#openstack-meeting log

18:03:19 <hyakuhei> #startmeeting OpenStack Security Group
18:03:20 <openstack> Meeting started Thu May  1 18:03:19 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:03:21 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:03:22 <nkinder> ...or else we're both wrong :)
18:03:24 <openstack> The meeting name has been set to 'openstack_security_group'
18:03:24 <bdpayne> hey guys
18:03:28 <paulmo> Paul Montgomery here
18:03:28 <bdpayne> sorry, I'm a touch late
18:03:31 <hyakuhei> Ok lets spin-up while we wait for Mr Payne :)
18:03:32 <hyakuhei> oh hey :D
18:03:38 <shohel02> evhi
18:03:39 <hyakuhei> all yours
18:03:41 <nkinder> hey paulmo
18:03:48 <elo> Eric here
18:03:48 <bdpayne> so hi everyone
18:04:03 <bdpayne> let's jump right into the agenda
18:04:07 <bdpayne> #topic Agenda
18:04:11 <bdpayne> I'd like to discuss the summit
18:04:21 <bdpayne> And our IRC meeting schedule around the summit
18:04:25 <bknudson> hi
18:04:58 <bdpayne> what else would people like to discuss?
18:05:12 <nkinder> We should get an update on the outstanding OSSNs
18:05:16 <shohel02> some update on threat work
18:05:36 <bdpayne> ok, sounds good
18:05:48 <bdpayne> #topic IRC Meeting Schedule
18:05:54 <bdpayne> So a few notes on the IRC meeting schedule
18:06:07 <bdpayne> I'd like to propose that we make this the last IRC meeting prior to the summit
18:06:15 <bdpayne> we can skip the next 2 weeks
18:06:15 <hyakuhei> I'm happy with that.
18:06:21 <bdpayne> and then pick up again post summit
18:06:24 <bdpayne> that work with everyone?
18:06:33 <nkinder> Sounds good
18:06:34 <hyakuhei> Hopefully we can move discussions onto the mailing list as required.
18:06:37 <bdpayne> in the past, we've had a pretty high drop off due to travel and such
18:06:48 <bdpayne> yeah, certainly use the mailing list if you have something to discuss
18:06:52 <bdpayne> no need to wait 2 weeks :-)
18:06:52 <nkinder> I think everyone is in Summit prep mode as it is...
18:07:05 <nkinder> then summit hangover afterwards :)
18:07:06 * paulmo is in demo creation mode.
18:07:18 <bdpayne> great, I'll update the meeting wiki page shortly with that schedule
18:07:21 <malini1> greetings
18:07:25 <bdpayne> #topic Summit Plans
18:07:38 <bdpayne> So as you guys know, there's lots of security stuff happening at the summit
18:07:43 <bdpayne> we have a security track on Monday
18:07:47 <malini1> nkinder: will send you end of day my OSSN draft. thank you for the excellent template and instructions to use the git repository
18:07:55 <bdpayne> there's a security session at the dev summit on Tuesday afternoon
18:08:20 <bdpayne> I'd like to suggest we do an OSSG meetup over a meal
18:08:29 <bdpayne> perhaps lunch on Tuesday?
18:08:29 <nkinder> yeah, I'm looking forward to the tuesday session
18:08:49 <malini1> +1 to OSSG lunch at summit
18:08:54 <nkinder> bdpayne: I know that hyakuhei is trying to get a OSSG/VMT lunch together too
18:09:04 <hyakuhei> bdpayne: Maybe Thursday? I'm trying to line up a OSSN authors/VMT lunch for Tuesday.
18:09:25 <bdpayne> ahh, I wasn't sure if you had decided on Tues or Thurs for that
18:09:31 <bdpayne> is that on Tues for sure?
18:10:01 <hyakuhei> Not for sure but that's the day being batted around atm
18:10:04 <bdpayne> ok
18:10:10 <hyakuhei> If times are tight I don't mind combining things
18:10:10 <bdpayne> so OSSG lunch on thursday then?
