17:01:14 <lhinds> #startmeeting security 17:01:14 <openstack> Meeting started Thu Jul 13 17:01:14 2017 UTC and is due to finish in 60 minutes. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:18 <openstack> The meeting name has been set to 'security' 17:01:20 <lhinds> #chair hyakuhei 17:01:21 <openstack> Current chairs: hyakuhei lhinds 17:01:37 <dg_> o/ 17:01:41 <lhinds> hey dg_ 17:01:49 <mdong_> o/ 17:01:53 <lhinds> hey mdong_ 17:02:18 <gagehugo> o/ 17:02:22 <lhinds> hi gagehugo 17:02:22 <hyakuhei> o/ 17:02:26 <lhinds> hi hyakuhei 17:02:27 <hyakuhei> Sorry, tied up shouting on the phone :P 17:02:34 <hyakuhei> o/ 17:03:17 <hyakuhei> So the agenda is up in the usual spot 17:03:22 <hyakuhei> #link https://etherpad.openstack.org/p/security-agenda 17:03:38 <hyakuhei> I see we have a Keystone issue added, welcome gagehugo 17:04:03 <lhinds> cool 17:04:40 <gagehugo> hyakuhei yeah it was brought up a few months ago, but things happened right around that time and that fell to the wayside 17:04:48 <gagehugo> would like to get that going again if possible 17:05:27 <lhinds> gagehugo: I will make suer I review 17:05:36 <hyakuhei> ah cool, dg_ what do you think ? 17:05:37 <lhinds> suer/sure 17:05:59 <hyakuhei> gagehugo has completed an architecture page for us to review 17:06:07 <gagehugo> lhinds awesome 17:06:16 <hyakuhei> Can we carve out some time ? 17:06:38 <dg_> ok yeah we can take a look 17:06:58 <hyakuhei> Cool 17:07:17 <hyakuhei> #topic future 17:08:07 <hyakuhei> The elections are coming up soon and I'd encourage anyone interested to run 17:08:34 <hyakuhei> I've spoken with lhinds about this at length and he has some good ideas and a strong desire to drive the security project forwards 17:08:35 <dg_> lhinds thinking about running? 17:08:56 <lhinds> yep, going to go for it dg_ 17:09:02 <dg_> excellent 17:09:15 <hyakuhei> I have not been able to provide the security project with the time it deserves and requires and will be stepping aside so long as there is someone willing to take up the role 17:09:28 * fungi would gladly vote for lhinds 17:09:36 <lhinds> thanks fungi 17:10:07 * hyakuhei too 17:10:23 <hyakuhei> So it is an open election and everyone is encouraged to participate 17:10:43 <hyakuhei> I understand that lhinds has good support from his parent company which is really pivotal to making a role like PTL work 17:11:20 <fungi> yes, knowing you can dedicate a good chunk of your week to it for the next 6-8 months is pretty crucial 17:11:38 <hyakuhei> +1 17:11:48 <mdong_> I know I haven’t been involved as much as I’d like, so knowing that there’s organizational support for this is really good to hear 17:11:59 <hyakuhei> lhinds has been helping me out a lot recently anyway, running meetings etc 17:12:14 <lhinds> I will put up my plans in writing, once the election email drops. 17:12:25 <dg_> like a manifesto> 17:12:29 <hyakuhei> :) 17:12:47 <fungi> the foundation has been attempting to encourage more member companies to support their staff in leadership roles and other efforts of general benefit to the community, so hopefully we'll see more like lhinds's employer in time 17:12:47 <lhinds> strong and stable 17:12:50 <hyakuhei> I have a long list of things I'd like to have done or know could be done better, I'm happy to share 17:13:18 <lhinds> that would be really useful for the next PTL hyakuhei 17:13:25 <hyakuhei> :) 17:13:26 <mdong_> run through any wheat fields lately lhinds haha 17:13:43 <lhinds> suffice to say, a great act to follow for the next PTL 17:14:01 <lhinds> mdong_: no, that is far to extreme behavior for me. 17:14:09 <hyakuhei> Some chapters better than others but we've come a long way 17:14:21 <hyakuhei> ok, so any other thoughts/comments? 17:15:14 <lhinds> do you existing folks intend to stick around in the project (what with work commitments / career directions)? 17:15:36 <hyakuhei> I will try to, but honestly I think I'll be in more of an advisory role 17:15:48 <dg_> likewise 17:15:51 <hyakuhei> That is to say I'll try to get along to IRC and the new PTL will have my cell number 17:16:00 <lhinds> ack, understood 17:16:26 <fungi> i'm funded by who i'm funded by explicitly so that i know i will be able to stick around and not have to worry about shifts in employer priorities 17:16:39 <lhinds> ack fungi 17:16:41 <hyakuhei> Hmm, the PTL elections aren't on the pike schedule 17:17:00 <dg_> I plan to stick around and will try and come to the meetings, but atm the dayjob is incredibly busy, it will calm down again at some point 17:17:05 <hyakuhei> Alas I am a corporate shill, a lackey to my industrial pay masters 17:17:28 <fungi> the tc just agreed on the election official appointments this week, and i believe they'll need to set the election schedule so that it's updated at https://governance.openstack.org/election/ 17:18:02 * hyakuhei nods 17:18:07 <lhinds> will keep an eye on that space 17:18:35 <fungi> it will be some time before the ptg, but i don't know exactly. probably mid-next month 17:18:42 <hyakuhei> Cool 17:18:56 <fungi> there was a heads-up diablo_rojo sent to the -dev ml, lemme see if i can dig it up quickly 17:18:57 <hyakuhei> I will see if I can get funding for the PTG or summit to do a proper f2f handover 17:19:52 <hyakuhei> lhinds - want to take us through OSSNs? 