17:04:17 <hyakuhei> #startmeeting openstack security group
17:04:18 <openstack> Meeting started Thu Oct 30 17:04:17 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:04:20 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:04:22 <hyakuhei> Stupid DST
17:04:23 <openstack> The meeting name has been set to 'openstack_security_group'
17:04:26 <hyakuhei> or lack thereof
17:04:27 <bknudson> hi
17:04:35 <nkinder> hyakuhei: was wondering about the time change... :)
17:04:39 <hyakuhei> roll call :)
17:04:47 <bdpayne> o/
17:04:49 <nkinder> o/
17:04:50 <tmcpeak2> hi!
17:04:59 <elmiko> o/
17:05:44 <hyakuhei> Ok, I expect this to be a short meeting, lets get started. Agenda ?
17:06:10 <hyakuhei> Summit
17:06:15 <hyakuhei> OSSN update
17:06:18 <hyakuhei> what else ?
17:06:30 <tmcpeak2> tkelsey might have a Bandit update
17:06:42 <elmiko> i have a small question or two about preparing for audit
17:06:44 <tmcpeak2> except he isn't here
17:06:53 <tmcpeak2> so maybe I'll update on what he is working on
17:07:35 <hyakuhei> heh. dg__ and tkelsey joining
17:08:08 <tkelsey> hey all, sorry i'm late
17:08:13 <nkinder> hey tkelsey
17:08:14 <hyakuhei> Ok, so summit, we are going to grab some space on Tuesday and basically unconference it. Relying heavily on etherpads for just about everything.
17:08:31 <nkinder> hyakuhei: any idea on what time?
17:08:38 <hyakuhei> I'll see what we can do lunch wise after I've scoped out the local food at the conference location
17:08:45 <bdpayne> should we put a little more structure into our etherpad?
17:08:47 <bdpayne> perhaps have some time slots people can sign up for?
17:09:16 <hyakuhei> Seems like an idea. I was thinking there might be some value in having short sessions
17:09:46 <hyakuhei> Also I like the idea of just having discussion topics and we'll manage time so it fits between other things
17:10:02 <hyakuhei> Physical location etc we won't know until we get there.
17:10:06 <nkinder> I think I'm leading a cross-project design session on Tuesday afternoon, so that's why I'd like to know what time slots we plan on for OSSG stuff
17:10:25 <elmiko> hyakuhei: are there official events in the sched for OSSG sessions?
17:10:31 <hyakuhei> It's all pretty loose atm
17:10:39 <hyakuhei> We are sharing the VMT design session
17:10:50 <nkinder> elmiko: no, nothing official other than the VMT session
17:11:00 <hyakuhei> not for lack of trying
17:11:31 <hyakuhei> Ok. So nkinder or someone else, I need someone to do some of the heavy lifting around our informal track
17:11:39 <hyakuhei> as I'm massively over-committed already this week
17:11:45 <bdpayne> so perhaps we can use the etherpad to highlight when security sessions are happening
17:11:46 <elmiko> i'm not sure i have anything specific to contribute, but i am curious to learn more about OSSG process
17:11:47 <bdpayne> like the security track in the conference
17:11:49 <bdpayne> and the vmt track
17:11:50 <hyakuhei> informal and etherpad based is fine
17:11:52 <nkinder> hyakuhei: same here.  I'm flying first thing tomorrow morning
17:11:58 <hyakuhei> Yeah figures.
17:12:12 <hyakuhei> TBH I'm happy with unconferencing in the morning and see how we go
17:12:17 <bdpayne> I think many of us will be split in many directions... so having some specific times for the OSSG meetup sessions would be useful
17:12:20 <hyakuhei> The important thing is we get conversations going
17:12:29 <bdpayne> Tuesday morning?
17:12:38 <hyakuhei> bdpayne: No objection to that, tuesday morning makes good sense
17:12:44 <hyakuhei> I think :)
17:12:50 <bdpayne> I was just wondering which morning you were talking about above
17:12:59 <nkinder> bdpayne: what time?  I have a 10am obligation on Tuesday
17:13:23 <nkinder> tuesday right after lunch is good for me (until about 3 when some of the barbican sessions start)
17:13:37 <nkinder> others from OSSG might be involved in those too
17:13:46 <nkinder> ...the joys of scheduling
17:13:47 <bdpayne> so... let's pencil in some stuff on the etherpad Re time contraints / other stuff of interest to the group
17:13:51 <bdpayne> and then we can find a time that works
17:14:05 <bdpayne> we'll just need to keep checking the etherpad for the latest info
17:14:13 <nkinder> anyone have a link handy to the etherpad?
