#openstack-meeting-alt log

17:00:26 <hyakuhei> #startmeeting openstack security group
17:00:27 <openstack> Meeting started Thu Feb 26 17:00:26 2015 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:31 <openstack> The meeting name has been set to 'openstack_security_group'
17:00:52 <hyakuhei> Good morning/evening/whatever everybody!
17:00:54 <sigmavirus24> o/ hyakuhei
17:00:58 <elmiko> yo/
17:00:59 <tmcpeak> o/
17:01:03 <singlethink> o/
17:01:05 <sicarie> o/
17:01:07 <ljfisher> o/
17:01:12 <bpb_> o/
17:01:28 <hyakuhei> Oh, good crowd :D
17:01:34 <sigmavirus24> elmiko: whatchu doing here? =P
17:01:41 <hyakuhei> heh.
17:01:44 <elmiko> sigmavirus24: hehe
17:01:55 <bknudson> hi
17:02:04 <michaelxin> hi
17:02:07 <hyakuhei> Ok so I’ve been on the road the whole time since our mid-cycle so this is going to be a fairly open meeting.
17:02:21 <hyakuhei> Agenda wise I’d like to discuss a few things
17:02:31 <ukbelch> Howdy all
17:02:32 <hyakuhei> Anchor, Bandit and Docs progress, security guidelines
17:02:37 <hyakuhei> What eles?
17:02:39 <hyakuhei> *else
17:03:24 <hyakuhei> bpb_: == Bryan Payne?
17:03:30 <tmcpeak> looks like a good list hyakuhei
17:03:58 <hyakuhei> ok great so Anchor and Bandit were the two technical projects that we focussed on last week
17:04:07 * bdpayne is here :-)
17:04:12 <hyakuhei> and updates/change requests have continued to flow for both which is awesome
17:04:15 <hyakuhei> hey bdpayne !
17:04:24 <hyakuhei> Do you want to talk about the guide at all?
17:04:27 <bpb_> hyakuhei: bruce b
17:04:35 <dave-mccowan> o/
17:04:46 <hyakuhei> Hey Bruce.
17:04:52 <bpb_> hey
17:05:03 <bdpayne> sure, I can talk about the guide at some point
17:05:14 <hyakuhei> Cool
17:05:28 <hyakuhei> So one thing we also did was write a bunch of developer oriented security guidelines
17:05:46 <hyakuhei> https://github.com/hyakuhei/OSSG-Security-Practices
17:06:12 <elmiko> hyakuhei: nice, +1
17:06:14 <bknudson> there's a note on the mailing list about cross-project developer guide, so maybe that would be a good place for these.
17:06:15 <hyakuhei> That will be moved to the openstack-security organisation on github for now while we work out a nice way to publish it into OpenStack proper
17:06:26 <hyakuhei> bknudson: can you fwd me that?
17:06:40 <tmcpeak> me too please
17:06:58 <hyakuhei> In other news I’ve been working with the TC on making us a formal part of OpenStack
17:07:10 <hyakuhei> I’ll have more to share on that soon :)
17:07:12 <ukbelch> +1
17:07:27 <michaelxin> +1
17:07:36 <bknudson> looking for the link.
17:07:42 <hyakuhei> So as we’ve had two great weeks of contributions and code development I really don’t have much to complain about here :P
17:08:11 <bknudson> #link http://lists.openstack.org/pipermail/openstack-dev/2015-February/057816.html
17:08:17 <hyakuhei> Great thanks bknudson
17:08:25 <bknudson> "creating a unified developer reference manual"
17:08:53 <hyakuhei> Ok so I’ve raised the things I needed to (longer meeting next week)
17:09:05 <hyakuhei> Open agenda, bdpayne, tmcpeak etc anything to discuss
17:09:22 <tmcpeak> I can take Bandit for a while
17:09:27 <tmcpeak> provide update, etc
17:09:32 <hyakuhei> please do
17:09:40 <hyakuhei> #topic bandit
17:09:59 <tmcpeak> cool, so we got a ton of great stuff done last week at the mid-cycle
17:10:14 <tmcpeak> fletcher and browne have started with development
17:10:20 <tmcpeak> ljfisher is now a core
17:10:33 <bknudson> congrats to ljfisher
17:10:44 <tmcpeak> congrats ljfisher!
17:10:51 <ljfisher> i’ll try not to let the power go to my head :)
17:11:00 <sigmavirus24> ljfisher: that's the wrong thing to do ;)
17:11:00 <tmcpeak> we have merged a lot of changes
17:11:03 <bdpayne> ;-)
17:11:12 <fletcher> niiiiiice, congrats
17:11:32 <tmcpeak> fletcher: want to introduce yourself briefly for those who weren't at the meetup?
17:11:53 <elmiko> ljfisher: grats!
