17:00:00 <tmcpeak> #startmeeting security
17:00:02 <openstack> Meeting started Thu Sep  8 17:00:00 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:05 <openstack> The meeting name has been set to 'security'
17:00:07 <tmcpeak> #chair hyakuhei
17:00:07 <openstack> Current chairs: hyakuhei tmcpeak
17:00:09 <tkelsey> o/
17:00:11 <browne> o/
17:00:14 <singlethink> o/
17:00:15 <lhinds> o/
17:00:17 <tmcpeak> ohai o/ is this the cool peoples' rendevouz?
17:00:23 <lhinds> yups
17:00:27 <elmiko> hi
17:00:29 <jasonhullinger> hola
17:00:29 <vinaypotluri> o/
17:00:37 <tmcpeak> good, just wanted to make sure I'm in the right place :D
17:00:38 <tmcpeak> #link https://etherpad.openstack.org/p/security-agenda
17:01:02 <tmcpeak> we'll give a couple minutes for people to stream in and then get going
17:01:05 <knangia> o/
17:01:06 <sicarie> o/
17:01:09 <unrahul> o/
17:01:18 <dg_____> o/
17:01:35 <lhinds> stream? are we playing counterstrike? goodie!
17:01:37 <sicarie> how many underscores is that now?
17:02:12 <elmiko> i hear that everytime dg get's another underscore an angel gets it wings XD
17:02:27 <tkelsey> lol
17:02:30 <tmcpeak> he adds one every time he secures something
17:02:35 <elmiko> haha
17:02:45 <elmiko> he needs waaaay more underscores then...
17:02:53 <tmcpeak> everybody, please add any topical items to the etherpad
17:03:19 <tmcpeak> jasonhullinger: did you want to discuss Bandit plugin again or you done on that for now?
17:03:30 <jasonhullinger> No, done with taht
17:03:34 <tmcpeak> ok cool
17:03:36 <tmcpeak> #topic Anchor
17:03:48 <tmcpeak> browne brought up that there are a bunch of reviews just waiting for +A
17:03:49 <tmcpeak> so...
17:03:57 <tmcpeak> tkelsey: dg_____ underscore underscore underscore
17:03:58 <tmcpeak> what's up
17:04:04 <browne> yep, friendly reminder.  please review some
17:04:15 <tkelsey> browne: will do!
17:04:23 <browne> tkelsey: thx
17:04:34 <tmcpeak> sweet, that was easy
17:04:38 <tmcpeak> #topic Syntribos
17:04:39 <tkelsey> sorry for the lag, will pay more attention to Anchor reviews
17:04:46 <browne> np
17:04:49 <tmcpeak> no worries man, been a while since any action on Anchor
17:04:51 <dg_____> browne ok sorry
17:04:54 <tmcpeak> thanks for reminding browne
17:04:57 <tkelsey> yup
17:04:59 <dg_____> i was a bit supprised it was on the agenda
17:05:03 <tmcpeak> :P
17:05:08 <tmcpeak> unrahul: you're up
17:05:30 <unrahul> hey tmcpeak
17:05:38 <unrahul> so we are testing neutron this week
17:06:01 <unrahul> well we created the templates (manually :|) and was tweaking it a lil bit ysday
17:06:14 <tmcpeak> how's that all going?
17:06:40 <unrahul> As for neutron lot of the apis are admin only , we are getting lot of 404s.. so need to filter those out..
17:06:56 <unrahul> we got a few 500s , but those might be false positive..
17:07:05 <unrahul> Nothing as such to report for now..
17:07:31 <tmcpeak> cool cool
17:07:33 <unrahul> we will keep on testing today and tomorrow and let you guys know if we find something cool.
17:07:45 <unrahul> Do you guys have any pointers on neutron testing..
17:07:50 <unrahul> like which apis or something..?
17:08:06 <unrahul> that needs careful testing, possible attack surfaces.. etc..?
17:08:27 <tmcpeak> personally I know nothing about Neutron, probably less than a random dude off the street
17:08:34 <tmcpeak> sicarie: <3 Neutron
17:08:37 <tmcpeak> ?
