Friday, 2016-02-12

« Thursday, 2016-02-11 Index Saturday, 2016-02-13 »
*** tmcpeak has quit IRC00:02
*** tmcpeak has joined #openstack-security00:02
*** jamielennox is now known as jamielennox|away00:10
*** zul__ has joined #openstack-security00:13
*** zul_ has quit IRC00:15
*** salv-orlando has quit IRC00:25
*** diazjf1 has quit IRC00:34
*** browne has quit IRC00:50
*** browne has joined #openstack-security00:52
openstackgerritKATO Tomoyuki proposed openstack/security-doc: Change SSL to TLS at checklist  https://review.openstack.org/26470701:11
*** browne has quit IRC01:20
*** hyakuhei has joined #openstack-security01:24
*** browne has joined #openstack-security01:28
*** avarner_ has quit IRC01:30
*** ccneill has quit IRC01:32
*** jamielennox|away is now known as jamielennox01:34
*** bpokorny has quit IRC01:47
*** hyakuhei has quit IRC01:52
*** edmondsw has quit IRC01:57
*** shakamunyi has joined #openstack-security01:58
*** shakamunyi has quit IRC02:12
*** shakamunyi has joined #openstack-security02:31
*** browne has quit IRC02:33
*** jhfeng has joined #openstack-security02:42
*** diazjf has joined #openstack-security02:48
*** salv-orlando has joined #openstack-security02:53
*** dave-mccowan has quit IRC02:54
*** salv-orlando has quit IRC02:55
*** hyakuhei has joined #openstack-security02:57
*** jhfeng has quit IRC03:00
*** diazjf has quit IRC03:01
*** hyakuhei has quit IRC03:20
*** jhfeng has joined #openstack-security03:26
*** hyakuhei has joined #openstack-security03:33
*** dave-mccowan has joined #openstack-security03:35
*** browne has joined #openstack-security03:45
*** jhfeng has quit IRC03:49
*** hyakuhei has quit IRC04:19
*** hyakuhei has joined #openstack-security04:21
*** dave-mccowan has quit IRC04:28
*** jhfeng has joined #openstack-security04:35
*** salv-orlando has joined #openstack-security04:37
*** salv-orlando has quit IRC04:42
*** browne has quit IRC05:08
*** jhfeng has quit IRC05:08
*** browne has joined #openstack-security05:08
*** hockeynut has quit IRC05:10
*** hockeynut has joined #openstack-security05:12
*** winterIsLeaving has quit IRC05:29
openstackgerritMerged openstack/security-doc: Change SSL to TLS at checklist  https://review.openstack.org/26470705:48
*** salv-orlando has joined #openstack-security05:54
openstackgerritStanislaw Pitucha proposed openstack/anchor: Add the PKCS11-based signing backend  https://review.openstack.org/27776505:56
*** salv-orlando has quit IRC05:56
openstackgerritVikram Hosakote proposed openstack/security-doc: Security guide implicitly suggests that DHCP agent is mandatory  https://review.openstack.org/27938806:15
*** hyakuhei has quit IRC06:54
*** salv-orlando has joined #openstack-security07:12
openstackgerritKATO Tomoyuki proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27906907:22
*** salv-orlando has quit IRC07:23
*** austin987 has quit IRC07:26
*** lmiccini|away is now known as lmiccini07:27
*** austin987 has joined #openstack-security07:27
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27906907:37
*** Vivek has quit IRC07:51
*** Vivek has joined #openstack-security08:02
*** shohel has joined #openstack-security08:05
*** shohel has quit IRC08:06
*** salv-orlando has joined #openstack-security08:28
*** salv-orlando has quit IRC08:35
*** browne has quit IRC08:44
*** ig0r_ has quit IRC08:45
*** salv-orlando has joined #openstack-security09:05
*** tmcpeak has quit IRC09:08
*** salv-orlando has quit IRC09:52
openstackgerritTim Kelsey proposed openstack/bandit: old blacklist imports refered to 'qualnames' as 'imports'  https://review.openstack.org/27944309:53
