17:00:33 <tmcpeak> #startmeeting security
17:00:34 <openstack> Meeting started Thu Jul  7 17:00:33 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:34 <unrahul> o/
17:00:35 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:37 <openstack> The meeting name has been set to 'security'
17:00:40 <hyakuhei> o/
17:00:46 <browne> o/
17:00:48 <tmcpeak> #chair hyakuhei
17:00:48 <openstack> Current chairs: hyakuhei tmcpeak
17:00:51 <lhinds> hi all
17:00:52 <tmcpeak> #link https://etherpad.openstack.org/p/security-agenda
17:00:52 <hyakuhei> weee]
17:00:59 <tmcpeak> hey all!
17:01:28 <elmiko> ( ´ ▽ ` )ノ
17:01:34 <hyakuhei> Tough crowd tmcpeak :P
17:01:53 <tmcpeak> :D
17:02:23 <lhinds> I might have to duck out early, so I put the two OSSNs in etherpad
17:02:35 * mhayden wanders in
17:02:43 <hyakuhei> thanks lhinds
17:02:55 <tmcpeak> awesome, thank you lhinds
17:03:07 <lhinds> np
17:03:09 <tmcpeak> we've got serious business today… we need to pick a mascot :P
17:03:18 <hyakuhei> Dude you added all the authors ? wow
17:03:36 <tmcpeak> lhinds is a beast!
17:03:39 <aastha> o/
17:03:40 <hyakuhei> Yeah, lets leave that till towards the end because I see it taking the whole meeting tmcpeak :P
17:03:42 <lhinds> hyakuhei: got to be up early to catch me out :P
17:03:50 <tmcpeak> haha yeah, does seem rathole worthy
17:03:56 <lhinds> or whatever the saying is (that sounded wrong)
17:04:11 <hyakuhei> lol I think there’s a few in there where my name is spelled wrong
17:04:20 <tmcpeak> that sounds like a Taylor Swift jingle lhinds
17:04:21 <hyakuhei> “Nathan Kinder” is a terrible way to spell my name :P
17:04:30 <elmiko> lol
17:04:31 <tmcpeak> LGTM, ship it
17:04:38 <hyakuhei> However this must have taken an epic amount of digging and I’m really thankful to you lhinds
17:04:40 <hyakuhei> I’ll review
17:04:46 <lhinds> ahh yeah, so some of them may well be wrong, it was hard to know as I could not find the review
17:04:50 <browne> should the author have the company they work for now, or when the OSSN was written?
17:04:56 <hyakuhei> Yeah for sure!
17:05:00 <lhinds> add them to the launchpad and I will amend
17:05:04 <mhayden> hyakuhei: nice work, nathan
17:05:13 <tmcpeak> browne probably where they worked at the time
17:05:16 <hyakuhei> lol
17:05:24 <hyakuhei> “Author: Unknown”
17:05:26 <sigmavirus> o/ (sorry I'm late)
17:05:29 <hyakuhei> We probably need to fix that too hehe
17:05:36 <browne> tmcpeak: oh, that'll be harder and probably this patch needs edits then
17:05:41 <lhinds> hyakuhei: the very first one, I think it was heartbleed?
17:05:47 <gmurphy> sorry is there a link to the etherpad that i missed or is this a review?
17:05:48 <tmcpeak> everybody edit your own then :)
17:05:57 <tmcpeak> gmurphy: https://review.openstack.org/#/c/337627/1
17:06:03 * gmurphy finds it just then
17:06:14 <lhinds> ok, I got to dash, please amened to launchpad https://bugs.launchpad.net/ossn/+bug/1599064
17:06:15 <openstack> Launchpad bug 1599064 in OpenStack Security Notes "Add Author to Meta Data of Security Notes" [Undecided,New] - Assigned to Luke Hinds (lhinds)
17:06:17 <elmiko> good stuff lhinds, ++
17:06:18 <lhinds> *amend
17:06:26 <hyakuhei> cheers lhinds
17:06:31 <tmcpeak> lhinds: amend or add comments in reviews?
17:06:33 <tmcpeak> thanks for doing this all!
