#openstack-meeting log

18:00:49 <bdpayne_> #startmeeting OpenStack Security Group
18:00:50 <openstack> Meeting started Thu Feb 13 18:00:49 2014 UTC and is due to finish in 60 minutes.  The chair is bdpayne_. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:51 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:53 <openstack> The meeting name has been set to 'openstack_security_group'
18:01:05 <bdpayne_> Hi OSSG
18:01:11 <bdpayne_> #topic Rollcall
18:01:47 <sand2rock> hii
18:01:48 <nkinder> Hi
18:01:49 <sand2rock> I am attending this meeting for the first time
18:01:49 <nkinder> welcome!
18:02:09 <bdpayne_> welcome sand2rick... could you introduce yourself for the group?
18:02:18 <bdpayne_> sorry, sand2rock
18:02:24 <sand2rock> Its ok
18:02:29 <sand2rock> I am sandeep
18:02:40 <sand2rock> from bangalore
18:02:50 <sand2rock> i work on c++/unix and perl
18:03:07 <bdpayne_> ok, thanks for joining us today
18:03:12 <bdpayne_> anyone else here?
18:03:20 <joel-coffman> hey
18:03:33 <bdpayne_> hi
18:03:36 <sand2rock> hi
18:03:47 <bdpayne_> #topic Agenda
18:04:06 <nkinder> I'd like to discuss OSSNs today.
18:04:22 <bdpayne_> ok
18:04:32 <vikasd> quit
18:05:00 <bdpayne_> summit talks are due this week, I'd be interested in knowing what people submitted so I can look for them
18:05:11 <bdpayne_> I know that there's one review up for a book edit
18:05:31 <joel-coffman> I submitted one about data protection within OpenStack
18:05:55 <joel-coffman> trying to cover encryption, VPNaaS, etc.
18:06:05 <bdpayne_> ah, nice
18:06:14 <nkinder> A coworker of mine is submitting one related to securing internal endpoints, secure messaging, etc.
18:06:19 <nkinder> I may co-present
18:06:30 <bdpayne_> so there's an OSSG overview talk with Rob, nkinder and myself
18:06:37 <joel-coffman> nkinder: I'd like to attend that one
18:06:49 <nkinder> joel-coffman: let's hope it gets accepted!
18:07:11 <bdpayne_> and I submitted one on how security needs to be viewed differently in private clouds
18:07:24 <bdpayne_> cool, so lots of submissions
18:07:41 <bdpayne_> ok, let's push ahead with the other topics
18:07:43 <joel-coffman> I was glad to see that "security" was a designated track
18:07:47 <bdpayne_> #topic OSSNs
18:08:04 <bdpayne_> nkinder what's the latest?
18:08:25 <nkinder> I've been working on getting OSSNs moved to git/gerrit.
18:08:56 <nkinder> We need to belong to a parent project to have an openstack/* repo.
18:09:09 <nkinder> Part of the issue there is figuring out where OSSNs belong.
18:09:40 <nkinder> After some discussions with thierry and annegentle, it's looking like docs might be the right parent project
18:10:03 <nkinder> So, I'd like to see if others from OSSG agree with that placement.
18:10:15 <bdpayne_> interesting
18:10:22 <bdpayne_> so you guys decided this instead of stackforge?
18:10:38 <nkinder> I've started down the stackforge path as well in the meantime
18:10:47 <bdpayne_> gotcha
18:10:55 <nkinder> So there's a patch out for adding us to stackforge,
18:10:55 <bdpayne_> so, docs may make sense for OSSNs
18:10:56 <bknudson> docs sounds as good as anything to me
18:11:00 <bdpayne_> but not for OSSG in general
18:11:11 <nkinder> yes, just for OSSNs
18:11:23 <bdpayne_> that's probably a fine place for OSSN
18:11:40 <nkinder> I have a github repo I created to seed the stackforge repo - https://github.com/nkinder/openstack-security-notes
18:11:50 <bdpayne_> although, I think that OSSG should start taking steps for more formal recognition in the community
18:12:02 <bdpayne_> because there's a variety of things where not having that creates challenges
18:12:12 <joel-coffman> agreed
18:12:13 <nkinder> bdpayne_: Agreed.
18:12:40 <bdpayne_> nkinder that looks nice
18:12:56 <bdpayne_> so stackforge can utilize gerrit and such, right>
18:13:01 <nkinder> yes
18:13:10 <nkinder> we would have all of the normal workflow
18:13:21 <bdpayne_> ok, yeah, I think that sounds just fine
18:13:31 <nkinder> we can start to add in auto publishing too
18:13:32 <bdpayne_> so, if we moved under doc, what would that look like then?
18:13:49 <thomasbiege> hi folks
18:13:49 <nkinder> In what way?  Workflow-wise, it would be the same.
18:14:19 <nkinder> bdpayne_: We could possibly publish to the docs site though.
18:14:40 <nkinder> ...and I believe that is locked down unlike the wiki (so no worries of tampering)
18:15:07 <nkinder> One other benefit is that OSSN writers would have ATC status, which is nice.
