#openstack-meeting log

15:05:31 <lhinds> #startmeeting security
15:05:31 <openstack> Meeting started Thu Jun 28 15:05:31 2018 UTC and is due to finish in 60 minutes.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:05:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:05:35 <openstack> The meeting name has been set to 'security'
15:05:35 <redrobot> hi y'all!
15:05:44 <nickthetait> :)
15:05:48 <lhinds> #chair gagehugo
15:05:49 <openstack> Current chairs: gagehugo lhinds
15:05:57 <lhinds> #topic agenda https://etherpad.openstack.org/p/security-agenda
15:06:12 <lhinds> any additions, please add..
15:06:46 <fungi> yeah, i'm around, but also tc office hour (as usual)
15:07:05 <lhinds> #topic bandit migration
15:08:21 <lhinds> just seen this from browne https://github.com/ericwb/bandit/commit/0f96218f55ac89af02d6b62f8d4a158d84b3f040
15:09:39 <lhinds> i think we still need to see if another repo is required and how to manage entry points for the plugins (hosted in openstack)
15:09:58 <lhinds> I recall saying I would look at this, so will add it as an action to me.
15:10:21 <gagehugo> hmm
15:10:56 <lhinds> after that we can clear bandit from the agenda, unless an openstack specific issue occurs
15:11:20 <lhinds> #topic OSSN
15:11:53 <lhinds> I think i need to apologise to nickthetait , I am still meant to sort out the patch that I reverted
15:12:20 <lhinds> I have put an action for myself
15:12:25 <nickthetait> *giggles*
15:12:55 <lhinds> sorry mate, will get that done (going to do it tomorrow) L:-/
15:13:20 <lhinds> any other OSSN stuff?
15:13:32 <nickthetait> not from me
15:13:51 <lhinds> cool.
15:13:53 <lhinds> #topic docs
15:14:32 <lhinds> so I recently went to bump versions :
15:14:34 <lhinds> https://review.openstack.org/#/c/578064/
15:14:35 <patchbot> patch 578064 - security-doc - Update versions
15:14:52 <lhinds> andreas rightly put it down and I agree with him now
15:15:08 <lhinds> the security guide has falling prey of not being kept up to date
15:15:20 <gagehugo> :(
15:15:38 <lhinds> so I wanted to put it on the table here that we could do with some sort of sprint to go through it and check what needs updating
15:15:53 <lhinds> this will likely be stuff like key / values depreciated
15:16:04 <lhinds> and perhaps new functionailty that has been release.
15:16:08 <lhinds> *released
15:16:29 <lhinds> so putting it out there to see if anyone is interested in heading up such an effort?
15:16:53 <gagehugo> I think the keystone guide was brought up as not-up to date somewhat recently
15:16:55 <fungi> that reminds me, someone in #openstack-dev found https://wiki.openstack.org/wiki/Security/Guidelines#key_revocation and was either asking for help with it _or_ asking _to_ help with it (i couldn't figure out which)
15:17:05 <gagehugo> keystone security guide*
15:17:26 <lhinds> the individual could as an approach, check with each project on what their latest view is of security, and does the guide reflect that?
15:17:47 <lhinds> gagehugo: yep I think a few projects are needing a docs refresh
15:17:50 <gagehugo> looks like key_revocation page doesn't exist
15:18:32 <lhinds> ok, have a think about it all and let's see if we have savior by next meeting
15:18:43 <lhinds> in the mean time I will send out an email to the list(s)
15:18:50 <lhinds> seeing if anyone has an interest
15:19:22 <lhinds> gagehugo: threat analysis , anything new there?
15:19:47 <gagehugo> lhinds nope, it's still sitting on my todo list
15:20:19 <lhinds> no worries, #topic PTG
15:20:30 <lhinds> I always wondered if that would work ^
15:20:35 <lhinds> evidently not
15:20:38 <lhinds> #topic PTG
15:20:53 <fungi> the meetbot needs # to appear as the first character in your comment
15:21:02 <lhinds> Anyone got any insight on if they will be going
15:21:08 <lhinds> ack, makes sense fungi
15:21:10 <fungi> so even just prepending a space will cause it to ignore commands
15:21:37 <fungi> i've seen people #startmeeting not noticing they typed a space before it, and then go an entire meeting not realizing they'd never actually started it
15:21:48 <gagehugo> I will likely be there
15:22:01 <fungi> i'll be at the ptg as usual, but split 6 or 7 ways
15:22:38 <lhinds> I won't be able to make it myself , but we have a room in place.
15:22:57 <lhinds> we can see what topics are present to gather for then
15:23:15 <lhinds> we share with barbican, so if we are light, it won't be a waste of real estate
15:24:23 <lhinds> #topic Any other business?
15:25:02 <lhinds> nope :)
15:25:08 <gagehugo> none from me
15:25:15 <nickthetait> same
15:25:15 <lhinds> ok, thanks all..same time next week!
15:25:21 <lhinds> #endmeeting