17:06:40 <tmcpeak> huge effort, we really appreciate it
17:06:45 <qwebirc57930> hi I have a question. I am a university student and I configured barbicab with cinder and nova for Volume encryption. i'm trying to understand how key rotation work but i can't find usefull information. is it possible to rotate the key(s) used to encrypt the volume? how it works?can I set yearly rotation schedule?
17:06:50 <lhinds> I will amend, make a comment in gerrit or lp, I don't mind
17:06:57 <hyakuhei> Righto
17:07:40 <hyakuhei> qwebirc57930: You might want to try #openstack-barbican
17:07:45 <elmiko> qwebirc57930: we are holding a meeting for the security project currently, you might want to ask that in openstack-dev or openstack-barbican
17:08:01 <hyakuhei> elmiko: The enforcer :D
17:08:06 <elmiko> lol!
17:08:14 * elmiko brandishes his axe
17:08:26 <tmcpeak> "which company did I work for when I wrote note xyz…"
17:09:08 <hyakuhei> Yeah, I’m not as worried about that
17:09:14 <lhinds> just don't hassle me over the HP / HPE stuff :P
17:09:19 <lhinds> ok, I am gone
17:09:23 * gmurphy will review
17:09:23 <tmcpeak> haha
17:09:24 <hyakuhei> oh god I forgot about that mess
17:09:26 <tmcpeak> later lhinds
17:09:35 <tmcpeak> forget it, that should all be HPE
17:09:49 <tmcpeak> the company that is now HP didn't do any OpenStack stuff
17:10:02 <gmurphy> also didn't a bunch of people contribute to some during  a midcycle?
17:10:05 <elmiko> maybe just put HP.* ?
17:10:08 <gmurphy> do we care about that?
17:10:14 <tmcpeak> elmiko: lol
17:10:15 <gmurphy> lol HP*
17:10:20 <mhayden> HP(E)?
17:10:22 <tmcpeak> gmurphy: yeah, multiple authors should be listed if applicable
17:10:34 <hyakuhei> That’s what the review process is for :)
17:10:40 <gmurphy> yeah.
17:10:52 <hyakuhei> It’s in Gerrit, opensource b*tches
17:11:04 <hyakuhei> ^ Standard OpenStack response to defects.
17:11:11 <elmiko> LOL
17:11:18 <mhayden> elmiko: just use ▭
17:11:29 <hyakuhei> ok so back to the agenda, lets start from the top #link https://etherpad.openstack.org/p/security-agenda
17:11:39 <hyakuhei> #topic Syntribos
17:11:46 <hyakuhei> Any shiny newness this week?
17:11:49 <unrahul> Hey all I am from the Syntribos team
17:12:16 <hyakuhei> Hey unrahul !
17:12:24 <unrahul> yup, after our meeting with Nathan, decided on what to opencafe and transition to oslo config/log
17:12:30 <unrahul> hey hyakuhei
17:12:32 <unrahul> https://review.openstack.org/#/c/337938/2/
17:13:07 <unrahul> this CR deals with some of it and we are hoping to remove opencafe dependencies by mid text week
17:13:34 <unrahul> I guess thats the major news we have for this week.
17:14:19 <unrahul> Most of signals code has been merged to the master and finally its not broken :D
17:14:20 <hyakuhei> Cool
17:14:30 <gmurphy> did you guys see - http://lists.openstack.org/pipermail/openstack-dev/2016-July/098700.html
17:14:34 <hyakuhei> I know tkelsey took a look at the signals stuff, hopefully that was useful
17:15:12 <hyakuhei> hmmm. ugly bug gmurphy but these things happen in young projects
17:15:23 <unrahul> yeah.. it was broken till ysday, we have fixed it, things should work now.. most of it
17:15:33 <hyakuhei> Excellent!
17:15:38 <unrahul> some of the tests had to refactored...
17:15:41 <unrahul> thanks hyakuhei !
17:16:02 <unrahul> Thanks gmurphy for the link, I had missed it..
17:16:05 <hyakuhei> So I learned today that IBM is using Syntribos quite a bit for one of the bigger OpenStack projects we have, it’s wedged into the CI process somewhere.
17:16:14 <hyakuhei> Thought you guys would like to know
17:16:15 <gmurphy> cool. i just wanted to make sure it got picked up
17:16:16 <tmcpeak> hyakuhei: +1
17:16:21 <elmiko> neat
17:16:21 <unrahul> whoa thats cool hyakuhei !
