#openstack-meeting-alt log

17:00:19 <tmcpeak> #startmeeting security
17:00:20 <tmcpeak> o/
17:00:20 <openstack> Meeting started Thu Jul 14 17:00:19 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:21 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:23 <openstack> The meeting name has been set to 'security'
17:00:25 <mdong> o/
17:00:29 <tmcpeak> #chair hyakuhei
17:00:30 <openstack> Current chairs: hyakuhei tmcpeak
17:00:35 <elmiko> o/
17:00:41 <tmcpeak> #link https://etherpad.openstack.org/p/security-agenda
17:01:20 <tkelsey> o/
17:01:41 <hyakuhei> sup y'all
17:02:04 <tmcpeak> yoyo
17:02:11 <tmcpeak> allright, let's get started
17:02:13 * hyakuhei has something resembling a migrane so kinda dipping in and out
17:02:14 <tmcpeak> #topic Syntribos
17:02:23 <unrahul> o/
17:02:27 <tmcpeak> the overwhelming pressure of security?
17:02:45 <hyakuhei> lol
17:02:51 <BryanStephenson> Hope it passes soon.
17:02:55 <hyakuhei> This on the back of a four hour meeting I think :)
17:03:00 <hyakuhei> oh hey BryanStephenson !
17:03:01 <tmcpeak> Bryan, welcome :)
17:03:03 <mdong> hey everyone, hope everyone’s feeling well and catching plenty of pokemon
17:03:11 <unrahul> :D
17:03:11 <elmiko> hyakuhei: ouch... feel better mang
17:03:42 <mdong> as for updates on Syntribos, we’ve been spending our time removing OpenCAFE dependencies
17:04:41 <mdong> we’ve moved to oslo logging and config
17:05:29 <mdong> and now there’s only a few small parts left before we’re done with OpenCAFE altogether - we’ve got  WIP Cr’s up for those
17:05:57 <tmcpeak> sick
17:06:02 <tmcpeak> you guys doing a talk at summit for it?
17:06:29 <mdong> not at Barcelona, I don’t think, we don’t want to get distracted preparing for a presentation
17:06:37 <unrahul> +1
17:06:43 <tmcpeak> spoken like true engineers :)
17:07:12 <hyakuhei> lol
17:07:37 <mdong> lol yep, plus we want to be able to present actual results from using Syntribos to test in a real world setting
17:07:51 <mdong> and that’s a goal we’re targeting for the end of this cycle
17:08:06 <unrahul> a couple of CVE's at least ryt mdong  :)
17:08:15 <tmcpeak> +1
17:08:23 <mdong> haha that would be ideal
17:08:41 <mdong> we’ll definitely be thinking about presenting next cycle though
17:09:12 <tmcpeak> cool
17:09:21 <tmcpeak> yeah back in the states, new england or something?
17:09:23 <mdong> big thanks to anyone who’s helped review our CR’s too, can’t do it without you
17:09:27 <mdong> yeah, I think next one is in Boston
17:09:38 <tmcpeak> sweet
17:09:43 <unrahul> oh really, I didn't know.. Boston would be cool
17:09:48 <lhinds> hi all, sorry for being a little late
17:10:20 <mdong> that’s all from me on Syntribos
17:10:38 <tmcpeak> awesome, thanks for the update!
17:10:44 <mdong> np
17:10:46 <tmcpeak> #topic OSSN
17:10:53 <tmcpeak> lhinds is the new lord of OSSN
17:11:00 <lhinds> :P
17:11:15 <lhinds> #link https://review.openstack.org/#/c/313896/
17:11:17 <hyakuhei> #link https://review.openstack.org/#/c/313896/
17:11:19 <hyakuhei> bah
17:11:33 <tmcpeak> looks like we need mergies on the two reviews
17:11:35 <hyakuhei> Needs another Sec core +2
17:11:44 <lhinds> Kato did a rebase, so removed your +2 hyakuhei
17:11:53 <hyakuhei> Sure
17:12:05 <hyakuhei> He’s not a sec guy though. Normally the rule is 2 sec guys, one docs guy
17:12:07 <hyakuhei> all +2
17:12:12 <hyakuhei> however. lets ship
17:12:16 <tmcpeak> SHIPIT
17:12:24 <lhinds> ahh I see
17:12:34 <hyakuhei> SHIPITREALGOOD
17:12:39 <hyakuhei> (done)
17:12:53 <lhinds> and then we have the authors patch..
