18:00:14 #startmeeting OpenStack Security Group 18:00:15 Meeting started Thu Mar 6 18:00:14 2014 UTC and is due to finish in 60 minutes. The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:18 The meeting name has been set to 'openstack_security_group' 18:00:27 Welcome to the OSSG meeting :-) 18:00:32 #topic Roll Call 18:00:41 o/ everyone 18:00:58 hi there, this is sriram 18:00:59 yo! 18:01:23 hello everyone! 18:01:50 Hi 18:02:34 welcome everyone 18:02:38 #topic Agenda 18:02:42 Paul here too 18:02:47 hey 18:02:58 I'd like to discuss the ongoing election process a bit 18:03:03 I'd also like to review OSSN status 18:03:08 anything else for today? 18:03:53 Hi, nicolae from the swedish institute of comp science here 18:04:05 welcome nicolae 18:04:07 How about that security review of Keystone, if anyone is here to talk about it that is 18:04:15 sure, we can add that too 18:04:16 welcome nicolae-sics nice to have you here. 18:04:23 #topic Lead Election 18:04:38 If you're following the mailing list, you'll know that we now have two candidates 18:04:51 Closing date for candidates is the 12th of March. 18:05:02 yep, that ^^ 18:05:10 so that's next Wed 18:05:35 thanks for Malini and Sriram for stepping up thus far 18:05:52 pleasure! 18:06:00 Indeed, it's a worthy cause. 18:06:04 :-) 18:06:09 Also, I wanted to give a quick word on the electorate 18:06:26 I've been working on a spreadsheet that lists everyone that is a member of OSSG launchpad group 18:06:41 And then I'll be going through and figuring out who is an "active member" 18:06:48 I'll publish this list before the election starts 18:06:57 just so that everyone is on the same page and can correct errors, etc 18:07:04 so please be watching for that 18:07:07 Seems reasonable. 18:07:20 any other questions about the election process? 18:07:48 ok, great 18:07:53 #topic OSSN 18:08:01 I'd like to do a quick review of the open OSSNs 18:08:16 there's a bit of a backlog 18:08:19 yeah 18:08:37 nkinder would you like to discuss? 18:08:44 I'll be sending one out today (it actually covers two) 18:08:57 Good stuff 18:08:59 It's not marked public yet, so I don't want to discuss the details of it. 18:09:15 right, I mean discuss the backlog 18:09:21 https://bugs.launchpad.net/ossn 18:09:25 I've looked into the one about cinder third-party driver permissions, and will be writing that one up too. 18:09:31 We have two in 'new' states 18:09:39 i.e need writers / reviewers 18:10:02 I'm tied up in other work this week but I'd be happy to review these if someone else wants to have a go at writing them up 18:10:23 srirramhere worked on the noVNC one, but it's still listed in "New" status 18:10:35 I reviewed it, and recommended some changes a while back 18:10:43 srirramhere can you update the status of that one? 18:11:00 i'll take the DOS noVNC one 18:11:21 great. So does anyone want/need a review doing? 18:11:24 I will take a look and make corrections that will make it complete this week 18:11:24 malini1: ok, there's a draft OSSN in the bug, but it needs to have some items addressed 18:11:25 i remember seeing something like that a few months back 18:11:42 There was a VNC one but I think it may have been orthogonal to this one 18:12:20 any takers for https://bugs.launchpad.net/ossn/+bug/1268751 ? 18:12:23 nkinder and hyakuhei: will check and consult you as necessary, thanks 18:12:25 this is a token revocation issue 18:12:40 I can look at that one and discuss it with Adam 18:12:50 ok, thanks 18:13:15 looks like all of the others have an assignee 18:13:18 so that's a good step 18:13:21 I have one other thing related to OSSNs 18:13:25 although most of them are assigned to nkinder ;-) 18:13:47 How's the gerrit/git stuff going? 