Re: [openstack-dev] Security bug in diskimage-builder

2017-06-01 Thread Ben Nemec
On 06/01/2017 11:31 AM, Jeremy Stanley wrote: On 2017-06-01 10:40:34 -0500 (-0500), Ben Nemec wrote: [...] Okay, so we're all set up, but now it appears we're all subscribed to every tripleo bug as well. I think oslo-coresec used to be the same way, but at some point it changed so I only get

Re: [openstack-dev] Security bug in diskimage-builder

2017-06-01 Thread Jeremy Stanley
On 2017-06-01 10:40:34 -0500 (-0500), Ben Nemec wrote: [...] > Okay, so we're all set up, but now it appears we're all subscribed to every > tripleo bug as well. I think oslo-coresec used to be the same way, but at > some point it changed so I only get explicitly notified of security bugs. > Does

Re: [openstack-dev] Security bug in diskimage-builder

2017-06-01 Thread Ben Nemec
On 05/30/2017 10:05 AM, Emilien Macchi wrote: On Tue, May 30, 2017 at 3:43 PM, Ben Nemec wrote: On 05/30/2017 08:00 AM, Emilien Macchi wrote: On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley wrote: On 2017-05-29 15:43:43 +0200 (+0200), Emilien

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-30 Thread Emilien Macchi
On Tue, May 30, 2017 at 3:43 PM, Ben Nemec wrote: > > > On 05/30/2017 08:00 AM, Emilien Macchi wrote: >> >> On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley wrote: >>> >>> On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote: On Wed, May

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-30 Thread Emilien Macchi
On Tue, May 30, 2017 at 3:10 PM, Jeremy Stanley wrote: > On 2017-05-30 15:00:11 +0200 (+0200), Emilien Macchi wrote: > [...] >> I'll explore Launchpad to see how we can use this group to handle >> Security bugs. > > I'll save you some time! ;) Many thanks, indeed it helped. >

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-30 Thread Ben Nemec
On 05/30/2017 08:00 AM, Emilien Macchi wrote: On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley wrote: On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote: On Wed, May 24, 2017 at 7:45 PM, Ben Nemec wrote: [...] Emilien, I think we should

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-30 Thread Jeremy Stanley
On 2017-05-30 15:00:11 +0200 (+0200), Emilien Macchi wrote: [...] > I'll explore Launchpad to see how we can use this group to handle > Security bugs. I'll save you some time! ;) Go to https://launchpad.net/tripleo/+sharing (repeat for any other projects the TripleO team has on LP) and add a row

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-30 Thread Emilien Macchi
On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley wrote: > On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote: >> On Wed, May 24, 2017 at 7:45 PM, Ben Nemec wrote: > [...] >> > Emilien, I think we should create a tripleo-coresec group in >> >

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-29 Thread Jeremy Stanley
On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote: > On Wed, May 24, 2017 at 7:45 PM, Ben Nemec wrote: [...] > > Emilien, I think we should create a tripleo-coresec group in > > launchpad that can be used for this. We have had > > tripleo-affecting security bugs

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-29 Thread Emilien Macchi
On Wed, May 24, 2017 at 7:45 PM, Ben Nemec wrote: > > > On 05/17/2017 10:46 AM, Jeremy Stanley wrote: >> >> On 2017-05-17 15:57:16 +0300 (+0300), George Shuklin wrote: >>> >>> There is a bug in diskimage-builder I reported it at 2017-03-10 as >>> 'private >>> security'. I

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-24 Thread Ben Nemec
On 05/17/2017 10:46 AM, Jeremy Stanley wrote: On 2017-05-17 15:57:16 +0300 (+0300), George Shuklin wrote: There is a bug in diskimage-builder I reported it at 2017-03-10 as 'private security'. I think this bug is a medium severity. So far there was no reaction at all. I plan to change this

Re: [openstack-dev] Security bug in diskimage-builder

2017-05-17 Thread Jeremy Stanley
On 2017-05-17 15:57:16 +0300 (+0300), George Shuklin wrote: > There is a bug in diskimage-builder I reported it at 2017-03-10 as 'private > security'. I think this bug is a medium severity. > > So far there was no reaction at all. I plan to change this bug to public > security on next Monday. If

[openstack-dev] Security bug in diskimage-builder

2017-05-17 Thread George Shuklin
There is a bug in diskimage-builder I reported it at 2017-03-10 as 'private security'. I think this bug is a medium severity. So far there was no reaction at all. I plan to change this bug to public security on next Monday. If someone is interested in bumping up CVE count for DIB, please look