#openstack-meeting log

13:00:37 <Luzi> #startmeeting image_encryption
13:00:38 <openstack> Meeting started Mon Nov  9 13:00:37 2020 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:39 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:41 <openstack> The meeting name has been set to 'image_encryption'
13:00:48 <Luzi> #topic Roll Call
13:01:20 <fungi> hey there
13:01:26 <Luzi> hi fungi
13:01:31 <rosmaita> o/
13:02:30 <redrobot> 🙋🏽‍♂️
13:03:39 <Luzi> okay lets start
13:03:51 <Luzi> #topic Barbican Consumer API Update
13:04:05 <Luzi> redrobot, are there news from the barbican side?
13:04:15 <redrobot> No update, really... I've been working on getting the stable branches in good health.
13:04:31 <redrobot> Should be able to get back to Consumers this week.
13:05:07 <Luzi> well that's important too, and nice to hear you have the secret consumers on your list
13:05:15 <Luzi> #topic Image Encryption WIP-Patches
13:06:29 <Luzi> nothing new since the ptg, mhen and i are discussing whether to use python-gnupg or gpgme as a library (we never heard of the latter before someone mentioned it in the requirements spec)
13:07:11 <Luzi> if there will be any changes, it would only affect the os-brick patch and the requirements patch
13:08:38 <rosmaita> ok
13:08:50 <Luzi> do you have any questions regarding the patches?
13:10:35 <rosmaita> no, i guess the requirements team can help you work out the issues on python-gnupg vs gpgme
13:11:03 <rosmaita> although i wonder whether the security team has suggestions
13:12:13 <fungi> keeping fewer gnupg frontend libraries in the global requirements list would be preferable
13:12:36 <Luzi> yeah i already was working through the list with questions for the requirement, which already gives a good indication
13:12:51 <fungi> smaller surface area around calls to it, fewer libraries which might have security bugs in the critical key handling paths
13:14:13 <Luzi> that's right, i really want to look through both libraries before we decide
13:14:41 <fungi> if neither is used yet, i don't really have any immediate concerns but i also haven't compared the activity level and overall health for those
13:15:12 <Luzi> there is no library used right now which provides gpg
13:15:52 <fungi> yeah, in that case, i'd say let common sense prevail as to which looks like a healthy, supported and reasonably stable project
13:15:58 <Luzi> okay
13:16:43 <Luzi> #topic Open Discussion
13:17:01 <Luzi> are there any other topics you would like to discuss?
13:20:52 <fungi> i didn't have any
13:22:09 <Luzi> okay, thank you for joining this meeting and have a nice week
13:22:18 <Luzi> #endmeeting image_encryption