*** dwyde has quit IRC | 00:04 | |
*** browne has joined #openstack-security | 00:18 | |
*** hongbin has quit IRC | 00:33 | |
*** dave-mccowan has joined #openstack-security | 00:57 | |
*** liujiong has joined #openstack-security | 01:11 | |
*** browne has quit IRC | 01:13 | |
*** browne has joined #openstack-security | 01:16 | |
*** dave-mccowan has quit IRC | 01:23 | |
*** browne has quit IRC | 01:36 | |
*** salv-orlando has joined #openstack-security | 01:47 | |
*** salv-orlando has quit IRC | 01:52 | |
*** dave-mccowan has joined #openstack-security | 01:57 | |
*** mdav7 has quit IRC | 03:04 | |
*** mdong has quit IRC | 03:07 | |
*** mdong has joined #openstack-security | 03:07 | |
*** gouthamr has quit IRC | 03:44 | |
*** salv-orlando has joined #openstack-security | 03:48 | |
*** salv-orlando has quit IRC | 03:53 | |
*** dave-mccowan has quit IRC | 04:19 | |
*** nkinder has joined #openstack-security | 04:26 | |
*** knangia has quit IRC | 04:40 | |
*** jerrygb has quit IRC | 04:41 | |
*** dikonoor has joined #openstack-security | 05:12 | |
*** salv-orlando has joined #openstack-security | 05:28 | |
*** salv-orlando has quit IRC | 05:33 | |
*** dikonoor has quit IRC | 05:39 | |
*** salv-orlando has joined #openstack-security | 05:53 | |
*** dikonoor has joined #openstack-security | 05:57 | |
*** salv-orl_ has joined #openstack-security | 06:04 | |
*** salv-orlando has quit IRC | 06:07 | |
*** gatuus has quit IRC | 06:18 | |
*** rcernin has joined #openstack-security | 07:03 | |
*** ashcrack has joined #openstack-security | 07:12 | |
*** tesseract has joined #openstack-security | 07:13 | |
*** vinaypotluri has quit IRC | 07:18 | |
*** vinaypotluri has joined #openstack-security | 07:20 | |
*** shohel has joined #openstack-security | 07:54 | |
*** pcaruana has joined #openstack-security | 08:14 | |
*** gatuus_ has joined #openstack-security | 08:19 | |
*** gatuus has joined #openstack-security | 08:19 | |
*** Guest33433 has joined #openstack-security | 08:20 | |
*** pcaruana has quit IRC | 08:20 | |
*** pcaruana has joined #openstack-security | 08:22 | |
*** d0ugal has joined #openstack-security | 08:23 | |
*** Serlex has joined #openstack-security | 08:29 | |
*** Guest33433 has quit IRC | 08:35 | |
*** mdong has quit IRC | 09:00 | |
*** mdong_ has joined #openstack-security | 09:00 | |
*** mdong_ has quit IRC | 09:02 | |
*** openstackgerrit has quit IRC | 09:32 | |
*** mdong has joined #openstack-security | 10:23 | |
*** liujiong has quit IRC | 10:34 | |
*** shohel has quit IRC | 10:43 | |
*** gatuus_ has quit IRC | 10:47 | |
*** gatuus has quit IRC | 10:47 | |
*** dikonoor has quit IRC | 10:58 | |
*** shohel has joined #openstack-security | 11:25 | |
*** dikonoor has joined #openstack-security | 11:26 | |
*** dikonoor has quit IRC | 12:00 | |
*** salv-orlando has joined #openstack-security | 12:04 | |
*** dave-mccowan has joined #openstack-security | 12:05 | |
*** salv-orl_ has quit IRC | 12:07 | |
*** catintheroof has joined #openstack-security | 12:14 | |
*** dikonoor has joined #openstack-security | 12:36 | |
*** jerrygb has joined #openstack-security | 12:42 | |
*** jerrygb has quit IRC | 12:42 | |
*** jerrygb has joined #openstack-security | 12:43 | |
*** strigazi has joined #openstack-security | 12:58 | |
*** gouthamr has joined #openstack-security | 13:14 | |
*** dave-mccowan has quit IRC | 13:19 | |
*** catintheroof has quit IRC | 13:20 | |
*** Serlex has quit IRC | 13:36 | |
*** salv-orlando has quit IRC | 13:36 | |
*** fujinono has joined #openstack-security | 13:37 | |
*** gouthamr has quit IRC | 13:42 | |
*** gouthamr has joined #openstack-security | 13:43 | |
*** gatuus has joined #openstack-security | 14:02 | |
*** gatuus_ has joined #openstack-security | 14:02 | |
*** fujinono has left #openstack-security | 14:09 | |
*** gatuus_ has quit IRC | 14:15 | |
*** gatuus has quit IRC | 14:15 | |
*** liverpooler has joined #openstack-security | 14:23 | |
*** Serlex has joined #openstack-security | 14:33 | |
*** hongbin has joined #openstack-security | 14:48 | |
strigazi | hi there, I'm Spyros from the magnum team. We need to include a patch for a cve on ocata but the release is today. Is there time to merge the patch today? Otherwise, I guess we need to backport | 14:50 |
