#openstack-meeting-alt log

17:00:06 <elmiko> #startmeeting security
17:00:07 <openstack> Meeting started Thu May 26 17:00:06 2016 UTC and is due to finish in 60 minutes.  The chair is elmiko. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:09 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:12 <elmiko> hi
17:00:12 <openstack> The meeting name has been set to 'security'
17:00:15 <tkelsey> o/
17:00:20 <elmiko> #link https://etherpad.openstack.org/p/security-agenda
17:00:26 <tkelsey> hows it going elmiko
17:00:27 <ccneill> o/
17:00:32 <tmcpeak> o/
17:00:33 <elmiko> not bad, how you been tkelsey ?
17:00:45 <tkelsey> yeah not too bad thanks
17:00:50 <elmiko> cheers =)
17:00:54 <rhallisey> hello
17:01:11 <michaelxin> o/
17:01:23 <tkelsey> hello rhallisey
17:01:28 <lhinds> hi *
17:01:31 <elmiko> i'll give folks a minute or two to filte rin
17:02:12 <elmiko> ok, let's roll!
17:02:16 <elmiko> #topic Anchor
17:02:18 <elmiko> #link https://review.openstack.org/#/q/anchor+status:open,n,z
17:02:31 <mdong> o/
17:02:35 <elmiko> tkelsey, anything here?
17:02:38 <diazjf> o/
17:02:43 * elmiko doesn't see dg_
17:02:57 <tkelsey> link should be https://review.openstack.org/#/q/openstack/anchor+status:open,n,z I think
17:03:13 <elmiko> thanks, i'll updte
17:03:16 <elmiko> #undo
17:03:17 <openstack> Removing item from minutes: <ircmeeting.items.Link object at 0xb3bb950>
17:03:20 <tkelsey> elmiko: nothing on my radar. I'll poke dg_
17:03:21 <elmiko> #link https://review.openstack.org/#/q/openstack/anchor+status:open,n,z
17:03:57 <elmiko> thanks
17:04:05 <ccneill> lol I like that the openstack bot returns the memory address for the link
17:04:13 <ccneill> ohh python
17:04:16 <elmiko> heh, yea, pretty cute
17:04:17 <tkelsey> ROFL
17:04:27 <browne> o/
17:04:30 <tkelsey> someone needs to add a str() :P
17:04:36 <elmiko> ;)
17:04:50 <michaelxin> gee
17:05:03 <elmiko> we'll circle back to anchor when dg is available
17:05:06 <elmiko> #Bandit
17:05:07 <tkelsey> cool
17:05:14 <elmiko> #link https://review.openstack.org/#/q/bandit+status:open,n,z
17:05:23 <tkelsey> so, same again here really, kinda quiet
17:05:26 <elmiko> tkelsey, tmcpeak what's up?
17:05:28 <elmiko> hehe
17:05:32 <elmiko> easy week ;)
17:05:42 <tkelsey> also link is https://review.openstack.org/#/q/openstack/bandit+status:open,n,z :P
17:05:52 <elmiko> man... wtf is with these links...
17:05:55 <elmiko> #undo
17:05:56 <openstack> Removing item from minutes: <ircmeeting.items.Link object at 0xb023350>
17:06:02 <elmiko> #link https://review.openstack.org/#/q/openstack/bandit+status:open,n,z
17:06:03 <michaelxin> before long weekend
17:06:03 <tkelsey> at least in my browser lol
17:06:25 <tkelsey> heh michaelxin yeah :) guess so
17:06:28 <elmiko> i'm just pulling these from the agenda page
17:06:29 <tmcpeak> sorry alls, away
17:06:44 <tkelsey> later tmcpeak
17:06:45 <elmiko> no worries
17:06:51 <elmiko> #topic Syntribos
17:06:58 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/syntribos,n,z
17:06:59 <michaelxin> tmcpeak: bye
17:07:05 <elmiko> mdong, michaelxin, ccneill what's up?
17:07:22 <ccneill> still testing against mvaldes' vulnerable API
17:07:24 <elmiko> (and hopefully that link is correct)
17:07:35 <michaelxin> ccneill: mdong: rahul vinay
17:07:40 <tkelsey> link LGTM ;)
17:07:53 <mdong> we’ve made a first pass taking a deep dive on each of our existing tests
17:08:06 <mdong> in general, they’re a lot less noisy now
17:08:15 <ccneill> we have a design meeting tomorrow where we're planning to discuss 1) our lessons learned from testing the vulnerable API, and 2) our plan for removing OpenCAFE
17:08:27 <ccneill> https://etherpad.openstack.org/p/syntribos-design
17:08:29 <ccneill> er
17:08:31 <ccneill> #link https://etherpad.openstack.org/p/syntribos-design
17:08:33 <ccneill> :P
17:08:41 <ccneill> if anyone wants to keep up with topics that we're thinking about
17:09:18 <ccneill> we're basically trying to get a baseline to see if our most basic tests are useful, and we'll try to collect some good data to get an idea of how effective we are at this point
17:09:39 <elmiko> cool, sounds good
17:09:44 <ccneill> and then we have some ideas for how to get fewer false positives, make test writing easier, etc. so that we can come up with some more exotic tests
17:09:51 <ccneill> and we'll compare
17:09:53 <michaelxin> ccneill: Would you please share the link for our weekly meeting?
