#openstack-meeting-alt log

17:02:03 <elmiko> #startmeeting security
17:02:03 <openstack> Meeting started Thu Jan 21 17:02:03 2016 UTC and is due to finish in 60 minutes.  The chair is elmiko. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:02:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:02:06 <openstack> The meeting name has been set to 'security'
17:02:10 <bknudson> hi
17:02:29 <elmiko> hey all
17:02:42 <LukeH> hi
17:02:57 <sicarie> o/
17:03:23 <elmiko> haven't talked with hyakuhei, not sure what's on the agenda. so let's gather some topics
17:03:29 <elmiko> i'd like to discuss sec-doc
17:03:40 <dg_> threat analysis :D
17:03:42 <tkelsey> bandit 1.0 pls :)
17:03:42 <elmiko> i'm guessing we should get status for bandit and anchor?
17:03:50 <elmiko> ack, threat analysis
17:04:06 <elmiko> ossp outreach
17:04:10 <tkelsey> +1
17:04:26 <michaelxin> hi
17:04:29 <michaelxin> sorry I am late
17:04:46 <tmcpeak> o/
17:04:48 <elmiko> no prob, we're still gathering topics
17:04:52 <elmiko> #chair tmcpeak
17:04:52 <openstack> Current chairs: elmiko tmcpeak
17:05:01 <tmcpeak> hey elmiko, thanks for starting! :)
17:05:03 <elmiko> syntribos status?
17:05:07 <tmcpeak> was in another meeting and got distracted
17:05:31 <elmiko> #link https://etherpad.openstack.org/p/ossp-meeting-agenda-2016-01-21
17:05:38 <elmiko> i'm adding agenda items there ^^
17:06:18 <michaelxin> elmiko: sure
17:06:23 <elmiko> please add an item if you'd like to discuss it =)
17:06:30 <dg_> lgtm
17:06:30 <elmiko> ok then,
17:06:44 <elmiko> #topic sec doc
17:06:45 <michaelxin> feedback for mid-cycle
17:07:09 <elmiko> i wanted to highlight this review
17:07:13 <elmiko> #link https://review.openstack.org/#/c/258846/
17:07:31 <elmiko> sicarie, i think that review is proving troublesome and we could use a few more eyes on it
17:07:40 <sicarie> ack
17:07:53 <sicarie> I don't have many free cycles for hte next 10 days, but I'll make sure I hit that one
17:07:59 <elmiko> thanks
17:08:10 <elmiko> any other specific updates for the guide?
17:08:31 <bknudson> are there docs that say that :file: is deprecated?
17:08:45 <bknudson> they should be linked in the commit message
17:08:48 <nkinder> Hi all.  Sorry I'm late.
17:09:03 <tmcpeak> hey nkinder good to see you
17:09:03 <elmiko> bknudson: yea... agreed about linking it in
17:09:03 <mvaldes> can we break that into smaller patches, like Ian suggested?
17:09:15 <elmiko> mvaldes: i hope so, but please add your comments on the review =)
17:09:19 <elmiko> hi nkinder !
17:09:25 <mvaldes> oh yea.. that's how it works :)
17:09:29 <elmiko> hehe
17:09:58 <elmiko> sicarie: any other updates for the guide?
17:10:15 <sicarie> not at the moment
17:10:18 <elmiko> k
17:10:32 <elmiko> #topic midcycle feedback/review
17:10:38 <elmiko> (should have started with this)
17:10:44 <tmcpeak> thanks all for everybody that attended!
17:10:47 <elmiko> so, midcyclers, how did it go? =)
17:10:50 <elmiko> +1
17:10:56 <tmcpeak> you should know, you were on a huge screen for most of it!
17:11:01 <elmiko> >.<
17:11:05 <tmcpeak> all hail the dark lord elmiko
17:11:10 <elmiko> yea, but i missed all the fun stuff
17:11:11 <ccneill> sorry I didn't get to meet more of you in person! stupid allergies/cold/whatever/voice-eating-monster
17:11:11 <elmiko> hahaha
17:11:19 <elmiko> ccneill: =(
17:11:19 <tmcpeak> we got a ton of stuff done, RAX was an awesome host
17:11:25 <elmiko> sweet
17:11:29 <mvaldes> i learned a lot
17:11:33 <tmcpeak> so I guess for those that attended - what went well and what should we do better next time?
