Wednesday, 2016-09-21

*** jamielennox is now known as jamielennox|away00:00
*** tmcpeak has quit IRC00:05
*** tmcpeak has joined #openstack-security00:07
tmcpeakdave-mccowan: wassup00:07
dave-mccowanare you or rob planning on ptl-ing next cycle?  there was no nomination made for ocata cycle.00:08
dave-mccowaneither way, someone needs to email tc to let them know asap.00:10
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos
*** Alexey_Abashkin_ has quit IRC00:13
*** mdong has quit IRC00:13
*** jamielennox|away is now known as jamielennox00:14
*** Alexey_Abashkin_ has joined #openstack-security00:14
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service
*** Alexey_Abashkin_ has quit IRC00:18
*** Alexey_Abashkin_ has joined #openstack-security00:32
*** ccneill has quit IRC00:43
*** tmcpeak has quit IRC01:09
*** sdake_ has joined #openstack-security01:19
*** sdake has quit IRC01:21
*** zhihui has joined #openstack-security01:30
*** salv-orl_ has joined #openstack-security01:42
*** salv-orlando has quit IRC01:44
*** SuperHappyfornow has joined #openstack-security02:03
*** SuperHappyfornow has left #openstack-security02:27
*** yuanying has quit IRC02:52
*** vinaypotluri has quit IRC02:52
*** knangia has quit IRC03:01
*** dave-mccowan has quit IRC03:09
*** dikonoor has joined #openstack-security03:33
*** sdake_ has quit IRC03:42
*** yuanying has joined #openstack-security03:49
*** lamt has quit IRC04:01
*** markvoelker has quit IRC04:03
*** markvoelker has joined #openstack-security04:10
*** vinaypotluri has joined #openstack-security04:10
*** woodster_ has quit IRC05:10
openstackgerritavnish proposed openstack/anchor: Added sphinix config to setup.cfg
*** austin987 has joined #openstack-security05:29
*** lamt has joined #openstack-security05:39
*** markvoelker has quit IRC06:01
openstackgerritzhangyanxian proposed openstack/bandit: Fix typos in &
*** markvoelker has joined #openstack-security06:03
openstackgerritzhangyanxian proposed openstack/bandit: Fix typos in &
*** rcernin has joined #openstack-security06:07
*** markvoelker has quit IRC06:11
openstackgerritavnish proposed openstack/security-analysis: py33 is no longer supported by Infra's CI
*** vinaypotluri has quit IRC06:42
*** austin987 has quit IRC07:01
*** markvoelker has joined #openstack-security07:11
*** pcaruana has joined #openstack-security07:13
*** markvoelker has quit IRC07:16
*** Alexey_Abashkin_ has quit IRC07:20
*** AlexeyAbashkin has joined #openstack-security07:23
*** salv-orlando has joined #openstack-security07:42
*** salv-orl_ has quit IRC07:45
*** shohel has joined #openstack-security07:48
*** austin987 has joined #openstack-security08:09
*** austin987 has quit IRC08:30
*** liverpooler has joined #openstack-security08:31
*** shohel has quit IRC09:35
*** liverpooler has quit IRC11:30
*** woodster_ has joined #openstack-security11:40
*** edmondsw has joined #openstack-security11:49
*** lamt has quit IRC11:58
*** dave-mccowan has joined #openstack-security12:00
hyakuheiOk, so I missed the PTL deadline, I think mainly because I had some personal issues due to some lifeboat issues that a few of you here know about - anyway, now they want to remove us from the Big Tent!12:18
hyakuheiPlease take a look at the email thread on -dev titled : [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent12:18
hyakuhei and respond with your thoughts.12:18
openstackgerritMerged openstack/bandit: Fix typos in &
*** lamt has joined #openstack-security12:29
*** lamt has quit IRC12:31
*** lamt has joined #openstack-security12:32
*** markvoelker has joined #openstack-security12:33
*** zhihui has quit IRC12:38
*** _elmiko is now known as elmiko13:01
*** liverpooler has joined #openstack-security13:13
*** salv-orl_ has joined #openstack-security13:42
*** salv-orlando has quit IRC13:45
*** lamt has quit IRC13:47
*** sdake has joined #openstack-security13:59
*** sdake has quit IRC13:59
*** sdake has joined #openstack-security14:00
*** hongbin has joined #openstack-security14:01
*** dikonoor has quit IRC14:18
*** mvaldes has joined #openstack-security14:19
*** aimeeu__ has quit IRC14:26
*** edtubill has joined #openstack-security14:30
*** edtubill has quit IRC14:30
*** edtubill has joined #openstack-security14:31
*** cleong has joined #openstack-security14:45
*** ccneill has joined #openstack-security14:54
*** openstack has joined #openstack-security15:00
*** diazjf has joined #openstack-security15:05
*** mihero has quit IRC15:07
*** diazjf has quit IRC15:11
*** gszafranski has joined #openstack-security15:13
*** lamt has joined #openstack-security15:15
*** diazjf has joined #openstack-security15:20
openstackgerritMerged openstack/syntribos: Updated from global requirements
