17:00:15 <tmcpeak> #startmeeting security
17:00:15 <openstack> Meeting started Thu Jun 30 17:00:15 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:18 <openstack> The meeting name has been set to 'security'
17:00:21 <ccneill> o/
17:00:26 <tmcpeak> #link https://etherpad.openstack.org/p/security-agenda
17:00:57 <mdong> o/
17:01:22 <woodster_> o/
17:01:48 <lhinds> hi all
17:01:51 <unrahul> o/
17:01:55 <gmurphy> hola
17:01:59 <aastha> o/
17:02:11 <tmcpeak> some new faces it seems
17:02:13 <tmcpeak> that's good :)
17:02:26 <ccneill> sup woodster_? long time no see
17:02:48 <tkelsey> o/
17:02:53 <woodster_> ccneill: Hey Charles! Yeah I've been heads down on Nova of late
17:03:34 <tmcpeak> allright, let's get rolling
17:03:40 <tmcpeak> #topic Syntribos
17:04:04 <ccneill> kewl
17:04:15 <browne> o/
17:04:31 <ccneill> so we just had our meeting with Nathan Buckner (OpenCAFE core dev) about removing OpenCAFE from syntribos
17:04:43 <ccneill> I think we've figured out most if not all of the action items for that transition
17:05:05 <ccneill> and once we've finished that, we'll be much closer to a stable product
17:05:21 <ccneill> we'll re-do our docs, etc. to reflect the new way of installing, configuring, and so on
17:05:25 <tmcpeak> sick
17:05:37 <ccneill> so from a "tool runner" perspective, that should stabilize things quite a bit
17:05:51 <ccneill> we'll still be modifying the internals a bit, so test writers will still have to bear with us O:-)
17:05:51 <michaelxin> o/
17:06:03 <michaelxin> we have a new member from Intel joining us
17:06:04 <ccneill> but we're getting closer to stability there too
17:06:05 <tmcpeak> you guys targeting a release?
17:06:13 <mdong> also, big thanks to browne and tkelsey for helping out with reviews!
17:06:29 <tmcpeak> I went to OWASP, got me thinking this would be a great talk
17:06:32 <tkelsey> mdong: your welcome :)
17:06:34 <browne> np
17:06:45 <unrahul> yup browne thankyou! its helping us a lot in maintaining the codebase
17:07:04 <ccneill> we're holding off on presentations for the time being (though we're getting closer to the point where we might focus on this)
17:07:15 <ccneill> yeah, thanks tkelsey and browne! very appreciated
17:07:23 <michaelxin> +qq
17:07:26 <michaelxin> +1
17:08:12 <tmcpeak> cool
17:08:13 <ccneill> tmcpeak: I don't know that we have a firm release schedule yet, but I think our path will become pretty clear in the coming paths
17:08:21 <ccneill> coming weeks*
17:08:25 <ccneill> derp
17:08:32 <tmcpeak> awesome, expect a bunch of hacks on that at midcycle too
17:08:40 <ccneill> yep yep
17:08:46 <ccneill> do we have IBM Austin locked down for sure?
17:08:47 <unrahul> welcome aastha ! to the team.
17:09:06 <ccneill> yes! how could I forget. we have a new team member from Intel joining us this week
17:09:07 <tmcpeak> Rob told me it's mostly set but not set in stone
17:09:23 <ccneill> aastha: want to introduce yourself a little?
17:09:31 <tmcpeak> think we're waiting on word from Fernando
17:09:43 <aastha> hello everyone. I am an intern with Intel
17:10:01 <aastha> just started working with the team just a day ago
17:10:10 <michaelxin> welcome
17:10:15 <tmcpeak> aastha: welcome!
17:10:18 <aastha> feeling excited to be part of syntribos
17:10:25 <tmcpeak> it's a good project
17:10:33 <tmcpeak> great resume builder ;)
17:10:34 <ccneill> yep, and we're glad to have all the help we can get :)
17:10:54 <aastha> :) thank you everyone
17:10:55 <ccneill> let's see.. I think that's about it for us
17:11:04 <tmcpeak> cool, thanks Syntribos team
17:11:09 <tmcpeak> #topic OSSN
17:11:29 <tmcpeak> hyakuhei can't make it today but I think he floated this idea of adding contributor details to OSSN
17:11:36 <tmcpeak> would like to get everybody's thoughts on that
17:11:39 <tmcpeak> I think it's a great idea
17:11:44 <dg___> whats the motivation?
