Security Working Group - Wednesday March 4

Joseph Reynolds jrey at linux.ibm.com
Tue Mar 3 11:05:13 AEDT 2020


This is a reminder of the OpenBMC Security Working Group meeting 
scheduled for this Wednesday March 4 at 10:00am PDT.

We'll discuss current development items, and anything else that comes up.

The current topics:

1. Proposal to add new Redfish roles for ServiceRep & OemRep. 2. 
Implement the Redfish PasswordChangeRequired property. 3. Proposal to 
delete BMCWeb sessions after some kinds of account changes.

4. Intel hackathon (pen test, code reviews, etc) results. 5. Security 
issue: BMCWEB_ENABLE_DBUS_REST=ON enables information leak

6. Discuss making contributions toward 
https://github.com/openbmc/openbmc/wiki/Security-working-group#security-end-of-release-checklist
for the May 2020 OpenBMC release based on Yocto 3.1.

Access, agenda, and notes are in the wiki:

https://github.com/openbmc/openbmc/wiki/Security-working-group

- Joseph



More information about the openbmc mailing list