17:01:17 <hyakuhei> #startmeeting OpenStack Security Group
17:01:17 <openstack> Meeting started Thu Jan  8 17:01:17 2015 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:18 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:20 <openstack> The meeting name has been set to 'openstack_security_group'
17:01:21 <tmcpeak1> yo!
17:01:25 <bknudson> hi
17:01:27 <shohel02> hi
17:01:28 <elmiko> o/
17:01:30 <chair6> howdy
17:01:32 <hyakuhei> Hey!
17:01:35 <sicarie> hello
17:01:42 <singlethink> hi
17:01:47 <dlambrig_> hello
17:02:01 <hyakuhei> Good turnout today, a few new people too by the looks?
17:02:09 <dlambrig_> new here
17:02:10 <tmcpeak1> seems to be
17:02:12 <tmcpeak1> introductions?
17:02:25 <tmcpeak1> hi dlambrig_ welcome
17:02:32 <tkelsey> hi all
17:02:39 <hyakuhei> That would be appropriate :) New guys introduce yourselves?
17:02:56 <dlambrig_> Hi All  - Im Dan from Red Hat, I am interested in intrusion detection in openstack
17:03:09 <tmcpeak1> awesome
17:03:10 * singlethink is Matthew Van Gundy <mvangund AT cisco.com>... I'm a Tech Lead in Cisco's Advanced Security Initiatives Group
17:03:21 <hyakuhei> Hey Dan, thanks for swinging by, you’ll find plenty of people here interested in that too
17:03:26 <dlambrig_> cool
17:03:40 <hyakuhei> Advanced security initiatives! We definitely need some of them, welcome singlethink
17:03:40 <tmcpeak1> singlethink: what kind of stuff are you guys looking at?
17:04:06 <singlethink> We are where the buck stops for making sure that our products have as few security issues as possible...
17:04:15 <tmcpeak1> awesome!
17:04:17 <chair6> existing members should reintroduce themselves too.. :)
17:04:20 <bknudson> we can barely get basic security initiatives.
17:04:28 <singlethink> I've just been granted approval to participate so we're probably going to start with hardening recommendations and the like
17:04:37 <singlethink> and move on from there
17:04:38 <tmcpeak1> sounds good
17:04:42 <shohel02> chair6... is it new years resolution :P
17:04:49 * bdpayne arrives fashionably late
17:04:50 <nkinder> hi all
17:04:51 <hyakuhei> superb, very similar to what we’ve been doing (the HP’ers here)
17:04:56 <hyakuhei> Hey bdpayne, nkinder
17:04:58 <ukbelch> Greetings
17:05:13 <hyakuhei> ukbelch: Hey, have you introduced yourself to the people here ?
17:05:38 <ukbelch> I don't believe I have. I'm new to the HP Cloud security team, and have lurked the last few meetings to get a feel for the place.
17:05:47 <tmcpeak1> for new people, we typically are hanging out in #openstack-security too
17:06:02 <ukbelch> cool, thanks.
17:06:11 <dlambrig_> great
17:06:19 <hyakuhei> Cool so lets work out an agenda then!
17:06:26 <hyakuhei> # OSSG Meetup
17:06:27 <tmcpeak1> meetup, Bandit
17:06:30 <hyakuhei> # Bandit
17:06:32 <ukbelch> Anyway, my name is Dave Belcher, and I'm a hacker. It has been 16 hours since my last hack.
17:06:41 <tmcpeak1> haha
17:06:44 <elmiko> lol nice
17:06:47 <hyakuhei> # Anchor
17:06:54 <hyakuhei> # Security initiatives in General
17:06:56 <hyakuhei> Anything else?
17:07:05 <elmiko> i've got an update on the sahara sec. doc
17:07:07 <tmcpeak1> Notes?
17:07:21 <hyakuhei> elmiko: Great
17:07:27 <hyakuhei> # Sahara security
17:07:42 <hyakuhei> nkinder: Is there much to say about OSSNs ?
17:07:46 <hyakuhei> bdpayne: How about docs?
17:07:53 <bdpayne> docs, sure
17:08:05 <hyakuhei> # OpenStack Security Guide / Documentation
17:08:16 <nkinder> hyakuhei: not a lot about OSSNs right now really
17:08:36 <hyakuhei> Ok that’s cool, lets get rolling then
17:08:42 <hyakuhei> #topic OSSG Meetup
17:08:48 <hyakuhei> Who doesn’t know about this already?
