17:00:58 <hyakuhei> #startmeeting openstack security group
17:00:59 <openstack> Meeting started Thu Oct  2 17:00:58 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:01 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:03 <openstack> The meeting name has been set to 'openstack_security_group'
17:01:08 <hyakuhei> We'll just let people filter in for a minute or two
17:01:14 <chair6> howdy
17:01:15 <nkinder> Hi all
17:01:19 <shohel02> hi
17:01:21 <bknudson> hi
17:01:23 <hyakuhei> Good morning chaps!
17:01:27 <tkelsey> hello all
17:01:31 <sicarie> hello
17:01:34 <hyakuhei> Evening tkelsey :)
17:02:07 <tkelsey> hyakuhei: evening
17:02:35 <hyakuhei> Ok great, we've probably got enough people to start building an agenda :)
17:02:48 <hyakuhei> * Things that need reviews
17:02:53 <hyakuhei> * Elections
17:03:00 <hyakuhei> * Threat Analysis
17:03:06 <hyakuhei> Others ?
17:04:03 <nkinder> that's probably a good start (lots of things fall into "things that need reviews")
17:04:15 <hyakuhei> Ok cool, lets start there.
17:04:24 <hyakuhei> #topic things that need review
17:04:35 <hyakuhei> nkinder: any outstanding OSSNs ?
17:04:48 <sicarie> 25 - https://review.openstack.org/#/c/117928/
17:04:49 <nkinder> OSSN-0028 is really close - https://review.openstack.org/#/c/124213/1
17:05:00 <nkinder> and 25 is the only other one out for review AFAIK
17:05:22 <nkinder> hyakuhei: 28 just had the "hypervisor host" -> "compute host" title change you mentioned
17:05:27 <hyakuhei> Great, can a few people take actions to reivew ?
17:05:31 <nkinder> hyakuhei: I think it's good to go otherwise
17:05:35 <hyakuhei> nkinder: I know thanks, it's got +2 from me :)
17:05:44 <tkelsey> +1 from me
17:05:51 <nkinder> I'll take a review of the latest version of 25 today
17:06:17 <nkinder> There are some other ones in the backlog that need to be picked up
17:07:02 <nkinder> There is also this, which is totally awesome - https://review.openstack.org/118139
17:07:09 <nkinder> gate tests for OSSNs
17:07:21 <tkelsey> ooo
17:07:29 <hyakuhei> That _IS_ exciting!
17:07:31 <nkinder> yeah, it will catch some of the stupid stuff
17:07:37 <sicarie> +1
17:08:03 <hyakuhei> Very nice, thanks nkinder
17:08:13 <nkinder> hyakuhei: if you're able to provide one more +2 there, I think we can get it approved
17:08:16 <tkelsey> awesome
17:08:26 <hyakuhei> Will review before I finish work today nkinder
17:08:36 <nkinder> great, thanks hyakuhei
17:08:51 <hyakuhei> As already said, 25 needs a review #link https://review.openstack.org/#/c/117928/ volunteers?
17:08:52 <nkinder> I know there are some bandit changes out for review
17:08:57 <nkinder> hyakuhei: I'll review it
17:09:10 <rlpple> let me look at 25
17:09:20 <tkelsey> yeah, I did a bit of work on bandit, ill find links
17:09:50 <nkinder> tkelsey: I've skimmed over them, but need to take more time to play with the changes to feel comfortable voting on them
17:10:20 <tkelsey> bandit link 1: https://review.openstack.org/#/c/124039/ link 2: https://review.openstack.org/#/c/124058/
17:10:25 <tkelsey> ah thanks nkinder
17:10:53 <tkelsey> those updates should be much cleaner than the last version tbh
17:10:59 <chair6> i'll take a look at them too
17:11:13 <tkelsey> cool thanks chair6
17:12:01 <hyakuhei> Any other things here that people want reviewing?
17:12:18 <hyakuhei> I reviewed the Threat Modelling docs from shohel02, did you want more reviews?
17:12:27 <shohel02> definately
17:12:36 <hyakuhei> #link https://review.openstack.org/#/c/121034/
17:12:39 <shohel02> uploaded a new patch
17:12:49 <shohel02> based on reviews from anne and you
17:13:53 <shohel02> should we include some people other than security folks... what they think ..