*** ccneill-phone has joined #openstack-security15:24
*** edtubill has quit IRC15:37
*** tmcpeak has joined #openstack-security15:37
*** edtubill has joined #openstack-security15:37
*** austin987 has joined #openstack-security15:41
*** knangia has joined #openstack-security15:46
*** d0ugal has quit IRC15:48
*** d0ugal has joined #openstack-security15:50
*** diazjf has quit IRC15:57
*** vinaypotluri has joined #openstack-security15:57
mhaydenhyakuhei: i added my $0.0216:01
*** murphy_zhao has quit IRC16:03
*** rcernin has quit IRC16:03
*** murphy_zhao has joined #openstack-security16:04
*** austin987 has quit IRC16:08
*** mdong has joined #openstack-security16:09
*** mvaldes has quit IRC16:09
*** austin987 has joined #openstack-security16:10
*** diazjf has joined #openstack-security16:12
*** pcaruana has quit IRC16:15
*** pcaruana has joined #openstack-security16:17
*** edtubill has quit IRC16:22
*** edtubill has joined #openstack-security16:23
openstackgerritMichael Dong proposed openstack/syntribos: Added nova templates (hypervisors to external events)
*** codfection has joined #openstack-security16:30
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service
tmcpeakmhayden: thank you16:37
tmcpeakI did as well16:38
tmcpeaklhinds: thanks for weighing in too16:38
tmcpeakhi codfection16:38
codfectionhow are you tmcpeak16:39
*** diazjf has quit IRC16:39
tmcpeakheh, I've been better :P16:39
*** codfection has quit IRC16:43
*** lamt has quit IRC16:43
*** codfection has joined #openstack-security16:43
*** mvaldes has joined #openstack-security16:45
lhindstmcpeak: np, mp16:49
*** codfection has quit IRC16:49
*** edtubill has quit IRC16:51
*** lamt has joined #openstack-security16:57
*** codfection has joined #openstack-security16:58
*** diazjf has joined #openstack-security17:03
*** diazjf has quit IRC17:06
ccneillabout to chime in myself..17:06
tmcpeakccneill: thank you17:06
*** diazjf has joined #openstack-security17:07
ccneilldid my message come through?17:13
* tmcpeak checks17:13
ccneillI can't see it on osdir17:13
ccneillhope I wasn't too crusty, but that pissed me off lol17:16
*** singlethink has joined #openstack-security17:17
tmcpeakccneill: this is great17:18
ccneilldid it come through? I can't see it :S17:18
ccneillthank you sir17:19
tmcpeakalso I'm a pleb… I put the entire rest of the email in my response, lol17:19
*** gfhellma has joined #openstack-security17:21
ccneilllol <3 mailing lists..17:21
*** diazjf has quit IRC17:24
mvaldesgood job guys17:28
*** singleth_ has joined #openstack-security17:33
*** singlethink has quit IRC17:36
hyakuheiccneill thank you sir.17:37
*** gfhellma has quit IRC17:38
ccneillnp :)17:38
ccneillI hope they don't fire me O:-)17:44
ccneilloh, wait..17:44
unrahulccneill:  awesome reply :D17:44
*** mvaldes has quit IRC18:01
*** mvaldes has joined #openstack-security18:07
*** edtubill has joined #openstack-security18:18
*** rcernin has joined #openstack-security18:30
*** diazjf has joined #openstack-security18:37
*** sdake has quit IRC18:39
*** ig0r_ has joined #openstack-security18:50
*** sdake has joined #openstack-security18:56
*** codfection has quit IRC18:58
*** codfection has joined #openstack-security19:02
sigmavirushyakuhei: on a more constructive note than what some people here are writing on the mailing list, would you want someone to split the PTL duties with?19:11
sigmavirusIt seems like you're thoroughly swamped and this is at least the second time we as a project team have missed the PTL nomination window19:11
*** catintheroof has joined #openstack-security19:12
*** codfection has quit IRC19:16
*** mvaldes has quit IRC19:26
*** mvaldes has joined #openstack-security19:28
*** codfection has joined #openstack-security19:30
tmcpeaksigmavirus: we always welcome help19:33
sigmavirustmcpeak: So the thing is, I was aware of the PTL nomination period. I don't follow all of the nominations though. I also regularly fail to think of us as a project team19:33
sigmavirusOur deliverables are all over the place19:33
sigmavirusSo, I didn't think to ping anyone19:34
tmcpeakin what respects are we not a project team though?19:34
ccneillI guess we could use some work as far as meshing with the greater OpenStack organism, but the "we're just gonna throw them out and act like they can't hear us" approach was a little insulting19:34
*** dhellmann has joined #openstack-security19:35
tmcpeakhi dhellmann19:35
*** diazjf has quit IRC19:35
dhellmannhi, tmcpeak19:35