17:14:17 <bdpayne> I can drop some suggestions in there later today
17:14:18 <hyakuhei> So We were looking at lunch on Tuesday, having space to follow on into might make sense
17:14:20 <bdpayne> https://etherpad.openstack.org/p/ossg-kilo-summit
17:14:43 <nkinder> bdpayne: thanks
17:16:43 <hyakuhei> ok shall we move on?
17:17:17 <bdpayne> sure
17:17:33 <hyakuhei> #topic OSSN
17:17:47 <hyakuhei> So the one DG had has been reassigned to sweston
17:17:51 <hyakuhei> Who wrote the patch :)
17:18:00 <tmcpeak2> ahh sweet
17:18:21 <nkinder> Yeah, thanks sweston
17:18:31 <tkelsey> anyone know why the gate exploded on this OSSN? #link https://review.openstack.org/#/c/128636/
17:18:39 <nkinder> I take it dg doesn't mind...
17:18:42 <nkinder> tkelsey: checking
17:18:46 <tkelsey> nkinder: thanks
17:19:53 <hyakuhei> nkinder: yeah dg is cool
17:19:54 <nkinder> tkelsey: looks like a sporadic failure pulling the change down from git
17:20:08 <tkelsey> yeah ok, I'll do a recheck
17:20:11 <tkelsey> thanks nkinder
17:20:31 <nkinder> tkelsey: I just kicked it with a recheck
17:21:08 <nkinder> tkelsey: ...and I'll re-review it.
17:21:20 <nkinder> tkelsey: you're still looking into the VMware driver part of it?
17:21:27 <tkelsey> awesome, thanks. yup
17:21:39 <hyakuhei> Sweet. Anything else?
17:21:42 <nkinder> ok, cool.  It looked pretty good, but that was the one confusing area.
17:21:57 <nkinder> OSSNs are quiet otherwise.  Still a few in the queue that can be picked up.
17:22:40 <hyakuhei> Coolio. Don't imagine that'll change over the next 10 days or so :P
17:22:56 <hyakuhei> ok. cool. other business?
17:23:05 <hyakuhei> #topic Any Other Business
17:23:26 <tkelsey> bandit?
17:23:47 <tkelsey> we have working gate tests on bandit now :)
17:24:00 <hyakuhei> wootles. Can you say more about it?
17:24:21 <bdpayne> which projects at using bandit for the gate?
17:24:27 <bdpayne> s/at/are/
17:24:35 <nkinder> none AFAIK
17:24:41 <tkelsey> these are tests for bandit itself, not using bandit
17:24:55 <tkelsey> the gate runs PEP8 tests and some 35 functional tests
17:25:03 <nkinder> tkelsey: cool
17:25:15 <bdpayne> ah, I misread
17:25:20 <bdpayne> still nice progress though
17:25:27 <tkelsey> bdpayne: yeah its confusing when talking about bandit :)
17:26:00 <tkelsey> I'll be adding more stuff as time goes by, but its nice to have working CI now :)
17:26:20 <tmcpeak2> tkelsey: has been making some steady progress towards getting Bandit legit
17:27:06 <tkelsey> well we need to get it into the global requirements list eventually, so other projects can pick it up for running as a gate test
17:28:24 <tkelsey> so thats all I have on the subject, anyone interested should check out the code :) tmcpeak2 anything to add?
17:28:52 <tmcpeak2> nope
17:29:46 <hyakuhei> cool
17:29:51 <hyakuhei> Anyone else ?
17:29:52 <bdpayne> one more thing
17:30:01 <bdpayne> I'm filling in some schedule details for next week
17:30:17 <bdpayne> looks like Wed afternoon may be a good time for some additional OSSG unconference stuff
17:30:30 <bdpayne> since we'll have limited time before the barbican sessions on Tuesday
17:30:38 <hyakuhei> Good point that'd be nice
17:30:47 <bdpayne> so I'd encourage people to pencil that in now
17:30:48 <hyakuhei> I'm going to be doing lots of Barbican stuff this week
17:31:24 <nkinder> bdpayne: there are some keystone/horizon sessions starting at 3:30pm on wednesday that I want to be involved in, but before that is good for me
17:31:46 <nkinder> Trying to figure out how to support stronger auth methods in the dashboard
17:31:47 <bdpayne> yeah
17:31:49 <bdpayne> there will be conflict all week, I'm afraid
17:31:54 <hyakuhei> Yeah
17:32:05 <bdpayne> nkinder 2fa?
