#openstack-meeting-alt log

17:00:29 <elmiko> #startmeeting security
17:00:32 <openstack> Meeting started Thu May  5 17:00:29 2016 UTC and is due to finish in 60 minutes.  The chair is elmiko. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:35 <browne> o/
17:00:36 <openstack> The meeting name has been set to 'security'
17:00:40 <michaelxin> o/
17:00:42 <elmiko> #link https://etherpad.openstack.org/p/security-agenda
17:00:58 <elmiko> #link https://etherpad.openstack.org/p/security-agenda
17:01:00 <elmiko> hi
17:01:12 <tmcpeak> yo
17:01:18 <elmiko> no meeting?
17:01:27 <tmcpeak> why not?
17:01:42 <elmiko> no, i thought you had a conflict with *this* meeting
17:01:52 <tmcpeak> oh, yeah I dropped.  It sucked
17:01:55 <michaelxin> yes or no?
17:02:02 <elmiko> yes, this meeting is on!
17:02:02 <Daviey> meeting?
17:02:05 <michaelxin> haha
17:02:10 <tkelsey> hi all
17:02:13 <michaelxin> elmiko: you are the boss
17:02:21 <elmiko> let's fix that
17:02:23 <michaelxin> tkelsey: Why not summit this time?
17:02:24 <elmiko> #chair tmcpeak
17:02:25 <openstack> Current chairs: elmiko tmcpeak
17:02:35 <elmiko> #topic summit recap
17:02:40 <lhinds> hi all
17:02:48 <tmcpeak> hey lhinds
17:02:48 <tkelsey> michaelxin: couldn't make it this time :-(
17:02:54 <michaelxin> lhinds: hi
17:03:00 <tkelsey> missed all you folks :(
17:03:08 <michaelxin> tkelsey: we missed you
17:03:11 <elmiko> missed you too tkelsey !
17:03:19 <elmiko> bandit hackfest wasn't the same
17:03:29 <browne> true dat
17:03:29 <tmcpeak> virtual hugs tkelsey
17:03:33 <elmiko> so, quick summit recap
17:03:34 <tkelsey> haha, you mean no one decided to change-all0th-things
17:03:41 <elmiko> lol
17:04:13 <elmiko> we had some really nice sessions, got the kolla TA underway, had some bandit hacking, BYOK sessions, and even a sec-doc session!
17:04:25 <tmcpeak> +1
17:04:26 <tkelsey> nice :)
17:04:33 <michaelxin> did we do the TM on Friday?
17:04:42 <tmcpeak> michaelxin: yeah part of it
17:04:46 <elmiko> any highlights from summit that folks want to mention?
17:05:05 <tmcpeak> the threat modeling was interesting
17:05:10 <tmcpeak> curious about the perspective of others
17:05:19 <michaelxin> I did not find the room
17:05:20 <tmcpeak> working with a project like Kolla on our first rev is really useful
17:05:22 <elmiko> i missed that one
17:05:24 <nsun1> do we have a new PDF for sec doc?
17:05:26 <sicarie> I'd be interested if any kolla folk are here and what they thought
17:05:35 <sicarie> nsun1 - we do not
17:05:37 <elmiko> nsun1: no, not yet. we are still working on a solution
17:05:37 <michaelxin> sec docs is cool
17:05:52 <michaelxin> Good to know that people are really using our security notes
17:05:55 <sicarie> There is an issue building pdf's with the way we have RST guides set up. My understanding is there is no demand
17:05:56 <elmiko> +1
17:05:58 <tmcpeak> so one issue with threat modeling is we didn't get it done
17:06:02 <tmcpeak> we definitely need more time
17:06:13 <tmcpeak> I think we ended up with an hour and half to actually do the work and needed more
17:06:22 <elmiko> good note
17:06:26 <michaelxin> Schedule it on last day is not a good idea.
17:06:44 <elmiko> #info the kolla threat analysis/modeling could have used more time
17:06:44 <tmcpeak> I'd say we need at least 3 hours of actual work, once everybody is on board with threat modeling and knows why we're doing it
17:06:58 <sicarie> I have a few minor nits as well that I already sent to hyakuhei and dg__
17:07:08 <nsun1> where are the videos for sec sessions of Austin summit?