tmcpeakwe blew it on missing the PTL election for sure19:35
dhellmannwe'll figure out what to do19:36
dhellmannI'm still trying to figure out if the team actually needs a PTL or not.19:36
dhellmannor if being designated an official working group is sufficient19:36
tmcpeakdhellmann: we have a couple of concerns with working group19:36
dhellmannI'm interested in hearing what those are.19:37
tmcpeakmy biggest concern is losing legitimacy.  We've got a few projects we're trying to integrate security reviews with.  VMT themselves have asked us to take the security review responsibility because they don't have the bandwidth19:38
tmcpeaksimilarly many of our contributors are receiving cycles to work on a blessed project19:38
tmcpeakwithout that status we're going to lose contributors19:39
tmcpeakhow many is an open question19:39
tmcpeakI can say for 100% certainty my company is going to give me less time and resources to do whatever working groups do19:39
dhellmannwhy would that be? why is an *official* working group less than a big tent team?19:39
tmcpeakin a perfect world it might not be19:40
dhellmannwe have other working groups with similar cross-project natures (architecture is just getting started, but there's a performance group, too)19:40
tmcpeakorganizations are always trying to distinguish themselves with metrics and for better or worse big-tent acceptance is such a metric19:40
dhellmannyeah, that's a constant issue19:41
ccneillI must confess my ignorance of the expected duties of a PTL, but reading this
tmcpeakso, what are we not doing that we need to do better to be taken seriously?19:41
ccneillit seems that a project and PTL should exist if the community organized around that project agrees that it should19:41
dhellmannccneill : all official teams are required to have a PTL as a way of ensuring that the team is interfacing with the rest of the community as a whole19:42
*** salv-orlando has joined #openstack-security19:42
dhellmanntmcpeak : from what I understand this is the second time the election was missed. I'm not sure if other folks have other concerns, but that's my main concern.19:42
tmcpeakdhellmann: not following PTL nomination has been an issue for us before because we're all happy with Rob, but we can definitely make sure to hold elections in the future19:43
dhellmanntmcpeak : you don't have to hold an election if there's only one candidate, but the candidate does need to be renewed by going through the nomination process19:43
tmcpeakdhellmann: we will ensure that happens going forward if we're allowed to keep our status19:43
dhellmannso it's not that there was only one candidate, or that the same person is doing the work, it's that the process wasn't followed in a way that makes it seem like the team is not engaged with the community at that level19:44
tmcpeakdhellmann: gotcha19:44
tmcpeakdhellmann: we'll certainly address that and any other concerns if we can go forward as a project19:45
tmcpeakwe have weekly meetings and I'll put it at the top of our agenda tomorrow to figure out what exactly we need to be doing going forward and how to prevent these mistakes19:46
*** salv-orl_ has quit IRC19:46
tmcpeakdhellmann: we'd welcome any other points that we're failing to address from TC aside from the PTL election process as well19:46
dhellmannlike I said, I don't have a broader list myself. you'll want to get some of the other tc members to respond to that question.19:47
dhellmannthe mailing list is good for that, though it may take some time -- I know folks are pretty busy wrapping up the release right now19:48
tmcpeakok, it seems like we have some interest from Adam Lawson and sigmavirus (potentially) to help us with our TC requirements19:49
dhellmannccneill : this may be a better list of the duties of a PTL:
dhellmannok, that's good19:49
tmcpeakso we could definitely use a cross-project liaison19:50
tmcpeakwe used to have bknudson but I don't think he's been able to fill that role19:50
dhellmannyou should make sure that ttx is aware of that, since we'll want to make sure the discussion appears on the tc agenda again soon19:50
tmcpeakok, I'll add all this to our agenda for discussion tomorrow19:51
tmcpeakhopefully those who expressed interest in PTL are similarly interested to help us with roles such as cross project liaison19:51
dhellmannthat would be good, yes19:52
ccneilldhellmann: thanks, that helps19:52
dhellmannsure thing19:52
tmcpeakthanks dhellmann19:52
dhellmannI want to make sure we come up with a good outcome, short and long term.19:52
tmcpeakdhellmann: I did put an item there to discuss if we do want to remain a big tent project19:53
