Welcome to Last week on OpenStack Dev (“Lwood”) for the week ending 31 January 2016. For more background on Lwood, please refer here.

Basic Stats for week 25 to 31 January 2016:

  • ~623 Messages (up about 24% relative to last week)
  • ~178 Unique threads (down about 3% relative to last week)

Messages up a fair bit, threads pretty flat this week…

Notable Discussions

New OpenStack Security Notices (OSSN 0060)

Glance configuration option can lead to privilege escalation (OSSN 0060)

From the summary “Glance exposes a configuration option called `use_user_token` in the configuration file `glance-api.conf`.  It should be noted that the default setting (`True`) is secure. If, however, the setting is changed to `False` and valid admin credentials are supplied in the following section (`admin_user` and `admin_password`), Glance API commands will be executed with admin privileges regardless of the intended privilege level of the calling user.”

More information and discussion in the original post or the OSSN itself.

Upstream University

Mike Perez announced a call for mentors and mentees to be involved in the upcoming Austin summits’ Upstream University. A feature of summits since Paris, this well attended and well regarded event provides an opportunity for developers new to OpenStack to “learn the ropes” in a friendly and supportive environment.  If you’re interested in assisting or attending, please sign up here indicating which you wish to do (mentor or mentee!)

Help improve the User Portal

Pieter Kruithof Jr noted that the UX group are seeking people who are “developing, testing and deploying apps to the cloud” for interviews.  The intent is to improve the end user information available through the User Portal to the benefit of all developers.

Upcoming OpenStack Events

A summary of OpenStack related events that cropped up on the mailing list this past week.  Don’t forget the OpenStack Foundation’s excellent Events Page for a comprehensive list!

Midcycles & Sprints

People and Projects

Further Reading & Miscellanea

Don’t forget these excellent sources of OpenStack news

This edition of Lwood was prepared while sitting in of a few different sessions at linux.conf.au – so no tunes, but some great presentations and, admittedly, a shorter Lwood :)

Comments are closed.