Wednesday, 2015-01-21

*** voodookid has quit IRC00:10
*** bpokorny_ has joined #openstack-security00:23
*** bpokorny has quit IRC00:23
*** tmcpeak has quit IRC00:33
*** _amrith_ is now known as amrith01:12
*** tmcpeak has joined #openstack-security01:20
*** tmcpeak has quit IRC01:33
*** mohitsharma has joined #openstack-security01:38
*** Kinokoio has joined #openstack-security01:50
*** Kinokoio|2 has joined #openstack-security01:55
*** Kinokoio has quit IRC01:55
*** Kinokoio|2 has quit IRC01:55
*** Kinokoio has joined #openstack-security01:56
*** Kinokoio has quit IRC01:56
*** Kinokoio has joined #openstack-security01:56
*** bpokorny_ has quit IRC01:57
*** ljfisher has joined #openstack-security01:57
*** amrith is now known as _amrith_02:05
*** Kinokoio has quit IRC02:12
*** Kinokoio has joined #openstack-security02:13
*** Kinokoio has left #openstack-security02:26
*** mohitsharma has quit IRC02:35
*** mohitsharma has joined #openstack-security02:42
*** mohitsharma has quit IRC02:58
*** mohitsharma has joined #openstack-security03:03
*** vozcelik has joined #openstack-security03:09
*** _amrith_ is now known as amrith03:24
*** tmcpeak has joined #openstack-security03:25
*** mohitsharma has quit IRC03:34
*** tmcpeak has quit IRC03:36
*** mohitsharma has joined #openstack-security03:39
*** tmcpeak has joined #openstack-security03:41
*** tmcpeak has quit IRC03:43
*** ljfisher has quit IRC03:52
*** mohitsharma has quit IRC04:05
*** mohitsharma has joined #openstack-security04:30
*** mohitsharma has quit IRC04:35
*** mohitsharma has joined #openstack-security04:35
*** mohitsharma has quit IRC04:37
*** mohitsharma has joined #openstack-security04:38
*** mohitsharma has quit IRC04:39
*** amrith is now known as _amrith_04:49
*** mohitsharma has joined #openstack-security05:40
*** mohitsharma has quit IRC05:45
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex
*** mohitsharma has joined #openstack-security06:03
*** jamielennox is now known as jamielennox|away06:25
*** bdpayne has quit IRC06:54
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex
*** mohitsharma has quit IRC07:40
*** mohitsharma has joined #openstack-security07:53
*** vozcelik has quit IRC08:36
*** mohitsharma has quit IRC09:00
*** mohitsharma has joined #openstack-security09:42
*** mohitsharma has quit IRC10:17
*** _amrith_ is now known as amrith11:53
*** jamielennox|away is now known as jamielennox12:01
*** jamielennox is now known as jamielennox|away13:21
*** ljfisher has joined #openstack-security13:40
*** elmiko has quit IRC13:41
*** ljfisher has quit IRC13:44
*** elmiko has joined #openstack-security13:47
*** ljfisher has joined #openstack-security13:51
*** mohitsharma has joined #openstack-security14:01
*** mohitsharma has quit IRC14:05
openstackgerritLucas Fisher proposed stackforge/bandit: Blacklist urlopen-like functions in urllib, urllib2
openstackgerritLucas Fisher proposed stackforge/bandit: Blacklist urlopen-like functions in urllib, urllib2
*** paulmo has joined #openstack-security14:11
*** mohitsharma has joined #openstack-security14:13
*** mvangund has joined #openstack-security14:38
*** mvangund is now known as singlethink14:43
*** tmcpeak has joined #openstack-security14:49
*** tmcpeak has quit IRC14:50
*** tmcpeak has joined #openstack-security14:51
*** ljfisher has quit IRC14:53
*** ljfisher has joined #openstack-security14:58
*** mohitsharma has quit IRC15:01
openstackgerritMerged stackforge/bandit: Blacklist urlopen-like functions in urllib, urllib2
*** voodookid has joined #openstack-security15:19
*** bknudson has joined #openstack-security15:23
*** voodookid has quit IRC15:24
*** tkelsey has joined #openstack-security15:28
*** voodookid has joined #openstack-security15:39
*** vozcelik has joined #openstack-security15:40
*** dave-mccowan has joined #openstack-security16:00
openstackgerritTravis McPeak proposed stackforge/bandit: Check for bad requirement
*** bpokorny has joined #openstack-security16:07
*** amrith is now known as _amrith_16:21
*** vozcelik has quit IRC16:43
*** vozcelik has joined #openstack-security16:51
*** Kinokoio has joined #openstack-security17:24
*** vozcelik has quit IRC17:26
openstackgerritTravis McPeak proposed stackforge/bandit: Check for bad requirement
*** tkelsey has quit IRC17:30
*** Kinokoio has quit IRC17:30
*** Kinokoio has joined #openstack-security17:31
*** Kinokoio has quit IRC17:49
*** mohitsharma has joined #openstack-security18:02
*** _amrith_ is now known as amrith18:07
*** mohitsharma has quit IRC18:07
openstackgerritTravis McPeak proposed stackforge/bandit: Check for bad requirement
