settingsLogin | Registersettings

Search:

Recent questions tagged ossn

0 votes
0 responses 5 views

As discussed at yesterday's Glance meeting, here's what's going on this coming week: - Due to Summit travel, vacation, and/or life stuff, core reviewers will not be available except for emergencies. This may affect the timeliness of your ...

asked Nov 3, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
5 responses 10 views

Hi everyone, Once upon a time we only had one governance construct to recognize activity in OpenStack, and that was the upstream project teams. As a result, we created teams for everything. However with the introduction of SIGs, we have a ...

asked Nov 3, 2017 in openstack-dev by Thierry_Carrez (57,480 points)   3 8 12
 
0 votes
15 responses 10 views

Hi Folks, My intent in this e-mail is to solicit advice for how to inject SSH host certificates into VM instances, with minimal or no burden on users. Background (skip if you're already familiar with SSH certificates): without host ...

asked Oct 10, 2017 in openstack-dev by Giuseppe_de_Candia (340 points)  
 
0 votes
1 response 5 views

The Glance spec freeze is coming up soon and we could use operator input on a proposal to govern a currently unrestricted functionality by policy. The survey is 6 multiple choice questions and closes at 23:59 UTC on Tuesday 3 October 2017, ...

asked Oct 5, 2017 in openstack-operators by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 10 views

Heap and Stack based buffer overflows in dnsmasq prior to version 2.78 ---------------------------------------------------------------------- ### Summary ### A series of heap and stack based buffer overflows have been discovered in versions ...

asked Oct 4, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
7 responses 24 views

Hi Folks, Are there any documented conventions regarding the security model for MetaData? Note that CloudInit allows passing user and ssh service public/private keys via MetaData service (or ConfigDrive). One assumes it must be secure, but ...

asked Oct 4, 2017 in openstack-dev by Giuseppe_de_Candia (340 points)  
 
0 votes
2 responses 10 views

Hello API WG, I've got a patch up for a proposal to fix OSSN-0075 by introducing a new policy. There are concerns that this will introduce an interoperability problem in that an API call that works in one OpenStack cloud may not work in ...

asked Sep 29, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 11 views

sha512_crypt is insufficient for password hashing ------------------------------------------------- ### Summary ### Use of sha512_crypt for password hashing in versions of Keystone prior to Pike, is insufficient and provides limited ...

asked Sep 17, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 4 views

For those who couldn't attend, here's a quick synopsis of what was discussed yesterday. Please consult the etherpad for each session for details. Feel free to put questions/comments on the etherpads, and then put an item on the agenda for ...

asked Sep 14, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 8 views

Aodh can be used to launder Keystone trusts --- ### Summary ### When adding an alarm action with the scheme `trust+http:` Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, not that ...

asked Aug 17, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 5 views

Ceph credentials included in logs using older versions of libvirt/qemu ---------------------------------------------------------------------- ### Summary ### Older versions of libvirt included network storage authentication information on ...

asked Jul 21, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 3 views

Hello Operators, There's a Glance spec up for fixing OSSN-0075. It would be really helpful to know how operators feel about the impact of the proposal and the alternatives described in the spec: https://review.openstack.org/#/c/468179/ ...

asked May 25, 2017 in openstack-operators by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 4 views

Hello Glancers, As discussed in today's meeting, I've put up a spec to address OSSN-0075, which is an issue I'd really like to see fixed (or at least better mitigated) in Pike. Please take a look at the patch and leave some comments: ...

asked May 25, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 4 views

Hello Glancers, Due to technical difficulties, today's virtual midcycle was not recorded. So here's a summary of the discussion; refer to the etherpad for each session for more details, and feel free to ask for clarifications in ...

asked Apr 21, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
0 votes
0 responses 5 views

Hi In https://wiki.openstack.org/wiki/OSSN/OSSN-0039, it's requested that SSL/TLS library (OpenSSL in this case) is compiled without SSLv3 , our internal discussion from some security experts suggested we need add some code to ...

asked Apr 21, 2017 in openstack-dev by Chen_CH_Ji (3,540 points)   3 6
0 votes
2 responses 329 views

Hi list: I want to setup security for libvirtd. I have read these articles: https://wiki.openstack.org/wiki/OSSN/OSSN-0007 https://www.ibm.com/support/knowledgecenter/en/linuxonibm/liabp/liabpkvmsecsrmsasl.htm My current conf is ...

asked Apr 10, 2017 in openstack by sosogh (180 points)   1 1
0 votes
0 responses 6 views

copy_from in Image Service API v1 allows network port scan ------------------------------------------------------------------------------------------- ### Summary ### The `copy_from` feature in Image Service API v1 supplied by Glance can ...

asked Mar 16, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
20 responses 155 views

Hello everyone, PKI/PKIZ token has been removed from keystone in Ocata. But recently our production team did some test about PKI and Fernet token (With Keystone Mitaka). They found that in large-scale production environment, Fernet token's ...

asked Feb 26, 2017 in openstack-dev by 王玺源 (680 points)   1 1
0 votes
1 response 10 views

Hi, I am trying to integrate ODL as external OVS manager and network controller but I could not mange to connect br-ex as ODL_BRIDGE_MAPPING with public interface eth2, ovs vsctl show:- Manager "tcp:192.67.27.27:6640" is_connected: true ...

asked Feb 23, 2017 in openstack-operators by Y.Rahulan (140 points)  
0 votes
0 responses 4 views

The Glance PTG schedule etherpad contains links to the etherpads for each of the sessions discussed below: https://etherpad.openstack.org/p/glance-pike-ptg-schedule 1. Short topics dharinic led a discussion of a three recent items she's ...

asked Feb 23, 2017 in openstack-dev by rosmaita.fossdev_at_ (4,180 points)   1 2 2
...