17:04:14 <lhinds> #startmeeting security
17:04:15 <openstack> Meeting started Thu Dec  7 17:04:14 2017 UTC and is due to finish in 60 minutes.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:04:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:04:19 <openstack> The meeting name has been set to 'security'
17:04:24 <gagehugo> \o
17:04:36 <lhinds> was just trying to work out why weechat has screwed up.
17:04:46 <lhinds> windows are all wrong
17:04:49 <lhinds> ok..
17:04:52 <lhinds> #topic agena
17:05:05 <lhinds> #link https://etherpad.openstack.org/p/security-agenda
17:05:37 <lhinds> so one topic I have is the PTG (feel free to add if you have anything)
17:05:41 <lhinds> #topic PTG
17:06:07 <lhinds> So my thinking is for this PTG, is have a room on hand to use under the Security SIG
17:06:34 <lhinds> and send out an email to -dev and see if projects have any topics they want to bring to the SIG discussions.
17:06:53 <lhinds> I expect this will mean more topics on the table and a better audience around security
17:07:07 <lhinds> what do you think gagehugo , fungi ?
17:07:18 <fungi> i'll be present, but as usual i'm spread really thin (infra, tc, foundation) and so likely won't have a lot of time to spend in the security room but am happy to pop in if anything vmt-related comes up
17:07:33 <gagehugo> sounds good to me
17:07:50 <lhinds> sounds good fungi , maybe some project mights be interested in becoming security managed.
17:07:53 <fungi> i think it sounds like a good idea, whether i personally am in the room or not ;)
17:08:30 <lhinds> I omitted to mention, I will drop out an offical 'we are turning into SIG' email a couple of days before.
17:08:32 <fungi> it's likely i'll be the only vmt member present again (not sure whether tristanC or kmalloc are planning to come yet)
17:09:07 <lhinds> gagehugo: do you know if you're going yet?
17:09:21 <gagehugo> nope, likely won't know until after the 1st of the year
17:09:34 <lhinds> gagehugo: ack, I think its that way for a lot of folks.
17:09:48 <lhinds> thinking if there might be some keystone topics
17:10:05 <lhinds> that need cross-project collaobration / consensus etc.
17:10:08 <gagehugo> maybe? I can ask in the keystone meeting
17:10:14 <lhinds> thx, sounds good
17:10:36 <lhinds> k
17:10:40 <lhinds> #topic bandit
17:11:02 <lhinds> so we have a clean queue for patches now
17:11:04 <lhinds> everything merged
17:11:38 <lhinds> I just verifed Pavlo's patch after your tests gagehugo
17:11:50 <gagehugo> cool
17:12:07 <lhinds> I still have not looked at the pycrypto issue I said I would adopt
17:12:34 <lhinds> gagehugo: I can't recall what we decided, but we discussed abandoning old patches.
17:12:43 <lhinds> did you get a chance to do anything there?
17:12:56 <gagehugo> lhinds nah, I was just curious what you thought about the idea
17:13:11 <gagehugo> we had discussed the same thing in keystone at the denver ptg
17:13:25 <gagehugo> some ps just get left there for years
17:13:43 <lhinds> We have less than 10 just now?
17:13:47 <gagehugo> yeah
17:13:54 <gagehugo> it's not that bad imo
17:14:13 <lhinds> I think we can let them sit for now, but let's do this..
17:14:33 <lhinds> do you stil have the abandoned URL query to hand that you posted last week?
17:14:53 <lhinds> or rather old patches
17:15:01 <gagehugo> https://review.openstack.org/#/q/project:openstack/bandit+status:abandoned
17:15:34 <lhinds> soz, I meant the one that showed over a year since upate
17:15:48 <gagehugo> https://review.openstack.org/#/q/project:openstack/bandit+status:open
17:16:08 <lhinds> that's it
17:16:10 <gagehugo> I think there's a way to only show after a date, idk how
17:16:24 <gagehugo> my gerrit url-fu is weak
17:16:30 <lhinds> Let's put it on the etherpad, and we can then track going over those.
17:16:42 <fungi> yeah, it's the "after" query parameter
17:16:46 <lhinds> I will certainlty take a look at what can be salavged
17:17:02 <lhinds> *salvaged
17:17:05 <gagehugo> fungi ah ok
17:18:26 <lhinds> ok, will skip OSSN as I have not had a chance to move on that the pass 2 weeks, have it on my table for next week before the xmas break.
17:18:34 <lhinds> #topic threat-analysis
17:18:46 <lhinds> ok, i need to get my finger out here and so something.
17:18:57 <fungi> #link https://review.openstack.org/Documentation/user-search.html#search-operators
17:19:07 <lhinds> I have been slacking on this.
17:19:23 <gagehugo> oh nice, thanks fungi
17:19:23 * gagehugo bookmarks that
17:19:36 <fungi> lhinds: yeah, i started looking over the draft rendering and the architecture page lgtm
17:19:40 <fungi> #link http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/artifacts/keystonemiddleware/pike/architecture-page.html.gz
17:19:59 <fungi> obviously the findings still need to be integrated from the etherpad
17:20:10 <lhinds> thx fungi , so I will start migrating the etherpad contents over
17:20:23 <lhinds> then we just need to meet with keystone to discuss the findings.
17:20:30 <gagehugo> ok
17:20:46 <lhinds> gagehugo: do you think its viable to get a spot on the keystone meeting?
17:20:58 <fungi> also noticing we don't really have any proper indexing for the analyses yet... nothing links to them from the top-level html at http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/
17:21:04 <fungi> #link http://logs.openstack.org/39/447139/6/check/build-openstack-sphinx-docs/0f6e2af/html/
17:21:14 <gagehugo> yes
17:21:57 <gagehugo> I can make a note to fix that
17:22:07 <lhinds> thx gagehugo , we can either [A] go over it on IRC, or [B] do it at the PTG
17:22:18 <gagehugo> sure
17:22:50 <lhinds> ok, it think that wraps all up, last topic is xmas break
17:23:43 <gagehugo> I'll be out the last week in dec
17:23:50 <fungi> same for me
17:23:59 <lhinds> Should we make the next meeting the last of the year, and reconvene on the 4th?
17:24:25 <fungi> wfm
17:24:27 <gagehugo> I'm fine with that
17:24:41 <lhinds> cool, I will add that to the pad.
17:24:46 <lhinds> k, thx guys!
17:24:59 <lhinds> unless you have anyting else...?
17:25:03 <lhinds> *anything
17:25:17 <gagehugo> I'll bring those two things up at the keystone meeting next week
17:25:31 <lhinds> thx gagehugo
17:25:49 <fungi> thanks!
17:26:00 <lhinds> see you both next week
17:26:02 <lhinds> #endmeeting