#openstack-meeting: OpenStack Security Group

Meeting started by bdpayne at 18:00:17 UTC (full logs).

Meeting summary

  1. House Keeping (bdpayne, 18:01:23)
    1. http://wiki.debian.org/MeetBot (bdpayne, 18:02:00)
    2. Meetings should last 30 min (or less) (bdpayne, 18:02:44)
    3. I'll post the meeting minutes online after each meeting (bdpayne, 18:03:15)
    4. http://wiki.openstack.org/Meetings/OpenStackSecurity (bdpayne, 18:03:17)
    5. I encourage everyone to subscribe to the mailing list, if you haven't already: openstack-ossg@lists.launchpad.net (bdpayne, 18:03:59)
    6. https://launchpad.net/~openstack-ossg (bdpayne, 18:04:18)

  2. Introductions (bdpayne, 18:05:01)
    1. Many of you have met me at the summit / online… I'm Bryan Payne and I'm working at Nebula… OpenStack and related security tasks are my day to day job (bdpayne, 18:05:59)
    2. Security Architect at HP. Started OSSG with Bryan. Speaking at summits etc. (hyakuhei, 18:06:41)
    3. I'm Matt Tesauro, I am the lead of the product security engineers at Rackspace. Was at the last summit and will be at the next. OpenStack is also part of my normal work with Rackspce (mtesauro, 18:07:16)
    4. I'm Laura Glendenning, I'm a software developer at JHU Applied Physics Lab and am currently leading our OpenStack project here. I was at the last summit and my team is working on security-related features. (lauraglendenning, 18:08:02)
    5. Esteban Gutierrez, IT security for Intel. Working on security requirements for openstack deployments. (estebang9, 18:08:04)
    6. I'm Lars Lehtonen, I'm mostly working around Swift in our deployment right now. (alrs, 18:08:49)

  3. Mailing list (bdpayne, 18:09:49)
    1. We currently have a mailing list setup on launchpad, but there is a move afoot to change this to a mailman list (bdpayne, 18:10:21)
    2. In progress. It got lots in the summit setup noise - I'll email Stefano about it again. (hyakuhei, 18:11:11)

  4. Security Notes (bdpayne, 18:13:58)
    1. We have been asked to occasionally provide "Security Notes" for the OpenStack community (bdpayne, 18:14:20)
    2. https://bugs.launchpad.net/osn/+bug/1098582 (bdpayne, 18:15:34)
    3. these are designed to be more timely than the security guide… and sometime that we can produce on demand and/or as we see the need (bdpayne, 18:16:57)

  5. Security Guide (bdpayne, 18:18:48)
    1. @hyakuhei has put together a repo and some initial templates for the security guide (bdpayne, 18:19:38)
    2. https://bugs.launchpad.net/osn (bdpayne, 18:22:45)
    3. https://github.com/hyakuhei/OSSG_Hardening_Guide (bdpayne, 18:24:00)
    4. Note the outline.txt file as a first cut at the guide outline (bdpayne, 18:24:35)
    5. ACTION: We should review that outline and get happy with it so that we can begin working on the writing as a group (bdpayne, 18:25:05)
    6. Beyond my work with OpenStack, I'm also heavily involved in OWASP - International OpenSource Foundation working on application security (mtesauro, 18:30:37)
    7. I have just started an OWASP OpenStack Security project with the goal of bringing the two communities together. (mtesauro, 18:30:45)

  6. Storage Encryption (bdpayne, 18:32:50)
    1. https://blueprints.launchpad.net/swift/+spec/encrypted-objects (bdpayne, 18:35:10)
    2. https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes (bdpayne, 18:35:20)
    3. that's all I had for today… thanks everyone for attending! (bdpayne, 18:36:01)


Meeting ended at 18:36:27 UTC (full logs).

Action items

  1. We should review that outline and get happy with it so that we can begin working on the writing as a group


People present (lines said)

  1. bdpayne (88)
  2. mtesauro (16)
  3. sriramhere (15)
  4. hyakuhei (13)
  5. estebang9 (6)
  6. Randy_Perryman (3)
  7. openstack (3)
  8. malini (2)
  9. uvirtbot (1)
  10. lauraglendenning (1)
  11. alrs (1)
  12. benj__ (1)


Generated by MeetBot 0.1.4.