Re: UPDATE MEETING December Developer Community Meeting
Hi, What time is this meeting at? Thanks. On Sun, Dec 17, 2017 at 1:32 PM, Otto Fowler wrote: > We will be using this meeting > > Topic: Community zoom meeting > Time: this is a recurring meeting Meet anytime > > Join from PC, Mac, Linux, iOS or Android: > https://hortonworks.zoom.us/j/658498271 > > Or join by phone: > > +1 669 900 6833 (US Toll) or +1 646 558 8656 558 8656> (US Toll) > +1 877 853 5247 (US Toll Free) > +1 877 369 0926 (US Toll Free) > Meeting ID: 658 498 271 > International numbers available: > https://hortonworks.zoom.us/zoomconference?m= > y7M0gPfv8kRv3WvXHjXrpc3n3DyNqTMe > > > On December 17, 2017 at 13:05:50, Otto Fowler (ottobackwa...@gmail.com) > wrote: > > The December Community Meeting will be held Monday, December 18th. > These are the topics that are up for discussion > >- Call for reviewers, ideas how to get more involvement, what people can >do to help (Otto) >- Feature branches : we have two now, what are they and how are we going >to work on them (Otto) >- Release process WRT formalized upgrade and installation instructions >to be >included as a part of a release (JZeolla) >- Any concerns/questions >with the secondary repo for bro. (JZeolla) >- ES 5.6 upgrade (michael.miklav...@gmail.com) >- Release Status(michael.miklav...@gmail.com) >- Short Term Roadmap(michael.miklav...@gmail.com) > > > We may only have 40 minutes, so we’ll try to keep things concise, and > follow up with Discuss threads. > > *NOTE: IF THE ROOM CHANGES I WILL SEND AN UPDATE* > > > Topic: Metron Developer Community Meeting > Time: Dec 18, 2017 12:30 PM Eastern Time (US and Canada) > > Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4534152036 > > Or iPhone one-tap : > US: +16468769923,,4534152036# or +16699006833,,4534152036# > Or Telephone: > Dial(for higher quality, dial a number based on your current location): > US: +1 646 876 9923 or +1 669 900 6833 > Meeting ID: 453 415 2036 > International numbers available: > https://zoom.us/zoomconference?m=iwzFkc-YD_msf1cfRJL21VDYsExP41jo > > > Developer Community Meeting Disclaimers > >- Developer Community meetings are a means for realtime discussion of >development issues >- These meetings are not specifically aimed at demonstrations, unless >one is required or requested as part of such discussion >- These meetings are geared towards Metron development issues, not user >issues with deployment or shipped functionality >- There are NO decisions made in these meetings. The mailing list is the >official communication record of the Apache Metron Project, and as such > all >public decisions are to be made on the list, as to give the greatest >opportunity for community involvement. >- There ARE proposals that can be made and discussed in these meetings, >that will then be discussed on list for decision. >- Notes will be taken of these meetings, and they will be posted to the >list >- There may also be breakout posts to the list per proposal or topic, >for more detailed discussion > -- Regards, Nadir Hajiyani
Re: UPDATE MEETING December Developer Community Meeting
Aah, just noticed it in the middle of the email - 12.30 pm EST - hit send too early. Thanks. On Sun, Dec 17, 2017 at 2:54 PM, Nadir Hajiyani wrote: > Hi, > What time is this meeting at? > > Thanks. > > On Sun, Dec 17, 2017 at 1:32 PM, Otto Fowler > wrote: > >> We will be using this meeting >> >> Topic: Community zoom meeting >> Time: this is a recurring meeting Meet anytime >> >> Join from PC, Mac, Linux, iOS or Android: >> https://hortonworks.zoom.us/j/658498271 >> >> Or join by phone: >> >> +1 669 900 6833 (US Toll) or +1 646 558 8656 > 646 >> 558 8656> (US Toll) >> +1 877 853 5247 (US Toll Free) >> +1 877 369 0926 (US Toll Free) >> Meeting ID: 658 498 271 >> International numbers available: >> https://hortonworks.zoom.us/zoomconference?m=y7M0gPfv8kRv3Wv >> XHjXrpc3n3DyNqTMe >> >> >> On December 17, 2017 at 13:05:50, Otto Fowler (ottobackwa...