[security] Weekly Newsletter - 29 Aug 2019

Gage Hugo gagehugo at gmail.com
Sat Aug 31 17:14:59 UTC 2019 

Last two weeks had no meeting activity, however this week we had plenty, so
here's the summary.
Hope everyone has a great weekend!

#Date: 29 Aug 2019

   - Security SIG Meeting Info:
   http://eavesdrop.openstack.org/#Security_SIG_meeting


   - Weekly on Thursday at 1500 UTC in #openstack-meeting


   - Agenda: https://etherpad.openstack.org/p/security-agenda


   - https://security.openstack.org/


   - https://wiki.openstack.org/wiki/Security-SIG


#Meeting Notes

   - Summary:
   http://eavesdrop.openstack.org/meetings/security/2019/security.2019-08-29-15.00.html


   - OSSA-2019-004 was released this week, more details here:
   https://security.openstack.org/ossa/OSSA-2019-004.html


   - The VMT is currently in the process of updating the requirements for a
   project to obtain the "vulnerability:managed tag, there is a current change
   in progress here:https://review.opendev.org/#/c/678426/


   - The main goal is to reduce the barrier of entry by not explicitly
   requiring an audit being performed on the project (but still recommending
   it), as well as clarifications on other guidelines


   - The security docs are continuing to see updates:
   https://review.opendev.org/#/q/project:openstack/security-doc


   - Shoutout to nickthetait for taking on this work, and to those
   reviewing it as well!


   - We discussed the default policy file discrepencies in Cinder/Nova in
   the Queens release, it appears that several projects have different file
   defaults for policy.


   - This is causing issues when a policy file works fine in one release,
   but after upgrading, the file is no longer automatically detected.


   - One path forward is to open a security docs bug to track these and
   look for a way to resolve this.


#VMT Reports

   - A full list of publicly marked security issues can be found here:
   https://bugs.launchpad.net/ossa/


   - OSSA-2019-004 was released this week, more details here:
   https://security.openstack.org/ossa/OSSA-2019-004.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190831/d1206f5c/attachment.html>

More information about the openstack-discuss mailing list