17:01:16 <hyakuhei> #startmeeting Security 17:01:17 <openstack> Meeting started Thu Mar 2 17:01:16 2017 UTC and is due to finish in 60 minutes. The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:18 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:21 <openstack> The meeting name has been set to 'security' 17:01:46 <hyakuhei> o/ 17:01:53 <knangia> o/ 17:01:57 <lhinds> o/ 17:02:07 <hyakuhei> Quiet room today :D 17:02:45 <knangia> :D 17:02:46 <hyakuhei> how's it going lhinds / knangia ? 17:02:55 <unrahul> o/ 17:03:00 <lhinds> good thanka hyakuhei 17:03:01 <vinaypotluri> o/ 17:03:06 <lhinds> or thanks rather 17:03:07 <browne> o/ 17:03:08 <knangia> going good...thank you 17:03:17 <hyakuhei> Excellent 17:03:22 <hyakuhei> welcome vinaypotluri browne 17:03:29 <vinaypotluri> thank you hyakuhei 17:03:38 <hyakuhei> Man I'm full of flu 17:03:58 <mdong> o/ 17:04:08 <capnoday> o/ 17:04:14 <hyakuhei> Hey mdong capnoday 17:04:20 <knangia> because of traveling ? hyakuhei 17:04:22 <hyakuhei> So I don't have much to report this week 17:04:29 <hyakuhei> knangia Travel induced man-flu 17:05:42 <hyakuhei> hey capnoday 17:05:49 <hyakuhei> Can you give a quick summary of the summit? 17:06:30 <capnoday> sure 17:07:00 <capnoday> PTG was a very interesting event 17:08:17 <capnoday> Im glad that hyakuhei and I went along, in terms of output it wasnt as good as a traditional midcycle, but it was very useful getting to talk to a lot of people in a much more relaxed setting than the summit 17:08:43 <hyakuhei> We spent a lot of time with the Barbican guys that I think was very helpful 17:08:59 <capnoday> We spent some time talking to the docs guys about the future of the guide, spent some time drafting a chapter for the guide on barbican 17:09:31 <capnoday> the rest of the week we spent hanging out with the barbican team, it was really good to see everyone again and contribute to a few debates about key management in openstack 17:09:59 <capnoday> it looks like Castellan is going to become a 'core' openstack service, which is one that can be assumed to be present in a openstack deployment 17:10:29 <capnoday> hyakuhei has done some work putting together a barbican plugin, to allow you to use Hashicorp Vault as a secret store backend 17:10:53 <capnoday> i think thats it for the summit, unless anyone else has something to add? 17:11:21 <unrahul> oh.. thats really nice.. that castellan is going to be part of deployment. 17:11:24 <lhinds> shame I never made it, 100% getting to the next one though I hope. 17:11:25 <browne> food sucked 17:11:34 <capnoday> +1 browne 17:11:42 <capnoday> we went out for sushi 17:11:45 <lhinds> i heard about sandwiches everyday 17:11:56 <capnoday> there was nothing at the summit that met my diet 17:12:04 <unrahul> Are there any links to see discussions by any chance? 17:12:06 <capnoday> lhinds yeh 17:12:08 <browne> yeah, same 3 sandwiches rotated every other day 17:12:20 <lhinds> ugh 17:12:26 <unrahul> browne: .. sounds like a meal plan :D 17:12:51 <capnoday> but there was some acceptable sushi at the mall 2 blocks away, which seemed like a good way to spend $10/day 17:12:59 <knangia> that feels bad browne :( 17:13:05 <capnoday> unrahul I think we have some notes 17:13:30 <capnoday> hyakuhei and I will dig them out for next weeks meeting, we are both flatout with meetings this week 17:13:53 <browne> the attendence in the security sessions was low. think we need to recruit 17:13:53 <unrahul> sounds good capnoday .. thank you.. 17:14:18 <capnoday> browne i think a bit part of that was the travel cost 17:14:30 <unrahul> browne: we would have loved to come.. except for the budget.. we tried attending the security guide discussion over phone 17:14:39 <capnoday> we've had a lot more people when we have picked the midcycle location to suit 17:14:49 <unrahul> by the way Are we going to have a midcycle this time around, or , too soon to ask? 17:14:57 <capnoday> thanks for dialing in to that btw unrahul 17:14:59 <browne> no more midcycles 17:15:08 <browne> just PTGs 17:15:12 <capnoday> we may have a midcycle 17:15:14 <unrahul> :/ 17:15:32 <browne> i'm still wondering where next PTG will be 17:15:34 <capnoday> it is too soon to say no more midcycles 17:15:40 <unrahul> if there is a midcycle.. around Austin .. I think more people can come.. 17:16:01 <capnoday> the PTG was definitely a useful thing, but it doesnt replace a midcycle unless the foundation would like to fund a lot more of our members to attend 17:16:05 <vinaypotluri> unrahul: +1 It wold be nice to have it in Austin 17:16:08 <capnoday> unrahul yes thats what I was thinking 17:16:59 <michaelxin> Good idea! 17:17:09 <unrahul> hyakuhei: whats your opinion... 17:17:13 <tkelsey> o/ sorry im late, busy day :( 17:17:24 <capnoday> hey tim 17:17:24 <unrahul> welcome tkelsey :) 17:17:38 <tkelsey> thanks folks, carry on I'll catch up 17:17:47 <capnoday> unrahul hyakuhei had to step away i think 17:18:13 <capnoday> browne why do you say no more midcycles? 