#openstack-meeting log

15:03:47 <gagehugo> #startmeeting security
15:03:48 <openstack> Meeting started Thu May 17 15:03:47 2018 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:03:52 <openstack> The meeting name has been set to 'security'
15:04:05 <gagehugo> o/
15:04:06 <lhinds> hey all
15:04:13 <nickthetait> hi
15:04:26 <gagehugo> hey!
15:04:40 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda
15:04:56 <gagehugo> #topic PTG Denver
15:05:03 <gagehugo> anyone know if they are attending?
15:05:24 <lhinds> looks like I might struggle to get to this one, but that might change
15:05:31 <lhinds> not looking promising though
15:05:39 <nickthetait> I'll be there
15:05:47 <gagehugo> I'll probably be there
15:06:01 <gagehugo> haven't gotten official confirmation yet
15:06:05 <lhinds> should I get in touch about the room with kendell?
15:06:17 <lhinds> *sharing with barbican?
15:06:22 <gagehugo> lhinds sure
15:06:29 <lhinds> no probs, leave with me.
15:06:49 <gagehugo> that would probably be better
15:07:49 <lhinds> i am sure the barbican folks will be fine with that
15:08:12 <gagehugo> sounds good
15:08:32 <gagehugo> #topic LCOO
15:08:38 <gagehugo> eeiden o/
15:08:41 <eeiden> o/
15:08:48 <gagehugo> floor is yours
15:08:49 <eeiden> We'll be having a working group session on Tuesday morning at 9!
15:08:51 <eeiden> https://etherpad.openstack.org/p/LCOO-Vancouver-WG
15:08:53 <eeiden> Etherpad is here ^
15:09:51 <gagehugo> lhinds will you be at the summit?
15:09:54 <eeiden> We'd love for any and all of you to join -- we're planning on discussing for half the session current approaches and pain points that large operators have within the security realm
15:10:02 <lhinds> gagehugo: unfortunately not
15:10:08 <gagehugo> :(
15:10:38 <lhinds> i know , a few people asked.
15:10:48 <lhinds> will deffo next one though
15:10:51 <lhinds> berlin i think
15:10:51 <nickthetait> I wont be making it to vancouver, but can people not working for a large operator company still go to LCOOs?
15:12:14 <eeiden> You can definitely attend the working group! It's just discussing the problems/solutioning for large operators--any feedback from non-large-operator would be really helpful
15:12:22 <eeiden> Or just attending to see what's going on in the large operator space
15:12:39 <nickthetait> Okay
15:13:38 <gagehugo> I can attend and take notes
15:13:47 <gagehugo> and we can sync up after the summit
15:13:48 <eeiden> I'll be sure the etherpad is updated with everything that happens at the WG and will send it out to you guys afterwards
15:13:52 <eeiden> Nice, thanks Gage
15:14:16 <gagehugo> anything else eeiden?
15:14:25 <eeiden> Nope, that's all
15:14:39 <eeiden> If anyone has any questions that come up later, feel free to reach out
15:15:03 <gagehugo> eeiden thanks!
15:15:08 <gagehugo> #topic Documentation
15:15:41 <gagehugo> I don't think there's any updates here
15:15:57 <gagehugo> lhinds are you aware of any?
15:16:05 <lhinds> don't look like it, docs needs a bit of love, but we are all quite busy
15:16:16 <gagehugo> yup :(
15:16:24 <nickthetait> is there a particular issue that you can point to?
15:17:51 <lhinds> i think the whole doc just needs attention, make sure its still up to date with how the code base / functionality is now
15:18:11 <lhinds> quite often config key / values change and depreciate
15:18:23 <lhinds> that's one example
15:19:26 <gagehugo> yeah..
15:20:15 <gagehugo> #topic OSSN
15:20:25 * gagehugo realized he forgot to ping people at the start
15:20:30 <gagehugo> ping fungi
15:20:52 <lhinds> #action lhinds go over ossn's and triage
15:21:00 <nickthetait> recently there were some fixes made to https://bugs.launchpad.net/ossn/+bug/1699573
15:21:02 <openstack> Launchpad bug 1699573 in OpenStack Security Notes "ScaleIO volumes contain previous data" [Undecided,New]
15:21:12 <nickthetait> but I'm not sure if it is ready for an OSSN yet
15:21:36 <gagehugo> looks like the fix merged
15:21:58 <gagehugo> https://review.openstack.org/#/c/555546/
15:22:57 <nickthetait> ok think I'll tackle that one this week
15:23:46 <lhinds> thx nickthetait
15:24:01 <gagehugo> nice
15:24:14 <gagehugo> #topic OSSA
15:24:15 * fungi is around, as usual more focused on tc office hour
15:24:47 <gagehugo> fungi o/
15:24:51 <fungi> i don't think we have anything new this week
15:25:09 <fungi> #link https://bugs.launchpad.net/ossa/ potential security advidories for public vulnerability reports
15:25:20 <fungi> as always, people looking over those is a huge help to the vmt
15:25:34 <fungi> we try to keep the bare minimum private/embargoed
15:27:08 <gagehugo> sounds good, thanks fungi
15:27:25 <gagehugo> #topic Threat Analysis Docs
15:28:04 <gagehugo> the pycadf and oslo.cache are still on my backlog to review, been busy lately with the summit/work and I've neglected them :(
15:29:27 <gagehugo> #topic Tatu
15:30:20 <gagehugo> lhinds have you heard from the creator about any updates to Tatu?
15:30:51 <lhinds> gagehugo: no I have not heard from him, I did drop him an email, but no response
15:31:03 <gagehugo> ok
15:31:12 <gagehugo> #topic General Discussion
15:31:26 <gagehugo> Would you all be fine with canceling the meeting next week?
15:31:36 <gagehugo> I will be at the summit so I cannot chair
15:31:38 <lhinds> that's ok for me gagehugo
15:31:45 <nickthetait> no problem
15:31:49 <lhinds> I think its common we do that for the summit / ptg
15:31:54 <gagehugo> yeah
15:32:01 <gagehugo> I'll send out an email today
15:32:13 <gagehugo> Does anyone have anything else?
15:33:25 <lhinds> nope from me
15:34:03 <nickthetait> Looking to make my first functional contribution. If anyone has suggestions on something openstack-beginner & security related I'm all ears
15:34:34 <lhinds> nickthetait: might be some stuff over on bandit
15:34:51 <lhinds> although no longer a openstack project (but used by openstack)
15:35:32 <gagehugo> that would be good
15:35:35 <lhinds> nickthetait: https://github.com/PyCQA/bandit/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22
15:35:53 <lhinds> you can ping me for how to go about the patches etc.
15:36:28 <nickthetait> ok. is there any equivalent issue tagging/filtering system in launchpad?
15:38:34 <lhinds> low hanging fuit
15:38:45 <lhinds> but not sure how to look for those accross all projects
15:38:53 <lhinds> gage do you have LHF in keystone?
15:39:07 <gagehugo> lhinds yes
15:39:40 <gagehugo> https://bugs.launchpad.net/keystone/+bugs?field.tag=low-hanging-fruit
15:39:55 <nickthetait> excellent, thanks for the suggestions
15:40:31 <lhinds> k, i got to dash, enjoy the summit!
15:40:47 <gagehugo> Thanks everyone!
15:40:52 <gagehugo> #endmeeting