17:09:51 <bdpayne> #link https://etherpad.openstack.org/p/ossg-kilo-meetup
17:09:52 <tmcpeak1> https://etherpad.openstack.org/p/ossg-kilo-meetup
17:10:00 <tmcpeak1> lol beat me to it
17:10:04 <hyakuhei> Ok so great, did you all get my email over the holidays?
17:10:21 <bdpayne> nope
17:10:23 <bknudson> which option was chosen?
17:10:26 <hyakuhei> We’re now confirmed for the first date, at San Francisco Geekdom - sorry nkinder I know this clashed for you
17:10:26 <dg_> yeh, but tell us anyway
17:10:38 <singlethink> bdpayne: no
17:10:46 <hyakuhei> I can’t find the email in archive, here’s a pastebin http://pastebin.com/W7qZYsMu
17:11:17 <hyakuhei> Basically we are going to run in parallel with Barbican. Hopefully we can work closely with them on some of the joint projects we have interest in.
17:11:21 <nkinder> hyakuhei: no, that's fine.  I'm flying back from Europe on the 10th, but can attend otherwise.
17:11:41 <hyakuhei> So you’ll be available for the whole thing? That’s great news! :D
17:12:26 <hyakuhei> tmcpeak1 checked out the location and said it’s good
17:12:38 <hyakuhei> I’m going to arrange breakfast and lunch catering somehow
17:12:38 <tmcpeak1> yeah, seems perfect for us
17:12:48 <nkinder> hyakuhei: ah, actually I can't do the 19th that week, but will be there for the rest of it
17:13:04 <tmcpeak1> hyakuhei: I know some good spots around there to get food
17:13:06 <hyakuhei> nkinder: No problem, I’m glad you can make it at all
17:13:10 <hyakuhei> Great!
17:13:25 <hyakuhei> #action tmcpeak1 to work out logistics, budgets and menus for mid-cycle
17:13:26 <hyakuhei> :P
17:13:31 <bdpayne> FYI, here's the email #link http://lists.openstack.org/pipermail/openstack-security/2014-December/003072.html
17:13:35 <ukbelch> I'm hoping for approval, so I can meet y'all too
17:13:35 <tmcpeak1> buy all the things!
17:13:42 <hyakuhei> Thanks bdpayne my googles are broken
17:14:20 <hyakuhei> right so, plan is we’ll run from the Tuesday through to the Friday, so people can travel on the Monday and don’t loose two weekends to this
17:14:24 * hyakuhei values weekends!
17:14:35 <elmiko> +1
17:15:12 <hyakuhei> There’s plenty of hotels in the locality, if you want to suggest one you like on the etherpad then feel free, and when you’ve booked maybe say where on the etherpad too
17:15:38 <hyakuhei> Is everyone happy just confirming via the etherpad or would you prefer an eventbrite signup?
17:15:58 <bdpayne> etherpad seems fine
17:16:01 <nkinder> +1
17:16:14 <hyakuhei> That’s my preference too.
17:16:33 <hyakuhei> So please add ideas and proposals to the etherpad
17:16:49 <bdpayne> do we have any plans to setup a hotel block?
17:16:52 <hyakuhei> singlethink: you should take a look and see the direction we’re taking thigngs :)
17:16:55 <bdpayne> or do we not have enough people for that?
17:17:10 <singlethink> yes
17:17:18 <tmcpeak1> I guess the first thing to do would be get an accurate head count
17:17:23 <singlethink> I probably won't be able to make the meetup though
17:17:28 <hyakuhei> bdpayne: I wasn’t planning to, many of us have corporate booking tools etc that make doing anything _clever_ particularly painful
17:17:51 <bdpayne> heh
17:18:03 <tmcpeak1> please add your name and if you are coming (yes, no, maybe) to etherpad
17:18:09 <hyakuhei> +1
17:18:49 <tmcpeak1> cool
17:19:05 <tmcpeak1> so maybe we can revisit next week when people have had a chance and see if it looks like hotel block is feasible
17:19:32 <hyakuhei> Sure
17:19:49 <tmcpeak1> cool
17:19:56 <hyakuhei> Any more thoughts on the mid-cycle/meetup ?
17:20:04 <tmcpeak1> I'll synch up offline with HP folks on the f00z
17:20:08 <tmcpeak1> f00dz
17:20:22 <hyakuhei> Thanks tmcpeak1 lets try to get Angela to book all that :P
17:20:29 <hyakuhei> Actually
17:20:31 <tmcpeak1> ahh cool, yeah that makes sens
17:20:31 <dg_> +1
17:20:37 <hyakuhei> Is anyone itching to pay for all this other than HP ?