17:11:43 <elmiko> any feedback about things that worked well or could be improved?
17:11:45 <elmiko> jinx
17:11:50 <tmcpeak> :D
17:11:52 <michaelxin> tmcpeak: +1
17:12:02 <browne> i have no complaints
17:12:03 <tkelsey> rackspace was a really good host, many thanks rackers!
17:12:07 <michaelxin> Collaboration with Baribican is good
17:12:15 <tmcpeak> I'd say our unconference style continues to be productive
17:12:16 <michaelxin> tkelsey: Anytime
17:12:25 <tkelsey> :)
17:12:32 <mvaldes> our pleasure! it was a good time
17:12:39 <michaelxin> Tim's deep dive into bandit is great
17:12:41 <elmiko> michaelxin: yea, it seemed like having ossp and barbican together was very useful
17:12:54 <elmiko> redrobot ^^
17:12:57 <tmcpeak> yeah it seems like we've got a few new Bandit contributers now, which is always awesome
17:12:57 <bknudson> We've got keystone meetup next week and I'm hoping we'll do the unconference.
17:13:05 <redrobot> o/
17:13:10 <tkelsey> michaelxin: thanks :)
17:13:11 <michaelxin> Major's demonstration is cool too.
17:13:14 * redrobot pretends he wasn't late
17:13:17 <elmiko> unconference does seem to work well for us
17:13:17 <tkelsey> tmcpeak: yeah looks like :)
17:13:24 <elmiko> redrobot: no worries =)
17:13:34 <michaelxin> We might need to come with more deliverables during planning stage.
17:13:54 <tmcpeak> michaelxin: elaborate please?
17:13:57 <elmiko> michaelxin: would you mind expanding on that a little
17:13:59 <elmiko> haha
17:14:12 <elmiko> tmcpeak: GET OUT OF MY MIND!!!
17:14:15 <elmiko> ;)
17:14:16 <tmcpeak> :#
17:14:35 <michaelxin> Say, we talk about outreach or anchor.
17:14:36 <redrobot> I agree, unconference format was awesome.  Totally stole the idea for Barbican too.
17:14:47 <tmcpeak> it's contagious!
17:15:01 <michaelxin> What did we accomplish during mid-cycle for these topics?
17:15:21 <michaelxin> For some topics, we talked a lot but there is no action items
17:15:24 <michaelxin> no follow up.
17:15:27 <elmiko> michaelxin: is it a case of needing better note taking during those sessions, or just making more firm plans?
17:15:28 <tmcpeak> michaelxin: you mean like a status report afterwards?
17:15:33 <mvaldes> to michaelxin point, i had to think pretty hard to list out what we achieved. it would be good to have some goals going in, and some defined tasks on the way out
17:15:38 <tkelsey> michaelxin: good point
17:15:49 <elmiko> this is good feedback
17:15:55 <tkelsey> elmiko: +1
17:16:03 <browne> where did all of the pictures from the midcycle end up?
17:16:06 <tmcpeak> mvaldes, michaelxin yeah hyakuhei, tkelsey and I had to do some for HP also.  Maybe we could pool efforts next time at the end to come up with a master list
17:16:16 <elmiko> browne: i think michaelxin has them on google somewhere...
17:16:17 <tkelsey> tmcpeak: +1
17:16:17 <michaelxin> browne: it is in google photos.
17:16:22 <mvaldes> tmcpeak:  +1
17:16:35 <tkelsey> browne: I think hyakuhei had some
17:16:39 <ccneill> what I suggested (as the only person who wasn't actually there) was maybe coming up with sort of "user acceptance criteria" for each topic, and then we can use that as a checklist
17:16:42 <michaelxin> https://goo.gl/photos/BaWfnFKSc8NtuYia8
17:16:57 <elmiko> tmcpeak: certainly would make reporting back easier for all participants
17:16:58 <ccneill> so we don't have to duplicate effort (i.e. "we'll do this" and then "we did this")
17:16:59 <tmcpeak> Rob and I have SuperUser post in the works about it too
17:17:02 <browne> oh ok, will those make it into the blog?