17:08:47 <browne> lol
17:08:49 <sicarie> lol
17:08:55 <unrahul> sicarie:  :D any pointers..?
17:09:08 <tmcpeak> like how I just randomly picked on sicarie? :D
17:09:15 <unrahul> hehe..
17:09:17 <unrahul> rofl
17:09:19 <unrahul> thanks tmcpeak !
17:09:22 <tmcpeak> he might at least know people, that's what I threw out his handle
17:09:23 <sicarie> unrahul: away from the security guide - we've been trying to get reviews on that for quite a while
17:09:43 <elmiko> you may want to ping tristanC, he did a great deal of api fuzz testing against neutron
17:09:48 <tmcpeak> elmiko: +1
17:09:49 <elmiko> also, found several bugs that way
17:10:08 <unrahul> oh cool will ping him then thanks elmiko ..
17:10:21 <tmcpeak> sweet
17:10:23 <unrahul> so thats it from us.. for this week..then
17:10:24 <elmiko> np, good luck!
17:10:28 <tmcpeak> cool, thanks for update
17:10:30 <tmcpeak> #topic OSSN
17:10:32 <tmcpeak> lhinds:
17:10:34 <unrahul> thank elmiko !
17:10:55 <lhinds> so the big 0069 got merged
17:10:57 <lhinds> https://review.openstack.org/#/c/356712/
17:11:01 <lhinds> well done vinaypotluri
17:11:07 <tmcpeak> woot!
17:11:14 <vinaypotluri> we did it lhinds    ... cheers !!!
17:11:15 <lhinds> we have yet to get a +2 from neutrong, but....
17:11:18 <tmcpeak> the longest email threat I've ever seen :P
17:11:37 <lhinds> Brian Haley made a small nit
17:11:39 <elmiko> vinaypotluri++
17:11:40 <tmcpeak> oh, did I merge it prematurely?
17:11:48 <dg_____> good work vinaypotluri!
17:11:49 <singlethink> congrats vinaypotluri
17:11:49 <lhinds> and said he was happy it that was fixed (whcih is was)
17:11:55 <lhinds> so for me, this is good enough
17:12:04 <vinaypotluri> thank you singlethink   :)
17:12:08 <lhinds> but though prudent to just check wit you guys as well
17:12:39 <lhinds> you can see Brian at patch-set 18
17:12:46 <lhinds> he is Neutron core
17:13:19 <vinaypotluri> lhinds: should we change the status of the bug on the launchpad ?
17:13:36 <lhinds> so I will send out the email this eve and populate the wiki - unless any objections?
17:13:36 <vinaypotluri> https://bugs.launchpad.net/ossn/+bug/1534652
17:13:38 <openstack> Launchpad bug 1534652 in OpenStack Security Notes "Host machine exposed to tenant networks via IPv6" [Undecided,Confirmed] - Assigned to Vinay Potluri (vinay-potluri)
17:13:45 <tmcpeak> lhinds: sounds good!
17:13:50 <lhinds> great
17:14:16 <lhinds> other then that I have a few more I am just trying to shepard cores into reviewing.
17:14:24 <lhinds> the other thing is I spoke with haleyb
17:14:27 <lhinds> duh!
17:14:28 <tmcpeak> cool, how's our queue look?
17:14:33 <tmcpeak> whodat?
17:14:46 <lhinds> that was a failed autocomplete then
17:15:12 <lhinds> queue last time I checked was around 4-5 with embargoes
17:15:13 <haleyb> lhinds: what did i do? :)
17:15:20 <tmcpeak> lol
17:15:21 <lhinds> sorry haleyb
17:15:31 <lhinds> I tapped <TAB> and got the wrong nick !
17:15:38 <tmcpeak> so we just have embargoed notes in the queue?
17:15:42 <haleyb> no, it was me, just didn't see s/b
17:16:33 <tmcpeak> I see 8...