dhellmanngood, you should definitely have that discussion. I can understand why both approaches might be appealing, or unappealing.19:53
tmcpeakmy perspective is that we're already challenged in active participation and this is really going to hurt us, but realistically unless somebody steps up to attend cross project meetings, tag releases, and all the other stuff we need to do in that list we might not be able to keep it going19:54
ccneilldhellmann: is there a document describing the differences between those two designations by chance?19:54
ccneillthe one I'm aware of is automatic ATC status19:54
ccneillwhich is certainly something that we'd like to maintain19:54
ccneillspeaking as someone who's currently working full-time on an OSSP project19:55
dhellmannccneill : unfortunately, I don't think so. the working groups are a bit less clearly defined but generally have a purpose under which they are organized that at least makes the goal clear.19:55
*** ccneill-phone has quit IRC19:55
dhellmannright, I think that would be the big difference19:55
ccneillI think one of the challenges is, it would be a struggle for each of the OSSP projects (syntribos, anchor, bandit, etc.)19:55
ccneillto maintain independent PTLS19:56
dhellmannatc status would need to come from contributions elsewhere, which might be easy if you're helping fix security issues (either directly for as an extra-atc)19:56
ccneillaggregating them under one umbrella of OSSP makes it easier in some ways to manage19:56
tmcpeakccneill: +119:56
dhellmannwell, sure, I don't think it would make sense to have each of them be their own project either19:56
sigmavirusccneill: sure, but they're not benefitting from all having the same PTL either right now19:56
sigmavirusEach has project leads that do 90% of the directing work who effectively act as a sub-ptl19:57
sigmavirusor a sub-team PTL19:57
sigmavirusThey're doing the work a PTL would do for a project like that19:57
ccneillI can only speak from the experience and information I have, but I can speak to trying to add security to other "groups"19:57
sigmavirusthe OSSP is a looser collection of projects that are really only tied together by the word "security"19:57
dhellmannthat sounds a little bit like how we organized oslo, though maybe with less cross-over19:57
ccneillI proposed changes to tempest at the beginning of the year to include security testing, and was told that I should make that a separate project19:57
sigmavirusdhellmann: I feel like oslo projects even have more in common than our projects do19:58
tmcpeaksigmavirus: what do you suggest?19:58
dhellmannsigmavirus : that might be; you're closer to the code so I'll trust your assessment19:58
ccneillsyntribos currently serves that purpose, because projects (Barbican, designate) did not want the code to live in their repo, and then tempest did not want it either19:58
sigmavirusccneill: no one is saying syntribos should cease to exist19:58
sigmavirustmcpeak: I don't know what the right way forward is19:58
sigmavirusI recognize that some companies have really bad and wrong priorities including my own19:58
ccneillsigmavirus: I'm trying (perhaps badly) to explain why code contributions to other projects as a proxy is maybe a poor indicator of what we're doing19:59
sigmavirusAnd I acknowledge that having an official working group would probably hurt contribution stats19:59
dhellmannccneill : yeah, I may be conflating the overall security team and the vmt team19:59
sigmavirusdhellmann: yeah that's also a problem19:59
dhellmannthere was also some discussion of splitting those up to make the distinction clearer, though I don't know whether the vmt folks want to do that or not19:59
sigmavirusI think the only VMT members who show up to security meetings are hyakuhei and tmcpeak19:59
sigmavirusWhich isn't to say I want to burden those folks with OSSP meetings, but that team doesn't necessarily widely overlap with the rest of the OSSP20:00
tmcpeakI'm not VMT20:00
dhellmannyeah, no more than they really did with the release team before they moved20:00
sigmavirusdhellmann: right. I'm also unclear as to whether the VMT needs a PTL-esque person or if having a PTL for their team makes sense20:00
sigmavirustmcpeak: ah, sorry20:00
tmcpeakneither is hyakuhei actually20:00
tmcpeakgmurphy is and he shows up regularly20:00
* sigmavirus has a terrible memory of who's on the VMT then20:00
dhellmannsigmavirus : yeah, that's up to how they want that group structured. a WG may be appropriate there, too.20:01
tmcpeakMorgan, Grant, Jeremy, Tristan20:01
