====================================
#opnfv-meeting: OPNFV Security Group
====================================


Meeting started by hinds at 13:55:53 UTC.  The full logs are available
at
http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-03-04-13.55.log.html
.



Meeting summary
---------------

* agenda bashing  (hinds, 13:59:42)
  * LINK: https://etherpad.opnfv.org/p/opnfv-sec-meetings  (hinds,
    14:01:28)
  * AGREED: agenda bashing  (hinds, 14:02:45)

* meeting minutes  (hinds, 14:03:10)
  * AGREED: last weeks agenda  (hinds, 14:03:26)

* Review Work Items  (hinds, 14:03:38)

* work items - vuln mgmt  (hinds, 14:05:04)
  * LINK: https://wiki.openstack.org/wiki/Vulnerability_Management
    (hinds, 14:10:52)
  * we discussed the existing openstack VMC Security Commitee
    Vulnerability process  (iben_, 14:11:26)
  * we will have a similar process for OPNFV developed code  (iben_,
    14:11:47)
  * it is also important to have a known method to get security issues
    we find sent upstreamed  (iben_, 14:15:21)
  * most of our “code” we generate is glue to script the installation,
    configuration, and testing of other upstream components <— what
    follows is that we won’t be creating very many binary artifacts that
    might have vulnerabilities  (iben_, 14:17:39)
  * there may be some binary artifacts from code we create such as a
    vloop vm image or other vnf just for OPNFV project use  (iben_,
    14:18:51)
  * scripts could introduce security issues (configurations)  (hinds,
    14:20:19)
  * ACTION: to consider how we will interact (tool wise) with upstream
    groups  (hinds, 14:20:55)
  * expected time for fix should be added (Mike)  (hinds, 14:26:05)
  * ACTION: Luke to continue to refine the OSVM and consider the points
    made about interactions and contingencies towards upstream projects
    (hinds, 14:33:38)

* Project Lead / Members Elections  (hinds, 14:35:30)
  * ACTION: Luke to draw up rough draft of a role / org structure for
    the security group  (hinds, 14:40:07)
  * AGREED: Mike suggested that we defer elections of any sort to when
    more people attend  (hinds, 14:40:51)
  * having some type of senior members to insure quality contibutions
    are accepted.  (hinds, 14:45:51)

* irc == opnfv-sec  (hinds, 14:47:49)
  * AGREED: we will use the new irc channel called #opnfv-sec  (hinds,
    14:48:53)

* Any other business  (hinds, 14:49:08)
  * etherpads available for each work item and can be used to reference
    materials relevant to the partcular work item  (hinds, 14:52:13)



Meeting ended at 14:57:50 UTC.



People present (lines said)
---------------------------

* hinds (25)
* iben_ (7)
* collabot (4)



Generated by `MeetBot`_ 0.1.4