17:00:19 #startmeeting security 17:00:20 o/ 17:00:20 Meeting started Thu Jul 14 17:00:19 2016 UTC and is due to finish in 60 minutes. The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:21 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:23 The meeting name has been set to 'security' 17:00:25 o/ 17:00:29 #chair hyakuhei 17:00:30 Current chairs: hyakuhei tmcpeak 17:00:35 o/ 17:00:41 #link https://etherpad.openstack.org/p/security-agenda 17:01:20 o/ 17:01:41 sup y'all 17:02:04 yoyo 17:02:11 allright, let's get started 17:02:13 * hyakuhei has something resembling a migrane so kinda dipping in and out 17:02:14 #topic Syntribos 17:02:23 o/ 17:02:27 the overwhelming pressure of security? 17:02:45 lol 17:02:51 Hope it passes soon. 17:02:55 This on the back of a four hour meeting I think :) 17:03:00 oh hey BryanStephenson ! 17:03:01 Bryan, welcome :) 17:03:03 hey everyone, hope everyone’s feeling well and catching plenty of pokemon 17:03:11 :D 17:03:11 hyakuhei: ouch... feel better mang 17:03:42 as for updates on Syntribos, we’ve been spending our time removing OpenCAFE dependencies 17:04:41 we’ve moved to oslo logging and config 17:05:29 and now there’s only a few small parts left before we’re done with OpenCAFE altogether - we’ve got WIP Cr’s up for those 17:05:57 sick 17:06:02 you guys doing a talk at summit for it? 17:06:29 not at Barcelona, I don’t think, we don’t want to get distracted preparing for a presentation 17:06:37 +1 17:06:43 spoken like true engineers :) 17:07:12 lol 17:07:37 lol yep, plus we want to be able to present actual results from using Syntribos to test in a real world setting 17:07:51 and that’s a goal we’re targeting for the end of this cycle 17:08:06 a couple of CVE's at least ryt mdong :) 17:08:15 +1 17:08:23 haha that would be ideal 17:08:41 we’ll definitely be thinking about presenting next cycle though 17:09:12 cool 17:09:21 yeah back in the states, new england or something? 17:09:23 big thanks to anyone who’s helped review our CR’s too, can’t do it without you 17:09:27 yeah, I think next one is in Boston 17:09:38 sweet 17:09:43 oh really, I didn't know.. Boston would be cool 17:09:48 hi all, sorry for being a little late 17:10:20 that’s all from me on Syntribos 17:10:38 awesome, thanks for the update! 17:10:44 np 17:10:46 #topic OSSN 17:10:53 lhinds is the new lord of OSSN 17:11:00 :P 17:11:15 #link https://review.openstack.org/#/c/313896/ 17:11:17 #link https://review.openstack.org/#/c/313896/ 17:11:19 bah 17:11:33 looks like we need mergies on the two reviews 17:11:35 Needs another Sec core +2 17:11:44 Kato did a rebase, so removed your +2 hyakuhei 17:11:53 Sure 17:12:05 He’s not a sec guy though. Normally the rule is 2 sec guys, one docs guy 17:12:07 all +2 17:12:12 however. lets ship 17:12:16 SHIPIT 17:12:24 ahh I see 17:12:34 SHIPITREALGOOD 17:12:39 (done) 17:12:53 and then we have the authors patch.. 17:12:55 Really awesome work thank you again lhinds 17:12:57 #link https://review.openstack.org/#/c/313896/ 17:13:02 I think that’s ready to go too now? 17:13:11 I think so 17:13:33 wrong link? 17:13:41 duh! 17:13:46 #undo 17:13:50 #link https://review.openstack.org/#/c/337627/ 17:14:12 oh hyakuhei did you see Erics comment 17:14:20 https://review.openstack.org/#/c/337627/3/security-notes/OSSN-0037 17:14:21 ok this one I would like another Sec core to +2 17:14:22 Yeah 17:14:31 who is sec cores? 