*** amrith is now known as _amrith_18:24
*** _amrith_ is now known as amrith18:26
*** bknudson has quit IRC18:27
*** bpokorny_ has joined #openstack-security18:31
*** bpokorny has quit IRC18:34
*** bpokorny has joined #openstack-security18:44
*** bpokorny_ has quit IRC18:48
*** bpokorny has quit IRC18:51
openstackgerritNick Valison proposed openstack/security-doc: Changed They're to They are
*** bpokorny has joined #openstack-security19:45
*** amrith is now known as _amrith_19:53
*** bpokorny_ has joined #openstack-security19:55
*** bpokorny has quit IRC19:59
*** tmcpeak has quit IRC20:26
*** tmcpeak has joined #openstack-security20:29
*** bpokorny has joined #openstack-security20:30
*** bpokorny_ has quit IRC20:34
*** bdpayne has joined #openstack-security20:37
*** sicarie has joined #openstack-security20:52
*** bpokorny has quit IRC20:59
elmikohey folks21:00
sicarieelmiko: thanks for the notes on the bug - I'm still working on getting barbican set up21:03
elmikosicarie: no worries, hope it was helpful21:04
bdpaynehey there21:04
elmikohey bdpayne21:04
sicarieThere are some interesting quirks with devstack on a cloud instance21:04
bdpayneI like to arrive fashionably late ;-)21:04
*** dao_vallis has joined #openstack-security21:04
elmikosicarie: fyi i was able to run barbican without needing a devstack behind it21:04
sicarieelmiko: what's your setup?21:05
sicariebdpayne: sorry for derailing the convo before it even got started21:05
bdpayneyou guys ready to get started?21:05
bdpayneheh, np21:05
*** dao_vallis has left #openstack-security21:05
elmikosicarie: i just ran the install on a virtualenv and it started the server after everything was complete. i setup a mysql backend for it with a db, that was about it.21:05
bdpayneSo, as discussed last week, I think it would be useful to walk through the open bugs21:06
sicarieawesome, thanks!21:06
elmikobdpayne: sounds good21:06
bdpaynethey have all be triaged21:06
bdpayneusually by the doc team21:06
elmikoi started to look at the usage of the word "tenant" in the docs, i think it's pretty nuanced though. more reading required.21:06
sicariebdpayne: great, this will cover one of my questions21:06
bdpayneit would be useful for us to decide if we agree with the priority on each one21:06
sicarieI opened a bug for updating some links, I opened two individual ones before I realized the entire chapter had the same base link that was out of date21:07
bdpayneso let's look for (1) priority ok, and (2) is the bug valid21:07
bdpayneoh, hehe21:07
bdpayneso that sounds like another bug21:07
bdpaynedid you file that?21:07
bdpayne(out of date link)21:08
sicarieThen I opened a third that covered the chapter21:08
bdpayneso let's get started from the top of that list21:08
bdpayneI think it would be good to remove SSL altogether21:08
bdpaynewhat do you guys think?21:08
sicarieI agree21:08
elmikothat makes sense21:09
bdpayneOk, I just commented to that effect21:09
bdpaynealso, I'd call this a medium prio21:09
elmikowhat would constitute a high prio, blatantly wrong info?21:10
sicarieyeah, there's a note somewhere in there to the effect of "this doc uses SSL to refer to SSL/TLS"21:10
bdpaynefair question21:10
bdpayneso they list it as21:10
bdpayneCritical: fix now21:10
bdpayneHigh: fix soon21:10
bdpayneMedium: fix when you can21:10
bdpayneLow: fix when convienient21:11
bdpayneWishlist: not a but, perhaps a new feature21:11
bdpayneso, yeah, I would put High or Critical on wrong information, misleading information, etc21:11
bdpaynebut we could certainly use High for the things that we think or more important to address in the near term21:12
bdpaynegiven all of that, how do you guys feel about the priotity here?21:12
* bdpayne is viewing this as a calibration exercise21:12
sicarieThe secure communication chapter is almost all TLS21:12
sicarieHowever, I have noticed many uses of SSL throughout21:13
elmikoi think medium at the least, we probably should remove the references to SSL unless specifically talking about it21:13
sicarieSo assuming they're reading the entire guide, they'll understand that it's TLS21:13
bdpayneI would guess that most people read snippets21:13
sicarieRight - which is why I'd personally say 'High"21:13
bdpayneso let's leave it at High then21:14
elmikoi can see the argument for high as well21:14
bdpayneI would argue that this should be High too21:14
bdpaynenot knowing this / doing this can lead to bad things21:14
sicarieI would agree, however I'd also like to know where this fits in the current security guide21:15
bdpayneWe should probably have a cinder chapter21:15
bdpaynestart short, and this is a good place to start21:15
elmikoyea, looking at the linked email this seems pretty important21:15