17:10:07 <ccneill> sure, sec
17:10:14 <mdong> #link https://etherpad.openstack.org/p/syntribos-planning
17:10:25 <ccneill> boom, mdong beat me to it
17:10:59 <browne> does syntribos have separate meetings?
17:11:10 <ccneill> one other thing, I wrote a little script yesterday to generate weekly "status reports" from OpenStack projects
17:11:12 <ccneill> https://github.com/cneill/OS-PPP
17:11:14 <ccneill> :D
17:11:25 <elmiko> nice
17:11:40 <mdong> we have our own internal meetings, but Charles updates the minutes from those on that etherpad
17:11:56 <ccneill> yeah, since we're working with the Intel folks in OSIC, we need a public place to put our docs
17:11:58 <elmiko> ccneill: your beard is much less epic in your github profile pic ;)
17:12:00 <michaelxin> browne: Yes.
17:12:07 <ccneill> so pretty much everything is in the open
17:12:22 <ccneill> haha elmiko I definitely need a better picture in my Github profile..
17:12:34 <elmiko> you look so.... respectable ;P
17:12:46 <ccneill> haha
17:12:51 <michaelxin> elmiko: +1
17:12:52 <ccneill> wouldn't want anyone getting THAT idea, now would we
17:12:56 <elmiko> haha
17:13:02 <elmiko> definitely not
17:13:18 <elmiko> ok, sorry for the diversion
17:13:19 <ccneill> I think that's it for syntribos. hopefully we'll have some stats for the next OSSP meeting
17:13:25 <elmiko> great!
17:13:36 <elmiko> #topic OSSN
17:13:39 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/security-doc,n,z
17:13:49 <elmiko> hmm, no nkinder around
17:14:00 <elmiko> anyone have comments on the OSSN status?
17:14:07 <elmiko> i know we have one in flight (0065?)
17:14:18 <lhinds> need moar reviews :)
17:14:19 <elmiko> er 0063 sorry
17:14:27 <michaelxin> I will send code review for mine this week.
17:14:30 <michaelxin> Sorry for the delay.
17:14:33 <elmiko> #link https://review.openstack.org/#/c/267800/
17:14:38 <elmiko> #info needs more reviews
17:14:45 <elmiko> #undo
17:14:46 <openstack> Removing item from minutes: <ircmeeting.items.Info object at 0xb50eb50>
17:14:50 <lhinds> seriously, if someone take a peek at rate-limting (0068) would be nice
17:14:57 <elmiko> #info OSSN-0063 needs more reviews
17:15:06 <elmiko> #info OSSN-0068 needs more reviews
17:15:10 <elmiko> thanks lhinds
17:15:44 <elmiko> lhinds: got a link for that review, i'm not seeing it in my gerrit folder
17:16:00 <lhinds> just a sec..
17:16:47 <lhinds> #link https://review.openstack.org/#/c/313896/
17:16:53 <elmiko> awesome, thanks!
17:17:06 <tmcpeak> ok back
17:17:10 <tmcpeak> you guys get this security stuff sorted out?
17:17:10 <elmiko> wb =)
17:17:16 <elmiko> we're working on it ;)
17:17:29 <tmcpeak> awesome, Rob would be so proud
17:17:33 <elmiko> \o/
17:17:43 <elmiko> anything else for OSSN?
17:18:13 <elmiko> #topic Midcycle
17:18:26 <elmiko> #link https://etherpad.openstack.org/p/barbican-security-midcycle-N
17:18:39 <elmiko> this topic may be kinda light with hyakuhei around
17:18:49 <tmcpeak> well our attendance looks light
17:18:58 <elmiko> any comments about the dual barbican-ossp midcycle?
17:18:59 <tmcpeak> where's the cool security peoplee at?
17:19:02 <diazjf> elmiko, still working on getting rooms IBM@Austin. seems unlikely
17:19:04 <tmcpeak> we have a grand total of 6
17:19:13 <tmcpeak> diazjf: unlikely?
17:19:17 <elmiko> diazjf: that's a bummer =(
17:19:19 <michaelxin> diazjf: oh, why?
