17:06:00 <hyakuhei> #startmeeting openstack security group
17:06:01 <openstack> Meeting started Thu Jan 15 17:06:00 2015 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:06:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:06:04 <openstack> The meeting name has been set to 'openstack_security_group'
17:06:13 <elmiko> weird...
17:06:17 <tkelsey> hummm guess its bust, technology eh? :P
17:06:18 <bdpayne> oh well, carry on :-)
17:06:33 <hyakuhei> well that was an exciting diversion!
17:06:40 <bknudson> hackers.
17:06:44 <tkelsey> :P
17:06:47 <hyakuhei> haxors everywhere!
17:06:59 <hyakuhei> Right, back on topic. Which was, to set the agenda :)
17:07:11 <hyakuhei> Anchor, Bandit, Mid-Cycle - anything else?
17:07:37 <hyakuhei> ok
17:07:46 <hyakuhei> tkelsey: what’s the latest on Anchor?
17:07:47 <bdpayne> sounds good to me
17:07:58 <tkelsey> hyakuhei: test, test and more tests
17:08:18 <tkelsey> well, slowly adding coverage
17:08:25 <tkelsey> I also updated the wiki pages
17:08:32 <hyakuhei> Superb. Anyone want to get involved with Anchor? This is a great time.
17:08:46 <hyakuhei> Still need to workout where/when to write the Barbican plugin
17:08:52 <tkelsey> #link https://wiki.openstack.org/wiki/Anchor
17:08:56 <hyakuhei> and bdpayne you wanted to talk about some stuff ?
17:09:00 <tkelsey> hyakuhei: yeah good point
17:09:16 <bdpayne> I did?
17:09:33 <hyakuhei> Yeh, I thought you mentioned something last week, ah well
17:09:50 <hyakuhei> So yes in general, we are feature freezing Anchor while we add a number of tests.
17:09:57 <bdpayne> well, I have some thoughts that I'll keep to myself for now until I can dig into the code base some more
17:10:18 <hyakuhei> Righto, feel free to air them early, we won’t get offended :)
17:10:22 <tkelsey> bdpayne: awesome :) input very welcome when your ready
17:10:25 * redrobot is fashionably late
17:10:28 <bdpayne> cool
17:10:35 <hyakuhei> welcome redrobot !
17:10:54 <hyakuhei> We were just talking about adding an Anchor plugin into Babrican :)
17:11:38 <hyakuhei> ok, so re: Anchor - get involved, write some tests :)
17:11:45 <tkelsey> +1 :)
17:11:52 <hyakuhei> #topic Bandit
17:12:12 <tmcpeak> Bandit might be mostly a no-op this week
17:12:22 <hyakuhei> Last week we spoke about testing out Bandit in various places
17:12:24 <elmiko> i have a bandit user report
17:12:30 <hyakuhei> Excellent!
17:12:31 <tmcpeak> ooh
17:12:32 <tmcpeak> do tell
17:12:34 <tkelsey> :D
17:12:37 <elmiko> i ran it against the sahara code base, it was smooth sailing
17:12:47 <elmiko> i followed the instructions and it worked like magic =)
17:12:48 <tmcpeak> find anything interesting?
17:12:50 <tkelsey> elmiko: thats awesome news, find anything interesting ?
17:12:59 <elmiko> yea, i think so
17:13:05 <tmcpeak> awesome!
17:13:16 <redrobot> I've been meaning to run it against the Barbican code base...
17:13:21 <elmiko> #link https://gist.github.com/elmiko/94f063583912a5d8c3cb
17:13:24 <elmiko> that's our output
17:13:27 <tkelsey> redrobot: +1
17:13:38 <hyakuhei> I did run it once a while back, found a few things iirc.
17:13:43 <elmiko> it mainly complains about our usage of /tmp, but that's occuring on our cluster nodes so maybe something to look at
17:13:58 <bknudson> that is scary.
17:14:13 <bknudson> sudo su - -c "mkdir /tmp/oozielib !!??
17:14:40 <hyakuhei> eeeeeew
17:14:44 * elmiko feels like he just exposed sahara's bare ass
17:15:03 <tmcpeak> sudo /tmp/sahara-hadoop-init.sh :)
17:15:08 <elmiko> yea, we need some help =)
17:15:33 <sicarie> tmcpeak to be fair they created the directory 500 immediately before :)
17:15:43 <hyakuhei> That’s a good thing elmiko, what we are here for :)
17:15:56 <tkelsey> hyakuhei: +1
17:15:56 <tmcpeak> ahh gotcha
17:16:01 <sicarie> er, not directory
17:16:12 * sicarie stops typing while caffeine goes through his system
17:16:52 <elmiko> anyways, aside from our issues, kudos to the bandit team. the process was painless and the docs were clear.