17:20:44 <hyakuhei> In the spirit of openness etc
17:21:43 <hyakuhei> Ok cool
17:21:46 <hyakuhei> #topic Bandit
17:21:57 <tmcpeak1> ok so let's revive getting Bandit into projects
17:21:57 <hyakuhei> tmcpeak1, chair6, tkelsey etc.
17:22:06 <tmcpeak1> tkelsey mentioned global requirements
17:22:09 <tmcpeak1> I checked into that
17:22:19 <tmcpeak1> we aren't using anything in Bandit that isn't already in global requirements
17:22:32 <tmcpeak1> https://github.com/openstack/requirements
17:22:34 <tmcpeak1> #link https://github.com/openstack/requirements
17:22:43 <tmcpeak1> :\
17:22:51 <sicarie> tmcpeak1 - maybe a refresh of what bandit is (for the new folk)?
17:22:53 <tmcpeak1> I have no IRC-foo
17:22:55 <bknudson> if you want to aim for keystone first might be easier since I can +2
17:22:57 <tmcpeak1> sure
17:23:07 <tmcpeak1> bknudson: that would be awesome!
17:23:13 <bknudson> also, might be interesting to put this on the cross-project meeting topic
17:23:17 <nkinder> bknudson: yeah, absolutely
17:23:18 <tmcpeak1> I was kind of hoping you'd say that actually bknudson
17:23:19 <bknudson> they might ask for a spec.
17:23:21 <dg_> tmcpeak1 interested in this for Anchor
17:23:28 <tkelsey> so I can put up a patch that adds bandit itself into global reqs
17:23:32 <hyakuhei> bknudson: Great, I know Mr Young was interested in this too, though it was some time ago when we spoke about it
17:23:44 <bknudson> mr young has many interests
17:23:50 <hyakuhei> lol so I’m told.
17:23:51 <tmcpeak1> tkelsey: in order to do that we need to be running a job
17:24:03 <tmcpeak1> https://github.com/openstack/requirements#enforcement-in-projects
17:24:09 <tkelsey> humm, ok
17:24:10 <hyakuhei> tmcpeak1: Give a quick overview of Bandit for the new folks please.
17:24:10 <tmcpeak1> so there is one step we need to do
17:24:13 <chair6> #link https://wiki.openstack.org/wiki/Security/Projects/Bandit <- for the new folks
17:24:19 <hyakuhei> thanks chair6
17:24:19 <tmcpeak1> ok cool
17:24:31 <tmcpeak1> so Bandit is something that we started with last OpenStack Security meetup
17:24:33 * singlethink has taken a quick look... so I'm vaguely familiar with bandit
17:24:35 <chair6> "Bandit provides a framework for performing security analysis of Python source code, utilizing the ast module from the Python standard library."
17:24:59 <tmcpeak1> the idea is to automatically identify possible security issues in code using static code analysis (Python ASTs)
17:25:36 <tmcpeak1> it scans through AST representations of Python source and when it encounters a AST node
17:25:56 <tmcpeak1> like a function call or an import statement it calls plugins which self-declare their interest in that type of node
17:26:08 <singlethink> Operating at the syntax level (no type or data flow propagation), correct?
17:26:18 <hyakuhei> nope
17:26:25 <tmcpeak1> so, for example, when somebody imports md5 we can warn that md5 isn't the most secure hash library to use
17:26:47 <hyakuhei> It’s a bit smarter than basic source code analysis
17:27:03 <tmcpeak1> we have a few plugins already and a nice framework that makes it easy to write new checks
17:27:15 <singlethink> I was impressed by their brevity
17:27:30 <hyakuhei> Yeah they’re tidy.
17:27:43 <hyakuhei> Cool - any questions re: Bandit? Thanks for the overview tmcpeak1
17:28:08 <tmcpeak1> singelthink: so we settled on the AST approach because we can do some smarter things, and we have some data flow propogation ideas, but we aren't there yet
17:28:14 <elmiko> is bandit in a state where we could start using it in our project?
17:28:24 <singlethink> Is it "feature complete" at this point?  And now you're looking into writing tests and integrating with projects?
17:28:35 <singlethink> Or are there outstanding major features on the TODO list?
