| *** mhen_ is now known as mhen | 01:30 | |
| opendevreview | Rajiv Mucheli proposed openstack/barbican-specs master: Add HSM Multitenancy Support https://review.opendev.org/c/openstack/barbican-specs/+/947093 | 12:12 |
|---|---|---|
| opendevreview | Rajiv Mucheli proposed openstack/barbican-specs master: Add HSM Multitenancy Support https://review.opendev.org/c/openstack/barbican-specs/+/947093 | 12:14 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Drop redundant injection of VIRTUAL_ENV https://review.opendev.org/c/openstack/castellan/+/947098 | 12:20 |
| opendevreview | Takashi Kajinami proposed openstack/barbican-tempest-plugin master: Add stable/2025.1 job https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/947108 | 12:30 |
| opendevreview | Rajiv Mucheli proposed openstack/barbican master: Add HSM Multitenancy Support https://review.opendev.org/c/openstack/barbican/+/947118 | 13:14 |
| opendevreview | Rajiv Mucheli proposed openstack/barbican master: Add HSM Multitenancy Support https://review.opendev.org/c/openstack/barbican/+/947118 | 13:18 |
| rajiv | Hey | 14:58 |
| mharley[m] | #startmeeting barbican | 15:00 |
| opendevmeet | Meeting started Mon Apr 14 15:00:26 2025 UTC and is due to finish in 60 minutes. The chair is mharley[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'barbican' | 15:00 |
| mharley[m] | Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin jjung mharley lpiwowar | 15:00 |
| mharley[m] | If you want to be pinged, add your nickname here: | 15:01 |
| mharley[m] | #link https://etherpad.opendev.org/p/barbican-weekly-meeting | 15:01 |
| mharley[m] | The meeting's agenda can be found at the same link. | 15:01 |
| mharley[m] | Very first meeting of this cycle's PTL: mharley. | 15:02 |
| rajiv | nice!!! | 15:02 |
| mharley[m] | Hello, rajiv! :-) | 15:02 |
| mharley[m] | #topic Review Past Meeting Action Items | 15:03 |
| rajiv | :) | 15:03 |
| dmendiza[m] | 🙋♂️ | 15:03 |
| mharley[m] | We just had the information about the upcoming PTG and the switch between PTLs. No further discussions were held. | 15:03 |
| mharley[m] | Hello, hello, dmendiza. | 15:04 |
| mharley[m] | #topic Liaison Updates | 15:04 |
| mharley[m] | Epoxy has been released two weeks ago: | 15:05 |
| xek | o/ | 15:05 |
| mharley[m] | #link https://releases.openstack.org/epoxy/schedule.html | 15:05 |
| mharley[m] | Hi, @xek! | 15:05 |
| mharley[m] | There are currently no news for Flamingo. | 15:05 |
| mharley[m] | #topic Bug Review | 15:06 |
| mharley[m] | No new bugs were filed. Yay! | 15:06 |
| rajiv | i raised these 2 today : | 15:06 |
| rajiv | https://review.opendev.org/c/openstack/barbican-specs/+/947093 | 15:06 |
| rajiv | https://review.opendev.org/c/openstack/barbican/+/947118 | 15:06 |
| rajiv | Hi dmendiza[m], it would be great if you could review it | 15:07 |
| mharley[m] | Thanks for the heads up, rajiv. | 15:07 |
| rajiv | np :) | 15:07 |
| dmendiza[m] | ack | 15:07 |
| rajiv | at first glance, is implementing HSM multi-tenancy a good idea in barbican ? | 15:08 |
| mharley[m] | Well, HSM software is usually secure enough to avoid lateral movement between partitions (or vHSMs, depending on the vendor). Nevertheless, we must have in mind that this could demand some special or non-supported scenarios on the devices. | 15:13 |
| mharley[m] | And compliance requirements should also be taken into account, especially if they demand strict physical isolation for keys/secrets. | 15:13 |
| rajiv | sure, my intent of this patch was to be cloud-native and be scalable wrt hardware HSM devices | 15:13 |
| mharley[m] | * some special/complex or | 15:14 |
| mharley[m] | Got it, and that's laudable. | 15:14 |
| rajiv | yes. compliance was one aspect i wasnt sure on application side as on hardware side both are FIPS L3 compliant | 15:14 |
| mharley[m] | #topic Open Discussion | 15:15 |
| mharley[m] | PTG happened last week (from 7th to 11th). | 15:16 |
| mharley[m] | We had two sessions in total. | 15:16 |
| mharley[m] | First one was to talk about Barbican only, where we covered KMIP and PKCS#12. | 15:17 |
| mharley[m] | There are some action items for dmendiza[m] on the KMIP part. mharley will help as well. | 15:17 |
| mharley[m] | The PKCS#12 part is related to an Outreachy mentorship project led by mharley. | 15:18 |
| rajiv | could you please share the meeting links or conclusions ? | 15:18 |
| mharley[m] | The project is meant to implement support for such a feature in Babican, and it is currently under the applicants selection phase. | 15:18 |
| mharley[m] | I'll do that soon, rajiv. | 15:18 |
| mharley[m] | Details about the PKCS#12 project can be found at the link below: | 15:18 |
| rajiv | thanks | 15:19 |
| mharley[m] | #link https://www.outreachy.org/outreachy-june-2025-internship-cohort/communities/openstack/#pkcs12-bundle-type-support | 15:19 |
| mharley[m] | The second PTG session was a cross-project meeting with Nova. | 15:19 |
| mharley[m] | On this meeting, discussions about vTPM were held. | 15:19 |
| mharley[m] | No action items from our side (Barbican) were observed. | 15:20 |
| mharley[m] | All information can be found at the following link: | 15:20 |
| mharley[m] | #link https://etherpad.opendev.org/p/apr2025-ptg-barbican | 15:20 |
| mharley[m] | Does anyone have anything else to ask or inform? 🙂 | 15:21 |
| rajiv | based on notes, a new KMIP backend will be introduced ? since pykmip is not updated ? | 15:22 |
| mharley[m] | That's correct! | 15:22 |
| mharley[m] | This is currently under research, and we shall have news soon (hopefully). | 15:22 |
| rajiv | great news, we forked pykmip and did our own custom development | 15:23 |
| rajiv | https://github.com/sapcc/PyKMIP | 15:23 |
| mharley[m] | Cool. | 15:24 |
| mharley[m] | Anything else to add? | 15:29 |
| mharley[m] | That's all, folks! See you next week! :-) | 15:30 |
| mharley[m] | #endmeeting | 15:30 |
| opendevmeet | Meeting ended Mon Apr 14 15:30:32 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:30 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/barbican/2025/barbican.2025-04-14-15.00.html | 15:30 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/barbican/2025/barbican.2025-04-14-15.00.txt | 15:30 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/barbican/2025/barbican.2025-04-14-15.00.log.html | 15:30 |
| xek | Thanks mharley! | 15:48 |
| opendevreview | Theresa James proposed openstack/barbican master: Updated pagination logic to preserve URL filters https://review.opendev.org/c/openstack/barbican/+/947049 | 16:00 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!