#opnfv-sec log

14:07:08 <lhinds> #startmeeting Sec Group 05/10
14:07:08 <collabot> Meeting started Wed Oct  5 14:07:08 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:07:08 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:07:08 <collabot> The meeting name has been set to 'sec_group_05_10'
14:07:21 <lhinds> #topic agenda
14:07:25 <lhinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:07:35 <lhinds> please add if you wish..
14:07:58 <lhinds> #topic anteater
14:08:07 <lhinds> thanks for testing Sona_
14:08:12 <lhinds> good that you got it working
14:08:28 <Sona_> you are very welcome
14:08:37 <lhinds> now that gerrit will be mirrored to > github, it uses the github API now instead.
14:08:50 <lhinds> this means folk can easily use it outside of opnfv, which is good
14:08:59 <Sona_> is there any OPNFV project you want me to run anteater?
14:09:28 <lhinds> you don't have to do that, its fun to just pick random projects off github
14:09:44 <lhinds> just someones username and do..
14:09:48 <Sona_> ok
14:10:03 <lhinds> anteater clone --ghuser linustorvalds
14:10:13 <lhinds> anteater scan all
14:10:26 <Sona_> haha
14:10:30 <lhinds> and that will scan all of linus'es github repositories
14:10:38 <Sona_> wow
14:10:40 <lhinds> in time we will be able to do:
14:10:47 <lhinds> anteater clone opnfv
14:10:50 <Sona_> that would be good
14:10:56 <lhinds> anteater scan all
14:11:35 <lhinds> Do you think its worth sharing back with the linux foundation?
14:11:50 <aripie> I think it is
14:12:02 <Sona_> yes, I think so
14:12:11 <lhinds> will do, Sona_ could you email me a contact there that you spoke with before?
14:12:27 <Sona_> Yes, I will
14:12:46 <Sona_> I think Davia A wheeler would be good one to start with
14:12:50 <lhinds> thanks..in time I want to get some of the LF badge checks in there too.
14:12:57 <Sona_> I will give you his contact info
14:13:25 <lhinds> thx
14:16:46 <lhinds> irc client froze
14:16:48 <lhinds> back
14:16:56 <lhinds> #topic security scanning
14:17:11 <lhinds> I feel bad, but nothing new again yet, but poised to start tomorrow
14:17:42 <lhinds> Ashlee said on twitter that she is hacking the code, so will be interesting to see what she comes up with too.
14:17:57 <lhinds> anything new from yourself serverascode (totally ok if not)
14:20:33 <lhinds> k :)
14:20:50 <lhinds> #topic protection of keys
14:21:10 <lhinds> Ashlee was due to talk on this, but not sure she could make it today
14:22:10 <lhinds> We spoke to the TSC about this and they want us to investigate into advising on what can be safely stored in our repos
14:22:39 <Sona_> I saw some emails regarding keys issue, I didn't have time to follow all conversations
14:23:31 <Sona_> Ok, so you and Ashlee are looking at this
14:23:51 <lhinds> yep, basically people were storing private keys in repos.
14:24:14 <lhinds> one of them was to access a fuel server, which was really bad
14:24:34 <lhinds> another for accessing a Tor switch
14:25:07 <lhinds> ok I think we are done, unless AOB?
14:25:59 <Sona_> Not from me
14:26:17 <aripie> I am ok too
14:33:01 <lhinds> k, bye all
14:33:05 <lhinds> #endmeeting