17:00:04 <tmcpeak> #startmeeting security
17:00:05 <openstack> Meeting started Thu Jun 16 17:00:04 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:08 <tmcpeak> #chair hyakuhei
17:00:08 <hyakuhei> o/
17:00:08 <openstack> The meeting name has been set to 'security'
17:00:09 <openstack> Current chairs: hyakuhei tmcpeak
17:00:17 <hyakuhei> #link https://etherpad.openstack.org/p/security-agenda
17:00:32 <hyakuhei> tmcpeak: I’m 3 hours into a 7 hour meeting …
17:00:34 <hyakuhei> :’(
17:00:41 <hyakuhei> I’m on my second headset already!
17:00:58 <dg___> hyakuhei livingthedream
17:00:59 <tmcpeak> hyakuhei: epic
17:01:06 <hyakuhei> I know rite!
17:01:19 <tmcpeak> did the other headset give up on life?
17:01:40 <tkelsey> o/
17:01:55 * mhayden stumbles in
17:02:15 <tmcpeak> ooh mhayden
17:02:19 <tmcpeak> welcomes
17:02:39 <hyakuhei> oooh, special guest star!
17:02:51 <mhayden> haha, i'm trying to get these back on my cal again
17:03:07 <hyakuhei> Awesome!
17:04:03 <hyakuhei> #link https://etherpad.openstack.org/p/security-agenda
17:04:06 <hyakuhei> Agenda ^
17:04:07 <woodster_> o/
17:04:12 <hyakuhei> hey woodster_
17:04:15 <mdong> o/
17:04:26 <panatl> o/
17:04:32 <tmcpeak> all I suggest we stop regularly covering Bandit and Anchor since they are mostly stable now
17:04:44 <dg___> +1
17:04:55 <woodster_> hyakuhei: hello!
17:05:09 <hyakuhei> tmcpeak: +1
17:05:20 <hyakuhei> Although there was an interesting bug logged a few days back with Anchor
17:05:30 <tmcpeak> we can still cover ad hoc I think
17:05:31 <hyakuhei> Basically it’s more RFC complient than the internet :)
17:05:50 <dg___> rofl
17:06:21 <hyakuhei> Any objections to removing Anchor/Bandit from the Standing agenda? (move to AOB)
17:06:27 <dg___> +!
17:06:30 <dg___> wait +1
17:06:32 <tmcpeak> +1
17:06:59 <hyakuhei> So that’s -1 objections? :P
17:07:16 <tmcpeak> ship it
17:07:18 <dg___> just move it already
17:07:23 <hyakuhei> Done
17:07:36 <mhayden> so you're saying you want to "drop anchor" ?
17:07:41 <mhayden> (sorry, couldn't help myself)
17:07:46 <hyakuhei> wahey!
17:07:59 <hyakuhei> Sailing close to the wind with punns eh?
17:08:06 <tmcpeak> badum dum
17:08:12 <hyakuhei> ok, we should probably do some OSSP things…
17:08:19 <hyakuhei> #topic Syntribos
17:08:25 <hyakuhei> mdong: michaelxin et al?
17:08:44 <mdong> cool, michaelxin is out on vacation this weel
17:08:52 <hyakuhei> Outrageous!
17:08:55 <mdong> I know.
17:09:00 <tmcpeak> lol
17:09:26 <mdong> We’ve been having lots of design sessions this week to talk through some of the assumptions about how our tests are written
17:09:50 <mdong> we’ve been taking notes on etherpad here
17:09:52 <mdong> #link https://etherpad.openstack.org/p/syntribos-planning
17:10:28 <mdong> we’re also planning on syncing up with the OpenCAFE developers on our end to finally start moving off of OpenCAFE
17:10:50 <mdong> now that the contact we need is back from his paternity leave
17:11:52 <mdong> we’re also taking another pass at the reporting fucntion of the tool
17:12:12 <mdong> that’s all I got on Syntribos
17:12:49 <tmcpeak> awesome
17:13:32 <tmcpeak> #topic OSSN
17:13:45 <tmcpeak> anything new here?
