Tuesday, 2017-01-24

« Monday, 2017-01-23 Index Wednesday, 2017-01-25 »
*** hongbin has quit IRC00:04
*** xin9972 has quit IRC00:38
*** browne has quit IRC00:56
*** jamielennox is now known as jamielennox|away01:02
*** jamielennox|away is now known as jamielennox01:17
*** mdong has quit IRC01:18
*** markvoelker has joined #openstack-security01:27
*** knangia has quit IRC02:40
*** xin9972 has joined #openstack-security03:13
*** jerrygb_ has quit IRC04:02
*** jerrygb has joined #openstack-security04:09
*** jerrygb has quit IRC04:10
*** xin9972 has quit IRC04:30
*** diazjf has joined #openstack-security04:49
*** diazjf has quit IRC04:50
*** dikonoor has joined #openstack-security04:59
*** dikonoor has quit IRC05:09
*** jerrygb has joined #openstack-security05:11
*** jerrygb has quit IRC05:16
*** dikonoor has joined #openstack-security05:19
*** jerrygb has joined #openstack-security07:00
*** jerrygb has quit IRC07:06
*** tesseract has joined #openstack-security07:37
*** shohel has joined #openstack-security07:49
*** openstackgerrit has quit IRC08:03
*** pcaruana has joined #openstack-security08:45
*** jerrygb has joined #openstack-security09:02
*** jerrygb has quit IRC09:08
*** Serlex has joined #openstack-security09:10
*** jerrygb has joined #openstack-security11:04
*** jerrygb has quit IRC11:09
*** openstackgerrit has joined #openstack-security11:13
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/42458611:13
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/42458611:20
*** dikonoo has joined #openstack-security11:22
*** dikonoor has quit IRC11:26
*** dikonoo has quit IRC12:03
*** gouthamr has joined #openstack-security12:13
*** catintheroof has joined #openstack-security12:16
*** shohel has quit IRC12:34
*** liverpooler has joined #openstack-security13:02
*** jerrygb has joined #openstack-security13:05
*** jerrygb has quit IRC13:10
*** AlexeyAbashkin has joined #openstack-security13:16
*** jmckind has joined #openstack-security13:18
*** dave-mccowan has joined #openstack-security13:18
*** strattao_ has joined #openstack-security13:26
*** gouthamr has quit IRC13:32
*** flvszch50 has joined #openstack-security13:35
*** gouthamr has joined #openstack-security14:15
*** pbourke has joined #openstack-security14:31
pbourkehi, does anyone know once a CVE is patched how soon after packages are published to pypi?14:32
*** jerrygb has joined #openstack-security14:44
*** xin9972 has joined #openstack-security14:47
*** jerrygb_ has joined #openstack-security14:47
*** gouthamr_ has joined #openstack-security14:49
*** jerrygb__ has joined #openstack-security14:49
*** gouthamr has quit IRC14:50
*** jerrygb has quit IRC14:51
*** gouthamr_ is now known as gouthamr14:51
*** jerrygb_ has quit IRC14:52
*** jerrygb has joined #openstack-security15:01
*** jerrygb__ has quit IRC15:05
*** hongbin has joined #openstack-security15:08
*** gouthamr has quit IRC15:13
*** markvoelker has quit IRC15:18
*** jmckind has quit IRC15:21
*** markvoelker has joined #openstack-security15:21
*** knangia has joined #openstack-security15:25
*** edtubill has joined #openstack-security15:36
*** dwyde has joined #openstack-security16:00
*** ccneill has joined #openstack-security16:04
openstackgerritMerged openstack/syntribos: Updated from global requirements  https://review.openstack.org/42462616:06
*** jerrygb has quit IRC16:08
*** jerrygb has joined #openstack-security16:09
openstackgerritMerged openstack/syntribos: Removing payloads from the repo  https://review.openstack.org/42431516:10
*** pcaruana has quit IRC16:16
sigmaviruspbourke: you mean publicly disclosed?16:26
pbourkesigmavirus: yes, i.e. once its disclosed and patch merged in gerrit16:26
sigmaviruspbourke: the answer is *it depends on the team*16:27
pbourkemakes sense16:27
sigmavirusGenerally speaking, as long as it's merged there's no pressure to release16:27
sigmavirusGiven that most CVEs occur in services, the answer is *never*16:27
sigmavirusBecause the services aren't published to PyPI16:27
pbourkewhat about something like oslo16:27
sigmavirusoslo tends to release every week of a cycle before the non-client library freeze16:28
sigmavirus(which was last week)16:28
sigmavirus(the freeze took effect last week)16:29
pbourkeguess Im just trying to feel out best practices here, a lot of places will build the services themselves so its easy to apply a patch and rebuild. Not so many will build every oslo lib listed in openstack/requirements16:29