dhellmannyeah, that list looks right20:01
sigmavirusRight, I don't think fungi or Tristan show up and I don't recall seeing Morgan recently either20:01
tmcpeakyeah, they generally don't20:01
tmcpeakthey operate autonomously from OSSP20:01
sigmavirusThis isn't to throw mud at their face, I'm just sincerely struggling to see the benefit of a PTL for the security project20:01
dhellmannso it sounds like the split makes some sense, regardless of what else happens20:01
sigmavirustmcpeak: so do bandit, syntribos, anchor, and the rest of the projects20:02
tmcpeakwe merged them a year or so ago, I don't remember why, I think it had something to do with confusion about separate roles and responsibilities20:02
tmcpeakfrom an outsider perspective20:02
dhellmannyeah, it might have been a bit more artificial than expected20:02
* sigmavirus nods20:02
sigmavirusHere's the thing though, very few of us read the mailing list frequently enough. I noticed the PTL nomination period but at no point thought "I wonder if the OSSP is going to have a PTL" because I rarely think of it having a PTL20:03
dhellmannttx has always pointed out that teams should be organized by groups working together on a common goal. if that's not the case, then splitting up makes sense. we wouldn't want to take that farther than necessary, though.20:03
sigmavirusI mean our common goal, roughly speaking, is to improve the security posture of OpenStack20:04
tmcpeakI'd argue the OSSP is working really well.  We've accomplished a lot.  Having a dedicated core group of security members to jump around on initiatives helps.  Having sponsored midcycle meetings helps.  If we lose our project status it's only going to detract from our ability to accomplish what we're working on with no discernible benefit20:04
sigmavirusWe're significantly different from any other openstack team I've worked on though20:04
tmcpeakwhat is the upside to removing our project status?20:04
dhellmannlike I'm not sure it makes sense to have each deliverable of the current team become its own team. maybe it does? but that seems excessive, and I would rather look for ways to encourage collaboration.20:04
sigmavirusdhellmann: I agree, like I said, I don't know what the right answer is here. I just feel like we're not benefitting from having a PTL20:05
dhellmanntmcpeak : it's not really a matter of "upside". it's more that if the team doesn't appear to be acting like a team, we shouldn't call it a team.20:05
* dhellmann nods20:05
tmcpeakI'm pretty sure we've been acting like a team in every sense of the word with the exception of timely elections20:05
dhellmanngood, then it's just a matter of appearances, to some degree20:05
ccneillsigmavirus: I take your point about us operating somewhat autonomously, but we couldn't have that arrangement any other way - we don't have people on each of those teams who could function as PTLs either, so in a way it's kind of a "hack". I don't know if that's WHY we've done things as we have, but it seems to be working from my perspective20:07
sigmavirus"we don't have people on each of those teams who could function as PTLs either" we do have people that do exactly that. They show up to the security meeting every week and represent their project20:07
tmcpeakso all of those people are going to attend the cross project meeting?20:08
*** catintheroof has quit IRC20:08
ccneillwe're not going to have "syntribos midcycles"20:08
ccneillI don't think, anyway20:08
ccneillif there was no overlap, why did some of us work on OSSNs and the barbican threat analysis?20:08
tmcpeakseparate Syntribos weekly meetings...20:08
mdongspeaking strictly for Syntribos - we don’t have a “sub-PTL”20:09
dhellmannccneill : we don't really have the weekly cross-project meeting any more (that doc is a bit out of date in that respect)20:09
tmcpeakdhellmann: from our perspective something we could use is a concrete list of deliverables for PTL20:09
ccneillmy point is more that Rob has just executed a midcycle for us where many of us attended, discussed priorities, worked together, and had good outputs20:09
tmcpeakso we can decide whether we have the bandwidth to meet them20:09
dhellmanntmcpeak : yes, I agree, we need to write that down somewhere20:10
dhellmannthe list in is mostly right20:10
dhellmannthere's no weekly meeting, that has changed to as-needed20:10
dhellmannyour deliverables don't follow the release cycle, so that aspect is less important20:11