17:12:03 <tmcpeak> I havne't talked to him about it, but I assume it's to incentivize people to work on OSSN more
17:12:12 <tmcpeak> and help get work time allocated to it
17:12:16 <lhinds> tmcpeak: sounds good to me, but I would be biased :P
17:12:25 <tmcpeak> lhinds: did you propose it?
17:12:31 <lhinds> No, I did not
17:12:40 <tmcpeak> oh, because you have one coming out? :)
17:12:45 <lhinds> just I have a note pending (which we can get on to next)
17:12:50 <lhinds> yup
17:12:53 <dg___> my concern is that it will lead to the author of the OSSNs getting a lot of dumb emails asking how to reconfigure some broken service
17:12:55 <ccneill> I concur that it probably helps people get time for it
17:13:05 <ccneill> dg___: that's a good point
17:13:13 <ccneill> maybe only provide IRC handle?
17:13:13 <tmcpeak> dg___: it is…
17:13:18 <lhinds> but putting that aside, i think its a good idea. they take a fair amount of research and thought
17:13:28 <tmcpeak> I mean author name and company without email could probably be fine though
17:13:38 <dg___> tmcpeak +1
17:13:39 <tmcpeak> or I can just put dg@hpe.com
17:13:44 <ccneill> haha
17:13:54 <dg___> cheers bro
17:14:02 <lhinds> Author, Company +1
17:14:06 <ccneill> yeah, I think name + company is probably good
17:14:09 <dg___> +1
17:14:23 <dg___> can i get a 'this OSSN was sponsored by HPE' at the top of all of mine?
17:14:42 <lhinds> all your ossn are belong to us
17:14:47 <tmcpeak> #startvote
17:14:48 <openstack> Unable to parse vote topic and options.
17:14:57 <gmurphy> lol
17:15:03 <tmcpeak> I can't IRC gud
17:15:11 <tmcpeak> if anybody doesn't like this idea say so
17:15:46 <ccneill> who doesn't like getting credit for doing stuff? ;)
17:15:58 <tmcpeak> #startvote OSSN author attribution? Yes, No
17:15:58 <openstack> Begin voting on: OSSN author attribution? Valid vote options are Yes, No.
17:15:59 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
17:16:04 <tmcpeak> #vote Yes
17:16:19 <dg___> yarp
17:16:27 <ccneill> #vote Yes
17:16:28 <dg___> wait #vote Yes
17:16:33 <lhinds> #vote yes
17:16:44 <sicarie> #vote No
17:16:45 <gmurphy> so are we going to retrofit it or just for new ones?
17:16:50 <lhinds> Is it case senstive?
17:17:02 <tmcpeak> gmurphy: great Q, we should retrofit I think
17:17:09 <tmcpeak> wouldn't be much work
17:17:17 <tmcpeak> I wish nkinder was here, I'd make sure he likes it
17:17:28 <tmcpeak> #showvote
17:17:28 <openstack> Yes (3): lhinds, ccneill, tmcpeak
17:17:29 <dg___> can we have a second vote if we dont like the outcome of the first vote? (british problems)
17:17:30 <openstack> No (1): sicarie
17:17:35 <tmcpeak> #endvote
17:17:36 <openstack> Voted on "OSSN author attribution?" Results are
17:17:38 <openstack> Yes (3): lhinds, ccneill, tmcpeak
17:17:39 <openstack> No (1): sicarie
17:17:40 <sicarie> dg__ lol
17:17:48 <gmurphy> aye!
17:17:55 <ccneill> lolol dg___
17:17:57 <tmcpeak> ok! voting has ended.  OSSG is leaving the OpenStack Union
17:18:04 <gmurphy> i forgot to vote..
17:18:06 <tkelsey> wait what
17:18:07 <gmurphy> lol
17:18:12 <ccneill> oh noez
17:18:14 <sicarie> REVOTE
17:18:19 <tmcpeak> :P
17:18:20 <ccneill> I DIDN'T UNDERSTAND MY OPTIONS
17:18:31 <gmurphy> ossnexit
17:18:35 <lhinds> <googles: 'what is ossn?'>
17:18:35 <tkelsey> as a UK guy I have had enough of this voting out of things lol
17:18:39 <tmcpeak> lol
17:18:41 <mdong> haha!
17:19:14 <dg___> ooops i broke the ossp :(
17:19:25 <tmcpeak> any volunteers to retrofit contributors?
17:19:33 <dg___> everyone to do their own?
17:19:41 <tkelsey> dg___: +1
17:19:46 <tmcpeak> that's a bunch of changes though...
