#openstack-meeting-alt log

17:00:04 <tmcpeak> #startmeeting security
17:00:05 <openstack> Meeting started Thu Mar 17 17:00:04 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:07 <tmcpeak> #chair hyakuhei
17:00:09 <openstack> The meeting name has been set to 'security'
17:00:11 <openstack> Warning: Nick not in channel: hyakuhei
17:00:12 <openstack> Current chairs: hyakuhei tmcpeak
17:00:15 <tmcpeak> o/
17:00:17 <elmiko> o/
17:00:30 <tmcpeak> whatup whatup
17:00:42 <elmiko> not mucho, you?
17:00:45 <singlethink> o/
17:01:02 <tmcpeak> as my friend chair6 says, living the dream
17:01:17 <elmiko> haha, nice
17:01:25 <tmcpeak> elmiko: you have the link for where this meetings agenda should be?
17:01:26 <elmiko> or are you... dreaming the life?
17:01:36 <elmiko> tmcpeak: i sure don't
17:01:36 <tmcpeak> I've switched computers and don't have bookmarks anymore
17:01:42 <elmiko> one sec, i'll check
17:01:42 <tmcpeak> lol, sweet
17:01:45 <tmcpeak> hyakuhei: has it
17:01:48 <tmcpeak> etherpad :)
17:01:52 <hyakuhei> Yo
17:01:53 <hyakuhei> https://etherpad.openstack.org/p/security-20160317-agenda
17:01:53 <elmiko> ah, no worries then ;)
17:02:17 <sigmavirus24> o/
17:02:21 <sigmavirus24> sorry for being late
17:02:44 <tmcpeak> sigmavirus24: whatup
17:02:50 <sigmavirus24> things and stuff
17:02:55 * elmiko adds a note to sigmavirus24's permanent record
17:02:56 <sigmavirus24> you?
17:03:01 <tmcpeak> lol
17:03:04 <sigmavirus24> elmiko: that's a long record
17:03:19 <sdake> o/
17:03:31 <hyakuhei> lol
17:03:32 <elmiko> sigmavirus24: i can only imagine... ;)
17:03:44 <tkelsey> o/ all
17:03:46 <hyakuhei> So we do have a drop in from a Kolla guy today which should be exciting
17:03:52 <hyakuhei> hey tkelsey !
17:03:53 <elmiko> sweet!
17:04:07 <sdake> hey I'm the kolla guy ;)
17:04:07 <tmcpeak> oh cool
17:04:12 <bknudson> hi
17:04:16 * sigmavirus24 looks for good container trolling comments
17:04:16 <tkelsey> sdake: welcome :)
17:04:17 * elmiko waves to sdake
17:04:40 * sigmavirus24 wonders if he can make stuff up about containers just to troll while sounding legit ;)
17:04:45 <elmiko> lol
17:04:50 <tmcpeak> sigmavirus24: you wouldn't be the first
17:05:11 <sigmavirus24> tmcpeak: containers are the next generation of application security. No need to unset debug=True in your flask apps
17:05:17 <hyakuhei> hehe
17:05:24 <hyakuhei> run everything as root too
17:05:24 <tmcpeak> oh, I didn't even know that, amaze
17:05:29 <sigmavirus24> tmcpeak: right?
17:05:34 <sigmavirus24> also containers give you free doge coin
17:05:36 <sigmavirus24> ;)
17:05:39 <sdake> hyakuhei actually we dont run everything as rootin our containers ;)
17:05:41 <tmcpeak> kill MAC for that performance upgrade?
17:05:54 <sdake> running as root with a container breakout allows full comrpomise o the host
17:05:57 <sigmavirus24> tmcpeak: selinux inside the container makes your hosts safer too ;)
17:05:58 <hyakuhei> sdake: Clearly you’re doing it wrong.
17:06:03 <sigmavirus24> == hyakuhei
17:06:41 <tmcpeak> now look what you've started sigmavirus24, another mark in your file
17:06:45 <hyakuhei> lol
17:06:51 <sigmavirus24> #tigerwinning
17:06:55 <tmcpeak> this is why we can't have guests
17:07:11 <sigmavirus24> anyway
17:07:12 <hyakuhei> no nice things.