sigmavirus"if there was no overlap, why did some of us work on OSSNs and the barbican threat analysis?" I didn't say there was "no overlap" Charles. There is overlap, but it's not the same as with other projects. We're an incredibly unique project in many regards (not in the least that our members are unwilling to skim a mailing list)20:11
dhellmannalthough I would welcome you using the automation we've put in place anyway20:11
tmcpeakok so we're really left with organizing the project team track in design summits, which hyakuhei has done as long as I've been involved20:12
dhellmanntmcpeak : in general, understanding the cycle schedule and being aware of current events are going to be the more important things for this team, imho20:12
ccneillsigmavirus: +1 not same as other projects, +1 unique project, -1 unwilling to skim mailing list20:12
ccneillI'm now subscribed20:13
ccneillwe used to have our own mailing list, I was under the impression that we might still be using that20:13
ccneillso I follow that20:13
tmcpeakdhellmann: we definitely need to do a better job with cycle events, although we've been extremely organized around our midcycle and summit events20:13
dhellmanntmcpeak : what effect will the change to the PTG structure have on midcycles?20:14
unrahulso I am a newcomer to the OpenStack security team and I am part of OSIC, I see many ppl in different OpenStack teams and how big/small interactions they had with the OpenStack project team they are working on. Personally the security team under Rob has been excellent in welcoming new people to the team and giving us opportunity to work on different projects.20:14
unrahulI have worked on Syntribos, OpenStack  security docs, OSSNs, Bandit and Anchor. I am not sure if this would be possible if we were not a team and if I never got any support from the Security team as a whole.20:14
tmcpeakdhellmann: less (if at all) funding for starters20:14
tmcpeakgiven corporate incentives mentioned above20:14
unrahulAnd I feel this is a bit overreaction, just for a delay in submitting the PTL nominations.20:14
tmcpeakI'm going to have a really hard time getting approval to attend a get-together with my security friends20:15
dhellmannyeah, the hope is you'll be able to get together at the ptg and summits and not need separate events20:15
sigmavirusunrahul: perhaps you missed it, but this is far from the first time there was a "delay"20:15
dhellmannunrahul : I understand that perspective. I think it would be different if this was the first time.20:15
sigmavirusWe've missed the boat several times20:15
tmcpeakI think we're circling here.  What's next steps?20:16
dhellmanntmcpeak : ensuring you have space at the PTG may help with some of the travel, since I assume your contributors are also involved with other projects?20:16
unrahuldhellmann: sigmavirus  yes and as tmcpeak  says we need to change some things and may be improve they way mailing lists are done.. I dont know, you guys know better.20:16
tmcpeakthe mail made it sound like TC has already voted20:16
sigmavirusunrahul: further, I understand OSIC does things ... in an interesting way, but I've been working in the OpenStack sphere for 2.25 years at this point and have worked on a variety of projects (Glance, Searchlight, Bandit, etc.) you don't need a single team for that20:16
ccneillso from a governance perspective, everything I've heard so far leads me to believe that if I set up a cron job to email the mailing list with "please nominate Rob" every 6 months, our team would be good to go20:16
sigmavirustmcpeak: no it didn't. It was suggesting this as an outcome20:16
ccneilleverything else seems good to go, or no?20:16
sigmavirusccneill: that's not how nominations work sadly20:17
dhellmanntmcpeak : we discussed it this week, and there was a rough consensus that we'd probably vote to remove the project, but that hasn't actually happened20:17
tmcpeak"The majority of TC members present at the meeting yesterday suggested that those project teams should be removed from the Big Tent, with their design summit space allocation slightly reduced to match that (and make room for other not-yet-official teams)."20:17
ccneillokay, another easy hack:20:18
dhellmannccneill: if that's how it's handled, then you can probably put me on the vote-to-remove list. I want the team to be engaged with the community, not just going through the motions.20:18
ccneillthis says if that we're leaderless, someone can be appointed. why not re-appoint our previous leader20:18
dhellmannccneill : that's what we did last time. Missing twice in a row is a bigger signal.20:18
sigmavirusdhellmann: I thought this was the third time20:19
dhellmannsigmavirus : maybe it was? I believe at least 2, and I haven't looked beyond that.20:20