17:07:16 <sicarie> Centralizing the docs - especially diagrams - will help
17:07:35 <tmcpeak> yeah and having them ahead of time too
17:07:36 <sicarie> And having a well-described walkthrough and levelsetting script will also help
17:07:46 <tmcpeak> sicarie: +1
17:07:53 <elmiko> nsun1: we don't have them collected, but you should be able to find them here https://www.openstack.org/videos/
17:07:59 <tmcpeak> extra +1 for using the term "levelsetting"
17:08:22 <sicarie> We noticed that the kolla team was very willing to do each component, but once one was done they were not clear on where to go next
17:08:47 <sicarie> tmcpeak: just working on my 'thought leader' vocabulary
17:09:00 <Daviey> hah
17:09:00 <sicarie> one day i hope to be able to talk forever and say absolutely nothing
17:09:18 <elmiko> haha
17:09:20 <tmcpeak> Kolla is also a bit of a special case.  A lot of their solution is based on what we'd consider third party dependencies like containers, ansible, etc
17:09:40 <Daviey> well very little of it is native kolla aiui
17:09:52 <elmiko> tmcpeak: and kolla doesn't expose a service controller
17:10:08 <tmcpeak> right
17:10:15 <elmiko> it's very different from what i would imagine of most TAs in openstack
17:10:51 <elmiko> so, it sounds like we have *loads* of good ideas to add onto dg_'s TA review
17:10:56 <tmcpeak> with kolla we ended up modeling "deployment of a general service in a container" with Keystone I believe, and then documented "snowflakes" or places where the security model diverges from the simple case
17:11:42 <michaelxin> tmcpeak: is this captured somewhere like etherpad?
17:11:51 <tmcpeak> yeah the kolla etherpad, one sec
17:11:59 <elmiko> any other summit related topics to discuss, or should we roll into the regular agenda?
17:12:01 <tmcpeak> https://etherpad.openstack.org/p/kolla-newton-summit-threat-analysis
17:12:15 <elmiko> #link https://etherpad.openstack.org/p/kolla-newton-summit-threat-analysis
17:12:16 <tmcpeak> we are also full steam on getting projects involved with Bandit
17:12:19 <tmcpeak> but we can discuss during Bandit
17:12:25 <elmiko> ohyea, good point tmcpeak
17:12:28 <tmcpeak> thanks elmiko
17:12:34 <elmiko> #topic anchor
17:12:42 <elmiko> #link https://review.openstack.org/#/q/anchor+status:open,n,z
17:12:51 <michaelxin> We might want to schedule a meetup (lunch/dinner) for security.
17:12:55 <michaelxin> not on last day
17:13:02 <tmcpeak> michaelxin: yeah agreed
17:13:07 <elmiko> tkelsey: i think you are the only anchor rep here, anything to say?
17:13:11 <elmiko> michaelxin: +1
17:13:27 <tkelsey> dg_ is on his way
17:13:35 <elmiko> ooh nice, we'll swing back then
17:13:45 <tkelsey> 4mins away, can we postpone the achor section for a bit please
17:13:49 <elmiko> #topic bandit
17:13:52 <elmiko> #link https://review.openstack.org/#/q/bandit+status:open,n,z
17:13:59 <elmiko> tkelsey, tmcpeak, browne
17:14:02 <elmiko> what's up =)
17:14:05 <tmcpeak> so one of the things we really need to do is get projects involved
17:14:17 <tkelsey> so bandit gate has been added to castellan (or is about to be)
17:14:27 <tkelsey> I think thats all on my radar actually
17:14:29 <elmiko> added to python-openstackclient as well
17:14:34 <tkelsey> oh nice :)
17:14:36 <tmcpeak> at the summit a few of us took an individual project, ran Bandit with a suggested rule set, filed appropriate bugs, added appropriate nosecs, and then proposed the change to actually add the Bandit gate
17:14:39 <elmiko> and part of their pep8 gate
17:14:41 <browne> yep, i need to get back to bandit evangelism
17:14:53 <tmcpeak> this is a huge push for larger projects though
17:14:59 <tmcpeak> we were discussing a few options
17:15:01 <michaelxin> Will continue what's left
17:15:03 <sicarie> tkelsey: do you have a link for either merges?
17:15:11 <elmiko> tmcpeak: rather than adding nosec's for the initial though, i thought we should just use excluded tests?