openstackgerritTim Kelsey proposed openstack/bandit: old blacklist imports refered to 'qualnames' as 'imports'  https://review.openstack.org/27944309:54
*** salv-orlando has joined #openstack-security10:03
*** ig0r_ has joined #openstack-security10:13
openstackgerritMerged openstack/bandit: Add test to compare help output with readme  https://review.openstack.org/27891810:15
*** openstackgerrit has quit IRC10:32
*** openstackgerrit has joined #openstack-security10:32
*** salv-orl_ has joined #openstack-security10:41
*** salv-orlando has quit IRC10:45
*** ig0r_ has quit IRC11:48
*** ig0r_ has joined #openstack-security11:49
*** dave-mccowan has joined #openstack-security12:08
*** edmondsw has joined #openstack-security12:40
*** salv-orl_ has quit IRC12:58
*** ninag has joined #openstack-security13:40
*** edmondsw has quit IRC13:53
*** edmondsw has joined #openstack-security13:54
*** hyakuhei has joined #openstack-security14:07
*** salv-orlando has joined #openstack-security14:13
*** localloop127 has joined #openstack-security14:20
*** mvaldes has joined #openstack-security14:26
openstackgerritMerged openstack/security-doc: Security guide implicitly suggests that DHCP agent is mandatory  https://review.openstack.org/27938814:34
*** jmckind has joined #openstack-security14:39
*** jmckind_ has joined #openstack-security14:40
*** cjschaef has joined #openstack-security14:41
*** jmckind has quit IRC14:44
*** austin987 has quit IRC14:47
*** dave-mccowan has quit IRC15:01
openstackgerritTim Kelsey proposed openstack/bandit: Adding docs for new style blacklist imports  https://review.openstack.org/27958015:03
*** edtubill has joined #openstack-security15:04
*** jhfeng has joined #openstack-security15:15
*** dave-mccowan has joined #openstack-security15:17
*** rtmorgan has quit IRC15:26
*** rtmorgan has joined #openstack-security15:26
*** nkinder has joined #openstack-security15:28
*** avarner_ has joined #openstack-security15:29
*** tmcpeak has joined #openstack-security15:31
openstackgerritTim Kelsey proposed openstack/bandit: Adding docs for new style blacklist imports  https://review.openstack.org/27958015:44
openstackgerritDevon Boatwright proposed openstack/security-doc: Updated outdated link in Introduction  https://review.openstack.org/27961215:44
*** austin987 has joined #openstack-security15:45
*** sigmavirus24_awa is now known as sigmavirus2415:48
*** avarner has joined #openstack-security15:49
*** avarner_ has quit IRC15:53
*** jmckind has joined #openstack-security15:55
*** jmckind__ has joined #openstack-security15:57
*** jmckind_ has quit IRC15:59
*** salv-orlando has quit IRC16:01
*** jmckind has quit IRC16:01
*** localloo1 has joined #openstack-security16:02
*** localloop127 has quit IRC16:05
*** localloop127 has joined #openstack-security16:06
*** avarner_ has joined #openstack-security16:07
*** avarner has quit IRC16:07
*** localloo1 has quit IRC16:07
openstackgerritMerged openstack/bandit: old blacklist imports refered to 'qualnames' as 'imports'  https://review.openstack.org/27944316:16
*** ig0r_ has quit IRC16:20
*** avarner has joined #openstack-security16:20
*** avarner_ has quit IRC16:21
*** bpokorny has joined #openstack-security16:21
openstackgerritHenry Yamauchi proposed openstack/syntribos: Check if user A can access user B's resource  https://review.openstack.org/27876416:22
