#openstack-meeting-alt log

20:00:14 <redrobot> #startmeeting barbican
20:00:15 <openstack> Meeting started Mon Aug 24 20:00:14 2015 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:18 <openstack> The meeting name has been set to 'barbican'
20:00:57 <elmiko> heyo/
20:01:04 <silos1> \o/
20:01:13 <rellerreller> o/
20:01:17 <jkf> Howdy
20:01:20 <kfarr> o/
20:01:21 <apmelton> o/
20:01:58 <edtubill> o/
20:02:49 <jaosorior> Yo
20:02:59 <redrobot> welcome back jaosorior !
20:03:06 <arunkant> o/
20:03:09 <igueths> o/
20:03:21 <redrobot> As usual our agenda can be found here:
20:03:22 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:03:26 <jaosorior> :D
20:03:28 <redrobot> #topic Action Items from last meeting
20:03:44 <redrobot> #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-08-17-20.01.html
20:04:08 <redrobot> so....
20:04:13 <rm_work> o/
20:04:16 <redrobot> I need to get better at these
20:04:25 <redrobot> #action redrobot to finish prioritizing liberty-2 bugs, and also check them for kilo status
20:04:35 <redrobot> #action redrobot to fix the stable/kilo gate failures during mid-cycle (in-progress)
20:04:42 <redrobot> #action
20:04:46 <redrobot> #action redrobot and alee to backport the DogTag gate fixes into stable/kilo after redrobot fixes the gate
20:04:58 <redrobot> all 3 of these are getting punted, because I'm lame
20:05:06 <redrobot> however
20:05:16 <redrobot> I did work with kfarr to get python-barbicanclient released
20:05:23 <kfarr> Hooray!
20:05:39 <redrobot> #link http://lists.openstack.org/pipermail/openstack-announce/2015-August/000546.html
20:06:05 <redrobot> and the last action item was for hockeynut
20:06:07 <elmiko> \o/
20:06:14 <redrobot> but I do believe he's at a team-building outing today
20:06:21 <redrobot> so I'll punt that to next week as well
20:06:22 <redrobot> #action hockeynut to review bug tracking policies and give feedback
20:07:04 <redrobot> ok, moving on to the action items for today
20:07:23 <redrobot> #topic Merge Requirements
20:07:37 <alee> o/
20:07:41 <redrobot> We talked about this in Vancouver, but I think it's worth revisiting
20:08:04 <redrobot> I've noticed that Castellan and python-barbicanclient patches have been lingering for along time
20:08:17 <redrobot> we had a Castellan patch with 2x +2 sit in the queue for over a week
20:08:36 <redrobot> before I merged it without waiting for a +W from a third reviewer
20:09:04 <redrobot> As many contributors have noted, we're the only OpenStack project that requires 3 core reviewers for a merge
20:09:11 <redrobot> all other projects only require 2
20:09:34 <elmiko> seems fair though, given the sensitive nature of some patches
20:09:47 <elmiko> slow, but fair ;)
20:09:54 <alee> elmiko, but not all patches are that sensitive
20:09:58 <elmiko> true
20:10:20 <elmiko> especially barbicanclient i suppose
20:10:26 <alee> elmiko, is what we're doing any less sensitive than what say keystone is doing?
20:10:43 <elmiko> good question
20:11:12 <elmiko> i guess not, but some of the crypto stuff seems like it should have more eyes on it
20:11:12 <rellerreller> Maybe elmiko thinks keystone should do 3 +2s???
20:11:31 <rellerreller> :)
20:11:36 <elmiko> rellerreller: lol, no
20:11:53 * elmiko steps away from the land mine
20:12:04 <rellerreller> lol
20:12:05 <redrobot> anyway...  we don't have to make a decision today, but I did want to bring this up
20:12:14 <igueths> It could be argued that given the variability of credentials that could be stored, that the aggregate sensitivity rating should be higher than that of Keystone.
20:12:40 * elmiko hands the ball to igueths
20:12:49 <igueths> Hahaha
20:12:56 <alee> I think that perhaps patches with more crypto stuff might need more review, but the overall effect is a slowing down of patches going in.
