18:03:17 <hyakuhei> #startmeeting openstack security group
18:03:18 <openstack> Meeting started Thu Aug 29 18:03:17 2013 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:03:19 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:03:21 <openstack> The meeting name has been set to 'openstack_security_group'
18:03:31 <hyakuhei> Good morning/evening everyone!
18:03:36 <malini1> hello hyakuhei!!!!! long time
18:03:37 <sriramhere> hi there
18:03:46 <rellerreller> hello
18:03:52 <bpb> hi
18:04:05 <hyakuhei> Should we do a quick who's who? I see a lot of familiar faces.
18:04:13 <hyakuhei> s/faces/nics/ heh.
18:04:24 <malini1> malini1 is still malini bhandaru from Intel
18:04:38 * hyakuhei is Rob C from HP Cloud Services
18:04:50 <bpb> Bruce B from APL
18:04:53 <rellerreller> nate reller from APL
18:04:56 <sriramhere> sriramhere is Sriram, an independent consultant, based off in Seattle.
18:05:18 <hyakuhei> ok. great. Looks like we've got the usual suspects
18:05:19 <rlp> Randy Perryman - Dell
18:05:44 <malini1> hello rlp! first time?
18:05:56 <hyakuhei> I think he's been a lurker in the past perhaps...
18:06:21 <hyakuhei> Great so how is everybody, ready to take security to the next level? Lets go over some outstanding tasks!
18:06:27 <rlp> I have been on the session off/on for the last year
18:06:30 <hyakuhei> #topic Actions From Previous Meetings
18:06:52 <hyakuhei> Right, I see actions for Bryan who I think is on a plane right now and sriramhere who is here. sriramhere any updates?
18:07:10 <sriramhere> i followed up with Thierry on adding tag 'SecurityImpact' to the blueprints
18:07:19 <sriramhere> unfortunately, no easy way as of now.
18:07:40 <sriramhere> what was suggested is to document the process of how OSSG can be involved during the design phase
18:08:04 <hyakuhei> Yeah, that's tricky
18:08:24 <malini1> Bryan had mentioned on the on the mailing list that he had someone lined up to create th OSSG logo
18:08:24 <hyakuhei> we're missing a whole bunch of 'how to get involved' typed documentation and processes
18:08:31 <sriramhere> may be we could add this to the wiki that Bryan was working on?
18:08:50 <hyakuhei> Yeah, I think that should be sorted soon. We're still waiting from agreement from the OpenStack people on wether we can use it or not
18:09:18 <malini1> bryan showed us his wiki on how to get involved, pretty detailed and complete
18:09:30 <hyakuhei> Ok, it's not against my name already but I'm going to do my best to get the 6 OSSNs that are currently in the queue published
18:09:48 <thomasbiege> hi
18:09:52 <hyakuhei> malini1: yeah, I helped with that a little bit, it's a big step forward for sure but we could do more to help new guys
18:09:53 <thomasbiege> sorry for being late
18:09:53 <sriramhere> malini1, may be just add a section on the same wiki to see how we can be involved early on?
18:09:59 <hyakuhei> hi thomasbiege
18:10:18 <malini1> on the cert checking OSSN, i took a look but could not think of what more to add. you and theirry had covered it all and there really is no work around today
18:10:30 <rellerreller> Maybe PTLs could alert us of BPs that they want added to next release
18:10:42 <rellerreller> That would be a good time for us to review IMHO
18:11:14 <rellerreller> That way we are reviewing relavent BPs. That's my thinking.
18:11:29 <hyakuhei> rellerreller: Yeah I think so. Does someone want to take an action for looking into that. Potentially we could get something added to the BP submission page, just indicating that they have a security resource available.
18:12:02 <sriramhere> wait - the tag was suggested to provide an easy way to alert us, rt?
18:12:14 <sriramhere> during the BP stage. but tag is not easy to add on.
18:12:23 <hyakuhei> Maybe I misunderstood, I didn't think tagging was going to work
18:12:32 <malini1> Also pro-actively we could assign a person from our group to do a weekly trawl on the BPs arriving for security impact
18:12:36 <sriramhere> right it wasn't
18:12:38 <hyakuhei> #action hyakuhei to publish OSSNs
18:12:51 <rellerreller> Maybe not a tag, but after PTL takes interest in BP and change priority then send us email
18:13:08 <hyakuhei> malini1: yes, I think that could work. Is there a nice way to receive email updates of new BPs?
18:13:11 <rellerreller> Not ideal, but it's something
18:13:30 <rellerreller> I don't know
18:13:38 <sriramhere> so the onus is on PTL/ BP creater then?
18:13:39 <hyakuhei> Sounds like an action :P
18:13:39 <malini1> hyakuhei -- no BP alerts I know of, just bug
18:13:50 <rellerreller> I can look into this
18:14:06 <hyakuhei> We could tool something up to trawl trivially enough, even if its with python-mechanize or something similar
18:14:25 <malini1> how about we assign folks to services they are interested, for big services, may be alternate folks on a weekly basis?