17:15:11 <sicarie> castellan or python-openstackclient?
17:15:15 <tmcpeak> like exclude all failing tests initially in the gate
17:15:18 <tmcpeak> yeah
17:15:28 <elmiko> ack
17:15:29 <browne> sicarie:  the summit etherpad had a list of priority projects
17:15:31 <tmcpeak> elmiko: no, not nosec for that.  Adding nosec for places they should actually be used
17:15:38 <elmiko> ahh, gotcha
17:15:53 <tkelsey> sicarie: https://review.openstack.org/#/c/310917/
17:15:53 <sicarie> browne: thanks - any thought to making a blog post on "here's how you add bandit to your project"?
17:15:55 <tmcpeak> I did one for Kolla, there are a few places for things like jinja2 templating that I looked at the code and found it's not an issue, so added the proper nosec for them
17:15:56 <sicarie> thx
17:16:05 <elmiko> sicarie++
17:16:12 <tkelsey> sicarie: +1
17:16:14 <tmcpeak> yeah that's a good idea
17:16:20 <tmcpeak> I'm actually happy to write that
17:16:27 <browne> sicarie: we kinda talked about a template in that meeting.  but agree we need that
17:16:40 <elmiko> #action tmcpeak write blog post about adding bandit to your project
17:16:46 <tmcpeak> elmiko: +1
17:16:54 <browne> ha, good for the security blog
17:16:58 <elmiko> definitely
17:17:16 <elmiko> any other bandit stuff?
17:17:36 <tkelsey> nothing from me for the time being
17:17:36 <tmcpeak> think that's it
17:17:39 <elmiko> #topic syntribos
17:17:42 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/syntribos,n,z
17:17:49 <elmiko> mdong, michaelxin you're up!
17:18:16 <michaelxin> Our current focus is on improving existing security tests.
17:18:37 <michaelxin> mdong: and ccneil are leading the efforts.
17:19:06 <michaelxin> There are a couple of them finished with CRs
17:19:16 <michaelxin> Oh, please welcome vinaypotluri to the team
17:19:25 <michaelxin> he is from Intel
17:19:35 <tmcpeak> hi vinaypotluri, brief intro?
17:19:35 <vinaypotluri> thank you :)
17:19:36 <tkelsey> welcome vinaypotluri :)
17:19:42 <browne> welcome vinaypotluri
17:19:44 <michaelxin> Now, we have four people working on this project: two from Intel and two from Rackspace.
17:20:05 <elmiko> nice
17:20:25 <vinaypotluri> Im a new college grad started working with intel on openstack security.
17:20:36 <elmiko> cool, welcome =)
17:20:39 <vinaypotluri> I'm a  novice in security
17:20:46 <dg___> o/ sorry I'm late guys
17:20:54 <michaelxin> They just finished their training
17:21:04 <elmiko> dg___: no worries, we're gonna circle back around to anchor
17:21:05 <michaelxin> Started working on the project today
17:21:15 <tmcpeak> awesome
17:21:15 <michaelxin> mdong: ccneil: Anything else to add on?
17:21:53 <mdong> oh, rahulunair has been leading the efforts also to remove parts of opencafe from the project
17:22:16 <mdong> and ccneill has started writing unittests for syntribos
17:22:35 <elmiko> great, thanks
17:22:39 <elmiko> #topic anchor
17:22:42 <elmiko> #link https://review.openstack.org/#/q/anchor+status:open,n,z
17:22:47 <elmiko> dg___: you're up!
17:22:52 <dg___> Hey everybody
17:23:24 <dg___> so anchor, we had a talk on this in the PKI session at the summit, very positive sesh. I'll send out a summary to -dev at some point soon
17:23:45 <Daviey> +1
17:23:53 <dg___> tldr: we are aiming to integrate anchor into devstack and come up with a 'TLS by default' demo
17:24:06 <tmcpeak> that would be very cool
17:24:08 <Daviey> dg___: Have you tested my devstack plugin?