17:14:44 I'm not 17:14:48 elmiko: nkinder 17:14:49 o/ 17:15:25 * elmiko taking a look 17:15:49 oh, this one looked good to me before. but then people found a bunch of issues 17:15:53 lol 17:16:25 i'm cool to merge this and we can swing around if someone says "hey, i authored that one!" 17:16:35 sounds good to me 17:16:39 +1 17:16:50 it was a huge effort on lhinds part, greatly appreciated =) 17:16:57 'swing around' sounds good 17:17:02 :) 17:17:11 np ! 17:17:15 hero! 17:17:27 happy to muck in 17:17:53 yeah man, that was awesome! thanks for all the work on it 17:18:03 +1 17:18:28 allright 17:18:32 I think we have some new OSSN open too 17:19:23 Yeah the backlog is building up 17:19:31 #link https://bugs.launchpad.net/ossn 17:19:41 how many do you guys see? 17:19:51 I have 9 but some of those are private 17:20:04 3 private 17:20:15 whoa 17:20:15 ok, that's a pretty decent queue then 17:20:32 Needs cranking through. 17:20:37 I will take a look and see what I can pick up 17:21:07 we really need a sprint for this at midcycle I think 17:21:29 that being said I think some of the private ones are high priority 17:21:36 I'll carve off some time and write one 17:21:49 #action lhinds to write OSSN 17:21:53 #action tmcpeak to write OSSN 17:22:16 allright, let's move on from this OSSN business since I'm pretty sure everybody came for the mascot discussion :P 17:22:17 #action hyakuhei to write OSSN 17:22:20 who is currently handling the private ossn process? tmcpeak + hyakuhei? 17:22:25 yeah 17:22:27 k 17:22:30 and elmiko 17:22:39 Any coresec basically 17:22:39 probably worth considering expanding that 17:22:52 +1 17:22:55 VMT like to keep it tight but I agree 17:23:11 at the least, i think we need to find someone to take my place at that table 17:23:36 I've been contributing to private bug reports but haven't done a good job of actually writing OSSN 17:23:54 private OSSN seems to be a thing that's happening more now rather than what would have been an OSSA 17:24:40 yeah i think mostly because of breaking changes etc. 17:24:41 allright well we can do that next week :) 17:24:54 I assume nothing on Docs? 17:24:57 sicarie: elmiko 17:25:07 not that i am aware of 17:25:17 If there’s a higher load on coresec for private OSSN then there’s more validity to adding an extra member 17:25:26 yeah agreed 17:25:30 imo, docs is in danger of sliding into the wasteland... 17:25:38 :’( 17:25:42 inorite 17:25:45 I was just writing something internal about that 17:25:45 elmiko: we should discuss it then :) 17:25:55 I am happy to help if extra boots needed on the ground 17:25:55 well, we need more bodies 17:25:58 same old story 17:26:06 It’s hard because you need SME bodies 17:26:12 for now, I can pick up 1534652 as well 17:26:17 i don't think sicarie or myself have the bandwidth needed to keep this ship afloat 17:26:38 I am getting more bandwidth now 17:26:40 #topic docs 17:26:43 ooh, interesting 17:26:46 is there a growing queue or are people not even adding to the queue anymore? 17:26:48 maybe i spoke too soon 17:26:58 Yeah, not too much is getting added to the queue thusfar 17:26:59 tmcpeak: nothing is happening, like no movement 17:27:17 We spoke last meeting about drafting an email to -dev explaining the situation, needing SMEs etc. 17:27:24 +1 17:27:26 Maybe laying out a few options 17:27:30 Yep, i have time now to start working on that 17:27:54 shall we get an etherpad going? 17:27:56 Now that everyone’s got there submissions for the summit in (thanks sicarie) 17:28:02 etherpad or gdocs 17:28:06 and, sadly, i'm on the other side of this. i need to be reducing my engagement... 