17:19:53 <dg___> although - i cant remember what i wrote
17:19:55 <tmcpeak> seems like it makes more sense to do one big change
17:19:56 <dg___> tmcpeak +1
17:19:59 <tkelsey> do we have an example template for how it should look now?
17:20:08 <lhinds> I will do it
17:20:13 <tmcpeak> tkelsey: no.  No we do not
17:20:18 <dg___> thanks lhinds :)
17:20:18 <tmcpeak> lhinds: awesome!  thanks!
17:20:23 <michaelxin> +1
17:20:24 <lhinds> One big patch ok? and I don't think any tox nonsense :)
17:20:30 <tmcpeak> #action lhinds to retrofit OSSN contributors
17:20:38 <tmcpeak> lhinds: yeah, one big patch is good
17:20:45 <tmcpeak> lhinds: you love tox...
17:20:47 <lhinds> I will use stackaltics
17:20:50 <ccneill> #action buy lhinds a beer
17:20:57 <tmcpeak> ccneill: +1
17:21:07 <tkelsey> lhinds: :) thanks
17:21:25 <lhinds> no worries
17:21:32 <tmcpeak> lhinds:  want to talk about your OSSN?
17:21:38 <lhinds> sure:
17:21:43 <lhinds> #link https://review.openstack.org/#/c/313896/13/security-notes/OSSN-0068
17:21:54 <lhinds> so it should be primed for a +2 now
17:22:01 <tmcpeak> gate is still pissed at you...
17:22:02 <lhinds> had a few eyes go over it
17:22:08 <tmcpeak> otherwise I'm +2
17:22:09 <lhinds> tmcpeak: yep....
17:22:10 <gmurphy> might be able to pull info from gerrti/git?
17:22:23 <lhinds> so the gate is my config file goes over the punch card limit
17:22:42 <lhinds> so do I break URL's / configs to keep a silly gate happy?
17:22:49 <tmcpeak> oh
17:23:02 <tmcpeak> no… ok let's final review and merge
17:23:13 <lhinds> I noted other notes mindfully do the same.
17:23:14 <dg___> ok I'll have a review
17:23:15 <tmcpeak> we've never broken urls before
17:23:16 <lhinds> so I think its ok
17:23:20 <tmcpeak> yeah
17:23:29 <dg___> +1 im sure one of my ossns breaks the gate
17:23:41 <tmcpeak> s/one/all
17:23:46 <lhinds> but I don't mind changing, if that is the consensus
17:23:53 <tmcpeak> lhinds: nah, leave it
17:23:58 <tmcpeak> let's get this merged today
17:24:01 <dg___> nah dont break urls
17:24:13 <tmcpeak> somebody took my core in docs
17:24:24 * tmcpeak stink eye to sicarie
17:25:21 <tmcpeak> sicarie: approvsies on this at some point?
17:25:54 <dg___> sicarie is too busy having lunch with the execs
17:26:14 <tmcpeak> baller
17:26:49 <tmcpeak> allright, anything else for notes?
17:26:54 <sicarie> sorry, i’m here
17:26:58 <sicarie> was grabbing free food
17:27:17 <sicarie> we have a compliance section waiting on a doc core +2
17:27:23 <sicarie> and a few hanging minor nites
17:27:25 <sicarie> nits, too
17:27:26 <tmcpeak> haha
17:27:39 <tmcpeak> sicarie: that's good but I was trying to bum a review for lhinds OSSN
17:27:46 <sicarie> :P
17:27:47 <gmurphy> haha
17:27:49 <sicarie> yeah, I can do that
17:27:55 <tmcpeak> thank you
17:27:58 * sicarie reads gud
17:28:00 <dg___> sicarie https://review.openstack.org/#/c/313896/13
17:28:11 <sicarie> thx
17:28:25 <tmcpeak> lhinds: actually do another one with the contributor info ;)
17:28:34 <lhinds> good point tmcpeak
17:28:44 <tmcpeak> cool
17:28:49 <lhinds> do we want it at the top or bottom? (the author , comapny)
17:28:49 <tmcpeak> let's roll to midcycle
17:28:56 <tmcpeak> hmm
17:28:57 <tmcpeak> good q
17:28:59 <tmcpeak> thoughts?
17:29:02 <lhinds> maybe under the title
17:29:02 <tmcpeak> probably bottom
17:29:19 <tmcpeak> I think we want to lead with the exec summary
17:29:29 <lhinds> sure
17:29:29 <dg___> under the exec summary?
17:29:38 <lhinds> will send a quick amend now
17:29:48 <tmcpeak> I was thinking at the end with the rest of the metadata
17:30:02 <lhinds> yep, that makes sense
17:30:46 <tmcpeak> #startvote Should we put the author at the bottom and reverse Brexit? Yes, No
17:30:47 <openstack> Begin voting on: Should we put the author at the bottom and reverse Brexit? Valid vote options are Yes, No.