17:16:32 <gmurphy> awesome
17:16:37 <unrahul> do you have any further info on that..?? curious as to what they think..
17:17:06 <tmcpeak> let me try to summon one of the guys working with it
17:17:11 <hyakuhei> I don’t have anything to hand but I’m happy to connect you guys if there’s common ground
17:17:36 <tmcpeak> one sec, edtubill is on the way
17:17:37 <edtubill> o/
17:17:51 <tmcpeak> edtubill is one of the folks working with Syntribos
17:17:59 <hyakuhei> weeee !
17:18:06 <tmcpeak> unrahul: one of the Syntribos devs, very curious about thoughts using it
17:18:22 <unrahul> it would be really helpful for the project  to get early feedback hyakuhei  !
17:18:56 <edtubill> Hi, yeah so we have some people who ran Syntribos. I can get feedback from them or have them reach out to you.
17:18:57 <unrahul> thanks tmcpeak , hey edtubill  do you have any feedback on the tool..?
17:19:16 <unrahul> yup that would helps us a lot, edtubill
17:19:24 <tmcpeak> edtubill: that would be awesome, I know when we were working on Bandit we loved feedback like that
17:20:10 <edtubill> cool, I'll let them know. I guess the security irc channel is the best way to reach out?
17:20:20 <hyakuhei> Probably yeah.
17:20:25 <tmcpeak> yeah, that sounds good
17:20:30 <unrahul> we are in the security channel,
17:20:35 <unrahul> yup, irc sounds good..
17:20:40 <tmcpeak> sweet!
17:20:44 <edtubill> cool.
17:20:45 <unrahul> ccneill is leading the project from tech side
17:20:56 <unrahul> and michaelxin is our manager..
17:21:25 <unrahul> you could just ask them to contact any of us, ! thanks once again!
17:21:36 <edtubill> np!
17:21:46 <tmcpeak> sweet
17:21:51 <tmcpeak> anything else for Syntribos?
17:21:58 <hyakuhei> Lets move onto… docs?
17:22:02 <unrahul> eh.. nop, thats for now !.
17:22:06 <hyakuhei> Unless there’s OSSN things
17:22:15 <tmcpeak> we need reviews for lhinds note
17:22:19 <tmcpeak> I don't have doc +2 anymore
17:22:24 <tmcpeak> one of you guys are going to have to do it
17:22:31 <tmcpeak> elmiko, hyakuhei, sicarie
17:22:56 <elmiko> ack
17:23:16 <elmiko> the authors one needs a little update from the looks of it, i didn't read the other one yet
17:23:17 <hyakuhei> I’ll review them this evening hopefully, the authors one will require some digging I’m guessing
17:23:23 <elmiko> yeah
17:23:25 <hyakuhei> elmiko: same here
17:23:43 <tmcpeak> cool
17:24:04 <tmcpeak> #topic Docs
17:24:25 <elmiko> wwwweeeeellllll
17:24:31 <elmiko> imo, we need more docs folks
17:24:43 <tmcpeak> yuh, big time
17:24:43 <sicarie> +1
17:24:53 <hyakuhei> +1
17:24:55 <sicarie> my timesuck ends this weekend, so i’ll be back doing docs stuffs
17:24:55 <elmiko> i'm not sure how we do that, but those are the facts
17:25:14 <tmcpeak> should get a crowd funding effort ;)
17:25:15 <elmiko> sadly, my priorities continue to shift away from openstack :/
17:25:20 <elmiko> tmcpeak++
17:25:30 <hyakuhei> We need to figure something out, maybe a better way to compartmentalize bits of docs to give people ownership of smaller parts?
17:25:34 <tmcpeak> elmiko: I'm sure you aren't the only one
17:25:41 <gmurphy> i would offer to help but i karn't speel gud
17:25:52 <elmiko> hyakuhei: agreed, that and we need more outreach to the CPLs
17:25:58 <tmcpeak> gmurphy: spelling not required for docs
17:26:06 <elmiko> ideally, project specialists should be taking on these doc tasks
17:26:06 <hyakuhei> gmurphy: Google translate does Aus->American->English
17:26:27 <tmcpeak> elmiko: I don't know if that's realistic though
17:26:37 <tmcpeak> most projects probably don't have enough time to maintain their own docs, huh?
