#openstack-meeting log

18:05:55 <bdpayne> #startmeeting OpenStack Security Group
18:05:55 <openstack> Meeting started Thu Sep 26 18:05:55 2013 UTC and is due to finish in 60 minutes.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:05:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:05:58 <openstack> The meeting name has been set to 'openstack_security_group'
18:05:59 <bdpayne> hi everyone
18:06:06 <elo> Hi
18:06:09 <bdpayne> who do we have here today?
18:06:18 <rellerreller> hi
18:06:22 <bpb> hello
18:06:51 <thomasbiege> hi
18:07:38 <pijany> hi
18:07:53 <bdpayne> I have two main things I'd like to discuss today
18:07:58 <bdpayne> 1) The upcoming summit
18:08:16 <bdpayne> 2) Security testing via CI
18:08:23 <bdpayne> Anything else on people's minds?
18:09:19 <bdpayne> Tough crowd today ;-)
18:09:36 <bdpayne> #topic OpenStack Summit
18:09:45 <bdpayne> ok, let's start with the summit
18:09:59 <bdpayne> As many of you have noticed, the summit speaker list is now public
18:10:23 <elo> I noticed a few related security sessions
18:10:31 <bdpayne> http://openstacksummitnovember2013.sched.org/
18:10:49 <bdpayne> There's a few security sessions, yes
18:11:40 <bdpayne> I've started putting together a Google Doc to track things that may be of interest to this group
18:11:41 <bdpayne> https://docs.google.com/spreadsheet/ccc?key=0AqnzHH5YYzZvdHM0R042U0t5LTNXWFp1MlB2VHpCZmc&usp=sharing
18:11:55 <bdpayne> Feel free to add things that you find
18:12:12 <bdpayne> I'll also try to add things from the dev summit as well, once those are more pinned down
18:13:00 <bdpayne> Having said all of this, I am personally disappointed that there is not a security track this time around
18:13:19 <bdpayne> I think that it would be nice to have a stronger security presence at the summit
18:13:26 <bdpayne> I have two thoughts on achieving this
18:13:34 <bdpayne> I'd be interested in people's thoughts
18:13:58 <bdpayne> 1) In the past OSSG hasn't been highly involved in the dev sessions, and I think that we should aim to improve that this time around
18:14:09 <bpb> bdpayne: We submitted a proposal for an ephemeral storage encryption design session
18:14:15 <bdpayne> oh nice
18:14:31 <bdpayne> so yeah, there's two ways to be involved in that side of things
18:14:31 <malini1> thanks bruce for the reminder
18:14:43 <bdpayne> we could submit dev session ideas
18:14:47 <bdpayne> like bpb just mentioned
18:15:07 <bdpayne> and we can also simply be a presence for the general dev sessions to help keep security on people's minds
18:15:14 <elo> I'll be there all four days… as I was planning to attend some of the dev sessions
18:15:15 <bdpayne> I think that both are very valuable
18:15:30 <rellerreller> +1
18:15:39 <bdpayne> elo sounds good, I'm in the same boat… I'll bee there all week
18:16:13 <bdpayne> with this in mind, I propose using the Google Doc I linked above to help track dev sessions and who will be attending
18:16:33 <bdpayne> We could aim for 2 OSSG members that are following each track (at a min)
18:16:38 <bdpayne> I think that's a nice target
18:16:43 <malini1> +1, being at multiple tracks with our security hat on is valuable, security is a cross cutting issue, post summit we could make a report for the openstack summit news letter on our learnings and recommendations, and we have a look-ahead into features evolving
18:16:56 <malini1> i shall be there all week too
18:16:59 <bdpayne> indeed
18:17:15 <bdpayne> So let's use this Google Doc to help coordinate such activities
18:17:23 <bdpayne> glad to hear that we'll have several people in attendance
18:17:30 <elo> +1. ok
18:17:40 <rellerreller> +1
18:17:56 <bdpayne> #action I'll also reach out to the broader OSSG community to see if we can get more people involved at the summit
18:18:10 <elo> I'm involved in two sessions presentations
18:18:27 <bdpayne> nice
18:18:41 <bdpayne> that's a nice segue to the second summit idea
18:19:02 <bdpayne> 2) I propose that we create our own security speaking track
18:19:27 <bdpayne> By this I mean purposefully taking over a chunk of slots at the Unconference
18:19:38 <bdpayne> Have several interesting security talks ready to go
18:19:41 <malini1> :-)
18:19:50 <bdpayne> Sign up for a series of back to back slots at the Unconference
18:20:00 <bdpayne> and advertise it as an informal security track
18:20:29 <bdpayne> This is my way of trying to bring a grass roots effort together to show that there is interest in security
18:20:41 <bdpayne> To work, we'd really want to fill those rooms with people too
18:20:50 <bdpayne> What do you guys think?
