#openstack-meeting-alt log

16:59:32 <knikolla> #startmeeting keystone
16:59:33 <openstack> Meeting started Tue Sep 15 16:59:32 2020 UTC and is due to finish in 60 minutes.  The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:59:36 <openstack> The meeting name has been set to 'keystone'
16:59:39 <knikolla> o/
16:59:43 <cmurphy> o/
17:00:09 <lbragstad> o/
17:00:40 <vishakha> o/
17:00:50 <gagehugo> o/
17:02:27 <knikolla> #topic vPTG Schedule
17:02:46 <knikolla> I have gone ahead and booked Thu-Fri 13.00-17.00 UTC for the vPTG
17:02:57 <vishakha> +1
17:02:58 <knikolla> So two 4 hour blocks
17:03:31 <knikolla> I'm going to schedule the topics into 50 minute slots with 10 minute breaks in those days.
17:04:59 <knikolla> #topic Victoria Release in 1 Month
17:05:15 <knikolla> We're also exactly one month (-1 day) from the Victoria release
17:05:38 <knikolla> So any bug fixes that you think are critical should be merged now, and backported as soon as we can
17:06:05 <knikolla> #link https://review.opendev.org/#/c/731087/
17:06:23 <knikolla> I would like to see that make it in
17:06:55 <knikolla> But otherwise I think we don't have any release blockers?
17:07:02 <knikolla> Thoughts?
17:10:34 <gagehugo> none here
17:12:03 <knikolla> hmmm, okay.
17:12:09 <knikolla> moving on then.
17:12:23 <knikolla> #topic Review Requests
17:14:13 <vishakha> Thanks knikolla for sharing the links in meeting etherpad
17:14:14 <knikolla> I already pasted this in the previous topic, but pasting it again
17:14:15 <knikolla> #link https://review.opendev.org/#/c/731087/
17:14:22 <knikolla> of course :)
17:15:18 <cmurphy> #link https://review.opendev.org/743853 tempest clients for limits
17:15:25 <cmurphy> should be an easy one, doesn't depend on anything
17:15:45 <knikolla> thanks cmurphy
17:15:59 <cmurphy> #link https://review.opendev.org/743703 support sasl for memcached
17:16:12 <cmurphy> that one has been sitting for a while, i only just started looking at it but it looks straightforward
17:16:23 <cmurphy> only thing is i can't remember where we are wrt oslo.cache in ksm
17:19:23 <lbragstad> i though we moved oslo.cache
17:19:27 <lbragstad> thought*
17:20:01 <lbragstad> i thought someone from gagehugo's team at at&t proposed that patch?
17:20:57 <gagehugo> yeah I thought the discussion was to do that in oslo.cache
17:21:07 <gagehugo> lbragstad: yeah we discussed this years ago now haha
17:21:25 * lbragstad feels old
17:21:30 <lbragstad> s/feels/is/
17:21:33 <cmurphy> lol
17:21:34 <knikolla> time flies
17:22:02 <lbragstad> i should just go back to barking at people from my front porch
17:22:46 <knikolla> are there any people to bark at where you are?
17:22:56 <lbragstad> it's rare
17:23:03 <cmurphy> it doesn't seem like that move was completed because there's still an "import memcache" in ksm
17:23:06 <lbragstad> which is what makes it special
17:23:15 <lbragstad> dang
17:24:48 <gagehugo> hmmm
17:26:40 <cmurphy> mmk well this one might need some digging
17:28:07 <gagehugo> iirc we were more concerned about the encryption of memcached data at rest, rather than the protocol to talk to memcache
17:28:37 <lbragstad> another concern is the fact that memcached just rolled out support for tls
17:28:48 <lbragstad> so - even if you encrypt data at rest, data on the wire is in plaintext
17:29:13 <lbragstad> unless you hack in a client to use tls and bolt on tls to your memcached service via a apache proxy
17:29:38 <lbragstad> wait - i have that backwards
17:29:57 <lbragstad> encrypting data at rest would be a workaround for the tls issue
17:30:52 <cmurphy> the change in question is about using SASL for transport not about encryption at rest
17:31:06 <knikolla> ++
17:32:10 <gagehugo> sidecar proxy tls everything
17:32:30 <gagehugo> cmurphy: yeah I took a closer look, it's different than what we brought up
17:32:51 <lbragstad> i'm in favor of the sasl work, i think there is someone on my team that is going to take a look at it
17:32:57 <lbragstad> i haven't had the time to thoroughly review it
17:33:50 <lbragstad> ideally,  it would be nice to implement sasl, encryption of data at rest, and also use tls (that would address all the current security concerns i have with memcached)
17:34:12 <lbragstad> so - i'll take at least one of those :)
17:34:28 <knikolla> cool :)
17:35:20 <knikolla> anything else on the topic or can we move on?
17:35:32 <cmurphy> nothing from me
17:37:00 <knikolla> #topic Bugs
17:37:30 <knikolla> There didn't seem to be anything worth bringing up to the meeting.
17:38:23 <knikolla> #topic Open Floor
17:43:56 <knikolla> thanks all
17:43:58 <knikolla> #endmeeting