17:07:17 <hyakuhei> Ok, lets get going
17:07:33 <hyakuhei> tmcpeak: take it away, I’m going to chase down that PTL who’s supposed to be dropping in
17:07:37 * elmiko notes in sigmavirus24's file, "habitual line stepper"
17:07:41 <tmcpeak> ok
17:07:50 <tmcpeak> skipping summit planning for hyakuhei
17:07:52 <tmcpeak> #topic Anchor
17:08:00 <tmcpeak> tkelsey, roll it
17:08:45 <tkelsey> so, not much to say here, there is talk of making an Anchor 1.0 build but no clear plan yet
17:08:52 <tmcpeak> fair enough
17:08:55 <tmcpeak> active dev still?
17:09:03 <hyakuhei> Yeah stan doesn’t think it needs much more polish
17:09:12 <tmcpeak> you guys do a roadmap for 1.0 like we did with Bandit?
17:09:26 <tkelsey> we will do, but TZ makes it tricky
17:09:30 <dave-mccowan> o/
17:09:49 <sigmavirus24> does anchor have a deployment story yet?
17:09:50 <hyakuhei> Yarp
17:09:55 <hyakuhei> Hey dave-mccowan
17:10:07 <tmcpeak> ok fair enough
17:10:13 * sigmavirus24 might write an openstack-ansible role for it then
17:10:26 <tkelsey> sigmavirus24: nice
17:10:26 * sigmavirus24 has a role for barbican that is being brought upstream
17:10:41 <elmiko> nice, sigmavirus24++
17:10:53 <sigmavirus24> anchor might be more enjoyable than barbican if it has had thought put into how to deploy it
17:11:21 <redrobot> sigmavirus24 link?
17:11:39 <sigmavirus24> redrobot: the project exists I haven't checked for code yet
17:11:50 <sigmavirus24> old link is https://github.com/sigmavirus24/openstack-ansible-barbican
17:11:53 <sigmavirus24> Just using uwsgi for now
17:12:09 <sigmavirus24> slowly testing out other changes to make pbr generate apache scripts for barbican
17:12:10 <hyakuhei> cool
17:12:12 <redrobot> sigmavirus24 awesome, thanks.
17:12:35 <tmcpeak> cool
17:12:39 <tmcpeak> anything else for Anchor?
17:12:54 <hyakuhei> not from me
17:13:01 <tmcpeak> allright
17:13:03 <tmcpeak> #topic Bandit
17:13:04 <sigmavirus24> has the anchor team thought of reaching out to magnum?
17:13:10 <sigmavirus24> er i'll ask that elsewhere later
17:13:24 <sdake> sigmavirus24 it was brought up during magnum dev
17:13:25 <tmcpeak> so we're at feature freeze in Bandit but have lots of bug squashing to do
17:13:35 <sdake> i really wanted anchor instead of barbican
17:13:40 <tkelsey> OK, so bandit has most of the 1.0 stuff, but we have a bunch of bugs to fix
17:13:49 <sdake> but thats not what happened - expect things to change towards anchor in the future
17:14:05 <sigmavirus24> :thumbsup:
17:14:25 <hyakuhei> sdake: sigmavirus24 lets discuss magnum + anchor in the AOB section at the end
17:14:35 <sdake> hyakuhei  roger
17:14:45 <tkelsey> unfortunalty my OpenStack summit talk to announce 1.0 was rejected and I wont be at the summit. So, I guess it falls to others to spam about it :)
17:14:47 <tmcpeak> I'm happy to shuffle things if we want to dicuss now?
17:15:09 <sigmavirus24> tmcpeak: not a big deal. later is better
17:15:13 <hyakuhei> nah that’s ok, roll on MC
17:15:14 <tmcpeak> ok
17:15:26 <tmcpeak> allright we've got a big agenda so
17:15:28 <tmcpeak> #topic docs
17:15:31 <tmcpeak> sicarie: elmiko
17:16:45 <tmcpeak> mcfly?
17:17:06 <elmiko> sorry
17:17:09 <hyakuhei> heh
17:17:19 <hyakuhei> So, no docs?
17:17:20 <elmiko> i don't think we have any updates, just bug reports being completed
17:17:29 <elmiko> we are still blocked on creating the pdf
17:17:55 <tmcpeak> cool
17:17:55 <elmiko> although, iirc, pdesai is going to help out researching a path forward
17:18:03 <hyakuhei> That’s cool
17:18:06 <tmcpeak> path for what?
17:18:07 <hyakuhei> Priti right?