*** rtmorgan has quit IRC16:32
*** rtmorgan has joined #openstack-security16:33
*** browne has joined #openstack-security16:36
*** localloop127 has quit IRC16:40
*** ccneill has joined #openstack-security16:40
*** localloop127 has joined #openstack-security16:41
*** ccneill_ has joined #openstack-security16:47
*** localloop127 has quit IRC16:49
*** ccneill has quit IRC16:50
*** localloop127 has joined #openstack-security16:51
*** avarner has quit IRC17:09
*** localloop127 has quit IRC17:09
*** avarner_ has joined #openstack-security17:09
*** localloop127 has joined #openstack-security17:10
*** ccneill_ has quit IRC17:14
*** openstackgerrit has quit IRC17:17
*** openstackgerrit has joined #openstack-security17:17
*** browne has quit IRC17:20
*** browne has joined #openstack-security17:59
*** salv-orlando has joined #openstack-security18:16
*** hyakuhei has quit IRC18:19
*** hyakuhei has joined #openstack-security18:21
*** openstack has joined #openstack-security18:25
*** winterIsLeaving has joined #openstack-security18:30
*** mvaldes has quit IRC18:43
brownetmcpeak: ping?18:46
tmcpeakbrowne: yo, what's up18:46
*** openstackgerrit has quit IRC18:47
*** openstackgerrit has joined #openstack-security18:47
browneso looking at httplib recently.  seems newer versions of python do do cert verify and hostname validation18:47
brownehttps://www.python.org/dev/peps/pep-0476/18:47
browneso i'm wondering how i should change bandit to handle this case where it varies by python version18:48
tmcpeakhmm18:48
tmcpeakso add python version checking into the plugin?18:49
tmcpeakmaybe we should just lower the severity and change the message to say "it depends on your python interpreter version"18:49
brownei could, but the python version scanned by bandit is not necessarily the same what the operators run openstack on18:49
tmcpeakjust because somebody is running with a certain version of python doesn't mean they will in production, etc18:49
tmcpeakyeah18:49
browneyeah, i'm leaning the "lower the severity" way too18:50
tmcpeakactually it would probably be lower confidence18:50
tmcpeaktechnically18:50
tmcpeakhmm18:50
tmcpeakwell18:50
tmcpeakthat's gray area18:50
browneyeah, i think lower confidence, but not sure blacklist can do lower18:50
tmcpeakwe're sure we found something but not sure if it's an issue for you18:50
tmcpeakyou're right, I don't think we do have lower confidence in blacklist18:51
tmcpeakseverity works18:51
brownemaybe just an update to the issue text18:51
tmcpeakwhat is it, currently high?18:51
brownei think all blacklist are fixed to high confidence.  not sure what default severity is18:52
brownelet me check18:52
tmcpeakcool18:52
tmcpeakI'm pulling out my hair on unicode18:52
tmcpeakrun Bandit against this file in Keystone:18:52
browneha, yeah18:52
browneunicode and py27 vs py34 must be fun18:52
tmcpeakkeystone/keystone/tests/unit/test_backend_ldap.py18:52
tmcpeakfor a good time18:52
browneha, i'll try it later. just tell bknudson to remove the file18:53
tmcpeakthe question is what's the best way to handle it, we obviously need to get it encoded safely somewhere, I'm leaning towards upstream (in the code) as much as possible18:53
tmcpeakyeah, or that18:53
tmcpeakbknudson_: can we plz just not do unicode anymore?18:53
tmcpeakI should write a pep for that18:54
tmcpeakno unicode18:54
brownedefault severity of a blacklist issue is medium18:56
browneconfidence is fixed at high18:56
*** localloo1 has joined #openstack-security18:58
tmcpeakok18:59
tmcpeakchange message is fine18:59
