#openstack-meeting-alt log

17:01:14 <lhinds> #startmeeting security
17:01:14 <openstack> Meeting started Thu Jul 13 17:01:14 2017 UTC and is due to finish in 60 minutes.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:18 <openstack> The meeting name has been set to 'security'
17:01:20 <lhinds> #chair hyakuhei
17:01:21 <openstack> Current chairs: hyakuhei lhinds
17:01:37 <dg_> o/
17:01:41 <lhinds> hey dg_
17:01:49 <mdong_> o/
17:01:53 <lhinds> hey mdong_
17:02:18 <gagehugo> o/
17:02:22 <lhinds> hi gagehugo
17:02:22 <hyakuhei> o/
17:02:26 <lhinds> hi hyakuhei
17:02:27 <hyakuhei> Sorry, tied up shouting on the phone :P
17:02:34 <hyakuhei> o/
17:03:17 <hyakuhei> So the agenda is up in the usual spot
17:03:22 <hyakuhei> #link https://etherpad.openstack.org/p/security-agenda
17:03:38 <hyakuhei> I see we have a Keystone issue added, welcome gagehugo
17:04:03 <lhinds> cool
17:04:40 <gagehugo> hyakuhei yeah it was brought up a few months ago, but things happened right around that time and that fell to the wayside
17:04:48 <gagehugo> would like to get that going again if possible
17:05:27 <lhinds> gagehugo: I will make suer I review
17:05:36 <hyakuhei> ah cool, dg_ what do you think ?
17:05:37 <lhinds> suer/sure
17:05:59 <hyakuhei> gagehugo has completed an architecture page for us to review
17:06:07 <gagehugo> lhinds awesome
17:06:16 <hyakuhei> Can we carve out some time ?
17:06:38 <dg_> ok yeah we can take a look
17:06:58 <hyakuhei> Cool
17:07:17 <hyakuhei> #topic future
17:08:07 <hyakuhei> The elections are coming up soon and I'd encourage anyone interested to run
17:08:34 <hyakuhei> I've spoken with lhinds about this at length and he has some good ideas and a strong desire to drive the security project forwards
17:08:35 <dg_> lhinds thinking about running?
17:08:56 <lhinds> yep, going to go for it dg_
17:09:02 <dg_> excellent
17:09:15 <hyakuhei> I have not been able to provide the security project with the time it deserves and requires and will be stepping aside so long as there is someone willing to take up the role
17:09:28 * fungi would gladly vote for lhinds
17:09:36 <lhinds> thanks fungi
17:10:07 * hyakuhei too
17:10:23 <hyakuhei> So it is an open election and everyone is encouraged to participate
17:10:43 <hyakuhei> I understand that lhinds has good support from his parent company which is really pivotal to making a role like PTL work
17:11:20 <fungi> yes, knowing you can dedicate a good chunk of your week to it for the next 6-8 months is pretty crucial
17:11:38 <hyakuhei> +1
17:11:48 <mdong_> I know I haven’t been involved as much as I’d like, so knowing that there’s organizational support for this is really good to hear
17:11:59 <hyakuhei> lhinds has been helping me out a lot recently anyway, running meetings etc
17:12:14 <lhinds> I will put up my plans in writing, once the election email drops.
17:12:25 <dg_> like a manifesto>
17:12:29 <hyakuhei> :)
17:12:47 <fungi> the foundation has been attempting to encourage more member companies to support their staff in leadership roles and other efforts of general benefit to the community, so hopefully we'll see more like lhinds's employer in time
17:12:47 <lhinds> strong and stable
17:12:50 <hyakuhei> I have a long list of things I'd like to have done or know could be done better, I'm happy to share
17:13:18 <lhinds> that would be really useful for the next PTL hyakuhei
17:13:25 <hyakuhei> :)
17:13:26 <mdong_> run through any wheat fields lately lhinds haha
17:13:43 <lhinds> suffice to say, a great act to follow for the next PTL
17:14:01 <lhinds> mdong_: no, that is far to extreme behavior for me.
17:14:09 <hyakuhei> Some chapters better than others but we've come a long way
17:14:21 <hyakuhei> ok, so any other thoughts/comments?
17:15:14 <lhinds> do you existing folks intend to stick around in the project (what with work commitments / career directions)?
17:15:36 <hyakuhei> I will try to, but honestly I think I'll be in more of an advisory role
17:15:48 <dg_> likewise
17:15:51 <hyakuhei> That is to say I'll try to get along to IRC and the new PTL will have my cell number
17:16:00 <lhinds> ack, understood
17:16:26 <fungi> i'm funded by who i'm funded by explicitly so that i know i will be able to stick around and not have to worry about shifts in employer priorities
17:16:39 <lhinds> ack fungi
17:16:41 <hyakuhei> Hmm, the PTL elections aren't on the pike schedule
17:17:00 <dg_> I plan to stick around and will try and come to the meetings, but atm the dayjob is incredibly busy, it will calm down again at some point
17:17:05 <hyakuhei> Alas I am a corporate shill, a lackey to my industrial pay masters
17:17:28 <fungi> the tc just agreed on the election official appointments this week, and i believe they'll need to set the election schedule so that it's updated at https://governance.openstack.org/election/
17:18:02 * hyakuhei nods
17:18:07 <lhinds> will keep an eye on that space
17:18:35 <fungi> it will be some time before the ptg, but i don't know exactly. probably mid-next month
17:18:42 <hyakuhei> Cool
17:18:56 <fungi> there was a heads-up diablo_rojo sent to the -dev ml, lemme see if i can dig it up quickly
17:18:57 <hyakuhei> I will see if I can get funding for the PTG or summit to do a proper f2f handover
17:19:52 <hyakuhei> lhinds - want to take us through OSSNs?
