17:00:15 #startmeeting security 17:00:15 Meeting started Thu Jun 30 17:00:15 2016 UTC and is due to finish in 60 minutes. The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:18 The meeting name has been set to 'security' 17:00:21 o/ 17:00:26 #link https://etherpad.openstack.org/p/security-agenda 17:00:57 o/ 17:01:22 o/ 17:01:48 hi all 17:01:51 o/ 17:01:55 hola 17:01:59 o/ 17:02:11 some new faces it seems 17:02:13 that's good :) 17:02:26 sup woodster_? long time no see 17:02:48 o/ 17:02:53 ccneill: Hey Charles! Yeah I've been heads down on Nova of late 17:03:34 allright, let's get rolling 17:03:40 #topic Syntribos 17:04:04 kewl 17:04:15 o/ 17:04:31 so we just had our meeting with Nathan Buckner (OpenCAFE core dev) about removing OpenCAFE from syntribos 17:04:43 I think we've figured out most if not all of the action items for that transition 17:05:05 and once we've finished that, we'll be much closer to a stable product 17:05:21 we'll re-do our docs, etc. to reflect the new way of installing, configuring, and so on 17:05:25 sick 17:05:37 so from a "tool runner" perspective, that should stabilize things quite a bit 17:05:51 we'll still be modifying the internals a bit, so test writers will still have to bear with us O:-) 17:05:51 o/ 17:06:03 we have a new member from Intel joining us 17:06:04 but we're getting closer to stability there too 17:06:05 you guys targeting a release? 17:06:13 also, big thanks to browne and tkelsey for helping out with reviews! 17:06:29 I went to OWASP, got me thinking this would be a great talk 17:06:32 mdong: your welcome :) 17:06:34 np 17:06:45 yup browne thankyou! its helping us a lot in maintaining the codebase 17:07:04 we're holding off on presentations for the time being (though we're getting closer to the point where we might focus on this) 17:07:15 yeah, thanks tkelsey and browne! very appreciated 17:07:23 +qq 17:07:26 +1 17:08:12 cool 17:08:13 tmcpeak: I don't know that we have a firm release schedule yet, but I think our path will become pretty clear in the coming paths 17:08:21 coming weeks* 17:08:25 derp 17:08:32 awesome, expect a bunch of hacks on that at midcycle too 17:08:40 yep yep 17:08:46 do we have IBM Austin locked down for sure? 17:08:47 welcome aastha ! to the team. 17:09:06 yes! how could I forget. we have a new team member from Intel joining us this week 17:09:07 Rob told me it's mostly set but not set in stone 17:09:23 aastha: want to introduce yourself a little? 17:09:31 think we're waiting on word from Fernando 17:09:43 hello everyone. I am an intern with Intel 17:10:01 just started working with the team just a day ago 17:10:10 welcome 17:10:15 aastha: welcome! 17:10:18 feeling excited to be part of syntribos 17:10:25 it's a good project 17:10:33 great resume builder ;) 17:10:34 yep, and we're glad to have all the help we can get :) 17:10:54 :) thank you everyone 17:10:55 let's see.. I think that's about it for us 17:11:04 cool, thanks Syntribos team 17:11:09 #topic OSSN 17:11:29 hyakuhei can't make it today but I think he floated this idea of adding contributor details to OSSN 17:11:36 would like to get everybody's thoughts on that 17:11:39 I think it's a great idea 17:11:44 whats the motivation? 17:12:03 I havne't talked to him about it, but I assume it's to incentivize people to work on OSSN more 17:12:12 and help get work time allocated to it 17:12:16 tmcpeak: sounds good to me, but I would be biased :P 17:12:25 lhinds: did you propose it? 17:12:31 No, I did not 17:12:40 oh, because you have one coming out? :) 17:12:45 just I have a note pending (which we can get on to next) 17:12:50 yup 17:12:53 my concern is that it will lead to the author of the OSSNs getting a lot of dumb emails asking how to reconfigure some broken service 17:12:55 I concur that it probably helps people get time for it 17:13:05 dg___: that's a good point 17:13:13 maybe only provide IRC handle? 