17:18:11 <tmcpeak> oh PDF
17:18:17 <elmiko> otherwise, we are just taking care of issues and adding some content improvements
17:18:21 <elmiko> hyakuhei: yes Priti
17:19:06 <elmiko> i think that's all, it's been slow the last few weeks (and i was out last week)
17:19:24 <hyakuhei> wb elmiko
17:19:34 <elmiko> cheers ;)
17:19:59 <tmcpeak> allright
17:20:06 <tmcpeak> #topic Syntribos
17:21:12 <hyakuhei> michaelxin et al
17:21:24 <hyakuhei> tmcpeak: I bumped Kolla further up the agenda
17:21:44 <tmcpeak> ahh ok
17:22:31 <tmcpeak> allright
17:22:32 <tmcpeak> moving on
17:22:36 <hyakuhei> Doesn’t look the fuzzing guys are here
17:22:39 <tmcpeak> #topic Summit Planning
17:22:50 <hyakuhei> This just in
17:22:52 <hyakuhei> Security: 3fb, 2wr, cm:half
17:23:02 <redrobot> \o/
17:23:04 <tmcpeak> wuts dis ^
17:23:08 <tmcpeak> 2 working room
17:23:11 <hyakuhei> That’s three fishbowl, 2 working room and a community space for half a day
17:23:12 <tmcpeak> half of something
17:23:15 <tmcpeak> ahh ok cool
17:23:17 <tmcpeak> :)
17:23:20 <tmcpeak> seems like a good haul
17:23:25 <hyakuhei> Yeah, better than last time
17:23:30 <hyakuhei> Slowly we take over :D
17:23:37 <tkelsey> hehe :)
17:23:37 <hyakuhei> hey redrobot didn’t see you lurking there!
17:23:38 <elmiko> nice
17:24:17 <hyakuhei> I don’t have much to add
17:24:26 <redrobot> I haven't been paying attention to the cross-project stuff... any word on BYOK discussions being a cross-project session?
17:24:30 <tkelsey> as I wont be at the summit I expect interested folks to make lots of bandit noise in my absence  :)
17:24:43 <hyakuhei> No, I’m not sure where to get involved with that
17:24:43 <tmcpeak> yeah I won't be there either
17:24:59 <tmcpeak> browne sigmavirus24 bknudson: you guys down to do a major Bandit push at the summit for our 1.0 release?
17:25:17 <sigmavirus24> tmcpeak: I wont' be at the summit
17:25:21 * redrobot will be peddling bandit at the summit
17:25:22 <sigmavirus24> But I'll participate remotely
17:25:29 <tmcpeak> redrobot: sweet!
17:25:36 <hyakuhei> :D
17:25:49 <bknudson> I'll be there
17:26:01 <tmcpeak> redrobot: I heard the going rate for uncut Bandit is 4K per kilo
17:26:08 <tkelsey> thanks redrobot
17:26:15 <tkelsey> tmcpeak: lol
17:26:30 <browne> tmcpeak: sure, i'll be there
17:26:34 <tmcpeak> cool
17:26:34 <redrobot> PSA for those who will be attending, the Swedish metal band Ghost is playing at Emo's in Austin on Monday night (the first day of the summit).
17:26:42 <elmiko> lol, nice
17:26:56 <tmcpeak> redrobot bknudson browne: let's synch on Bandit peddling :)
17:27:16 <tmcpeak> #topic Guest: Kolla
17:27:27 <hyakuhei> sdake:
17:27:42 <sdake> hey folks - name is Steve - I'm PTL for Kolla for Mitaka
17:27:56 <sdake> I am organizing an effort to get the vulnerability:managed tag applied to our repo
17:28:03 <sdake> which means we haev a super big ask of someone
17:28:08 <tmcpeak> awesome!
17:28:09 <sdake> and that is a security audit of the kolla code base
17:28:10 <tmcpeak> gmurphy: loves tasks
17:28:20 <sigmavirus24> tmcpeak: likes them too :P
17:28:24 <sdake> we are adding bandit atm
17:28:32 <sdake> and maybe a container security linter called clair
17:28:44 <sdake> bandit is in the code base, but going voting soon
17:28:49 <sdake> note most of our code is not python
17:28:53 <sdake> but ansible and docker stuff
17:29:00 <sdake> so it will be a failry new experience for most ;)
17:29:09 <tmcpeak> interesting
17:29:55 <sdake> so any takers
17:30:02 <tmcpeak> what's your timeframe?