18:14:02 The stackforge repo request isn't moving along, largely because we are discussing putting the OSSN repo under the docs program 18:14:30 annegentle started a discussion on the docs mailing list to float the idea, and I didn't see anyone against it on that side of things 18:14:43 What's the subject? I'll dig it out 18:14:54 OSSNs really are docs, and they will feed into the security guide, so I think that makes sense. 18:15:00 hyakuhei: let me get you a link... 18:15:21 hyakuhei: http://lists.openstack.org/pipermail/openstack-docs/2014-February/003833.html 18:15:53 thanks :) 18:15:57 Here is the stackforge repo request - https://review.openstack.org/#/c/73157/ 18:16:15 I'm fine with it living inthe docs repo, and I'd just like to get this to move along so we can use git/gerrit. 18:16:43 So if nobody has problems with us using the docs repo, I'll sync up with annegentle and see how we can make it happen. 18:16:53 Yeah I'm fine with it in docs - I'll reach out to anne 18:16:54 nkinder: completely agree with you, anything we can do 18:17:21 great! 18:17:40 yeah, +1 for just moving ahead with the docs option... would be nice to get that put together 18:18:15 BTW https://bugs.launchpad.net/ossn/+bug/1227575 has a long history (no wonder I am familiar with it, was following it at one time). srirramhere has a handle on it, why is it not wrapped up yet? 18:18:19 ok, I'll take an action item to push that forward 18:18:53 annegentle: hi there! 18:18:59 malini1: yes, that's what I was mentioning. A OSSN draft was created, but it needs to have my feedback integrated. 18:19:09 So you're going to make this all work and we can get back to the pub annegentle ? 18:20:03 malini, there is an OSSN for that : /wiki.openstack.org/wiki/OSSN/1227575; nkinder had some review comments; I will incorporate and make it ready ti close 18:20:41 srirramhere: it's not complete/published, so it's not listed among the other OSSNs on the wiki 18:21:19 srirramhere: I would prefer that we don't add drafts to the wiki. Placing it on the wiki should be a part of the publishing process after it is written and reviewed. 18:21:47 agreed - hence i didn't add that to wiki 18:21:47 +1 18:22:03 it shouldn't be listed in wiki and last i checked, it is not 18:22:08 srirramhere: it was added, but I removed it from here some time back (https://wiki.openstack.org/wiki/Security_Notes) 18:22:09 the content is added, but not listed 18:22:43 ok - i you remember removing it, then i will follow the convention. Sorry for the inconvenience 18:23:24 srirramhere: no problem 18:23:34 thx 18:23:35 ok, sounds like we are sync'd on OSSN stuff 18:23:41 which is excellent 18:23:54 #topic Keystone Review 18:23:59 srirramhere: ping me today after you are done incorporating nkinder edits and lets wrap this one and have nkinder publish tomorrow 18:24:05 anyone here that can speak to this effort? 18:24:37 tomorrow we will hv another meeting 18:25:03 What time? 18:25:14 feedbacks r welcome 18:25:37 1700 gmt 18:25:58 Cool 18:26:08 Shohel02 Could you provide a quick status update for people that haven't been following it through the other meetings? 18:26:47 yes please 18:27:08 i can sent email later right nw i m using mobile to connect 18:27:41 sure, perhaps just a note to the openstack-security mailing list 18:27:52 I believe that there are several people that would like to stay abreast of that work 18:27:59 and you might even suck in some more people that could help 18:28:01 :- 18:28:01 yes certainly 18:28:03 :-) 18:28:10 #topic Open Discussion 18:28:18 anything else on people's minds? 18:28:35 Barbican! 18:28:49 I don't really have much to contribute other than more people should be contributing :P 18:28:51 did u all vote for the Private cloud security talk by Bdpayne? 18:29:05 We are driving a few interesting features at the moment, it might even be useful soon. 18:29:11 i did 18:29:41 thanks for the nod guys :-) 18:29:59 +! 18:30:11 +1 18:30:26 +1 18:31:01 ok, I guess we are out of time for today 18:31:05 have a great week 18:31:07 #endmeeting