---|---|---|
sigmavirus | strigazi: you should be talking to #openstack-release | 14:52 |
sigmavirus | strigazi: we would help write an OSSN/OSSA and review the patch | 14:52 |
sigmavirus | But it sounds like you don't need either, just release guidance | 14:52 |
*** dave-mccowan has joined #openstack-security | 14:54 | |
strigazi | I'll post my question there again, thanks | 14:55 |
strigazi | sigmavirus I have one more question. afaik the VMT team is notified for the cve. When is the patch going to land? I'm a bit confused | 15:04 |
strigazi | on master, i'm not talking about the release | 15:05 |
sigmavirus | strigazi: the patch should be developed on the launchpad bug and approved by security cores. After that point, on the disclosure date, it is proposed to all affected branches | 15:05 |
sigmavirus | This is all documented in the VMT process docs | 15:05 |
strigazi | I read it bit I'm still a little lost. Thanks | 15:06 |
sigmavirus | strigazi: did that make sense to you? | 15:07 |
strigazi | sigmavirus sort of, I don't see any security reviewers in our bug though. | 15:11 |
sigmavirus | strigazi: is the VMT subscribed to it? | 15:11 |
sigmavirus | Do you see that team explicitly added to the bug? | 15:11 |
strigazi | no | 15:12 |
sigmavirus | If not, it's plausible they're not aware or involved and that confirms my suspicion that you're not actually covered by the VMT process | 15:12 |
sigmavirus | Your governance tag determines if you're participating iirc | 15:12 |
strigazi | We don't have that tag | 15:15 |
strigazi | sigmavirus In that case how do we push the patch? | 15:16 |
sigmavirus | strigazi: so do you have a CVE ID for the bug? | 15:17 |
strigazi | yes | 15:17 |
sigmavirus | So if you're team is *confident* that the bug is fixed, you can disclose whenever you'd like. At the time of disclosure you immediately propose the fix to all affected branches and have cores (and stable cores) ready to fast track the approval | 15:18 |
sigmavirus | I'd then advise that you propose releases for all stable branches as soon as they're merged | 15:18 |
strigazi | sigmavirus meaning we push through gerrit? | 15:20 |
sigmavirus | Not sure what you're asking strigazi | 15:20 |
strigazi | At the moment we have reviewed the patch on launchpad, my question is: Do we need to push a review to gerrit? | 15:24 |
strigazi | sigmavirus, At the moment we have reviewed the patch on launchpad, my question is: Do we need to push a review to gerrit? | 15:24 |
*** knangia has joined #openstack-security | 15:26 | |
*** ashcrack has quit IRC | 15:27 | |
*** edtubill has joined #openstack-security | 15:28 | |
sigmavirus | strigazi: as soon as you push the patch to gerrit, the bug must become public | 15:30 |
sigmavirus | There is no private review system on gerrit for this | 15:30 |
*** faizy has joined #openstack-security | 15:45 | |
strigazi | sigmavirus Since magnum is not covered by the VMT process we push to gerrit and we fast-track approve? | 15:53 |
sigmavirus | strigazi: assuming those cores who would approve were allowed to review it ahead of time, yes | 15:53 |
sigmavirus | I don't think you should force cores to approve something they haven't reviewed | 15:53 |
sigmavirus | But it's best for your users if people dont' hold up the change | 15:53 |
strigazi | sigmavirus only cores that reviewed the patch will vote, (including me, it's not me who implemented the patch) | 15:55 |
sigmavirus | strigazi: then go ahead | 15:55 |