@gmail.com) >> wrote: >> >> The December Community Meeting will be held Monday, December 18th. >> These are the topics that are up for discussion >> >>- Call for reviewers, ideas how to get more involvement, what people >> can >>do to help (Otto) >>- Feature branches : we have two now, what are they and how are we >> going >>to work on them (Otto) >>- Release process WRT formalized upgrade and installation instructions >>to be >>included as a part of a release (JZeolla) >>- Any concerns/questions >>with the secondary repo for bro. (JZeolla) >>- ES 5.6 upgrade (michael.miklav...@gmail.com) >>- Release Status(michael.miklav...@gmail.com) >>- Short Term Roadmap(michael.miklav...@gmail.com) >> >> >> We may only have 40 minutes, so we’ll try to keep things concise, and >> follow up with Discuss threads. >> >> *NOTE: IF THE ROOM CHANGES I WILL SEND AN UPDATE* >> >> >> Topic: Metron Developer Community Meeting >> Time: Dec 18, 2017 12:30 PM Eastern Time (US and Canada) >> >> Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4534152036 >> >> Or iPhone one-tap : >> US: +16468769923,,4534152036# or +16699006833,,4534152036# >> Or Telephone: >> Dial(for higher quality, dial a number based on your current >> location): >> US: +1 646 876 9923 or +1 669 900 6833 >> Meeting ID: 453 415 2036 >> International numbers available: >> https://zoom.us/zoomconference?m=iwzFkc-YD_msf1cfRJL21VDYsExP41jo >> >> >> Developer Community Meeting Disclaimers >> >>- Developer Community meetings are a means for realtime discussion of >>development issues >>- These meetings are not specifically aimed at demonstrations, unless >>one is required or requested as part of such discussion >>- These meetings are geared towards Metron development issues, not user >>issues with deployment or shipped functionality >>- There are NO decisions made in these meetings. The mailing list is >> the >>official communication record of the Apache Metron Project, and as >> such all >> public decisions are to be made on the list, as to give the greatest >>opportunity for community involvement. >>- There ARE proposals that can be made and discussed in these meetings, >>that will then be discussed on list for decision. >>- Notes will be taken of these meetings, and they will be posted to the >>list >>- There may also be breakout posts to the list per proposal or topic, >>for more detailed discussion >> > > > > -- > Regards, > Nadir Hajiyani > -- Regards, Nadir Hajiyani
Re: Secure code analysis
t; > joint > > > > >> >> press > > > > >> >> > > releases or other public communications announcing Your > > entry > > > > into > > > > >> this > > > > >> >> > > Agreement. > > > > >> >> > > > > > > >> >> > > At Our written request, You will furnish Us with (a) a > > > > >> certification > > > > >> >> > signed > > > > >> >> > > by an officer of Your company providing user or access > > > > information > > > > >> that > > > > >> >> > > identifies whether the Service and the Software is being > > used > > > in > > > > >> >> > accordance > > > > >> >> > > with the terms of this Agreement, and (b) log files from > any > > > > >> License > > > > >> >> > > Manager. Upon at least thirty (30) days prior written > > notice, > > > We > > > > >> may > > > > >> >> > > engage, at Our expense, an independent auditor to audit > Your > > > use > > > > >> of the > > > > >> >> > > Service and the Software to ensure that You are in > > compliance > > > > with > > > > >> the > > > > >> >> > > terms of this Agreement. ... You will provide the auditor > > with > > > > >> access > > > > >> >> to > > > > >> >> > > the relevant records and facilities. > > > > >> >> > > > > > > >> >> > > Jon > > > > >> >> > > > > > > >> >> > > On Fri, May 27, 2016 at 11:14 AM zeo...@gmail.com < > > > > >> zeo...@gmail.com> > > > > >> >> > > wrote: > > > > >> >> > > > > > > >> >> > > > There's nothing built-in with Travis, but we could > > install a > > > > >> tool to > > > > >> >> do > > > > >> >> > > > this as part of the installation of tools on the build > > box. > > > > I'm > > > > >> >> gonna > > > > >> >> > > > reach out to people in my local circle who specialize in > > > > secure > > > > >> code > > > > >> >> > > > analysis and see what all of the options are. > > > > >> >> > > > > > > > >> >> > > > Jon > > > > >> >> > > > > > > > >> >> > > > On Fri, May 27, 2016 at 9:50 AM Nick Allen < > > > > n...