17:17:00 <bknudson> bandit is sure doing it's job if it's able to catch these issues.
17:17:14 <tmcpeak> elmiko: thanks for using it
17:17:22 <tmcpeak> so next step is to get it in the gate
17:17:25 <elmiko> i would like to learn how best to interpret it's output as my next task with bandit
17:17:27 <tkelsey> elmiko: awesome, thanks for the feedback
17:17:45 <chair6> yeah, nice to see real world usage :)
17:17:49 <hyakuhei> +1
17:17:51 <tkelsey> elmiko: tmcpeak or myself can help if you have any questions
17:18:00 <tmcpeak> +1
17:18:09 <elmiko> tkelsey: awesome, i'll find you guys in openstack-security
17:18:18 <bknudson> I ran it on keystone quickly a month ago to see if it worked, and it worked fine... I think I asked for a feature to skip files (e.g., test directory)
17:18:21 <tmcpeak> bdpayne: btw, did you know if Lucas is planning on merging his improvements?
17:18:30 <bdpayne> yeah he is
17:18:33 <bdpayne> I'll ping him to do so
17:18:44 <tmcpeak> bknudson: oh right, I added that item to our wiki
17:18:46 <hyakuhei> bknudson: You mentioned before it might fit in the Keystone gate?
17:19:06 <bknudson> I would definitely like to see this in keystone gate.
17:19:19 <hyakuhei> What’s the process of doing a trial?
17:19:22 <tmcpeak> there's a little work we need to do to get it in requirements
17:19:36 <bknudson> and if you need project to start with I think keystone is a good target.
17:19:37 <tmcpeak> after that it should be easy to set up a non-blocking gate job for it
17:19:44 <bknudson> maybe middleware.
17:20:28 <bknudson> I think this would be a good topic for the cross-project meeting.
17:20:33 <hyakuhei> We’ll use it in Anchor soon but it looks like Keystone would be the first ‘proper’ project to test it with
17:20:51 <tmcpeak> what's the cross-project meeting?
17:21:02 <tmcpeak> is that a summit thing?
17:21:11 <bknudson> https://wiki.openstack.org/wiki/Meetings/CrossProjectMeeting
17:21:29 <bknudson> "Any cross-team issue is on-topic for this meeting."
17:21:48 <tmcpeak> ahh cool, I was not aware this was a thing :)
17:22:04 <bdpayne> neither was I... interesting
17:22:19 <bknudson> it would be good to take care of any objections that might be raised... I don't anticipate any other than there might be a request for a cross-project spec.
17:22:34 <tmcpeak> bknudson: yeah, that looks like a good fit for that discussion
17:22:44 <bknudson> so you might want to get started on a spec.
17:22:57 <tmcpeak> cool
17:23:04 <tmcpeak> ok so todo: 1) requirements 2) spec
17:24:22 <hyakuhei> Anyone want to volunteer to take that as an action?
17:24:24 <bknudson> Here's an example cross-project spec: https://review.openstack.org/#/c/145544/
17:24:35 <hyakuhei> another action would be to attend the cross-project meeting
17:24:42 <hyakuhei> which is at 21:00 UTC
17:24:59 <tmcpeak> let's attend when we have what we need in place
17:25:08 <tmcpeak> I'm a little bandwidth challenged right now, but I can at least work #1
17:25:20 <hyakuhei> cool
17:25:37 <hyakuhei> #action tmcpeak to take a look at the requirements regarding Bandit and Keystone Gate Tests
17:26:07 <sarnold007> I might be able to assist with the spec
17:26:13 <tmcpeak> awesome!
17:26:20 <hyakuhei> Anything else on Bandit?
17:26:29 <tmcpeak> nope
17:26:40 <sarnold007> is there a deadline for it? other than ASAP?
17:26:40 <hyakuhei> cool
17:26:55 <tmcpeak> next week would be good
17:27:15 <tmcpeak> as you're able
17:27:19 <sarnold007> Ok, I'll work on it this weekend
17:27:31 <tmcpeak> you don't have to :)
17:27:37 <tmcpeak> the week after is fine
17:27:48 <tmcpeak> not trying to crack the whip
17:27:48 <sarnold007> it gives me an excuse to avoid my teenager :)
17:27:58 <tmcpeak> haha ok, awesome
17:28:37 <hyakuhei> Ok, lets move along, thanks Bandit peoples!