sigmavirus | strigazi: may as well add the "OSSN" project so we can help write up a description here | 15:55 |
*** dwyde has joined #openstack-security | 15:59 | |
strigazi | sigmavirus to the bug? | 16:00 |
*** salv-orlando has joined #openstack-security | 16:00 | |
sigmavirus | yes | 16:00 |
strigazi | I did | 16:01 |
strigazi | I jsut did | 16:01 |
strigazi | I just did :) | 16:01 |
*** rcernin has quit IRC | 16:03 | |
*** shohel has quit IRC | 16:07 | |
*** pcaruana has quit IRC | 16:11 | |
sigmavirus | Great :) | 16:11 |
sigmavirus | strigazi: so I think you've got all the bases covered | 16:11 |
*** tesseract has quit IRC | 16:14 | |
*** faizy has quit IRC | 16:15 | |
strigazi | cool, we'll tag today and merge the patch in question tomorrow | 16:16 |
strigazi | sigmavirus cool, we'll tag today and merge the patch in question tomorrow | 16:17 |
*** gatuus has joined #openstack-security | 16:27 | |
*** gatuus_ has joined #openstack-security | 16:27 | |
*** browne has joined #openstack-security | 16:54 | |
*** nkinder has quit IRC | 16:57 | |
vinaypotluri | Do we have a security meeting today ? | 17:03 |
dave-mccowan | i think sigmavirus was going to chair? | 17:04 |
unrahul | I think sigmavirus was going to chair todays meeting ryt | 17:04 |
browne | i'm wonderng the same | 17:04 |
unrahul | as hyakuhei is not available | 17:04 |
knangia | yes | 17:04 |
*** aasthad has joined #openstack-security | 17:17 | |
unrahul | :) that was a short meeting | 17:31 |
*** browne has quit IRC | 17:41 | |
*** chyka has joined #openstack-security | 17:57 | |
*** dwyde has quit IRC | 17:59 | |
*** salv-orl_ has joined #openstack-security | 18:04 | |
*** salv-orlando has quit IRC | 18:07 | |
*** browne has joined #openstack-security | 18:07 | |
browne | Hi folks. If you use the Sublime IDE, there's now an official bandit linter | 18:08 |
browne | https://github.com/SublimeLinter/SublimeLinter-bandit | 18:08 |
*** ashcrack has joined #openstack-security | 18:16 | |
*** browne has quit IRC | 18:29 | |
*** Serlex has quit IRC | 18:39 | |
*** ashcrack has quit IRC | 18:43 | |
*** dwyde has joined #openstack-security | 18:49 | |
*** edtubill has quit IRC | 19:30 | |
*** abhi89 has joined #openstack-security | 19:34 | |
*** dikonoor has quit IRC | 19:52 | |
*** liverpooler has quit IRC | 20:12 | |
*** salv-orl_ has quit IRC | 20:16 | |
*** salv-orlando has joined #openstack-security | 20:23 | |
*** gouthamr has quit IRC | 20:24 | |
*** abhi89 has quit IRC | 20:26 | |
*** salv-orlando has quit IRC | 20:28 | |
*** gouthamr has joined #openstack-security | 20:41 | |
*** gatuus has quit IRC | 20:45 | |
*** gatuus_ has quit IRC | 20:45 | |
*** dave-mccowan has quit IRC | 21:21 | |
*** salv-orlando has joined #openstack-security | 21:24 | |
*** salv-orlando has quit IRC | 21:29 | |
*** salv-orlando has joined #openstack-security | 21:38 | |
*** jerrygb has quit IRC | 21:41 | |
*** codfection has joined #openstack-security | 21:58 | |
*** bknudson has left #openstack-security | 22:13 | |
*** bknudson has joined #openstack-security | 22:14 | |
*** dave-mccowan has joined #openstack-security | 22:14 | |
*** gouthamr has quit IRC | 22:15 | |
*** gatuus has joined #openstack-security | 22:35 | |
*** gatuus_ has joined #openstack-security | 22:38 | |
*** codfection has quit IRC | 22:38 | |
*** ccneill has joined #openstack-security | 22:40 | |
*** jamielennox is now known as jamielennox|away | 23:02 | |
*** catintheroof has joined #openstack-security | 23:02 | |
*** dave-mccowan has quit IRC | 23:06 | |
*** dwyde has quit IRC | 23:08 | |
*** jamielennox|away is now known as jamielennox | 23:14 | |
*** dwyde has joined #openstack-security | 23:14 | |
*** dwyde has quit IRC | 23:17 | |
*** salv-orlando has quit IRC | 23:24 | |
*** mdong has quit IRC | 23:56 | |
*** mdong has joined #openstack-security | 23:57 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!