17:17:12 <elmiko> ccneill: nice idea
17:17:17 <tmcpeak> elmiko: yeah definitely
17:17:21 <elmiko> tmcpeak: sweet, +1
17:17:26 <michaelxin> +1
17:17:42 <tmcpeak> ok cool, good points, so next time we'll pool efforts on the post mortem :)
17:17:52 <michaelxin> tmcpeak: +1
17:18:07 <elmiko> maybe something for the last day session, a recap/review type of breakdown
17:18:19 <tmcpeak> yep, sounds legit
17:18:30 <michaelxin> browne: Did you see the pictures?
17:18:40 <browne> michaelxin:  yep thx
17:18:42 <elmiko> #info having a post-mortem of the midcycle would be very useful for participants
17:18:48 <michaelxin> cool
17:18:52 <browne> so what's the status of the blog?
17:18:59 <elmiko> #topic blog
17:19:04 <tmcpeak> it's up, Rob's got a couple of posts in the works
17:19:12 <browne> oh cool
17:19:16 <tmcpeak> anybody that wants to contribute please do, should be pretty easy
17:19:22 <dg_> http://openstack-security.github.io/
17:19:27 <tmcpeak> write in MD, name it in a format that github.io understands and gtg
17:19:31 <tmcpeak> #chair hyakuhei_
17:19:33 <openstack> Current chairs: elmiko hyakuhei_ tmcpeak
17:19:35 <elmiko> #link http://openstack-security.github.io
17:19:38 <elmiko> thanks dg_
17:19:41 <hyakuhei_> Hey, sorry I’m late, #lifeboat things
17:19:42 <hyakuhei_> ooer
17:19:56 <tmcpeak> all good man
17:19:59 <elmiko> hyakuhei_: np, and hey =)
17:20:14 <elmiko> hyakuhei_: agenda started here, https://etherpad.openstack.org/p/ossp-meeting-agenda-2016-01-21
17:20:18 <hyakuhei_> So those blogs are obviously a work in progress, they’ve not been shared anywhere yet and perhaps we can keep it that way fora a little while :)
17:20:29 <hyakuhei_> Excellent thank you elmiko, tmcpeak
17:20:52 <hyakuhei_> Please continue, I’m enjoying this waltzing in late and having things already being done :)
17:20:58 <elmiko> hehe
17:21:08 <mvaldes> is there a good way for us to collaborate on the blog posts?
17:21:09 <elmiko> ok, any other updates on the blog?
17:21:15 <mvaldes> (if needed)
17:21:19 <tmcpeak> mvaldes: maybe etherpad?
17:21:19 <hyakuhei_> well, it’s github, and it’s under an org
17:21:24 <elmiko> mvaldes: i'm guessing patches to the repo would be acceptable
17:21:29 <hyakuhei_> so let me know your nick and I can add you there
17:21:30 <tkelsey> im going to blog some stuff soon
17:21:36 <michaelxin> +1
17:21:39 <hyakuhei_> Yeah, so direct pull requests are welcome.
17:21:45 <michaelxin> jqxin2006
17:21:50 <hyakuhei_> I’d also like to consider using gerrithub perhaps
17:22:02 <hyakuhei_> I tried reviewable but it made me hate life
17:22:07 <elmiko> haha
17:22:27 <hyakuhei_> michaelxin: I’ll add you to the openstack-security org now.
17:22:35 <michaelxin> hyakuhei_: Thanks.
17:22:42 <mvaldes> hyakuhei_:  mattvaldes
17:22:47 <mvaldes> :) thanks
17:22:58 <hyakuhei_> The blogs are stored/authored here: https://github.com/openstack-security/openstack-security.github.io
17:23:04 <wayward710> Thanks!
17:23:28 <elmiko> anything else on this topic?
17:23:40 <michaelxin> We are creating an internal blog
17:23:52 <michaelxin> and a external blog about mid-cycle
17:23:56 <elmiko> nice
17:24:01 <michaelxin> it will be published soon.
17:24:09 <michaelxin> I hope. :-)
17:24:15 <wayward710> That will be interesting to see, since I wasn't able to go to the meeting
17:24:23 <hyakuhei_> michaelxin: ok you’re added to the org (with RW on the blog) - anyone else?