17:30:04 <sdake> we have a team already developed to fix security vulnerailities
17:30:11 <tmcpeak> I mean what do you want to have accomplished and by when?
17:30:14 <sdake> tmcpeak anytime before the end of newton is good d;)
17:30:15 <hyakuhei> So I ran kolla through Bandit and pushed the reports back to sdake already
17:30:22 <tmcpeak> how about threat analysis?
17:30:25 <tmcpeak> that should probably be a first step
17:30:29 <tmcpeak> I'm interested in participating in that
17:30:30 <sdake> hyakuhei ya we already have bandit in the repo
17:30:37 <sdake> we are working on sorting out the bandit reports
17:30:44 <sdake> but there is more to an audit then that i think - not sure
17:30:53 <hyakuhei> There’s a _lot_
17:31:01 <tmcpeak> yeah so ideally we'll start with a TA and diagrams, and do some code review
17:31:03 <tmcpeak> at minimum
17:31:04 <hyakuhei> This covers some of the basics https://openstack-security.github.io/threatanalysis/2016/02/07/anchorTA.html
17:31:16 <tmcpeak> code review is more effective if we have a TA first so we know where the high risk locations are
17:31:17 <hyakuhei> In the context of what is probably the simplest project, Anchor.
17:31:21 <sdake> what i'm looking for is someone that the TC honors on security matters to say "yup their opinion is good enough for an audit to meet the audited requirement of the vulnerability:managed flag"
17:31:22 <hyakuhei> Indeed
17:31:42 <sdake> define TA?
17:31:43 <hyakuhei> I dont think the audited requirement is fair
17:31:47 <tmcpeak> sdake: how about we set up a TA with you, a few of us, and a few core Kolla contribs
17:31:57 <tmcpeak> sdake: ta = threat analysis
17:31:58 <sdake> hyakuhei i dont make the rules, just follow the process ;)
17:31:59 <hyakuhei> sdake: TA -> https://openstack-security.github.io/collaboration/2016/01/16/threat-analysis.html
17:32:09 <hyakuhei> I’d like to see the ‘audit’ for Nova….
17:32:15 <tmcpeak> basically you guys generate architecture diagrams and then we walk them with security and project experts
17:32:24 <sdake> hyakuhei ya for real
17:32:25 <tmcpeak> hyakuhei: yeah I don't think the audits really happen
17:32:31 <tmcpeak> that being said it would be very useful
17:32:51 <sdake> tmcpeak so a TA I think would be good
17:32:53 <hyakuhei> Sure
17:33:05 <sdake> and i can work with the TC to get the wording changed to threat analysis in the git repo for the vulnerability managed tag
17:33:19 <tmcpeak> sdake: great, so let's schedule some time for us to do a web call
17:33:21 <sdake> if that is what the security team wants
17:33:27 <tmcpeak> who from here is interested in participating in the Kolla TA?
17:33:29 <tmcpeak> o/
17:33:40 <sdake> o/
17:33:51 <sdake> i'll get some folks from kolla side as well
17:33:54 <sdake> they just arent in this meeting
17:33:54 <dave-mccowan> o/
17:33:55 <gmurphy> o/
17:33:56 <tmcpeak> perfect
17:34:15 <sdake> we have a 5 person coresec team to handle vulnerabilities out of our 12 person core reviewer team
17:34:16 <tkelsey> what timezone?
17:34:28 <sdake> US/EU tz works best
17:34:29 <hyakuhei> o/
17:34:30 <tmcpeak> tkelsey: we'll pick something neutral
17:34:33 <singlethink> o/
17:34:44 <tmcpeak> awesome
17:34:45 <tkelsey> cool, well o/ then :)
17:34:47 <tmcpeak> seems like good interest
17:34:55 <sdake> 6am pst - 9 am pst looks good for our end
17:35:08 <tmcpeak> sdake: so the starting place should be architecture diagrams, you guys in good shape with that?
17:35:09 <sdake> what do we need in terms of prep - just some arch diagrams?
17:35:21 <sdake> we have no such thing unfortunately
17:35:21 <sdake> but we can produce it
17:35:35 <tmcpeak> hyakuhei: do we have a TA template from our midcycle?
17:35:45 <hyakuhei> draw.io ftw.
17:35:51 <sdake> if your open to it, we oculd do the TA at the austin summit
17:35:53 <tmcpeak> ^ that
17:36:08 <dave-mccowan> sdake will there be a summit session for Kolla Security?