tmcpeakok so what's our next steps?20:21
tmcpeakI'd like to avoid a protracted mailing list argument20:21
tmcpeakwhat's a better way?20:21
tmcpeaka few of us can attend the TC meeting?20:22
ccneilldhellmann: sorry, bad joke. I do take it more seriously than that, but my point was that from what I've heard here, it seems that the major violation that we've committed is not following up on the mailing list in a timely fashion20:22
tmcpeakopen invitation to anybody that doesn't want OSSP as a project to attend our meeting?20:22
sigmavirusI think we need to have our meeting tomorrow and decide if we get any benefits from having a PTL besides "They plan midcycles and PTG/summit events" and if we actually want to accept the responsibilities of integrating with the larger community20:22
sigmavirusBecause it sounds to me like members of our lot do not want the latter responsibility and people here can't come up with more convincing reasons for having a PTL at the moment other than corporate commitment and event planning20:23
ccneillwhat does "responsibilities of integrating with the larger community" mean?20:23
dhellmanntmcpeak : you should summarize on the mailing list, and maybe contact ttx directly about the team plans (who will be PTL, etc.) and make sure it is on the TC agenda. Having someone attend to participate in the discussion is a good idea, too.20:23
tmcpeakdhellmann: ok, will do20:24
ccneillsigmavirus: what are we not delivering to the OpenStack community that is expected of us? From my perspective, our entire role is to serve the larger organism, and in every way but following proper nomination protocol, I think we have done so20:25
tmcpeaksigmavirus: also are you volunteering to help?20:25
sigmavirustmcpeak: I am. I have the meeting on my calendar for tomorrow as something I can't miss as well as next week's TC meeting20:26
sigmavirusccneill: you're framing this entirely incorrectly20:26
tmcpeakgreat, we'll all discuss further tomorrow and see what needs to be done and who is willing to do them20:27
sigmavirusit's not about delivering things to the larger community. That's not our sole responsibility. We need to be part of the community, not just jogging along side of it handing them cups of security20:27
sigmavirus"Shipping code" is not the sole responsibility of being an OpenStack community member20:27
tmcpeaksigmavirus: I think we're doing a lot with diminished participation20:27
sigmavirustmcpeak: absolutely, although we've never had consistent participation from more than a small number of the same people who already do security related work at their job and integrate with other security teams at their work20:28
sigmavirusi.e., why all my OSSP work has been part of my free time20:28
mvaldesa big steaming cup o' security sounds pretty good right now20:30
ccneillsigmavirus: I guess this is just my ignorance, but I still do not fundamentally understand what you mean by "being part of the community"20:30
sigmavirusccneill: it's not what you've been told in the meetings that we've both been in. It's not "shipping features and becoming core developers [sic]"20:30
tmcpeakwell what IS it?20:31
ccneillshort of filing bugs in projects' launchpads and working with them to mitigate, collaborating with barbican on a midcycle, writing OSSN/OSSA20:31
sigmavirusIt's supporting the users, interacting positively on the mailing list and with other teams, working to help improve the OpenStack project20:31
sigmavirus(I want to say product but that word might start a different yak shave)20:31
ccneillthe tools we're writing are our way of supporting users20:32
ccneillI suck @ mailing list. will try harder20:32
sigmavirusccneill: none of the people deploying OpenStack are using syntribos or bandit20:32
sigmavirusPeople outside of openstack are using bandit20:32
ccneillright.. but they use the projects that we test with them20:32
sigmavirusBeing part of the community means taking an interest in all of the security bugs that come across our lap, not just barbican20:32
ccneillI guess if your point is "to be a project you must ship a product to operators", we fail20:32
tmcpeaksigmavirus: well hyakuhei and I both participated on a whitepaper describing security for the foundatino20:33
tmcpeakthat is supporting our users20:33
sigmavirustmcpeak: just the once though, right?20:33
mvaldesguys, these are all rabbit holes20:33
sigmavirusconstant cross project participation is expected of every other openstack project (nova, glance, sahara, etc.)20:33
