Override component to main
python-oslo.privsep 1.13.0-0ubuntu1 in yakkety: universe/misc -> main
python-oslo.privsep 1.13.0-0ubuntu1 in yakkety amd64:
universe/python/optional/100% -> main
python-oslo.privsep 1.13.0-0ubuntu1 in yakkety arm64:
universe/python/optional/100% -> main
** Changed in: python-oslo.privsep (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1616764
Title:
[MIR] python-oslo.privsep
To manage notifications about
James and Corey, thanks for the feedback.
I reviewed python-oslo.privsep version 1.13.0-0ubuntu1 as checked into
yakkety; this shouldn't be considered a full security audit.
oslo.privsep tries to provide more granular tools than calling sudo from
openstack scripts, and implements an RPC
I share the same concern about maturity. Unfortunately this is in the
mainline code path for nova and cinder in Newton. The good news is this
is small package at ~1100 LOC.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
It's worth noting that very few OpenStack projects are tagged with
'vulnerability:managed', and only one of the oslo libraries are.
http://governance.openstack.org/reference/tags/vulnerability_managed.html.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This took some work to find the right person to chat with upstream about
the 'vulnerability:managed tag'.
tldr: security support is always provided by individual projects
regardless of this tag. projects tagged with 'vulnerability:managed' get
more strict/rigorous process for their disclosure and
The requirement for use of oslo.privsep appears to be limited to nova
and cinder use of os-brick (a shared library use to contain the bits and
pieces requires to map block devices to instances).
As it stands right now, privsep is initialised by the core compute,
volume and backup daemons cross
Seth
I'm not to worried about the missing 'vulnerability:managed' tag - there
are alot of oslo projects (including the current rootwrap project used
for privilege management) that don't have that tag which we know are
managed by the VMT.
Corey and I discussed whether this switch is required now
oslo.privsep doesn't appear to be supported by OpenStack VMT. Note the
missing vulnerability:managed tag:
https://governance.openstack.org/reference/projects/oslo.html#oslo-
privsep
Furthermore, it appears their project configuration doesn't actually
alert anyone to private security issues.
** Changed in: python-oslo.privsep (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1616764
Title:
[MIR] python-oslo.privsep
To manage notifications about
This is now blocking a number of OpenStack updates for Newton B3 - any
chance this can be looked at soon by the security team?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1616764
Title:
[MIR]
subscriber added (ubuntu-openstack team).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1616764
Title:
[MIR] python-oslo.privsep
To manage notifications about this bug go to:
- Needs a team bug subscriber.
- The subject matter makes me think we should have security look at it
real quick.
Otherwise seems fine.
** Changed in: python-oslo.privsep (Ubuntu)
Status: New => Incomplete
** Changed in: python-oslo.privsep (Ubuntu)
Assignee: (unassigned) => Ubuntu
13 matches
Mail list logo
