#opnfv-sec log

14:02:27 <lhinds> #startmeeting Sec Group 19-10
14:02:27 <collabot> Meeting started Wed Oct 19 14:02:27 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:02:27 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:02:27 <collabot> The meeting name has been set to 'sec_group_19_10'
14:03:29 <lhinds> #topic agenda
14:03:36 <lhinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:03:44 <lhinds> Should anyone wish to add an item ^
14:04:36 <Sona> the items are ok
14:04:40 <lhinds> #topic anteater
14:04:58 <lhinds> Not much new here, did you hear back from the LF Sona ?
14:05:24 <Sona> yes, let me see what David said
14:05:52 <lhinds> cool, please forward to me
14:06:28 <Sona> done
14:06:40 <Sona> I forwarded his email
14:07:57 <Sona> he didn't say much :)
14:08:13 <lhinds> so he points out there is already a commercial tool available, that's nice coming from the Linux Foundation
14:08:18 <lhinds> oh well..moving on :)
14:08:27 <Sona> hehe
14:08:38 <lhinds> #topic Security Scanning
14:09:02 <lhinds> Nothing at all new here, been quite busy on various upstream stuff with the summit just next week
14:09:24 <Sona> are you attending the summit next week?
14:09:29 <lhinds> yes
14:09:41 <Sona> have fun :)
14:09:45 <lhinds> thx
14:09:50 <lhinds> should be good
14:10:01 <lhinds> #topic Safe use of Keys
14:10:15 <lhinds> no sign of ashlee and does not look like anything has taken place yet
14:10:35 <lhinds> #topic AOB
14:10:47 <lhinds> did you want to discuss `internal sec practises` Sona ?
14:10:50 <Sona> I will remove CVE list from wiki page
14:10:53 <lhinds> <your_email>
14:12:01 <Sona> for qemu and kvm, are you ok with this
14:12:45 <lhinds> yeah, I have no problem with that
14:13:19 <Sona> ok we let the linux distros deal with CVEs in KVM & qemu :)
14:13:32 <Sona> we focus on other things
14:13:44 <Sona> how about my email?
14:14:36 <lhinds> you wanted to do something with int sec policies?
14:15:01 <Sona> I just wanted to know what is going on with int sec practices
14:15:20 <Sona> in case we need to get involved
14:15:36 <Sona> to contribut
14:15:38 <lhinds> nothing from what I can tell. Some guy Marcel from Huawei was working on it, and then just went AWOL.
14:15:56 <Sona> ok
14:16:16 <lhinds> Ideally we need to get some content up to guide people what to do / what not to do.
14:16:45 <Sona> any project within security you want me to focus on?
14:17:08 <lhinds> is there anything you would like to work on?
14:17:23 <Sona> I just want to help you
14:17:34 <Sona> as much as I can :)
14:17:47 <lhinds> understand..<just thinking>
14:18:14 <Sona> let me know anytime you need help with something
14:18:25 <Sona> not sure that I can help, but I will try :)
14:19:13 <lhinds> See with docs / wiki, I am not sure people really read it. So I would not want your efforts wasted.
14:19:23 <aripie> hi, sorry had another meeting on the side
14:19:39 <lhinds> But you're not a developer or into coding much?
14:20:27 <lhinds> Is there any scenarios you would like to see in openstack for example (security related)?
14:20:34 <Sona> I am half developer ;) c & assembler
14:20:55 <Sona> not very good at python
14:21:10 <Sona> hi Ari
14:21:33 <Sona> I can check
14:22:05 <lhinds> I guess normally a lot of this stuff is driven by gaps that are found to exist...and there are lots of those, but its whatever you're comfortable with / want to work on / and your company has a need for
14:22:42 <lhinds> if you know asm and C maybe trusted boot might be interesting?
14:23:01 <lhinds> actually trying to get it working and perhaps as a test case in one of the test projects?
14:23:25 <Sona> ok I will check
14:23:36 <lhinds> but its going to be based on how much time you want, and also I guess a factor is if its something ENEA wants to see in place?
14:24:44 <lhinds> If you think of a problem you want to tackle, I will support as much as I can, help review and mentor your code, scripts, configs etc.
14:25:30 <Sona> Normally I don't have much time like everyone else, but I want to help, I see you are very busy
14:25:44 <lhinds> give it some thought on a problem area that interests you and would like to work on.
14:25:56 <Sona> ok
14:26:07 <lhinds> cool
14:26:27 <lhinds> I am always busy (that's mine own fault for a lack of solid focus)
14:26:33 <lhinds> k.
14:26:55 <lhinds> I think that's it now, you can bounce any ideas off me in IRC Sona (I am on 24/7)
14:27:02 <lhinds> any other points
14:27:07 <lhinds> ohai aripie !
14:27:25 <aripie> yes hi lhinds, I got stolen to another meeting
14:27:33 <lhinds> that's ok
14:27:37 <lhinds> oh that reminds me..
14:27:51 <lhinds> next week is openstack summit so I will be away
14:28:12 <lhinds> its up to you both if you would still like to meet?
14:28:19 <lhinds> if not we can defer until next week
14:28:29 <lhinds> I will leave it up to both you
14:28:52 <Sona> ok, we will manage it
14:29:04 <aripie> ok
14:29:12 <lhinds> k, thanks all
14:29:16 <lhinds> #endmeeting