18:20:52 <rellerreller> Do you think that will ruffle any feathers?
18:21:18 <bpb> It would be good if this timeslot could correspond with a timeframe that had less popular presentations...
18:21:30 <bdpayne> good point
18:21:35 <rellerreller> My concern is that it may look like we are hijacking the conference some what. I think it will look bad if not much interest.
18:21:49 <bdpayne> there is a risk of looking like we are hijacking things
18:21:50 <randy_perryman> It will not ruffle feathers, it is what the Unconference is for.
18:21:59 <bdpayne> but, yeah what randy said
18:22:15 <elo> It is a good idea. I noticed that RAX has a 2 day training course on Openstack Security
18:22:17 <rellerreller> OK, I'm not sure of conference culture, so it sounds good to me
18:22:22 <bdpayne> we don't need to take over the *entire* unconference, just a chunk of it
18:22:25 <elo> so there is interest
18:22:43 <bdpayne> elo I missed that training course, link?
18:23:45 <malini1> was there any justification why the security track was nixed this year?
18:23:48 <elo> Give me a sec. I'll get iit
18:24:06 <malini1> is Cody involved in that security course?
18:24:12 <bpb> http://www.rackspace.com/knowledge_center/cloudu/curriculum
18:24:45 <bpb> This may not be the right link- just threw it out there...
18:24:56 <elo> http://training.rackspace.com/course/security-in-the-cloud/6/
18:25:12 <bdpayne> ah, that second link looks better
18:25:13 <bpb> Sorry for the earlier spam ;-)
18:25:21 <bdpayne> so that's not at the conference
18:25:26 <bdpayne> just a training in Austin
18:25:34 <elo> I noticed this as I'm training to consolidate information for internal openstack training
18:25:52 <bdpayne> interesting though
18:25:58 <bdpayne> now I'm curious what they cover ;-)
18:26:17 <elo> same here
18:26:34 <bdpayne> well, if you find any more details, please let us know
18:26:52 <bdpayne> that's all I have on the summit, anyone else have summit discussions?
18:27:38 <bpb> We're planning the volume encryption user session with rackspace - just started the discussions
18:27:48 <bdpayne> excellent
18:27:57 <bdpayne> is that the one I have listed on my spreadsheet?
18:28:00 <bdpayne> or something different?
18:28:04 <bpb> same one
18:28:10 <bdpayne> ok, nice
18:28:19 <malini1> bdpayne .. any comment from summit folks why no security track?
18:28:40 <bdpayne> I haven't heard any comments.  There was an email thread asking about it that went silent.
18:29:15 <malini1> based on that rackspace training course .. may be we needed to offer a hands-on security lab?
18:29:29 <bdpayne> Ok, given the time I think I'll defer topic (2) -- security CI testing -- until next week.  It's not urgent at this time.
18:29:50 <bdpayne> malini1 is there still time to submit training session ideas?
18:29:53 <malini1> instead of a panel session on the book, a presentation summarizing the book
18:30:11 <rellerreller> Action item note: I tried to see if OSSG could be alerted of new blueprints automatically. I found nothing in the web interface.
18:30:20 <malini1> not sure
18:30:40 <bdpayne> rellerreller We looked into that and there is no way at this time
18:30:49 <thomasbiege> ok, bye
18:31:06 <rellerreller> That's a bummer
18:31:14 <bdpayne> ok, thanks everyone… that's all for today
18:31:20 <bdpayne> #endmeeting