17:00:57 <lhinds> #startmeeting security 17:00:58 <openstack> Meeting started Thu Dec 14 17:00:57 2017 UTC and is due to finish in 60 minutes. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:02 <openstack> The meeting name has been set to 'security' 17:01:30 <lhinds> anyone around? gagehugo , fungi ? 17:01:46 <fungi> oh, yep 17:02:00 <fungi> sidetracked by release cycle change discussions going on in parallel 17:02:15 <lhinds> fungi: no worries, I think we can be really quick here. 17:02:38 <lhinds> in fact I have two things I could really quickly go over with you fungi .. 17:02:59 <lhinds> could you let me know what you think of this email announcing the SIG 17:03:01 <lhinds> https://etherpad.openstack.org/p/security-sig-mail 17:03:29 <lhinds> and two, is it ok etiquette to send this to openstack-dev [all] 17:05:10 <fungi> well, i think it needs to go to the sigs ml. a pointer to it could also get sent separately to the dev and ops lists 17:05:27 <fungi> but ideally, discussion of this would happen on the sigs ml 17:05:43 <fungi> and cross-posting could lead to a fractured thread mess 17:06:05 <lhinds> I see what you mean, but I was thinking its more an announcement than a discussion per say (we had that before) 17:06:14 <fungi> for the pointer posted to the dev ml, i think i'd use [all] and [security] 17:06:25 <lhinds> fungi: good point 17:06:44 <fungi> [all] is actually intended for cross-project topics, not necessarily meaning to the attention of everyone 17:07:16 <fungi> so people who are subscribing to or filtering on specific ml tags need to have explicitly chosen the [all] tag 17:07:20 <lhinds> I was also thinking of keeping our existing IRC channel and mailing list address as well. No point scrapping all the people in the channel and those that know the address. 17:07:36 <lhinds> fungi: ack, see what you mean. 17:08:25 <fungi> i thought we'd been wanting to avoid using the security ml for discussions anyway, and just keeping it as a convenient means of getting automated notices for security hardening bugs and security-impact flagged reviews 17:08:54 <lhinds> fungi: true, so we should keep it active for that. 17:09:19 <lhinds> fungi: there is also a commit bot that posts to #openstack-security and the odd user pops up 17:09:20 <fungi> i remember going through it with hyakuhei a while back, we just needed to make some adjustments to the posting policy enforced for the list to automatically allow lp and gerrit to send through while setting the general list policy to reject 17:09:45 <lhinds> fungi: I see, so we can leave all as it is. 17:10:06 <fungi> yeah, all that is to say i think keeping those resources is fine, but general discussion would mostly move from the dev ml to the sigs ml 17:10:28 <fungi> in an effort to be more inclusive of ops/user participation 17:10:41 <lhinds> hmm, is there much action on the sigs list? 17:10:52 <lhinds> I doubt it has that many subscribers 17:11:21 <lhinds> Not sure I like the sound of being silo'ed off there. 17:15:36 <lhinds> I guess that's already been decided on, so be it. 17:15:56 <lhinds> what do you think of the email fungi , anything wrong / misleading at all? 17:16:30 <fungi> sorry, as i said, being pulled in a lot of directions at the moment. reading it now 17:17:39 <lhinds> fungi: no worries, take your time. 17:17:55 <cleong> hi 17:18:00 <lhinds> hi cleong 17:18:09 <cleong> may i ask a newb question? 17:18:21 <lhinds> sure.. 17:18:32 <fungi> lhinds: i made a couple of minor typo corrections, but lgtm. ship it 17:18:42 <lhinds> thanks fungi 17:18:48 <cleong> what do i need to provide for becoming a security group member? 17:18:59 <fungi> we can address the discussion of the vmt switching to a tc-appointed working group at a later date once the dist settles 17:19:04 <fungi> s/dist/dust/ 17:19:21 <cleong> i am studying digital forensics next semester and would like to apply theory to practical using openstack 17:20:06 <lhinds> sounds good fungi , I will email ttx to see if we can get a waiver from moving to the sig mailing list 17:20:35 <lhinds> I would prefer to keep things as they are, so we get the needed visibility with the projects 17:20:53 <lhinds> and people already know we listen on -dev [security] 17:21:17 <lhinds> sounds interesting cleong 17:21:46 <cleong> thanks lhinds, do i just apply on the launchpad page? 17:22:07 <fungi> lhinds: why would we need to get a waiver from moving to the sig mailing list (from the dev ml)? 17:22:08 <lhinds> cleong: apply for what cleong , internship? 17:22:32 <lhinds> fungi: well if we don't need one, I am good with that :) 17:22:32 <cleong> no it just says that the group is moderated 17:22:53 <lhinds> cleong: sure, go ahead and join and I will approve your membership 17:23:03 <cleong> ahh wonderful thank you lhinds 17:23:09 <cleong> wasn't sure if there was a procedure 17:23:16 <fungi> lhinds: we can still have security-related discussions on the dev ml if they crop up there, but sigs use the sigs ml for normal discussion so that it's more likely to pull in perspectives from operators/users 17:23:38 <lhinds> fungi: ack, I got you now. I am fine with that. 17:23:48 <lhinds> I thought we would be banished from the main list. 17:23:54 <fungi> in the same way that dev-related discussions sometimes crop up on the general ml, or operational topics come up on the dev ml... 17:24:08 <lhinds> fungi: yup, sgtm 17:24:53 <lhinds> so I think we can wrap up here, as no other bandit cores on. I will drop the email out and follow up around PTG planning for the SIG 17:25:09 <lhinds> fungi: thx again, nice to meet you cleong ! 17:25:13 <lhinds> #endmeeting