sigmaviruspbourke: so the other thing is that a CVE would need to be backported to stable/ocata and a patch release requested for that16:31
sigmavirusbut yeah, some places do that (openstack-ansible builds the world from scratch)16:31
pbourkethanks sigmavirus16:33
sigmavirushappy to help pbourke16:33
*** sicarie has joined #openstack-security16:41
*** diazjf has joined #openstack-security16:45
*** mdong has joined #openstack-security16:54
*** browne has joined #openstack-security16:55
*** dwyde has quit IRC17:09
*** dwyde has joined #openstack-security17:10
*** dave-mccowan has quit IRC17:11
*** diazjf has quit IRC17:28
*** Serlex has quit IRC17:41
*** jmckind has joined #openstack-security17:43
*** dwyde has quit IRC17:49
*** jmckind_ has joined #openstack-security17:50
*** dave-mccowan has joined #openstack-security17:51
*** jmckind has quit IRC17:51
*** strattao_ has quit IRC18:01
*** strattao_ has joined #openstack-security18:02
openstackgerritAlexandra Settle proposed openstack/security-doc: Updating Object Storage data encryption content  https://review.openstack.org/42137518:14
*** dwyde has joined #openstack-security18:18
*** chyka has joined #openstack-security18:20
*** dave-mccowan has quit IRC18:30
*** tesseract has quit IRC18:39
*** linuxac has joined #openstack-security18:43
*** linuxac has left #openstack-security18:43
*** diazjf has joined #openstack-security18:51
*** aber has joined #openstack-security18:55
aberhallo18:55
openstackgerritMerged openstack/security-doc: Updating Object Storage data encryption content  https://review.openstack.org/42137518:57
*** dave-mccowan has joined #openstack-security18:58
*** aber has left #openstack-security18:59
openstackgerritMichael Glaser proposed openstack/security-doc: Networking architecture of Security guide implies direct DB conn.  https://review.openstack.org/42480119:02
*** jmckind has joined #openstack-security19:24
*** jmckind_ has quit IRC19:27
*** jmckind has quit IRC19:28
*** datadog327 has joined #openstack-security19:28
*** jmckind_ has joined #openstack-security19:34
*** jmckind_ has quit IRC19:35
openstackgerritMerged openstack/syntribos: Updated pylint rules  https://review.openstack.org/42433019:37
*** jmckind has joined #openstack-security19:38
openstackgerritMichael Glaser proposed openstack/security-doc: Networking architecture of Security guide implies direct DB conn.  https://review.openstack.org/42480119:48
*** diazjf has quit IRC19:54
*** diazjf has joined #openstack-security19:57
*** jmckind has quit IRC20:02
*** jmckind has joined #openstack-security20:04
*** xin9972 has quit IRC20:05
*** jmckind has quit IRC20:08
*** jmckind has joined #openstack-security20:09
*** jmckind has quit IRC20:14
*** jmckind has joined #openstack-security20:14
*** jmckind_ has joined #openstack-security20:21
*** jmckind has quit IRC20:23
*** diazjf has quit IRC20:23
*** jmckind_ has quit IRC20:30
*** jmckind has joined #openstack-security20:37
*** ccneill has quit IRC20:39
*** ccneill has joined #openstack-security20:40
*** diazjf has joined #openstack-security20:40
*** ccneill has quit IRC20:48
*** diazjf has quit IRC20:55
*** jerrygb_ has joined #openstack-security21:01
*** jerrygb has quit IRC21:03
*** jerrygb_ has quit IRC21:04
*** dave-mccowan has quit IRC21:10
*** jmckind_ has joined #openstack-security21:23
*** jmckind has quit IRC21:25
*** catintheroof has quit IRC21:35
*** catintheroof has joined #openstack-security21:35
*** catintheroof has quit IRC21:35
*** jmckind has joined #openstack-security21:39
*** jmckind_ has quit IRC21:40
*** codfection has joined #openstack-security21:55
*** jmckind has quit IRC22:00
*** dwyde has quit IRC22:06
*** datadog327 has quit IRC22:15
*** xin9972 has joined #openstack-security22:33
*** xin9972 has quit IRC22:34
*** codfection has quit IRC22:51
*** strattao_ has quit IRC22:55
*** strattao_ has joined #openstack-security23:01
openstackgerritMichael Dong proposed openstack/syntribos: Added support for meta variable JSON files  https://review.openstack.org/41141523:09
*** mdong has quit IRC23:11
*** mdong has joined #openstack-security23:11
openstackgerritMichael Dong proposed openstack/syntribos: Added support for meta variable JSON files  https://review.openstack.org/41141523:13
*** edtubill has quit IRC23:15
*** strattao_ has quit IRC23:23
*** dave-mccowan has joined #openstack-security23:33
*** mdong has quit IRC23:42
« Monday, 2017-01-23 Index Wednesday, 2017-01-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!