17:13:58 <hyakuhei> I don’t feel that OSSN have had enough attention recently which is a shame because we know people are using them
17:14:03 <tmcpeak> +1
17:14:20 <hyakuhei> I’m as guilty as anyone else for not giving them the required attention.
17:14:36 <hyakuhei> Any ideas on how we can improve that? Maybe a virtual sprint or something ?
17:14:38 <tmcpeak> same, I've been swamped
17:14:52 <hyakuhei> Jump on a hangout etc or something, bascialy we just agree to carve out a few hours one day?
17:15:16 <tmcpeak> sounds like the best option
17:15:42 <hyakuhei> ok, lets try to do something in the next week?
17:15:50 <hyakuhei> Lets add something to the agenda to record it
17:16:00 <tmcpeak> I'll be on vacation starting tomorrow
17:16:09 <tmcpeak> I'm happy to participate but can't this week or next
17:16:43 <hyakuhei> lol, i see...
17:17:07 <tmcpeak> if you guys want to solve this OSSN thing while I chill on the beach that works for me though
17:17:21 <hyakuhei> No worries
17:18:13 <hyakuhei> Righto, added something to the agenda to record people who want to help
17:19:08 <hyakuhei> Next topic I guess?
17:19:11 <tmcpeak> yeps
17:19:36 <hyakuhei> #topic Midcycle
17:19:44 <hyakuhei> #link https://etherpad.openstack.org/p/barbican-security-midcycle-N
17:20:01 <tmcpeak> attendance looks pretty low
17:20:08 <hyakuhei> So it’s a nice small group, nothing wrong with that we can potentially get lots done. The first mid-cycle wasn’t far off this size.
17:20:14 <tmcpeak> 8 listed, 3 marked as tentative
17:20:18 <hyakuhei> We’ll be able to help Barbican more :)
17:20:23 <redrobot> \o/
17:20:32 <dg___> :D
17:20:53 <hyakuhei> It would be nice to have more people there
17:21:16 <woodster_> :)
17:21:19 <tmcpeak> also we need to figure out which days are security and which are Barbican
17:21:26 <hyakuhei> Yup
17:21:27 <tmcpeak> realistically I won't be able to attend the entire week
17:21:38 <redrobot> I don't think we have a preference.  Whatever works for you guys.
17:21:45 <hyakuhei> Traditionally redrobot and I arm wrestle at the start which is why Security always comes second
17:21:46 * redrobot wonders if diazjf is here?
17:21:58 * redrobot lifts
17:22:09 <hyakuhei> lol
17:22:20 <redrobot> I guess Fernando isn't around
17:22:22 <hyakuhei> So last I heard we had a big room at IBM Austin
17:22:32 <tmcpeak> have we agreed on any of the tentative parts of this?
17:22:35 <tmcpeak> dates and location
17:22:35 <hyakuhei> I’ll attempt to get funding for feeding people
17:22:58 <redrobot> Yeah, I missed the Barbican meeting this week, but he said he's pretty sure it's going to happen at IBM... I think we're still tentative on the dates?
17:23:17 <hyakuhei> That might be right, I’m still catching up after vacation
17:23:32 <redrobot> I can shoot him an email to touch base
17:23:46 <redrobot> I think I'd like to have a 2nd room if possible
17:24:03 <redrobot> not that I wouldn't enjoy sharing a room with you lovely folks
17:24:05 <hyakuhei> I think this a big partionable one but yeah
17:24:17 <redrobot> :-O  ... partitions would work too
17:24:59 <dg___> can we confirm those dates, so I can look at getting funding for HP people to travel?
17:25:15 <tmcpeak> yeah confirm would be good
17:25:19 <tmcpeak> and figure out split
17:25:23 <tmcpeak> like security Weds-Friday?
17:25:27 <tmcpeak> Barbican Monday-Weds?
17:25:29 <tmcpeak> i dunno
17:25:33 <dg___> lgtm
17:25:38 <redrobot> tmcpeak sounds good to me
17:26:14 <tmcpeak> ok cool, so we for sure have the room then?
17:26:17 <hyakuhei> Single day overlap works well
17:26:22 <tmcpeak> and we for sure have these dates?