20:12:57 <elmiko> =)
20:13:14 <redrobot> alee indeed...
20:13:16 <elmiko> alee: true, and i'm not arguing for slowing the process down
20:13:39 <redrobot> maybe a better compromise would be for our reviewers to call out that specific patches should get an additional +2 ?
20:13:45 <elmiko> would be nice if there was a clear way to mark higher sensitivity patches though, then the lower ones could get by with fewer +2s
20:13:53 <elmiko> lol, jinx!
20:14:00 <igueths> alee: redrobot Sounds reasonable.
20:14:14 <redrobot> maybe SecurityImpact flag means this patch needs 3x +2
20:14:21 <redrobot> ?
20:14:27 <elmiko> that's a nice idea
20:14:31 <igueths> +1
20:14:40 <alee> well that gets the security group involved , doesn't it?
20:14:41 <rellerreller> +1
20:14:48 <rellerreller> yes
20:14:48 <redrobot> alee indeed it does
20:14:52 <redrobot> well in theory anyway
20:15:57 <elmiko> it alerts the security group, whether they get involved is another step
20:16:05 <redrobot> we don't have to make a decision right now
20:16:11 <alee> I'm certainly in favor of getting the security group involved if need be -- and then requiring 3 +2
20:16:22 <rellerreller> Some are not always security critical as well. Content types would be one where I would want 3 +2s because that was big change.
20:16:27 <alee> as for the rest, I'm inclined to 2 +2s.
20:16:39 <redrobot> ok, it seems we like that suggestion...   (or at least I do :)
20:16:50 <elmiko> maybe just mark it BarbicanImpact, then you can search for them easily?
20:17:20 <alee> that would be nice -- can we add a new flag like that?
20:17:54 <alee> I could certainly see a reviewer thinking that a change was too big to come in without a thrid +2
20:17:58 <elmiko> i thought you could search the commit messages for arbitrary strings through gerrit, is that not the case?
20:18:03 <alee> that would not be security related
20:18:22 <redrobot> yeah, you can... we wouldn't get all the nifty notification stuff that security folks get
20:18:28 <elmiko> right
20:18:52 <rellerreller> Do we need notifications?
20:19:01 <redrobot> rellerreller nah, I don't think so
20:19:06 <alee> redrobot, so yeah - I like this idea -- 2 +2's unless either patch submitter or one review marks it either as security impact or barbican impact.
20:19:12 <rellerreller> If it's in the commit message I can easily see that and know what to do.
20:19:17 <elmiko> i was just thinking more in terms of creating a barbican dashboard with gerrit-dashboard-generator or something
20:19:36 <redrobot> alee I like that
20:19:43 <redrobot> rellerreller +1
20:19:58 <redrobot> ok, let's table this until next week, since I want to get input from the rest of the core team
20:20:27 <redrobot> I'll poke at the rest of the core devs and get a tally of support for this
20:20:45 <redrobot> also, if you're not a core reviewer, and feel like reviews are slow, let me know!
20:21:09 <kfarr> I like the idea of a Barbican impact tag
20:21:38 <redrobot> ok, we'll revisit this next week
20:21:42 <redrobot> moving on
20:21:57 <redrobot> #topic Tokyo Sessions Space Requirements
20:22:31 <redrobot> I was just pinged by the summit organizing folk to get our requirements for fishbowls/design sessions/meetups for the Tokyo summit
20:22:46 <redrobot> last summit we had 3 fishbowl, 10 design, and 1 meetup
20:22:54 <chellygel> at least 1 gundam serving tea while we work :3
20:23:40 <redrobot> I was thinking we probably only need 2 fishbowls this time around:  1 for Barbican roadmap (splitting kms/cms in v2), and 1 for Federation
20:24:08 <rellerreller> What about encryption as a service?
20:24:15 <rellerreller> Or would that fit into v2 discussion?
20:24:35 <redrobot> rellerreller I think it could definitely fit into a v2 discussion
20:24:43 <redrobot> rellerreller do you think it needs a fishbowl of its own?