17:14:00 <nkinder> shohel02: I'll review it in the next few days
17:14:00 <shohel02> is it a workable approach
17:14:23 <hyakuhei> ok cool, I think it is but it remains very resource intensive.
17:15:12 <shohel02> hmm.. currently i am doing historical security bugs published in Launchpad
17:15:45 <shohel02> and try to find a correaltion for future possiblities
17:16:19 <shohel02> but thats a side trac
17:16:32 <nkinder> shohel02: OSSA bugs, or anything with SecurityImpact?
17:16:42 <shohel02> anything with security impact
17:17:02 <nkinder> that's a big list :)
17:17:14 <shohel02> yes... i am searching with security tag
17:17:42 <shohel02> but i see other bugs which has not mention security tag... some times has security impact
17:17:55 <nkinder> shohel02: yes, it's not used consistently
17:19:16 <hyakuhei> Coverage could certainly be better that's for sure.
17:19:19 <tkelsey> shohel02: how are you searching for SecurityImpact?
17:19:29 <shohel02> launchpad tag
17:19:36 <tkelsey> ah ok
17:21:26 <hyakuhei> Ok, anything else need/want reviewing?
17:22:11 <hyakuhei> I've put something in the 'other projects' summit proposals for OSSG
17:22:14 <hyakuhei> https://etherpad.openstack.org/p/kilo-other-projects
17:22:24 <hyakuhei> Bandit could well be there
17:22:36 <hyakuhei> or possibly in 'Cross-project' workshops
17:22:52 <hyakuhei> https://etherpad.openstack.org/p/kilo-crossproject-summit-topics
17:24:05 <bknudson> design summit discussions are most successful when there's a problem to discuss and get agreement on
17:24:19 <bknudson> so one example I would give is -- how do we want to handle bandit?
17:24:34 <hyakuhei> Makes sense.
17:24:49 <bknudson> you've got the other projects there so you can get some buy in as to whether they want to submit to failing gate because of bandit checks
17:25:05 <nkinder> Yes, I'd like to take the "goals" approach we talked about on the keystone meeting this week
17:25:34 <nkinder> So it might be good to cover security gate testing in general, with a few goals...
17:25:55 <nkinder> 1) static analysis checking in the gate with bandit
17:26:06 <hyakuhei> Makes sense, chair6 - nkinder want me to look into that or would you like to throw something on the wiki?
17:26:07 <nkinder> 2) ssl gate testing
17:26:15 <nkinder> hyakuhei: I can update it
17:26:27 <hyakuhei> Cool
17:26:51 <nkinder> someone on my team is working on proposing ssl gate testing now that the support for it merged in devstack
17:27:05 <nkinder> we could combine those two items into a single session I think
17:28:17 <hyakuhei> That sounds good
17:28:36 <hyakuhei> Great, next topic then ?
17:29:38 <hyakuhei> #topic Elections
17:30:08 <hyakuhei> #link https://wiki.openstack.org/wiki/Security/OSSG_Lead_Election_Fall_2014
17:30:40 <hyakuhei> ^ We're going to have elections, to do that we need an election official - someone who isn't going to run for leadership
17:31:14 <hyakuhei> I've decided to open the candidacy today so we've got reasonable time to get everything done
17:31:54 <hyakuhei> Any volunteers to be officials ? Basically you check that when people announce for candidacy they meet the requirements and everything is above board
17:31:55 <tkelsey> hyakuhei: maybe worth giving info on whats involved with being an official
17:32:00 <hyakuhei> ^
17:32:11 <rlpple> Please.