17:18:21 <browne> i think part of the drop in attendance is that many (at in least in bandit) no longer work on openstack 17:18:30 <capnoday> that is definitely a big factor 17:18:44 <browne> capnoday: think that was the goal of the PTG to replace midcycles 17:18:56 <unrahul> .. hmm.. 17:19:09 <capnoday> although if we had it in austin or san antonio, we would have all the rack and OSIC people too... 17:19:15 <browne> so yeah, i think maybe we could use 1-2 more bandit cores if anyone is interested in contributing/reviewing 17:19:27 <unrahul> capnoday: ,, I agree.. 17:19:29 <knangia> yes capnoday ! 17:19:31 <capnoday> which would take it from 2-3 people, to maybe 8-10? 17:20:07 <unrahul> our team is already around 6.. and I guess.. it would be a more of a learning experience too.. if we have a midcycle 17:20:19 <vinaypotluri> true that 17:20:31 <vinaypotluri> and We wouldn't have to be worried about the budget too 17:20:49 <capnoday> its something we need to consider, along with scheduling 17:20:58 <aasthad> o/ 17:21:00 <knangia> +1 unrahul vinaypotluri 17:21:16 <capnoday> possibly we could have a mid-cycle at the same time as the boston summit, as that is meant to be more of a marketing event now? 17:21:20 <capnoday> anyway 17:21:37 <hyakuhei> Some of us have to go to the summit still :'( 17:21:38 <capnoday> lets talk mid-cycles in a few weeks once we are over the jet-lag 17:21:45 <hyakuhei> Though a similar time in the year would work. 17:21:45 <capnoday> does anyone else have feedback on the PTG? 17:22:09 <knangia> then there can be less attendance for the mid cycle, if it clashes with boson summit 17:22:09 <michaelxin> The remote session with doc team seems to work fine 17:22:13 <capnoday> my personal thought was it would be nice to run the PTG at the end of the summit, then have a mid-cycle to suit our team 17:22:16 <hyakuhei> So I thought the conversations we had with the docs people were very interesting 17:22:21 <unrahul> Did we decide anything on how the new security guide should be? 17:22:28 <hyakuhei> Sure 17:22:31 <michaelxin> Maybe, we can do similar thing (for remote folks) in the future. 17:22:52 <hyakuhei> Tactical; we embrace the work OSIC has taken on to improve the existing guidance by tackling important bugs 17:23:17 <hyakuhei> Strategic; work on a next iteration of the doc, that maintains a consistent level of detail and does not go into as much depth as the current doc 17:23:33 <michaelxin> Sounds good plan to me 17:23:46 <hyakuhei> The net benefit being a less detailed guide on day 1 but a more maintainable and thus, useful guide over months/years 17:24:30 <unrahul> hyakuhei: that vision of a maintainable guide is promising. 17:24:31 <knangia> sounds good ! 17:25:13 <unrahul> we are in talks with different teams here in OSIC like neutron and keystone to close some of those sec guide bugs.. 17:25:24 <michaelxin> Is Doug still working for the security project? 17:25:40 <michaelxin> There is a bug assigned to him. 17:25:41 <capnoday> redrobot doug? or me doug? 17:25:44 <hyakuhei> capnoday ^^^ 17:26:20 <capnoday> I will take a look, although i think this may be the one that vinay emailed me about, which he has kindly offered to deal with 17:26:21 <vinaypotluri> michaelxin: Doug asked me to take it over https://bugs.launchpad.net/ossp-security-documentation/+bug/1619485 17:26:21 <openstack> Launchpad bug 1619485 in OpenStack Security Guide Documentation "Annual Cipher Validation - Introduction to TLS and SSL in Security Guide" [Medium,Confirmed] - Assigned to Vinay Potluri (vinay-potluri) 17:26:23 <unrahul> I think vinaypotluri discussed it and got it assigned 17:26:38 <capnoday> michaelxin that ^^ 17:26:45 <dave-mccowan> what's the status of new key management chapter for the security guide? 17:26:53 <capnoday> thanks vinaypotluri :) 17:27:01 <vinaypotluri> thank you capnoday :) 17:27:32 <capnoday> key management chapter is getting there, will need updating with the outcome of the discussions we had on Thursday regarding castellan as a core service 17:27:43 <capnoday> plus updating once Robs vault plugin has merged 17:28:01 <capnoday> ok 3 mins left, anything else quick? 17:28:25 <lhinds> OSSN: one single note which I should have out next week I hope 17:28:29 <lhinds> that's it 17:28:32 <capnoday> great work lhinds 17:28:52 <capnoday> ok anything else to add hyakuhei? 17:29:02 <hyakuhei> Narp 17:29:13 <capnoday> great, lets wrap this up 17:29:17 <hyakuhei> #chair capnoday 17:29:19 <openstack> Current chairs: capnoday hyakuhei 17:29:22 <hyakuhei> I'll write a blog post on the PTG if you'll help capnoday 17:29:27 <capnoday> yeh of course 17:29:32 <capnoday> lets take a look at that next week 17:29:37 <hyakuhei> Anyay, that's time lol. TY all, lets hope for a bit more progress to share next week! 17:29:56 <unrahul> thanks all. 17:29:58 <knangia> thanks hyakuhei 17:30:16 <aasthad> thank you all 17:30:25 <capnoday> #endmeeting