17:19:35 <elmiko> tmcpeak: sadly, it's very unlikely i can attend
17:19:48 <michaelxin> elmiko: nooooooooooooo
17:19:49 <tmcpeak> unacceptable
17:19:55 <diazjf> tmcpeak, Yeah my team doesn't have a good budget :(. I'm still trying to figure some things out, maybe we can host it at Rackspace@Austin
17:19:55 <elmiko> i know, i know...
17:20:18 <browne> i think i won't be able to make this one.  had a vacay planned for that week
17:20:40 <tmcpeak> noooo
17:20:42 <tmcpeak> we're falling apart
17:20:49 <tmcpeak> bknudson is probably out too :(
17:20:57 <diazjf> :(
17:21:01 <michaelxin> Rackspace @Austin might be challenging
17:21:03 <ccneill> the band is breaking up :(
17:21:14 <ccneill> soon we'll all be releasing solo albums
17:21:14 <elmiko> ouch
17:21:16 <ccneill> :P
17:21:17 <elmiko> lol
17:21:24 <michaelxin> due to limit of conference rooms
17:21:44 <ccneill> michaelxin: we might be able to get the rally room
17:21:45 <michaelxin> if we want to do it together with Barbican team.
17:21:52 <tmcpeak> it's going to be Rob, the Rax guys, and me in a conference room in Houston or something lol
17:22:01 <ccneill> michaelxin: but that's pretty much the only room we could realistically use for a pretty big meeting
17:22:18 <diazjf> Yeah I'm hoping I can book a room and say everyone has a gluten allergy so we don't have to get catering lol
17:22:18 <michaelxin> Swift team is also wanting to do their mid-cycle
17:22:32 <elmiko> diazjf: haha
17:22:45 <michaelxin> They might want do it in the castle.
17:23:00 <elmiko> midcycle on rainey street?
17:23:05 <elmiko> just a thought
17:23:06 <ccneill> ^ +100
17:23:13 <michaelxin> ccneill: We need to check it.
17:23:18 <diazjf> michaelxin, yeah the castle seems like the most realistic scenario…
17:23:34 <michaelxin> diazjf: yes.
17:23:44 <tmcpeak> let's book out that moonshine place for the week
17:23:50 <elmiko> haha, sweet!
17:23:52 <ccneill> ^ also +100
17:24:06 <michaelxin> diazjf: Are you sure that you guys will not do it?
17:24:26 <michaelxin> If yes, I need to follow up with my leaders to talk about budgests.
17:24:37 <ccneill> do we have a lot of folks who would have to drive to SA from Austin/elsewhere? or is everyone pretty much flying?
17:24:37 <diazjf> michaelxin not 100% sure, but we are having problems with funding. I need to talk to some other teams to help out like bluebox, etc.
17:25:04 <michaelxin> Can you let me know the decision asap
17:25:07 <tmcpeak> diazjf: talk with Rob, he can usually make it rain
17:25:07 <ccneill> I don't mind making the drive, but I don't know where we have greater critical mass
17:25:39 <michaelxin> tmcpeak: haha
17:25:41 <michaelxin> good one
17:25:56 <diazjf> tmcpeak, michaelxin, lets talk next week. I can try and get you an answer by then
17:26:06 <michaelxin> diazjf: cool
17:26:15 <michaelxin> diazjf: Thanks for working on this.
17:26:19 <michaelxin> I know it is not easy.
17:26:26 <tmcpeak> cool
17:26:30 <diazjf> we may have to do it at my apartment lol
17:26:37 <elmiko> ha!
17:26:43 <diazjf> hope you guys arn't allergic to dogs
17:26:46 <michaelxin> SWIFT/Barbican/Security mid-cycle?
17:26:52 <michaelxin> it will be awesome
17:26:56 <elmiko> <3 dogs
17:26:59 <tmcpeak> midsummit
17:27:00 <tmcpeak> lol
17:27:19 <elmiko> well, the good news is that this should all go away next year with the new schedule
17:27:21 <michaelxin> I want to do it in UK
17:27:22 <ccneill> if only they had bars that were just covered in whiteboards and ethernet jacks
17:27:39 <elmiko> for any who haven't seen it, https://www.openstack.org/blog/2016/05/faq-evolving-the-openstack-design-summit/
17:28:22 <michaelxin> the rumors become truth
17:28:52 <elmiko> ok, anything else about the midcycle?
17:29:13 <michaelxin> elmiko: you must come
17:29:15 <michaelxin> :-)
17:29:34 <elmiko> =)
17:29:40 <elmiko> #topic Publicity
17:29:43 <elmiko> #link https://etherpad.openstack.org/p/security-raising-profile
17:29:49 <elmiko> tmcpeak: anything to discuss here?
17:29:53 <tmcpeak> nopes
17:29:58 <tmcpeak> I've been a bad pitchman lately
17:30:13 <elmiko> anyone else have news about conferences or talks they are giving related to OSSP?