18:14:40 <hyakuhei> #action rellerreller to work out how the security team can monitor blueprints either by service or as a whole
18:14:53 <rellerreller> Sounds good
18:15:32 <hyakuhei> I think I'd like one or two 'editors' for OSSNs that I can get to check drafts before I send them out. Sending drafts to the ML generates a lot of noise and it's hard to know when to send
18:15:37 <sriramhere> anyone wants to take action on adding section to wiki on how OSSG can get involved?
18:15:58 <malini1> hyakuhei: on the cert checking OSSN, i took a look but could not think of what more to add. you and theirry had covered it all and there really is no work around today
18:16:01 <hyakuhei> sriramhere: volunteering? Bryan and I can help with that
18:16:01 <sriramhere> during desin stage that is
18:16:27 <sriramhere> OK, i can take a first stab on it
18:16:32 <hyakuhei> malini1: ok, I annotated where I thought it was a bit light, I can fill in those bits and publish it this week. Thanks for looking :)
18:17:05 <hyakuhei> #action sriramhere to look at adding OSSG involvement for design stage info to the security wiki
18:17:16 <hyakuhei> #topic Summit
18:18:02 <hyakuhei> Just a reminder to go find your favorite security topics and vote for them. Note that we don't have a security track this time around so the security content is contending with other technical content for very few slots - be kind to your security peers
18:18:32 <sriramhere> voting is complete, rt?
18:18:58 <hyakuhei> Sigh, it may be, I'm looking at the notes of things I wanted to say at the last meeting that I couldn't make.
18:19:47 <hyakuhei> Well, in that case cross your fingers that we have a decent turnout. I'm really disappointed that there's no dedicated security track. A year ago we had half a day, the last summit we had a full day and this summit has seen it absorbed into 'Technical Deep Dive'
18:20:21 <hyakuhei> I'm a track chair for Technical Deep Dive and I'll try to make sure there is a fair balance there but there's an aweful lot of content.
18:20:30 <hyakuhei> Right, what else?
18:20:33 <hyakuhei> #topic AOB
18:20:43 <sriramhere> agree, but this also gives us all days to show case security when and wherever applicable:)
18:20:50 <malini1> hyakuhei -- we will then disperse in the design sessions and keep ears open for security issues
18:21:07 <malini1> AOB?
18:21:25 <hyakuhei> malini1: Yup, thats where I met most of the folk here - by standing in the back of the room and pointing out all the terrible ideas!
18:21:32 <hyakuhei> AOB == Any Other Business
18:21:41 <malini1> :-)
18:22:05 <malini1> I took a stab at a glossary since I was constantly googling abbreviations for our security guide
18:22:13 <hyakuhei> Is anyone in a position to give a roundup on what's happeneing with Encryption? I guess a lot of weight is on Barbican for the KM part now
18:22:30 <hyakuhei> malini1: oh yes I need to look at that, is it still in open review?
18:22:44 <malini1> other than that Sriramhere and I have a pact to had 2 slides a day to the slide set for openstack security guide, hopefully by next meeting we have some draft to share with group
18:22:56 <malini1> yes hyakuhei
18:23:01 <rellerreller> It is still in open review. The Cinder code was accepted, but we are still waiting on the Nova piece
18:23:16 <hyakuhei> The cinder code was finally accepted, fantastic
18:23:39 <rellerreller> Nova wants us to support boot from volumes
18:23:47 <rlp> Looking forward to the security guide
18:23:53 <rellerreller> We are trying to get done by code freeze, but we don't know yet
18:24:02 <malini1> rellerreller, was Joel able to handle boot from an encrypted volume, i know russelb will stretch deadline for that
18:24:17 <hyakuhei> rlp: http://docs.openstack.org/sec/
18:24:18 <rellerreller> We are still looking at the code
18:24:55 <rellerreller> I have not heard from him since yesterday. My guess is that he locked himself in his office trying to work through it.
18:25:06 <hyakuhei> malini1: I'll update the security metrics stuff in the guide this week if I get the chance
18:25:21 <hyakuhei> #action hyakuhei to update security metrics/response part of the security guide with more content
18:25:44 <malini1> :)all the best to joel. hyakuhei -- tackling the OSSNs is enough for the weekend
18:26:43 <hyakuhei> There's quite a backlog of stuff to do
18:27:01 <hyakuhei> Depending on the voting I have 2-3 presentations to give/write ...
18:27:25 <malini1> which ones did you propose?
18:28:19 <hyakuhei> Hmmm. 'Whos' attacking your cloud, motiviations and mitigations', 'The elephant in the room, VM escapes/hypervisor breakouts' and 'OpenStack Security Group'
18:28:25 <hyakuhei> oh and we have the book panel too
18:28:26 <sriramhere> @thomasbiege - i will respond to your email on security tests
18:28:31 <hyakuhei> If any of them get voted for lol
18:28:40 <hyakuhei> Righto, anything else to cover here guys?
18:28:46 <thomasbiege> sriramhere:  ok!
18:29:24 <hyakuhei> Ok well I guess that'll do it
18:29:34 <sriramhere> have a great week end, summer is officially over in this part of world!
18:29:34 <hyakuhei> Have a great week you guys, thanks everyone!
18:29:38 <malini1> bye everyone, long weekend in USA, enjoy
18:29:50 <rellerreller> bye
18:29:52 <hyakuhei> #endmeeting