17:03:12 <hyakuhei> #startmeeting openstack security group
17:03:12 <openstack> Meeting started Thu Jan 22 17:03:12 2015 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:03:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:03:13 <bknudson> hi
17:03:15 <sicarie> hello!
17:03:15 <openstack> The meeting name has been set to 'openstack_security_group'
17:03:24 <hyakuhei> Yay, topic changed this time too
17:03:30 <tkelsey> :)
17:03:35 <elmiko> nice
17:03:42 <ljfisher> made it finally :)
17:03:51 <tmcpeak> wassup ljfisher
17:04:12 <hyakuhei> ljfisher: yo!
17:04:20 <hyakuhei> so rollcall I guess, any other lurkers?
17:04:34 <tkelsey> o/
17:04:41 <ukbelch> o/
17:04:43 <elmiko> o/
17:04:53 <shohel02> o/
17:04:56 <sarnold007> o/
17:04:57 <tmcpeak> \o\
17:05:03 <bpb_> o/
17:05:04 <ljfisher> o/
17:05:12 <sicarie> o/
17:05:12 <hyakuhei> woot!
17:05:32 <hyakuhei> So I can’t believe how quickly a week has gone by, agenda items?
17:05:39 <redrobot> o/
17:05:50 <tmcpeak> bandit update
17:05:56 <ukbelch> etherpad link
17:06:05 <elmiko> data processing sec guide update
17:06:12 <hyakuhei> hey redrobot !
17:06:22 <hyakuhei> Ok lets crack on then :)
17:06:25 <hyakuhei> #topic Bandit
17:06:33 <tkelsey> maybe Barbican MKEK spec could be interesting to a few?
17:06:50 <tmcpeak> ok, so I'm still looking into the requirement checking gate job
17:07:01 <hyakuhei> tkelsey: +1
17:07:02 <tmcpeak> it's unclear whether the "python-jobs" gate we already have in place is what they are looking for
17:07:12 <tmcpeak> most in openstack-infra are away this week
17:07:13 <tkelsey> yeah tmcpeak, I noticed that was not behaving :(
17:07:20 <redrobot> hyakuhei heya!
17:07:29 <tmcpeak> anyway, once that's done we can push to requirements, which I double checked, we will need to use in gates
17:07:32 <hyakuhei> bknudson might be able to help? He seems to know most things about most things
17:07:47 <tmcpeak> tkelsey: yeah, I'm not sure if it's good enough for what they want
17:07:55 <bknudson> you will need help from -infra
17:08:02 <bknudson> when they're around they seem to get things done quickly
17:08:15 <tmcpeak> yep, I reached out to them last week and had some discussion around it, just have a few more things to clear up
17:08:22 <tmcpeak> I'm going to keep working that this week
17:08:31 <tkelsey> yeah infra are cool :) good luck tmcpeak
17:08:41 <tmcpeak> cool
17:08:45 <hyakuhei> Is there anything we can do to help or any other areas where Bandit needs work?
17:08:54 <tmcpeak> we were going to write up that spec
17:09:04 <tmcpeak> I think sarnold was looking at that
17:09:06 <sarnold007> i am working on the spec now
17:09:10 <tmcpeak> cool
17:09:25 <tmcpeak> on a side note, I went to OWASP bay area last night
17:09:27 * nkinder arrives late
17:09:28 <sarnold007> got a bit sidetracked with some other stuff that came down the pike this week
17:09:45 <bknudson> does owasp still put out a top 10?
17:09:46 <tmcpeak> chatted with one of the sec guys from Netflix, who also was the one to file the first Bandit bug
17:09:49 <tmcpeak> cool guy
17:10:10 <tmcpeak> bknudson: I think so… they also have local chapter meetups which are fun.  Good place to drink beer and chat security
17:10:13 <bknudson> here's 2013: https://www.owasp.org/index.php/Top_10_2013-Top_10
17:10:27 <bknudson> it's always the same problems.
17:10:36 <hyakuhei> shocking really
17:10:44 <hyakuhei> ok cool, any more on Bandit?
17:10:49 <tmcpeak> nope, that's it for this week
17:10:52 <ljfisher> so I got two additions to the blacklist for yaml.load and urlopen.  Got through the whole contrib process.
17:10:53 <hyakuhei> Sweet
17:10:54 <tmcpeak> hopefully progress by next week
17:10:57 <tmcpeak> oh yeah
17:10:59 <tmcpeak> ljfisher
17:11:01 <hyakuhei> nice ljfisher
17:11:15 <ljfisher> Working on fully qualified names in shape for review.
17:11:20 <ljfisher> needs some tests still
17:11:27 <hyakuhei> ok, I’m pretty sure that my kitchen is on fire. Here’s tkelsey to talk to you about MKEKs :)
17:11:35 <hyakuhei> #topic Barbican KMIP/MKEK
17:11:45 <tkelsey> right lol
17:12:17 <tkelsey> so i pushed this spec #link https://review.openstack.org/#/c/148948/
17:12:54 <tmcpeak> oh cool, will check it out
17:12:59 <tkelsey> it details a proposed system for storing encryption keys in the local Barbican database, and so avoiding any scaling problems from HSM storage restrictions
17:13:10 <bpb_> will look also
17:13:25 <tkelsey> awesomem thanks bpb_ tmcpeak :)
17:13:42 <hyakuhei> Nice work tkelsey
17:13:56 <hyakuhei> I’m hoping to actually get some code written for that :)
17:14:04 <hyakuhei> Also turns out you can have smoke without fire...