17:16:36 <lhinds> there is a couple of others non, a horizon one, and one on mongoDB I need to talk with michaelxin about
17:16:42 <tmcpeak> I think I have two in progress, Rob has a couple in progress
17:17:03 <lhinds> I have one embargo to work on as well.
17:17:17 <tmcpeak> honestly we could probably still use a 4th to work on embargoed notes, given the prevalence of them these days
17:17:19 <tmcpeak> any takers?
17:17:58 <tmcpeak> allright :P
17:17:58 <lhinds> the other thing was I chatted with Rob about having an API for notes
17:18:06 <tmcpeak> API?
17:18:10 <unrahul> tmcpeak:  does it require a lot of experience ..?
17:18:17 <lhinds> where operators could query by release etc.
17:18:34 <lhinds> started to work on something, its very rough still, so a side project
17:18:37 <dg_____> hmm
17:18:44 <dg_____> lhinds that really is quite a good idea
17:18:44 <lhinds> #link http://lukehinds.pythonanywhere.com/
17:18:51 <tmcpeak> unrahul: it requires pretty good security experience…
17:19:04 <lhinds> it has web front end, but i don't mean it to replace the wiki
17:19:05 <tmcpeak> lhinds: oh, this is cool
17:19:18 <lhinds> I tend to design the front end, and then layer a rest-framework on top
17:19:24 <unrahul> tmcpeak: ah.. so I am just starting ,so moving on
17:19:25 <lhinds> helps me sketch out the model well
17:19:54 <lhinds> but its rough! so don't look at it as anything beyond a half complete prototype
17:20:04 <tmcpeak> dg_____: you seem like a natural candidate, you interested?
17:20:23 <dg_____> for the embargoed notes?
17:20:23 <tmcpeak> for security core?
17:20:25 <tmcpeak> yeah
17:20:38 <dg_____> yeh im defintiely interestest
17:20:42 <lhinds> dg_____: +1
17:20:47 <tmcpeak> voluntold!
17:20:49 <dg_____> apart from a complete inability to spell
17:20:52 <dg_____> haha thanks
17:20:56 <tmcpeak> spelling is optional
17:21:02 <dg_____> see what hyakuhei says?
17:21:23 <tmcpeak> yeah, we can wait until next week to confirm, but you have a good mix of security experience and track record of OS participation
17:21:38 <lhinds> agree
17:21:47 <dg_____> ok cool, happy to help out more
17:22:29 <tmcpeak> sweet!
17:22:29 <elmiko> wait, dg_____ isn't sec-core...?!?
17:22:42 <tmcpeak> sec-core is way overloaded
17:22:48 <elmiko> ack
17:22:54 <tmcpeak> we have the docs cores, but then also embargoed notes people
17:22:57 <dg_____> elmiko im anchor core
17:23:11 <tmcpeak> elmiko: I think you were all of those things, but I, for example, am not a docs core
17:23:18 <elmiko> ah, ok
17:23:25 <elmiko> sorry to interrupt
17:23:27 <tmcpeak> just an embargoed notes creep
17:23:29 <lhinds> elmiko is all the things
17:23:35 <elmiko> heh
17:23:53 <tmcpeak> kewl, anything else for notes?
17:24:04 <tmcpeak> #topic Blog
17:24:07 <tmcpeak> bloggity blog blog
17:24:13 <tmcpeak> lhinds again
17:24:14 <tmcpeak> dg_____: etc
17:24:20 <lhinds> I still have something pending
17:24:26 <lhinds> s'sup to you guys now
17:24:32 <tmcpeak> where we at on that?
17:24:37 <tmcpeak> dg_____: did you get a chance to review?
17:24:48 <lhinds> had a couple of nit rounds, but should be ok now.
