18:00:49 #startmeeting OpenStack Security Group 18:00:50 Meeting started Thu Feb 13 18:00:49 2014 UTC and is due to finish in 60 minutes. The chair is bdpayne_. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:51 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:53 The meeting name has been set to 'openstack_security_group' 18:01:05 Hi OSSG 18:01:11 #topic Rollcall 18:01:47 hii 18:01:48 Hi 18:01:49 I am attending this meeting for the first time 18:01:49 welcome! 18:02:09 welcome sand2rick... could you introduce yourself for the group? 18:02:18 sorry, sand2rock 18:02:24 Its ok 18:02:29 I am sandeep 18:02:40 from bangalore 18:02:50 i work on c++/unix and perl 18:03:07 ok, thanks for joining us today 18:03:12 anyone else here? 18:03:20 hey 18:03:33 hi 18:03:36 hi 18:03:47 #topic Agenda 18:04:06 I'd like to discuss OSSNs today. 18:04:22 ok 18:04:32 quit 18:05:00 summit talks are due this week, I'd be interested in knowing what people submitted so I can look for them 18:05:11 I know that there's one review up for a book edit 18:05:31 I submitted one about data protection within OpenStack 18:05:55 trying to cover encryption, VPNaaS, etc. 18:06:05 ah, nice 18:06:14 A coworker of mine is submitting one related to securing internal endpoints, secure messaging, etc. 18:06:19 I may co-present 18:06:30 so there's an OSSG overview talk with Rob, nkinder and myself 18:06:37 nkinder: I'd like to attend that one 18:06:49 joel-coffman: let's hope it gets accepted! 18:07:11 and I submitted one on how security needs to be viewed differently in private clouds 18:07:24 cool, so lots of submissions 18:07:41 ok, let's push ahead with the other topics 18:07:43 I was glad to see that "security" was a designated track 18:07:47 #topic OSSNs 18:08:04 nkinder what's the latest? 18:08:25 I've been working on getting OSSNs moved to git/gerrit. 18:08:56 We need to belong to a parent project to have an openstack/* repo. 18:09:09 Part of the issue there is figuring out where OSSNs belong. 18:09:40 After some discussions with thierry and annegentle, it's looking like docs might be the right parent project 18:10:03 So, I'd like to see if others from OSSG agree with that placement. 18:10:15 interesting 18:10:22 so you guys decided this instead of stackforge? 18:10:38 I've started down the stackforge path as well in the meantime 18:10:47 gotcha 18:10:55 So there's a patch out for adding us to stackforge, 18:10:55 so, docs may make sense for OSSNs 18:10:56 docs sounds as good as anything to me 18:11:00 but not for OSSG in general 18:11:11 yes, just for OSSNs 18:11:23 that's probably a fine place for OSSN 18:11:40 I have a github repo I created to seed the stackforge repo - https://github.com/nkinder/openstack-security-notes 18:11:50 although, I think that OSSG should start taking steps for more formal recognition in the community 18:12:02 because there's a variety of things where not having that creates challenges 18:12:12 agreed 18:12:13 bdpayne_: Agreed. 18:12:40 nkinder that looks nice 18:12:56 so stackforge can utilize gerrit and such, right> 18:13:01 yes 18:13:10 we would have all of the normal workflow 18:13:21 ok, yeah, I think that sounds just fine 18:13:31 we can start to add in auto publishing too 18:13:32 so, if we moved under doc, what would that look like then? 18:13:49 hi folks 18:13:49 In what way? Workflow-wise, it would be the same. 18:14:19 bdpayne_: We could possibly publish to the docs site though. 18:14:40 ...and I believe that is locked down unlike the wiki (so no worries of tampering) 18:15:07 One other benefit is that OSSN writers would have ATC status, which is nice. 18:15:25 That might encourage more people to contribute 18:15:30 I guess I'm wondering... if we're already under stackforge, then what additional value do we get by being taken in by the doc project? 18:15:56 ATC status is an interesting point 18:16:17 I think it makes our work more officially recognized. 18:17:00 cool, so that sounds good ot me 18:17:03 So that's what's going on around OSSNs. 18:17:10 note that book contributions already get you ATC status as well 18:17:14 nudge, nudge 18:17:15 We have a few that need to be written 18:17:16 :-) 18:17:25 b/c that is under doc as well 18:17:25 https://bugs.launchpad.net/ossn/ 18:17:49 The noVNC one is stale. Sriram was working on it quite some time ago, but it stalled out. 18:17:55 sorry to interrupt ... but how do i contribute to this group? 18:18:00 I picked up one of the other ones this week. 18:18:06 sand2rock: nice timing :) 18:18:15 :) 18:18:21 really sorry to interrupt 18:18:22 sand2rock: One of the things we do is to write and publish security notes 18:18:32 which are known as OSSNs 18:18:48 sand2rock: So a great place to start is to review and/or write one. 18:19:09 sand2rock: There are some bugs for notes that need to be written here - https://bugs.launchpad.net/ossn/ 18:19:29 The process is at https://wiki.openstack.org/wiki/Security/Security_Note_Process 18:19:36 sand2rock you can also check here for broader ways that you can contribute: https://wiki.openstack.org/wiki/Security/How_To_Contribute 18:20:03 nkinder thanks for putting the git stuff through for OSSNs 18:20:06 this will be a nice improvement 18:20:10 sure thing 18:20:22 nkinder: thanks 18:20:22 That's all I have on OSSN topics. 18:20:24 ok 18:20:31 #topic Book Edits 18:20:40 So there's an open review for a book edit 18:20:50 https://review.openstack.org/#/c/73195/ 18:21:06 Seems to be getting reviews, but I just wanted to mention it in case people were interested 18:21:34 Looks like I'm meeting with the book editor team at RSA in a couple of weeks, so I'm hoping to re-invigorate that effort 18:21:56 #topic Open Discussion 18:22:04 Anything else people would like to discuss today? 18:22:18 bdpayne_: I'll review the book edit 18:22:27 hadn't seen it before 18:22:35 I'll take a look too. 18:22:45 great, thanks 18:23:13 We need to figure out the next steps around the security review for Ironic, but we need hyakuhei for that. 18:23:34 yes, I agree on that all around 18:24:14 so I think that's about it for today... we can wrap up a little early 18:24:16 thanks everyone 18:24:24 thanks! 18:24:27 one sec 18:24:36 ah, go for it joel-coffman 18:24:43 my team has a patch out for ephemeral storage encryption: https://review.openstack.org/#/c/70228/ 18:25:03 there's probably a way in gerrit to subscribe to reviews for a specific book. 18:25:05 it's marked do not merge, but we'd appreciate additional feedback / thoughts 18:25:52 that's it, thanks! 18:26:08 joel-coffman ok thanks... that's been up for a while... any context to share there? 18:26:35 Daniel Berrange didn't like the use of loop devices 18:27:20 we'd appreciate knowing if others concur with his comments or if supporting encryption for the raw backend is useful 18:27:26 (even with some limitations) 18:27:28 ah, gotcha 18:27:49 ok, we'll take a look 18:28:07 thanks 18:28:33 ok, that's all for today 18:28:37 thanks again everyone 18:28:59 thanks bdpayne_ and nkinder... and sorry again for interrupting 18:29:28 sand2rock: not a problem at all. Glad you are looking at helping out! 18:29:45 cheers 18:30:02 #endmeeting