18:10:19 <nkinder> that's fine with me
18:10:20 <hyakuhei> That would be my preference at the moment yeah
18:10:26 <bdpayne> any objections to that date?
18:10:43 <malini1> fine with me
18:10:45 <shohel02> ok with date
18:11:16 <bdpayne> sounds good, I'll work with hyakihei to put that together
18:11:24 <bdpayne> arg, typing not good today
18:11:44 <bdpayne> any other discussion about the summit?
18:12:22 <bdpayne> ok, let's push ahead
18:12:24 <nkinder> bdpayne: we should chat about the monday session, but we can do that offline
18:12:24 <bdpayne> #topic OSSN
18:12:38 <bdpayne> nkinder yeah, I'll ping you today
18:12:48 <bdpayne> So, where are we at with OSSNs?
18:12:57 <nkinder> same 2 outstanding as last week
18:13:12 <nkinder> malini1 just mentioned she'll hav her draft ready for review end of day today
18:13:14 <hyakuhei> Sigh - I still have one outstanding.
18:13:18 <malini1> OSSN -- Malini working on her one little OSSN .. should send out draft later today
18:13:30 <hyakuhei> I'll make it the first thing I do tomorrow
18:13:36 <nkinder> hyakuhei: thanks!
18:13:38 <bdpayne> ok, thanks guys
18:13:50 <bdpayne> would be great to get those published before the summit
18:13:53 <nkinder> +1
18:13:57 <hyakuhei> Absolutely
18:14:16 <bdpayne> any other OSSN news?
18:14:19 <nkinder> using pandoc for RST->XML is still on my list
18:14:37 <bdpayne> oh cool
18:14:38 <nkinder> I've had some back and forth to work out the gat/publishing job details with annegentle too
18:14:45 <bdpayne> I'd be interested in knowing how that works out
18:14:50 <bdpayne> could be useful for the book effort
18:14:55 <shohel02> pandoc seems some issue with format changing
18:15:07 <nkinder> It's unlikely that I'll have it really working until after the summit
18:15:15 <bdpayne> yeah, that's fine
18:15:38 <bdpayne> if it'd be helpful, perhaps we could find a time to hack on it together at the summit
18:16:11 <bdpayne> #topic Threat Analysis
18:16:14 <nkinder> bdpayne: That would be good
18:16:21 <bdpayne> shohel02 any updates?
18:16:24 <shohel02> yes,
18:16:41 <shohel02> most of the doc type documents are converted now
18:16:51 <shohel02> https://github.com/shohel02/OpenStack_Threat_Modelling/tree/master/keystone/Formatted_Output
18:17:01 <shohel02> now it good time to start review
18:17:25 <bdpayne> excellent
18:17:29 <bdpayne> so what is the process for that?
18:17:32 <shohel02> anyone wants to volunteer
18:17:37 <hyakuhei> shohel02: I would very much like to help with that, David Graves should be available too
18:17:50 <bdpayne> do we have some keystone core that can participate in that?
18:18:03 <bknudson> yes, what do you need?
18:18:33 <shohel02> currently doc contains the analysis report of each component wise
18:18:33 <bdpayne> I think it would be good to have someone with deep knowledge of keystone to help with the review of the threat analysis work
18:18:45 <hyakuhei> I think having core members on the reviews is pretty pivotal
18:18:46 <bknudson> shohel02: ok, will look through this
18:19:00 <hyakuhei> Devananda is available to do a Ironic review when we're ready shohel02
18:19:03 <bknudson> is this in gerrit, too?
18:19:05 <shohel02> yes
18:19:08 <shohel02> no
18:19:14 <nkinder> bknudson: thanks!
18:19:14 <shohel02> thats something to think
18:19:30 <shohel02> how to take it there
18:19:32 <bknudson> shohel02: you want comments just in emails or something?
