Thursday, 2017-02-16

« Wednesday, 2017-02-15 Index Friday, 2017-02-17 »
*** dwyde has quit IRC00:04
*** browne has joined #openstack-security00:18
*** hongbin has quit IRC00:33
*** dave-mccowan has joined #openstack-security00:57
*** liujiong has joined #openstack-security01:11
*** browne has quit IRC01:13
*** browne has joined #openstack-security01:16
*** dave-mccowan has quit IRC01:23
*** browne has quit IRC01:36
*** salv-orlando has joined #openstack-security01:47
*** salv-orlando has quit IRC01:52
*** dave-mccowan has joined #openstack-security01:57
*** mdav7 has quit IRC03:04
*** mdong has quit IRC03:07
*** mdong has joined #openstack-security03:07
*** gouthamr has quit IRC03:44
*** salv-orlando has joined #openstack-security03:48
*** salv-orlando has quit IRC03:53
*** dave-mccowan has quit IRC04:19
*** nkinder has joined #openstack-security04:26
*** knangia has quit IRC04:40
*** jerrygb has quit IRC04:41
*** dikonoor has joined #openstack-security05:12
*** salv-orlando has joined #openstack-security05:28
*** salv-orlando has quit IRC05:33
*** dikonoor has quit IRC05:39
*** salv-orlando has joined #openstack-security05:53
*** dikonoor has joined #openstack-security05:57
*** salv-orl_ has joined #openstack-security06:04
*** salv-orlando has quit IRC06:07
*** gatuus has quit IRC06:18
*** rcernin has joined #openstack-security07:03
*** ashcrack has joined #openstack-security07:12
*** tesseract has joined #openstack-security07:13
*** vinaypotluri has quit IRC07:18
*** vinaypotluri has joined #openstack-security07:20
*** shohel has joined #openstack-security07:54
*** pcaruana has joined #openstack-security08:14
*** gatuus_ has joined #openstack-security08:19
*** gatuus has joined #openstack-security08:19
*** Guest33433 has joined #openstack-security08:20
*** pcaruana has quit IRC08:20
*** pcaruana has joined #openstack-security08:22
*** d0ugal has joined #openstack-security08:23
*** Serlex has joined #openstack-security08:29
*** Guest33433 has quit IRC08:35
*** mdong has quit IRC09:00
*** mdong_ has joined #openstack-security09:00
*** mdong_ has quit IRC09:02
*** openstackgerrit has quit IRC09:32
*** mdong has joined #openstack-security10:23
*** liujiong has quit IRC10:34
*** shohel has quit IRC10:43
*** gatuus_ has quit IRC10:47
*** gatuus has quit IRC10:47
*** dikonoor has quit IRC10:58
*** shohel has joined #openstack-security11:25
*** dikonoor has joined #openstack-security11:26
*** dikonoor has quit IRC12:00
*** salv-orlando has joined #openstack-security12:04
*** dave-mccowan has joined #openstack-security12:05
*** salv-orl_ has quit IRC12:07
*** catintheroof has joined #openstack-security12:14
*** dikonoor has joined #openstack-security12:36
*** jerrygb has joined #openstack-security12:42
*** jerrygb has quit IRC12:42
*** jerrygb has joined #openstack-security12:43
*** strigazi has joined #openstack-security12:58
*** gouthamr has joined #openstack-security13:14
*** dave-mccowan has quit IRC13:19
*** catintheroof has quit IRC13:20
*** Serlex has quit IRC13:36
*** salv-orlando has quit IRC13:36
*** fujinono has joined #openstack-security13:37
*** gouthamr has quit IRC13:42
*** gouthamr has joined #openstack-security13:43
*** gatuus has joined #openstack-security14:02
*** gatuus_ has joined #openstack-security14:02
*** fujinono has left #openstack-security14:09
*** gatuus_ has quit IRC14:15
*** gatuus has quit IRC14:15
*** liverpooler has joined #openstack-security14:23
*** Serlex has joined #openstack-security14:33
*** hongbin has joined #openstack-security14:48
strigazihi there, I'm Spyros from the magnum team. We need to include a patch for a cve on ocata but the release is today. Is there time to merge the patch today? Otherwise, I guess we need to backport14:50
sigmavirusstrigazi: you should be talking to #openstack-release14:52
sigmavirusstrigazi: we would help write an OSSN/OSSA and review the patch14:52
sigmavirusBut it sounds like you don't need either, just release guidance14:52
*** dave-mccowan has joined #openstack-security14:54
strigaziI'll post my  question there again, thanks14:55
strigazisigmavirus I have one more question. afaik the VMT team is notified for the cve. When is the patch going to land? I'm a bit confused15:04
strigazion master, i'm not talking about the release15:05
sigmavirusstrigazi: the patch should be developed on the launchpad bug and approved by security cores. After that point, on the disclosure date, it is proposed to all affected branches15:05
sigmavirusThis is all documented in the VMT process docs15:05
strigaziI read it bit I'm still a little lost. Thanks15:06
sigmavirusstrigazi: did that make sense to you?15:07
strigazisigmavirus sort of, I don't see any security reviewers in our bug though.15:11
sigmavirusstrigazi: is the VMT subscribed to it?15:11
sigmavirusDo you see that team explicitly added to the bug?15:11
strigazino15:12
sigmavirusIf not, it's plausible they're not aware or involved and that confirms my suspicion that you're not actually covered by the VMT process15:12
sigmavirusYour governance tag determines if you're participating iirc15:12
strigaziWe don't have that tag15:15