20:24:47 <elmiko> chellygel: lol
20:25:08 <rellerreller> No, but the description you gave I was not sure what was under that tent.
20:25:14 * redrobot prefers maid café over gundam
20:25:30 * silos1 pokes his head in after hearing federation
20:25:32 <chellygel> redrobot, its a gundam dressed as a maid.
20:25:38 * chellygel stops being bad and shuts up
20:25:40 * elmiko facepalms
20:26:17 <redrobot> rellerreller what all is included is open for discussion... just figured v2 would be of interest to the wider community
20:26:52 <rellerreller> I agree that lots will be interested. I think v2 discussion is definitely fish bowl worthy.
20:26:54 <redrobot> silos1 I was thinking about using the federation fishbowl to gather use cases from the community
20:27:09 <silos1> silos that sounds like a good plan.
20:27:20 <alee> redrobot, encryption as a service sounds like something we'd want to get feedback/use cases on
20:27:33 <redrobot> silos1 also maybe have a high level architecture ready ... depending on how much we can get done before the summit.
20:27:54 <silos1> redrobot: I came up with a new design today. I can upload it later on.
20:27:54 <alee> redrobot, not sure you could do both v2 and eaas in same fishbowl
20:28:18 <silos1> redrobot: I don't know if I'm going yet to Tokyo though so I might be with you guys in spirit.
20:30:02 <redrobot> alee I think that actually fleshing out the v2 api would be done in design sessions... I'm thinking the fishbowl would be to tell the community which way we're headed, and get use cases/requirements for v2
20:30:03 <elmiko> probably should talk with reaperhulk about EaaS, he and i talked about it in vancouver and he had some really good thoughts, and criticisms.
20:31:05 <redrobot> elmiko +1
20:31:16 <redrobot> elmiko I'm still crossing my fingers that reaperhulk will be able to attend
20:31:29 <elmiko> redrobot: that would be cool
20:33:09 <alee> redrobot, ok thats fine then
20:33:39 <redrobot> cool, I'll only be asking for 2 fishbowls then
20:33:46 <redrobot> I'm going to keep the design sessions at 10
20:34:11 <redrobot> but it seems we may be space challenged (think Paris o_O)  ... so we'll see how much time we'll actually get
20:34:29 <elmiko> sounds like there are more, but smaller, rooms
20:35:01 <redrobot> the Vancouver space was ideal... I wish we could just go back there...
20:35:19 <elmiko> sigh... you and me both ;)
20:35:32 <redrobot> but hopefully we'll be able to stay busy all 4 days
20:35:53 <redrobot> and that's all I have for the agenda today
20:35:57 <redrobot> #topic Open Discussion
20:36:20 <elmiko> redrobot, kfarr, since barbicanclient has been updated, i assume castellan will get one soon?
20:36:28 <apmelton> just wanted to introduce myself, I'm Andrew Melton from the magnum team
20:36:42 <redrobot> hi apmelton !
20:36:45 <elmiko> hi apmelton
20:36:59 <kfarr> elmiko, a new release, you mean?  Hi apmelton!
20:37:00 <apmelton> I had a question from the group that's working on our barbican interaction
20:37:04 <elmiko> kfarr: yea
20:37:23 <redrobot> apmelton what's up?
20:37:53 <dave-mccowan> o/
20:37:57 <apmelton> during our mid-cycle we talked about barbican supporting a different CA per cluster
20:37:57 <redrobot> elmiko I'm just waiting on kfarr to poke me for a release...  although I'm half tempted to submit a patch to remove "common" from the namespaces
20:38:05 <apmelton> I was wondering if there's been any progress on that
20:38:07 <kfarr> elmiko, yes, thinking after this one gets in https://review.openstack.org/#/c/208569/
20:38:09 <apmelton> and/or blueprints I could follow
20:39:11 <elmiko> redrobot: you don't like the common package?
20:39:29 <redrobot> elmiko nope... not sure what it's "common" to...
20:39:30 <elmiko> kfarr: thanks, i'll try to get a few more reviews in ;)
20:39:31 <alee> apmelton, yeah - there is a blueprint that I wrote ..