17:26:57 <tmcpeak> allright now we're getting somewhere, everybody ask for the moneys :)
17:27:10 <hyakuhei> Excellent
17:27:54 <tmcpeak> allright
17:27:59 <tmcpeak> anything else for midcycle?
17:28:03 <tmcpeak> think we can skip publicity too
17:28:10 <hyakuhei> Yup
17:28:14 <hyakuhei> +1 skip
17:28:15 <tmcpeak> docs might be another thing to put on AOB
17:28:20 <tmcpeak> there hasn't been any updates there for a while
17:28:21 <tmcpeak> oh
17:28:27 <tmcpeak> but we do need to discuss strategy for maintaining them
17:28:34 <hyakuhei> elmiko isn’t here
17:28:34 <tmcpeak> hyakuhei this came up last week
17:28:42 <tmcpeak> #topic Docs
17:28:42 <hyakuhei> sicarie etc?
17:28:51 <tmcpeak> sicarie: can you summarize the issues you're having maintaining stuff?
17:29:20 <sicarie> Not enough in-depth knowledge of individual services
17:29:46 <sicarie> We had a compliance addition hit this morning - that's good info
17:30:09 <sicarie> but maintaining info after a section is added is really where we're hitting a wall
17:30:16 <hyakuhei> Difficult, back in the first iteration we mostly had experts in the room
17:30:28 <tmcpeak> yeah and also out of date security docs can arguably be worse than no docs
17:30:31 <sicarie> Yep
17:30:32 <hyakuhei> I wonder if we could do something similar again, gather the coresec’s from the various teams or something ?
17:30:46 <tmcpeak> that sounds like it will be very difficult to coordainate
17:30:55 <sicarie> That might be a good "design session" type thing for a Summit
17:31:01 <tmcpeak> not to mention difficult to hold over the phone and expensive to do in person
17:31:23 <dg___> feels like an in-person thing
17:31:34 <dg___> yes, expensive, but otherwise do we give up on maintaining the guide?
17:31:39 <tmcpeak> also this is entirely a volunteer effort with sicarie and elmiko right now
17:31:44 <tmcpeak> they are both busy with other things
17:31:48 <tmcpeak> so a scale problem too
17:32:03 <tmcpeak> dg___: yeah not sure, maybe scale back the guide?
17:32:15 <tmcpeak> provide guarantees for certain core sections and disclaimers for others
17:32:36 <dg___> i think tis the core sections, like neutron, that we are struggling with, sicarie?
17:32:42 <sicarie> Yeah
17:33:00 <tmcpeak> well other sections are most certainly out of date and we just don't know it
17:33:17 <hyakuhei> Well, I’d certainly say that it’s ok to remove stuff that’s not up to par
17:33:23 <hyakuhei> Just WIP the chapter
17:33:25 <sicarie> tmcpeak: +1
17:33:41 <tmcpeak> my biggest concern is elmiko/sicarie or both get reprioritized or move on from OpenStack and the guide is orphaned
17:33:43 <hyakuhei> That’s what we did to start with, if we didn’t have the expertise to write something
17:33:58 <hyakuhei> tmcpeak: Sure, well in that case I’d try to find someone else
17:34:07 <tmcpeak> yeah
17:34:17 <hyakuhei> but if we can’t find someone then we’ll sunset it, for now we should look at improving quality and hopefully adoption
17:34:24 <tmcpeak> +1
17:34:48 <tmcpeak> I'd love to say I'll help with this but I won't
17:34:51 <tmcpeak> ;)
17:34:51 <dg___> im uncomfortable about sunsetting it, Ravi made a good point about needing deployer guidance...
17:35:00 <hyakuhei> yeh
17:35:07 <tmcpeak> agreed
17:35:10 <sicarie> hyakuhei: I'll take a look at it and see what I think we should pull out
17:35:29 <sicarie> maybe floating that list of sections to -dev will get some input?
17:35:40 <tmcpeak> yeah that sounds like a good step
17:35:48 <tmcpeak> did we bail on the checklists when pdesai left btw?