17:24:10 <elmiko> interesting
17:24:23 <dg___> this is building on the work Daviey did last year, which has been languishing in my queue for far too long
17:24:30 <dg___> Daviey - not yet
17:24:33 <Daviey> meh, only 8 months
17:24:33 <dg___> soon :)
17:24:37 <elmiko> lol
17:24:47 <Daviey> babies are cooked quicker than reviews happen
17:24:57 <tmcpeak> truth
17:25:13 <dg___> ok, so we suck, sorry
17:25:18 <dg___> will aim to do better in future
17:25:39 <dg___> however, thats not the way we really sucked today - a user internally mailed me saying 'the wiki page says this is frozen and it doesnt work'
17:26:00 <elmiko> whoa
17:26:05 <tmcpeak> lolwut
17:26:21 <dg___> I pushed through a patch to the config today to unbreak anchor, so the example in the readme works, stan is going to look at it soon to fix the issue
17:26:32 <dg___> but they have a point on the wiki, its very out of date
17:26:33 <tmcpeak> any idea on the cause?
17:26:51 <dg___> either a broken example or a broken validator
17:27:11 <dg___> anyway, anchor now works if you clone it from github, not sure on pypi
17:27:17 <dg___> and we'll fix the wiki soon
17:27:29 <dg___> i think thats all the anchor comedy for one week. todo: suck less
17:27:46 <elmiko> #action dg___ make anchor suck less
17:27:50 <elmiko> ;P
17:27:54 <dg___> ty
17:27:58 <elmiko> haha
17:28:07 <tmcpeak> unsuck it
17:28:12 <elmiko> #topic OSSN
17:28:18 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/security-doc,n,z
17:28:25 <tmcpeak> we had part of a session on this too
17:28:34 <elmiko> oh nice, quick recap?
17:28:55 <tmcpeak> there were a fair amount of participants that aren't involved in OSSP
17:29:09 <lhinds> Should I do rate limit update here, or during the docs topic?
17:29:10 <tmcpeak> discussion around how to make it into a more standard format so it can be consumed with certain industry standard tools
17:29:18 <tmcpeak> lhinds: update would be great
17:29:32 <lhinds> sure, will let you fin the recap :)
17:29:45 <elmiko> we had some cross over in the sec-doc session with ossns as well
17:29:52 <tmcpeak> I was hoping to get more insight into how people are currently using OSSN and how we can make them uses it more, but didn't get much from that
17:30:09 <tmcpeak> obviously the parseable thing would be cool but we aren't there and don't have enough bandwidth for it now
17:30:17 <elmiko> great idea from the doc session was to incorporate links to the notes into the guide
17:30:29 <tmcpeak> +1
17:30:42 <dg___> tmcpeak one of the things that came out of the docs session was we needed closer linkups to operators, to make sure they know the OSSNs exist
17:30:57 <lhinds> oh, btw #link https://github.com/OpenSCAP/scap-security-guide/tree/master/OpenStack/RHEL-OSP/7/input/oval
17:31:03 <tmcpeak> ahh cool, how should we make that happen?
17:31:09 <lhinds> you will recognize some of those
17:31:32 <michaelxin> ＋1
17:31:34 <dg___> good work lhinds
17:31:37 <elmiko> lhinds++
17:31:47 <dg___> tmcpeak tbd
17:32:07 <tmcpeak> lhinds this is legit
17:32:27 <lhinds> it scan then be run under the OpenSCAP tool
17:32:37 <elmiko> very cool
17:33:01 <lhinds> we do something like this in the opnfv under functional testing, it deploys the scanner, runs, pulls down a nice html report, and then cleans env
17:33:10 <lhinds> happy to share with anyone if its useful
17:33:29 <tmcpeak> yeah this looks very useful
17:33:34 <lhinds> also other dists can be covered, so its not eclusive RH stuff
17:33:42 <lhinds> s/eclusive/exclusive
17:34:02 <elmiko> nice, maybe worthy of a blog post?
17:34:12 <elmiko> would be great to raise visibility
17:34:16 <lhinds> yeah, sure..good idea
17:34:20 <tmcpeak> +1
17:34:34 <sicarie> +1
17:34:39 <lhinds> can I has hashtag actions ?
17:34:47 <michaelxin> ＋1
17:34:51 <lhinds> #action lhinds openscap blog
17:34:55 <elmiko> lhinds: if you haven't seen it, look at https://github.com/openstack-security/openstack-security.github.io
17:34:58 <lhinds> not sure if need chair
17:35:17 <lhinds> thanks elmiko , will clone
17:35:20 <elmiko> #action lhinds make post about openscap on security blog
17:35:22 <tmcpeak> #action lhinds openscap blog
17:35:27 <tmcpeak> lol, wonderful
17:35:28 <tmcpeak> all the actions
17:35:33 <lhinds> double action
17:35:36 <elmiko> hehe, not sure how many actions lhinds is signed up for now
17:35:47 <elmiko> lhinds: yea, just make a pr against that repo, we'll get to it
17:35:52 <lhinds> cool
17:36:03 <lhinds> rate limiting..
