#opnfv-meeting log

13:55:53 <hinds> #startmeeting OPNFV Security Group
13:55:53 <collabot> Meeting started Wed Mar  4 13:55:53 2015 UTC.  The chair is hinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:55:53 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:55:53 <collabot> The meeting name has been set to 'opnfv_security_group'
13:59:42 <hinds> #topic agenda bashing
14:01:28 <hinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:02:45 <hinds> #agree agenda bashing
14:03:10 <hinds> #topic meeting minutes
14:03:26 <hinds> #agree last weeks agenda
14:03:38 <hinds> #topic Review Work Items
14:05:04 <hinds> #topic work items - vuln mgmt
14:10:52 <hinds> #link https://wiki.openstack.org/wiki/Vulnerability_Management
14:11:26 <iben_> #info we discussed the existing openstack VMC Security Commitee Vulnerability process
14:11:47 <iben_> #info we will have a similar process for OPNFV developed code
14:15:21 <iben_> #info it is also important to have a known method to get security issues we find sent upstreamed
14:17:39 <iben_> #info most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities
14:18:51 <iben_> #info there may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use
14:20:19 <hinds> #info scripts could introduce security issues (configurations)
14:20:37 <iben_> yes indeed
14:20:49 <iben_> #agreed
14:20:55 <hinds> #action to consider how we will interact (tool wise) with upstream groups
14:26:05 <hinds> #info expected time for fix should be added (Mike)
14:33:38 <hinds> #action Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects
14:35:30 <hinds> #topic Project Lead / Members Elections
14:40:07 <hinds> #action Luke to draw up rough draft of a role / org structure for the security group
14:40:51 <hinds> #agree Mike suggested that we defer elections of any sort to when more people attend
14:45:51 <hinds> #info having some type of senior members to insure quality contibutions are accepted.
14:46:26 <hinds> #topic irc == opnfv-security
14:47:29 <hinds> #undo
14:47:29 <collabot> Removing item from minutes: <MeetBot.ircmeeting.items.Topic object at 0x1ed2750>
14:47:49 <hinds> #topic irc == opnfv-sec
14:48:53 <hinds> #agree we will use the new irc channel called #opnfv-sec
14:49:08 <hinds> #topic Any other business
14:52:13 <hinds> #info etherpads available for each work item and can be used to reference materials relevant to the partcular work item
14:57:19 <hinds> #closemeeting
14:57:50 <hinds> #endmeeting