17:28:43 <hyakuhei> #topic Mid-Cycle
17:28:46 <hyakuhei> #link https://etherpad.openstack.org/p/ossg-kilo-meetup
17:29:10 <hyakuhei> Agenda is looking pretty thin at the moment, I’d like to see more on there, especially if you’re a confirmed attendee
17:29:25 <hyakuhei> At the very least put your name down against the things that you think are most important
17:29:46 * bdpayne will add at least one agenda item
17:30:52 <hyakuhei> Thanks :)
17:31:26 <tmcpeak> looks like a HP/Nebula party?
17:31:30 <hyakuhei> I’m finalizing travel plans over the next 24 hours
17:31:39 <hyakuhei> Malini from Intel is going to try to come
17:31:46 * bdpayne added one item
17:32:14 <bdpayne> Can we put an address on there for Geekdom?
17:32:17 <hyakuhei> I’ll try to add a few over the next few days.
17:32:19 <tmcpeak> yep, I'll get it
17:32:24 <bknudson> I need to convince my employer to get me to the security meetups.
17:32:25 <hyakuhei> thanks tmcpeak
17:32:46 <bdpayne> also, it says "proposed dates" up top, but those _are_ the dates, right?
17:33:01 <hyakuhei> They have a decent bike lockup there fyi, I’ll be renting a roadie for a day or two while I’m there :)
17:34:13 <hyakuhei> So I don’t have a whole bunch more to add atm. I noticed a few prospective board members mentioning security
17:34:36 <tmcpeak> can we get some pandering? :)
17:34:37 <hyakuhei> Jesse Proudman used the recent glance vulnerability as an example of things not working great
17:34:52 <bdpayne> Re bike lockup, that's nice as I'll probably be taking the train/bike to the spot each day
17:35:11 <hyakuhei> Cool
17:35:18 <hyakuhei> They can lend you a lock too bdpayne
17:36:20 <bdpayne> what time are we starting on the first day?
17:36:20 <bdpayne> and what time are we ending on the last day?
17:36:20 <bdpayne> (to help people with travel plans)
17:36:35 <hyakuhei> So, we’ve got the place 9-5 Tuesday-Friday
17:36:41 <hyakuhei> with a 4pm finish on Thursday
17:36:51 * bdpayne doesn't trust someone else's lock, but thanks
17:36:54 <hyakuhei> Sure
17:37:16 <bdpayne> should we just plan to start 9a on Tuesday than?
17:37:18 <bdpayne> s/than/then/
17:37:21 <hyakuhei> Yup
17:37:23 <bdpayne> or is that too early?
17:37:28 <tmcpeak> 9's good
17:37:37 <hyakuhei> Lets start strong ;)
17:37:50 <bdpayne> for me, strong would be later in the morning ;-)
17:37:58 <bdpayne> but, I can figure out the 9a thing
17:38:01 <bdpayne> I hear it's possible
17:38:06 <elmiko> lol
17:38:14 <hyakuhei> You can be late
17:38:15 <tmcpeak> yeah bdpayne: that's a sub-optimal Caltrain ride you have to do
17:38:19 <hyakuhei> but you must bring cake.
17:38:46 <bdpayne> yeah, it will be a bit painful
17:38:53 <bdpayne> but I'd rather not be away from my family all week
17:38:55 <bdpayne> so, eh
17:38:56 <bdpayne> ;-)
17:39:16 <bdpayne> I can do the bullet train
17:39:16 <hyakuhei> Whatever works bdpayne, it’s always a slow start on the first day.
17:39:30 <bdpayne> no worries
17:40:04 <hyakuhei> I’m hoping we can have a social event one day.
17:40:35 <tmcpeak> I know some good spots around there
17:41:00 <hyakuhei> Cool
17:41:03 <bdpayne> ah good, b/c I don't really know that area too well
17:41:09 <jroll> I just found out about the OSSG meetup, I'd like to start getting involved, mind if I drop in on it? :)
17:41:19 <bdpayne> sure
17:41:19 * jroll works upstairs from geekdom
17:41:23 <bdpayne> a great way to get started
17:41:25 <hyakuhei> Sure jroll
17:41:28 <hyakuhei> https://etherpad.openstack.org/p/ossg-kilo-meetup
17:41:32 <jroll> awesome, thanks
17:41:35 <jroll> I'll add my name
17:42:04 <hyakuhei> Sweet!
17:42:46 <hyakuhei> Ok, if there’s nothing to add lets close it out :)
17:42:58 <hyakuhei> Thanks all!
17:43:00 <hyakuhei> #endmeeting