17:36:20 <elmiko> if we do it at summit, i'm way interesting in participating
17:36:22 <sdake> dave-mccowan we can make that happen - might be better then a web call
17:36:41 <sdake> up to you folks really - your the experts in this area :)
17:36:45 <tmcpeak> several of us won't be there but I can dial in
17:36:51 <sdake> I think we are breaking new groudn with how to do vulnerability:managed
17:36:51 <elmiko> oh right... doh
17:37:02 <sdake> i can put my cell pn speakerphone
17:37:05 <elmiko> sdake: definitely, and worth it imo
17:37:07 <sdake> whatever works best
17:37:21 <sdake> web call, or summit
17:37:23 <sdake> your call :)
17:37:48 <elmiko> defer to tmcpeak, he seems to be leading the charge ;)
17:37:52 <hyakuhei> TBH summit might make sense
17:37:52 <sdake> in the meantime we have some architecture diagrams to put together
17:38:06 <sdake> i'll get with tmcpeak then when we have diagrams ready to roll?
17:38:29 <tmcpeak> sounds good
17:38:42 <tmcpeak> I also think summit makes sense
17:38:49 <hyakuhei> excellent
17:38:51 <sdake> cool thanks folks for the time :)
17:38:59 <sdake> the only problem with summit is i dont want to exclude anyone
17:39:07 <elmiko> summit would be cool, just don't want the vidconf bandwidth to impede things
17:39:07 <sdake> so if that would be exclusionary let me know
17:39:08 <tmcpeak> sdake: nice to see projects very interested in security :)
17:39:11 <tkelsey> sdake: thanks for dropping in :)
17:39:12 <sdake> but prime time at summit might be good
17:39:35 <tmcpeak> allright
17:39:36 <sdake> thanks tkelsey  :)
17:39:43 <tmcpeak> anybody do anything on publicity or plan to?
17:39:50 <tmcpeak> #topic publicity
17:39:53 <yaya> hi all. Sorry to jump in late :). quick update on Syntribos: we’re working on various items of the blueprints here: https://blueprints.launchpad.net/syntribos. We’re also working on adding more tests, refactoring the code base to remove irrelevant pieces and add some automation where applicable, and improving documentation.
17:40:02 <tmcpeak> #topic Syntribos
17:40:33 <tmcpeak> yaya: I haven't played with it in a while
17:40:35 <tmcpeak> how's it going?
17:40:55 <yaya> going OK. making steady progress
17:41:23 <tmcpeak> cool, what's the gameplan?
17:41:50 <yaya> we’re juggling with other stuff wchich kinda slow us down but recently got a couple of folks dedicated to Syntribos so things should pick up much faster
17:42:06 <tkelsey> yaya: nice
17:42:31 <yaya> gameplan for the nearest future: better docs and more fuzzing tests added
17:42:42 <tmcpeak> yaya: sounds good
17:43:18 <yaya> plus testing Syntribos in mature environments :)
17:43:37 <tmcpeak> yeah I'd be curious how that goes
17:43:54 <tmcpeak> #topic OSSN
17:44:06 <tmcpeak> looks like we've got 2 new ones?
17:44:46 <tmcpeak> this one looks solid: https://bugs.launchpad.net/ossn/+bug/1507841
17:44:47 <openstack> Launchpad bug 1507841 in Trove "mongodb guest instance allows any user to connect" [High,In progress] - Assigned to Matthew Van Dijk (mvandijk)
17:44:47 <hyakuhei> oh cool. I might try to pick one up this week
17:45:28 <hyakuhei> ouch
17:46:10 <tmcpeak> allright
17:46:38 <tmcpeak> #topic Refstack
17:46:46 <tmcpeak> http://eavesdrop.openstack.org/irclogs/%23refstack/%23refstack.2016-03-14.log.html#t2016-03-14T20:03:21
17:47:07 <hyakuhei> what’s this all about?
