#opnfv-sec log

14:06:18 <lhinds> #startmeeting OPNFV sec group 28/09/2016
14:06:18 <collabot> Meeting started Wed Sep 28 14:06:18 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:06:18 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:06:18 <collabot> The meeting name has been set to 'opnfv_sec_group_28_09_2016'
14:06:23 <lhinds> k..
14:06:33 <lhinds> #topic agenda
14:07:23 <lhinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:07:36 <lhinds> please have a read and see if you want to add to it
14:09:18 <lhinds> ok
14:09:24 <lhinds> #topic anteater
14:09:52 <lhinds> So I fixed up a lot that was broken (setuptools), and there is an easy docker installation available now:
14:10:08 <lhinds> #link http://anteater.readthedocs.io/en/latest/installation.html#docker
14:10:20 <lhinds> if any of you folk could take it for a test drive, that would be great
14:10:38 <lhinds> just pick some random projects off github and give it a go.
14:10:53 <lhinds> it will work out what the language is and pick it for you.
14:11:16 <lhinds> It currently covers, python, c / c++, perl, java, ruby and php
14:11:32 <lhinds> and bugs / pull requests are welcome
14:11:43 <lhinds> and if you get stuck, just ping me in here.
14:12:04 <lhinds> a quick demo here too: https://asciinema.org/a/73c6c2clre155ph99ouhzejj1
14:12:26 <Sona> ok, I will try, thanks
14:12:29 <lhinds> it is working on github mainly now, as it looks like we are going to mirror opnfv git repos to github
14:12:54 <lhinds> #action Sona will try out anteater tool
14:13:07 <lhinds> #info here is a demo run:
14:13:11 <lhinds> #link https://asciinema.org/a/73c6c2clre155ph99ouhzejj1
14:13:21 <Sona> Thanks Luke
14:13:31 <lhinds> if you use docker, you can ignore the 'source env/bin/activate' cmd
14:13:41 <Sona> ok
14:13:51 <lhinds> that is only needed when running it on a development enviroment
14:14:55 <aripie> hi, sorry for joining late
14:15:12 <lhinds> no worrie aripie
14:15:21 <lhinds> anyone have any questions on anteater?
14:15:25 <Sona> Hi ari
14:15:40 <Sona> no, not now perhaps when I am running :)
14:16:07 <lhinds> cool, please do try it out..if you hit install snags, don't be afraid to ping me for help.
14:16:22 <lhinds> #topic security-scanning
14:16:55 <lhinds> k, so aric just created a stable branch of colorado, which means now that the release is out we can start working on d-release.
14:17:11 <lhinds> I have not done anything yet, as I have been awaiting code freeze on colorado.
14:17:27 <lhinds> so I will be starting on my jira work later this week.
14:17:41 <lhinds> that's all from me, anything new from yourself serverascode ?
14:17:56 <serverascode> no unfortunately have not worked on packaging yet
14:18:18 <lhinds> no worries at all. its been downtime and the code is not there yet to pull in the packages.
14:18:44 <lhinds> Ashlee is also interested in contributing, so I need to get her set up soon too.
14:18:56 <lhinds> #topic security audit
14:19:14 <lhinds> so the audit seemed a success:
14:19:19 <lhinds> #link https://www.mail-archive.com/opnfv-tech-discuss@lists.opnfv.org/msg01044.html
14:19:45 <Sona> yes, thanks for the hard work
14:19:49 <lhinds> Lots of press releases with 'security' in the title about c-release and quotes on how the security group patched issues and have been busy.
14:20:32 <lhinds> a good number mention the badge program, so kudos to Sona for her work there.
14:21:06 <Sona> Thanks Luke
14:21:10 <lhinds> also there is a header on the front page (that seems to have stopped working now)
14:21:12 <lhinds> https://www.opnfv.org/
14:21:45 <lhinds> check out this for a title:
14:21:49 <lhinds> https://www.sdxcentral.com/articles/news/opnfvs-third-release-includes-security-enhancements/2016/09/
14:22:10 <aripie> yes, I noted that, really positive visibility - thanks for the great work!
14:22:41 <Sona> very good
14:23:02 <lhinds> and another where heather mentions the 12 patches which light reading likes: http://www.lightreading.com/nfv/nfv-specs-open-source/opnfv-heads-down-colorado-trail-/d/d-id/726377
14:23:14 <lhinds> so in all, I think its gone quiet well.
14:23:48 <lhinds> The industry polls were 'OPNFV needs to focus on security', and now they are all 'OPNFV has done lots of security in Colorado'
14:24:00 <lhinds> so good job
14:24:05 <Sona> It looks very good
14:24:28 <lhinds> #topic AOB
14:24:39 <Sona> Nothing from me
14:24:41 <lhinds> just one from me..anyone at the openstack summit?
14:24:55 <serverascode> to the barcelona summit? yeah I'm going
14:25:07 <lhinds> oh cool, we should meet serverascode
14:25:18 <serverascode> for sure
14:25:19 <Sona> I don't think I will be able to go
14:25:23 <lhinds> I am out there all week for the security project design summit sessions
14:25:26 <aripie> me neither
14:25:44 <aripie> one info point again from ETSI-NFV-SEC
14:25:53 <lhinds> that's a shame Sona / aripie, maybe next one
14:26:04 <lhinds> shoot aripie
14:26:10 <aripie> I hope I will make it one day...
14:26:12 <aripie> yes
14:26:35 <aripie> #info NVF-SEC 012 and 013 are considered mature enough to start normative work
14:27:04 <aripie> #info 012 = critical VNF's and 013 = security monitoring
14:27:31 <aripie> #info so the "security controller" architecture seems to be approved
14:27:42 <lhinds> I will take a look at those.
14:27:58 <lhinds> aripie: fancy creating a wiki page to keep this info on and up to date?
14:28:23 <aripie> I suppose it would be beneficial, I can take an action point
14:28:34 <lhinds> sure that would be great
14:29:02 <lhinds> #action aripie to start a wiki page with info on ETSI-SEC updates, progress and links to materials.
14:29:17 <lhinds> k, I think we are done unless anyone else has other business?
14:29:47 <aripie> I am good
14:30:30 <lhinds> k, thanks all
14:30:34 <lhinds> #endmeeting