17:32:27 <nkinder> bdpayne: well, making it generally extensible (SAML, kerberos, etc.)
17:32:34 <bdpayne> ahh, ok
17:32:43 <nkinder> bdpayne: 2fa can be pretty easily done as is actually (for HOTP, etc.)
17:33:17 <bdpayne> in some ways, yeah
17:33:18 <nkinder> bdpayne: ...depending what you plug in behind Keystone for LDAP.  Some solutions like FreeIPA have native OTP now.
17:33:30 <bdpayne> u2f support might need some work
17:33:47 <bdpayne> I don't think the current 2fa stuff is very plugable
17:34:00 <bdpayne> and then there's getting the UX right
17:34:05 <bdpayne> alas... perhaps we are off topic now
17:34:15 <bdpayne> ;-)
17:34:42 <hyakuhei> lol.
17:35:05 <hyakuhei> I'm really looking forward to the summit this year, going to be great to see everyone and hopefully a few new faces too
17:35:17 <bdpayne> indeed!
17:35:24 <elmiko> =D
17:35:36 <nkinder> +1.  Getting excited now
17:35:59 <tkelsey> +1
17:36:04 <tkelsey> my first summit heh
17:36:13 <hyakuhei> cool.
17:36:30 <hyakuhei> Ok I suppose we should all get back to packing/panicing etc :)
17:36:38 <tkelsey> lol
17:36:38 <hyakuhei> See you guys next week!
17:36:40 <elmiko> i've got a couple small q's
17:36:48 <hyakuhei> go ahead elmiko
17:36:51 <nkinder> elmiko: yeah, you wanted to ask about auditing?
17:37:18 <elmiko> yea, i looked over the juno template for audit. when the kilo is ready, should we staart filling out as many details as possible for sahara?
17:37:40 <nkinder> elmiko: you can start filling it out anytime
17:37:44 <elmiko> cool
17:37:49 <nkinder> elmiko: it's sort of a living document
17:37:55 <bdpayne> audit... are we talking about a crypto audit or ??
17:38:06 <nkinder> bdpayne: the security info pages I started last cycle
17:38:15 <nkinder> bdpayne: so crypto, sensitive data handling, etc.
17:38:19 <nkinder> sort of a catch all
17:38:26 <bdpayne> gotcha
17:38:49 <elmiko> as for high-level threat analysis, is there a starting point i could get familiar with?
17:39:19 <nkinder> elmiko: there are some docs that go over that process that shohel created
17:39:50 <elmiko> ok, cool.
17:39:56 <nkinder> elmiko: I think this is the latest that he is trying to get merged - https://review.openstack.org/#/c/121034/
17:40:13 <elmiko> awesome
17:41:04 <elmiko> finally, i posted to the ML looking for some feedback on our session topics. didn't get any bites, but i have the summit version up and i'm still hungry for any feedback people have. https://etherpad.openstack.org/p/kilo-summit-sahara-integration-security
17:42:15 <elmiko> i realize there's some sahara specific plugin stuff on there, but i'm still learning where our vulnerability points are with respect to openstack. so really, any advice will be useful.
17:42:50 <bdpayne> this looks nice at a quick glance
17:42:53 <bdpayne> perhaps SSL usage should be TLS usage in this post-POODLE world ;-)
17:43:00 <hyakuhei> :)
17:43:09 <elmiko> bdpayne: thanks, good point!
17:43:27 <bknudson> we can finally get stop using SSL/TLS everywhere.
17:43:32 <hyakuhei> lol
17:43:50 <elmiko> although i just added SSL/TLS to the doc... /facepalm
17:44:01 <nkinder> that's going to be a tough acronym to kill :)
17:44:05 <elmiko> yea
17:44:05 <bdpayne> indeed
17:44:34 <elmiko> thanks again for the help folks, i look forward to meeting up at summit =)
17:45:03 <bdpayne> Rendez-vous à Paris!
17:45:13 <elmiko> oui oui!
17:45:16 <hyakuhei> TY all!
17:45:26 <hyakuhei> #endmeeting