack-security06:19
openstackgerritEmett Speer proposed openstack/security-doc: Conslidated many of the small sections.  https://review.openstack.org/18709206:30
*** markvoelker has joined #openstack-security06:43
*** markvoelker has quit IRC06:49
*** salv-orlando has joined #openstack-security06:54
*** salv-orlando has quit IRC06:56
*** salv-orlando has joined #openstack-security06:56
*** alex_klimov has joined #openstack-security08:03
*** markvoelker has joined #openstack-security08:32
*** markvoelker has quit IRC08:37
*** salv-orl_ has joined #openstack-security08:53
*** salv-orlando has quit IRC08:57
*** salv-orl_ has quit IRC08:58
*** salv-orlando has joined #openstack-security09:51
*** salv-orl_ has joined #openstack-security09:56
*** salv-orlando has quit IRC09:58
*** salv-orl_ has quit IRC09:59
*** salv-orlando has joined #openstack-security09:59
*** salv-orl_ has joined #openstack-security10:01
*** inderjeet has joined #openstack-security10:02
*** salv-orlando has quit IRC10:03
*** nkinder has quit IRC10:03
*** nkinder has joined #openstack-security10:03
*** inderjeet has left #openstack-security10:04
*** edmondsw has joined #openstack-security10:06
*** edmondsw has quit IRC10:06
*** edmondsw has joined #openstack-security10:07
*** markvoelker has joined #openstack-security10:21
*** markvoelker has quit IRC10:25
*** nkinder has quit IRC10:28
*** nkinder has joined #openstack-security10:47
*** sdake has quit IRC10:50
openstackgerritMerged stackforge/anchor: Bio mode needs to be passed as bytes  https://review.openstack.org/19490310:54
openstackgerritMerged stackforge/anchor: Make bio operations work with str and bytes  https://review.openstack.org/19490210:57
openstackgerritAndreas Jaeger proposed openstack/security-doc: Conslidated many of the small sections.  https://review.openstack.org/18709211:11
*** salv-orl_ has quit IRC11:14
*** markvoelker has joined #openstack-security11:37
*** markvoelker has quit IRC11:41
openstackgerritMerged stackforge/anchor: Use hex, not get_hex() in uuid  https://review.openstack.org/19490111:44
openstackgerritMerged stackforge/anchor: Use the right class for open file  https://review.openstack.org/19447311:45
*** salv-orlando has joined #openstack-security11:49
*** markvoelker has joined #openstack-security11:58
*** bknudson has joined #openstack-security12:19
openstackgerritMerged stackforge/anchor: Use range instead of xrange  https://review.openstack.org/19488712:39
*** sdake has joined #openstack-security12:56
*** elo has joined #openstack-security13:10
*** salv-orl_ has joined #openstack-security13:27
*** salv-orlando has quit IRC13:31
*** JAHoagie has joined #openstack-security13:41
*** tmcpeak has joined #openstack-security13:41
*** janonymous_ has joined #openstack-security13:42
*** JAHoagie has quit IRC13:45
*** JAHoagie has joined #openstack-security13:45
tmcpeaksigmavirus24: ahh, sweet14:17
*** JAHoagie has quit IRC14:20
*** localloop127 has joined #openstack-security14:21
*** localloo1 has joined #openstack-security14:26
*** localloop127 has quit IRC14:28
*** Deepika has joined #openstack-security14:34
*** Deepika has quit IRC14:38
*** deepika has joined #openstack-security14:38
*** voodookid has joined #openstack-security14:40
openstackgerritMerged openstack/security-doc: Conslidated many of the small sections.  https://review.openstack.org/18709214:44