*** localloop127 has quit IRC19:01
*** localloo1 has quit IRC19:02
*** localloo1 has joined #openstack-security19:04
*** mvaldes has joined #openstack-security19:13
*** localloop127 has joined #openstack-security19:17
*** localloo1 has quit IRC19:19
*** bpokorny_ has joined #openstack-security19:27
*** bpokorny_ has quit IRC19:29
*** bpokorny_ has joined #openstack-security19:30
*** bpokorny has quit IRC19:31
*** mvaldes has quit IRC19:33
*** mvaldes has joined #openstack-security19:45
*** edmondsw has quit IRC19:46
*** bpokorny_ has quit IRC19:46
*** bpokorny has joined #openstack-security19:47
*** bpokorny has quit IRC19:50
*** bpokorny has joined #openstack-security19:51
*** winterIsLeaving is now known as winterIsBees19:51
*** winterIsBees is now known as winterIsLeaving19:51
*** bpokorny has quit IRC19:52
*** browne has quit IRC19:52
*** bpokorny has joined #openstack-security19:53
*** ccneill_ has joined #openstack-security20:02
openstackgerritTravis McPeak proposed openstack/bandit: Fixing bug with output chars in formatters  https://review.openstack.org/27976720:14
*** KriSstaL has joined #openstack-security20:16
KriSstaLhola20:18
tmcpeakplz20:18
KriSstaL???20:19
*** ccneill_ has quit IRC20:19
tmcpeakplease do not hola me20:20
tmcpeakelmiko likes holas20:20
*** localloop127 has quit IRC20:20
KriSstaLno hablo imgles20:21
KriSstaLingles20:21
tmcpeakme neither20:21
elmikoyo hablo imgles20:21
elmiko=D20:21
KriSstaLen serio?20:21
*** edmondsw has joined #openstack-security20:21
elmikois that like "fo'rizzle" ?20:21
tmcpeakloool20:22
KriSstaLjajaajja esta bien20:22
tmcpeak:@20:22
KriSstaLmmm cuantos aƱos tienen?20:23
elmikono hablo :/20:23
KriSstaL:-(20:23
tmcpeakaproximadamente seis20:24
KriSstaL-.- si claro!20:24
tmcpeakno hablo20:24
KriSstaLJODANC entoncs20:25
elmikoi'm so lost20:26
tmcpeaksigmavirus24, chair6: got time to check this out?20:26
tmcpeakhttps://review.openstack.org/27976720:26
openstackgerritTravis McPeak proposed openstack/bandit: Adding JSON output for baseline results  https://review.openstack.org/27879420:28
tmcpeaksigmavirus24, chair6: annnndd this: https://review.openstack.org/27879420:28
*** localloop127 has joined #openstack-security20:30
*** KriSstaL has left #openstack-security20:30
sigmavirus24tmcpeak: you told them you were six years old?20:34
tmcpeakyeah man20:34
tmcpeakthey didn't believe me though20:34
sigmavirus246 year olds don't like security20:34
tmcpeakI'm sure some do20:34
sigmavirus24That's going to be one disappointed kid20:34
tmcpeakthe real go-getters20:34
sigmavirus24What adult would let their kid get into security?20:35
tmcpeak6 year olds don't like openstack though20:35
tmcpeakthat's for sure20:35
tmcpeakgood point20:35
sigmavirus24That kid's going to have such a bad time20:35
tmcpeaklol, it is kind of dream crushing work, isn't it20:35
elmikothis conversation rules20:36
tmcpeak"oh look, I made a mistake, live and learn?" nope, totally owned20:36
*** ccneill_ has joined #openstack-security20:44
*** dave-mccowan has quit IRC20:48
openstackgerritTravis McPeak proposed openstack/bandit: Adding JSON output for baseline results  https://review.openstack.org/27879421:02
*** salv-orlando has quit IRC21:03
*** hyakuhei has quit IRC21:05
*** ccneill__ has joined #openstack-security21:06
*** ccneill_ has quit IRC21:08
*** hyakuhei has joined #openstack-security21:15
tmcpeaksigmavirus24: I don't know why I'm going to pick on you here, but you know things21:15
tmcpeakwhat's the deal with this: https://review.openstack.org/#/c/279767/221:15
tmcpeaklike why is Zuul not giving me status on the review21:15
tmcpeakwhy did that fail, etc21:16
