13:00:37 <Luzi> #startmeeting image_encryption
13:00:37 <openstack> Meeting started Mon Nov 16 13:00:37 2020 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:38 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:40 <openstack> The meeting name has been set to 'image_encryption'
13:00:44 <Luzi> #topic Roll Call
13:00:46 <redrobot> \o
13:00:52 <Luzi> hi redrobot
13:00:55 <rosmaita> o/
13:01:01 <fungi> ahoy!
13:01:03 <Luzi> hi rosmaita
13:01:06 <Luzi> hi fungi
13:01:08 <rosmaita> hello
13:01:37 <Luzi> ok lets start
13:01:47 <Luzi> #topic Barbican Consumer API Update
13:01:58 <Luzi> are there updates on Barbican side?
13:02:14 <redrobot> A little bit of progress on the Microversions patch
13:02:22 <redrobot> Consumers will be part of Microversion 1.1
13:02:33 <redrobot> still a couple of weeks out of a patch, I think
13:02:44 <Luzi> okay, thank redrobot
13:03:10 <Luzi> #topic Image Encryption WIP-Patches
13:03:54 <Luzi> well no news from side
13:04:39 <tosky> nothing from me
13:04:45 <tosky> ups, wrong topic
13:04:50 <tosky> sorry
13:04:53 <Luzi> XD
13:05:02 <Luzi> no need to worry tosky :)
13:05:24 <Luzi> #topic Open Discussion
13:05:35 <Luzi> is there anything you want to talk about?
13:06:21 <fungi> nope, i didn't have anything to bring up
13:06:24 <rosmaita> i haven't looked at your brick patch lately, what's the status of that?
13:07:14 <Luzi> status is, that only the dependency needs to be decided - after that it should be good to go
13:08:05 <Luzi> we currently use python-gnupg, but need some time to decide on whether we stay with it or change to gpgme...
13:08:20 <rosmaita> ok, that's what i was going to ask
13:08:27 <rosmaita> you are still looking into that?
13:09:11 <Luzi> i would like to test it completely, to be aware of any side-effects
13:10:04 <Luzi> but we currently have another project ongoing, so I hardly time to work on it, until end of november
13:10:09 <Luzi> :(
13:10:23 <rosmaita> yeah, that's the way things work!
13:10:42 <rosmaita> redrobot: do you have any opinion on gpgme vs python-gnupg ?
13:12:05 <redrobot> rosmaita, I don't have enough experience with those to have one.
13:12:50 <rosmaita> ok
13:13:55 <fungi> and neither are included in global requirements yet, so there's no incentive for one over the other there
13:14:23 <rosmaita> yeah, Luzi, looks like you are on your own
13:15:23 <Luzi> i know :D
13:15:49 <fungi> i suppose there's one reason to pick python-gnupg
13:15:59 <fungi> gpgme is a wrapper around gnupg
13:17:02 <Luzi> python-gnupg is also a wrapper around gnugp
13:17:29 <fungi> yes, but the python gpgme module is a wrapper around libgpgme which is a wrapper around gnupg
13:17:52 <Luzi> wrapper inception
13:17:56 <fungi> so using it, both the libgpgme wrapper and gnupg are binary dependencies for the project
13:18:15 <fungi> python-gnupg would have slightly fewer c lib/bin deps
13:18:24 <Luzi> that would indeed be a point for python-gnugp
13:18:53 <fungi> not a huge concern, but worth keeping in mind when comparing
13:19:04 <Luzi> you are right
13:19:15 <fungi> gpgme is basically a higher-level abstraction over gnupg
13:21:37 <fungi> gpgme might make it easier to not make crucial security-related mistakes when invoking gnupg, but it also adds more opportunities for bugs in the critical security path with sensitive plaintext and key management
13:22:11 <fungi> just by way of there being more software involved and more abstraction layers
13:23:01 <fungi> that said, i still don't have a strong opinion for one vs the other, sorry :/
13:25:51 <Luzi> thank you fungi for your help :)
13:27:10 <Luzi> i think i will stay with python-gnupg, but i have to talk to my colleges first
13:27:24 <Luzi> is there anything else you would like to talk about?
13:27:42 <rosmaita> nothing from me
13:28:59 <fungi> noyhing here either, thanks Luzi!
13:29:13 <Luzi> thank you for joingin this meeting and have a nice week
13:29:22 <Luzi> #endmeeting image_encryption