*** browne has joined #openstack-security14:59
*** shohel has quit IRC15:00
*** shohel has joined #openstack-security15:03
*** deepika has quit IRC15:03
*** edmondsw has quit IRC15:16
*** alex_klimov has quit IRC15:20
*** alex_klimov has joined #openstack-security15:20
*** bpokorny has joined #openstack-security15:22
*** edmondsw has joined #openstack-security15:25
*** hyakuhei has joined #openstack-security15:44
*** alex_klimov has quit IRC15:50
*** sdake_ has joined #openstack-security15:50
*** tkelsey has joined #openstack-security15:50
*** sdake has quit IRC15:54
*** localloo1 has quit IRC16:01
*** localloo1 has joined #openstack-security16:03
openstackgerritMerged stackforge/bandit: Actually rely on entry-points for formatters  https://review.openstack.org/19536716:25
*** sdake_ is now known as sdake16:25
*** shohel1 has joined #openstack-security16:31
*** shohel has quit IRC16:34
*** shohel1 has quit IRC16:37
janonymous_Hi ,16:47
janonymous_Could someone help me on how to add bandit support16:48
tmcpeakjanonymous_: you'll want to follow the instructions on this page: https://wiki.openstack.org/wiki/Security/Projects/Bandit under the section "Gate Testing with Bandit"16:49
janonymous_To start with commits: 1) after adding in test-requirement.txt i hve to make a yaml file16:51
tmcpeakjanonymous_: yep, you can refer to the Keystone example to see what it should look like16:52
janonymous_tmcpeak : what are the dependencies of bandit16:56
tmcpeakjanonymous_ they're listed in the requirements file of Bandit16:57
janonymous_just wanted to ask that listing bandit in requirements will add all it's dependencies .. ryt ?17:00
*** deepika has joined #openstack-security17:01
tmcpeakyes17:01
*** jian5397 has joined #openstack-security17:01
*** jian5397 is now known as michaelxin17:01
*** shohel has joined #openstack-security17:05
*** sdake_ has joined #openstack-security17:20
*** sdake has quit IRC17:24
*** sdake_ is now known as sdake17:29
*** jhfeng has joined #openstack-security17:39
*** localloo1 has quit IRC17:43
*** localloo1 has joined #openstack-security17:46
elmikosicarie: i don't think i'll make it after the meeting, sick as a dog and need to get back to bed =(17:53
sicarieelmiko: no worries, I'll follow up with you17:56
elmikothanks17:56
Davieytmcpeak: Breaking releases expose new sec' issues for projects, right?18:00
brownenot so much breaking, just a new release of bandit that may be better or worse at finding issues18:01
bknudsonnew tests in bandit need to be opt-in18:01
Davieybknudson: ^^18:01
browneany new issue found would break keystone gate18:01
brownebut i guess keystone would just fix it, so never mind18:01
tmcpeakso with profiles, new stuff in Bandit is opt in18:01
DavieyWhich is why it might need to be capped release to start with, unless keystone is compliant with bandit git/1.0 already18:01
tmcpeakyou don't get it unless you add it to your profile18:02
tmcpeak1.0?18:02
Davieythe forthcoming release?18:02
tmcpeakoh, that will be a 0.11 :)18:02
*** dontalton has joined #openstack-security18:02
tmcpeakwe're far from 1.018:02
brownetmcpeak: take for example hardcoded_password18:02
DavieyI wonder, should bandit have a non-voting check job against keystone?18:03
browneits an existing plugin, but doesn't get tested because wordlist/default-passwords is not shipped with the bandit binary18:03
tmcpeakit's not just that, it isn't included in the gate profiles18:03
* Daviey needs to dash. o/18:04
tmcpeakDaviey: ok cool18:04
bknudsonmaybe -infra would be fine with bandit having tests for the other projects18:04
tmcpeakthat's why we have profiles, so we can release things that aren't used in the gate18:04
tmcpeakbknudson: what do you mean?18:04
bknudsonhave a gate job in bandit that runs master against keystone master18:05
brownejust saying that if hardcoded_password is in a project's profile, and we fix bandit to finally ship wordlist/default-passwords with it, then that project would potentially get a bandit issue raised18:05