17:26:40 <elmiko> too bad =(
17:26:58 <tmcpeak> maybe we can deprecate maintenance on portions of the doc
17:27:24 <elmiko> well, and we had talked in austin about the idea of adding a new governance tag related to security docs. that might help
17:27:41 <hyakuhei> hmmm. WE definintely need to figure something out. elmiko I’m glad you mentioned that
17:27:48 <tmcpeak> +1
17:28:04 <elmiko> needs more stick, less carrot ;P
17:28:15 <sicarie> +1
17:28:29 <tmcpeak> with shrinking resources I'm not sure how well stick would work either
17:28:46 <tmcpeak> human nature is to fudge things that are in their way
17:28:53 <hyakuhei> Yarp
17:28:56 <tmcpeak> I suggest reducing scope
17:29:28 <elmiko> that's fair, it just adjusts our end goal
17:29:30 <hyakuhei> I presume all the docs people are spread thin
17:29:36 <elmiko> most likely
17:29:41 <hyakuhei> Not just the sec people?
17:29:55 <hyakuhei> Though IIRC the biggest problem was a lack of SME’s ?
17:30:07 <sicarie> yeah
17:30:16 <hyakuhei> Not easy to fix.
17:30:20 <sicarie> Or the ability to get the SME’s to focus on the problem/aging areas
17:30:34 <tmcpeak> well even if we had SMEs, do you guys have the time to speak with them, take their input, and write new content based on it?
17:30:47 <sicarie> i will after this weekend
17:31:00 <elmiko> i certainly don't
17:31:01 <hyakuhei> I think there’s good scope for doing another sprint
17:31:32 <tmcpeak> at the midcycle you mean?
17:31:33 <elmiko> does anyone have a reading on how the foundation feels about quality security docs?
17:31:34 <hyakuhei> Targetting the worst 4-5 areas, getting people in the same place to pair-author some stuff potentially
17:31:48 <hyakuhei> tmcpeak: maybe then maybe some other time. Might see if the foundation can help with funding.
17:32:02 <hyakuhei> elmiko: They’re paying more attention to security than ever before
17:32:06 <tmcpeak> elmiko: yeah, the foundation really wants good security docs AFACT
17:32:08 <hyakuhei> Which is to say, some.
17:32:10 <tmcpeak> AFAICT
17:32:34 <sicarie> yeah, apparently when it was being offered in physical copy, the secguide was their best-seller
17:32:43 <elmiko> well, that's good to hear. i would think that the need for more help in this area should be raised to them.
17:32:47 <hyakuhei> Interesting. Ok.
17:33:30 <hyakuhei> sicarie: elmiko: I’d like us to draft an email (google docs) to send out describing the state of the security docs, where the bottle necks are and presenting the community with a couple of proposals for fixing it, lets get something out on -dev at some point
17:33:39 <unrahul> if ownership of certain parts of docs is given to different ppl, I feel that would help us in getting ppl up to speed, so that we don't always need experts to always handle it..
17:33:47 <hyakuhei> Agreed
17:33:47 <tmcpeak> +1
17:33:48 <elmiko> hyakuhei: ++, excellent idea
17:34:04 <hyakuhei> and the move away from docbook has to have lowered the bar significantly in terms of jumping in
17:34:13 <sicarie> yep!
17:34:14 <elmiko> oh hell yes
17:34:18 <unrahul> yup!
17:34:26 <elmiko> it presents other problems, but barrier to entry is not one
17:34:36 <hyakuhei> ok excellent. So we’ve got an action item
17:34:45 <hyakuhei> Lets move onto the next thing on the agenda
17:35:07 <tmcpeak> #topic Midcycle
17:35:26 <tmcpeak> I think we have rooms in Austin at IBM and final dates, yes?
17:35:28 <hyakuhei> Dates are now confirmed :)
17:35:32 <hyakuhei> yes and yes
17:35:38 <unrahul> awesome!