17:28:39 <nkinder> It should be usable now
17:28:46 <tmcpeak1> no major features, I'd say it's pretty steady state
17:28:49 <bdpayne> it is certainly usable
17:28:49 <nkinder> it's just limited in what it checks for
17:28:49 <ukbelch> is any security tool ever "feature complete"?:)
17:28:52 <bdpayne> but probably not "feature complete"
17:28:56 <bdpayne> exactly
17:28:58 <tmcpeak1> we have new 2.0 features we'd like to add, but should be very usable now
17:28:59 <elmiko> cool, i'll bring this up with the sahara folks. thanks
17:29:16 <singlethink> I guess I meant, stable and ready for use by the masses
17:29:16 <hyakuhei> Progress!
17:29:25 <bdpayne> as an aside, there's some contributions coming from my team to Bandit shortly
17:29:25 <tmcpeak1> initially we'd shoot for a non-blocking gate test just to see how noisy it is
17:29:42 <tmcpeak1> bdpayne: yeah saw that - awesome-sauce!
17:29:57 <tmcpeak1> we <3 contributions
17:29:58 <hyakuhei> bdpayne: Yes I saw Lucas was getting involved :)
17:30:03 <bdpayne> :-)
17:30:26 <hyakuhei> ok, lets talk about Anchor for a moment
17:30:36 <hyakuhei> #topic Anchor
17:30:44 <hyakuhei> tkelsey: can you dig out a link to the wiki please?
17:30:54 <hyakuhei> So Anchor is what we’ve named Ephemeral PKI
17:31:01 <hyakuhei> which is now Apache2 and in Stackforge
17:31:36 <hyakuhei> We’ve been doing various bits recently, mainly tkelsey’s hard work, contributing changes to pycryptography so we can use that instead of M2Crypto
17:31:47 <hyakuhei> Because M2Crypto isn’t exactly well maintained
17:31:54 <bdpayne> truth
17:32:00 <tkelsey> #link https://wiki.openstack.org/wiki/Anchor
17:32:06 <tkelsey> ^wiki
17:32:16 <tmcpeak1> me too crypto? sounds… perfectly maintained ;)
17:32:18 <hyakuhei> That work has just landed in Anchor and now we’re looking to basically feature-freeze while we build up a testing framework for the core functionality
17:32:41 <tkelsey> yup, lots of focus on testing next
17:32:46 <hyakuhei> #link https://www.youtube.com/watch?v=jf_YOzW7I3s Our talk on ephemeral PKI
17:32:48 <tkelsey> tests tests and more tests
17:33:13 <hyakuhei> Also, at the moment the only contributors are HP and while that’s fine, I’m sure others might like to contribute
17:33:28 <hyakuhei> We also want to integrate with Barbican sooner rather than later.
17:33:34 <bknudson> so in keystone / auth_token middleware we have PKI tokens... can we use this to generate and distribute the certs?
17:33:35 <hyakuhei> Anything to add dg_ tkelsey ?
17:33:43 <hyakuhei> bknudson: I can’t see why not
17:33:48 <elmiko> i had asked about contributions last meeting, has there been any progress on a todo list or roadmap for Anchor?
17:33:53 <tkelsey> nothing other than to encourage people to get involved ;)
17:33:59 <dg_> thats a pretty good summary, hoping to get some tests in early next week
17:34:18 <tkelsey> elmiko: well our first step was to move away from m2crypto
17:34:22 <hyakuhei> elmiko: It’s got a launchpad page, if you see things missing you want adding but don’t have time to write, drop a feature there
17:34:28 <hyakuhei> yeah that was a big lump of work
17:34:28 <tkelsey> now we are testing
17:35:01 <elmiko> hyakuhei: i was thinking more in terms of helping with some of test framework and whatnot. i'd be happy to help but i'm not sure i have features ready to propose.
17:35:01 <tkelsey> so any tests or code scrutiny would be most valuable
17:35:07 <hyakuhei> We’re quite process-light compared to more established OpenStack projects at the moment
17:35:07 <bknudson> actually it looks like anchor can essentially be the token / auth mechanism itself.
17:35:16 <bknudson> might have performance problems.
17:35:33 <hyakuhei> elmiko: Funny you mention that :)
17:35:40 <hyakuhei> bknudson: Possibly but it scales _really_ nicely
17:36:04 <hyakuhei> As well as any API/Rest-thingy scales I guess but there’s no back end RPC or shared states to worry about
17:36:31 <hyakuhei> #action dg_ tkelsey hyakuhei to build a basic roadmap for Anchor
17:36:37 <bknudson> gyee has been pushing for client cert auth for services for some time ... maybe you've been working with him.
