17:01:16 #startmeeting Security 17:01:17 Meeting started Thu Mar 2 17:01:16 2017 UTC and is due to finish in 60 minutes. The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:18 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:21 The meeting name has been set to 'security' 17:01:46 o/ 17:01:53 o/ 17:01:57 o/ 17:02:07 Quiet room today :D 17:02:45 :D 17:02:46 how's it going lhinds / knangia ? 17:02:55 o/ 17:03:00 good thanka hyakuhei 17:03:01 o/ 17:03:06 or thanks rather 17:03:07 o/ 17:03:08 going good...thank you 17:03:17 Excellent 17:03:22 welcome vinaypotluri browne 17:03:29 thank you hyakuhei 17:03:38 Man I'm full of flu 17:03:58 o/ 17:04:08 o/ 17:04:14 Hey mdong capnoday 17:04:20 because of traveling ? hyakuhei 17:04:22 So I don't have much to report this week 17:04:29 knangia Travel induced man-flu 17:05:42 hey capnoday 17:05:49 Can you give a quick summary of the summit? 17:06:30 sure 17:07:00 PTG was a very interesting event 17:08:17 Im glad that hyakuhei and I went along, in terms of output it wasnt as good as a traditional midcycle, but it was very useful getting to talk to a lot of people in a much more relaxed setting than the summit 17:08:43 We spent a lot of time with the Barbican guys that I think was very helpful 17:08:59 We spent some time talking to the docs guys about the future of the guide, spent some time drafting a chapter for the guide on barbican 17:09:31 the rest of the week we spent hanging out with the barbican team, it was really good to see everyone again and contribute to a few debates about key management in openstack 17:09:59 it looks like Castellan is going to become a 'core' openstack service, which is one that can be assumed to be present in a openstack deployment 17:10:29 hyakuhei has done some work putting together a barbican plugin, to allow you to use Hashicorp Vault as a secret store backend 17:10:53 i think thats it for the summit, unless anyone else has something to add? 17:11:21 oh.. thats really nice.. that castellan is going to be part of deployment. 17:11:24 shame I never made it, 100% getting to the next one though I hope. 17:11:25 food sucked 17:11:34 +1 browne 17:11:42 we went out for sushi 17:11:45 i heard about sandwiches everyday 17:11:56 there was nothing at the summit that met my diet 17:12:04 Are there any links to see discussions by any chance? 17:12:06 lhinds yeh 17:12:08 yeah, same 3 sandwiches rotated every other day 17:12:20 ugh 17:12:26 browne: .. sounds like a meal plan :D 17:12:51 but there was some acceptable sushi at the mall 2 blocks away, which seemed like a good way to spend $10/day 17:12:59 that feels bad browne :( 17:13:05 unrahul I think we have some notes 17:13:30 hyakuhei and I will dig them out for next weeks meeting, we are both flatout with meetings this week 17:13:53 the attendence in the security sessions was low. think we need to recruit 17:13:53 sounds good capnoday .. thank you.. 17:14:18 browne i think a bit part of that was the travel cost 17:14:30 browne: we would have loved to come.. except for the budget.. we tried attending the security guide discussion over phone 17:14:39 we've had a lot more people when we have picked the midcycle location to suit 17:14:49 by the way Are we going to have a midcycle this time around, or , too soon to ask? 17:14:57 thanks for dialing in to that btw unrahul 17:14:59 no more midcycles 17:15:08 just PTGs 17:15:12 we may have a midcycle 17:15:14 :/ 17:15:32 i'm still wondering where next PTG will be 17:15:34 it is too soon to say no more midcycles 17:15:40 if there is a midcycle.. around Austin .. I think more people can come.. 17:16:01 the PTG was definitely a useful thing, but it doesnt replace a midcycle unless the foundation would like to fund a lot more of our members to attend 17:16:05 unrahul: +1 It wold be nice to have it in Austin 17:16:08 unrahul yes thats what I was thinking 17:16:59 Good idea! 17:17:09 hyakuhei: whats your opinion... 17:17:13 o/ sorry im late, busy day :( 17:17:24 hey tim 17:17:24 welcome tkelsey :) 17:17:38 thanks folks, carry on I'll catch up 17:17:47 unrahul hyakuhei had to step away i think 17:18:13 browne why do you say no more midcycles? 