17:05:42 <sigmavirus> #startmeeting security
17:05:43 <sigmavirus> unrahul: never was told that we were actually going to hold it
17:05:43 <openstack> Meeting started Thu Feb 16 17:05:42 2017 UTC and is due to finish in 60 minutes.  The chair is sigmavirus. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:05:45 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:05:47 <openstack> The meeting name has been set to 'security'
17:05:50 <sigmavirus> oooh lag is bad, eh?
17:05:51 <unrahul> o/
17:05:55 <browne> o/
17:05:58 <lhinds> o/
17:05:58 <unrahul> yaay!
17:05:58 <knangia> o/
17:05:59 <sigmavirus> #topic Roll Call
17:06:05 <dave-mccowan> o/
17:06:08 <vinaypotluri> o/
17:06:09 <tkelsey> o/
17:06:17 <sigmavirus> Wow, great crowd today
17:06:22 <capnoday> o/ sorry Im late
17:06:51 <sigmavirus> You're not late at all capnoday
17:06:56 <jessegler> o/
17:07:04 <sigmavirus> Welcome jessegler !
17:07:22 <sigmavirus> #info We started 5 minutes late which means we have 25 min for our meeting now :)
17:07:32 <sigmavirus> #topic OSSN
17:07:39 <sigmavirus> Any Security Note updates lhinds ?
17:09:00 <lhinds> we have one public open, which I will knock this week
17:09:09 <lhinds> all will be closed then
17:09:33 <lhinds> that's it
17:10:06 <sigmavirus> lhinds: I believe Magnum added an OSSN task
17:10:10 <sigmavirus> But it's probably still private
17:10:17 <lhinds> let me check
17:10:24 <sigmavirus> strigazi was discussing a CVE they're workign on in #openstack-security
17:10:47 <lhinds> have they assigned OSSN to the LP bug yet?
17:11:16 <lhinds> oh sounds like its a OSSA if a CVE is in order
17:12:33 <sigmavirus> lhinds: they have obtaineda  CVE already
17:12:41 * sigmavirus shrugs
17:12:54 <sigmavirus> They're not vulnerability:managed as far as strigazi could tell
17:13:31 <lhinds> that would explain why I am not seeing anything yet. sounds interesting,,will have a look
17:13:45 <lhinds> containers :-P
17:16:03 <sigmavirus> :D
17:16:11 <sigmavirus> #topic Security Guide
17:16:35 <sigmavirus> I think hyakuhei last week touched on the fact that we're now managing the bugs for this and working more closely with asettle and the manuals team
17:16:47 <sigmavirus> I think we still need some people who can help out and tackle some of those bugs
17:16:57 <sigmavirus> Anyone else have updates on this?
17:17:01 <asettle> YOu rangggg
17:17:09 <asettle> Oh yes!
17:17:10 <sigmavirus> Yes, Lurch, we did
17:17:21 <lhinds> I can certainly look at some (sec guide)
17:17:42 <asettle> I have scheduled some time to chat about the sec-guide in the docs sessions on the Tuesday. https://etherpad.openstack.org/p/docs-i18n-ptg-pike
17:18:06 <asettle> I'd like to talk about how we can work together, plan it appropriately, ensure the sec team doesn't feel like we've just dumped a guide on your doorstop, so to speak
17:18:07 <capnoday> asettle great, hyakuhei and I will come along to that
17:18:14 <asettle> Graet thanks capnoday :)
17:18:16 <michaelxin> cool
17:18:44 <asettle> A lot of the issues with the guide are either in a bug, or are already identified by hyakuhei
17:19:01 <michaelxin> we should be able to help with security guide
17:19:16 <asettle> Swell :) michaelxin did your team take a look?
17:19:31 <vinaypotluri> +1 michaelxin
17:19:51 <michaelxin> We are testing Glance now. We did a look and did not find any bug related with Glance.
17:19:57 <michaelxin> Rahul is interested in a SSL one.
17:20:09 <michaelxin> But he has not assigned it yet.
17:20:27 <unrahul> yup michaelxin  I was looking into the one, to update SSL/TLS intro
17:20:40 <unrahul> I shall be assigning that to myself
17:23:41 <sigmavirus> Great
17:23:47 <sigmavirus> Sorry, I'm managing 2 meetings and other work
17:23:50 <vinaypotluri> I'm reading through a few bugs and will be assigning one to myelf soon
17:24:01 <sigmavirus> Moving along :)
17:24:10 <sigmavirus> #topic Barbican SimpleCrypto Spec
17:24:19 <sigmavirus> #link https://review.openstack.org/#/c/431228/2/specs/pike/enhance-simple-crypto.rst
17:24:35 <sigmavirus> hyakuhei: asked us to review that last week, figured I'd just remind you all to review it in anticipation for the PTG
17:24:41 <sigmavirus> I don't know if barbican will have a presence or not
17:25:06 <unrahul> I did a quick review on it mostly questions and a few comments.
17:26:25 <unrahul> The comment by hyakuhei  on including simplecrypto as part of the barbican threat analysis seems valid
17:27:03 <sigmavirus> #topic Any Other Business
17:27:07 <sigmavirus> #info 3 minutes left
17:27:18 <sigmavirus> #link https://etherpad.openstack.org/p/ptg-security-team
17:28:20 <unrahul> sigmavirus:  we are working on glance testing for this week, I am doing the source code review
17:28:55 <knangia> i was investigating the http store for glance part...
17:28:57 <unrahul> with a few of us in the team doing manual testing of API and running syntribos, we have identified few 500 issues and are looking for anything more
17:29:42 <sigmavirus> unrahul: sounds like fun
17:29:42 <vinaypotluri> I'm working on the multiple locations issue of glance and manually testing glance.
17:30:00 <unrahul> yeah knangia  was working on the http_store part and with v2 glance API http_store seems disabled and also from horizon we can't access that feature..
17:30:07 <unrahul> so I guess it is disabled..
17:30:25 <knangia> yes unrahul
17:30:30 <sigmavirus> #endmeeting