14:11:52 <lhinds> #startmeeting security group 14:11:52 <collabot`> Meeting started Wed Nov 23 14:11:52 2016 UTC. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:11:52 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:11:52 <collabot`> The meeting name has been set to 'security_group' 14:12:04 <lhinds> #topic CI Badge 14:12:16 <Sona> How can we make sure that D-release is still CII compliant 14:13:01 <lhinds> We would need to run all the checks again I guess 14:13:26 <Sona> we discussed having scripts which checks this automatically but I am not sure if anything has been done 14:13:30 <Sona> ok 14:13:46 <Sona> I was thinking to start to have a look at this issue 14:14:03 <Sona> and make sure D-release is CII compliant 14:14:42 <lhinds> that would be good, either it needs some new scripts developed, or anteater could extended. 14:15:00 <Sona> I will see what I can do 14:15:01 <lhinds> I just am not sure I am going to have any free time to work on it. 14:15:19 <Sona> it is ok, I will do my best 14:15:37 <Sona> you have done alot :) 14:15:55 <lhinds> of course I can always help if you have questions, I am just very busy now in openstack sec topics. 14:16:02 <Sona> how about ETSI? or other standard/Compliance= 14:16:18 <lhinds> I think they are releaseing something next month 14:16:26 <lhinds> Sec-12 IIRC 14:16:37 <Sona> ok, thanks 14:16:40 <aripie> I am following up ETSI, I really should put some info to the website as I have promised 14:17:03 <Sona> good Ari, 14:17:12 <Sona> please let me know if I can help 14:17:26 <Sona> anything new from ETSI? 14:17:43 <Sona> How can we make sure that OPNFV is ETSI compliant? 14:17:46 <aripie> in addition to the ETSI-NFV-SEC there are security related stuff in e.g. ETSI-MANO 14:17:52 <aripie> and in the IFA documents 14:18:06 <aripie> I have attempted to get a grip on the whole... 14:18:21 <Sona> very good, thanks :) 14:18:22 <aripie> I will share my findings and we can take it from there 14:18:45 <Sona> please share your progress with us 14:18:54 <aripie> yes 14:19:00 <Sona> very good 14:19:15 <Sona> any updates from functest? 14:19:19 <Sona> OpenScap? 14:19:40 <Sona> I mean security functest? 14:20:33 <lhinds> nothing new at the moment. going to see with that one, as not had any outreach or uptake on end users 14:20:52 <Sona> is OpenScap running in Jenkins? 14:21:02 <lhinds> yes 14:21:14 <Sona> is someone looking at the result? 14:21:27 <lhinds> no :) 14:21:34 <Sona> hehe 14:21:37 <lhinds> well not that I know of 14:21:52 <lhinds> I am aware of what the gaps are, and so looking to get those patched upstream 14:21:56 <Sona> Can you send me the url så I can have a look at it? 14:22:14 <Sona> I haven't been involved much, I don't know where to look 14:22:40 <lhinds> I am not to sure of the URL, its in the jenkins build pages somewhere, you could ask jose or morgan in functest, they will know 14:23:34 <Sona> ok 14:25:40 <lhinds> anything else, or should we finish up? 14:25:45 <Sona> Who should I talk about d-release? To make sure CII best practices apply to the d-release? 14:26:21 <Sona> Raymond? 14:26:57 <lhinds> Raymond would be good, but you would likely want to time the check more towards the end of the release. 14:27:11 <lhinds> but its a good idea to prepare early 14:27:19 <Sona> ok, thanks 14:27:29 <Sona> I don't have more to add 14:27:38 <aripie> there was a question on opnfv-sec mailing list regarding Inspector/Audit 14:28:28 <lhinds> ok, I will take a look, i did not see that 14:28:43 <aripie> "I have a question around Inspector ? is this proposed as the standard way to Audit deployment compliance or am I missing any other project for security audits?" 14:29:00 <lhinds> got it now, Rana 14:29:04 <aripie> yes 14:29:04 <lhinds> I will reply now 14:29:07 <aripie> ok 14:30:34 <lhinds> ok, thanks Sona / aripie 14:30:39 <lhinds> #endmeeting