18:19:49 <shohel02> i think if we have the gerrit now, we can start using that
18:20:07 <bdpayne> if not... could be doing through a github PR
18:20:07 <malini1> +1 gerrit -- email gets hairy to track
18:20:08 <shohel02> can we start using Security guide books gerrit system
18:20:24 <bdpayne> just make an "approved" branch
18:20:34 <bdpayne> and setup PRs to take each part of the review into that branch
18:20:40 <bdpayne> and then people can comment on the PR
18:20:49 <shohel02> ok, i will make a branch
18:20:55 <malini1> PR ?
18:21:23 <bdpayne> shohel02 are you going to be at the summit?
18:21:28 <bdpayne> PR == pull request
18:21:29 <shohel02> by the branch in Security guide section
18:21:31 <shohel02> yes
18:21:45 <bdpayne> shohel02, I'd like to chat about how we can best integrate this stuff with the book
18:21:51 <bdpayne> probably easier to chat face to face
18:21:54 <shohel02> yes
18:22:01 <hyakuhei> +1
18:22:21 <bdpayne> ok, anything else on threat analysis?
18:22:28 <nkinder> maybe we should have a discussion around all of the book integration topics (thread modeling, OSSNs, etc.)
18:22:40 <shohel02> christan is also working on nova one
18:22:43 <nkinder> perhaps we can get some of Anne's time too
18:22:50 <hyakuhei> Are there others than those two integration topics?
18:23:03 <nkinder> Those are the main 2 right now
18:23:03 <shohel02> all from my side
18:23:21 <bdpayne> yeah, I'd be up for have a book integration discussion
18:23:23 <bdpayne> sounds good
18:23:30 <bdpayne> #topic Open Discussion
18:23:39 <malini1> please try and attend: limited conductor API : http://summit.openstack.org/cfp/details/319 == this is to secure from compute node side
18:23:50 <bdpayne> So a quick plug / reminder that nkinder and I will be speaking at http://www.meetup.com/openstack/events/173686002/ this evening in Redwood City
18:24:25 <nkinder> should be a nice summit warmup :)
18:24:29 <bdpayne> yay
18:24:43 <bdpayne> interestingly, my talk this evening has the same title as Rob's talk at the summit
18:24:51 <nkinder> It's supposed to be recorded too, so we can share with others after it's published
18:24:52 <hyakuhei> heh
18:25:07 <bdpayne> hyakuhei I can sell my slides... for a price ;-)
18:25:15 <shohel02> :D
18:25:20 <bdpayne> anything else to discuss?
18:25:24 <hyakuhei> bdpayne: Put them on eBay, I'll let the free market work it out
18:25:25 <hyakuhei> yes
18:25:27 <nkinder> hyakuhei: you asked about Kite last week
18:25:35 <nkinder> hyakuhei: did you see my write-up I sent out to the list?
18:25:37 <hyakuhei> nkinder: wrote an excellent blog article a few days back
18:25:48 <hyakuhei> There's only one bug in it ;)
18:25:56 <nkinder> there's always at least one...
18:26:18 <hyakuhei> Yeah nkinder I thought it was excellent
18:26:38 <nkinder> great.  Hopefully it makes the whole approach understandable for folks
18:26:48 <bdpayne> I haven't had a chance to check it out yet
18:26:53 <bdpayne> but it is on my reading list :-)
18:26:54 <hyakuhei> It didn't go into a lot of depth on the nature of the secrets (what the key material _is_ ) but was great at showing the overall direction/architecture
18:27:36 <bdpayne> ok then, I think that's all for today... thanks everyone, and I'll see you at the summit!
18:27:36 <nkinder> hyakuhei: quick description - the long-term is really a password (though it could be some long random stuff)
18:27:54 <hyakuhei> Thanks bdpayne
18:28:00 <nkinder> paulmo: I wanted to chat about security info for solum, but we can chat on -dev.
18:28:03 <bdpayne> since hyakuhei started the meeting, I'll let him close it out
18:28:08 <nkinder> thanks everyone!
18:28:12 <hyakuhei> Ty everyone
18:28:17 <hyakuhei> #endmeeting