17:00:57 <lhinds> #startmeeting security
17:00:58 <openstack> Meeting started Thu Dec 14 17:00:57 2017 UTC and is due to finish in 60 minutes.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:02 <openstack> The meeting name has been set to 'security'
17:01:30 <lhinds> anyone around? gagehugo , fungi ?
17:01:46 <fungi> oh, yep
17:02:00 <fungi> sidetracked by release cycle change discussions going on in parallel
17:02:15 <lhinds> fungi: no worries, I think we can be really quick here.
17:02:38 <lhinds> in fact I have two things I could really quickly go over with you fungi ..
17:02:59 <lhinds> could you let me know what you think of this email announcing the SIG
17:03:01 <lhinds> https://etherpad.openstack.org/p/security-sig-mail
17:03:29 <lhinds> and two, is it ok etiquette to send this to openstack-dev [all]
17:05:10 <fungi> well, i think it needs to go to the sigs ml. a pointer to it could also get sent separately to the dev and ops lists
17:05:27 <fungi> but ideally, discussion of this would happen on the sigs ml
17:05:43 <fungi> and cross-posting could lead to a fractured thread mess
17:06:05 <lhinds> I see what you mean, but I was thinking its more an announcement than a discussion per say (we had that before)
17:06:14 <fungi> for the pointer posted to the dev ml, i think i'd use [all] and [security]
17:06:25 <lhinds> fungi: good point
17:06:44 <fungi> [all] is actually intended for cross-project topics, not necessarily meaning to the attention of everyone
17:07:16 <fungi> so people who are subscribing to or filtering on specific ml tags need to have explicitly chosen the [all] tag
17:07:20 <lhinds> I was also thinking of keeping our existing IRC channel and mailing list address as well. No point scrapping all the people in the channel and those that know the address.
17:07:36 <lhinds> fungi: ack, see what you mean.
17:08:25 <fungi> i thought we'd been wanting to avoid using the security ml for discussions anyway, and just keeping it as a convenient means of getting automated notices for security hardening bugs and security-impact flagged reviews
17:08:54 <lhinds> fungi: true, so we should keep it active for that.
17:09:19 <lhinds> fungi: there is also a commit bot that posts to #openstack-security and the odd user pops up
17:09:20 <fungi> i remember going through it with hyakuhei a while back, we just needed to make some adjustments to the posting policy enforced for the list to automatically allow lp and gerrit to send through while setting the general list policy to reject
17:09:45 <lhinds> fungi: I see, so we can leave all as it is.
17:10:06 <fungi> yeah, all that is to say i think keeping those resources is fine, but general discussion would mostly move from the dev ml to the sigs ml
17:10:28 <fungi> in an effort to be more inclusive of ops/user participation
17:10:41 <lhinds> hmm, is there much action on the sigs list?
17:10:52 <lhinds> I doubt it has that many subscribers
17:11:21 <lhinds> Not sure I like the sound of being silo'ed off there.
17:15:36 <lhinds> I guess that's already been decided on, so be it.
17:15:56 <lhinds> what do you think of the email fungi , anything wrong / misleading at all?
17:16:30 <fungi> sorry, as i said, being pulled in a lot of directions at the moment. reading it now
17:17:39 <lhinds> fungi: no worries, take your time.
17:17:55 <cleong> hi
17:18:00 <lhinds> hi cleong
17:18:09 <cleong> may i ask a newb question?
17:18:21 <lhinds> sure..
17:18:32 <fungi> lhinds: i made a couple of minor typo corrections, but lgtm. ship it
17:18:42 <lhinds> thanks fungi
17:18:48 <cleong> what do i need to provide for becoming a security group member?
17:18:59 <fungi> we can address the discussion of the vmt switching to a tc-appointed working group at a later date once the dist settles
17:19:04 <fungi> s/dist/dust/
17:19:21 <cleong> i am studying digital forensics next semester and would like to apply theory to practical using openstack
17:20:06 <lhinds> sounds good fungi , I will email ttx to see if we can get a waiver from moving to the sig mailing list
17:20:35 <lhinds> I would prefer to keep things as they are, so we get the needed visibility with the projects
17:20:53 <lhinds> and people already know we listen on -dev [security]
17:21:17 <lhinds> sounds interesting cleong
17:21:46 <cleong> thanks lhinds, do i just apply on the launchpad page?
17:22:07 <fungi> lhinds: why would we need to get a waiver from moving to the sig mailing list (from the dev ml)?
17:22:08 <lhinds> cleong: apply for what cleong , internship?
17:22:32 <lhinds> fungi: well if we don't need one, I am good with that :)
17:22:32 <cleong> no it just says that the group is moderated
17:22:53 <lhinds> cleong: sure, go ahead and join and I will approve your membership
17:23:03 <cleong> ahh wonderful thank you lhinds
17:23:09 <cleong> wasn't sure if there was a procedure
17:23:16 <fungi> lhinds: we can still have security-related discussions on the dev ml if they crop up there, but sigs use the sigs ml for normal discussion so that it's more likely to pull in perspectives from operators/users
17:23:38 <lhinds> fungi: ack, I got you now. I am fine with that.
17:23:48 <lhinds> I thought we would be banished from the main list.
17:23:54 <fungi> in the same way that dev-related discussions sometimes crop up on the general ml, or operational topics come up on the dev ml...
17:24:08 <lhinds> fungi: yup, sgtm
17:24:53 <lhinds> so I think we can wrap up here, as no other bandit cores on. I will drop the email out and follow up around PTG planning for the SIG
17:25:09 <lhinds> fungi: thx again, nice to meet you cleong !
17:25:13 <lhinds> #endmeeting