18:15:25 <nkinder> That might encourage more people to contribute
18:15:30 <bdpayne_> I guess I'm wondering... if we're already under stackforge, then what additional value do we get by being taken in by the doc project?
18:15:56 <bdpayne_> ATC status is an interesting point
18:16:17 <nkinder> I think it makes our work more officially recognized.
18:17:00 <bdpayne_> cool, so that sounds good ot me
18:17:03 <nkinder> So that's what's going on around OSSNs.
18:17:10 <bdpayne_> note that book contributions already get you ATC status as well
18:17:14 <bdpayne_> nudge, nudge
18:17:15 <nkinder> We have a few that need to be written
18:17:16 <bdpayne_> :-)
18:17:25 <bdpayne_> b/c that is under doc as well
18:17:25 <nkinder> https://bugs.launchpad.net/ossn/
18:17:49 <nkinder> The noVNC one is stale.  Sriram was working on it quite some time ago, but it stalled out.
18:17:55 <sand2rock> sorry to interrupt ... but how do i contribute to this group?
18:18:00 <nkinder> I picked up one of the other ones this week.
18:18:06 <nkinder> sand2rock: nice timing :)
18:18:15 <sand2rock> :)
18:18:21 <sand2rock> really sorry to interrupt
18:18:22 <nkinder> sand2rock: One of the things we do is to write and publish security notes
18:18:32 <nkinder> which are known as OSSNs
18:18:48 <nkinder> sand2rock: So a great place to start is to review and/or write one.
18:19:09 <nkinder> sand2rock: There are some bugs for notes that need to be written here - https://bugs.launchpad.net/ossn/
18:19:29 <nkinder> The process is at https://wiki.openstack.org/wiki/Security/Security_Note_Process
18:19:36 <bdpayne_> sand2rock you can also check here for broader ways that you can contribute: https://wiki.openstack.org/wiki/Security/How_To_Contribute
18:20:03 <bdpayne_> nkinder thanks for putting the git stuff through for OSSNs
18:20:06 <bdpayne_> this will be a nice improvement
18:20:10 <nkinder> sure thing
18:20:22 <sand2rock> nkinder: thanks
18:20:22 <nkinder> That's all I have on OSSN topics.
18:20:24 <bdpayne_> ok
18:20:31 <bdpayne_> #topic Book Edits
18:20:40 <bdpayne_> So there's an open review for a book edit
18:20:50 <bdpayne_> https://review.openstack.org/#/c/73195/
18:21:06 <bdpayne_> Seems to be getting reviews, but I just wanted to mention it in case people were interested
18:21:34 <bdpayne_> Looks like I'm meeting with the book editor team at RSA in a couple of weeks, so I'm hoping to re-invigorate that effort
18:21:56 <bdpayne_> #topic Open Discussion
18:22:04 <bdpayne_> Anything else people would like to discuss today?
18:22:18 <joel-coffman> bdpayne_: I'll review the book edit
18:22:27 <joel-coffman> hadn't seen it before
18:22:35 <nkinder> I'll take a look too.
18:22:45 <bdpayne_> great, thanks
18:23:13 <nkinder> We need to figure out the next steps around the security review for Ironic, but we need hyakuhei for that.
18:23:34 <bdpayne_> yes, I agree on that all around
18:24:14 <bdpayne_> so I think that's about it for today... we can wrap up a little early
18:24:16 <bdpayne_> thanks everyone
18:24:24 <nkinder> thanks!
18:24:27 <joel-coffman> one sec
18:24:36 <bdpayne_> ah, go for it joel-coffman
18:24:43 <joel-coffman> my team has a patch out for ephemeral storage encryption: https://review.openstack.org/#/c/70228/
18:25:03 <bknudson> there's probably a way in gerrit to subscribe to reviews for a specific book.
18:25:05 <joel-coffman> it's marked do not merge, but we'd appreciate additional feedback / thoughts
18:25:52 <joel-coffman> that's it, thanks!
18:26:08 <bdpayne_> joel-coffman ok thanks... that's been up for a while... any context to share there?
18:26:35 <joel-coffman> Daniel Berrange didn't like the use of loop devices
18:27:20 <joel-coffman> we'd appreciate knowing if others concur with his comments or if supporting encryption for the raw backend is useful
18:27:26 <joel-coffman> (even with some limitations)
18:27:28 <bdpayne_> ah, gotcha
18:27:49 <bdpayne_> ok, we'll take a look
18:28:07 <joel-coffman> thanks
18:28:33 <bdpayne_> ok, that's all for today
18:28:37 <bdpayne_> thanks again everyone
18:28:59 <sand2rock> thanks bdpayne_ and nkinder... and sorry again for interrupting
18:29:28 <nkinder> sand2rock: not a problem at all.  Glad you are looking at helping out!
18:29:45 <joel-coffman> cheers
18:30:02 <bdpayne_> #endmeeting