15:05:31 #startmeeting security 15:05:31 Meeting started Thu Jun 28 15:05:31 2018 UTC and is due to finish in 60 minutes. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:32 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:35 The meeting name has been set to 'security' 15:05:35 hi y'all! 15:05:44 :) 15:05:48 #chair gagehugo 15:05:49 Current chairs: gagehugo lhinds 15:05:57 #topic agenda https://etherpad.openstack.org/p/security-agenda 15:06:12 any additions, please add.. 15:06:46 yeah, i'm around, but also tc office hour (as usual) 15:07:05 #topic bandit migration 15:08:21 just seen this from browne https://github.com/ericwb/bandit/commit/0f96218f55ac89af02d6b62f8d4a158d84b3f040 15:09:39 i think we still need to see if another repo is required and how to manage entry points for the plugins (hosted in openstack) 15:09:58 I recall saying I would look at this, so will add it as an action to me. 15:10:21 hmm 15:10:56 after that we can clear bandit from the agenda, unless an openstack specific issue occurs 15:11:20 #topic OSSN 15:11:53 I think i need to apologise to nickthetait , I am still meant to sort out the patch that I reverted 15:12:20 I have put an action for myself 15:12:25 *giggles* 15:12:55 sorry mate, will get that done (going to do it tomorrow) L:-/ 15:13:20 any other OSSN stuff? 15:13:32 not from me 15:13:51 cool. 15:13:53 #topic docs 15:14:32 so I recently went to bump versions : 15:14:34 https://review.openstack.org/#/c/578064/ 15:14:35 patch 578064 - security-doc - Update versions 15:14:52 andreas rightly put it down and I agree with him now 15:15:08 the security guide has falling prey of not being kept up to date 15:15:20 :( 15:15:38 so I wanted to put it on the table here that we could do with some sort of sprint to go through it and check what needs updating 15:15:53 this will likely be stuff like key / values depreciated 15:16:04 and perhaps new functionailty that has been release. 15:16:08 *released 15:16:29 so putting it out there to see if anyone is interested in heading up such an effort? 15:16:53 I think the keystone guide was brought up as not-up to date somewhat recently 15:16:55 that reminds me, someone in #openstack-dev found https://wiki.openstack.org/wiki/Security/Guidelines#key_revocation and was either asking for help with it _or_ asking _to_ help with it (i couldn't figure out which) 15:17:05 keystone security guide* 15:17:26 the individual could as an approach, check with each project on what their latest view is of security, and does the guide reflect that? 15:17:47 gagehugo: yep I think a few projects are needing a docs refresh 15:17:50 looks like key_revocation page doesn't exist 15:18:32 ok, have a think about it all and let's see if we have savior by next meeting 15:18:43 in the mean time I will send out an email to the list(s) 15:18:50 seeing if anyone has an interest 15:19:22 gagehugo: threat analysis , anything new there? 15:19:47 lhinds nope, it's still sitting on my todo list 15:20:19 no worries, #topic PTG 15:20:30 I always wondered if that would work ^ 15:20:35 evidently not 15:20:38 #topic PTG 15:20:53 the meetbot needs # to appear as the first character in your comment 15:21:02 Anyone got any insight on if they will be going 15:21:08 ack, makes sense fungi 15:21:10 so even just prepending a space will cause it to ignore commands 15:21:37 i've seen people #startmeeting not noticing they typed a space before it, and then go an entire meeting not realizing they'd never actually started it 15:21:48 I will likely be there 15:22:01 i'll be at the ptg as usual, but split 6 or 7 ways 15:22:38 I won't be able to make it myself , but we have a room in place. 15:22:57 we can see what topics are present to gather for then 15:23:15 we share with barbican, so if we are light, it won't be a waste of real estate 15:24:23 #topic Any other business? 15:25:02 nope :) 15:25:08 none from me 15:25:15 same 15:25:15 ok, thanks all..same time next week! 15:25:21 #endmeeting