17:35:59 <tmcpeak> I wonder if converting everything to checklists would make maintaining easier
17:36:16 <sicarie> there has been a significant amount of stagnancy over the last 2 months - elmiko and I are both involved in other projects
17:36:24 <tmcpeak> yeah
17:36:27 <sicarie> However, mine ends at the beginning of next month, so I can pick up a bit more after that
17:37:19 <tmcpeak> well I guess as long as you and elmiko can still work on it we're ok
17:37:32 <tmcpeak> I guess just something for us to think about, mid-term plans
17:37:50 <hyakuhei> Sorry got pulled away for a second.
17:37:52 <hyakuhei> Where are we
17:38:08 <tmcpeak> sicarie: can spend some time cleaning up and pulling out sections at the end of this month
17:38:17 <tmcpeak> other than that it's a problem we should be thinking about
17:38:23 <hyakuhei> Agreed
17:38:29 <tmcpeak> realistically OSSP resources are dwindling
17:38:35 <tmcpeak> so we should figure out how to do more with less
17:38:44 <tmcpeak> or trim focus from projects
17:38:58 <hyakuhei> Same for all of OpenStack but yes
17:39:02 <tmcpeak> yeah
17:39:11 <hyakuhei> However some of the things like Anchor and Bandit are drawing less resouce now
17:39:21 <tmcpeak> true
17:39:25 <hyakuhei> At a minimum we can maintain OSSNs, VMT support and the security guide
17:39:50 <tmcpeak> agreed we should do those
17:39:56 <dg___> +1
17:40:03 <hyakuhei> And of course the fantastic syntribos!
17:40:04 <tmcpeak> that leaves the question of threat analysis
17:40:14 <tmcpeak> this is a new project that requires significant time and energy
17:40:14 <dg___> I assumed that came under 'VMT support'
17:40:20 <tmcpeak> how will we deal with that with less resources
17:40:23 <hyakuhei> Nah TA is separate
17:40:31 <hyakuhei> Doug and I can do most of the heavy lifting I think
17:40:39 <tmcpeak> on a repeatable basis?
17:40:48 <hyakuhei> It’s more getting it to a point where we don’t have to hold peoples hands through the whole thing
17:40:56 <hyakuhei> Which is what the new documentation does
17:41:03 <dg___> at that point it should be fairly lightweight
17:41:15 <tmcpeak> ok cool
17:41:31 <hyakuhei> That’s the theory
17:41:41 <hyakuhei> We’ll just have to keep trimming stuff until it makes sense
17:41:45 <tmcpeak> I will buy you both many beers if you can
17:41:51 <tmcpeak> *when you do
17:41:56 <dg___> deal
17:42:26 <hyakuhei> lol
17:42:32 <tmcpeak> I know hyakuhei was on vacation and is still catching up so I assume you still have to synch on TA and there isn't much to talk about this week?
17:42:36 <tmcpeak> likewise for blog?
17:43:02 <dg___> thats pretty much it for TA, although we are looking to publish an internal TA from HP fairly soon
17:43:03 <hyakuhei> blog can tick along
17:43:11 <tmcpeak> nice
17:43:21 <hyakuhei> It’s ok if that goes quiet from time to time.
17:43:26 <hyakuhei> Things like TA will create more content
17:43:30 <tmcpeak> sure
17:43:37 <tmcpeak> should we move that to AOB section too then?
17:43:41 <tmcpeak> along with Docs?
17:43:46 <hyakuhei> Blog yes, TA no
17:43:53 <tmcpeak> sorry I meant blog, not TA
17:44:14 <hyakuhei> +1
17:44:14 <tmcpeak> docs too?
17:44:20 <hyakuhei> No, they need more attention
17:45:29 <tmcpeak> ok cool
17:45:40 <hyakuhei> #topic AOB
17:46:11 <hyakuhei> Nothing?
17:46:17 <hyakuhei> I guess we can wrap then?
17:46:21 <tmcpeak> yep, wraps
17:46:44 <hyakuhei> Sweet! TY all!
17:46:49 <hyakuhei> £endmeeting
17:46:51 <hyakuhei> doh
17:46:53 <tmcpeak> haha
17:46:56 <tmcpeak> pounds!
17:46:58 <hyakuhei> #endmeeting