tools/generatepot-rst.sh has an awk filter to drop UUID from POT files,
but it is unnecessary now. It was introduced to strip UUID information
which was added by default in Sphinx <1.3 [1] in openstack-manuals.
Sphinx >=1.3 does not output UUID information by default [2],
so is is no longer needed.
In addition, (g)awk 5.0 or later (adopted in Ubuntu 20.04 or later)
complains the current awk regexp. I think it is the time to drop it
rather than fixing the regexp.
[1] 993647f316
[2] https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-gettext_uuid
Related-Bug: #2035226
Change-Id: I54180d12de0cfdd618f6789b6cf9ec66d3276a40
It is no longer supported by jammy and lead us to the following errors with the announce-release job.
```
No package matching 'python-dev' is available
```
Change-Id: I26938c5af6a34db9e67452851a0ef3ed4c5bbb0e
Corrected the scope of "Discussion" section from limiting it to
end-users like outlined in the bug comment #43 [0].
Removed the "hence" from line 86 as that would be suggesting
Glance doing the checksumming normally, which is false impression..
The data is not verified because of not going through Glance
but because the consumer decides to not verify it. Subtle but
important difference.
[0] https://bugs.launchpad.net/glance/+bug/1990157/comments/43
Change-Id: Ib42b486f854e39cdae8762f596266d6c24e8b3fb
nova_api_insecure, cinder_api_insecure were deprecated in Train[1] and
removed in Ussuri[2]
There is no mention of neutron_api_insecure, but a grep of the source
does not reflect anything so I assume this has been removed too, or is a
typo, as there is a 'api_insecure' under [neutron] that has also been
removed.
[1] https://review.opendev.org/c/openstack/manila/+/626506
[2] https://review.opendev.org/c/openstack/manila/+/745206
Change-Id: I8cbce18eb1fa03471d15fa90bf7fac171903c41e
Apparently this OSSN was never committed to the security-doc
repository. Text is taken from:
https://wiki.openstack.org/wiki/OSSN/OSSN-0065
which was last revised 2017-03-31T19:55:37.
Change-Id: I92ed107785b5e15f4b521056833f8e1200837e40
Closes-bug: #1549483
The TC has decided to no longer continue the "governance tags"
experiment, so the VMT has moved the repos and expectations
previously tracked by that tag into the security site. Overhaul the
security review instructions to refer to the correct location and
structure for this information, as well as a long-overdue cleanup of
references to the no longer extant OSSP.
Change-Id: I1a172016014b64d88199faaff6a6414aae50ccee
The commit replaces DefCore committee (a former name) by
Interop Working Group (the current name) and updates a few
more old interop references.
Change-Id: I5ae3e7de8c5c41cf2859cc3591ec24dcf9e92a41
Current description is incorrect, since barbican does not store each
projects KEK in HSM. As eventually, that would mean having
thousand of keys, while Thales Luna Network HSM has limit of 100 keys
for DPoD, so it will be unable to use big part of HSM solutions
with that approach.
Instead only MKEK and HMAC are stored in HSM and used to encrypt/decrypt
KEKs.
Change-Id: I8c4eaaa42262797632ce4c4296c04a4fe62b8fcf
Barbican does support Vault plugin through Castellan for a while
and it's worth mentioning on the page.
Change-Id: I611a3472e2f00ab4feb6bf2a3ba1627a21fe5f62
The guide to enable secure live migration with QEMU-native tls on
nova compute nodes missed an important config option. Without this
option a default connection is uses which is TCP instead of TLS.
This leads to an unecrypted migration of the ram.
Closes-Bug: #1919357
Change-Id: I5cbc4ec8f15ca7c66ca9562b536299524ab5999c
The [token]/hash_algorithm config option has been deprecated since
mitaka[1].
To avoid renumbering, update check-identity-04 to '(Obsolete)'. This
keeps numbering compatibilty for people using previous version of the
checklist.
[1]: https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka
Change-Id: I587617f29141a244ca7983300ff4fcebed4255f5
These releases are still being produced by
Ceph CI but we know the version number, which
is useful to know.
Change-Id: Ic8f338f018cf02d83d346ab8abeb8e7eb7117a17
It is possible for regular users of manila
to obtain Ceph client keys that they shouldn't
have access to. This vulnerability occurs because
of a flaw in a ceph interface that manila
interacts with. The flaw has now been patched in
several stable releases of ceph. This security note
is to socialize the fix among OpenStack Manila
deployers so they can understand the vulnerability
and implement the fix in their environments
Closes-bug: #1904015
Change-Id: I911212ea1147b5c3d7ab80835a165cf47c343f6e
The version numbers of cinder releases containing the updated
os-brick library to correct Bug #1883654, according to stable
branch rules, should have had a minor increment instead of a
patch increment.
Change-Id: I03ae119bd32c18ab5dff15c02c108f671fb4d78a
We decided it made more sense to increment the minor version instead
of the patch version for this change, so update the note to reflect
this.
Change-Id: Id49827def6fac6ff866cc9855730d7147de4a789