sicarieThe storage chapter is titled 'object storage' and is focused on that21:15
bdpayneyou guys ok adding a block storage chapter?21:16
elmikosounds good to me21:16
sicarieShould we add block storage, or put it under a 'storage' heading?21:16
elmikoi think it's better to structure chapters around the various services when applicable21:17
bdpayneWe have chapters for the other major pieces21:17
bdpayneIdentity Dashboard, etc21:17
bdpayneI think that Block Storage makes sense as a stand alone21:17
sicarieYep, and I was going to ask if that's sustainable with the upcoming 'tagging' system21:17
bdpayneprobably just missed b/c the original effort didn't have a cinder person at it21:17
bdpayneso that's a good point (Re tagging system)21:18
sicarie(I'm completely in agreement, just want to put the idea out there)21:18
bdpayneI think that certain projects (with a certain tag) will get mentioned up front in the guide (Ch 6-10 ish)21:18
sicarieIt's not coming in yet, and we do have time before other projects grow to be widely adopted (and therefore need security and uncover features), but we should keep it in mind21:18
bdpayneAnd other projects (rest of the tags) could be added towards the end of the guide21:18
sicarieblech, not need security, but need security guide coverage21:18
bdpayneThis would include, for example, the work that elmiko is doing21:18
sicariesounds good to me21:19
*** bpokorny has joined #openstack-security21:19
elmikoeven with the tagging effort we will still have projects the are described as the <insert type> service for openstack21:19
elmikoseems appropriate to stay on that track21:19
elmikoso, did you mean SSL or TLS ;)21:20
bdpayneso yeah, TLS21:21
bdpayneI think this is a solid Medium21:21
bdpayneshould probably find out if Priti is planning on doing this21:21
bdpayneI'll put a comment in there asking21:21
sicarieI grep'd the code a little while back and there are a few cases where SSL v2/v3 is hard coded, but if I remember correctly that's if the delegation to apache/nginx fails21:21
bdpayneso there's an argument for taking TLS straight into the Python process21:22
bdpaynebut I don't think that many people deploy it that way in practice21:22
bdpayneeven without that, there's lots of options21:23
bdpayneperhaps a Low?21:23
bdpaynealso, sicarie do you know if Mike Lange is still engaged in this effort?21:24
elmikoseems like a solid addition to the guide, but nothing burning21:24
sicariebdpayne i'll ask him now21:24
bdpayneelmiko agreed21:24
bdpayneyeah, I'm at Low/Medium for this21:24
bdpayneI could be happy leaving it21:25
sicariePersonally I like Low, but can see Medium21:25
bdpayne^^ this another audit / compliance one from Mike Lange21:25
sicarieTwo of them21:26
elmikoi think it depends on if Mike Lange is still working on it21:26
sicarieI know if MIke's not still working it that Shellee probably would21:26
elmikobecause it seems like he has some ideas about what content should be in there21:26
elmikook, cool21:26
bdpaynelet's leave these at Medium b/c beefing up the audit / compliance section would be nice21:26
bdpayneI'll unassign from Mike and see if someone else can pick it up21:26
bdpaynesound good?21:27
sicarieI ping'd him about it, if he wants it he can pick it back up21:27
elmikoi wonder if these shouldn't be wishlist items though, as we're talking about new content?21:27
bdpayne(this can be our last one for today)21:27
sicarieThat's why I was a fan of Low - there is a compliance chapter in there now, and that's very good to have but he definitely envisioned more21:28
bdpayneagreed that the reference sentence is bad21:28
bdpayneguessing I wrote it ;-)21:28
elmikoseems like a solid medium21:28
bdpayneI think I'd consider bumping this to high for clarity21:28
sicarieHaha, is the section still in the same place?21:29
* elmiko looks at guide21:29
* bdpayne checks21:29
sicarieIf I remember correctly this was reported before the rearranging21:29
sicarieShe just took a bunch of the bugs I reported on the first few chapters, so I know she's planning on ramping up her contributions again21:29
elmikoyea, that para does need some cleanup badly21:29
sicarieSo noting where the section lies now would probably help21:30
bdpayneI just put a link to the new location for that in the ticket21:30
bdpayneOk, I'll leave this as is for Shellee to work on21:30
bdpaynewould be great to see more contributions from her again21:30
elmikoyea, need to update the bug title too since it's not chap13 anymore21:30
sicarieI have ping'd her21:30
bdpayneah yeah, can you do that real quick elmiko?21:30