17:19:54 <fungi> #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119359.html Upcoming PTL Election 17:19:58 <lhinds> hyakuhei: sure 17:20:03 <hyakuhei> oh sorry fungi forgot you were grokking for mail 17:20:09 <hyakuhei> #topic OSSN 17:20:21 <lhinds> so we currrently have two open, one new one. 17:20:24 <diablo_rojo> fungi, https://review.openstack.org/#/c/481768/ 17:20:33 <fungi> thanks diablo_rojo! 17:20:48 <diablo_rojo> also: https://review.openstack.org/#/c/482365/ 17:20:53 <diablo_rojo> no problem fungi :) 17:21:16 <lhinds> the get_identity_providers I should be pushing tomorrow 17:21:45 <fungi> thanks, i think that's the one i went ahead and won't-fixed our ossa task for 17:21:53 <lhinds> and I can get the ceph credentials OSSN to as I worked on the topic before. 17:21:58 <lhinds> that's right fungi 17:22:18 <lhinds> there was a third which has been ported into a docs bug 17:22:35 <lhinds> around EC2 credentials. 17:22:47 <lhinds> got it: bug/1618615 17:23:05 <lhinds> I will flesh out a section on EC2 as there are few other security aspects too. 17:23:36 <lhinds> that's it for this week 17:24:48 <lhinds> #topic Documentation 17:25:10 <lhinds> hope thats ok hyakuhei , have some updates to sneak in 17:25:20 <lhinds> couple of things.. 17:25:29 <hyakuhei> go ahead 17:25:39 <lhinds> the security docs page has sigmavirus (Ian) as the driver 17:26:13 <lhinds> As we know he moved on back in March, so I sent out an email to -dev suggesting it be replaced, and self nominated 17:26:22 <lhinds> nothing back, so I switched it over to me. 17:26:40 <lhinds> mainly as I am working through the backlog right now, and have a lot to update and add. 17:27:00 <lhinds> a lot of revamping of the checklists and bringing up to Pikes level. 17:27:23 <lhinds> I also will have a BP up to suggest making the checklists version specific. 17:27:42 <hyakuhei> sounds useful 17:27:46 <lhinds> that way we won't have anyone change a config directive that is depreciated (as an exmaple) 17:28:02 <hyakuhei> lhinds thank you for the effort 17:28:22 <lhinds> no worries, its useful stuff to have (i benefited from it greatly at one time) 17:28:51 <lhinds> we also had a few patches land this week, and mhayden added some text on anisble-hardening 17:29:00 <lhinds> https://review.openstack.org/#/c/482231/ 17:29:07 <lhinds> that's it for docs, unless any questions.. 17:29:33 <lhinds> #topic Syntribos 17:29:39 <lhinds> mdong: .. 17:29:43 <hyakuhei> 20 seconds mdong ;) 17:29:47 <hyakuhei> we can run over though 17:30:13 <mdong> ah sorry, I’m here 17:30:38 <mdong> a few members on the team have been using syntribos actually to test their internal projects 17:31:16 <mdong> They’ve been running into issues here and there and I’ve been working with them to clear up some of the docs, some of the setup instructions, error messages, etc that they’ve been running to 17:32:01 <hyakuhei> That's really encouraging! 17:32:04 <hyakuhei> Proper feedback 17:32:32 <mdong> One of the problems is that since OSIC ended there hasn’t been anyone with enough knowledge of the code base to do code reviews 17:32:40 <hyakuhei> ah, painful 17:32:45 <lhinds> mdong: for openstack projects, is it only vmt managed that you have / will scanned? 17:33:02 <lhinds> `scan` rather 17:33:06 <mdong> but hopefully with other people on the team using syntribos they can help in the future 17:33:14 <mdong> lhinds we’ve scanned the OSIC projects 17:33:28 <lhinds> mdong: ah ok, makes sense 17:33:54 <lhinds> mdong: tag me on reviews, I don't know the code very well, but happy to read up and help out 17:34:16 <hyakuhei> cool 17:34:30 <mdong> sure thing lhinds, there’ll be some CR’s soon 17:34:40 <lhinds> #link https://review.openstack.org/#/q/project:openstack/syntribos 17:34:47 <lhinds> mdong: thx 17:35:02 <lhinds> maybe we can go through the list next week? 17:35:25 <mdong> good idea 17:35:57 <mdong> that’s all from me on syntribos 17:36:04 <hyakuhei> Thanks mdong 17:36:10 <lhinds> thx mdong , nice to hear 17:36:50 <hyakuhei> Anything else to cover ? 17:37:20 <lhinds> not from me for this week 17:37:28 <hyakuhei> cool, lets wrap it then :) 17:37:40 <hyakuhei> #endmeeting