18:02:21 <bdpayne> #startmeeting OpenStack Security Group
18:02:22 <openstack> Meeting started Thu Jul 25 18:02:21 2013 UTC.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:23 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:25 <openstack> The meeting name has been set to 'openstack_security_group'
18:02:46 <bdpayne> hi OSSG… who do we have here today?
18:03:12 <joel-coffman> hey
18:03:16 <bpb> hello
18:03:30 <bdpayne> hey guys
18:03:55 <bdpayne> I'm hoping hyakuhei is around too
18:04:27 <malini1> hello
18:04:55 <bdpayne> alright, let's get started
18:05:11 <bdpayne> #topic Previous Action Items
18:05:22 <bdpayne> I heard from thomasbiege
18:05:46 <bdpayne> he said that he wouldn't make it, but he has been pushing ahead with seeing how we can integrate more security testing into openstack
18:05:50 <bdpayne> so that's great
18:06:19 <bdpayne> I also heard from hyakuhei and he's making good progress on organizing the security issues from the book sprint
18:06:32 <bdpayne> any other previous actions items that people can speak to?
18:06:55 <joel-coffman> none here
18:07:04 <bdpayne> malini1 I believe you were going to work on an OSSN for libvirt authentication issues?
18:07:14 <malini1> I have a little patch working its way to force authentication even on libvirt readonly connections
18:07:46 <malini1> hopefully in a day or two it gets comitted -- but that might be famous last words!
18:07:48 <bdpayne> is that a libvirt patch or a nova patch?
18:07:53 <malini1> nova
18:07:59 <bdpayne> got it
18:08:15 <bdpayne> so will this also be written up as an OSSN?
18:08:21 <malini1> cross checked with Danioel Berrange and Robert Clark that it would be a good thing to have before going ahead
18:08:38 <malini1> should we?
18:08:49 <bdpayne> not sure, I'm not as familiar with the issue involved
18:08:54 <bdpayne> do you have a link to the code review?
18:09:16 <malini1> https://review.openstack.org/#/c/38603/
18:09:23 <malini1> i have to add better commit comments
18:10:17 <malini1> check on it later
18:10:23 <bdpayne> ok, can do
18:10:25 <malini1> BTW, I got my hard copies of the book
18:10:44 <bdpayne> me too :-)
18:10:54 <bdpayne> #topic OpenStack Summit
18:11:16 <bdpayne> For anyone who is interested, the call for speakers is closing on July 31
18:11:23 <bdpayne> http://www.openstack.org/summit/openstack-summit-hong-kong-2013/become-a-speaker/
18:11:53 <bdpayne> it's always good to have lots of security chatter at the summits
18:12:09 <bdpayne> I know of several security talks submitted already
18:12:21 <bdpayne> but, there's really no such thing as too many submissions
18:12:23 <bdpayne> :-)
18:12:30 <bdpayne> anyone else planning on submitting a talk?
18:12:57 <malini1> this is for main session correct, design sessions will go a ways into Sept/Oct
18:12:58 <joel-coffman> we're thinking of doing another design session
18:13:04 <bpb> APL is planning on a design session for the ephemeral disk encryption
18:13:10 <bdpayne> correct, thanks for the clarification malini1
18:13:16 <bdpayne> this is just for the main session
18:13:29 <bdpayne> so there's still time on the design session
18:13:39 <bdpayne> ephemeral disk encryption sounds nice
18:14:17 <bdpayne> joel-coffman feel free to run ideas by the group here, or on the email list prior to your submission
18:14:19 <malini1> Joel-coffman -- thinking a joint "workshop" with you guys and the barbican folks to set up and use key manager would be good for volume encryption
18:14:23 <bdpayne> if that's helpful
18:14:46 <malini1> once the swift folks did a workshop and it gets people familiar
18:14:47 <bdpayne> that would be handy… a tutorial on volume encryption + key management
18:15:24 <joel-coffman> yes, that probably would be a good session
18:15:29 <malini1> folks come in and leave with a VM with everything loaded kind of thing
18:15:58 <malini1> BTW, I am thinking of doing one on geo-tagging -- design session
18:16:01 <joel-coffman> not sure if I can get it approved by our sponsor in time though
18:16:01 <bdpayne> that would probably be something for the main conference, rather than a design session
18:16:19 <bdpayne> sorry "that" was a reference to the encryption + key management tutorial
18:16:26 <malini1> the volume encryption code is open source
18:16:39 <joel-coffman> bdpayne: agreed
18:16:57 <bdpayne> I suspect that joel-coffman has additional gates to get permission to speak… even if the code is already out there
18:16:58 <malini1> and key management open source, so it would not be more exposure t han doing the workshop
18:17:15 <malini1> ah, :-(
18:17:31 <bdpayne> joel-coffman one option could be to let someone else be listed on the talk and you could be a last minute addition if you get approval
18:17:48 <joel-coffman> yes, and our volume encryption code is still work in progress as we resolve some lingering issues on the Cinder side
18:17:51 <malini1> yes, the workshop would be more for main conference
18:17:56 <malini1> it is real working stuff
18:18:28 <bdpayne> so...
18:18:50 <bdpayne> #action malini1 and joel-coffman to sort out the idea of a main conference session on key management and volume encryption
18:19:02 <bdpayne> sound reasonable?
18:19:17 <malini1> yes
18:19:22 <joel-coffman> yes, sounds reasonable
18:19:32 <bdpayne> great, thanks guys
18:19:43 <bdpayne> #topic Open Discussion
18:19:51 <bdpayne> I don't have anything else specific this week
18:20:00 <bdpayne> Anyone else have something to discuss?
18:20:21 <joel-coffman> no, quiet week
18:20:32 <bpb> I don't either
18:20:43 <bdpayne> malini1?
18:20:48 <malini1> nothing thank you
18:20:54 <bdpayne> ok then
18:20:57 <bdpayne> thanks everyone
18:20:59 <malini1> bye
18:21:02 <joel-coffman> cheers
18:21:07 <bdpayne> I'll be out next week, but I'll find someone to run the meeting
18:21:08 <bpb> see you
18:21:12 <bdpayne> so that's just an fyi
18:21:17 <bdpayne> cheers
18:21:26 <bdpayne> #endmeeting