17:12:55 <hyakuhei> Really awesome work thank you again lhinds
17:12:57 <lhinds> #link https://review.openstack.org/#/c/313896/
17:13:02 <hyakuhei> I think that’s ready to go too now?
17:13:11 <lhinds> I think so
17:13:33 <hyakuhei> wrong link?
17:13:41 <lhinds> duh!
17:13:46 <lhinds> #undo
17:13:50 <hyakuhei> #link https://review.openstack.org/#/c/337627/
17:14:12 <lhinds> oh hyakuhei did you see Erics comment
17:14:20 <lhinds> https://review.openstack.org/#/c/337627/3/security-notes/OSSN-0037
17:14:21 <hyakuhei> ok this one I would like another Sec core to +2
17:14:22 <hyakuhei> Yeah
17:14:31 <tmcpeak> who is sec cores?
17:14:44 <tmcpeak> I'm not
17:14:48 <hyakuhei> elmiko: nkinder
17:14:49 <elmiko> o/
17:15:25 * elmiko taking a look
17:15:49 <elmiko> oh, this one looked good to me before. but then people found a bunch of issues
17:15:53 <hyakuhei> lol
17:16:25 <elmiko> i'm cool to merge this and we can swing around if someone says "hey, i authored that one!"
17:16:35 <hyakuhei> sounds good to me
17:16:39 <lhinds> +1
17:16:50 <elmiko> it was a huge effort on lhinds part, greatly appreciated =)
17:16:57 <lhinds> 'swing around' sounds good
17:17:02 <lhinds> :)
17:17:11 <lhinds> np !
17:17:15 <hyakuhei> hero!
17:17:27 <lhinds> happy to muck in
17:17:53 <tmcpeak> yeah man, that was awesome!  thanks for all the work on it
17:18:03 <hyakuhei> +1
17:18:28 <tmcpeak> allright
17:18:32 <tmcpeak> I think we have some new OSSN open too
17:19:23 <hyakuhei> Yeah the backlog is building up
17:19:31 <tmcpeak> #link https://bugs.launchpad.net/ossn
17:19:41 <tmcpeak> how many do you guys see?
17:19:51 <tmcpeak> I have 9 but some of those are private
17:20:04 <gmurphy> 3 private
17:20:15 <elmiko> whoa
17:20:15 <tmcpeak> ok, that's a pretty decent queue then
17:20:32 <hyakuhei> Needs cranking through.
17:20:37 <lhinds> I will take a look and see what I can pick up
17:21:07 <tmcpeak> we really need a sprint for this at midcycle I think
17:21:29 <tmcpeak> that being said I think some of the private ones are high priority
17:21:36 <tmcpeak> I'll carve off some time and write one
17:21:49 <tmcpeak> #action lhinds to write OSSN
17:21:53 <tmcpeak> #action tmcpeak to write OSSN
17:22:16 <tmcpeak> allright, let's move on from this OSSN business since I'm pretty sure everybody came for the mascot discussion :P
17:22:17 <hyakuhei> #action hyakuhei to write OSSN
17:22:20 <gmurphy> who is currently handling the private ossn process? tmcpeak + hyakuhei?
17:22:25 <tmcpeak> yeah
17:22:27 <gmurphy> k
17:22:30 <tmcpeak> and elmiko
17:22:39 <hyakuhei> Any coresec basically
17:22:39 <tmcpeak> probably worth considering expanding that
17:22:52 <elmiko> +1
17:22:55 <hyakuhei> VMT like to keep it tight but I agree
17:23:11 <elmiko> at the least, i think we need to find someone to take my place at that table
17:23:36 <tmcpeak> I've been contributing to private bug reports but haven't done a good job of actually writing OSSN
17:23:54 <tmcpeak> private OSSN seems to be a thing that's happening more now rather than what would have been an OSSA
17:24:40 <gmurphy> yeah i think mostly because of breaking changes etc.
17:24:41 <tmcpeak> allright well we can do that next week :)
17:24:54 <tmcpeak> I assume nothing on Docs?