20:39:38 <alee> apmelton, just a sec ..
20:39:48 <elmiko> redrobot: oh right, it was part of the patch series for the cert stuff
20:40:30 <kfarr> "common" was really sort of a relic from the cinder and nova implementations
20:40:34 <alee> apmelton, https://review.openstack.org/#/c/187236/
20:40:44 <elmiko> kfarr: interesting..
20:41:11 <alee> apmelton, I'm going to be working on implementing this over the next couple of weeks or so.
20:41:18 <alee> 2-3 weeks
20:41:39 <apmelton> alee: cool, I'll keep an eye out for the work
20:42:00 <apmelton> I don't think we're blocked on it yet, but if we are I'll be sure to bring it up
20:42:30 <alee> apmelton, yup - please do.  I'm perfectly happy to have someone ready to test whatever I have
20:42:39 <lisaclark1> apmelton: i'm interested in your plans for magnum + barbican integration.  i noted on your midcycle meetup minutes that it looked like magnum was moving forward with anchor as a phase 1 plan
20:43:16 <apmelton> lisaclark1: yea, phase one is to use a library and have magnum issue CAs itself
20:43:38 <apmelton> I think we've moved from anchor to crytography.io
20:43:38 <lisaclark1> apmelton: and phase 2 is integration with barbican?
20:43:46 <apmelton> that's correct
20:43:58 <apmelton> and note, this is for CA
20:44:12 <apmelton> I believe we're going to support barbican for storage from the get-go
20:45:03 <lisaclark1> apmelton: awesome!  magnum + barbican for key storage in phase 1, magnum + barbican for CA capabilities as phase 2
20:45:12 <apmelton> that's correct
20:45:46 <lisaclark1> thanks apmelton.  i might ping you offline at some point to better understand the magnum + barbican CA integration needs.
20:45:55 <apmelton> sounds good lisaclark1
20:46:36 <redrobot> alrighty, anything else while we're all here?
20:46:48 <dave-mccowan> Topic: Python 3.  Pradeep was on the channel early this morning. He's in Japan (I think), so this meeting time is not good for him.  He's been submitting patches to get Barbican Python 3 ready, and has asked for more reviews and feedback on his patches.
20:46:53 <rm_work> redrobot: I'm resurrecting another of my old zombie patches: https://review.openstack.org/#/c/167885/
20:47:13 <redrobot> rm_work oh nice
20:47:20 <rm_work> because integration is frustrating when projects need to include barbican in their devstack installs :P
20:47:26 <redrobot> rm_work I saw y'all are trying to get a devstack gate going?
20:47:27 <rm_work> so this would make it a lot simpler
20:47:30 <rm_work> yes
20:48:08 <rm_work> might need help making this work with YOUR gates though
20:48:18 <rm_work> so if whoever handles your gate stuff could hit me up
20:48:24 <rm_work> I am not super familiar with it
20:48:39 <redrobot> rm_work you can grab me IRL if you want... I'm pretty familiar with our gate setup
20:48:43 <rm_work> kk
20:49:00 <arunkant> redrobot: review request for barbican client changes. Have not seen review happening on client side.
20:49:07 <rm_work> honestly the actual project changes are pretty trivial
20:49:21 <redrobot> dave-mccowan I saw that
20:49:38 <redrobot> dave-mccowan as we start getting more APAC contributors we may want to consider alternating meetings like other projects do
20:51:36 <redrobot> arunkant I'll try to review soon... we also have some of Fernando's patches in the client that have been pending reviews for a while
20:51:56 <redrobot> arunkant it's part of the reason I was suggesting lowering the core reviews needed to merge
20:53:11 <redrobot> anything else before we call it a day?
20:53:58 <woodster_> Joined late, forgot to...
20:54:05 <woodster_> o/
20:54:16 <redrobot> woodster_ I'm going to need you to stay after to make up the time. ;)
20:54:28 <elmiko> haha
20:54:44 <woodster_> Ha, will do
20:55:18 <redrobot> alrighty guys, thanks for coming
20:55:24 <redrobot> #endmeeting