sigmaviruswe do one off cross project collaborations and then we go back to our rabbit holes20:34
mvaldesit looks like there are some simple metrics by which openstack projects are measured20:34
mvaldesthose need special attention.20:34
mvaldesin addition to all the good work being done20:34
sigmavirusmvaldes: is right, we do a lot of good stuff20:35
tmcpeaksigmavirus: what is the source of all of these ideals you're talking about?  I didn't see them on any of those links above20:35
sigmaviruswe just don't do it the way every other project commits to doing it when they become a big tent project20:35
tmcpeak"constant cross project participation", constant?20:35
sigmavirustmcpeak: not daily but at least weekly20:35
mvaldesi wouldnt worry about these ideals20:36
tmcpeaksays who, and where?20:36
mvaldesOSSP is not being called out for that20:36
tmcpeakdid you just make this up?20:36
mdongplus, if the problem is “the security project doesn’t interact with other teams enough”, then making this into a workgroup is only going to make it worse with decreased participation20:36
sigmavirustmcpeak: a lot of this is in the governance repository and often discussed on the mailing list20:36
* ccneill needs a cigarette20:36
sigmavirusmdong: based on what?20:36
mvaldesi think sigmavirus is just illustrating some differences. it's not really the point here20:36
sigmavirusyeah, and I'm now well past time for me to have left for something completely different20:37
*** ccneill-phone has joined #openstack-security20:37
mdongbased on the impacts to participation that I think everyone in this project shares, for a start20:37
mvaldesno one is denying that20:37
mdongat the very minimum, making us a workgroup is certainly not a solution to any problem20:38
mvaldesbut that possibility has certainly called attention to some deficiencies20:39
mvaldeslike it or not20:39
mvaldessimply put, the [community] has made a proposal20:39
mvaldestmcpeak seems to have a pretty good handle on the next steps20:39
ccneill-phoneI guess it comes down to this: since there is only one definable difference in status of project vs. WG, and it is removing our ATC status, then the whole exercise seems to have the purpose of removing that benefit. Plus or minus a few emails to the mailing list20:40
tmcpeakyeah, we can discuss more in the meeting20:40
ccneill-phone+1 for discussing further in our meeting so we can get hyakuhei 's input as well20:41
ccneill-phoneShould we invite extend an invite on the mailing list?20:42
mvaldes+1 [big drag]20:42
tmcpeakyes, absolutely20:42
tmcpeakccneill: you'll do the honors or should I?20:44
ccneillI'm on it :)20:44
tmcpeakthanks man20:44
ccneillany idea what zulu time is for our meeting..?20:46
tmcpeakUTC is 170020:46
*** mihero has joined #openstack-security20:48
*** mwturvey has joined #openstack-security20:59
*** mwturvey has quit IRC20:59
ccneillso.. who's watching the Mr. Robot finale tonight?21:00
unrahulreally?? finale..?!21:01
ccneillfor season 2 at least21:03
*** cleong has quit IRC21:04
tmcpeakccneill: I've got to catch up a few episodes, but this season has been gooood21:05
ccneillyeeah buddy21:05
ccneillvery trippy21:06
*** mvaldes has quit IRC21:07
*** gmurphy has joined #openstack-security21:07
*** alexgooz has joined #openstack-security21:12
*** alexgooz has left #openstack-security21:12
*** mvaldes has joined #openstack-security21:23
*** rcernin has quit IRC21:24
*** salv-orlando has quit IRC21:26
*** jass93 has quit IRC21:27
*** salv-orlando has joined #openstack-security21:27
*** edmondsw has quit IRC21:40
*** ig0r_ has quit IRC21:45
*** edtubill has quit IRC21:59
*** mvaldes1 has joined #openstack-security22:16
*** mvaldes has quit IRC22:19
*** jass93 has joined #openstack-security22:19
*** lamt has quit IRC22:20
*** mvaldes1 has quit IRC22:31
*** eljuanjo has joined #openstack-security22:41
*** eljuanjo has left #openstack-security22:42
*** markvoelker has quit IRC22:43
*** singleth_ has quit IRC22:45
*** elmiko is now known as _elmiko23:01
*** jamielennox is now known as jamielennox|away23:04
*** hongbin has quit IRC23:05
openstackgerritMichael Dong proposed openstack/syntribos: Added nova extension client
openstackgerritMichael Dong proposed openstack/syntribos: Added nova extension client
*** mdong has quit IRC23:21
*** ccneill-phone has quit IRC23:25
*** jass93 has quit IRC23:27
*** jamielennox|away is now known as jamielennox23:43
*** lamt has joined #openstack-security23:43
*** markvoelker has joined #openstack-security23:44
*** lamt has quit IRC23:47
*** markvoelker has quit IRC23:49

Generated by 2.14.0 by Marius Gedminas - find it at!