17:36:38 <elmiko> is openstack-security the best place to talk about Anchor tasks and whatnot?
17:36:38 <tkelsey> +1
17:36:49 <hyakuhei> We need some signposts to help guide people who want to get involved.
17:36:55 <elmiko> +1
17:37:07 <hyakuhei> bknudson: Nope though I’ve wanted server identities for a long time
17:37:08 <singlethink> +1 on client-cert auth...
17:37:09 <tkelsey> yeah, I should have done that already tbh, but been tied up with the m2 related work
17:37:21 <bdpayne> is there an architecture overview doc for anchor?
17:37:23 <bdpayne> or should I just go read the code and whiteboard it?
17:37:24 <dg_> hyakuhei +1
17:37:25 <hyakuhei> Anchor even supports Keystone auth for requestors as we see that as being where this will go
17:37:35 <hyakuhei> bdpayne: more the latter at the moment
17:37:45 <hyakuhei> It’s very simple (long may it stay that way!)
17:38:01 <bdpayne> yeah, your comment on lack of state raised some questions in my head
17:38:05 <bdpayne> I'll go research it a bit
17:38:23 <dg_> hyakuhei I'll look at publishing our internal docs
17:38:34 <tkelsey> bdpayne: awesome :) more eyes and all that
17:38:38 <hyakuhei> dg_: Yeah that should be fine
17:38:50 <hyakuhei> bdpayne: You were at my talk :P
17:39:27 <bdpayne> yes, but it didn't answer my questions
17:39:39 <bdpayne> :P
17:39:40 <hyakuhei> Great, the more questions the better :
17:39:49 <hyakuhei> Ok, anything else re: Anchor?
17:39:53 <gyee> SSL cert auth spec review is here if you guys want to review. https://review.openstack.org/#/c/105913/
17:40:11 <bknudson> gyee have you heard of anchor?
17:40:19 <gyee> bknudson, no
17:41:00 <nkinder> gyee: I'll take a look
17:41:07 <singlethink> hyakuhei: Making sure I understand what you said... so basically, Keystone would be the most fundamental auth mechanism... and you could use keystone auth tokens to get certs from Anchor?
17:41:07 <hyakuhei> So it’s the project formally known as ephemeral PKI which you probably didn’t know about either :P
17:41:13 <tkelsey> gyee: will look as well, thanks
17:41:31 <hyakuhei> singlethink: Yes it can work that way today but that’s not the only AuthN scheme
17:41:41 <hyakuhei> In fact we don’t even think it will get used much
17:41:53 <hyakuhei> re client certs, I’ll take a look
17:41:55 <singlethink> I was just trying to figure out if it was that, or the other way around
17:42:06 <nkinder> I expect that gyee wants to use existing PKI environments where client-certs are already available
17:42:27 <gyee> nkinder, right, cert management is out of the scope of that spec
17:42:33 <hyakuhei> Yeah I expect so, Anchor can cater for that too, in fact its probably a good thing :)
17:42:40 <nkinder> hyakuhei: I would think Barbican is the recommended way to get certs via keystone auth (possibly with anchor behind it)
17:42:49 <hyakuhei> gyee: Make sure your openssl is up to date as client cert auth was a bit broken: http://threatpost.com/openssl-fixes-eight-security-vulnerabilities/110279
17:42:53 <gyee> it basically take whatever that is passed from mod_ssl
17:43:28 <gyee> hyakuhei, yeah, it have a dependency on apache2
17:43:36 <hyakuhei> nkinder: Yeah, there’s lots of options. We’ll probably end up with an under-cloud Anchor to protect services like Rabbit, MySQL etc and Overcloud Anchor behind Barbican
17:43:58 <nkinder> hyakuhei: yeah, makes sense
17:44:28 <hyakuhei> ok, we’ve only got 15 minutes left
17:44:49 <hyakuhei> #topic Security initiatives in General
17:45:16 <hyakuhei> So we’ve got OSSNs, Security Guide, Bandit, Anchor and Threat Analysis running at the moment, all with various degrees of maturity and velocity
17:45:20 <bdpayne> did anyone have specific questions on security doc and/or the security guide?
17:45:39 <elmiko> i do, project or tenant, which to use?
