17:00:04 #startmeeting security 17:00:05 Meeting started Thu Sep 29 17:00:04 2016 UTC and is due to finish in 60 minutes. The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:06 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:07 o/ 17:00:08 The meeting name has been set to 'security' 17:00:10 #chair hyakuhei- 17:00:11 o/ 17:00:16 Current chairs: hyakuhei- tmcpeak 17:00:23 #link https://etherpad.openstack.org/p/security-agenda 17:01:00 o/ 17:01:03 o/ 17:01:08 o/ 17:01:21 wassup everybody 17:01:29 o/ (sorta) 17:01:43 hi sorta elmiko 17:01:48 o/ 17:01:54 =) 17:02:04 O/ 17:02:21 lhinds: you get the longest blog post eva up? :P 17:02:45 dg____: review anchor! 17:02:47 tmcpeak: i got nits disagreeing with each other on there :P 17:02:53 tmcpeak ok 17:03:01 lhinds: just pick your favorite contributor and ship it 17:03:30 tmcpeak: will do 17:03:44 its between tmcpeak and sigmavirus 17:03:56 huh? 17:03:57 well that's a no brainer 17:04:07 sigmavirus: is way better looking than me 17:04:07 cage fight? 17:04:14 tmcpeak: lies! 17:04:29 you can probably ignore my nits 17:04:39 I dont' remember even reviewing it 17:04:40 so 17:04:42 allright, let's get started 17:04:45 no worries, I will take look later 17:04:46 clearly I feel strongly ;) 17:04:49 #topic Kolla Security Review 17:04:54 sdake: you around? 17:05:09 tmcpeak roger 17:05:18 hey sdake 17:05:18 sdake: can you summarize what you mentioned yesterday please? 17:05:35 hey folks 17:05:47 hi 17:05:50 sec, obtaining atteention of successor kolla ptl ;) 17:06:03 can we move on and when he jjoins in rediscuss? 17:06:20 hey dg____ 17:06:29 sure 17:06:42 #topic Syntribos 17:06:49 unrahul: 17:07:09 hey guys, so our testing is going on this week as well. 17:07:31 we have tested Nova last week, and truth to be said, few days to test Nova is not enough.. 17:08:11 saw some cool bugs from you guys 17:08:25 This week we are testing both swift and cinder (i know!) , what we are trying to get from the testing.. is basically benchmarking the tool and see if we can write the tests in a better way 17:08:37 I have pushed them to their limit and given them crazy schedule. Bad on me. 17:08:40 we got lot of feedback on that front.. 17:08:44 Next cycle, we will have more time. 17:08:49 I believe ccneill sent out an email to the list about 500 errors that we kept seeing throughout all our testing 17:09:17 yup.. we got a bunch of 500 errors, then the glance ddos.. hoping to get something from the storage front as well.. 17:09:27 * unrahul fingers crossed 17:09:38 cool 17:10:01 so thats about it from us, for this week.. mdong ?.. 17:10:28 nah, I don’t have anything else to add 17:11:03 thanks tmcpeak , bandit is helping us a lot as well.. in scanning the codebase.. 17:11:17 unrahul: :) good to know 17:11:18 thats how we found the glance ddos possibility in the first place.. 17:11:24 unrahul: awesome! 17:11:31 allright, .. 17:11:32 #topic OSSN 17:11:35 lhinds: ^ 17:11:38 k... 17:12:20 Four embargo's. Three of which have drafts and need core / vmt +1's. 17:12:38 lhinds: sweet 17:12:45 The other I start on this week, so hopefully next meeting if no new ones appear, we might have a clean plate 17:12:47 lhinds ill take a look tomorrow 17:13:06 actually dg____ maybe I could assign one to you, its one I have not started on yet> 17:13:11 Sounds good dg____ ? 17:13:47 +1 dg____ loves voluntolding 17:13:59 ok, I will assign him up 17:14:02 lol 17:14:29 I wont have time to write an OSSN until this time next week, got a bunch of security guide stuff in the backlog 17:14:41 so if its time critical maybe tmcpeak would be a better bet 17:14:42 are you the new sicarie? 17:14:50 ooooh voluntold deflected 17:15:00 lets keep it on me, and see how I get on this week 17:15:02 yeah assign it to me 17:15:06 I'll write one 17:15:09 tmcpeak: done 17:15:20 (or rather; will do) 17:15:26 perfect 17:15:32 #topic Blog 17:16:25 I will try and sort out that notes post tonight 17:16:29 get that out. 17:16:43 can you do mergies tmcpeak ? 17:17:08 bah damn 17:17:17 typed all the stuff I meant to say here in #openstack-security 17:17:25 I wrote a blog post this week on secure development guidance and Bandit 17:17:32 if you're being good children you'll have noticed its announcement on the ML 17:17:40 https://openstack-security.github.io/organization/2016/09/26/python-secure-development.html 17:17:47 blog posts are easy and a good way to make our work known to the community 17:17:57 unrahul: I'd encourage you guys to do a quick one for Syntribos 17:18:09 lhinds: I'll mergies but in the future let's just get you access 17:18:19 sure thing 17:18:44 lhinds: so you fixed everything you want to fix? 17:19:01 from security channel :: agreed tmcpeak !.. we will definitely do a retrospective on the testing and on the tool soon.. 17:19:08 tmcpeak: not yet, I need to put the correct mailing list details. 