tmcpeaktox -e linters definitely passes locally for me21:16
tmcpeakI'll go ask in infra21:18
sigmavirus24sorry tmcpeak21:19
sigmavirus24looking now21:19
tmcpeaksigmavirus24: awesome, thank you21:19
sigmavirus24tmcpeak: http://logs.openstack.org/67/279767/2/check/gate-bandit-pep8/fe63feb/ says it can't find bandit-baseline21:19
sigmavirus24tmcpeak: looking at http://logs.openstack.org/67/279767/2/check/gate-bandit-pep8/fe63feb/console.html#_2016-02-12_21_06_50_128 I don't see bandit21:22
sigmavirus24Did we change the tox.ini recently and not include bandit in it?21:22
sigmavirus24oh tmcpeak21:22
sigmavirus24look at the difference between linters and pep8: https://github.com/openstack/bandit/blob/master/tox.ini#L2621:22
sigmavirus24we say "usedevelop = False" which won't auto install the project for us21:23
sigmavirus24So we need to add to the dependencies21:23
sigmavirus24one sec tmcpeak21:23
tmcpeaksigmavirus24: awesome, I thought you'd be a good person to check with :D21:23
*** winterIsLeaving has quit IRC21:24
openstackgerritIan Cordasco proposed openstack/bandit: Add bandit to pep8 dependencies  https://review.openstack.org/27980121:24
sigmavirus24tmcpeak: ^21:25
sigmavirus24Sorry that I wasn't paying attention to irc21:25
* sigmavirus24 goes back to not paying attention to IRC :P21:25
tmcpeaksigmavirus24: awesome, thank you21:25
sigmavirus24quite welcome21:26
*** jhfeng has quit IRC21:38
*** jhfeng has joined #openstack-security21:38
tmcpeaksigmavirus24: looks a little wonky21:39
tmcpeakit literally failed all the things21:39
*** hyakuhei has quit IRC21:43
*** austin987 has quit IRC21:47
*** hyakuhei has joined #openstack-security21:56
sigmavirus24oh shit22:01
sigmavirus24I've seen this bug before22:01
sigmavirus24tmcpeak: that's a tox bug22:02
sigmavirus24one second22:02
tmcpeakreally?22:02
tmcpeaksigmavirus24: I'm VERY glad you know about this stuf22:02
tmcpeakf22:02
tmcpeakI have NFI what I'm doing on that22:02
sigmavirus24So22:02
sigmavirus24tox is magic22:02
tmcpeakthought so22:02
tmcpeakalways felt like a special little butterfly to me22:03
openstackgerritIan Cordasco proposed openstack/bandit: Add bandit to pep8 dependencies  https://review.openstack.org/27980122:03
sigmavirus24^ should work22:03
*** austin987 has joined #openstack-security22:03
tmcpeakcool, if it passes I'll just +A since you know what you're doing and I do not22:03
*** cjschaef has quit IRC22:04
*** cjschaef has joined #openstack-security22:04
*** browne has joined #openstack-security22:06
*** austin987 has quit IRC22:13
*** localloop127 has quit IRC22:16
*** cjschaef has quit IRC22:20
*** ccneill__ is now known as ccneill22:24
*** hyakuhei has quit IRC22:27
*** hyakuhei has joined #openstack-security22:30
zbknudson_ dg__: keeping LDAP separate from Keystone in things like Killick is appreciated, there are definitely environments where those tools are useful which do not have Keystone.22:34
*** hyakuhei has quit IRC22:41
*** hyakuhei has joined #openstack-security22:43
*** edmondsw has quit IRC22:43
*** hyakuhei has quit IRC22:48
*** jhfeng has quit IRC22:55
*** mvaldes has quit IRC23:09
*** hyakuhei has joined #openstack-security23:12
*** jmckind__ has quit IRC23:12
*** sigmavirus24 is now known as sigmavirus24_awa23:22
*** ccneill has quit IRC23:27
*** hyakuhei has quit IRC23:32
*** markvoelker has quit IRC23:41
*** salv-orlando has joined #openstack-security23:44
*** salv-orlando has quit IRC23:53
« Thursday, 2016-02-11 Index Saturday, 2016-02-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!