|
|
Line 1: |
Line 1: |
| Meeting Time: Every other Wednesday at 19:00 UTC | | Meeting Time: Every other Wednesday at 19:00 UTC |
| | | |
− | Next Meeting: Jan 8, 2014 (no meeting Dec 25) | + | Next Meeting: Jan 22, 2014 |
| | | |
| Agenda: | | Agenda: |
| | | |
− | * python-swiftclient status
| + | (nothing yet; when adding an agenda item, please include your name or IRC nick) |
− | | |
− | * python-swiftclient SSL certificate validation, facts:
| |
− | ** Actual https client implementation does not validate server certificate with CA (and will blindly accept self-signed certificate which allow MITM attack).
| |
− | ** python-swiftclient have been removed from Debian testing because of this vulnerability.
| |
− | ** Fix is in progress (since Jun 2013): https://review.openstack.org/#/c/33473/.
| |
− | | |
− | * python-swiftclient SSL certificate validation, solutions:
| |
− | ** Finish the fix in progress:
| |
− | *** pro: it tackles both vulnerability (MITM and CRIME).
| |
− | *** con: it implements a custom SSL validation just for swiftclient, and this is not a good idea as there's lots of sharp edges, and getting it wrong doesn't fail with obvious failures.
| |
− | ** Switch to request module
| |
− | *** pro: common implementation which would remove complexity from swiftclient
| |
− | *** con: does not implement the SSL compression disabling yet. (This open another vulnerability because of the CRIME attack, though it could be overcome by disabling compression at the server side)
| |
− | | |
− | * log #openstack-swift
| |
− | ** pro: lets people who don't use bouncers see what was said
| |
− | ** con: people are less free with opinions since it will live forever
| |
− | | |
− | * sysmeta status
| |
− | | |
− | * Swift 1.12.0 release
| |
Revision as of 17:17, 21 January 2014
Meeting Time: Every other Wednesday at 19:00 UTC
Next Meeting: Jan 22, 2014
Agenda:
(nothing yet; when adding an agenda item, please include your name or IRC nick)