#opnfv-sec log

14:04:35 <LukeHinds> #startmeeting Security Group
14:04:35 <collabot> Meeting started Wed Jun 17 14:04:35 2015 UTC.  The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:04:35 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:04:35 <collabot> The meeting name has been set to 'security_group'
14:04:40 <LukeHinds> boom!
14:05:02 <LukeHinds> #topic agenda
14:05:19 <LukeHinds> First off, apologies I have not formatted the meeting minutes from last week
14:05:31 <LukeHinds> I have been off sick with a cold and falling behind
14:05:38 <LukeHinds> but they are on meetbot still
14:05:39 <LukeHinds> https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:05:47 <LukeHinds> http://ircbot.wl.linuxfoundation.org/meetings/opnfv-sec/2015/opnfv-sec.2015-06-10-14.04.html
14:05:55 <LukeHinds> second one ^
14:06:11 <jaosorior> Hello
14:06:23 <MikeCamel> Hello.
14:06:28 <LukeHinds> please see etherpad for agenda
14:06:29 <aripie> Hello
14:06:31 <LukeHinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:06:36 <LukeHinds> hi juan / ari
14:06:51 <LukeHinds> would anyone like to make additions to the agenda?
14:07:05 <jaosorior> I think it's fine
14:07:21 <LukeHinds> just fixed the date to the 17th
14:07:42 <aripie> I am ok with it
14:08:01 <LukeHinds> #agree agenda
14:08:16 <LukeHinds> #topic inspector '
14:08:35 <LukeHinds> So I noted you guys got git / gerrit going
14:08:42 <LukeHinds> I have added my key and cloned
14:08:43 <LukeHinds> :)
14:08:52 <jaosorior> excellent, I was about to ask you guys to do that
14:09:04 <LukeHinds> do you ari / juan have anything you want to go over?
14:09:23 <jaosorior> So regarding inspector, I will soon push the first commit, which will contain the main structure for the documentation of the project
14:09:41 <jaosorior> I went around a couple of frameworks and since I had already been using sphinx, I decided to go with that
14:09:45 <LukeHinds> #info juan will push the first commit, which will contain the main structure for the documentation of the project
14:10:44 <jaosorior> other than that, I need to start documenting how audit works in openstack, and a brief description on how to set it up
14:10:45 <aripie> I initiated a list of collaboration items in
14:10:47 <aripie> #link https://etherpad.opnfv.org/p/inspector_preliminary
14:11:51 <jaosorior> aripie, that's great!
14:12:04 <LukeHinds> quick update from me, David (ODL) cannot join again (he is in Australia and is struggling to make the time)
14:12:26 <LukeHinds> instead I will ask dave neary @ redhat to organise a bridge call more likely in the morning
14:12:40 <LukeHinds> we can then put it to the whole ODL group as well
14:12:42 <jaosorior> LukeHinds, thanks for the update, let us know when you schedule it, maybe we could join
14:12:57 <LukeHinds> oh yes, will definately need you guys
14:13:19 <jaosorior> I'll be away tomorrow and friday, but next week we could do that
14:13:42 <aripie> same for me
14:13:45 <LukeHinds> sure. next week will be better
14:13:50 <LukeHinds> this week is hard for me too
14:14:13 <jaosorior> can you guys do a test commit to gerrit to the inspector repo? Just to make sure that you have everything up and running
14:14:17 <LukeHinds> #action Luke to contact DN to arrange ODL bridge / session
14:14:30 <LukeHinds> juan, will do one after this
14:14:48 <LukeHinds> shall I just make a minor edit to teh README?
14:15:29 <jaosorior> yeah, just something random, it will not be merged, but just to make sure that stuff works
14:15:45 <jaosorior> if you guys want to make your life easier regarding gerrit, I recommend using the git-review plugin
14:16:01 <jaosorior> https://www.mediawiki.org/wiki/Gerrit/git-review
14:16:58 <LukeHinds> #info juan recommends git-review plugin #link https://www.mediawiki.org/wiki/Gerrit/git-review
14:17:14 <jaosorior> Also, I set myself up to describe a Way of Work with the OpenStack components, and push it to the repo
14:18:51 <LukeHinds> on other action against me, I was meant to contact ashutosh and  Kapil, my apologies, never had a chance as been out of action
14:19:10 <LukeHinds> I have it tracked still though and will get it done soon
14:19:21 <aripie> great
14:19:27 <MikeCamel> Was there anything in particular?  I'm in fairly frequent contact with Kapil.
14:20:06 <aripie> there are a couple of items I listed, see the link above
14:20:19 * LukeHinds aripie to start formulating etsi items related to inspector. (LukeHinds, 14:39:55)
14:20:26 * LukeHinds Luke to email Kapil / Ashutosh and instruct them on actions. (LukeHinds, 14:40:27)
14:20:28 * LukeHinds aripie will drive and I (luke) will support (and try and get kapil / ashutosh involved as well) (LukeHinds, 14:54:44)
14:20:32 <MikeCamel> Hokay.
