Introduction

Welcome to Last week on OpenStack Dev (“Lwood”) for the week ending 31 January 2016. For more background on Lwood, please refer here.

Basic Stats for week 25 to 31 January 2016:

• ~623 Messages (up about 24% relative to last week)
• ~178 Unique threads (down about 3% relative to last week)

Messages up a fair bit, threads pretty flat this week…

Notable Discussions

New OpenStack Security Notices (OSSN 0060)

Glance configuration option can lead to privilege escalation (OSSN 0060)

From the summary “Glance exposes a configuration option called `use_user_token` in the configuration file `glance-api.conf`.  It should be noted that the default setting (`True`) is secure. If, however, the setting is changed to `False` and valid admin credentials are supplied in the following section (`admin_user` and `admin_password`), Glance API commands will be executed with admin privileges regardless of the intended privilege level of the calling user.”

More information and discussion in the original post or the OSSN itself.

Upstream University

Mike Perez announced a call for mentors and mentees to be involved in the upcoming Austin summits’ Upstream University. A feature of summits since Paris, this well attended and well regarded event provides an opportunity for developers new to OpenStack to “learn the ropes” in a friendly and supportive environment.  If you’re interested in assisting or attending, please sign up here indicating which you wish to do (mentor or mentee!)

Help improve the User Portal

Pieter Kruithof Jr noted that the UX group are seeking people who are “developing, testing and deploying apps to the cloud” for interviews.  The intent is to improve the end user information available through the User Portal to the benefit of all developers.

Upcoming OpenStack Events

A summary of OpenStack related events that cropped up on the mailing list this past week.  Don’t forget the OpenStack Foundation’s excellent Events Page for a comprehensive list!

Midcycles & Sprints

• [openstack-defcore] Midcycle – March 8 & 9, Austin, TX, USA – Egle Sigler
• [neutron] Spring 14-16 March, Brno, Czech Republic – Ihar Hrachyshka
• [glance] – Virtual Midcycle date vote – Flavio Percoco

People and Projects

• [oslo] Satchi King for Oslo core – Robert Collins
• [glance] Core team additions and removals – Flavio Percoco
• [oslo] Adding Dmitry Ukhlov to Oslo-Messaging-Core – Davanum Srinivas
• [mistral] Promoting Anastasia Kuznetsova to core reviewers​ – Renat Akhmerov
• [oslo] Nominating Ronald Bradford and Alexis Lee for oslo-core – Doug Hellman
• [puppet] Stepping down from Puppet Core​ – Mathieu Gagné
• [Cinder] Nominating Patrick East to Cinder Core​ – Sean McGinnis
• [keystone] Changes to keystone-core! – Steve Martinelli

Further Reading & Miscellanea

Don’t forget these excellent sources of OpenStack news

• Technical Committee Highlights by Anne Gentle
• What’s Up, Doc? by Lana Brindley
• OpenStack Developer Mailing List Digest by Mike Perez
• OpenStack Foundation Blog

This edition of Lwood was prepared while sitting in of a few different sessions at linux.conf.au – so no tunes, but some great presentations and, admittedly, a shorter Lwood :)