#openstack-meeting-alt log

17:00:04 <tmcpeak> #startmeeting security
17:00:05 <openstack> Meeting started Thu Sep 29 17:00:04 2016 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:07 <tmcpeak> o/
17:00:08 <openstack> The meeting name has been set to 'security'
17:00:10 <tmcpeak> #chair hyakuhei-
17:00:11 <browne> o/
17:00:16 <openstack> Current chairs: hyakuhei- tmcpeak
17:00:23 <tmcpeak> #link https://etherpad.openstack.org/p/security-agenda
17:01:00 <mdong> o/
17:01:03 <knangia> o/
17:01:08 <tkelsey> o/
17:01:21 <tmcpeak> wassup everybody
17:01:29 <elmiko> o/ (sorta)
17:01:43 <tmcpeak> hi sorta elmiko
17:01:48 <vinaypotluri> o/
17:01:54 <elmiko> =)
17:02:04 <lhinds> O/
17:02:21 <tmcpeak> lhinds: you get the longest blog post eva up? :P
17:02:45 <tmcpeak> dg____: review anchor!
17:02:47 <lhinds> tmcpeak: i got nits disagreeing with each other on there :P
17:02:53 <dg____> tmcpeak ok
17:03:01 <tmcpeak> lhinds: just pick your favorite contributor and ship it
17:03:30 <lhinds> tmcpeak: will do
17:03:44 <lhinds> its between tmcpeak and sigmavirus
17:03:56 <sigmavirus> huh?
17:03:57 <tmcpeak> well that's a no brainer
17:04:07 <tmcpeak> sigmavirus: is way better looking than me
17:04:07 <lhinds> cage fight?
17:04:14 <sigmavirus> tmcpeak: lies!
17:04:29 <sigmavirus> you can probably ignore my nits
17:04:39 <sigmavirus> I dont' remember even reviewing it
17:04:40 <sigmavirus> so
17:04:42 <tmcpeak> allright, let's get started
17:04:45 <lhinds> no worries, I will take look later
17:04:46 <sigmavirus> clearly I feel strongly ;)
17:04:49 <tmcpeak> #topic Kolla Security Review
17:04:54 <tmcpeak> sdake: you around?
17:05:09 <sdake> tmcpeak roger
17:05:18 <dg____> hey sdake
17:05:18 <tmcpeak> sdake: can you summarize what you mentioned yesterday please?
17:05:35 <sdake> hey folks
17:05:47 <michaelxin_> hi
17:05:50 <sdake> sec, obtaining atteention of successor kolla ptl ;)
17:06:03 <sdake> can we move on and when he jjoins in rediscuss?
17:06:20 <sdake> hey dg____
17:06:29 <tmcpeak> sure
17:06:42 <tmcpeak> #topic Syntribos
17:06:49 <tmcpeak> unrahul:
17:07:09 <unrahul> hey guys, so our testing is going on this week as well.
17:07:31 <unrahul> we have tested Nova last week, and truth to be said, few days to test Nova is not enough..
17:08:11 <tmcpeak> saw some cool bugs from you guys
17:08:25 <unrahul> This week we are testing both swift and cinder (i know!) , what we are trying to get from the testing.. is basically benchmarking the tool and see if we can write the tests in a better way
17:08:37 <michaelxin_> I have pushed them to their limit and given them crazy schedule. Bad on me.
17:08:40 <unrahul> we got lot of feedback on that front..
17:08:44 <michaelxin_> Next cycle, we will have more time.
17:08:49 <mdong> I believe ccneill sent out an email to the list about 500 errors that we kept seeing throughout all our testing
17:09:17 <unrahul> yup.. we got a bunch of 500 errors, then the glance ddos.. hoping to get something from the storage front as well..
17:09:27 * unrahul fingers crossed
17:09:38 <browne> cool
17:10:01 <unrahul> so thats about it from us, for this week.. mdong ?..
17:10:28 <mdong> nah, I don’t have anything else to add
17:11:03 <unrahul> thanks tmcpeak , bandit is helping us a lot as well.. in scanning the codebase..
17:11:17 <tkelsey> unrahul: :) good to know
17:11:18 <unrahul> thats how we found the glance ddos possibility in the first place..
17:11:24 <tmcpeak> unrahul: awesome!
17:11:31 <tmcpeak> allright, ..
17:11:32 <tmcpeak> #topic OSSN
17:11:35 <tmcpeak> lhinds: ^
17:11:38 <lhinds> k...