17:28:14 :’( 17:28:22 * elmiko hugs hyakuhei 17:29:05 Cheers! 17:29:29 I don't like the sound of that elmiko 17:29:33 So lets draft something up, giving the community a few options 17:29:49 tmcpeak: i mentioned it in austin, my team is moving on... 17:29:55 lets also write a joint letter to RedHat explaining why pulling elmiko away from OpenStack is stupid 17:30:01 hahaha! 17:30:09 +1 17:30:12 * elmiko blushes 17:31:09 this is a trend 17:31:17 Righto, so we’ve got our action for docs 17:31:42 hmmm, midcycle? 17:31:50 yupyup 17:32:05 Unconference ideas, good to start developing them ahead of time 17:32:07 #topic Midcycle 17:32:24 #link https://etherpad.openstack.org/p/barbican-security-midcycle-N 17:33:09 WIll there be anything on threat analysis at the midcycle..? 17:33:18 definitely 17:33:33 cool! 17:34:16 yes. i think dg__ will be pushing that. he's currently on vacation though and sends his apologies. 17:34:35 “apologies” 17:34:42 (he told me to say something like that) 17:34:43 Keeps sending me pics of France. 17:34:44 Also if there was something on the roadmap for the security team, future projects and stuff, that would be nice.. 17:34:47 hehe 17:34:50 yeah… 17:35:02 unrahul: Chuck it on the etherpad as an unconference session 17:35:17 hyakuhei: +1 yup 17:35:27 unrahul: I put up the exact same thing basically :) 17:35:29 Roadmap is important though. We are under bigger resource constraints than ever before imho 17:35:38 +1 17:35:49 just saw that tmcpeak 17:36:00 great minds and all that 17:36:06 rofl ..>> 17:36:17 anything for TA? 17:36:39 Nothing to add 17:36:47 Aside from Doug say’s France is nice. 17:36:52 i'm pretty sure we should put a hackathon on there. 17:36:55 that's useful 17:36:56 +1 17:37:07 #topic MASCOTTTTT 17:37:54 has keystone figured out their mascot yet ?, I thought the plan was to submit, "just before" they do.. :D 17:37:59 Finally we get to some real work. 17:38:09 LOL 17:38:19 keystone hasn't decided yet 17:38:20 https://etherpad.openstack.org/p/keystone-mascot 17:38:29 Jeez 17:38:36 ok we have too many options here 17:38:41 why don't we agree on top 3 and vote 17:38:43 So we have options 17:38:54 Probably easier to put your nick next to two 17:38:58 either one you could live with 17:39:00 ok cool 17:39:12 and…. go :D 17:39:48 what was the name of that spikey thing from last week? 17:40:18 one of those freaky things sicarie suggested? 17:40:23 nah. 17:40:31 it was like a armadillo bad more badass 17:40:35 oh yeah 17:40:39 starts with a P 17:40:46 pangolin or something? 17:40:50 pangolin! 17:40:56 tkelsey: elmiko browne unrahul, gmurphy sicarie lhinds mdong vote damn you! 17:41:00 oh yeah 17:41:05 Honey badger 17:41:06 link? 17:41:11 i want to vote for that 17:41:11 https://etherpad.openstack.org/p/security-agenda 17:41:14 lol k 17:41:16 it's in the agenda m8 17:41:30 #link http://www.awf.org/sites/default/files/media/gallery/wildlife/Pangolin/Pangolin_Keith%20Coleen-Begg-2.jpg?itok=s9vv2Htk 17:41:33 can we have a pokemon as a mascot? ;) 17:41:38 oh gawd 17:41:42 no 17:41:48 LOL 17:42:15 i vote honey badger! 