17:25:02 <tmcpeak> cool, merge it then
17:25:04 <tmcpeak> yolo
17:25:06 <elmiko> i gave it a brief look, but meant to go back
17:25:08 <lhinds> https://github.com/openstack-security/openstack-security.github.io/pull/25
17:25:09 <dg_____> yeah i commented on a bunch of nits, will take another look and we are good t ogo
17:25:14 <dg_____> lhinds ty
17:25:15 <tmcpeak> ok cool
17:25:20 <tmcpeak> thanks dg_____, elmiko
17:25:48 <lhinds> cool
17:25:52 <tmcpeak> #topic Security Review
17:25:58 <tmcpeak> TA is now known as security review
17:26:06 <elmiko> neat
17:26:07 <tmcpeak> dg_____: you're kind of leading this, where did we get?
17:26:46 <dg_____> waiting on me to push a couple of patches
17:27:09 <tmcpeak> ok, are we done with Barbican?
17:27:13 <dg_____> ive got one on redrobot's patch on barbican TA
17:27:20 <dg_____> and one on the docs for the process
17:27:34 <dg_____> tmcpeak - i think so, but lets see what it looks like when i push it up
17:27:40 <dg_____> it would be nice to get the designate one through soon as well
17:27:56 <tmcpeak> dg_____: Kolla wants to do it
17:28:21 <dg_____> designate was an internal one by HPE, which is quite a different process, but i think we pretty much rubber stamp it
17:28:28 <dg_____> is sdake here?
17:28:58 <dg_____> tmcpeak yeah, we hae talked to kolla a few times, really want to get that one through before the summit - shouldnt be long, althouhg the process is now very different to the one we discussed at the texas summit
17:29:19 <tmcpeak> dg_____: for sure, sdake_ showed up last meeting and said he'll set up a time for us to go through this
17:29:29 <dg_____> oh awesome
17:29:44 <dg_____> did you tell him not to bother making all the sequence diagrams we asked him to before.....
17:30:07 <tmcpeak> yes
17:30:48 <dg_____> ok awesome, thanks
17:31:18 <tmcpeak> cool, anything else for TA?
17:31:30 <dg_____> not from me
17:32:18 <fungi> manila was expressing interest in maybe being an early adopter of the process
17:32:19 <tmcpeak> cool
17:32:30 <tmcpeak> fungi: that would be awesome, who's a good contact for them?
17:32:42 <fungi> they just had their meeting a few minutes ago and were talking about it
17:32:57 <fungi> bswartz is probably a good primary contact but there were several volunteers to work on it
17:32:59 <dg_____> who are manila?
17:33:03 <fungi> let me pull up their minutes
17:34:06 <fungi> #link http://eavesdrop.openstack.org/meetings/manila/2016/manila.2016-09-08-15.00.log.html#l-120 manila meeting log for ta topic from earlier today
17:34:39 <tmcpeak> fungi: thanks, we'll take a look
17:34:46 <dg_____> thanks fungi
17:34:51 <fungi> tbarron and gouthamr seem to have volunteered
17:34:55 <gouthamr> +1
17:35:00 <tmcpeak> dg_____: can you synch with them?
17:35:26 <dg_____> tmcpeak sure
17:35:36 <tmcpeak> #action dg_____ to reach out to Manilla
17:35:39 <tmcpeak> cool
17:35:44 <tmcpeak> #topic Summit Sessions
17:35:55 <tmcpeak> just a reminder, we're looking for security activities for those going to the Barcelona summit
17:36:24 <tmcpeak> #link https://etherpad.openstack.org/p/barcelona-security-sessions
17:36:28 <tmcpeak> if you're attending please add your name also
17:36:48 <dg_____> im going to put in a vote for PKI and Security Review
17:36:58 <dg_____> not sure if im going, budgets and politics
17:37:08 <tmcpeak> fair enough
17:37:42 <browne> i'll be there. got approval yesterday
17:38:00 <tmcpeak> browne: awesome
17:38:54 <tmcpeak> that's all I had
17:38:55 <tmcpeak> #topic AOB
17:38:58 <tmcpeak> open floor…
17:39:11 * dg_____ drops the mic
17:39:47 <lhinds> lhinds: body pops
17:39:51 <tmcpeak> allright
17:39:53 <tmcpeak> #endmeeting