#openstack-meeting log

17:02:45 <hyakuhei> #startmeeting OpenStack Security Group
17:02:46 <openstack> Meeting started Thu Apr  3 17:02:45 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:02:47 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:02:49 <openstack> The meeting name has been set to 'openstack_security_group'
17:03:02 <nkinder> o/
17:03:16 <hyakuhei> #topic Role call
17:03:20 <hyakuhei> Speak up people :D
17:03:26 <chair6> < jamie from HP
17:03:27 * hyakuhei here, in seattle this week
17:03:54 <hyakuhei> Lets give people a minute or two to roll in.
17:04:58 <hyakuhei> I guess that'll do, looks like we have most people here. I've got Doug from HP here with me also
17:05:19 <hyakuhei> Right, whats the agenda for today?
17:05:39 <hyakuhei> OSSN updates would be a good start I suppose - nkinder ?
17:05:43 <hyakuhei> #topic OSSN updates
17:06:25 <hyakuhei> nkinder: are you around to give us an updatE?
17:06:37 <nkinder> hyakuhei: yep, sorry (got pulled aside)
17:06:42 <hyakuhei> I see that we now have stuff working in the gerrit review system, I think it's already showing some value :)
17:07:02 <nkinder> So, gerrit is working now, and we've run the first OSSN through it!
17:07:31 <hyakuhei> Wonderful!
17:07:39 <hyakuhei> How's your OSSN coming chair6 ?
17:07:46 <nkinder> The review guidelines Bryan and I discussed match the normal process.  We want two +2's, then a core member can approve the push.
17:07:47 <chair6> draft in progress, eta for review later today
17:07:57 <nkinder> chair6: which OSSN are you working on?
17:08:05 <chair6> https://bugs.launchpad.net/keystone/+bug/1287219
17:08:07 <uvirtbot> Launchpad bug 1287219 in keystone "scope of domain admin too broad in v3 policy sample" [Medium,Fix released]
17:08:27 <nkinder> chair6: ah, ok.  When you submit the review, add me as a reviewer please.
17:08:32 <chair6> will do
17:08:50 <hyakuhei> So I'd like to thank nkinder for his hard work
17:08:54 <hyakuhei> and I will - thanks ;)
17:09:06 <nkinder> I started looking into adding a simple job to check for trailing whitespace.  We can then expand on it if we have other formatting checks.
17:09:12 <Dg_> Hi, I'm Doug from HP
17:09:20 <nkinder> Hi Doug
17:09:41 <hyakuhei> Thanks cool nkinder I'd like to look at adding more jobs in, basic stuff like spell checking (though that's not easy with technical stuff) format checking etc
17:10:13 <nkinder> hyakuhei: we can certainly have a non-voting job for things like spell check
17:10:40 <nkinder> hyakuhei: the nice thing will be that one can run the jobs using tox before submitting the review
17:10:55 <hyakuhei> Maybe when you've gone through how to do the basic one we can chat about writing more?
17:11:14 <nkinder> It's also on my list to sync up with the docs team to add a publishing job for an appendix in the Security Guide.
17:11:24 <nkinder> hyakuhei: definitely.
17:11:48 <hyakuhei> Yeah so that's useful for sure, though manual intervention tasks (find a place to insert a link to the appendix) will need to be spawned or taken into account too
17:12:15 <nkinder> hyakuhei: I'll work with docs to see how to best handle that
17:12:17 <hyakuhei> In fact, we probably need an action to review the current OSSNs and work out where to insert them into the guide
17:12:50 <nkinder> hyakuhei: I can handle that
17:13:00 <hyakuhei> #topic security guidelines
17:13:21 <hyakuhei> nkinder: thanks, make sure you don't overload yourself though!
17:13:38 <Dg_> hyakuhei and chair6 - sprint on the security guidelines this week?
17:14:17 <hyakuhei> I think that would work, a lot of the HP folk are together in the same place over the next few days, so if people here are happy I think we can get together and get lots of content down
17:14:23 <hyakuhei> and then non-HP people can review :)
17:14:44 <chair6> sounds good, this week or next week..
17:15:00 <hyakuhei> Ok cool, so lets take an action to do it before the next OSSG meeting
17:15:07 <nkinder> hyakuhei: is the focus on operator or developer guidelines?
