17:01:37 <hyakuhei> #startmeeting OpenStack Security Group
17:01:38 <openstack> Meeting started Thu Nov 13 17:01:37 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:40 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:42 <openstack> The meeting name has been set to 'openstack_security_group'
17:02:13 <chair6> if it doubt, outlook is generally always wrong..
17:02:18 <hyakuhei> Soo. Anyone else expecting a meeting to start now ?
17:02:18 <chair6> s/it/in/
17:02:19 <hyakuhei> :)
17:02:30 <mvangund> yup
17:02:31 <hyakuhei> hey chair6 - ready for awesomeness?
17:02:34 <shohel02> y
17:02:38 <chair6> always
17:02:45 <hyakuhei> ok, roll call :)
17:03:11 <hyakuhei> I'm here!
17:03:15 <mvangund> me too
17:03:17 <chair6> present
17:03:37 <hyakuhei> Quiet meeting
17:03:40 <shohel02> me 2
17:03:49 <hyakuhei> What do you guys want to cover today?
17:04:10 <hyakuhei> Summit roundup from the VMT meeting
17:04:12 <hyakuhei> Metrics
17:04:17 <hyakuhei> Mailing List
17:04:31 <hyakuhei> Bandit/OSSN ?
17:05:09 <chair6> sounds good, nothing new here..
17:05:10 * mvangund is up for anything (first meeting)
17:05:29 <hyakuhei> welcome mvangund !
17:05:38 <dg__> hey people
17:05:46 <hyakuhei> ok well, I'll get started :)
17:06:09 <hyakuhei> The summit went well, there was a lot of informal meeting up
17:06:24 <hyakuhei> We didn't have the traditional OSSG lunch, everyone was just too busy
17:06:34 <hyakuhei> which is a good thing because security was everywhere at this summit
17:06:56 <hyakuhei> The summit videos are all up, security track was Monday and Wednesday
17:07:20 <tmcpeak> good stuff @hyakuhei
17:07:43 <hyakuhei> I presented on ephemeral PKI, shohel02 did awesome work on threat analysis, malini did trusted bare metal
17:07:57 <hyakuhei> nkinder had a great talk Wendesday morning
17:08:41 <shohel02> thats all good stuff ... one advantage of having a dedicated security track
17:08:41 <hyakuhei> We had a good VMT discussion
17:09:06 <hyakuhei> They mentioned metrics again for OSSA
17:09:21 <hyakuhei> and I suggested we apply DREAD as we're doing that in Threat Modelling
17:09:30 <hyakuhei> #link https://wiki.openstack.org/wiki/Security/OSSA-Metrics
17:09:48 <hyakuhei> Needs some tidying up and the calibration being performed, please feel free to dive in.
17:10:17 <chair6> +1 for using existing model rather than building another.. :)
17:10:53 <hyakuhei> So yeh, I drafted that wiki page and welcome any fixes
17:11:15 <hyakuhei> Next up I expressed my desire to see the OSSG be officially recognised as a supporting project in OpenStack
17:11:21 <hyakuhei> Like the docs group or others
17:11:35 <hyakuhei> which will mean we operate under the same charter and follow the same conventions.
17:11:42 <hyakuhei> That too was broadly accepted
17:11:43 <tmcpeak> any pushback?
17:11:59 <tmcpeak> sweet
17:12:00 <shohel02> +1
17:12:22 <hyakuhei> A big part of the reason it was accepted so readily is because of the hard work everyone here has done to add value during the last release
17:12:48 <chair6> nice .. is there a formal acceptance step?
17:13:05 <hyakuhei> I'm not sure, I'm discussing with people next week
17:13:21 <hyakuhei> As it may be different for 'supporting' projects
17:13:41 <hyakuhei> also they're changing the organisational structure, there might not even be 'projects' soon
17:13:53 <hyakuhei> So watch this space but it's a good step forward
17:14:43 <hyakuhei> Next up I'd like to discuss the mailing list
17:15:07 <shohel02> I just want to add one thing related to OSSA
17:15:10 <dg__> hyakuhei what will it look like without projects?
