#openstack-meeting-alt log

17:00:03 <tkelsey> #startmeeting openstack security group
17:00:03 <openstack> Meeting started Thu Dec 11 17:00:03 2014 UTC and is due to finish in 60 minutes.  The chair is tkelsey. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:07 <openstack> The meeting name has been set to 'openstack_security_group'
17:00:10 <tkelsey> #topic rollcall
17:00:19 <hyakuhei> o/
17:00:24 <elmiko> o/
17:00:27 <redrobot> o/
17:00:33 <bpb> o/
17:00:38 <hyakuhei> Sorry I'm in another unavoidable meeting today. Damned customers with their wanting to give money for the things
17:00:39 <tkelsey> hey OSSG folks, im charing this one again, hyakuhei is a busy busy man
17:00:43 <hyakuhei> ^
17:00:51 <bknudson> present
17:01:27 <tkelsey> so anyone got anything specific they want to bring up this meeting?
17:01:48 <elmiko> i wanted to give a brief status update on the progress of the sahara security docs
17:02:10 <tkelsey> elmiko: ok awesome, should be interesting
17:02:35 <tkelsey> just give it a min for folks to join
17:02:47 <elmiko> np
17:03:24 <tkelsey> i guess we will start with your update then elmiko, if thats ok?
17:03:35 <tkelsey> #topic ahara security docs
17:03:41 * sweston slithers in late
17:03:50 <hyakuhei> damnit sweston!
17:03:51 * ndillon does too
17:03:54 <hyakuhei> :)
17:03:58 <sweston> hyakuhei: :-)
17:04:03 * sweston puts on the hat of shame
17:04:04 <hyakuhei> redrobot: Thanks for poking your head in :)
17:04:15 <elmiko> ok, so..
17:04:27 <elmiko> we've created a bp and spec in the sahara project to cover the doc effort
17:04:31 <redrobot> hyakuhei :)
17:04:31 <tkelsey> #topic sahara security docs
17:04:38 <hyakuhei> elmiko: #link ?
17:04:44 <elmiko> sec
17:05:14 <elmiko> https://blueprints.launchpad.net/sahara/+spec/security-guidelines-doc
17:05:48 <elmiko> with bdpayne's guidance i have been getting up to speed on creating the chapter for the OSSG guide
17:06:04 <tkelsey> elmiko: good stuff!
17:06:09 <elmiko> i am going to create a bug against the security-doc project and do the work based on that bug
17:06:41 <elmiko> we've agreed to make "Data Processing" the new chapter 14, and bump the rest by one
17:07:10 <elmiko> so, i'm just in the early phases of doing the writing and i'm learning a little about docbook as i go =)
17:07:22 <elmiko> and, that's about where i'm at
17:07:51 <tkelsey> elmiko: sounds really good, is there a review on gerrit for it? or is that to come
17:08:08 <elmiko> tkelsey: still coming, i haven't created the bug or my first patch yet
17:08:20 <elmiko> #link https://blueprints.launchpad.net/sahara/+spec/security-guidelines-doc
17:08:27 <elmiko> #link https://review.openstack.org/139170
17:08:29 <tkelsey> elmiko: ok no problem, will look forward to looking over it :)
17:08:43 <elmiko> tkelsey: that is the review for the spec to create the doc
17:08:56 <tkelsey> ahh ok i see
17:09:11 <elmiko> we didn't really have an ideal place to create the spec, but both bdpayne and i agreed that we should have something visible to the public for the effort
17:09:28 <tkelsey> +1 you sounds good
17:09:32 <tkelsey> *yup
17:09:37 <bpb> Could you have an etherpad with some early ideas?
17:09:39 <elmiko> so, maybe that's something to consider for future improvements to the sec-docs
17:09:49 <elmiko> bpb: i can certainly set one up
17:10:07 <bpb> elmiko: great
17:10:49 <tkelsey> ok, sounds good, thanks elmiko
17:11:01 <tkelsey> #topic midterm
17:11:19 <tkelsey> so redrobot any update on the geekdom stuff?
17:11:47 <redrobot> yep, let me fish out my notes
17:11:56 <tkelsey> redrobot: awesome :)
17:12:40 <redrobot> So Geekdom SF is holding the Racker Rally Room for February 17-26
17:13:00 <redrobot> with additional access to an adjacent room/lounge space called "The Farm"
17:13:06 <redrobot> and also access to the community area
17:13:25 <redrobot> Unfortunately, the Barbican team won't be able to go up to SF for a back-to-back midterm
17:13:48 <bknudson> does barbican have a mid-cycle?