17:32:38 <hyakuhei> One official will be responsible for administering the vote, bdpayne did it last time
17:33:09 <hyakuhei> We don't have to get volunteers here, it can go out to email
17:33:33 <hyakuhei> I'll add some content to the wiki page re: the roles of officials
17:34:29 <hyakuhei> So everyone have a think about if you'd like to take a shot at leading the group, think about what you'd focus on, how you'd shape the community etc and when ready announce your candidacy as described on the wiki :)
17:34:44 <nkinder> hyakuhei: we basically need at least one official soon, as candidates might start announcing their intent to run
17:34:53 <hyakuhei> An official will reply-all confirming your eligability or contact you directly to work out any issues
17:35:28 <hyakuhei> nkinder: Yes, but as the vote isn't for two weeks we can accept some latency between candidacy emails and confirmation
17:35:59 <hyakuhei> Though it's unlikely that anyone not meeting the candicy rules would just pop in and nominate themselves anyway
17:37:54 <hyakuhei> ok, so I guess that covers it for now, I'll reach out to bdpayne who invented the process and ask him if there's anything else he'd like to see from officials before I send around an email covering the detail.
17:38:57 <hyakuhei> Great. shohel02 was there anything else to run through regarding Threat Modelling today?
17:39:15 <shohel02> No
17:39:33 <shohel02> i think we covered most important aspects
17:39:57 <hyakuhei> ok great
17:40:03 <hyakuhei> #topic any other business
17:40:13 <hyakuhei> As above guy, anything else you'd like to talk about or discuss?
17:40:37 <nkinder> Nothing more from me today
17:41:06 <hyakuhei> ok well I guess we can wrap early then :)
17:41:24 <hyakuhei> Have a good week guys, I'll email around re: Elections soon.
17:41:26 <shohel02> :)
17:41:30 <tkelsey> efficient meeting :)
17:41:30 <nkinder> thanks!
17:41:34 <bknudson> we all going to the summit?
17:41:38 <bknudson> I'll be attending
17:41:40 <nkinder> I;ll be there
17:41:47 <hyakuhei> Of course :)
17:41:49 <shohel02> y
17:42:05 <hyakuhei> It'd be my pleasure to take you guys out for food again.
17:42:23 <hyakuhei> Not sure the food in paris will be up to the quality of atlanta but we can try...
17:42:34 <hyakuhei> oh hai bdpayne
17:42:40 <nkinder> we should try to set up a lunch to get everyone together for some "off" time
17:42:41 <bknudson> I'm worried about the uncooked hamburgers...
17:42:49 <hyakuhei> nkinder: definitely
17:42:59 <hyakuhei> bknudson: you mean uncremated - you'll be fine :)
17:43:22 <hyakuhei> I was hoping bdpayne had swooped in to tell us all about being an election officila but alas, he's afk
17:43:38 <bdpayne> hey guys
17:43:40 <bdpayne> am I late? ;-)
17:43:44 <bdpayne> ?
17:43:47 <rlpple> right on time
17:43:51 * bdpayne must have missed something
17:43:52 <rlpple> congratulations
17:44:05 <hyakuhei> whooop
17:44:50 <hyakuhei> So I was just asking about potential election officials re: https://wiki.openstack.org/wiki/Security/OSSG_Lead_Election_Fall_2014 bdpayne
17:45:17 <bdpayne> ahh
17:45:27 <bdpayne> I'm happy to do that
17:45:37 <hyakuhei> Well that sorted itself out nicely :)
17:45:49 <bdpayne> I'd also be happy to have a deputy :-)
17:45:57 <hyakuhei> Do you think you could put one-two sentances on the wiki page regarding the role and responsibilities?
17:46:03 <bdpayne> sure
17:46:07 <hyakuhei> ty :D
17:46:21 <bdpayne> wait
17:46:28 <bdpayne> role and resp for the OSSG lead or ?
17:46:37 <hyakuhei> No just for the election officials
17:46:41 <bdpayne> ah, ok
17:46:42 <bdpayne> sure
17:47:01 <hyakuhei> Awesome thanks!
17:47:19 <hyakuhei> We were just about to wrap when you joined bdpayne - is there anything you'd like to cover?
17:47:24 <shohel02> bdpayne: i can volunteer as a deputy
17:47:48 <bdpayne> shohel02 ok thanks, I'll be in touch
17:47:54 <bdpayne> I don't have anything to cover
17:48:02 <bdpayne> carry on :-)
17:48:15 <hyakuhei> cool, well then I guess that's a wrap - thanks all!
17:48:24 <tkelsey> thanks everyone
17:48:31 <hyakuhei> #endmeeting