17:12:20 <lhinds> Four embargo's. Three of which have drafts and need core / vmt +1's.
17:12:38 <tmcpeak> lhinds: sweet
17:12:45 <lhinds> The other I start on this week, so hopefully next meeting if no new ones appear, we might have a clean plate
17:12:47 <dg____> lhinds ill take a look tomorrow
17:13:06 <lhinds> actually dg____ maybe I could assign one to you, its one I have not started on yet>
17:13:11 <lhinds> Sounds good dg____ ?
17:13:47 <tmcpeak> +1 dg____ loves voluntolding
17:13:59 <lhinds> ok, I will assign him up
17:14:02 <dg____> lol
17:14:29 <dg____> I wont have time to write an OSSN until this time next week, got a bunch of security guide stuff in the backlog
17:14:41 <dg____> so if its time critical maybe tmcpeak would be a better bet
17:14:42 <tmcpeak> are you the new sicarie?
17:14:50 <tmcpeak> ooooh voluntold deflected
17:15:00 <lhinds> lets keep it on me, and see how I get on this week
17:15:02 <tmcpeak> yeah assign it to me
17:15:06 <tmcpeak> I'll write one
17:15:09 <lhinds> tmcpeak: done
17:15:20 <lhinds> (or rather; will do)
17:15:26 <tmcpeak> perfect
17:15:32 <tmcpeak> #topic Blog
17:16:25 <lhinds> I will try and sort out that notes post tonight
17:16:29 <lhinds> get that out.
17:16:43 <lhinds> can you do mergies tmcpeak ?
17:17:08 <tmcpeak> bah damn
17:17:17 <tmcpeak> typed all the stuff I meant to say here in #openstack-security
17:17:25 <tmcpeak> I wrote a blog post this week on secure development guidance and Bandit
17:17:32 <tmcpeak> if you're being good children you'll have noticed its announcement on the ML
17:17:40 <tmcpeak> https://openstack-security.github.io/organization/2016/09/26/python-secure-development.html
17:17:47 <tmcpeak> blog posts are easy and a good way to make our work known to the community
17:17:57 <tmcpeak> unrahul: I'd encourage you guys to do a quick one for Syntribos
17:18:09 <tmcpeak> lhinds: I'll mergies but in the future let's just get you access
17:18:19 <lhinds> sure thing
17:18:44 <tmcpeak> lhinds: so you fixed everything you want to fix?
17:19:01 <unrahul> from security channel :: agreed tmcpeak !.. we will definitely do a retrospective on the testing and on the tool soon..
17:19:08 <lhinds> tmcpeak: not yet, I need to put the correct mailing list details.
17:19:14 <lhinds> will ping you when I am done
17:19:17 <lhinds> or email...
17:19:20 <tmcpeak> ok
17:19:31 <tmcpeak> #topic Kolla Security Review
17:19:33 <tmcpeak> sdake:
17:20:29 <sdake> tmcpeak so pinged inc0
17:20:45 <sdake> he may be at lunch - its lunchtime in texas afaik :)
17:20:49 <tmcpeak> that's ok
17:20:52 <sdake> so we will have to roll without him
17:21:01 <sdake> i'll make sure he is at next meeting
17:21:10 <tmcpeak> ok
17:21:12 <dg____> ok great
17:21:32 <dg____> where are we at with the security review for Kolla?
17:21:37 <michaelxin_> sorry, have been multi-tasking.
17:22:01 <tmcpeak> dg____: Kolla has changed (will change?) PTLs
17:22:01 <sdake> dg____ so we aren't really making progress because we have been heads down in release mode
17:22:15 <sdake> tmcpeak ptl change happens at election time
17:22:19 <sdake> and i elected not to run
17:22:32 <sdake> i intend to stya involved in kolla and also want  to drive ta to conclusion
17:22:44 <dg____> sdake excellent, glad you still want to be involved
17:22:55 <sdake> our deadline for 3.0.0 is oct 10th
17:23:07 <sdake> which leaves no time for any kind of ta prior to summit
17:23:15 <sdake> rather oct 12th
17:23:37 <sdake> i thought it wuld e hepful to have a refresher on the new process in oone of kolla's wr sessions
17:23:38 <dg____> shame, be good to get that in before the summit
17:23:41 <tmcpeak> so it looks like we'll have to do summit or after
17:23:46 <dg____> tmcpeak are you going to be in barcelona?
