#opnfv-meeting: OPNFV Security Group

Meeting started by hinds at 13:55:53 UTC (full logs).

Meeting summary

  1. agenda bashing (hinds, 13:59:42)
    1. https://etherpad.opnfv.org/p/opnfv-sec-meetings (hinds, 14:01:28)
    2. AGREED: agenda bashing (hinds, 14:02:45)

  2. meeting minutes (hinds, 14:03:10)
    1. AGREED: last weeks agenda (hinds, 14:03:26)

  3. Review Work Items (hinds, 14:03:38)
  4. work items - vuln mgmt (hinds, 14:05:04)
    1. https://wiki.openstack.org/wiki/Vulnerability_Management (hinds, 14:10:52)
    2. we discussed the existing openstack VMC Security Commitee Vulnerability process (iben_, 14:11:26)
    3. we will have a similar process for OPNFV developed code (iben_, 14:11:47)
    4. it is also important to have a known method to get security issues we find sent upstreamed (iben_, 14:15:21)
    5. most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities (iben_, 14:17:39)
    6. there may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use (iben_, 14:18:51)
    7. scripts could introduce security issues (configurations) (hinds, 14:20:19)
    8. ACTION: to consider how we will interact (tool wise) with upstream groups (hinds, 14:20:55)
    9. expected time for fix should be added (Mike) (hinds, 14:26:05)
    10. ACTION: Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects (hinds, 14:33:38)

  5. Project Lead / Members Elections (hinds, 14:35:30)
    1. ACTION: Luke to draw up rough draft of a role / org structure for the security group (hinds, 14:40:07)
    2. AGREED: Mike suggested that we defer elections of any sort to when more people attend (hinds, 14:40:51)
    3. having some type of senior members to insure quality contibutions are accepted. (hinds, 14:45:51)

  6. irc == opnfv-sec (hinds, 14:47:49)
    1. AGREED: we will use the new irc channel called #opnfv-sec (hinds, 14:48:53)

  7. Any other business (hinds, 14:49:08)
    1. etherpads available for each work item and can be used to reference materials relevant to the partcular work item (hinds, 14:52:13)


Meeting ended at 14:57:50 UTC (full logs).

Action items

  1. to consider how we will interact (tool wise) with upstream groups
  2. Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects
  3. Luke to draw up rough draft of a role / org structure for the security group


People present (lines said)

  1. hinds (25)
  2. iben_ (7)
  3. collabot (4)


Generated by MeetBot 0.1.4.