18:08:48 #startmeeting OpenStack Security Group 18:08:49 Meeting started Thu Feb 7 18:08:48 2013 UTC. The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:08:50 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:08:52 The meeting name has been set to 'openstack_security_group' 18:09:14 Ok, let's begin 18:09:32 #topic Storage Encryption Status 18:09:49 Could the parties involved in the storage encryption efforts provide a status update? 18:09:55 Intel and APL, if you're here 18:10:17 Volume encryption code has been submitted, but we are still awaiting reviews and acceptance 18:10:46 #link https://review.openstack.org/#/c/21269/ 18:10:51 BTW, I have a bunch of feedback - enough that its not right for IRC, any idea on the mail list? That would be a good place for this. 18:11:05 #link https://review.openstack.org/21264 18:11:15 #link https://review.openstack.org/21262 18:11:46 What do you mean by any idea on mail list? 18:11:58 ok, I'm happy to look over the code 18:12:12 In our first IRC meeting, it was mentioned that a mail list was being setup for this group. 18:12:16 but I assume you need reviews from specific parties? 18:12:30 ahh, for this let's just use the general dev list 18:13:00 I'm not exactly sure of the approval process. I need core reviewers. 18:13:11 But I appreciate feedback from everyone! 18:13:21 ok, so here's what I will do: 18:13:30 I have ping'ed the Swift developers we have at Rack - I'm waiting a response. 18:13:32 #action Bryan to review the APL code 18:13:44 I am book with threat models but can walk over there on Friday 18:13:53 #action Bryan to figure out formal review process by talking with PTLs and help move that along 18:14:01 Thanks! 18:14:12 np 18:14:36 Our spec for volume encryption will help to give you an idea for our code design 18:15:10 sounds good 18:15:22 any other things we should know about the APL side? 18:15:40 if not, anyone from Intel here want to provide a status update? 18:15:42 I can't think of anything off hand 18:16:05 I think it's also important to mention that, especially on the key management front, this is a first version to get people able to try out our code 18:16:18 ok 18:16:19 We know that we haven't solved all the key management issues yet. 18:16:30 with that said… are you wanting to get this into Grizzly or ? 18:16:43 Yes, grizzly is our goal 18:16:49 ok 18:17:03 alright, I'm not hearing from Intel, so we can move on to the next topic 18:17:13 #topic Hardening Guide 18:17:39 The hardening guide hasn't move forward much since last week. I've been a touch busy/ 18:17:43 Did you take a look at the small changes I made to the outline? 18:17:52 No, I missed that 18:18:05 I can spend some time putting the .tex files into a shape that reflects the outline over the weekend. 18:18:08 Hrm, I need to get better notifications setup, aparently 18:18:16 sounds great 18:18:23 Just a few small changes, don't recall exactly. Need more time to spend on these things. 18:18:38 In other news, HP Cloud should be adding some content in the near future. 18:18:45 excellent 18:19:10 I am planning to work on this some… just slowly bubbling up the stack 18:19:20 Need to get it out of this bootstrap phase. 18:19:22 and I'm, of course, open to other's getting involved as well 18:19:28 Absolutely! 18:19:36 someone from Red Hat expressed interest last week 18:19:42 I'll resync with him as well 18:19:56 Cool. I spoke to a few people who were interested at the weekend while at FOSDEM. 18:20:14 BTW, the OWASP OpenStack Security project was announced yesterday to ~36,000+ community members 18:20:25 nice! 18:20:35 I've already gotten some requests to join the project. We'll see what happens by the next meeting 18:20:52 #topic Open Discussion 18:21:05 mtesauro can you provide details on that effort? 18:21:13 should this group and that group sync in some way or ? 18:21:14 https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project 18:21:32 Seems like mtesauro is the guy to talk to/sync with. 18:21:33 #link https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project 18:21:40 Yup that's the URL. I need to add some real content and I got the mail list info this AM 18:22:19 It is basically an attempt to draw people from OWASP into OpenStack to help with security testing, review etc. 18:22:29 I 18:22:31 yeah, very much needed 18:22:39 Sounds like a good idea. 18:22:49 I've been in both groups and there's a good opportunity for great interactions 18:23:22 sounds good… please do keep this group posted and let us know if there's anything we can do to help facilitate that work 18:23:45 No problem. I'm going to give it a couple of days for people to join then rally the troups. 18:23:57 ok 18:24:17 Some of what happens will depend on the skill set/interest of the people from OWASP 18:24:26 I'm not worried about running out of work 18:24:36 Also wanted to briefly mention the Security Note on LXC since hyakuhei is here 18:24:54 Per discussion at last week's meeting, I think that the note is ready to go, you want to push it out or ?? 18:25:26 you == hyakuhei :-) 18:25:28 Sure I'll do it tomorrow with any luck 18:25:33 sounds good 18:25:44 any other discussion? 18:25:50 Mailed to the -dev ML with a little boilerplate explaining what an OSN is etc. 18:26:24 I've no other business other than apologies for being late. 18:27:51 ok, sounds good 18:27:57 I was late too… it happens! 18:28:03 thanks everyone! 18:28:11 No worries. 18:28:11 #endmeeting