17:18:21 i think part of the drop in attendance is that many (at in least in bandit) no longer work on openstack 17:18:30 that is definitely a big factor 17:18:44 capnoday: think that was the goal of the PTG to replace midcycles 17:18:56 .. hmm.. 17:19:09 although if we had it in austin or san antonio, we would have all the rack and OSIC people too... 17:19:15 so yeah, i think maybe we could use 1-2 more bandit cores if anyone is interested in contributing/reviewing 17:19:27 capnoday: ,, I agree.. 17:19:29 yes capnoday ! 17:19:31 which would take it from 2-3 people, to maybe 8-10? 17:20:07 our team is already around 6.. and I guess.. it would be a more of a learning experience too.. if we have a midcycle 17:20:19 true that 17:20:31 and We wouldn't have to be worried about the budget too 17:20:49 its something we need to consider, along with scheduling 17:20:58 o/ 17:21:00 +1 unrahul vinaypotluri 17:21:16 possibly we could have a mid-cycle at the same time as the boston summit, as that is meant to be more of a marketing event now? 17:21:20 anyway 17:21:37 Some of us have to go to the summit still :'( 17:21:38 lets talk mid-cycles in a few weeks once we are over the jet-lag 17:21:45 Though a similar time in the year would work. 17:21:45 does anyone else have feedback on the PTG? 17:22:09 then there can be less attendance for the mid cycle, if it clashes with boson summit 17:22:09 The remote session with doc team seems to work fine 17:22:13 my personal thought was it would be nice to run the PTG at the end of the summit, then have a mid-cycle to suit our team 17:22:16 So I thought the conversations we had with the docs people were very interesting 17:22:21 Did we decide anything on how the new security guide should be? 17:22:28 Sure 17:22:31 Maybe, we can do similar thing (for remote folks) in the future. 17:22:52 Tactical; we embrace the work OSIC has taken on to improve the existing guidance by tackling important bugs 17:23:17 Strategic; work on a next iteration of the doc, that maintains a consistent level of detail and does not go into as much depth as the current doc 17:23:33 Sounds good plan to me 17:23:46 The net benefit being a less detailed guide on day 1 but a more maintainable and thus, useful guide over months/years 17:24:30 hyakuhei: that vision of a maintainable guide is promising. 17:24:31 sounds good ! 17:25:13 we are in talks with different teams here in OSIC like neutron and keystone to close some of those sec guide bugs.. 17:25:24 Is Doug still working for the security project? 17:25:40 There is a bug assigned to him. 17:25:41 redrobot doug? or me doug? 17:25:44 capnoday ^^^ 17:26:20 I will take a look, although i think this may be the one that vinay emailed me about, which he has kindly offered to deal with 17:26:21 michaelxin: Doug asked me to take it over https://bugs.launchpad.net/ossp-security-documentation/+bug/1619485 17:26:21 Launchpad bug 1619485 in OpenStack Security Guide Documentation "Annual Cipher Validation - Introduction to TLS and SSL in Security Guide" [Medium,Confirmed] - Assigned to Vinay Potluri (vinay-potluri) 17:26:23 I think vinaypotluri discussed it and got it assigned 17:26:38 michaelxin that ^^ 17:26:45 what's the status of new key management chapter for the security guide? 17:26:53 thanks vinaypotluri :) 17:27:01 thank you capnoday :) 17:27:32 key management chapter is getting there, will need updating with the outcome of the discussions we had on Thursday regarding castellan as a core service 17:27:43 plus updating once Robs vault plugin has merged 17:28:01 ok 3 mins left, anything else quick? 17:28:25 OSSN: one single note which I should have out next week I hope 17:28:29 that's it 17:28:32 great work lhinds 17:28:52 ok anything else to add hyakuhei? 17:29:02 Narp 17:29:13 great, lets wrap this up 17:29:17 #chair capnoday 17:29:19 Current chairs: capnoday hyakuhei 17:29:22 I'll write a blog post on the PTG if you'll help capnoday 17:29:27 yeh of course 17:29:32 lets take a look at that next week 17:29:37 Anyay, that's time lol. TY all, lets hope for a bit more progress to share next week! 17:29:56 thanks all. 17:29:58 thanks hyakuhei 17:30:16 thank you all 17:30:25 #endmeeting