17:14:17 <tkelsey> lol, glad your not on fire hyakuhei :P
17:14:26 <elmiko> +1
17:14:51 <hyakuhei> #topic Data Processing in Sec Guide
17:14:52 <tkelsey> yeah, so hyakuhei and myself will be working through the code for an MKEK plugin once the speck lands :)
17:15:00 <hyakuhei> elmiko ?
17:15:02 <elmiko> #link https://etherpad.openstack.org/p/sahara-security-guide-notes
17:15:05 <elmiko> cool, thanks
17:15:14 <elmiko> so that pad has the current work i've been putting together
17:15:19 <elmiko> always looking for more input =)
17:15:31 * tkelsey looks
17:15:35 <hyakuhei> That’s a decent amount of content :)
17:15:35 <elmiko> also we have come across a few questions in terms of the boundaries we have for the chapter
17:15:48 <elmiko> i'm giving it my best =)
17:15:49 <hyakuhei> Anyone want to take an action to review?
17:16:00 <sicarie> o/
17:16:10 <elmiko> sicarie: thanks!
17:16:19 <tmcpeak> I'll review
17:16:25 <sicarie> np - already have been glancing through it :)
17:16:33 <elmiko> tmcpeak: cool
17:16:43 <elmiko> 2 big questions are coming up from the sahara team though
17:17:08 <elmiko> 1. compliance, how does this affect data processing, also what does compliance mean with respect the project?
17:17:26 <hyakuhei> Many ways, depends which standard you’re looking at though
17:17:36 <elmiko> 2. boundaries, because data processing includes things like hadoop, we are having trouble deciding where to draw the line about suggesting advice
17:17:41 <hyakuhei> Compliance regs in general are horrible to apply to multi-tenant systems
17:18:00 <elmiko> bdpayne had brought up this question on the pad, maybe i need to ping him directly
17:18:07 <hyakuhei> 2 is potetially easier, though might be something better to white-board at the summit
17:18:19 <elmiko> yea, we are kinda scratching our heads about compliance
17:18:41 <elmiko> i'm hoping to get a version of this chapter in for kilo
17:19:11 <elmiko> it's just difficult to draw the line for how much advice we can give an operator who is installing data processing and wants to secure the hadoop side of things.
17:19:17 <hyakuhei> ok
17:19:29 <hyakuhei> elmiko: maybe we can setup a google hangout or something for next week?
17:19:31 <tmcpeak> elmiko: how should I review this?
17:19:35 <hyakuhei> Anyone else interested in helping out?
17:19:39 <tmcpeak> just add comments on the right?
17:19:40 <elmiko> hyakuhei: sounds good
17:19:43 <shohel02> elmiko: can you elaborate on compliance ... against any specific one
17:19:51 <elmiko> tmcpeak: yea, inline comments are welcome
17:19:55 <tmcpeak> ok cool
17:20:16 <elmiko> shohel02: it was something that bdpayne mentioned on the pad but didn't get further than just mentioning compliance
17:20:18 <dg_> hyakuhei im interested for next week
17:20:25 <elmiko> shohel02: i think i need to ask him a few more questions
17:20:42 <shohel02> sure.
17:20:45 <hyakuhei> ok, elmiko can you send a mail to the OSSG list after this meeting and we’ll see if we can find a time that works?
17:20:57 <elmiko> hyakuhei: awesome, will do
17:21:15 <hyakuhei> Ok, we’ve blasted through the agenda :)
17:21:22 <hyakuhei> #topic any other business
17:21:23 <sicarie> mid-cycle?
17:21:36 <hyakuhei> #link https://etherpad.openstack.org/p/ossg-kilo-meetup
17:21:45 <hyakuhei> Most the info should be there
17:21:51 <hyakuhei> Everyone got their travel sorted?
17:22:24 <ljfisher> just ahve to find a place to stay
17:23:28 <tmcpeak> sorted
17:23:37 <bknudson> is there still room for attendees?
17:23:45 <tmcpeak> bknudson: for sure!
17:23:49 <tmcpeak> you coming?
17:23:58 <bknudson> I'll ask and see if I can get approval.
17:24:14 <tmcpeak> awesome
17:24:34 <bknudson> might be easier with an agenda posted.
17:24:38 <tmcpeak> looks like we have a good selection of things we want to work on, but in case anybody else has ideas or hasn't indicated interest yet, please do so
17:24:41 <hyakuhei> It would be great if you could come
17:25:55 <hyakuhei> Any more for any more ?
17:26:04 <ukbelch> I see someone updated me on the pad. Thanks.
17:26:11 <tmcpeak> o/
17:26:37 <ukbelch> looking forward to meeting everyone in person :)
17:26:42 <ukbelch> (my team included heh)
17:26:51 <tkelsey> ukbelch: +1
17:26:52 <hyakuhei> Sweet
17:28:21 <hyakuhei> #endmeeting