17:35:50 <tmcpeak> sweet
17:36:08 <tmcpeak> I'll start groveling for funding
17:36:12 <tmcpeak> for myself I mean
17:36:15 <elmiko> lol
17:36:18 <tmcpeak> hyakuhei: is chief groveler
17:36:21 <unrahul> :D
17:36:56 <hyakuhei> :D
17:37:02 <tmcpeak> might be useful to start working on an agenda
17:37:04 <hyakuhei> The trick is to grovel upwards
17:37:07 <hyakuhei> tmcpeak: For sure
17:37:10 <tmcpeak> to show management how much fun we're going to have
17:37:20 <hyakuhei> Though I want to unconference again so proposed topics is where it’s at.
17:37:34 <tmcpeak> +1
17:38:39 <tmcpeak> cool
17:38:47 <tmcpeak> next topic?
17:39:07 <hyakuhei> yupyup
17:39:39 <tmcpeak> #topic TA
17:39:42 <tmcpeak> where are we with this?
17:40:12 <hyakuhei> Right so, we are at a point where we’ve got some docs
17:40:24 <hyakuhei> and we want the other guys to do more work than us
17:40:32 <unrahul> eh, what is TA?
17:40:38 <hyakuhei> Largely stalled because of availability issues tbh
17:40:42 <tmcpeak> you know what it is ;) ;)
17:40:42 <hyakuhei> Threat Analysis
17:40:44 <Guest53547> Doug Chivers hopes to have something better written up before the midcycle.
17:40:45 <tmcpeak> jk, threat analysis
17:40:58 <hyakuhei> Guest53547: == dg?
17:40:59 <unrahul> thanks hyakuhei !
17:41:03 <Guest53547> = Bryan Stephenson
17:41:09 <Guest53547> still learning how to IRC
17:41:14 <Guest53547> Don't know how to naem myself yet
17:41:26 <tmcpeak> try /name xyz
17:41:39 <Guest53547> thanks
17:41:42 <hyakuhei> /nick
17:41:44 <tmcpeak> or maybe /nick
17:41:45 <tmcpeak> lol
17:41:47 <gmurphy> yeah nick
17:41:49 <tmcpeak> I don't know how to IRC either
17:41:50 <hyakuhei> yay IRC.
17:41:53 <hyakuhei> lol
17:41:55 <Guest53547> thanks
17:41:59 <Guest53547> name and nick don't work
17:42:14 <hyakuhei> ok cool so the short is, Guest53547 and I have under-delivered on TA.
17:42:20 <hyakuhei> We’ll try to fix that
17:42:57 <hyakuhei> ok next up
17:43:07 <hyakuhei> #topic Mascot
17:43:28 <hyakuhei> OpenStack wants a more cohesive set of logos for OpenStack projects
17:43:35 <hyakuhei> and they don’t like us using the OpenStack logo
17:43:45 <hyakuhei> So they’ve settled on animals
17:43:49 <gmurphy> ....
17:43:55 <tmcpeak> ...
17:43:56 <hyakuhei> They’ve got a graphic designer who will do the logos for such things
17:44:03 <hyakuhei> So they’ll all have a similar look and feel
17:44:18 <tmcpeak> the kicker is that we can't take anybody else's animal
17:44:22 <hyakuhei> lol
17:44:40 <Guest53547> If Bear isn't taken we should take it
17:44:44 <gmurphy> so..is there a list of animals that are taken?
17:44:44 <elmiko> honey badger
17:44:52 <tmcpeak> honey badger ++
17:44:55 <sicarie> dang, elmiko beat me to it
17:44:58 <elmiko> hahaha
17:45:02 <hyakuhei> lol
17:45:09 <browne> tasmanian devil
17:45:10 <gmurphy> could steal the blowfish from openbsd.. but i wouldn't want theo chasing us about that..
17:45:22 <hyakuhei> Right so I knew you’d all get excited about this
17:45:26 <elmiko> gmurphy: yeah, that might be painful lol
17:45:28 <hyakuhei> The agenda has a list in it.
