18:00:26 <bdpayne> #startmeeting OpenStack Security Group
18:00:27 <openstack> Meeting started Thu Apr  4 18:00:26 2013 UTC.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:31 <openstack> The meeting name has been set to 'openstack_security_group'
18:00:34 <bdpayne> good morning everyone
18:00:39 <noslzzp> Morning..
18:00:42 <bdpayne> who do we have here for the OSSG meeing?
18:00:48 <noslzzp> Basil is here.
18:01:14 <lglenden> I'm here.
18:02:16 <hyakuhei> Rob here
18:02:33 <bdpayne> excellent, so let's get right to it
18:02:41 <bdpayne> summit is getting close
18:03:13 <bdpayne> I'm looking forward to meeting with people f2f there and would like to have some discussions about how to make OSSG most effective going forward
18:03:30 <bdpayne> So, between now and then, please be thinking about that :-)
18:03:45 <bdpayne> #topic OS Security Guide
18:04:04 <bdpayne> @noslzzp any updates on the efforts with a doc sprint?
18:04:09 <hyakuhei> This could be such a good project if we can just get it moving.
18:04:20 <noslzzp> Yes, some..
18:04:37 <noslzzp> So I discussed the idea internally here and there is some interest in supporting it.
18:04:44 <bdpayne> glad to hear it
18:05:05 <noslzzp> I've also discussed this with organizations in the public sector.  They are interested as well.
18:05:24 <bdpayne> ok, so what are the next steps?
18:05:29 <noslzzp> At minimum we can provide facilities at Red Hat.
18:05:31 <zykes-> hmmms
18:06:10 <noslzzp> I'm scheduling a meeting with the public sector folks to discuss just that.
18:06:29 <bdpayne> ok, feel free to loop me into that -- if appropriate
18:06:44 <bdpayne> I'm also happy to have you take the lead on putting this together :-)
18:07:05 <noslzzp> The reason I am somewhat interested in the public sector side is because there is an avalanche of hardening/security work on OpenStack specifically that has been completed to date.
18:07:24 <bdpayne> sure
18:07:26 <noslzzp> We could immediately leverage those best practices, etc.
18:07:44 <bdpayne> is that work available for public consumption?
18:07:55 <bdpayne> or in process for being made available?
18:08:03 <noslzzp> Process of being made.. :)
18:08:12 <bdpayne> great, very glad to hear that
18:08:13 <noslzzp> In fact, that's why there is strong interest here..
18:08:24 <noslzzp> This would be a great avenue to share.
18:08:42 <bdpayne> would love to get such people involved in this effort
18:08:46 <bdpayne> if possible
18:08:51 <noslzzp> It's possible.
18:09:11 <noslzzp> I'll loop you in ..
18:09:24 <bdpayne> at this point, do you think it would be possible to announce a date for a doc sprint at the summit?
18:09:35 <hyakuhei> I'd like to stay involved
18:10:05 <noslzzp> 50/50 on an announcement.  I think we can get a location/date pinned down in time.  We'll need to really push though.
18:10:30 <noslzzp> Hyakukei, where are you physically? (not that it matters, just curious).
18:10:57 <hyakuhei> I'm uk based but find myself stateside more times than I care to mention ;)
18:11:17 <bdpayne> noslzzp let's aim for that as a goal… would be a great venue to get more involved and concrete plans are often a good way to approach that
18:11:19 <hyakuhei> bdpayne and I have also been working with a few public sector bodies who may like to contribute
18:11:38 <noslzzp> awesome.
18:11:41 * bdpayne thinks that we are all talking about the same public sector bodies, fyi
18:11:52 <noslzzp> there's a few of them.. :)
18:11:58 <bdpayne> ok
18:12:14 <bdpayne> so...
18:12:31 <bdpayne> #action noslzzp to push for a date / location for doc sprint to announce at summit
18:12:46 <noslzzp> Yep.
18:12:58 <bdpayne> #topic Emails
18:13:14 <bdpayne> You guys probably noticed that there have been many emails coming out this morning
18:13:24 <bdpayne> various security related bugs
18:13:39 <bdpayne> are people seeing these?  often from Thierry
18:13:53 <hyakuhei> I think Thierry closed out a bunch of Security vulns today
18:14:01 <bdpayne> yeah
18:14:24 <bdpayne> so I just wanted to make a general remark that we've taken some effort to get these notifications in place
18:14:24 <hyakuhei> OpenStack Security Group members on LaunchPad should receive these
18:14:30 <hyakuhei> yeah
18:14:37 <bdpayne> the idea is that OSSG members are a good group to provide feedback
18:14:50 <hyakuhei> Should also point out that openstack-security@lists.openstack.org is a thing now :)
18:14:57 <bdpayne> and that's, of course, a great way to have some security impact and increase the group's visibility
18:15:14 <bdpayne> so I encourage folks to take advantage of that and provide feedback comments
18:15:21 <lglenden> so the bug reports are sent to the launchpad group, and the listserv is used for more general purpose communication?
