Re: [openstack-dev] [OSSG] Best tool for simple security gate

2014-06-19 Thread Travis McPeak
Sorry for quoting the entire previous digest, twas a noob mistake. Thanks, -Travis On 6/19/14, 11:22 AM, openstack-dev-requ...@lists.openstack.org openstack-dev-requ...@lists.openstack.org wrote: Message: 33 Date: Thu, 19 Jun 2014 11:21:24 -0700 From: Travis McPeak travis_mcp

Re: [openstack-dev] [All] IRC Mishaps

2017-02-08 Thread Travis McPeak
How about the crowd favorite of accidentally submitting your password in chat instead of where you were trying to? At least people can help you evaluate your password strength :) On Wed, Feb 8, 2017, 12:38 PM Kendall Nelson wrote: > Hello All! > > So I am sure we've all

[openstack-dev] [Security] New blog post - "Secure Development in Python"

2016-09-26 Thread Travis McPeak
For those that aren't aware the OSSP maintains a blog: http://openstack-security.github.io/. I published a new post today about resources created by the OSSP to help developers write secure Python code. You can view it here:

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

2016-09-21 Thread Travis Mcpeak
infraction. -Travis McPeak From: openstack-dev-requ...@lists.openstack.org To: openstack-dev@lists.openstack.org Date: 09/21/2016 05:04 AM Subject:OpenStack-dev Digest, Vol 53, Issue 51 Send OpenStack-dev mailing list submissions to openstack-dev@lists.ope

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

2016-09-21 Thread Travis McPeak
"So all this said, there are individuals interested in the PTL role to ensure project teams have someone handling the logistics and coordination. My issue however was that I was not yet eligible to be a candidate which I'll remedy moving forward. I'm still interested in serving as a PTL for a

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

2016-09-21 Thread Travis McPeak
"My answer would be -that- is the most ideal scenario. I care about OpenStack and ensuring quality projects have adequate representation so I checked to see which ones didn't have anyone defined for leadership and picked one to step in and help, assuming no one was able to fill that role for that

[openstack-dev] [Security] XML Attacks and DefusedXML on Global Requirements

2016-09-27 Thread Travis McPeak
There are several attacks (https://pypi.python.org/pypi/defusedxml#id3) that can be performed when XML is parsed from untrusted input. DefusedXML offers safe alternatives to XML parsing libraries but is not currently part of global requirements. I propose adding DefusedXML to global requirements

Re: [openstack-dev] [Security] XML Attacks and DefusedXML on Global Requirements

2016-09-27 Thread Travis McPeak
There is a private security bug about it right now too. No, not all XML libraries are immune now. On Tue, Sep 27, 2016 at 11:36 AM, Dave Walker <em...@daviey.com> wrote: > > > On 27 September 2016 at 19:19, Sean Dague <s...@dague.net> wrote: > >> On 09/27/2016

Re: [openstack-dev] [glance][VMT][Security] Glance coresec reorg

2016-10-18 Thread Travis McPeak
+1 for Ian. He has great security knowledge and will be an awesome asset for any security team. On Tue, Oct 18, 2016, 3:24 PM Brian Rosmaita wrote: > Hello everyone, > > First, I'd like to thank Flavio Percoco and Kairat Kushaev for their past > service as members