17:24:27 <elmiko> and we can all get ssh access to rackspaces internal network for the blog? ;)
17:24:36 <tkelsey> me please
17:24:51 <hyakuhei_> Also please feel free to open pull requests for obviously good changes to the jekyll configuration etc
17:24:58 <mvaldes> hyakuhei_:  add mattvaldes please
17:25:01 <hyakuhei_> tkelsey: you’re already in the org
17:25:10 <dg_> lol
17:25:10 <michaelxin> elmiko: I will mail you my RSA token
17:25:15 <elmiko> \o/
17:25:18 <hyakuhei_> nice!
17:25:22 <hyakuhei_> mvaldes: added.
17:25:24 <tkelsey> hyakuhei_: ty
17:25:39 <michaelxin> Both blogs should be same. :-)
17:25:54 <hyakuhei_> A likely story
17:26:04 <elmiko> #info bug hyakuhei if you need access to the securit blog organization on github
17:26:15 <elmiko> moving on
17:26:18 <elmiko> #topic bandit
17:26:23 <elmiko> tkelsey, tmcpeak, updates?
17:26:26 <tmcpeak> tkelsey: roll it
17:26:39 <tkelsey> ok, so we talked about 1.0 in the midcycle
17:26:56 <tkelsey> we came up with some work items to make that happen, and now are pushing though them
17:27:20 <elmiko> cool
17:27:26 <tkelsey> things like breaking out blacklists, fixing up test_set, profiles etc
17:27:35 <tkelsey> there are a number of patches in review right now
17:27:43 <tkelsey> so please take a look if your interested
17:27:58 <tkelsey> I think the work items are on the eitherpad
17:28:05 <tkelsey> (if not i'll add them)
17:28:19 <michaelxin> The link?
17:28:19 <tmcpeak> also of interest, Ryan_Lee from Lyft has a cool plugin in flight to try to find hardcoded creds using entropy analysis
17:28:24 <bknudson> do you have a date for when you think 1.0 will be out? I'm wondering for timing purposes.
17:28:26 <elmiko> i noticed that Ryan_Lane has suggested several interesting features in irc too, which is cool
17:28:27 <tkelsey> tmcpeak: +1
17:28:37 <elmiko> tmcpeak: +1
17:28:39 <michaelxin> +1
17:28:43 <tkelsey> so thats Ober and Lyft using it :)
17:28:46 <elmiko> some great conversations around bandit in irc recently
17:28:46 <tkelsey> *uber
17:28:59 <mvaldes> bknudson:  +1
17:29:00 <tmcpeak> yeah looks like awesome stuff.  And we love it when people contribute, especially those that aren't necessarily involved in OpenStack
17:29:09 <elmiko> yea, totally kickass
17:29:17 <tkelsey> indeed :) its nice to see bandit having a wider impact
17:29:28 <elmiko> any other updates?
17:29:32 <tmcpeak> so in light of all we know, how far out from 1.0 do you guys think we are?
17:29:37 <tmcpeak> I'd say a few months realistically
17:29:39 <tkelsey> #link https://etherpad.openstack.org/p/security-mitaka-midcycle
17:29:58 <bknudson> some projects (e.g., glance) are blocking adding bandit since they want to wait for 1.0
17:29:58 <tmcpeak> we should make sure 1.0 is really tight before we throw it up
17:30:05 <tkelsey> it looks like the work items didnt make it on there, i'll add some blueprints for the ones that are not done yet
17:30:07 <ccneill> question: is the new stripped-down config a 1.0 thing? or will that land before 1.0?
17:30:13 <elmiko> bknudson: interesting
17:30:16 <ccneill> (asking because designate wants to add bandit to their gate)
17:30:16 <tmcpeak> bknudson: yeah, that's probably for the best at this point
17:30:34 <tmcpeak> ccneill: it's partly a thing, but none of that is on PyPI yet
17:30:42 <tkelsey> ccneill: its sort of in master right now, but yeah its for 1.0 really
17:30:47 <tmcpeak> ccneill: if they get going with a config file we'll fix it for them once 1.0 lands
17:30:51 <tkelsey> since thats the next version AFAK
17:31:07 <tmcpeak> tkelsey: no, we're going to have to do another version with the .bandit file as soon as that lands
17:31:25 <dave-mccowan> o/
17:31:30 <tkelsey> OK, if that lands before the other 1.0 stuff.