17:45:40 <hyakuhei> Does anyone have designs on the next big thing we should consider persuing
17:45:45 <bknudson> project
17:45:55 <hyakuhei> +1
17:46:01 <elmiko> that's what i thought, just wanted something more concrete =)
17:46:04 <ukbelch> keystone?
17:46:08 <hyakuhei> Basically the opposite of whatever you see me write, I always seem to get it wrong
17:46:10 <nkinder> yep, project
17:47:18 <hyakuhei> #topic Sahara security
17:47:31 <elmiko> #link https://etherpad.openstack.org/p/sahara-security-guide-notes
17:47:36 <elmiko> i've added more content there
17:47:47 <elmiko> and i'm still soliciting opinions/advice/criticisms
17:47:48 <hyakuhei> So you’re looking for a review?
17:48:13 <elmiko> i'm looking for more opinions about how we might proceed and if the content i'm creating is appropriate
17:48:25 <hyakuhei> bdpayne: interested on your thoughts on this?
17:48:37 <elmiko> i'm hoping to have a review up to the security-doc sometime next week
17:48:38 <bdpayne> I can take a look
17:48:42 <hyakuhei> elmiko: Whats the intended end-product?
17:48:43 <elmiko> thanks
17:49:06 <elmiko> hyakuhei: a new chapter 14 for the sec guide, on the data processing service
17:49:20 <hyakuhei> then you and bdpayne should definitely sync
17:49:21 <bdpayne> ah yeah, so I'll review this in more detail later today
17:49:27 <bdpayne> elmiko feel free to pester me on openstack-security too
17:49:27 <elmiko> bdpayne: thanks
17:49:32 <hyakuhei> Thanks both
17:49:41 <hyakuhei> elmiko: anything else ?
17:49:48 <elmiko> nope, just wanted to update =)
17:50:08 <hyakuhei> Great stuff, looking forward to seeing this progress
17:50:15 <hyakuhei> #topic Security Guide
17:50:19 <hyakuhei> bdpayne: What’s the latest?
17:50:24 <bdpayne> oh hi
17:50:51 <bdpayne> so the latest is that I'd love a person or two to step up and co-lead
17:51:03 <bdpayne> I haven't been meeting my goals with the guide in a timely fashion
17:51:07 <bdpayne> so more help could be good
17:51:19 <bdpayne> if anyone's interested, please ping me
17:51:21 <bdpayne> there's some great plans for moving this ahead
17:51:31 <bdpayne> we just need to clean up the book a bit
17:51:34 <bdpayne> editorial stuff
17:52:00 <bdpayne> having said that, contributions are continuing to roll in, which is nice
17:52:03 <elmiko> bdpayne: i'll ping you later, you've got me curious
17:52:07 <bdpayne> cool, thanks
17:52:09 <hyakuhei> Maybe there’ll be more takers after the mid-cycle, that’s a great way to introduce the docs project to people
17:52:21 <bdpayne> yeah
17:52:41 <hyakuhei> ok cool, thanks bdpayne :)
17:52:48 <hyakuhei> #topic Any other business
17:52:49 <bdpayne> but that's all that I have for now... so people can ponder that
17:53:02 <hyakuhei> General discussion, anything you think is interesting
17:53:26 <shohel02> Regarding Threat analysis...
17:53:36 <shohel02> got couple of reviews from bknudson
17:54:10 <hyakuhei> Big changes since my last review?
17:54:16 <shohel02> i think in the security group, we should make a decision how should we progress
17:54:19 <shohel02> not much
17:54:28 <shohel02> some small stuff..
17:54:31 <bknudson> I think it was in good shape
17:54:45 <bknudson> better than what we had before.
17:54:46 <shohel02> thanks bknudson
17:55:00 <bdpayne> shohel02 what are the paths you see?
17:55:40 <shohel02> this is setting the framework analysing other projects
17:55:57 <shohel02> definately we need more involvement to get it forward
17:56:15 <hyakuhei> Its hard
17:56:23 <shohel02> yah
17:56:46 <hyakuhei> I’m trying to get HP to share architectural drawings where we don’t have lots of internal stuff on them but that’s not so easy
17:57:21 <shohel02> that would be helpful
17:58:07 <hyakuhei> I’m working on it :)
17:58:17 <hyakuhei> Last two minutes guys, anything to add?
17:58:44 <hyakuhei> cool, lets call it!
17:58:48 <hyakuhei> Thanks all!
17:58:49 <nkinder> thanks!
17:58:50 <hyakuhei> #endmeeting