17:47:12 <tmcpeak> elmiko's baby
17:47:36 <elmiko> well, the refstack folks are looking for some insight
17:47:50 <tmcpeak> so generally I can't see a reason to list all users non-priv'd users
17:47:56 <tmcpeak> least priv should dictate that you can't
17:47:57 <elmiko> they are coming up against a minor issue involving replicating user information into their metadata
17:48:12 <hyakuhei> Oh I see
17:48:24 <elmiko> i really think we just need a little outreach to the refstack group, maybe at their meeting, and we can help them out
17:48:25 <hyakuhei> Not paid all that much attention to refstack
17:48:33 <tmcpeak> sounds good
17:48:39 <tmcpeak> yeah I dunno what refstack is
17:48:41 <elmiko> me neither, but i saw them talking about security advice so i poked my head in
17:48:58 <elmiko> ideally, talking to catherineD in #refstack is the starting point
17:49:18 <elmiko> i can pick for some more details and maybe we can find sometime to meet
17:49:25 <tmcpeak> cool, sounds good
17:49:44 <tmcpeak> #topic AOB
17:49:56 <hyakuhei> Anchor + Magnum Things?
17:50:00 <tmcpeak> oh yeah
17:50:24 <tmcpeak> sigmavirus24: was really interested in that but I think he bounced
17:50:38 <elmiko> so, is this about anchor being deployed into the magnum bays(i think), to provide CA on those clusters?
17:50:57 <hyakuhei> From what I understand of their use case Anchor probably makes sense. Getting people to understand private community PKI has been tricky
17:51:06 <hyakuhei> elmiko: it should work for that
17:51:15 <hyakuhei> Pretty much designed to allow that sort of operation
17:51:23 <elmiko> hyakuhei: i was just curious about what the issue here is
17:51:46 <hyakuhei> +1
17:52:15 <elmiko> given how magnum deploys it's infra, it certainly seems like they might need portable, ephemeral pki for the bays
17:52:54 <hyakuhei> makes sense. The ephemeralness might hurt them though
17:52:56 * elmiko hopes he his getting the magnum terminology correct
17:53:05 <elmiko> how so?
17:53:13 <hyakuhei> Depends, I mean, if we’re talking k8 pods, replacing certs should be ok
17:53:26 <hyakuhei> Some systems get grumpy having their certs ripped and replaced often.
17:53:31 <elmiko> ah, ok
17:53:46 <tmcpeak> todo: elmiko to fix grumpiness
17:53:53 <hyakuhei> Those systems are dumb
17:53:55 <elmiko> i can still see how they would want a solution that could be deployed into the bay structure
17:53:58 <elmiko> tmcpeak: lol
17:54:12 <hyakuhei> But k8 front ends lots of things with a LB so that might not be an issue.
17:54:34 <hyakuhei> Research required.
17:54:43 <elmiko> well also, we are talking about a CA that get deployed with the entire k8s/swarm/mesos infra on a per project basis
17:55:15 <elmiko> so these could appear and disappear depending on the individual use case, they *may* not be long living installs
17:55:20 <hyakuhei> If you ignore the fact that revocation doesn’t work. Killick might make more sense
17:55:28 <elmiko> could be
17:56:05 <elmiko> i think they might just need some sort of lightweight pki that can go in to the deployments. mind you, this would be outside the control plane pki stuff
17:56:25 <hyakuhei> yeah. Anchor would be a good fit if it doesn’t make things grumpy
17:56:35 <elmiko> but, i'm just speculating here. i'm still not exactly sure what the concrete problem we are solving is
17:56:39 <elmiko> lol
17:56:48 <elmiko> why does anchor draw so much hate?
17:56:54 <tmcpeak> yeah what's the context here?
17:56:59 <sdake> anchor does draw no hate from magnum
17:57:08 <elmiko> well that's good to hear =)
17:57:12 <sdake> from my understanding (I haven't been involved in magnum for 6 months)
17:57:22 <sdake> they want to make the key architecture pluggable
17:57:32 <sdake> that is what we originally agreed to, but now its hard coded to one dep only
17:57:33 <elmiko> ah, ok. i was kinda wondering about that
17:57:46 <tmcpeak> ahh
17:58:10 <sdake> hongbin (running for ptl) wants to make this modular as well
17:58:18 <elmiko> by default would you want to plug into an existing pki? (i would think most would just want something that works out of the box)
17:58:27 <hyakuhei> elmiko: it doesn’t, it’s just not many people understand PKI well and fewer understand how screwed up PKI is.
17:58:34 <elmiko> hyakuhei: lol
17:59:01 <tmcpeak> the horrors hyakuhei has seen
17:59:06 <elmiko> yea totally
17:59:09 <hyakuhei> lol
17:59:22 <elmiko> 1 min left...
17:59:33 <hyakuhei> Thanks y'all
17:59:37 <tmcpeak> thanks everybody!
17:59:40 <tmcpeak> #endmeeting