strigazisigmavirus In that case how do we push the patch?15:16
sigmavirusstrigazi: so do you have a CVE ID for the bug?15:17
strigaziyes15:17
sigmavirusSo if you're team is *confident* that the bug is fixed, you can disclose whenever you'd like. At the time of disclosure you immediately propose the fix to all affected branches and have cores (and stable cores) ready to fast track the approval15:18
sigmavirusI'd then advise that you propose releases for all stable branches as soon as they're merged15:18
strigazisigmavirus meaning we push through gerrit?15:20
sigmavirusNot sure what you're asking strigazi15:20
strigaziAt the moment we have reviewed the patch on launchpad, my question is: Do we need to push a review to gerrit?15:24
strigazisigmavirus, At the moment we have reviewed the patch on launchpad, my question is: Do we need to push a review to gerrit?15:24
*** knangia has joined #openstack-security15:26
*** ashcrack has quit IRC15:27
*** edtubill has joined #openstack-security15:28
sigmavirusstrigazi: as soon as you push the patch to gerrit, the bug must become public15:30
sigmavirusThere is no private review system on gerrit for this15:30
*** faizy has joined #openstack-security15:45
strigazisigmavirus Since magnum is not covered by the VMT process we push to gerrit and we fast-track approve?15:53
sigmavirusstrigazi: assuming those cores who would approve were allowed to review it ahead of time, yes15:53
sigmavirusI don't think you should force cores to approve something they haven't reviewed15:53
sigmavirusBut it's best for your users if people dont' hold up the change15:53
strigazisigmavirus only cores that reviewed the patch will vote, (including me, it's not me who implemented the patch)15:55
sigmavirusstrigazi: then go ahead15:55
sigmavirusstrigazi: may as well add the "OSSN" project so we can help write up a description here15:55
*** dwyde has joined #openstack-security15:59
strigazisigmavirus to the bug?16:00
*** salv-orlando has joined #openstack-security16:00
sigmavirusyes16:00
strigaziI did16:01
strigaziI jsut did16:01
strigaziI just did :)16:01
*** rcernin has quit IRC16:03
*** shohel has quit IRC16:07
*** pcaruana has quit IRC16:11
sigmavirusGreat :)16:11
sigmavirusstrigazi: so I think you've got all the bases covered16:11
*** tesseract has quit IRC16:14
*** faizy has quit IRC16:15
strigazicool, we'll tag today and merge the patch in question tomorrow16:16
strigazisigmavirus cool, we'll tag today and merge the patch in question tomorrow16:17
*** gatuus has joined #openstack-security16:27
*** gatuus_ has joined #openstack-security16:27
*** browne has joined #openstack-security16:54
*** nkinder has quit IRC16:57
vinaypotluriDo we have a security meeting today ?17:03
dave-mccowani think sigmavirus was going to chair?17:04
unrahulI think sigmavirus  was going to chair todays meeting ryt17:04
brownei'm wonderng the same17:04
unrahulas hyakuhei  is not available17:04
knangiayes17:04
*** aasthad has joined #openstack-security17:17
unrahul:) that was a short meeting17:31
*** browne has quit IRC17:41
*** chyka has joined #openstack-security17:57
*** dwyde has quit IRC17:59
*** salv-orl_ has joined #openstack-security18:04
*** salv-orlando has quit IRC18:07
*** browne has joined #openstack-security18:07
browneHi folks.  If you use the Sublime IDE, there's now an official bandit linter18:08
brownehttps://github.com/SublimeLinter/SublimeLinter-bandit18:08
*** ashcrack has joined #openstack-security18:16
*** browne has quit IRC18:29
*** Serlex has quit IRC18:39
*** ashcrack has quit IRC18:43
*** dwyde has joined #openstack-security18:49
*** edtubill has quit IRC19:30
*** abhi89 has joined #openstack-security19:34
*** dikonoor has quit IRC19:52
*** liverpooler has quit IRC20:12
*** salv-orl_ has quit IRC20:16
*** salv-orlando has joined #openstack-security20:23
*** gouthamr has quit IRC20:24
*** abhi89 has quit IRC20:26
*** salv-orlando has quit IRC20:28
*** gouthamr has joined #openstack-security20:41
*** gatuus has quit IRC20:45
*** gatuus_ has quit IRC20:45
*** dave-mccowan has quit IRC21:21
*** salv-orlando has joined #openstack-security21:24
*** salv-orlando has quit IRC21:29
*** salv-orlando has joined #openstack-security21:38
*** jerrygb has quit IRC21:41
*** codfection has joined #openstack-security21:58
*** bknudson has left #openstack-security22:13
*** bknudson has joined #openstack-security22:14
*** dave-mccowan has joined #openstack-security22:14
*** gouthamr has quit IRC22:15
*** gatuus has joined #openstack-security22:35
*** gatuus_ has joined #openstack-security22:38
*** codfection has quit IRC22:38
*** ccneill has joined #openstack-security22:40
*** jamielennox is now known as jamielennox|away23:02
*** catintheroof has joined #openstack-security23:02
*** dave-mccowan has quit IRC23:06
*** dwyde has quit IRC23:08
*** jamielennox|away is now known as jamielennox23:14
*** dwyde has joined #openstack-security23:14
*** dwyde has quit IRC23:17
*** salv-orlando has quit IRC23:24
*** mdong has quit IRC23:56
*** mdong has joined #openstack-security23:57
« Wednesday, 2017-02-15 Index Friday, 2017-02-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!