17:23:55 <tmcpeak> indeed
17:24:00 <sdake> so we know what to do
17:24:15 <sdake> and after summit finish the job once the new process is well understood by our coresecc team
17:24:33 <dg____> sdake that seems like a good plan
17:24:37 <sdake> atm the process appears in flux - i know you hae a new one - we were working on the old one ;)
17:24:46 <sdake> so lets work on the new one together
17:24:51 <tmcpeak> our new one is pretty sorted out
17:24:55 <sdake> nice
17:25:01 <dg____> sdake process is semi-finalised, documentation needs sorting out
17:25:05 <sdake> thats fantastic news, 40 minutes should be enoug ht o communicatte that
17:25:19 <sdake> we have a slot for vmt at summit
17:25:28 <dg____> tmcpeak are you ok to talk the kolla team through it at the summit?
17:25:33 <sdake> rather ta
17:25:45 <sdake> well we sort of mix it all together, but its really about ta at this point
17:25:46 <tmcpeak> dg____: you're not coming?
17:26:24 <dg____> tmcpeak magic 8ball says: unlikely
17:26:30 <sdake> dg____ bummer :(
17:26:48 <sdake> dg____ fwiw I dont particularly want to travel 8 hours in an airplne
17:26:52 <dg____> yeh, I'd like to be there
17:27:02 <tmcpeak> dg____: it's like in your backyard...
17:27:02 <sdake> but need to be at summit :)
17:27:11 <dg____> sdake welcome to my life, we do that flight a _lot_
17:27:34 <tmcpeak> hitchhike over and tailgate somebody in, sleep on tkelsey's couch, etc
17:27:36 <dg____> barcelona is actually pretty easy for us, its like an hour maybe
17:27:46 <tmcpeak> beg for Sushi :P
17:27:50 <michaelxin_> nice
17:27:59 <sdake> dg____ if you neeed a roommate may be able to find you one :)
17:28:02 <tmcpeak> allright, back on topic
17:28:12 <tmcpeak> dg____: can you attend Kolla's weekly with me next week?
17:28:14 <dg____> sdake hah thanks
17:28:16 <sdake> anyway - lets focus on getting inc0 here next wek
17:28:18 <tmcpeak> 1600 UTC Weds
17:28:25 <dg____> tmcpeak sure. remind me on weds
17:28:30 <sdake> sweet
17:28:45 <tmcpeak> ok
17:28:50 <sdake> i think we eneed to get both of our fearleess leaders together in our meetings :)
17:29:17 <tmcpeak> yep
17:29:17 <sdake> so everyone on kolla side understands its a priority
17:29:24 <sdake> and security team can coach us through it
17:29:53 <tmcpeak> perfect
17:29:57 <sdake> cool
17:30:06 <sdake> we need to get this done!
17:30:12 <tmcpeak> yep, for sure
17:30:17 <tmcpeak> we'll pick it up again next week
17:30:22 <tmcpeak> #topic Barcelona Sessions
17:30:47 <tmcpeak> we need moar
17:31:05 <tmcpeak> looks like we have 2
17:31:07 <tmcpeak> #link https://etherpad.openstack.org/p/barcelona-security-sessions
17:31:08 <michaelxin_> we do not know whether any of us can go yet.
17:31:19 <tmcpeak> michaelxin: was going to say, I'd love a syntribos session
17:32:01 <michaelxin_> I want it too.
17:32:12 <tmcpeak> allright, well that's all I had
17:32:14 <tmcpeak> #topic AOB
17:32:18 <michaelxin_> But no idea whether we can go.
17:32:22 <tmcpeak> anything else to mention?
17:32:26 <michaelxin_> I missed majority
17:32:33 <michaelxin_> How was the meeting with TC?
17:32:40 <michaelxin_> Are we going to stay in big tent?
17:32:49 <tmcpeak> michaelxin: it's fine, we're staying big tent and Rob is our PTL still
17:32:57 <michaelxin_> tmcpeak: Cool.
17:32:59 <michaelxin_> Thanks.
17:33:08 <tmcpeak> we're going to work hard to be more integrated with the community and sigmavirus is going to show us the way
17:33:20 <dg____> thats awesome news!
17:33:31 <dg____> i will go and read the mailing list to celebrate
17:33:52 <michaelxin_> in sigmavirus, we trust
17:34:01 <michaelxin_> dg____: +2
17:34:27 <tmcpeak> allright well seems like it's that time
17:34:29 <tmcpeak> #endmeeting