17:13:48 <redrobot> I'm not familiar with the space, but it would be good to get an SF native to go out there and check it out
17:13:53 <tkelsey> redrobot: ah thats unfortunate
17:14:12 <redrobot> bknudson yes, we're looking at Austin for our mid-cycle
17:14:22 <redrobot> I know there was a lot of interest in overlapping the two
17:14:47 <redrobot> so we're planning on possibly having some sort of remote collaboration
17:15:09 <hyakuhei> I still like having them back to back in the calendar
17:15:18 <redrobot> hyakuhei +1
17:15:19 <hyakuhei> So we can physically be at both without massive travel costs.
17:15:29 <tkelsey> hyakuhei: yeah +1
17:16:07 <tkelsey> redrobot: what form would a remote collab take? If its not possible to overlap
17:16:21 <redrobot> tkelsey probably Google Hangouts or Vidyo
17:16:43 <redrobot> with plenty of IRC for coordination
17:16:57 <tkelsey> what are peoples thoughts on doing that? just for the record (I still think physical would be best of course)
17:17:06 <hyakuhei> So if there's overlap or virtual collaboration I'm not completely against it
17:17:12 <hyakuhei> because overal meeting time is reduced
17:17:17 <hyakuhei> though I have quality concerns
17:17:48 <tkelsey> hyakuhei: thats understandable
17:18:32 <bpb> Maybe one or two joint sessions could be held, using broadcast audio and an etherpad or something
17:19:11 <tkelsey> bpb: that might work, im not familiar with doing things like that personally, anyone have any thoughts?
17:19:49 <dg_> personally I'd prefer physical if possible
17:20:22 <tkelsey> dg_ sure, i guess this is thinking about a plan b
17:20:30 <bpb> tkelsey: The audio would be the difficult part, since it would be hard to pick up discussion.  Only a main speaker would work
17:21:32 <tkelsey> humm ok, so what are our options here then
17:22:27 <dg_> a) have the OSSG meetup in austin before/after the barbican meetup, b) have the OSSG Meetup in SF before/after the barbican meetup,
17:22:39 <bpb> tkelsey:  If there's a presentation that would be good for both sessions to hear, then you could have a joint session.  Other than that, it wouldn't  be practical
17:22:39 <dg_> c) have the OSSG meetup in SF some other time
17:23:03 <tkelsey> bpb: that makes sense
17:23:48 <tkelsey> so what do people think about moving our things around to try and sync up?
17:24:54 <redrobot> I think it would be good to nail down some dates.  It would make it easier to look for space.
17:25:28 <tkelsey> redrobot: agreed, I'm not actually sure how far along arrangements are with this, hyakuhei would know more.
17:26:10 <tkelsey> for now I think we need to move on and hyakuhei can bring it up next time
17:26:18 <redrobot> We had talked about mid-February for SF, so I don't think that would change
17:26:35 <tkelsey> redrobot: yeah
17:27:01 <redrobot> I was proposing OSSG on Feb 16-20.  Then barbican either before (11-13) or after (23-25)
17:27:17 <redrobot> not sure if 5 weekdays were enough for y'all
17:28:25 <redrobot> brb, my dog is doing the potty dance.
17:28:39 <tkelsey> humm, seems reasonable, but im not able to make a call on that really. I'll talk to hyakuhei out of bounds and get back to people next time
17:28:57 <tkelsey> redrobot: hehe ok
17:29:29 <tkelsey> #action tkelsey to talk to hyakuhei about mid-cycle plans
17:29:36 <dg_> lol
17:30:01 <tkelsey> ok, lets move on, sorry that wasn't very conclusive
17:30:35 <tkelsey> #topic OSSA metrics calibration
17:30:55 <tkelsey> dg_ did you find a moment to send out the OSSA list email?
17:31:28 <dg_> remind me...
17:32:16 <tkelsey> ah, so last meeting we talked about sending out some recent OSSAs and getting interested people to rate them using the DREAD metrics
17:32:23 <tkelsey> https://wiki.openstack.org/wiki/Security/OSSA-Metrics
17:32:36 <dg_> That does sound like something I would be in favour of
17:32:55 <dg_> I will do that this week :)
17:33:13 <tkelsey> dg_ heh ok :)
17:33:53 <tkelsey> #topic OSSNs
17:34:18 <tkelsey> so anyone have anything interesting to mention on the OSSN front then?
