So I wrote the newsletter for last week, but forgot to send out the actual email, so this week will have double the content! #Week of: 20 June 2019 - Security SIG Meeting Info: http://eavesdrop.openstack.org/#Security_SIG_meeting - Weekly on Thursday at 1500 UTC in #openstack-meeting - Agenda: https://etherpad.openstack.org/p/security-agenda - https://security.openstack.org/ - https://wiki.openstack.org/wiki/Security-SIG #Meeting Notes - Summary: http://eavesdrop.openstack.org/meetings/security/2019/security.2019-06-20-15... - This week we discussed cleaning up the security.openstack.org page - Overall there are many outdated sections, we came up with a current rough plan that is outlined in the security-agenda notes for this week's meeting - Retiring Syntribos - On the topic of cleaning up the security.openstack.org page, one section is security tools, which currently lists bandit and syntribos. - Looking at the Syntribos repo, it seems like lately there's only been changes related to doc fixes and overall zuul updates, with a couple actual updates to the project. - If there's anyone still with interest in updating/using Syntribos, please reach out to us. ## News - [nova] TPM thread: http://lists.openstack.org/pipermail/openstack-discuss/2019-June/007258.html # VMT Reports - A full list of publicly marked security issues can be found here: https://bugs.launchpad.net/ossa/ - No new public security bugs this week ======================================================================================================== #Week of: 13 June 2019 - Security SIG Meeting Info: http://eavesdrop.openstack.org/#Security_SIG_meeting - Weekly on Thursday at 1500 UTC in #openstack-meeting - Agenda: https://etherpad.openstack.org/p/security-agenda - https://security.openstack.org/ - https://wiki.openstack.org/wiki/Security-SIG #Meeting Notes - Summary: http://eavesdrop.openstack.org/meetings/security/2019/security.2019-06-13-15... - This week we finalized the details and settings for the [openstack-security] mailing list. The list will be used to provide purely automated notifications about security-related changes and bug reports within OpenStack. Anyone looking to reach out to the security SIG can either use the [openstack-discuss] mailing list or use the #openstack-security channel on freenode IRC. ## News - Storyboard: The security team autoassignment feature landed - If a new story is marked as "security" upon creation, it will automatically become private, however it can be edited to become public after it is created. # VMT Reports - A full list of publicly marked security issues can be found here: https://bugs.launchpad.net/ossa/ - No new public security bugs this week