17:31:32 <michaelxin> nice
17:32:08 <ccneill> tmcpeak, tkelsey : I'll ask them if they want to be on the bleeding edge or if they'd prefer to wait for 1.0 then
17:32:35 <tkelsey> ccneill: cool, we are always happy to help out if needs be as well
17:32:45 <michaelxin> ccneill: +1
17:33:05 <tkelsey> anyway, we got a load done on bandit and have had a lot of new interest as well. I'll put up some blueprints soon for the remaining 1.0 work
17:33:07 <ccneill> cool cool, I'll sync up with them and report back
17:33:14 <elmiko> tkelsey: awesome, +1
17:33:16 <tkelsey> in the mean time, please take a look at the patches in reivew :)
17:33:30 <elmiko> very encouraging to see continued evolution in bandit
17:33:35 <tmcpeak> yep yep
17:33:43 <elmiko> ok, moving along
17:33:46 <tkelsey> #link https://review.openstack.org/#/q/project:openstack/bandit+status:open
17:33:53 <elmiko> #topic anchor
17:33:58 <elmiko> dg_: any news here?
17:34:10 <hyakuhei_> Soooo
17:34:17 <hyakuhei_> There’s a few things that are interesting here
17:34:30 <hyakuhei_> First off, I did bloggy things : http://localhost:3000/tooling/2016/01/20/ephemeral-pki.html
17:34:32 <hyakuhei_> lol
17:34:35 <elmiko> hehe
17:34:39 <hyakuhei_> one sec, I’ll get a none local link
17:34:40 <michaelxin> haha
17:34:51 <hyakuhei_> #link https://openstack-security.github.io/tooling/2016/01/20/ephemeral-pki.html
17:34:54 <hyakuhei_> … long day.
17:35:02 <dg_> lol
17:35:02 <wayward710> worked, thanks
17:35:12 <hyakuhei_> So that post’s a bit rambly at the moment, needs a bit of a tidy
17:35:22 <elmiko> hyakuhei_: +1, looks awesome =) /me adds to reading list
17:35:31 <hyakuhei_> We’ve got a bunch of open bugs: https://openstack-security.github.io/tooling/2016/01/20/ephemeral-pki.html
17:35:59 <hyakuhei_> oh actually, everyone should watch that defcon 17 video,  35:20 is my fave altime security bug
17:36:03 <dg_> hyakuhei I'll have an edit. I de-typo'd your TA post
17:36:12 <hyakuhei_> excellent!
17:36:12 <tmcpeak> hyakuhei_: this is awesome
17:36:33 <hyakuhei_> Thanks tmcpeak I’m not very happy with it so please feel free to edit or send me comments
17:36:35 <dg_> love the cert revocation meme, cant believe I've not seen that in one of your presentations
17:36:45 <hyakuhei_> It didn’t exist until yesterday.
17:36:57 <hyakuhei_> That mozilla stuff was very interesting research
17:36:59 <tmcpeak> visually it's pretty good, I'll have a read through the content later :)
17:37:00 <hyakuhei_> anywhooo
17:37:11 <hyakuhei_> The big code change at the moment is introducing CMC support in requests
17:37:18 <mvaldes> tmcpeak:  +1
17:37:22 <hyakuhei_> #link https://tools.ietf.org/html/rfc5272
17:37:24 <wayward710> Yeah, the cert revocation cat thing was great
17:37:37 <hyakuhei_> Thanks :)
17:37:47 <hyakuhei_> So Stan has a bunch of patches in flight for that to work
17:38:04 <dg_> cool :)
17:38:04 <hyakuhei_> and then I want to go through a 1.0 plan just like Bandit did - i.e how to get there.
17:38:11 <dg_> +1 for 1.0
17:38:16 <elmiko> +1, nice
17:38:16 <hyakuhei_> and for you guys to perhaps take a look at how this might apply to your clouds
17:38:20 <tkelsey> hyakuhei_: +1
17:38:22 <hyakuhei_> apart from you elmiko
17:38:27 <elmiko> whaaa?
17:38:29 <ccneill> hyakuhei_: this looks good to me so far, will definitely watch the Moxie talk
17:38:33 <hyakuhei_> because we all know DOGTAG IS SUPERIOR!
