17:02:24 #startmeeting Security 17:02:25 Meeting started Thu Nov 10 17:02:24 2016 UTC and is due to finish in 60 minutes. The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:02:26 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:02:28 The meeting name has been set to 'security' 17:02:29 o/ 17:02:32 o/ 17:02:47 I'm stuck on a call for the next 10-15 minutes :'( 17:02:50 #chair lhinds 17:02:51 Current chairs: hyakuhei lhinds 17:03:15 looks like a low turnout, will grab the etherpad 17:03:20 cheers! 17:03:23 Yeah super quiet. 17:04:18 #topic agenda 17:04:26 #link https://etherpad.openstack.org/p/security-agenda 17:04:30 Maybe our times are in the wrong timezone lhinds ? 17:04:40 hyakuhei: I am thinking the same too 17:04:47 i.e we are both UK ? 17:04:51 umm 17:05:19 so its 17:00 which is correct 17:05:47 yupyup 17:06:48 k, do you want me to walk through the agenda, or you have a headset? 17:07:23 #topic Syntribos 17:07:31 any Syntribos folks here? 17:07:37 hey lhinds yup 17:07:46 ah cool..all yours unrahul 17:08:06 so we are in the process of setting up repos for templates and payloads and modifying few tests 17:08:44 As you guys may know, we have released a PyPi version of the tool, with automated download of openstack templates and certain payloads 17:09:09 sounds cool 17:09:18 and revamped the docs, so if anyone would like to take a look at syntribos, just install it using pip install syntribos 17:09:33 we would love to get more feedback on it.. 17:10:13 unrahul: that sounds like not a big ask..I will try to get some time to try it from pip 17:10:18 this week and the next we would be having design sessions on modifying the request templates to make it less cluttered and may be help users write simple tests etc.. 17:10:18 or pypi rather 17:10:32 awesome lhinds .. 17:10:39 so thats it from us.. 17:10:46 thanks unrahul 17:10:54 #topic OSSN 17:11:15 so we currently have three embargoed and one public 17:11:53 hyakuhei: looks like he has one almost ready to release, and his other is close too. tmcpeak has one with a draft in place 17:12:25 we also have a new author in vds 17:12:30 he is working on https://review.openstack.org/#/c/396080/ 17:12:41 so please help with reviews 17:13:30 we are currently waiting on swift cores to feedback as its looking more like a patch and we are not sure what the notes ask is yet. 17:14:06 that's it for notes. Not had time to do anymore work on the API yet, but will hopefully be able to pick it up again soon 17:14:15 #topic Blog 17:14:36 hyakuhei: anything new on the blog? 17:14:58 I still need you to look at merge rights when have a spare moment. 17:15:07 Hey yeah so I will add more people in. 17:15:21 thx hyakuhei 17:15:41 Blog wise I want to put something in the blog about our super fancy award 17:15:50 My working title is: "OpenStack is not Secure" 17:15:57 "but we are doing all the right things" 17:16:11 forgot time changed. 17:16:20 michaelxin so did everyone else :P 17:16:30 i think a few of us have 17:17:05 anymore on the blog? 17:17:21 #topic Security Review 17:17:38 hyakuhei: I don't have anything on this topic, anything from you..? 17:17:54 Narp, on a call about the internal version of that now lol 17:18:20 k :) 17:18:37 What's security review? 17:18:42 I think we already have the washup covered from last week 17:19:21 #topic sec-guide 17:19:32 https://review.openstack.org/#/c/382600/ 17:20:21 I have some stuff I need to get round to updating in the security-guide, we have some old django / horizon key values that are depreciated 17:20:31 michaelxin you joking? 17:20:35 for example USE_SSL 17:20:37 I will beat you! 17:20:49 you spot them too hyakuhei ? 17:21:00 haha 17:22:25 k, I guess its going to be short and sweet this week. 17:22:38 any other key topics before AOB? 17:23:25 #topic AOB 17:23:33 hyakuhei: we had to rebase the patch for the new repos , could you please do a +1 again https://review.openstack.org/#/c/390621/ 17:24:11 for updates about syntribos 17:24:13 https://etherpad.openstack.org/p/syntribos-future 17:24:24 That's our current roadmap 17:24:26 unrahul I'm on it! 17:24:35 thanks hyakuhei ! :) 17:25:09 also ccneill will move out syntribos project. 17:25:36 He will not focus on openstack security in the future. 17:26:27 I am trying to find someone to replace him. 17:26:44 k, I guess this draw us to the end of the meeting, unless any more topics?] 17:26:46 What? Damn. That guy was Ninja. 17:27:01 Typical, I just got off the phone. 17:27:11 sorry I'm late, did you talk about OSSN-0077 already? 17:27:13 ahh damn 17:27:17 anchor has some reviews pending 17:27:18 ccneil will be missed 17:27:25 vds: already covered, but no worries 17:27:26 browne I'll take a looksy 17:27:30 browne no way! 17:27:37 lhinds: thx! :) 17:27:38 hyakuhei: capnoday: sorry guys. 17:27:57 np, its awesome to see someone looking at it 17:28:59 ok, have a good weekend all. 17:29:03 Cheers! 17:29:04 #endmeeting