17:45:35 * gmurphy reads
17:45:36 <tmcpeak> ok so actually: an animal, fish, plant, or natural feature such as a mountain or waterfall
17:45:38 <hyakuhei> ATM it’s a list of one
17:45:43 <hyakuhei> Ah ok
17:45:59 <hyakuhei> So they hang together by virtue of having a similar look & feel
17:46:13 <hyakuhei> Feel free to suggest something on the agenda #link https://etherpad.openstack.org/p/security-agenda
17:46:19 <hyakuhei> and we can vote next week
17:47:01 <elmiko> similar to armadillo, pangolin
17:47:05 <elmiko> better armor, imo
17:47:23 <tmcpeak> wonder if we could do Fort Knox
17:47:30 <tmcpeak> that's kind of "natural feature" ish
17:47:32 <tmcpeak> not
17:47:32 <elmiko> haha, who put lemming?
17:47:40 <hyakuhei> rofl
17:47:50 <hyakuhei> ok simmer down. We’ll have a vote etc next week
17:47:50 * sicarie certainly did not do it
17:47:50 <elmiko> so so accurate
17:48:05 <hyakuhei> #topic AOB
17:48:14 <hyakuhei> Though I doubt the conversation will move on from animals/features :P
17:49:08 <tmcpeak> Armadillo is the natural choice: http://www.factzoo.com/sites/all/img/mammals/pangolin-desert.jpg
17:49:10 <tmcpeak> look at that bad boy
17:49:13 <elmiko> no no, you said simmer down...
17:49:14 <tmcpeak> very secure
17:49:36 <tmcpeak> actually that's a pangolin, whatever the hell that is
17:49:46 <elmiko> right, similar to armadillo but better armor ;)
17:49:52 <gmurphy> what about a turtle.. because we get things done.. eventually…
17:49:57 <elmiko> haha
17:49:58 <tmcpeak> LOOL
17:50:11 <elmiko> or an ostrich with it's head burried in the sand?
17:50:17 <gmurphy> hah
17:50:21 <tmcpeak> oh man
17:50:23 <tmcpeak> lol
17:50:26 <browne> sloth
17:50:44 <tmcpeak> what's keystone doing?
17:51:10 <sicarie> and can we submit ours *right* before they do?
17:51:17 <elmiko> hehe
17:51:18 * sicarie is just kidding … kind of
17:51:23 <tmcpeak> this Pangolin looks legit
17:51:29 <elmiko> or, wait till nova does something then copy that ;P
17:51:46 <stevemar> we haven't decided on one yet :)
17:51:57 <elmiko> great, we've got time then!
17:53:26 <tmcpeak> hyakuhei: as you suspected we aren't moving on… want to call the meeting before people start suggesting even more weak animals for the security project mascot?
17:53:42 <elmiko> ooh, the cactus wren https://en.wikipedia.org/wiki/Cactus_wren#/media/File:Cactus_Wren_nesting_1.JPG
17:53:45 <elmiko> great imagery
17:54:05 <sicarie> like whatever this thing is? https://s-media-cache-ak0.pinimg.com/236x/81/41/db/8141db7fdbec49d9e54188b8e37bdf6b.jpg
17:54:13 <tmcpeak> lol
17:54:18 <elmiko> hahaha, amazing
17:54:21 <elmiko> sicarie++
17:54:29 <tmcpeak> that looks like one of those things in that stupid 80's horror movie
17:54:36 <elmiko> gremlins ;)
17:54:59 <tmcpeak> http://s3.amazonaws.com/digitaltrends-uploads-prod/2015/04/gremlins-gizmo.jpg
17:55:01 <unrahul> elmiko +1
17:55:01 <browne> mogwai
17:55:19 <browne> gizmo was a mogwai
17:55:22 <elmiko> i like the idea of just flat out having Gizmo as the mascot
17:55:27 <elmiko> true
17:55:30 <tmcpeak> that thing actually looks pretty steezy
17:55:34 <elmiko> browne gets the full bonus points
17:55:50 <browne> yes
17:56:09 <tmcpeak> you save those bonus points browne… might be a while before you get more :P
17:56:18 <browne> aww
17:56:32 <elmiko> hehe
17:56:54 <hyakuhei> lol
17:57:24 <sicarie> I think it’s time for me to stop googling - i’ve now learned animal mashups are very much a thing
17:57:35 <hyakuhei> Seems like a good time to end the meeting?
17:57:40 <tmcpeak> only a matter of time before you violate HPE's browsing policy
17:57:46 <tmcpeak> +1
17:57:53 <gmurphy> lol
17:57:59 <elmiko> haha, totally
17:58:21 <tmcpeak> #endmeeting