17:24:57 <tmcpeak> sicarie: elmiko
17:25:07 <elmiko> not that i am aware of
17:25:17 <hyakuhei> If there’s a higher load on coresec for private OSSN then there’s more validity to adding an extra member
17:25:26 <tmcpeak> yeah agreed
17:25:30 <elmiko> imo, docs is in danger of sliding into the wasteland...
17:25:38 <hyakuhei> :’(
17:25:42 <elmiko> inorite
17:25:45 <hyakuhei> I was just writing something internal about that
17:25:45 <tmcpeak> elmiko: we should discuss it then :)
17:25:55 <lhinds> I am happy to help if extra boots needed on the ground
17:25:55 <elmiko> well, we need more bodies
17:25:58 <elmiko> same old story
17:26:06 <hyakuhei> It’s hard because you need SME bodies
17:26:12 <lhinds> for now, I can pick up 1534652 as well
17:26:17 <elmiko> i don't think sicarie or myself have the bandwidth needed to keep this ship afloat
17:26:38 <sicarie> I am getting more bandwidth now
17:26:40 <hyakuhei> #topic docs
17:26:43 <elmiko> ooh, interesting
17:26:46 <tmcpeak> is there a growing queue or are people not even adding to the queue anymore?
17:26:48 <elmiko> maybe i spoke too soon
17:26:58 <sicarie> Yeah, not too much is getting added to the queue thusfar
17:26:59 <elmiko> tmcpeak: nothing is happening, like no movement
17:27:17 <hyakuhei> We spoke last meeting about drafting an email to -dev explaining the situation, needing SMEs etc.
17:27:24 <elmiko> +1
17:27:26 <hyakuhei> Maybe laying out a few options
17:27:30 <sicarie> Yep, i have time now to start working on that
17:27:54 <tmcpeak> shall we get an etherpad going?
17:27:56 <hyakuhei> Now that everyone’s got there submissions for the summit in (thanks sicarie)
17:28:02 <hyakuhei> etherpad or gdocs
17:28:06 <elmiko> and, sadly, i'm on the other side of this. i need to be reducing my engagement...
17:28:14 <hyakuhei> :’(
17:28:22 * elmiko hugs hyakuhei
17:29:05 <hyakuhei> Cheers!
17:29:29 <tmcpeak> I don't like the sound of that elmiko
17:29:33 <hyakuhei> So lets draft something up, giving the community a few options
17:29:49 <elmiko> tmcpeak: i mentioned it in austin, my team is moving on...
17:29:55 <hyakuhei> lets also write a joint letter to RedHat explaining why pulling elmiko away from OpenStack is stupid
17:30:01 <elmiko> hahaha!
17:30:09 <sicarie> +1
17:30:12 * elmiko blushes
17:31:09 <tmcpeak> this is a trend
17:31:17 <hyakuhei> Righto, so we’ve got our action for docs
17:31:42 <tmcpeak> hmmm, midcycle?
17:31:50 <hyakuhei> yupyup
17:32:05 <hyakuhei> Unconference ideas, good to start developing them ahead of time
17:32:07 <tmcpeak> #topic Midcycle
17:32:24 <tmcpeak> #link https://etherpad.openstack.org/p/barbican-security-midcycle-N
17:33:09 <unrahul> WIll there be anything on threat analysis at the midcycle..?
17:33:18 <hyakuhei> definitely
17:33:33 <unrahul> cool!
17:34:16 <gmurphy> yes. i think dg__ will be pushing that. he's currently on vacation though and sends his apologies.
17:34:35 <hyakuhei> “apologies”
17:34:42 <gmurphy> (he told me to say something like that)
17:34:43 <hyakuhei> Keeps sending me pics of France.
17:34:44 <unrahul> Also if there was something on the roadmap for the security team, future projects and stuff, that would be nice..
17:34:47 <unrahul> hehe
17:34:50 <gmurphy> yeah…
17:35:02 <hyakuhei> unrahul: Chuck it on the etherpad as an unconference session
17:35:17 <unrahul> hyakuhei: +1 yup
17:35:27 <tmcpeak> unrahul: I put up the exact same thing basically :)
17:35:29 <hyakuhei> Roadmap is important though. We are under bigger resource constraints than ever before imho
17:35:38 <tmcpeak> +1
17:35:49 <unrahul> just saw that tmcpeak
17:36:00 <tmcpeak> great minds and all that
17:36:06 <unrahul> rofl ..>>
17:36:17 <tmcpeak> anything for TA?