bknudsonand the rest of the projects18:05
bknudsonthat would be pretty neat18:06
*** tmcpeak1 has joined #openstack-security18:06
*** fletcher_ has joined #openstack-security18:06
brownethat would be nice18:06
fletcher_tmcpeak: halo18:07
tmcpeak1fletcher_: hey'18:07
tmcpeak1we're doing midcycle the first week in Sept and in Seattle18:07
tmcpeak1can you make it?18:07
tmcpeak1https://etherpad.openstack.org/p/security-liberty-midcycle18:08
*** tmcpeak has quit IRC18:09
fletcher_Hmm, I think so18:10
fletcher_only thing I can think is appsec18:10
fletcher_lemme check real quick18:10
fletcher_yah, i can make that18:11
fletcher_i'll update etherpad18:11
tmcpeak1fletcher_ awesome!18:11
fletcher_thanks for looping me in18:12
tmcpeak1for sure, looking forward to seeing you there18:13
fletcher_yah, should be fun. we have a new office there too, so it'll be fun to see that as well18:15
hyakuheigood plan18:15
*** bknudson has left #openstack-security18:29
*** bknudson has joined #openstack-security18:29
*** tkelsey has quit IRC18:35
*** jhfeng has quit IRC18:42
*** dontalton has quit IRC18:44
*** rbrooker has joined #openstack-security18:52
*** fletcher_ has quit IRC18:54
*** singlethink has joined #openstack-security19:09
*** singleth_ has joined #openstack-security19:10
*** bpokorny has quit IRC19:11
*** singlethink has quit IRC19:13
*** localloo1 is now known as localloop12719:25
*** janonymous_ has quit IRC19:56
*** michaelxin has quit IRC20:01
*** jian5397 has joined #openstack-security20:02
*** jian5397 has quit IRC20:16
*** alex_klimov has joined #openstack-security20:17
*** jian5397 has joined #openstack-security20:18
*** sdake_ has joined #openstack-security20:24
*** sdake has quit IRC20:28
*** sdake_ is now known as sdake20:29
*** tmcpeak1 is now known as tmcpeak20:29
*** jian5397 has quit IRC21:32
*** localloop127 has quit IRC21:35
*** shohel has quit IRC21:39
*** jian5397 has joined #openstack-security21:42
*** singleth_ has quit IRC21:42
*** deepika has quit IRC21:53
*** jian5397 has quit IRC22:06
openstackgerritJamie Finnigan proposed stackforge/bandit: Address multiline Str node lineno inaccuracies  https://review.openstack.org/19576122:10
*** edmondsw has quit IRC22:27
*** dontalton has joined #openstack-security22:32
*** alex_klimov has quit IRC22:35
openstackgerritMichael Simo proposed openstack/security-doc: Fix malformed sentence in security-guide  https://review.openstack.org/19288022:41
*** tmcpeak1 has joined #openstack-security22:45
openstackgerritJamie Finnigan proposed stackforge/bandit: Address multiline node lineno inaccuracies  https://review.openstack.org/19576122:45
*** dontalton has quit IRC22:45
*** tmcpeak has quit IRC22:47
openstackgerritJamie Finnigan proposed stackforge/bandit: Address multiline node lineno inaccuracies  https://review.openstack.org/19576122:47
openstackgerritJamie Finnigan proposed stackforge/bandit: Address multiline node lineno inaccuracies  https://review.openstack.org/19576122:53
*** sdake_ has joined #openstack-security23:00
*** sdake has quit IRC23:04
*** sdake has joined #openstack-security23:07
*** sdake_ has quit IRC23:11
*** voodookid has quit IRC23:11
*** jian5397 has joined #openstack-security23:18
*** rbrooker has quit IRC23:22
*** jian5397 has quit IRC23:23
*** markvoelker has quit IRC23:24
*** jian5397 has joined #openstack-security23:24
*** sicarie has quit IRC23:31
*** sdake has quit IRC23:54
*** sdake has joined #openstack-security23:55
« Wednesday, 2015-06-24 Index Friday, 2015-06-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!