17:38:41 * dg_ drinks
17:38:46 <elmiko> haha
17:39:02 <elmiko> i reserve the right to run anchor on my home cloud, tyvm ;)
17:39:14 <hyakuhei_> Awww
17:39:24 <michaelxin> I can follow up with Major to see the possibility with RPC
17:39:33 <hyakuhei_> #link https://review.openstack.org/#/q/project:openstack/anchor+status:open
17:39:50 <hyakuhei_> Oh, I guess the only other thing to mention re: Anchor is cathead
17:40:13 <hyakuhei_> I landed this a few days back #link https://review.openstack.org/#/c/267762/
17:40:13 <elmiko> next nautical themed project name needs to be jibboom imo
17:40:19 <hyakuhei_> elmiko: +1
17:40:34 <elmiko> hehe
17:40:39 <elmiko> i just like saying it
17:40:47 <hyakuhei_> So that’s basically a client side application for swapping out certificates, it’s a bit bare-bones but potentially an interesting thing to develop further
17:40:52 <hyakuhei_> I don’t have anything else on Anchor
17:41:08 <elmiko> cool, thanks hyakuhei_ , dg_
17:41:15 <elmiko> #topic threat analysis
17:41:21 <elmiko> dg_: how's it coming along?
17:41:22 <bknudson> https://www.youtube.com/watch?v=jN5Z8HDZSpg
17:41:33 <elmiko> bknudson: HAHA
17:41:50 <mvaldes> lol
17:41:56 <tkelsey> lo;
17:41:58 <elmiko> #link https://review.openstack.org/#/c/220712/
17:41:58 <dg_> elmiko thanks for the comments on the WIP stuff that I pushed up (its now marked as WIP to avoid confusion)
17:42:13 <elmiko> cool, i know it's wip but i wanted to help out =)
17:42:40 <hyakuhei_> #link https://openstack-security.github.io/collaboration/2016/01/16/threat-analysis.html <- I blogged about that too, again not wonderful.
17:42:58 <elmiko> oh man, you've been a blogging maniac ;)
17:43:05 <tmcpeak> hyakuhei_: the worlds leader in mediocre OpenStack security blogposts :P
17:43:09 <dg_> elmiko Yeah its super helpful, I've made a stack of changes, and have a whole bunch more to make. Right now trying to get the templates vaugely useful
17:43:18 <elmiko> dg_: sweet
17:43:22 <wayward710> For a newbie, these are very helpful
17:43:26 <mvaldes> hyakuhei_:  great start!
17:43:33 <michaelxin> +1
17:43:34 <elmiko> hyakuhei_: i applaud your push for openness with these blogs too, +1
17:43:36 <tmcpeak> hyakuhei_: this looks legit, your standards are too high
17:44:01 <michaelxin> What's our plan here?
17:44:12 <tmcpeak> seriously TA one looks good to me, I say ship it
17:44:17 <elmiko> dg_, hyakuhei_, so i guess we'll just keep pushing on this review until it's ready for publishing?
17:44:20 <dg_> the TA Blog? +1
17:44:20 <tmcpeak> I think people could get real benefit from reading this
17:44:22 <hyakuhei_> I’m expecting that after initial interest we’ll end up with 2-3 regular contributors
17:44:23 <dg_> elmiko yeah
17:44:29 <elmiko> great, thanks
17:44:45 <elmiko> everyone who is interested, please take a look at the review linked earlier
17:44:56 <dg_> elmiko hyakuhei was there any process documentation that came out of the mid-cycle?
17:45:04 <michaelxin> https://openstack-security.github.io/collaboration/2016/01/16/threat-analysis.html
17:45:16 <elmiko> dg_, not that i am aware of
17:45:28 <michaelxin> There was a picture.
17:45:31 <hyakuhei_> Yes but mainly captured in the etherpad/whiteboard
17:45:37 <dg_> ok cool
17:45:40 <hyakuhei_> and… in my mind :)
17:45:49 <mvaldes> and heart
17:45:50 <dg_> I'll take a first attempt at turning the etherpad/whiteboard/yourmind into a document
17:45:52 <elmiko> hehe
17:46:01 <elmiko> dg_: that could be....dangerous
17:46:03 <hyakuhei_> Basically, instead of trying to write it all down we’re going to TA some things, applying and recording the process as we go
17:46:09 <dg_> ok cool
17:46:12 <hyakuhei_> Anchor is a nice easy project to start with.