bdpayneI'm checking one more thing before we break here21:31
sicarieI have a few questions if you have time21:31
bdpayneOk, I was just checking the open reviews21:31
bdpaynethat's the only one21:32
bdpayneand sicarie has already commented on it21:32
bdpayneI'll review it after this21:32
bdpaynesicarie, I'm happy to chat a little longer21:32
bdpaynebut first21:32
bdpayneI think this is a good start on the triage21:32
bdpayneyou guys like the idea of doing a bit of this each week?21:32
sicarieYeah, I'm for it21:33
elmikoi think it's good21:33
bdpayneit's a little tedious, but feels useful to me21:33
bdpayneok great21:33
bdpaynewe'll work our way through them21:33
elmikothe api wg has been doing something similar21:33
bdpayneso I think that's it for today (formally)21:33
bdpayneI'll stick around for other discussion21:33
elmikoi'm still working through the data processing chapter21:34
bdpayneok great21:34
elmikoi'm meeting with some sahara folks tomorrow for a mini-review of what i have so far21:34
sicariebdpayne: it looks like lana took all of those link bugs I was talking about21:34
sicariethe over-arching one is:
elmikounfortunately i'm finding it difficult to make rapid progress, its tough for me to lock down the language and ideas we should convey21:34
bdpayneelmiko just get the ideas down... I'm a reasonably good editor and can help on that end of things if you'd like21:35
sicarieelmiko: +1 it always seems to easy to transfer the conceptualization of what you know21:35
sicarieand then you have to sit down and write it out21:35
elmikosicarie: yea, that seems like it should be high prio21:35
bdpaynejust pretend like you are writing an email to me about the topic21:35
elmikobdpayne: ack, thanks21:36
bdpayneso on this links ticket21:36
bdpayneI think we should point to the top level and not have the version in our book21:36
bdpayneI don't want to update the book every time Django does a release ;-)21:36
elmikoless fragile that way21:36
sicarieSo the other question I had was around this:
sicarieI put a bug around the wrong sentence21:37
sicarieThe section title and the first sentence have it the other way21:37
elmikofunny, i just looked up life-cycle in the dictionary the other day21:38
elmikoboth are apparently appropriate21:38
bdpayneah, let me double check the style guide on this one21:38
sicarieLana posted it's without hyphen21:38
bdpayneok, that is not exactly correct21:38
bdpayne(noun) life cycle21:39
sicarieit's like back-end again, isn't it?21:39
bdpayne(adj) life-cycle21:39
elmikolol, yea21:39
sicarieOkay, so I'll review the placement and part of speech on those21:40
bdpayneI just commented in the ticket too21:40
sicarieYeah, I haven't heard anything back, and i would imagine those managing the docs queue are a little busy, so I wasn't sure if I should open another ticket or not21:40
bdpayneno worries, it's nice when we can sort this stuff ourselves21:41
bdpaynepinging openstack-doc is often effective too21:41
bdpayneanything else?21:41
sicarieIs the goal to have case studies for each chapter?21:42
sicarieThere's a case study that is its own chapter (10 or 11, I forget exactly)21:42
sicariethat "covers" the 3 before it21:42
bdpaynemostly, but some may cover multiple chapters21:42
bdpayneactually Ch 10 looks like it needs to be moved21:43
elmikoi'm finding thinking about the case studies to be helping direct my focus21:43
sicarieYeah, but I think I was set to "opinion" on that bug too21:43
openstackgerritLana Brindley proposed openstack/security-doc: Some minor bug fixes in the Dashboard chapter
bdpayneoh hey21:43
bdpaynethat's the thing we were just talking about21:44
bdpayneI'll comment on the CR shortly21:44
bdpayneok, looks like I need to run21:44
bdpaynethanks guys!21:45
elmikothanks bdpayne21:45
sicarieok thanks!21:45
sicariesorry for the late ping, but dbpayne the ch10 bug is
sicariebdpayne too ^21:46
*** bpokorny_ has joined #openstack-security21:46
*** LinstatSDR has joined #openstack-security21:47
*** paulmo has quit IRC21:47
LinstatSDRHowdy all.21:47
*** bpokorny has quit IRC21:49
*** dave-mccowan has quit IRC21:53
*** tmcpeak has quit IRC21:54
*** tmcpeak has joined #openstack-security21:54
bdpaynesicarie thanks, got it21:57
*** bpokorny_ has quit IRC22:02
*** sicarie has left #openstack-security22:04
*** ljfisher has quit IRC22:40
*** tmcpeak has quit IRC23:01
*** jamielennox|away is now known as jamielennox23:27
*** salv-orlando has quit IRC23:33
*** LinstatSDR has quit IRC23:37
*** singlethink has quit IRC23:48
*** salv-orlando has joined #openstack-security23:56
*** bpokorny has joined #openstack-security23:58

Generated by 2.14.0 by Marius Gedminas - find it at!