Thursday, 2019-06-13

« Wednesday, 2019-06-12 Index Friday, 2019-06-14 »
*** markvoelker has quit IRC00:09
*** markvoelker has joined #openstack-security01:05
*** batshadow has joined #openstack-security01:16
*** batshadow has quit IRC01:25
*** markvoelker has quit IRC01:39
*** gyee has quit IRC02:11
*** markvoelker has joined #openstack-security02:36
*** batshadow has joined #openstack-security02:37
*** batshadow has quit IRC02:43
*** markvoelker has quit IRC03:09
*** ricolin has joined #openstack-security03:50
*** dave-mccowan has quit IRC03:54
*** markvoelker has joined #openstack-security04:06
*** markvoelker has quit IRC04:40
*** pcaruana|afk| has joined #openstack-security05:01
*** pcaruana|afk| has quit IRC05:04
*** pcaruana has joined #openstack-security05:04
*** Luzi has joined #openstack-security05:20
*** ricolin has quit IRC05:36
*** markvoelker has joined #openstack-security05:37
*** markvoelker has quit IRC06:10
*** markvoelker has joined #openstack-security07:08
*** markvoelker has quit IRC07:13
*** tesseract has joined #openstack-security07:21
*** trident has quit IRC07:31
*** trident has joined #openstack-security07:34
*** markvoelker has joined #openstack-security08:10
*** markvoelker has quit IRC08:14
*** rcernin has quit IRC08:23
*** markvoelker has joined #openstack-security09:10
*** markvoelker has quit IRC09:15
*** markvoelker has joined #openstack-security10:11
*** markvoelker has quit IRC10:15
*** markvoelker has joined #openstack-security12:13
*** markvoelker has quit IRC12:17
*** pcaruana has quit IRC13:01
*** markvoelker has joined #openstack-security13:14
*** markvoelker has quit IRC13:18
*** dave-mccowan has joined #openstack-security13:39
*** ricolin has joined #openstack-security13:45
*** Luzi has quit IRC14:02
*** markvoelker has joined #openstack-security14:14
*** markvoelker has quit IRC14:19
*** ricolin has quit IRC14:21
gagehugoSecurity SIG meeting in #openstack-meeting in 13 minutes14:47
fungithanks for the reminder!14:59
*** gyee has joined #openstack-security15:35
fungigagehugo: it looks like there's so much stuck in the old moderation queue that i'll need to manually delete the messages off disk, the webui just tells me it "hit a bug"15:50
gagehugoheh15:51
fungi787 messages manually discarded for that ml using mailman's command-line discard utility15:59
fungi"There are no pending requests."16:00
fungimuch better16:01
gagehugo\o/16:01
gagehugofungi: edited the description, lemme know how that looks16:04
gagehugoor I can post it here as well16:04
funginot quite accurate. it's really used to aggregate updates about launchpad bugs with the "security" bugtag (which aren't necessarily associated with the vmt, more often security hardening fixes and whatnot), and also gerrit changes which have a "security-impact" commit footer (an indication by the change author that there is some possible need for security-related reviewers to look more closely at16:06
fungiit)16:06
fungiso maybe something like "automated notifications about security-related changes and bug reports"16:07
gagehugoyeah that's better16:07
fungithe vmt isn't really involved, they use the openstack-announce and openstack-discuss lists to reach out to the community about advisory publication16:07
fungi(and also the oss-security ml)16:08
gagehugoI meant it as more of the OSSA part in launchpad I think16:08
gagehugobut yes16:08
fungii don't think ossa bugs are subscribed to that address, just the security bugtag16:13
gagehugook16:13
gagehugoso not all ossa16:13
gagehugoer16:13
gagehugonot all security bugs are ossa involved16:14
*** markvoelker has joined #openstack-security16:16
fungitalking about the security bugtag, not the security bug type. those are separate things in lp16:19
fungiif you look at one of the recent messages in the list archive for a bug update, and view the bug, you'll see it has a "tags" area below the description and "security" will be one of them16:20
fungivs in the upper-right corner where the bug type is displayed (public, public security, private, private security)16:20
*** markvoelker has quit IRC16:20
fungithe openstack vmt's convention is that vulnerabilities have a bug type of public security or private security. other potential security-related bugs just get a bugtag of "security" added to them (and that's what triggers notification to this ml)16:21
gagehugook16:25
gagehugoWould a short sentence about reaching out to the security sig on openstack-discuss be good as well in the -security description?16:42
fungiyes, recommend using the [security-sig] tag in subjects16:50
fungialternatively, we can put more of that on https://security.openstack.org/ and just link there?16:50
gagehugoyes, both16:54
fungithat page could use some sprucing up too16:54
*** pcaruana has joined #openstack-security17:09
*** gyee has quit IRC18:04
*** markvoelker has joined #openstack-security18:17
*** gyee has joined #openstack-security18:19
*** markvoelker has quit IRC18:22
*** markvoelker has joined #openstack-security19:18
*** markvoelker has quit IRC19:23
*** markvoelker has joined #openstack-security20:19
*** markvoelker has quit IRC20:24
*** pcaruana has quit IRC20:36
*** markvoelker has joined #openstack-security21:20
*** markvoelker has quit IRC21:24
*** dave-mccowan has quit IRC22:26
*** rcernin has joined #openstack-security22:45
*** tesseract has quit IRC22:48
*** dave-mccowan has joined #openstack-security22:50
*** dave-mccowan has quit IRC23:20
*** markvoelker has joined #openstack-security23:22
*** markvoelker has quit IRC23:26
*** dave-mccowan has joined #openstack-security23:39
« Wednesday, 2019-06-12 Index Friday, 2019-06-14 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!