17:42:19 https://www.youtube.com/watch?v=aZa1aMrLpmU 17:42:23 elmiko you're trying to get us on honeybadger with your dying breath in OSSP? :P 17:42:28 they take on lions head on 17:42:32 how many votes we get? i see multiple from the same nick 17:42:39 two 17:42:45 cool 17:42:49 Vote for two that you could live with 17:43:07 i think https://www.youtube.com/watch?v=4r7wHMg5Yjg 17:43:08 I'm really glad it looks like it won't be Hippo 17:43:08 lol 17:43:20 honey badger has my top vote 17:43:21 I’m not even voting for my idea 17:43:35 I think you meant Pangolin hyakuhei 17:43:40 quick everyone change to hippo 17:43:45 but nobody knows what that actually is 17:43:46 tmcpeak: pretty much =D 17:44:07 lol 17:44:08 hippo it is 17:44:31 #link http://media2.intoday.in/indiatoday/images/stories/mi-305_022016032232.jpg 17:44:33 i'm still trying to get dung beetle as some project's mascot.... 17:44:37 hippo +1 17:44:55 Actually, hippos are one of the most dangerous animals 17:45:05 pangolin looks like an battle formation, with its scales and stuff 17:45:09 They kill idiots on African safaris who get too close 17:45:22 but we would need to explain to all what a pangolin is.. 17:45:24 are we just voting on whats there or can we add stuff? 17:45:37 The picture of the pangolin does all the explaining for us 17:45:44 ^^^ yup 17:46:03 Who suggested Tardigrade? 17:46:07 * hyakuhei shudders 17:46:07 ha, me 17:46:10 damn it 17:46:35 too bad i didn't think of it earlier 17:46:40 what the hell is that thing 17:46:40 BryanStephenson: +1 17:46:47 https://en.wikipedia.org/wiki/Tardigrade 17:46:57 lol 17:46:58 ok well, in what can only be called semi-democratic at best, I think pangolin wins! 17:47:08 seems like it 17:47:08 tkelsey: too slow voting man :P 17:47:31 pangolin looks cool, I like the ethos (with the armor) 17:47:43 hyakuhei: lol ah well, whatever :P 17:47:51 Excellent. I’ll pass that back to the foundation people who want us to stop using their logo :P 17:48:08 woot 17:48:11 fairwell cool old logo, your sticker shall ever grace my laptop 17:48:31 +1 17:48:49 I think we should all take a moment to be thankful to michaelxin for our awesome stickers :D 17:48:57 +1 17:48:58 hear hear 17:49:05 yeah, I've got mine on my personal phone case 17:49:16 http://i.dailymail.co.uk/i/pix/2014/12/03/23B1E10300000578-0-image-29_1417600979429.jpg https://usercontent.irccloud-cdn.com/file/oq2hjUbw/ 17:49:50 Auditor looking for openstack security 17:49:52 yum, and tasty to lions 17:50:39 ok so I think that’s most of what we wanted to cover today… ? 17:51:13 oh 17:51:17 gmurphy: panel? 17:51:20 #topic AOB 17:51:42 oh so yeah i tacked a couple things on the agenda 17:51:49 oooh 17:51:56 but it might be too late to suggest that for the summit 17:52:11 but thought maybe we could run a security panel etc 17:52:22 It’s been discussed before 17:52:25 Not a bad idea 17:52:39 However there’s never been feedback from a summit saying “we need more panels” 17:52:51 Good idea for the next summit though 17:52:52 i've seen it with the languages discussion before etc. was interesting. 17:53:02 Keystone regularly have them 17:53:04 So do ops 17:53:20 No objection to them being in but they get submitted like any other presentation in the CFP window 17:53:36 yeah 17:53:41 oh well. maybe next time 17:53:52 also 17:53:54 cp/paste 17:54:05 Reminder: There are a number of public security issues that the OSSP team can help move along for the VMT (especially if they're interested in the VMT process). #link: https://bugs.launchpad.net/ossa/+bugs?orderby=-status&start=0&field.information_type%3Alist=PUBLIC&field.information_type%3Alist=PUBLICSECURITY 17:54:17 Good point 17:54:46 that's it for my AOB 17:55:16 wrap it? 17:55:16 cool, thanks gmurphy 17:55:20 yupyup 17:55:45 cool, thanks everybody! 17:55:47 #endmeeting