17:34:58 <tkelsey> hyakuhei has started https://review.openstack.org/#/c/140009/ OSSN 42 Keystone Scoping
17:35:16 <tkelsey> I still have OSSN 38 in review, going to update it after this
17:36:24 <hyakuhei> ^ review 0042 please :)
17:36:28 <tkelsey> looks like this one is new https://bugs.launchpad.net/ossn/+bug/1390124 unless I just missed it last time i looked
17:36:31 <uvirtbot> Launchpad bug 1390124 in ossn "No validation between client's IdP and Keystone IdP" [Undecided,In progress]
17:37:01 <tkelsey> hyakuhei: +1 :)
17:38:50 <tkelsey> ok so as normal, input most welcome on notes in review, and please update status in LP if you pick up a bug to prevent doubling up
17:39:20 <tkelsey> and i think thats it, unless there is any other OSSN stuff?
17:40:01 <ANish__> Hi All sorry i was late
17:40:33 <tkelsey> Hi ANish__ was just about to go to any other business
17:40:46 <tkelsey> #topic any other business
17:40:56 <bpb> Just a heads-up that We've submitted a spec for allowing the volume encyption feature to be used with Barbican https://review.openstack.org/#/c/140144/
17:41:10 <tkelsey> #topic barbican
17:41:18 <bpb> We'd like to get this into kilo.  Currently the key is hard coded- it's just a placeholder to test the feature
17:41:32 <bpb> This was merged before in juno https://review.openstack.org/#/c/94918/ but it got pushed to kilo
17:42:35 <tkelsey> i see, interested folks please go review that spec from bpb
17:42:52 <bpb> tkelsey:  thanks
17:44:09 <tkelsey> looks like there has been more progress on this https://review.openstack.org/#/c/104001/ as well, good to see
17:44:55 <tkelsey> ok, any other barbican topic people would like to discuss?
17:45:06 <bpb> tkelsey:  Anything new on the PyKMIP requirements?
17:45:09 <bknudson> barbican going to be integrated this release?
17:45:37 <tkelsey> bpb: nothing yet, patch still in review https://review.openstack.org/#/c/137016/
17:46:39 <elmiko> speaking of PyKMIP, i think i found a minor issue with it pertaining to the barbican tests and py2.7.8+
17:46:53 <tkelsey> elmiko: oh?
17:47:04 <elmiko> lemme grab the link, sec
17:47:16 <tkelsey> elmiko: ok, thanks for the heads up!
17:47:20 <elmiko> https://github.com/OpenKMIP/PyKMIP/pull/5
17:47:36 <elmiko> i came across it while running the barbican tests on my rawhide box
17:47:57 <elmiko> this PR will solve the issue, but i'm not sure if it's the most appropriate
17:48:57 <tkelsey> elmiko: ah i see, interesting
17:49:19 <elmiko> i wanted to talk with the authors to see if maybe changing the defaults for cert/key files might be better
17:49:37 <elmiko> but i figured, might as well propose this, then we can argue =)
17:50:09 <tkelsey> sure hehe
17:50:42 <tkelsey> have you had any contact back yet?
17:50:49 <redrobot> bknudson we're working towards integration, but if this happens https://review.openstack.org/#/c/138504/ then "integrated" may not even be a thing. :-\
17:50:53 <elmiko> not yet, but i just message rellerreller earlier today
17:51:16 <tkelsey> elmiko: ok awesome, thanks for this, good stuff
17:52:05 <tkelsey> OK, 10 mins people
17:52:14 <bknudson> redrobot: thanks! seems to be a moving target
17:52:28 <elmiko> #link https://etherpad.openstack.org/p/sahara-security-guide-notes
17:52:38 <tkelsey> elmiko: cool :)
17:52:40 <elmiko> just to close the loop, i set that up for the notes on the sec guide
17:52:48 <elmiko> i'll start posting soon(TM) ;)
17:52:57 <tkelsey> hehe :) good stuff
17:53:11 <bpb> elmiko:  Thanks!
17:53:41 <tkelsey> ok, any final business?
17:55:20 <tkelsey> i'll take that as a no then :) thanks for attending all
17:55:31 <tkelsey> #endmeeting