17:36:39 <hyakuhei> Nothing to add
17:36:47 <hyakuhei> Aside from Doug say’s France is nice.
17:36:52 <gmurphy> i'm pretty sure we should put a hackathon on there.
17:36:55 <tmcpeak> that's useful
17:36:56 <hyakuhei> +1
17:37:07 <tmcpeak> #topic MASCOTTTTT
17:37:54 <unrahul> has keystone figured out their mascot yet ?, I thought the plan was to submit, "just before" they do.. :D
17:37:59 <hyakuhei> Finally we get to some real work.
17:38:09 <gmurphy> LOL
17:38:19 <browne> keystone hasn't decided yet
17:38:20 <browne> https://etherpad.openstack.org/p/keystone-mascot
17:38:29 <hyakuhei> Jeez
17:38:36 <tmcpeak> ok we have too many options here
17:38:41 <tmcpeak> why don't we agree on top 3 and vote
17:38:43 <hyakuhei> So we have options
17:38:54 <hyakuhei> Probably easier to put your nick next to two
17:38:58 <hyakuhei> either one you could live with
17:39:00 <tmcpeak> ok cool
17:39:12 <hyakuhei> and…. go :D
17:39:48 <gmurphy> what was the name of that spikey thing from last week?
17:40:18 <tmcpeak> one of those freaky things sicarie suggested?
17:40:23 <gmurphy> nah.
17:40:31 <gmurphy> it was like a armadillo bad more badass
17:40:35 <tmcpeak> oh yeah
17:40:39 <tmcpeak> starts with a P
17:40:46 <sicarie> pangolin or something?
17:40:50 <tmcpeak> pangolin!
17:40:56 <hyakuhei> tkelsey: elmiko browne unrahul, gmurphy sicarie  lhinds mdong vote damn you!
17:41:00 <gmurphy> oh yeah
17:41:05 <lhinds> Honey badger
17:41:06 <sicarie> link?
17:41:11 <gmurphy> i want to vote for that
17:41:11 <hyakuhei> https://etherpad.openstack.org/p/security-agenda
17:41:14 <tkelsey> lol k
17:41:16 <gmurphy> it's in the agenda m8
17:41:30 <tmcpeak> #link http://www.awf.org/sites/default/files/media/gallery/wildlife/Pangolin/Pangolin_Keith%20Coleen-Begg-2.jpg?itok=s9vv2Htk
17:41:33 <mdong> can we have a pokemon as a mascot? ;)
17:41:38 <tmcpeak> oh gawd
17:41:42 <BryanStephenson> no
17:41:48 <BryanStephenson> LOL
17:42:15 <elmiko> i vote honey badger!
17:42:19 <lhinds> https://www.youtube.com/watch?v=aZa1aMrLpmU
17:42:23 <tmcpeak> elmiko you're trying to get us on honeybadger with your dying breath in OSSP? :P
17:42:28 <lhinds> they take on lions head on
17:42:32 <browne> how many votes we get? i see multiple from the same nick
17:42:39 <hyakuhei> two
17:42:45 <browne> cool
17:42:49 <hyakuhei> Vote for two that you could live with
17:43:07 <gmurphy> i think https://www.youtube.com/watch?v=4r7wHMg5Yjg
17:43:08 <BryanStephenson> I'm really glad it looks like it won't be Hippo
17:43:08 <gmurphy> lol
17:43:20 <gmurphy> honey badger has my top vote
17:43:21 <hyakuhei> I’m not even voting for my idea
17:43:35 <tmcpeak> I think you meant Pangolin hyakuhei
17:43:40 <browne> quick everyone change to hippo
17:43:45 <tmcpeak> but nobody knows what that actually is
17:43:46 <elmiko> tmcpeak: pretty much =D
17:44:07 <hyakuhei> lol
17:44:08 <elmiko> hippo it is
17:44:31 <hyakuhei> #link http://media2.intoday.in/indiatoday/images/stories/mi-305_022016032232.jpg
17:44:33 <elmiko> i'm still trying to get dung beetle as some project's mascot....