17:13:13 dg___: it is… 17:13:18 but putting that aside, i think its a good idea. they take a fair amount of research and thought 17:13:28 I mean author name and company without email could probably be fine though 17:13:38 tmcpeak +1 17:13:39 or I can just put dg@hpe.com 17:13:44 haha 17:13:54 cheers bro 17:14:02 Author, Company +1 17:14:06 yeah, I think name + company is probably good 17:14:09 +1 17:14:23 can i get a 'this OSSN was sponsored by HPE' at the top of all of mine? 17:14:42 all your ossn are belong to us 17:14:47 #startvote 17:14:48 Unable to parse vote topic and options. 17:14:57 lol 17:15:03 I can't IRC gud 17:15:11 if anybody doesn't like this idea say so 17:15:46 who doesn't like getting credit for doing stuff? ;) 17:15:58 #startvote OSSN author attribution? Yes, No 17:15:58 Begin voting on: OSSN author attribution? Valid vote options are Yes, No. 17:15:59 Vote using '#vote OPTION'. Only your last vote counts. 17:16:04 #vote Yes 17:16:19 yarp 17:16:27 #vote Yes 17:16:28 wait #vote Yes 17:16:33 #vote yes 17:16:44 #vote No 17:16:45 so are we going to retrofit it or just for new ones? 17:16:50 Is it case senstive? 17:17:02 gmurphy: great Q, we should retrofit I think 17:17:09 wouldn't be much work 17:17:17 I wish nkinder was here, I'd make sure he likes it 17:17:28 #showvote 17:17:28 Yes (3): lhinds, ccneill, tmcpeak 17:17:29 can we have a second vote if we dont like the outcome of the first vote? (british problems) 17:17:30 No (1): sicarie 17:17:35 #endvote 17:17:36 Voted on "OSSN author attribution?" Results are 17:17:38 Yes (3): lhinds, ccneill, tmcpeak 17:17:39 No (1): sicarie 17:17:40 dg__ lol 17:17:48 aye! 17:17:55 lolol dg___ 17:17:57 ok! voting has ended. OSSG is leaving the OpenStack Union 17:18:04 i forgot to vote.. 17:18:06 wait what 17:18:07 lol 17:18:12 oh noez 17:18:14 REVOTE 17:18:19 :P 17:18:20 I DIDN'T UNDERSTAND MY OPTIONS 17:18:31 ossnexit 17:18:35 17:18:35 as a UK guy I have had enough of this voting out of things lol 17:18:39 lol 17:18:41 haha! 17:19:14 ooops i broke the ossp :( 17:19:25 any volunteers to retrofit contributors? 17:19:33 everyone to do their own? 17:19:41 dg___: +1 17:19:46 that's a bunch of changes though... 17:19:53 although - i cant remember what i wrote 17:19:55 seems like it makes more sense to do one big change 17:19:56 tmcpeak +1 17:19:59 do we have an example template for how it should look now? 17:20:08 I will do it 17:20:13 tkelsey: no. No we do not 17:20:18 thanks lhinds :) 17:20:18 lhinds: awesome! thanks! 17:20:23 +1 17:20:24 One big patch ok? and I don't think any tox nonsense :) 17:20:30 #action lhinds to retrofit OSSN contributors 17:20:38 lhinds: yeah, one big patch is good 17:20:45 lhinds: you love tox... 17:20:47 I will use stackaltics 17:20:50 #action buy lhinds a beer 17:20:57 ccneill: +1 17:21:07 lhinds: :) thanks 17:21:25 no worries 17:21:32 lhinds: want to talk about your OSSN? 17:21:38 sure: 17:21:43 #link https://review.openstack.org/#/c/313896/13/security-notes/OSSN-0068 17:21:54 so it should be primed for a +2 now 17:22:01 gate is still pissed at you... 17:22:02 had a few eyes go over it 17:22:08 otherwise I'm +2 17:22:09 tmcpeak: yep.... 17:22:10 might be able to pull info from gerrti/git? 17:22:23 so the gate is my config file goes over the punch card limit 17:22:42 so do I break URL's / configs to keep a silly gate happy? 17:22:49 oh 17:23:02 no… ok let's final review and merge 17:23:13 I noted other notes mindfully do the same. 17:23:14 ok I'll have a review 17:23:15 we've never broken urls before 17:23:16 so I think its ok 17:23:20 yeah 17:23:29 +1 im sure one of my ossns breaks the gate 17:23:41 s/one/all 17:23:46 but I don't mind changing, if that is the consensus 17:23:53 lhinds: nah, leave it 17:23:58 let's get this merged today 17:24:01 nah dont break urls 17:24:13 somebody took my core in docs 17:24:24 * tmcpeak stink eye to sicarie 17:25:21 sicarie: approvsies on this at some point? 17:25:54 sicarie is too busy having lunch with the execs 17:26:14 baller 17:26:49 allright, anything else for notes? 