#opnfv-sec log

14:12:37 <lhinds> #startmeeting Security Group 15/06
14:12:37 <collabot`> Meeting started Wed Jun 15 14:12:37 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:12:37 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:12:37 <collabot`> The meeting name has been set to 'security_group_15_06'
14:13:22 <lhinds> I have no had anytime to formulate and agenda, but I guess the main topic is the summit, scanning, and badge program>?
14:13:43 <aripie> hi, ok with that
14:15:43 <lhinds> Sona: ?
14:16:00 <lhinds> #topic summit
14:17:24 <lhinds> ping Sona
14:20:33 <lhinds> outside of the meeting, how are you aripie ? traveling much?
14:20:57 <aripie> have been, yes, just home from Madrid yesterday
14:21:06 <lhinds> ahh, nice
14:21:54 <aripie> yes, the weather and food were great, but quite a lot of the time working
14:22:17 <aripie> so not much time for tourism
14:22:45 <lhinds> sure, understand..its the same for me..eat late and then back to hotel to get up early again
14:22:47 <Sona> hi
14:22:51 <Sona> sorry :)
14:22:57 <lhinds> Hi Sona. thats ok
14:23:04 <lhinds> so topic was the summit
14:23:42 <lhinds> not sure if you noticed, I added some comments on your slides. Don't take them personally if they appear direct. Its just some quick bullet feedback
14:24:01 <Sona> not at all, it is ok :)
14:24:14 <lhinds> I think on some slides they are very text heavy, and folk will not know if they should read the text on the slides or listen to you.
14:24:28 <Sona> Thanks Luke
14:25:05 <Sona> Have you submitted the slides?
14:25:07 <lhinds> I say it I got the same feedback, for the same thing, last year.
14:25:22 <lhinds> No, we have plenty of time, and you can replace them after as well
14:25:42 <Sona> ok, good :)
14:25:45 <lhinds> I have still not finished myself. so mine need tidying up
14:26:11 <Sona> where will you stay?
14:26:14 <lhinds> when do you arrive?
14:26:19 <lhinds> (In Berlin)
14:26:22 <Sona> on Sunday
14:26:34 <Sona> in which hotel :)?
14:26:54 <lhinds> I am in the intercontinental
14:27:02 <lhinds> (where the summit is)
14:27:17 <Sona> the same for me
14:27:24 <lhinds> we can try and do breakfast together on Monday, as I get in late Sunday
14:27:42 <Sona> Please use hangout or gmail to get in touch
14:27:48 <lhinds> sure, will do
14:28:01 <Sona> ok
14:28:18 <lhinds> we then have two days before the talk, so we can settle into the summit and feel at home.
14:28:27 <Sona> yes
14:28:40 <Sona> can you attend the meeting on Tuesday?
14:28:58 <lhinds> what time is it?
14:29:21 <Sona> let me check
14:29:59 <Sona> Ray suggested 13:00-14:00
14:30:07 <Sona> is it ok for you?
14:30:50 <lhinds> oh, thats difficult, there is a functest meeting I need to get too
14:31:52 <lhinds> after 3pm would be better for me.
14:31:55 <Sona> ok, suggest a time
14:32:02 <lhinds> I will drop an email back to Ray
14:32:37 <lhinds> this is the design summit times https://wiki.opnfv.org/pages/viewpage.action?pageId=6819410
14:33:06 <Sona> ok,
14:35:40 <Sona> I had some questions about badge program I sent email to David A wheeler, I got very detailed answer very quickly :)
14:36:17 <Sona> it is good to get prepared in case peope asks questions about badge p
14:36:38 <Sona> when we have our presentation
14:37:00 <lhinds> Sona: yep that sounds good
14:37:06 <lhinds> ok..
14:37:11 <lhinds> #topic scanning
14:38:06 <Sona> any news about scannin?
14:39:15 <lhinds> still debugging it working int he build environment
14:39:26 <lhinds> I have it working manually now
14:39:43 <Sona> one question
14:39:47 <lhinds> you can see the last run here : https://asciinema.org/a/b81awc0g7kkciwg18gku9vizr
14:40:28 <Sona> does Openscap detects patches CVEs?
14:41:40 <Sona> or does it only check the package versions and reports public vulnerabilities reported to that specific version?
14:43:23 <lhinds> I can't remember now
14:43:32 <lhinds> I think its patches
14:44:48 <Sona> Some customers may not want to upgrade a package to address a CVE
14:45:01 <Sona> they ask for a patch
14:45:30 <Sona> I just wonder how Openscap detects this?
14:46:08 <Sona> Some scanning tools does not detects these kind of pacthing
14:46:54 <Sona> do you understand what I mean?
14:47:12 <lhinds> that would be distribution specific
14:47:38 <lhinds> for RHEL and Debian (which includes Ubuntu) they always patch from repo
14:48:15 <Sona> ok
14:50:34 <lhinds> do you mean like applyting a C/C++ style .patch ?
14:50:52 <lhinds> and then make ; make install ?
14:51:18 <Sona> yes
14:52:30 <Sona> We are soon out of time, let's discuss this later
14:52:44 <Sona> can we move on with with next topic?
14:56:07 <lhinds> sure
14:56:14 <lhinds> #topic badge
14:57:01 <Sona> I added some text in the security wiki for the badge, could you please review it?
14:57:40 <aripie> will do
14:57:53 <Sona> thanks Ari
14:58:01 <lhinds> ok
14:58:39 <Sona> just change anything you don't think it is appropriate or let me know so I can change it
14:58:47 <lhinds> anymore on the badge program Sona ?
14:59:04 <Sona> no,
14:59:43 <lhinds> ok..so see you on Monday , if we don't speak before Sona , and catch you next week aripie
14:59:48 <lhinds> #endmeeting