17:46:12 <elmiko> hyakuhei_: +1
17:46:15 <dg_> fancy a TA for Anchor
17:46:17 <dg_> lol
17:46:20 <hyakuhei_> then Barbican and Keystone
17:46:40 <dg_> In that case tkelsey needs to crack on and document anchor like we agreed at techcon....
17:46:41 <hyakuhei_> Mid-term goal is to get project maturity metrics associated with TA and Bandit-gates
17:46:50 <tkelsey> dg_: indeed
17:46:54 <elmiko> i will most likely work towards something for sahara following what has been posted, but it will be in the late M3 timeframe
17:47:15 <michaelxin> elmiko: +1
17:47:18 <tmcpeak> hyakuhei_: if you'd like to do it for the blogpost I got most of the whiteboard for Barbican on draw.io
17:47:18 <dg_> tkelsey lets work together as neither of us has got around to it
17:47:24 <hyakuhei_> So that to get (6 of 6 - maybe) you need to meet all the security requirements: https://www.openstack.org/software/project-navigator/
17:47:32 <tkelsey> dg_: +1 will chat
17:47:38 <dg_> kk
17:47:43 <hyakuhei_> tmcpeak: excellent, we still need to decide on a drawing/graphing tool
17:47:51 <tmcpeak> yep yep
17:47:57 <dg_> mspaint :D
17:47:59 <elmiko> hyakuhei_: have you started discussion with any of the TC or crossproject group yet?
17:48:05 <tmcpeak> always time for some good old tool bikeshedding
17:48:12 <dg_> +1
17:48:25 <hyakuhei_> elmiko: no
17:48:32 <hyakuhei_> I wanted to have the TA process more refined first
17:48:35 <hyakuhei_> Then tell them about the idea
17:48:39 <hyakuhei_> then TA bandit and Keystone
17:48:42 <elmiko> that makes way too much sense
17:48:46 <elmiko> ;)
17:48:49 <tkelsey> lol;
17:48:49 <hyakuhei_> use them as exemplars
17:48:54 <elmiko> definitely
17:48:58 <michaelxin> how can we help with TA process?
17:48:59 <hyakuhei_> and then push for adding it as a maturity metric
17:49:08 <tkelsey> hyakuhei_: s/bandit/Barbican/
17:49:09 <elmiko> and i think you mean s/bandit/anchor/ ?
17:49:13 <elmiko> ah
17:49:19 <tkelsey> or anchor :)
17:49:24 <hyakuhei_> s/bandit/barbican
17:49:29 <elmiko> thanks
17:49:32 <hyakuhei_> anchor wil lcome earlier
17:49:45 <hyakuhei_> and Barbican/Keystone will be more convincing for the TC
17:49:50 <elmiko> definitely
17:50:03 <elmiko> having keystone almost seems like a must in my book
17:50:03 <hyakuhei_> plus good tests of if the documentation/process we have created is consumable / applicable by developers
17:50:09 <hyakuhei_> elmiko: yarp
17:50:23 <elmiko> ok, 10mins left. 2 topics, can we move along?
17:50:35 <hyakuhei_> please do!
17:50:42 <elmiko> #topic syntribos
17:50:47 <elmiko> michaelxin: any updates?
17:50:59 <elmiko> i've seen lots of activity from gerrit =)
17:51:04 <michaelxin> mdong: will give some updates.
17:51:09 <elmiko> great!
17:51:25 <mdong> So one of the pieces of feedback we got at the midcycle was to get rid of OpenCafe as a requirement
17:51:40 <mdong> so that’s now in our plans
17:51:48 <elmiko> that seems like a wise move
17:52:12 <mdong> A few people have made CR’s, which is awesome! we definitely encourage more people to work on it
17:52:35 <michaelxin> I am working with another manager to get another resource work on this.
17:52:42 <elmiko> cool, +1
17:52:45 <michaelxin> hope it will happen next week.
17:52:54 <mdong> i’m still working on it, should be a few more CR’s coming this week
17:53:10 <elmiko> awesome, thanks for keeping it moving along =)
17:53:22 <michaelxin> thanks
17:53:24 <mdong> no problem =)
17:53:26 <ccneill> mdong: talked to Nathan yesterday, sounded like we could steal parts of CAFE if we actually need them, as long as we credit them somewhere
17:53:42 <mdong> oh sweet
17:53:47 <ccneill> but I think we can disentangle it for the most part
17:54:16 <mdong> but yeah that’s all I had for updates
17:54:28 <elmiko> ok, thanks mdong
17:54:34 <elmiko> #topic ossp outreach
17:54:41 <elmiko> tmcpeak: any news here?