17:30:48 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
17:30:51 <tmcpeak> #endvote
17:30:52 <openstack> Voted on "Should we put the author at the bottom and reverse Brexit?" Results are
17:30:52 <tmcpeak> :P
17:31:15 <tmcpeak> #topic Midcycle
17:31:36 <tmcpeak> as mentioned earlier Fernando is finalizing the room at IBM
17:31:49 <ccneill> shweet
17:32:04 <tmcpeak> lol, did the dates change?
17:32:13 <tmcpeak> Security: August 24-26 or 17 - 19 (Most likely)
17:32:24 <tmcpeak> looks like Rob did a little switch-a-roony
17:32:47 <dg___> sigh, i thought this was settled, i got travel quotes on the old dates
17:33:03 <tmcpeak> yeah I thought so too
17:33:14 <ccneill> >_<
17:33:16 <tmcpeak> how's it looking dg? you think you can make it?
17:33:31 <dg___> maybe, need to get the dates finalised asap so I can try and organise funding
17:33:36 <tmcpeak> yeah
17:33:40 <dg___> it was looking good until chair6 left
17:33:47 <dg___> now, maybe
17:34:01 <tmcpeak> allright, I added a note for next time we'll make sure to nail these down
17:34:09 <tmcpeak> especially for UK travel people need to know ahead of time
17:34:28 <tmcpeak> allright
17:34:32 <tmcpeak> that's probably it for midcycle
17:34:35 <tmcpeak> #topic Docs
17:34:36 <lhinds> tmcpeak: thats if we still have passports
17:34:42 <tmcpeak> lol
17:34:45 <tmcpeak> sicarie: poke
17:34:59 <sicarie> haha, same as above, compliance addition waiting on docs +2
17:35:01 <sicarie> a efw nits
17:35:05 <sicarie> nothing major
17:35:10 <sicarie> I’m still mostly out of it until next week
17:35:15 <tmcpeak> ok
17:35:23 <tmcpeak> where's elmiko been?
17:35:36 <sicarie> he’s been working his Sahara stuff
17:35:46 <tmcpeak> ahh
17:35:48 <sicarie> I think he’s officially started his sabbatical from the OSSP
17:35:56 <sicarie> hopefully not for too long
17:35:57 <tmcpeak> he's on sabbatical?
17:36:03 <sicarie> no
17:36:06 <tmcpeak> from OSSP
17:36:06 <sicarie> he’s slammed with a project
17:36:11 <tmcpeak> ahh ok
17:36:31 <tmcpeak> #topic Threat Analysis
17:36:32 <tmcpeak> dg___:
17:36:40 <tmcpeak> what it do?
17:37:00 <dg___> noop unfortunately
17:37:20 <dg___> Im slammed with the day job, and afaik rob hasnt touched it
17:37:26 <lhinds> so I am interested in helping out with #topic - to put me on the radar
17:37:27 <tmcpeak> ok
17:37:29 <dg___> i did send someone an email about TA today thou...
17:37:36 <dg___> lhinds awesome
17:38:11 <lhinds> I guess I need to read up, is there a spec or doc anywhere
17:38:14 <dg___> the Designate guys have reached out to me (via the internal chain) and asked if our internal TA will be ok for the vuln-managed tag
17:38:18 <gmurphy> #link https://github.com/openstack/security-doc/blob/master/security-threat-analysis/source/threat-analysis-process.rst
17:38:26 <lhinds> thanks
17:38:27 <gmurphy> #link https://github.com/openstack/security-doc/blob/master/security-threat-analysis/source/templates/architecture-page.rst
17:38:28 <tmcpeak> sdake: you around?
17:38:37 <gmurphy> from dg___'s emails..
17:38:39 <dg___> lhinds https://github.com/openstack/security-doc/tree/master/security-threat-analysis/source
17:38:40 <tmcpeak> err, is he waiting on us to do something?
17:39:06 <dg___> tmcpeak i asked rob if he had followed up and he assured me he has, so maybe he forgot how to use reply-all
17:39:18 <tmcpeak> ahh ok
17:39:25 <tmcpeak> well let's punt for this week
17:39:36 <tmcpeak> #topic AOB
17:39:42 <tmcpeak> anything else?
17:40:36 <tmcpeak> allright guess not
17:40:40 <tmcpeak> have a good week everybody!
17:40:43 <tmcpeak> #endmeeting