13:55:53 <hinds> #startmeeting OPNFV Security Group 13:55:53 <collabot> Meeting started Wed Mar 4 13:55:53 2015 UTC. The chair is hinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:55:53 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 13:55:53 <collabot> The meeting name has been set to 'opnfv_security_group' 13:59:42 <hinds> #topic agenda bashing 14:01:28 <hinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings 14:02:45 <hinds> #agree agenda bashing 14:03:10 <hinds> #topic meeting minutes 14:03:26 <hinds> #agree last weeks agenda 14:03:38 <hinds> #topic Review Work Items 14:05:04 <hinds> #topic work items - vuln mgmt 14:10:52 <hinds> #link https://wiki.openstack.org/wiki/Vulnerability_Management 14:11:26 <iben_> #info we discussed the existing openstack VMC Security Commitee Vulnerability process 14:11:47 <iben_> #info we will have a similar process for OPNFV developed code 14:15:21 <iben_> #info it is also important to have a known method to get security issues we find sent upstreamed 14:17:39 <iben_> #info most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities 14:18:51 <iben_> #info there may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use 14:20:19 <hinds> #info scripts could introduce security issues (configurations) 14:20:37 <iben_> yes indeed 14:20:49 <iben_> #agreed 14:20:55 <hinds> #action to consider how we will interact (tool wise) with upstream groups 14:26:05 <hinds> #info expected time for fix should be added (Mike) 14:33:38 <hinds> #action Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects 14:35:30 <hinds> #topic Project Lead / Members Elections 14:40:07 <hinds> #action Luke to draw up rough draft of a role / org structure for the security group 14:40:51 <hinds> #agree Mike suggested that we defer elections of any sort to when more people attend 14:45:51 <hinds> #info having some type of senior members to insure quality contibutions are accepted. 14:46:26 <hinds> #topic irc == opnfv-security 14:47:29 <hinds> #undo 14:47:29 <collabot> Removing item from minutes: <MeetBot.ircmeeting.items.Topic object at 0x1ed2750> 14:47:49 <hinds> #topic irc == opnfv-sec 14:48:53 <hinds> #agree we will use the new irc channel called #opnfv-sec 14:49:08 <hinds> #topic Any other business 14:52:13 <hinds> #info etherpads available for each work item and can be used to reference materials relevant to the partcular work item 14:57:19 <hinds> #closemeeting 14:57:50 <hinds> #endmeeting