17:19:54 <fungi> #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119359.html Upcoming PTL Election
17:19:58 <lhinds> hyakuhei: sure
17:20:03 <hyakuhei> oh sorry fungi forgot you were grokking for mail
17:20:09 <hyakuhei> #topic OSSN
17:20:21 <lhinds> so we currrently have two open, one new one.
17:20:24 <diablo_rojo> fungi, https://review.openstack.org/#/c/481768/
17:20:33 <fungi> thanks diablo_rojo!
17:20:48 <diablo_rojo> also: https://review.openstack.org/#/c/482365/
17:20:53 <diablo_rojo> no problem fungi :)
17:21:16 <lhinds> the get_identity_providers I should be pushing tomorrow
17:21:45 <fungi> thanks, i think that's the one i went ahead and won't-fixed our ossa task for
17:21:53 <lhinds> and I can get the ceph credentials OSSN to as I worked on the topic before.
17:21:58 <lhinds> that's right fungi
17:22:18 <lhinds> there was a third which has been ported into a docs bug
17:22:35 <lhinds> around EC2 credentials.
17:22:47 <lhinds> got it: bug/1618615
17:23:05 <lhinds> I will flesh out a section on EC2 as there are few other security aspects too.
17:23:36 <lhinds> that's it for this week
17:24:48 <lhinds> #topic Documentation
17:25:10 <lhinds> hope thats ok hyakuhei , have some updates to sneak in
17:25:20 <lhinds> couple of things..
17:25:29 <hyakuhei> go ahead
17:25:39 <lhinds> the security docs page has sigmavirus (Ian) as the driver
17:26:13 <lhinds> As we know he moved on back in March, so I sent out an email to -dev suggesting it be replaced, and self nominated
17:26:22 <lhinds> nothing back, so I switched it over to me.
17:26:40 <lhinds> mainly as I am working through the backlog right now, and have a lot to update and add.
17:27:00 <lhinds> a lot of revamping of the checklists and bringing up to Pikes level.
17:27:23 <lhinds> I also will have a BP up to suggest making the checklists version specific.
17:27:42 <hyakuhei> sounds useful
17:27:46 <lhinds> that way we won't have anyone change a config directive that is depreciated (as an exmaple)
17:28:02 <hyakuhei> lhinds thank you for the effort
17:28:22 <lhinds> no worries, its useful stuff to have (i benefited from it greatly at one time)
17:28:51 <lhinds> we also had a few patches land this week, and mhayden added some text on anisble-hardening
17:29:00 <lhinds> https://review.openstack.org/#/c/482231/
17:29:07 <lhinds> that's it for docs, unless any questions..
17:29:33 <lhinds> #topic Syntribos
17:29:39 <lhinds> mdong: ..
17:29:43 <hyakuhei> 20 seconds mdong ;)
17:29:47 <hyakuhei> we can run over though
17:30:13 <mdong> ah sorry, I’m here
17:30:38 <mdong> a few members on the team have been using syntribos actually to test their internal projects
17:31:16 <mdong> They’ve been running into issues here and there and I’ve been working with them to clear up some of the docs, some of the setup instructions, error messages, etc that they’ve been running to
17:32:01 <hyakuhei> That's really encouraging!
17:32:04 <hyakuhei> Proper feedback
17:32:32 <mdong> One of the problems is that since OSIC ended there hasn’t been anyone with enough knowledge of the code base to do code reviews
17:32:40 <hyakuhei> ah, painful
17:32:45 <lhinds> mdong: for openstack projects, is it only vmt managed that you have / will scanned?
17:33:02 <lhinds> `scan` rather
17:33:06 <mdong> but hopefully with other people on the team using syntribos they can help in the future
17:33:14 <mdong> lhinds we’ve scanned the OSIC projects
17:33:28 <lhinds> mdong: ah ok, makes sense
17:33:54 <lhinds> mdong: tag me on reviews, I don't know the code very well, but happy to read up and help out
17:34:16 <hyakuhei> cool
17:34:30 <mdong> sure thing lhinds, there’ll be some CR’s soon
17:34:40 <lhinds> #link https://review.openstack.org/#/q/project:openstack/syntribos
17:34:47 <lhinds> mdong: thx
17:35:02 <lhinds> maybe we can go through the list next week?
17:35:25 <mdong> good idea
17:35:57 <mdong> that’s all from me on syntribos
17:36:04 <hyakuhei> Thanks mdong
17:36:10 <lhinds> thx mdong , nice to hear
17:36:50 <hyakuhei> Anything else to cover ?
17:37:20 <lhinds> not from me for this week
17:37:28 <hyakuhei> cool, lets wrap it then :)
17:37:40 <hyakuhei> #endmeeting