17:54:51 <elmiko> or anyone else with events to report on =)
17:55:01 <tmcpeak> browne and I have a talk today in Sunnyvale!
17:55:05 <elmiko> ooh, neat!
17:55:14 <elmiko> hope it goes well =)
17:55:20 <tmcpeak> thank you
17:55:39 <michaelxin> We still have some limited number of stickers to give away, if you want them, send your address to me
17:56:13 <ccneill> I have a semi-related question.. how did Lyft and Uber find out about bandit? just curious
17:56:14 <elmiko> #info bug michaelxin if you want some ossp stickers
17:56:23 <ccneill> if we know
17:56:25 <elmiko> ccneill: great question
17:56:29 <tmcpeak> ccneill: yeah, good question
17:56:30 <tmcpeak> I have no idea
17:56:32 <elmiko> we might have to ask Ryan_Lane directly
17:56:33 <tmcpeak> I should ask him
17:57:01 <elmiko> i know from our internal discussions about bandit, that it has been getting views by the larger python/sec community
17:57:17 <ccneill> yeah because like.. when I did the presentation at the OpenStack Austin meetup a while back, I don't think I made any converts :(
17:57:24 <elmiko> aww =(
17:57:47 <ccneill> there was some interest in forcing OS projects to use it, but not so much on the actually helping part
17:57:52 <ccneill> lol
17:57:55 <michaelxin> Do we need to update the slides?
17:57:56 <elmiko> lol
17:58:06 <elmiko> michaelxin: good question
17:58:09 <tmcpeak> ccneill: everything helps!
17:58:09 <michaelxin> I do not remember any action items for slides.
17:58:20 <tmcpeak> michaelxin: update them how?
17:58:38 <elmiko> (fyi, approaching 1 minute left)
17:58:42 <ccneill> tmcpeak: yeah, at least it raised general awareness a bit hopefully
17:58:48 <michaelxin> I only barely remembered that we talked about upadting something
17:58:49 <mvaldes> more grumpy cat pics  ;)
17:58:54 <ccneill> mvaldes: +1
17:58:55 <tmcpeak> mvaldes: I'm all for that
17:58:58 <tmcpeak> let's see how it plays today
17:58:58 <elmiko> haha
17:59:04 <tmcpeak> we can update based on feedback from the presentation
17:59:09 <LukeH> did you guys know about the linux secure badge process.. not sure if interested...
17:59:10 <michaelxin> I will talk with some professors in UTSA
17:59:13 <LukeH> #link https://www.coreinfrastructure.org/programs/badge-program
17:59:19 <elmiko> #topic open discussion
17:59:21 <elmiko> last minute
17:59:32 <bknudson> #link https://bugs.launchpad.net/python-keystoneclient/+bug/1534284
17:59:34 <openstack> Launchpad bug 1534284 in python-keystoneclient "keystoneclient should not use etree XML parsing" [Undecided,New] - Assigned to Brant Knudson (blk-u)
17:59:34 <elmiko> LukeH: i have not seen that before, thanks
17:59:39 <bknudson> #link https://bugs.launchpad.net/python-keystoneclient/+bug/1534288
17:59:39 <tmcpeak> LukeH: we were discussing something like this, will check it out
17:59:39 <openstack> Launchpad bug 1534288 in python-keystoneclient "keystoneclient should not be using pickle" [Undecided,New] - Assigned to Brant Knudson (blk-u)
17:59:47 <bknudson> these bugs were opened when I updated bandit on keystoneclient
17:59:54 <LukeH> elmiko np, we are using it for the opnfv proj
17:59:58 <hyakuhei_> LukeH: interesting thanks
18:00:04 <tmcpeak> allright guys, looks like we're out of time
18:00:08 <tmcpeak> have a good week everybody!
18:00:09 <elmiko> bknudson: i'd be curious to talk about the pickle stuff
18:00:12 <elmiko> thanks eveyone
18:00:13 <michaelxin> bye
18:00:15 <elmiko> #endmeeting