17:36:10 <elmiko> shoot
17:36:30 <lhinds> so I just wanted to check, the plan is to do the OSSN, but also a section in the security guide.
17:36:45 <elmiko> i want to say yes
17:36:51 <lhinds> I think it makes sense to push them at the same time, I can do this I expect over the weekend.
17:36:54 <sicarie> Rate limiting is missing from the scguide
17:37:04 <elmiko> and also a deep topic
17:37:09 <sicarie> It's so deployment-specific I have avoided it
17:37:14 <elmiko> yea
17:37:18 <sicarie> I don't know how to give good advice for a generalized approach
17:37:25 <elmiko> +1
17:37:30 <lhinds> I also researched it and with help of the rackers on openrepose, I got it to rate limit the token revocation attacks
17:37:31 <sicarie> but i would totally love someone with more knowledge than me taking that on
17:37:38 <tmcpeak> "you should always strive to limit the rates"
17:37:51 <sicarie> lhinds: awesome, I'd love to see a review on that!
17:37:53 <ccneill> so is the recommendation to use repose?
17:37:56 <lhinds> so I can put a guides for that particular weak point.
17:37:58 <ccneill> or are there other options
17:38:14 <elmiko> i would say, lets get the OSSN out, and not necessarily link to the sec-guide work. but we should try to get them out relatively close together
17:38:15 <ccneill> I think repose is great, but it can get pretty involved
17:38:28 <dg___> a section for the guide would be really good
17:38:32 <lhinds> I think it will need keystone core to look at it as well, it only blocks DELETE , not GET, POST etc.
17:38:33 <michaelxin> ccneill: repose might be a tough sell
17:38:41 <michaelxin> There are many other options
17:38:42 <ccneill> right. it being Java and all..
17:38:45 <elmiko> yea, i just don't want to see the OSSN get hung up waiting for the sec-guide part
17:38:51 <sicarie> +1
17:38:52 <lhinds> if they hit the api with more then x a minute, they get blocked for a minute
17:39:08 <lhinds> elmiko, I can have them both done early next week
17:39:09 <elmiko> the issues that are coming up now point to exactly why we should hash this out on the sec-guide review
17:39:14 <elmiko> lhinds: excellent!
17:39:30 <lhinds> I guess with reviews, it might two and fro a bit.
17:39:31 <tmcpeak> lhinds: great work on all this, thanks for taking it on
17:39:36 <lhinds> the other thing I wanted to check out...
17:40:04 <lhinds> should I provide guidance for all projects?....glance, neutron etc?
17:40:28 <lhinds> or only OSSN'ed stuff (the other was noVNC that I found?)
17:40:31 <elmiko> was the bug scoped to a single project?
17:40:39 <lhinds> elmiko, keystone
17:40:47 <elmiko> we should probably stick with that scoping, for now
17:40:56 <lhinds> but there is one on noVNC as well
17:41:24 <elmiko> hmm, if we can hit both with the same ossn i /think/ that is ok. but we should dbl check with hyakuhei
17:41:42 <elmiko> i'd say, go for both in the ossn, and we can fix in review
17:41:46 <elmiko> if necessary
17:41:56 <lhinds> sure, well I keep keep the guide section on keystone, and do a general overview and point them to the repose docs which are good.
17:42:06 <elmiko> +1
17:42:13 <lhinds> if demand is there, we can then expound further
17:42:25 <lhinds> ok..that's it
17:42:27 <elmiko> anything else on OSSNs?
17:42:45 <elmiko> #topic publicity
17:42:47 <elmiko> #link https://etherpad.openstack.org/p/security-raising-profile
17:42:53 <elmiko> tmcpeak: anything to discuss here?
17:42:59 <tmcpeak> nah, don't think so
17:43:03 <elmiko> that was easy
17:43:08 <tmcpeak> seems like there was a lot of good attendance at the summit
17:43:15 <elmiko> excellent!