17:15:19 <hyakuhei> Teams under different umbrellas
17:15:23 <hyakuhei> shohel02: go ahead
17:15:30 <shohel02> there was a tiding up work going on related to OSSA... put them together
17:15:31 <shohel02> https://review.openstack.org/#/c/133202/
17:15:32 <hyakuhei> s/umbrellas/tents
17:16:27 <hyakuhei> Thanks for mentioning that shohel02 I didn't know about it.
17:16:58 <hyakuhei> Ok, so next up is the mailing list
17:17:07 <mvangund> related comment
17:17:11 <mvangund> (re OSSA)
17:17:34 <mvangund> Why aren't security advisories linked from http://www.openstack.org/projects/openstack-security/
17:18:09 <mvangund> maybe it's  a noob question... but if I go to openstack.org and click on security... I'd at least expect to find a link to current advisories
17:18:32 <shohel02> i think now thats the plan... to get all OSSA from a single place
17:18:44 <shohel02> currently there distributed through mailing list
17:18:51 <hyakuhei> Oh
17:19:01 <hyakuhei> OSSN and OSSA will be listed on security.openstack.org
17:19:06 <hyakuhei> That's going to be a thing soon :)
17:19:09 <mvangund> ok... I'll +1 that
17:19:14 <hyakuhei> :D
17:22:19 <hyakuhei> ok so mailing list
17:22:47 <hyakuhei> We want to continue improving visibility and bringing in more discussion
17:23:41 <hyakuhei> So the proposal is to move the OSSG discussions to the -dev mailing list
17:23:53 <tmcpeak> dev is noisy
17:24:02 <hyakuhei> We'll retain the openstack-security mailing list for our automated notifications
17:24:05 <hyakuhei> tmcpeak: it is
17:24:23 <hyakuhei> but if that's not a problem for _every_ other technical contributor it shouldn't be a problem for you
17:24:34 <tmcpeak> :)
17:24:47 <chair6> benefits to be had, for sure .. i guess we can get good at using an [OSSG] or similar label?
17:25:11 <hyakuhei> Automated notifications aside the mailing list is quiet
17:25:28 <hyakuhei> Yeah, we'll just tag everything with [OSSG]
17:25:34 <tmcpeak> fair enough
17:26:42 <shohel02> Does it mean no one is able to send email to ossg mailing list ?
17:26:51 <hyakuhei> So this is a proposal, I'd put it on the mailing list but noone reads it ;)
17:27:03 <hyakuhei> shohel02: yeah it'll be read only for everyone but our tooling
17:27:16 <hyakuhei> So it'll still get SecImpact notifications for example
17:27:43 <hyakuhei> It will improve discussion and visibility I think
17:28:21 <hyakuhei> Any other thoughts on that?
17:29:00 <hyakuhei> nope, ok great.
17:29:07 <hyakuhei> So I'll open it for other business
17:29:12 <hyakuhei> #topic any other business
17:29:48 <hyakuhei> Tim's OSSN is looking good https://review.openstack.org/#/c/128636/
17:30:26 <hyakuhei> welcome to the party tkelsey !
17:30:37 <tkelsey> Sorry im late
17:30:40 <hyakuhei> I think we are close to a wrap here :)
17:30:43 <tkelsey> Silly outlook
17:30:48 <hyakuhei> Yeah I know
17:30:52 <hyakuhei> Anyway, anyone?
17:30:59 <hyakuhei> tmcpeak: chair6 - bandit progress?
17:31:29 <tmcpeak> it's been quiet for a while
17:31:35 <tmcpeak> tkelsey is working on unit testing
17:31:46 <tmcpeak> we'll probably hit it hard again pretty soon
17:32:00 <tmcpeak> we have some features planned, just need some cycles
17:32:07 <tkelsey> Yeah  im trying  to find time for more bandit stuff
17:32:27 <barthalion> seems like outlook is destroying today meetings
17:32:59 <hyakuhei> +1 barthalion
17:33:00 <dg__> action: rob - fix outlook?
17:33:15 <hyakuhei> lol
17:33:17 <tkelsey> Lol please do
17:33:23 <hyakuhei> ok. Anything else to cover guys?
17:33:28 <shohel02> dg__ tell microsoft
17:33:59 <hyakuhei> ok well lets wrap :)
17:34:13 <hyakuhei> #endmeeting