17:44:37 <unrahul> hippo +1
17:44:55 <BryanStephenson> Actually, hippos are one of the most dangerous animals
17:45:05 <unrahul> pangolin looks like an battle formation, with its scales and stuff
17:45:09 <BryanStephenson> They kill idiots on African safaris who get too close
17:45:22 <unrahul> but we would need to explain to all what a pangolin is..
17:45:24 <tkelsey> are we just voting on whats there or can we add stuff?
17:45:37 <BryanStephenson> The picture of the pangolin does all the explaining for us
17:45:44 <hyakuhei> ^^^ yup
17:46:03 <hyakuhei> Who suggested Tardigrade?
17:46:07 * hyakuhei shudders
17:46:07 <browne> ha, me
17:46:10 <hyakuhei> damn it
17:46:35 <browne> too bad i didn't think of it earlier
17:46:40 <tmcpeak> what the hell is that thing
17:46:40 <elmiko> BryanStephenson: +1
17:46:47 <browne> https://en.wikipedia.org/wiki/Tardigrade
17:46:57 <elmiko> lol
17:46:58 <hyakuhei> ok well, in what can only be called semi-democratic at best, I think pangolin wins!
17:47:08 <elmiko> seems like it
17:47:08 <hyakuhei> tkelsey: too slow voting man :P
17:47:31 <lhinds> pangolin looks cool, I like the ethos (with the armor)
17:47:43 <tkelsey> hyakuhei: lol ah well, whatever :P
17:47:51 <hyakuhei> Excellent. I’ll pass that back to the foundation people who want us to stop using their logo :P
17:48:08 <tmcpeak> woot
17:48:11 <elmiko> fairwell cool old logo, your sticker shall ever grace my laptop
17:48:31 <hyakuhei> +1
17:48:49 <hyakuhei> I think we should all take a moment to be thankful to michaelxin for our awesome stickers :D
17:48:57 <tkelsey> +1
17:48:58 <elmiko> hear hear
17:49:05 <tmcpeak> yeah, I've got mine on my personal phone case
17:49:16 <unrahul> http://i.dailymail.co.uk/i/pix/2014/12/03/23B1E10300000578-0-image-29_1417600979429.jpg https://usercontent.irccloud-cdn.com/file/oq2hjUbw/
17:49:50 <hyakuhei> Auditor looking for openstack security
17:49:52 <browne> yum, and tasty to lions
17:50:39 <hyakuhei> ok so I think that’s most of what we wanted to cover today… ?
17:51:13 <tmcpeak> oh
17:51:17 <tmcpeak> gmurphy: panel?
17:51:20 <tmcpeak> #topic AOB
17:51:42 <gmurphy> oh so yeah i tacked a couple things on the agenda
17:51:49 <hyakuhei> oooh
17:51:56 <gmurphy> but it might be too late to suggest that for the summit
17:52:11 <gmurphy> but thought maybe we could run a security panel etc
17:52:22 <hyakuhei> It’s been discussed before
17:52:25 <hyakuhei> Not a bad idea
17:52:39 <hyakuhei> However there’s never been feedback from a summit saying “we need more panels”
17:52:51 <hyakuhei> Good idea for the next summit though
17:52:52 <gmurphy> i've seen it with the languages discussion before etc. was interesting.
17:53:02 <hyakuhei> Keystone regularly have them
17:53:04 <hyakuhei> So do ops
17:53:20 <hyakuhei> No objection to them being in but they get submitted like any other presentation in the CFP window
17:53:36 <gmurphy> yeah
17:53:41 <gmurphy> oh well. maybe next time
17:53:52 <gmurphy> also
17:53:54 <gmurphy> cp/paste
17:54:05 <gmurphy> Reminder: There are a number of public security issues that the OSSP team can help move along for the VMT (especially if they're interested in the VMT process). #link: https://bugs.launchpad.net/ossa/+bugs?orderby=-status&start=0&field.information_type%3Alist=PUBLIC&field.information_type%3Alist=PUBLICSECURITY
17:54:17 <hyakuhei> Good point
17:54:46 <gmurphy> that's it for my AOB
17:55:16 <tmcpeak> wrap it?
17:55:16 <hyakuhei> cool, thanks gmurphy
17:55:20 <hyakuhei> yupyup
17:55:45 <tmcpeak> cool, thanks everybody!
17:55:47 <tmcpeak> #endmeeting