| fungi | reminder: monthly sig meeting starts here in 5 minutes! | 14:55 |
|---|---|---|
| fungi | #startmeeting security | 15:00 |
| opendevmeet | Meeting started Thu Jul 7 15:00:49 2022 UTC and is due to finish in 60 minutes. The chair is fungi. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'security' | 15:00 |
| fungi | #link https://etherpad.opendev.org/p/security-agenda Meeting Agenda | 15:01 |
| fungi | okay, let's get started | 15:03 |
| fungi | #topic Prior Actions | 15:03 |
| fungi | fungi complete retirement process for security-analysis | 15:03 |
| fungi | #link https://review.opendev.org/q/topic:retire-security-analysis Retirement changes for openstack/security-analysis | 15:03 |
| fungi | that's done, finally | 15:04 |
| fungi | fungi add new volunteers to review groups | 15:04 |
| fungi | #link https://review.opendev.org/admin/groups/vmt,members VMT group in Gerrit | 15:04 |
| fungi | #link https://launchpad.net/~openstack-vuln-mgmt/+members VMT group in Launchpad | 15:04 |
| fungi | #link https://storyboard.openstack.org/#!/admin/team/1 VMT group in StoryBoard | 15:05 |
| fungi | i added access for d34dh0r53 to the embargo coordination channel we use in irc and sent him a /invite, though dmendiza[m] doesn't seem to be identified with nickserv | 15:06 |
| gagehugo | o/ | 15:06 |
| fungi | also it's dawned on me that i didn't add either of them to moderators/owners for the embargo-notice ml either | 15:07 |
| fungi | #action fungi add new volunteers to embargo-notice ml | 15:07 |
| fungi | and if you want to add openpgp keys to the security.o.o site, feel free to propose them in gerrit | 15:08 |
| fungi | #link https://opendev.org/openstack/ossa/src/branch/master/doc/source/index.rst Feel free to propose changes adding OpenPGP keys | 15:08 |
| fungi | i should probably also add them to the lp and gerrit groups for ossn/security-doc | 15:08 |
| fungi | those also look like they need some cleanup done for older participants who have moved on | 15:09 |
| fungi | #action fungi update ossn/security-doc members in gerrit and launchpad | 15:09 |
| fungi | as for the last action item from last month, i haven't found time to get the ball rolling on that yet | 15:10 |
| fungi | #action fungi initiate openstack-discuss thread on the topic of xstatic packages and js dependency handling | 15:10 |
| fungi | questions on any of those? | 15:10 |
| fungi | looks like no, so moving along... | 15:11 |
| fungi | #topic Pending Reviews | 15:11 |
| fungi | #link https://review.opendev.org/q/is:open+project:openstack/ossa Open change reviews for openstack/ossa | 15:11 |
| fungi | we have one currently, to update prometheanfire's openpgp key to a newer expiration | 15:12 |
| fungi | i've already +2'd it, but since we have more reviewers now i figured i'd let someone else approve | 15:12 |
| fungi | gagehugo: d34dh0r53: dmendiza[m]: can one of you please take a look at https://review.opendev.org/846007 and approve if you think it looks okay? | 15:13 |
| gagehugo | sure | 15:14 |
| fungi | there don't seem to be any open reviews for the security-doc repo at the moment | 15:14 |
| fungi | thanks gagehugo! | 15:16 |
| fungi | #topic Public Bug Reports | 15:16 |
| fungi | #link https://bugs.launchpad.net/ossa/+bugs?field.information_type%3Alist=PUBLIC&field.information_type%3Alist=PUBLICSECURITY Public bug reports for OSSA | 15:17 |
| fungi | that query url specifically filters to just the public ones, mainly for the benefit of vmt members who also end up seeing the private ones listed by default | 15:17 |
| fungi | unfortunately, lp doesn't make it apparent which is which when you're just looking at a list of bugs | 15:18 |
| fungi | i didn't have any new ones to call out specifically this month, but remember that anyone can help confirm and resolve those, doesn't have to be people on the vmt | 15:19 |
| fungi | the list is currently down to 6, which is really great, but lower would of course be even better! | 15:19 |
| fungi | 2/3 of them are for neutron, so that's an opportunity for someone with network interest to pitch in | 15:20 |
| fungi | any comments before we move on? | 15:21 |
| fungi | #topic Anything else? | 15:21 |
| fungi | now's your opportunity to bring up anything security-related you like | 15:22 |
| fungi | if nobody has anything, i'll wrap up the meeting in 5 minutes | 15:22 |
| opendevreview | Merged openstack/ossa master: update Matthew Thode's gpg key https://review.opendev.org/c/openstack/ossa/+/846007 | 15:24 |
| fungi | thanks everyone! next meeting will be at 15:00 utc on thursday august 4 | 15:28 |
| fungi | feel free to follow up in here or on the openstack-discuss ml if anyone has anything else in the meantime | 15:28 |
| fungi | #endmeeting | 15:28 |
| opendevmeet | Meeting ended Thu Jul 7 15:28:48 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:28 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/security/2022/security.2022-07-07-15.00.html | 15:28 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/security/2022/security.2022-07-07-15.00.txt | 15:28 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/security/2022/security.2022-07-07-15.00.log.html | 15:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!