17:26:54 sorry, i’m here 17:26:58 was grabbing free food 17:27:17 we have a compliance section waiting on a doc core +2 17:27:23 and a few hanging minor nites 17:27:25 nits, too 17:27:26 haha 17:27:39 sicarie: that's good but I was trying to bum a review for lhinds OSSN 17:27:46 :P 17:27:47 haha 17:27:49 yeah, I can do that 17:27:55 thank you 17:27:58 * sicarie reads gud 17:28:00 sicarie https://review.openstack.org/#/c/313896/13 17:28:11 thx 17:28:25 lhinds: actually do another one with the contributor info ;) 17:28:34 good point tmcpeak 17:28:44 cool 17:28:49 do we want it at the top or bottom? (the author , comapny) 17:28:49 let's roll to midcycle 17:28:56 hmm 17:28:57 good q 17:28:59 thoughts? 17:29:02 maybe under the title 17:29:02 probably bottom 17:29:19 I think we want to lead with the exec summary 17:29:29 sure 17:29:29 under the exec summary? 17:29:38 will send a quick amend now 17:29:48 I was thinking at the end with the rest of the metadata 17:30:02 yep, that makes sense 17:30:46 #startvote Should we put the author at the bottom and reverse Brexit? Yes, No 17:30:47 Begin voting on: Should we put the author at the bottom and reverse Brexit? Valid vote options are Yes, No. 17:30:48 Vote using '#vote OPTION'. Only your last vote counts. 17:30:51 #endvote 17:30:52 Voted on "Should we put the author at the bottom and reverse Brexit?" Results are 17:30:52 :P 17:31:15 #topic Midcycle 17:31:36 as mentioned earlier Fernando is finalizing the room at IBM 17:31:49 shweet 17:32:04 lol, did the dates change? 17:32:13 Security: August 24-26 or 17 - 19 (Most likely) 17:32:24 looks like Rob did a little switch-a-roony 17:32:47 sigh, i thought this was settled, i got travel quotes on the old dates 17:33:03 yeah I thought so too 17:33:14 >_< 17:33:16 how's it looking dg? you think you can make it? 17:33:31 maybe, need to get the dates finalised asap so I can try and organise funding 17:33:36 yeah 17:33:40 it was looking good until chair6 left 17:33:47 now, maybe 17:34:01 allright, I added a note for next time we'll make sure to nail these down 17:34:09 especially for UK travel people need to know ahead of time 17:34:28 allright 17:34:32 that's probably it for midcycle 17:34:35 #topic Docs 17:34:36 tmcpeak: thats if we still have passports 17:34:42 lol 17:34:45 sicarie: poke 17:34:59 haha, same as above, compliance addition waiting on docs +2 17:35:01 a efw nits 17:35:05 nothing major 17:35:10 I’m still mostly out of it until next week 17:35:15 ok 17:35:23 where's elmiko been? 17:35:36 he’s been working his Sahara stuff 17:35:46 ahh 17:35:48 I think he’s officially started his sabbatical from the OSSP 17:35:56 hopefully not for too long 17:35:57 he's on sabbatical? 17:36:03 no 17:36:06 from OSSP 17:36:06 he’s slammed with a project 17:36:11 ahh ok 17:36:31 #topic Threat Analysis 17:36:32 dg___: 17:36:40 what it do? 17:37:00 noop unfortunately 17:37:20 Im slammed with the day job, and afaik rob hasnt touched it 17:37:26 so I am interested in helping out with #topic - to put me on the radar 17:37:27 ok 17:37:29 i did send someone an email about TA today thou... 17:37:36 lhinds awesome 17:38:11 I guess I need to read up, is there a spec or doc anywhere 17:38:14 the Designate guys have reached out to me (via the internal chain) and asked if our internal TA will be ok for the vuln-managed tag 17:38:18 #link https://github.com/openstack/security-doc/blob/master/security-threat-analysis/source/threat-analysis-process.rst 17:38:26 thanks 17:38:27 #link https://github.com/openstack/security-doc/blob/master/security-threat-analysis/source/templates/architecture-page.rst 17:38:28 sdake: you around? 17:38:37 from dg___'s emails.. 17:38:39 lhinds https://github.com/openstack/security-doc/tree/master/security-threat-analysis/source 17:38:40 err, is he waiting on us to do something? 17:39:06 tmcpeak i asked rob if he had followed up and he assured me he has, so maybe he forgot how to use reply-all 17:39:18 ahh ok 17:39:25 well let's punt for this week 17:39:36 #topic AOB 17:39:42 anything else? 17:40:36 allright guess not 17:40:40 have a good week everybody! 17:40:43 #endmeeting