17:30:24 <elmiko> bad pitchman, no donut!
17:31:13 <Daviey> Maybe OT, but what about the mid-cycle?  Any news?
17:31:26 <elmiko> no worries, we just talked about midcycle
17:31:52 <elmiko> plans are forming around an austin/san antonio midcycle
17:32:00 <Daviey> splendid.. dates?
17:32:05 <elmiko> we are still trying to arrange the space, and preferably would be done with barbican
17:32:14 <elmiko> https://etherpad.openstack.org/p/barbican-security-midcycle-N
17:32:22 <Daviey> Ta
17:32:26 <elmiko> all info is ther =)
17:32:46 <elmiko> #topic Docs
17:32:54 <elmiko> #link https://review.openstack.org/#/q/status:open+project:openstack/security-doc,n,z
17:33:03 <elmiko> hmm, don't see sicarie
17:33:14 <elmiko> it's been very slow on the docs front, from my perspective
17:33:22 <elmiko> nothing much to report for the last week
17:33:50 <elmiko> #topic Blog
17:33:54 <elmiko> #link https://github.com/openstack-security/openstack-security.github.io
17:34:05 <elmiko> tmcpeak, anything of note here?
17:34:14 <tmcpeak> nopes
17:34:15 <elmiko> i know we've had a few more articles go up, which is nice
17:35:14 <tmcpeak> yeah, good traction over there
17:35:19 <elmiko> #topic Threat Analysis
17:35:33 <elmiko> i saw this on the ml,
17:35:36 <elmiko> #link http://lists.openstack.org/pipermail/openstack-dev/2016-May/095796.html
17:35:49 <elmiko> sounds like we need to help finish the job that was startd at summit
17:36:00 <elmiko> sadly, both Rob and Doug aren't in at the moment
17:36:21 <Daviey> FWIW, i've recently been playing with kolla
17:36:39 <gmurphy_> and?
17:36:40 <elmiko> nice, good project, friendly team
17:36:47 <Daviey> it is actually pretty awesome. :)
17:36:59 <Daviey> I hope to write some notes up.
17:37:17 <elmiko> anyone else here who was involved with the TA at summit?
17:38:11 <elmiko> ok, not much to yet then
17:38:20 <elmiko> s/to yet/to do yet/
17:38:25 <elmiko> #topic AOB
17:38:35 <elmiko> anything else to discuss?
17:38:48 <browne> i had a topic
17:39:17 <browne> seems ubuntu 14.04's python is 2.7.6 which doesn't support TLS 1.1/1.2
17:39:32 <ccneill> forgot to mention, thanks for the CR on syntribos yesterday browne :) it was a good catch
17:39:43 <elmiko> browne: that's really weird
17:39:46 <browne> yet, all of openstack's CIs use it and believe its still recommended
17:40:02 <ccneill> browne: I think I've run into that on my local linux box.. it's a real pain in the butt
17:40:07 <browne> yeah, ubuntu has no patch for it either.  you have to upgrade to 16.04
17:40:18 <elmiko> hmm, is thera an action we can take to inform the communnity or something?
17:40:40 <browne> but matters for openstack since most shops to comply with PCI-DSS are locking down servers to 1.1/1.2
17:41:09 <elmiko> do we need to reach out to infra about changing the image on CI to 16.04?
17:41:11 <browne> Active Directory/LDAP being one.  so keystone gets affected.  and any other service that needs to talk with newer TLS
17:41:30 <elmiko> or maybe talk with vmt about this?
17:41:31 <browne> elmiko: i think so
17:41:55 <elmiko> browne: do you want to bring it up on ML?
17:41:57 <browne> i'm not really sure where to go.  just want to get the awareness out.  maybe ML
17:42:06 <browne> ok will do
17:42:10 <elmiko> awesome!
17:42:33 <elmiko> #action browne send email to ML about python 2.7.6 in ubuntu 14.04 and lack of TLS 1.1/1.2 support
17:42:49 <elmiko> thanks browne
17:43:06 <elmiko> anything else?
17:43:08 <browne> np
17:43:23 <tmcpeak> thanks elmiko!
17:43:30 <ccneill> I'm just gonna +1 renting out Moonshine again ;)
17:43:35 <tmcpeak> lol
17:43:35 <elmiko> haha
17:43:37 <elmiko> nice
17:43:38 <michaelxin> thanks
17:43:54 <elmiko> i propose we take back 15 minutes of the day, unless someone objects?
17:43:58 <tmcpeak> +1
17:44:06 <ccneill> +1
17:44:12 <Daviey> +2
17:44:14 <elmiko> SOLD!
17:44:20 <ccneill> MERGED
17:44:21 <elmiko> thanks everybody
17:44:24 <tmcpeak> thanks!
17:44:24 <elmiko> #endmeeting