14:20:46 <LukeHinds> so the actions were to get involved in mapping
14:21:04 <LukeHinds> get famaliair with wiki and think about approaches
14:21:12 <LukeHinds> * familiar
14:21:13 <MikeCamel> I'll leave that with you - let me know if you want a hand getting in touch, but he's usually pretty responsive.
14:21:22 <LukeHinds> will do, thanks Mike
14:21:52 <LukeHinds> ok, so inspector is progressing well.
14:22:00 <LukeHinds> any other items on the topic?
14:22:16 <aripie> just one note from me
14:22:26 <aripie> #link http://www.specs-project.eu/?wpdmdl=978
14:22:56 <aripie> there is an EU project that touches some topic in Inspector
14:23:08 <aripie> and also some other topic more genrically to opnfv-sec
14:23:31 <aripie> there are more docs than that linked, see publications in specs main page
14:23:49 <aripie> the one I linked seems the most relevant
14:24:14 <aripie> that was it
14:24:21 <LukeHinds> quick view shows the process flows are very useful (at the end of the document)
14:24:51 <LukeHinds> #topic Security Audit of Arno
14:25:09 <LukeHinds> ok, i need to likely bounce this one off the TSC, or a TSC member as well
14:25:19 <LukeHinds> but thought I would discuss with you guys first
14:25:44 <LukeHinds> I started a deployment of Arno last night and noted a few things, security wise .
14:27:03 <LukeHinds> Stuff like the typical install guide entry 'put SELinux into Permissive mode, and then no further steps for implementing Enforced again.
14:27:18 <LukeHinds> there is also a host of other stuff I would like to check.
14:27:46 <LukeHinds> my recommendation is we do a security audit of arno and then find a helpful way to feedback to the projects
14:28:10 <LukeHinds> I don't mind heading this up as I need to get up to speed with the release now its GA(?)
14:28:22 <jaosorior> LukeHinds, which installer was it?
14:28:31 <LukeHinds> if anyone else is interested or has some ideas on a method that should be followed, let me know
14:28:37 <LukeHinds> juan, foreman
14:28:57 <LukeHinds> I am not pointing fingers...RDO does the same thing for there release as well.
14:29:10 <jaosorior> Well, those clearly need to be filed as bug reports
14:29:27 <LukeHinds> very good point.
14:29:30 <jaosorior> Not sure what's the best way to proceed here
14:29:40 <jaosorior> Should we each do an overview of the solution
14:29:46 <jaosorior> or should we sit down one of these days
14:29:51 <LukeHinds> this might even be a good time to enact the vulnerability process.
14:29:52 <jaosorior> and start going through the whole thing together?
14:30:23 <aripie> it would make sense to get formal from the beginning
14:30:32 <LukeHinds> +1
14:30:46 <jaosorior> Alright, any suggestions?
14:30:50 <LukeHinds> perhaps we need to take this to the next TSC and get there views
14:31:06 <LukeHinds> it has potential to be a serious undertaking or result
14:31:19 <aripie> how about all who can make an effort to check for themselves, then collect results in a session to get the hunch
14:32:11 <aripie> then file bug reports and start trying out the vuln process
14:32:13 <LukeHinds> i think using jira is a good idea, but we may need to enact a proper process for any big holes.
14:32:37 <LukeHinds> even though arno is only running on labs, good habits from the start and all that
14:33:19 <LukeHinds> k, how about I get off my xxx and get the VMT process in front of the TSC's eyes and propose the audit.
14:33:33 <LukeHinds> we can then get there feedback / feelings / points and then go forwards with that?
14:33:43 <aripie> +1
14:34:41 <LukeHinds> ok, I will do that. next TSC
14:35:09 <LukeHinds> I guess it would be better to do this against a full lab deployment
14:35:51 <LukeHinds> I have a one node with a single  br-ext to one NIC.
14:36:11 <LukeHinds> thats ok for me poking around, but we should be more formal here.
14:36:20 <LukeHinds> anyone have any ideas on labs?
14:36:53 <LukeHinds> This might be good to have the release manager involved.
14:37:49 <jaosorior> no idea on the labs here
14:38:04 <LukeHinds> ok, i can raise that on the TSC call.
14:38:32 <LukeHinds> I will chat with aric and get the groups set up for embargo handling as well
14:39:15 <LukeHinds> #action luke to take VMT and arno audit proposal to TSC
14:39:35 <jaosorior> excellent
14:39:49 <LukeHinds> # Luke to chat with aric to complete group configuration for handling embargo issues
14:39:55 <LukeHinds> duh
14:40:07 <LukeHinds> #action Luke to chat with aric to complete group configuration for handling embargo issues
14:40:43 <LukeHinds> so we can get the wider communiites thoughts and then formulate an approach
14:43:48 <jaosorior> Anything else in the agenda?
14:44:41 <LukeHinds> I think that is it for now
14:44:51 <LukeHinds> unless anyone has any other biz?
14:45:46 <aripie> I am done
14:46:27 <jaosorior> Alright, so I guess that's that
14:47:04 <LukeHinds> yup, thanks all
14:47:15 <LukeHinds> minutes will go up and see you on the TSC call!
14:47:17 <aripie> thanks
14:47:17 <LukeHinds> #endmeeting