17:12:05 <fletcher> sure, I'm rob fletcher and I do application security things at uber! I have an irrational fear of the ocean and bears
17:12:16 <tmcpeak> lol, perfect
17:12:20 <ljfisher> and bringer of swag
17:12:42 * bknudson wore uber hoodie today
17:12:51 <fletcher> :)
17:12:52 <bdpayne> fletcher I wore my Uber hoodie yesterday and everyone in my office wanted one ;-)
17:13:04 <tmcpeak1> internet fail
17:13:05 <tmcpeak1> :(
17:13:16 <tmcpeak1> anyway, so yeah.  Bandit used in Keystone
17:13:24 <tmcpeak1> bknudson: you mentioned wanting somebody to attend Keystone meeting?
17:13:45 <bknudson> y, if we're going to enable it for keystone should answer questions from other cores / developers
17:13:52 <bknudson> if they have any questions.
17:13:53 <tmcpeak1> ok cool
17:13:56 <tmcpeak1> sounds good
17:14:09 <ukbelch> I feel like those aren't irrational btw
17:14:29 <bknudson> #link https://review.openstack.org/#/c/157930/
17:14:32 <dave-mccowan> i ran Bandit against the Barbican source code.  i opened a bug against Bandit, since it's treating DocStrings like source code Strings.
17:14:50 <bknudson> ^ is in-progress change to add tox env for keystone
17:15:18 <bknudson> will keep working on it as bandit changes, and then it'll be available to enable the gating
17:15:21 <hyakuhei> I’m really excited about having Bandit land in a gate
17:15:28 <tmcpeak> ok, I think I have procured better internet
17:15:38 <tmcpeak> anyway, bknudson what are the details
17:15:43 <tmcpeak> maybe a few of us can attend
17:15:53 <bknudson> I think people are going to want to know what bandit does
17:16:04 <bknudson> e.g., might have a question about what kind of checks it does
17:16:10 <bknudson> and how to configure it... where's docs
17:16:12 <tmcpeak> cool, should definitely be able to answer any of those questions
17:16:19 <tmcpeak> oh.. the docs
17:16:22 <tmcpeak> :\
17:16:36 <bknudson> and what the output looks like currently... can run the tox -e bandit to see that.
17:16:39 <tmcpeak> our docs are pretty immature/non-existent
17:16:46 <tmcpeak> but yeah, I'm happy to show up and answer any questions
17:16:57 <tmcpeak> send out the details?
17:17:22 <bknudson> #link https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting
17:17:28 <tmcpeak> I'd encourage anybody else interested to attend that meeting too, will be interesting to see what our first real world gate test user thinks
17:17:30 <bknudson> add yourself to the agenda if you can make next week.
17:17:55 <tmcpeak> ok cool, will do
17:18:12 <tmcpeak> anybody else have anything they want to mention for Bandit?
17:18:23 <hyakuhei> or for anything else :) bdpayne maybe?
17:18:33 <bdpayne> Sure, I'll give some quick book updates
17:18:40 <hyakuhei> #topic Security Guide
17:19:03 <bdpayne> First, we are going to have a weekly meeting to discuss the book in more detail
17:19:05 <bdpayne> that will be in #openstack-security on Mondays at 10a
17:19:14 <bdpayne> should run for no more than 30 min
17:19:21 <bdpayne> we will triage bugs, plan work, etc
17:19:34 <bdpayne> a few other things worth mentioning:
17:19:34 <elmiko> 10a pacific that is
17:19:45 <bdpayne> 10a pacific, yes, thanks :-)
17:20:06 <bdpayne> 1) we plan to start releasing versions of the book for each openstack release starting with Liberty
17:20:14 <bdpayne> so we will be needing to start planning for that very soon here
17:20:46 <bdpayne> 2) we are working to get a series of checklists into the book that will help people consume the content
17:21:27 <hyakuhei> I think that’s a great idea!
17:21:33 <bdpayne> 3) we recently took an entire new chapter (thanks elmiko!) on data processing
17:21:46 <elmiko> =)
17:21:57 <bdpayne> 4) we added to https://wiki.openstack.org/wiki/Security/How_To_Contribute#Writers_.2F_Editors to make it a little easier for people to find out how to get involved, but I think more details would be even better
17:22:15 <bdpayne> That's all that I have unless there's some discussion / questions on the book
17:22:49 <bdpayne> hyakuhei back to you then
17:22:53 <hyakuhei> woo!
17:23:43 <hyakuhei> So I don’t have a huge amount to share this week, there’s some interesting stuff I’m working out with the TC that should result in some cool announcements next week :) Tune in again, same time, same place!
17:24:03 <hyakuhei> So I should extend my thanks to everyone who came to and contributed remotely to the OSSG mid-cycle
17:24:13 <bdpayne> indeed, it was a great week last week
17:24:25 <hyakuhei> it was a really excellent week, thanks everyone!
17:24:33 <bdpayne> thanks to HP and Rackspace for the sponsorship of the week!
17:24:39 <ljfisher> thanks for getting it all organized
17:24:53 <hyakuhei> I’m really pleased you found it useful
17:24:53 <bknudson> looking forward to 6 months from now
17:24:59 <hyakuhei> +1
17:25:24 <fletcher> me too, i found the meetup really beneficial
17:25:31 <fletcher> thanks everyone
17:25:55 <hyakuhei> #endmeeting