17:15:14 <hyakuhei> developer
17:15:17 <nkinder> hyakuhei: ok
17:15:29 <nkinder> hyakuhei: so filling out the previous items that were defined (and adding to them)?
17:15:42 <hyakuhei> To my mind, its a set of 'rules' that we can get PTLs to agree to, that should then help bring up the quality of security code in OpenStack
17:15:57 <hyakuhei> in the longterm I can see some being codified into jenkins jobs, tempest checks etc
17:16:23 <nkinder> hyakuhei: makes sense
17:16:23 <chair6> perhaps 'secure design/development guidelines' is a better label
17:16:37 <Dg_> yeah
17:16:39 <nkinder> chair6: +1
17:16:41 <hyakuhei> I've got no objection to that.
17:16:54 <hyakuhei> Or "+1" in Openstack parlance
17:17:17 <hyakuhei> #topic AOB
17:17:32 <chair6> that was https://wiki.openstack.org/wiki/Security/Guidelines, for the record
17:18:05 <hyakuhei> So I sent around a newsletter-ish email a few days back, elaborating on the things that were discussed in the previous OSSG meeting and some of my thoughts about the future.
17:18:12 <hyakuhei> Did anyone see it / find any value?
17:18:25 <Dg_> yes
17:18:30 <hyakuhei> go team!
17:19:04 <hyakuhei> So, I'm wondering if it's worth doing these now and again, to keep people up to date because reading IRC logs is not very fun.
17:19:30 <Dg_> hyakuhei +1
17:19:38 <hyakuhei> any other business?
17:20:19 <nkinder> I'm planning on setting up a mid-cycle security related hackfest
17:20:39 <hyakuhei> oooh
17:20:44 <nkinder> This is more for developers really.  I'd like to get some cross-project interest and movement towards some security related goals
17:21:04 <nkinder> Topics on my mind are making SSL deployments easier and secure messaging
17:21:22 <hyakuhei> nkinder: yeah
17:21:24 <nkinder> There are efforts going on in these areas, but not a lot of cross-project buy in
17:21:35 <hyakuhei> So that's a good point.
17:21:39 <hyakuhei> #topic SSL
17:21:52 <hyakuhei> The guidance on SSL isn't overly good at the moment
17:21:59 <nkinder> I have a long SSL blog post I'm just about finished with
17:22:03 <hyakuhei> Lots of people are doing this in different ways
17:22:09 <hyakuhei> Oh cool
17:22:13 <nkinder> ...which covers exactly that
17:22:29 <hyakuhei> Ok,  so lets wait for that and use it to start a discussion?
17:22:32 <nkinder> So the docs can definitely be improved, and I've done a lot of research that can feed into that.
17:22:39 <nkinder> hyakuhei: yes, a next week topic I suppose
17:23:04 <hyakuhei> Yeah, everyone does it differently, I personally lean towards pre-service termination (on the same physical host) but it's really context dependant.
17:23:06 <nkinder> On the SSL topic, I also have a colleague who is working on SSL enabling devstack
17:23:37 <hyakuhei> Great, I should talk to you guys about a CA piece I've been working on.
17:23:39 <nkinder> If we can make it easy to set up SSL automatically with devstack, we can start having tests actually run regularly with SSL
17:24:00 <hyakuhei> Absolutely
17:24:08 <Dg_> nkinder: it'd be good to take a look at that blogpost, I have an internal doucment we can share if you want - giving our requirements and justification for them
17:24:20 <nkinder> Dg_: that would be great
17:24:48 <nkinder> Dg_: I hope to have my writeup out in the next day or so
17:24:53 <nkinder> I'll send it to the list
17:25:22 <hyakuhei> ok cool - so, any other business I guess?
17:25:26 <Dg_> nkinder: let me know you email and I'll forward it over
17:25:40 <nkinder> Dg_: nkinder at redhat dot com
17:25:47 <Dg_> kk
17:26:09 <hyakuhei> #topic AOB-again
17:26:16 <hyakuhei> Anything else before we close up?
17:27:37 <hyakuhei> ok great, thank you everyone!
17:27:43 <hyakuhei> #endmeeting