17:19:14 will ping you when I am done 17:19:17 or email... 17:19:20 ok 17:19:31 #topic Kolla Security Review 17:19:33 sdake: 17:20:29 tmcpeak so pinged inc0 17:20:45 he may be at lunch - its lunchtime in texas afaik :) 17:20:49 that's ok 17:20:52 so we will have to roll without him 17:21:01 i'll make sure he is at next meeting 17:21:10 ok 17:21:12 ok great 17:21:32 where are we at with the security review for Kolla? 17:21:37 sorry, have been multi-tasking. 17:22:01 dg____: Kolla has changed (will change?) PTLs 17:22:01 dg____ so we aren't really making progress because we have been heads down in release mode 17:22:15 tmcpeak ptl change happens at election time 17:22:19 and i elected not to run 17:22:32 i intend to stya involved in kolla and also want to drive ta to conclusion 17:22:44 sdake excellent, glad you still want to be involved 17:22:55 our deadline for 3.0.0 is oct 10th 17:23:07 which leaves no time for any kind of ta prior to summit 17:23:15 rather oct 12th 17:23:37 i thought it wuld e hepful to have a refresher on the new process in oone of kolla's wr sessions 17:23:38 shame, be good to get that in before the summit 17:23:41 so it looks like we'll have to do summit or after 17:23:46 tmcpeak are you going to be in barcelona? 17:23:55 indeed 17:24:00 so we know what to do 17:24:15 and after summit finish the job once the new process is well understood by our coresecc team 17:24:33 sdake that seems like a good plan 17:24:37 atm the process appears in flux - i know you hae a new one - we were working on the old one ;) 17:24:46 so lets work on the new one together 17:24:51 our new one is pretty sorted out 17:24:55 nice 17:25:01 sdake process is semi-finalised, documentation needs sorting out 17:25:05 thats fantastic news, 40 minutes should be enoug ht o communicatte that 17:25:19 we have a slot for vmt at summit 17:25:28 tmcpeak are you ok to talk the kolla team through it at the summit? 17:25:33 rather ta 17:25:45 well we sort of mix it all together, but its really about ta at this point 17:25:46 dg____: you're not coming? 17:26:24 tmcpeak magic 8ball says: unlikely 17:26:30 dg____ bummer :( 17:26:48 dg____ fwiw I dont particularly want to travel 8 hours in an airplne 17:26:52 yeh, I'd like to be there 17:27:02 dg____: it's like in your backyard... 17:27:02 but need to be at summit :) 17:27:11 sdake welcome to my life, we do that flight a _lot_ 17:27:34 hitchhike over and tailgate somebody in, sleep on tkelsey's couch, etc 17:27:36 barcelona is actually pretty easy for us, its like an hour maybe 17:27:46 beg for Sushi :P 17:27:50 nice 17:27:59 dg____ if you neeed a roommate may be able to find you one :) 17:28:02 allright, back on topic 17:28:12 dg____: can you attend Kolla's weekly with me next week? 17:28:14 sdake hah thanks 17:28:16 anyway - lets focus on getting inc0 here next wek 17:28:18 1600 UTC Weds 17:28:25 tmcpeak sure. remind me on weds 17:28:30 sweet 17:28:45 ok 17:28:50 i think we eneed to get both of our fearleess leaders together in our meetings :) 17:29:17 yep 17:29:17 so everyone on kolla side understands its a priority 17:29:24 and security team can coach us through it 17:29:53 perfect 17:29:57 cool 17:30:06 we need to get this done! 17:30:12 yep, for sure 17:30:17 we'll pick it up again next week 17:30:22 #topic Barcelona Sessions 17:30:47 we need moar 17:31:05 looks like we have 2 17:31:07 #link https://etherpad.openstack.org/p/barcelona-security-sessions 17:31:08 we do not know whether any of us can go yet. 17:31:19 michaelxin: was going to say, I'd love a syntribos session 17:32:01 I want it too. 17:32:12 allright, well that's all I had 17:32:14 #topic AOB 17:32:18 But no idea whether we can go. 17:32:22 anything else to mention? 17:32:26 I missed majority 17:32:33 How was the meeting with TC? 17:32:40 Are we going to stay in big tent? 17:32:49 michaelxin: it's fine, we're staying big tent and Rob is our PTL still 17:32:57 tmcpeak: Cool. 17:32:59 Thanks. 17:33:08 we're going to work hard to be more integrated with the community and sigmavirus is going to show us the way 17:33:20 thats awesome news! 17:33:31 i will go and read the mailing list to celebrate 17:33:52 in sigmavirus, we trust 17:34:01 dg____: +2 17:34:27 allright well seems like it's that time 17:34:29 #endmeeting