17:43:16 <tmcpeak> people are interested at least in a cursory way
17:43:23 <elmiko> the publicity is working =)
17:43:31 <tmcpeak> getting commitment to contribute is different though
17:43:38 <elmiko> always ;)
17:43:48 <sicarie> I was toying with submitting something to http://events.linuxfoundation.org/events/linux-security-summit
17:44:03 <elmiko> nice
17:44:10 <tmcpeak> that'd be cool
17:44:32 <sicarie> however even if i did, I'd be unable to go
17:44:40 <tmcpeak> if Vancouver is above your pay grade, surely Toronto is too? ;)
17:44:58 <elmiko> doh
17:45:06 <dg___> sicarie submit it and see what happens
17:45:08 <sicarie> that hurts, tmcpeak :)
17:45:13 <tmcpeak> :P
17:45:48 <elmiko> speaking of hurt
17:45:50 <elmiko> #topic docs
17:45:57 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/security-doc,n,z
17:46:01 <tmcpeak> lol
17:46:04 <elmiko> so....
17:46:04 <tmcpeak> great transition elmiko
17:46:07 <sicarie> So we had a really good design sesh at Austin
17:46:12 <elmiko> +1
17:46:31 <sicarie> We added a doc core to help with reviews
17:46:36 <elmiko> woot!
17:46:42 <sicarie> SO we have 4 now that can do docs-specs review
17:46:46 <michaelxin> +1
17:46:47 <elmiko> i missed that part, who did we add?
17:46:52 <sicarie> Shilla Saebi
17:46:56 <elmiko> excellent!
17:46:59 <sicarie> I hope I spelled that right
17:47:21 <sicarie> Yep, she's very good
17:47:27 <elmiko> some great suggestions came out of that session too
17:47:34 <sicarie> +1
17:47:43 <elmiko> OSSN links into sec-guide
17:47:52 <elmiko> more concrete examples, when possible
17:47:54 <sicarie> One of the unfortunate aspects is that the last order of books (based off the pdf) was just a few in April of 2015
17:48:01 <elmiko> ouch
17:48:09 <sicarie> And with the knowledge that none of the other docs have a pdf
17:48:15 <sicarie> We decided to shelve that idea
17:48:20 <sicarie> Unless there's great demand
17:48:23 <elmiko> the pdf idea?
17:48:24 <sicarie> If there is, please let me know
17:48:26 <sicarie> yeah
17:48:30 <elmiko> ahh, too bad
17:48:35 <sicarie> Agreed
17:48:38 <elmiko> but understandable
17:48:41 <sicarie> I thought it was an asset, even if was versioned
17:48:49 <sicarie> The other thing is that I spoke with the Neutron docs lead
17:49:05 <sicarie> And Edgar is going to get a few reviews on the Neutron chapter, which is the one I was most concerned about
17:49:13 <elmiko> awesome
17:49:16 <sicarie> SO I'm going to start pinging him with annoying regularity next week :)
17:49:21 <elmiko> haha
17:49:29 <michaelxin> we should publish the guide as books and give them freely on next summit! :-)
17:49:38 <elmiko> that would be nuts!
17:49:42 <michaelxin> if we found sponsors
17:49:45 <michaelxin> :-(
17:49:47 <sicarie> michaelxin: we need a pdf version to be able to do that!
17:49:54 <elmiko> no no, nuts in a good way =)
17:50:03 <michaelxin> elmiko: haha
17:50:04 <sicarie> apparently the secguide was one of the best selling versions, but there's no demand for it anymore - probably due to the changes
17:50:05 <elmiko> ;)
17:50:27 <elmiko> yea, who knows how much demand there would be if we had the pipeline running again and could produce regular updagtes
17:50:38 <sicarie> that's all I have - I'll let elmiko wrap up docs
17:50:40 <sicarie> true
17:50:52 <elmiko> not much more from me, but making another pdf would be cool
17:51:02 <sicarie> agreed - i'd really like to :)
17:51:08 <elmiko> #topic blog
17:51:09 <elmiko> #link https://github.com/openstack-security/openstack-security.github.io
17:51:22 <elmiko> no hyakuhei, tmcpeak any updates?
