14:07:25 <LHinds> #startmeeting OPNFV Sec Meeting 17/02/16 14:07:25 <collabot> Meeting started Wed Feb 17 14:07:25 2016 UTC. The chair is LHinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:07:25 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:07:25 <collabot> The meeting name has been set to 'opnfv_sec_meeting_17_02_16' 14:07:35 <LHinds> ok, topics.. 14:07:40 <LHinds> we have the security guide of course 14:07:57 <LHinds> anything else? (I expect it to get more busy post release) 14:08:22 <florind> #info Florin Dumitrascu 14:08:53 <LHinds> #topic security guide 14:09:18 <LHinds> Sona, I commited your changes. I just need to fix a couple of formatting errors and it will build 14:09:23 <LHinds> #link https://gerrit.opnfv.org/gerrit/#/c/9995/ 14:09:32 <Sona> good, I saw 14:09:34 <LHinds> good work btw! 14:09:45 <Sona> thanks 14:10:02 <LHinds> so did aric fix your access issues? 14:10:23 <Sona> unfortunately I have been very busy this week, but I will continue to dig into TPM etc .. 14:10:37 <Sona> it is good info to know 14:10:58 <aripie> as it works with Sona, I suppose I will get it working, too 14:11:14 <LHinds> so you are ok for gerrit / git auth now? 14:11:45 <Sona> I didn't get error when I send my code for review 14:11:50 <aripie> though I just tried to connect but I got "We don't know where your gerrit is... 14:12:06 <aripie> so I will work on that now as I know it works for Sona 14:12:36 <LHinds> the general workflow is (once you have your ssh key added, and aric has approved you)... 14:12:43 <LHinds> 1. clone 14:12:48 <LHinds> 2. do your changes 14:13:22 <LHinds> 3. git add <your_file> 14:13:28 <LHinds> 4. git commit -a --signoff 14:13:52 <LHinds> that will open in your default editor (vi, emacs) etc 14:13:59 <LHinds> add a message about your changes 14:14:02 <LHinds> :we 14:14:15 <LHinds> or rather :wq (save and quit) 14:14:27 <LHinds> 5. git review 14:14:36 <LHinds> gerrit will spit back a URL to you 14:14:37 <Sona> this is what I did 14:15:07 <LHinds> go to the URL and add reviewers, you want Chris, Fatih and Ryoto 14:15:09 <Sona> aha I don't think gerrit did this to me ? 14:15:15 <LHinds> they will +1 14:15:27 <LHinds> Here is an example text Sona 14:15:27 <Sona> I didn't get any error as I used to get 14:15:32 <Sona> I will try again 14:16:06 <LHinds> [hinds@casper opnfvsecguide] $ git review 14:16:08 <LHinds> remote: Resolving deltas: 100% (6/6) 14:16:10 <LHinds> remote: New file detected, please ensure that it has the correct license header 14:16:12 <LHinds> remote: Processing changes: new: 1, refs: 1, done 14:16:14 <LHinds> remote: 14:16:16 <LHinds> remote: New Changes: 14:16:18 <LHinds> remote: https://gerrit.opnfv.org/gerrit/7825 14:16:20 <LHinds> remote: 14:16:22 <LHinds> To ssh://lukehinds@gerrit.opnfv.org:29418/opnfvdocs.git 14:16:24 <LHinds> * [new branch] HEAD -> refs/publish/master 14:16:26 <LHinds> the other thing.. 14:16:52 <LHinds> when you have a patchset (the above commit) +1'ed and accepted 14:16:56 <LHinds> from there on use... 14:17:04 <LHinds> $ git review --amend 14:17:19 <LHinds> this way you can keep working on the same patch, and not need to add reviewers each time. 14:18:04 <LHinds> aripie, you might find it easier in a Linux VM to get set up (unless you're already) 14:18:13 <aripie> ... I will retry from scratch, all fine until git review, cannot find remote (ssh looks OK) 14:18:30 <aripie> I am on msysgit - may be better to try VM 14:18:51 <LHinds> yep, its not easy on the windows platform. 14:19:20 <LHinds> you're welcome to drop me an email, or will send you my number and jump on teamviewer and work it out if you like. 14:20:04 <aripie> yes, probably just some small issue 14:20:36 <LHinds> well worth install VirtualBox and whacking ubuntu / fedora / arch or whatever you like on there 14:20:47 <LHinds> join the master race :) 14:21:10 <aripie> I hope my poor old laptop will not choke 14:21:37 <LHinds> 1024 mb will be fine for memory (unless you want the GUI) 14:21:49 <aripie> cli is fine 14:21:59 <LHinds> k, anything more on the security guide? 14:22:53 <aripie> we discussed last time our deliverable planning 14:23:11 <aripie> i.e. if we should be dependent on opnfv releases or run our own race 14:24:28 <LHinds> good question , plan was to work at our own pace, but I think it would be good to try and get complete for the next release (after the current one pending right now) 14:27:32 <LHinds> k, so no other topics from me. As said at the start, the core infra program starts after the release (when aric is freed up), so there will be lot going on then when that kicks off 14:27:42 <LHinds> so its quiet before the storm just now 14:28:25 <aripie> the other thing we discussed last time was that we could set some internal target dates for the chapters we are working with 14:29:07 <LHinds> that would be good, that would really help forecast a time as well. 14:29:22 <LHinds> should we use jira? 14:29:41 <LHinds> we can open an issue for each chapter? 14:29:54 <aripie> that would certaily keep things tracked 14:30:07 <Sona> yes, it is good idea 14:30:09 <LHinds> agree 14:30:31 <LHinds> I asked aric to set us up a security jira section, so 14:30:44 <LHinds> #action Luke to see if sec jira is available 14:31:09 <LHinds> #action Start to raise issues for each chapter, and establish timeline to complete (each section) 14:32:55 <LHinds> so we can 'assign' a chapter using jira, and use it as a place to gather feedback etc too 14:36:21 <LHinds> ok 14:36:39 <LHinds> so short and sweet again, i think we are over for this week now? 14:37:08 <aripie> I am good with that 14:37:58 <LHinds> great, will email some minutes out shortly 14:38:11 <LHinds> #endmeeting