18:15:30 <bdpayne> that's correct
18:15:33 <lglenden> okay
18:15:54 <bdpayne> whether we use the dev list or our own mailing list is a judgement call
18:16:20 <bdpayne> but, my hope is that we will identify some work to rally around at the summit, and that the mailing list may be a good place for chatter about such things, planning, etc
18:16:43 <hyakuhei> +1
18:17:06 <bdpayne> #topic Other Summit Planning
18:17:28 <bdpayne> So it sounds like Rob/HP will be setting up something for OSSG to meeting up on Monday evening over food?
18:18:07 <bdpayne> sorry… hyakuhei
18:18:29 <hyakuhei> That's more or less correct
18:18:41 <bdpayne> heh, ok
18:18:50 <hyakuhei> Not sure where or what, reasonably confident on when. Could do with a better picture of 'who'
18:19:03 <bdpayne> #action hyakuhei will advertise OSSG meeting
18:19:14 <bdpayne> count me in
18:19:16 <hyakuhei> :D
18:19:29 <hyakuhei> I think HP will have a few, I believe APL are in for a few people too
18:19:30 <noslzzp> Some good parties that night..
18:19:56 <bdpayne> I suspect that we may be able to get a few additional to show up as well
18:19:56 <hyakuhei> imho the mirantis ones are not the best, I'm planning that our meal be out in time for the RH one
18:20:05 <hyakuhei> which I'm expecting good things from ;)
18:20:09 <noslzzp> +1
18:20:11 <bdpayne> +1 to that
18:20:37 <hyakuhei> I'm guessing 8-12 people atm
18:20:41 <bdpayne> sounds good
18:20:54 <bdpayne> any other chatter about the summit?
18:21:24 <bdpayne> Anyone interested in seeing the Nebula One cloud controller can swing by our booth :-)
18:21:36 <noslzzp> I am and will. :)
18:21:39 * bdpayne is happy to finally be shipping a product
18:21:45 <noslzzp> Congrats, btw..
18:21:49 <hyakuhei> Indeed
18:21:49 <bdpayne> thx
18:21:59 <hyakuhei> I'll be coming by, must play with the pretty lights.
18:22:42 <bdpayne> #topic Open Discussion
18:22:46 <bdpayne> anything else for today?
18:22:50 <hyakuhei> Yep
18:23:02 <hyakuhei> So I'd like to get the LXC Security Note out of the door.
18:23:07 <hyakuhei> #link https://bugs.launchpad.net/osn/+bug/1155566
18:23:09 <uvirtbot> Launchpad bug 1155566 in osn "Note: Keystone Request / Header Size Limits Required to Avoid DoS" [High,Confirmed]
18:23:11 <bdpayne> is it not already?
18:23:24 <bdpayne> oh, the DOS security note?
18:23:26 <hyakuhei> doh s/LXC/Keystone/
18:23:31 <bdpayne> got it
18:23:52 <hyakuhei> Just needs a couple of lines dropping in regarding Nginx/Apache/Other smart ways of doing http limiting
18:24:27 <bdpayne> would be nice to quantify large, perhaps?
18:24:52 <hyakuhei> Yeah, though that's somewhat relative to the available resources
18:24:59 <hyakuhei> it's a linear exhaustion
18:25:03 <bdpayne> gotcha
18:25:13 <hyakuhei> I'll add that info in
18:25:37 <bdpayne> great
18:25:49 <bdpayne> also, perhaps add haproxy to the list?
18:25:52 <bdpayne> otherwise, lgtm
18:25:55 <hyakuhei> go ahead
18:27:01 <bdpayne> ok, can do
18:27:10 <bdpayne> I'll add that and see if I can get some links for the others
18:27:16 <bdpayne> sometime today ;-)
18:27:32 <bdpayne> #action bdpayne to provide some details for OSN
18:27:36 <bdpayne> anything else?
18:28:04 <bru> Is the web page for your cloud controller up to date?
18:29:06 <bdpayne> bru please PM me with additional Nebula questions, but yes
18:29:15 <bdpayne> ok, thanks everyone, have a great week
18:29:23 <bdpayne> #endmeeting