17:51:35 <tmcpeak> seems like we've got a few new post ideas from this meeting
17:51:38 <tmcpeak> but otherwise no
17:51:54 <elmiko> yup, good that it keeps chugging away =)
17:52:03 <elmiko> #topic threat analysis
17:52:13 <elmiko> i know we talked about this earlier, are there any links we should add?
17:52:32 <dg___> sorry I missed the earlier discussion, did you catch the links to the TA blog posts?
17:52:43 <dg___> Anchor TA and TA Process?
17:52:54 <elmiko> i don't think so, post again
17:53:09 <elmiko> we can never get enough of these links ;)
17:53:17 <dg___> #link http://openstack-security.github.io/collaboration/2016/04/26/threat-analysis-process.html
17:53:18 <tmcpeak> +1 - love links
17:53:36 <dg___> #link http://openstack-security.github.io/threatanalysis/2016/02/07/anchorTA.html
17:53:57 <elmiko> dg___++
17:54:19 <elmiko> leaves us 5min to spare for AOB
17:54:21 <elmiko> #topic AOB
17:54:25 <dave-mcc_> On OSSNs, the last patch set on 0063 needs some reviews please: https://review.openstack.org/#/c/267800/
17:54:53 <tmcpeak> cool, will check it out
17:55:27 <tmcpeak> maybe a wrap?
17:55:35 <browne> what about midcycle?
17:55:38 <tmcpeak> oooh
17:55:41 <tmcpeak> good point
17:55:53 <tmcpeak> do we have any host volunteers?
17:56:16 <elmiko> i don't think my house is big enough =(
17:56:22 <ccneill> I've got a van down by the river...
17:56:25 <elmiko> haha
17:56:26 <ccneill> :P
17:56:27 <dg___> michaelxin and rob talked about hosting it in Austin
17:56:28 <tmcpeak> I dunno, the basement looked pretty spacious elmiko
17:56:42 <elmiko> tmcpeak: all smoke and mirrors, i assure you ;)
17:56:43 <browne> vmware would be willing to host in Palo Alto, i believe.
17:56:45 <michaelxin> we talked about hosting it again in the castle
17:56:55 <michaelxin> Rob wanted to host it in UK
17:56:57 <browne> what part of the world works best?
17:57:02 <michaelxin> how many people will go to UK?
17:57:02 <dg___> happy to host in bristol/cheltenham, uk
17:57:07 <elmiko> dg___: +1
17:57:24 <dg___> as much as Rob and I would love to host in the UK, I suspect it would be a lonely meeting
17:57:25 <tmcpeak> maybe we ought to wait for hyakuhei before we get too far on midcycle
17:57:37 <elmiko> dg___: more time we could spend at the pub ;)
17:57:44 <michaelxin> We would like to host it in the castle
17:57:45 <elmiko> tmcpeak: +1 good thought
17:57:53 <dg___> so we are happy to host in UK if there are enough people who can come, but we are assuming that fundamentally it will need to be in the US
17:58:01 <michaelxin> if you all are ok with coming to here in Aug or Sept
17:58:02 <ccneill> hmm.. idea
17:58:07 <elmiko> #info rackspace and vmware both willing to host, we should discuss again with hyakuhei
17:58:07 <dg___> michaelxin is that san diego?
17:58:13 <ccneill> what if we do it in Castle, but maybe the UK folks can come to the Rackspace London office?
17:58:27 <michaelxin> dg___: It is san Antonio!
17:58:29 <ccneill> not sure how that would work, but to try to make it easy on everyone as possible
17:58:32 <browne> rackspace has telepresence?
17:58:33 <michaelxin> The heart of texas
17:58:34 <dg___> potentially, although we would rather go to rackspace austin offices
17:58:34 <dave-mcc_> i liked co-locating with barbican last time.  maybe look for another project to co-locate with this cycle?  keystone?
17:58:49 <michaelxin> +1
17:58:51 <elmiko> dave-mcc_: +1
17:58:52 <dg___> +1
17:58:52 <browne> dave-mcc_:  that would be cool
17:59:04 <elmiko> 1 min left...
17:59:18 <tmcpeak> allright
17:59:22 <dg___> lets wrap? thanks everybody, especially people joining us for the first time
17:59:25 <tmcpeak> +1
17:59:27 <elmiko> thanks all!
17:59:28 <tmcpeak> thanks elmiko!
17:59:30 <michaelxin> thanks
17:59:31 <elmiko> #endmeeting