@nickallen.org> > > > > >> >> wrote: > > > > >> >> > > > > > > > >> >> > > >> I completely agree that we will need some focus on > this. > > > > >> >> > > >> > > > > >> >> > > >> What could Travis do for us? I wasn't aware that they > > > offered > > > > >> >> > security > > > > >> >> > > >> scanning. > > > > >> >> > > >> > > > > >> >> > > >> Are you aware of any security scan services that offer > > free > > > > >> support > > > > >> >> to > > > > >> >> > > >> open > > > > >> >> > > >> source projects? > > > > >> >> > > >> > > > > >> >> > > >> On Fri, May 27, 2016 at 9:42 AM, zeo...@gmail.com < > > > > >> zeo...@gmail.com > > > > >> >> > > > > > >> >> > > >> wrote: > > > > >> >> > > >> > > > > >> >> > > >> > So I've never done anything like this before in > Travis > > > but > > > > I > > > > >> have > > > > >> >> > done > > > > >> >> > > >> IDE > > > > >> >> > > >> > plugins and pre prod scans in the past at large > > companies > > > > >> which > > > > >> >> > worked > > > > >> >> > > >> > well. I floated the idea past a friend working at > > Travis > > > > and > > > > >> she > > > > >> >> > said > > > > >> >> > > >> if > > > > >> >> > > >> > we go that route she would assist. > > > > >> >> > > >> > > > > > >> >> > > >> > I just think that if this is integrated from the > > > beginning > > > > and > > > > >> >> fail > > > > >> >> > > >> builds > > > > >> >> > > >> > on critical issues (to start), this could be a big > > > > >> differentiator, > > > > >> >> > > >> > especially because we're talking about a security > > > platform > > > > >> that > > > > >> >> > > >> centralizes > > > > >> >> > > >> > tons of sensitive information, tries to parse almost > > > > anything > > > > >> >> that's > > > > >> >> > > >> thrown > > > > >> >> > > >> > at it (think of what's been happening to AV products > > > > >> recently), > > > > >> >> and > > > > >> >> > is > > > > >> >> > > >> open > > > > >> >> > > >> > source for bad guys to dig into much more easily. > > > > >> >> > > >> > > > > > >> >> > > >> > Jon > > > > >> >> > > >> > > > > > >> >> > > >> > On Fri, May 27, 2016, 09:34 Nick Allen < > > > n...@nickallen.org > > > > > > > > > >> >> wrote: > > > > >> >> > > >> > > > > > >> >> > > >> > > I am not aware of any discussions around this, Jon. > > > What > > > > are > > > > >> >> you > > > > >> >> > > >> > thinking? > > > > >> >> > > >> > > > > > > >> >> > > >> > > On Thu, May 26, 2016 at 4:35 PM, zeo...@gmail.com > < > > > > >> >> > zeo...@gmail.com > > > > >> >> > > > > > > > >> >> > > >> > > wrote: > > > > >> >> > > >> > > > > > > >> >> > > >> > > > I was just wondering if there is any sort of > static > > > (or > > > > >> even > > > > >> >> > > >> dynamic) > > > > >> >> > > >> > > code > > > > >> >> > > >> > > > analysis, or penetrating testing/vulnerability > > > > assessment, > > > > >> >> > > >> occurring at > > > > >> >> > > >> > > any > > > > >> >> > > >> > > > point on the metron code. Has there been any > > > > discussion of > > > > >> >> > > >> installing > > > > >> >> > > >> > > > something along those lines on the Travis build > > > server > > > > >> (if it > > > > >> >> > > isn't > > > > >> >> > > >> > there > > > > >> >> > > >> > > > already)? Thanks, > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > Jon > > > > >> >> > > >> > > > -- > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > Jon > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > -- > > > > >> >> > > >> > > Nick Allen > > > > >> >> > > >> > > > > > > >> >> > > >> > -- > > > > >> >> > > >> > > > > > >> >> > > >> > Jon > > > > >> >> > > >> > > > > > >> >> > > >> > > > > >> >> > > >> > > > > >> >> > > >> > > > > >> >> > > >> -- > > > > >> >> > > >> Nick Allen > > > > >> >> > > >> > > > > >> >> > > > -- > > > > >> >> > > > > > > > >> >> > > > Jon > > > > >> >> > > > > > > > >> >> > > -- > > > > >> >> > > > > > > >> >> > > Jon > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > > >> >> > > > > > >> >> > -- > > > > >> >> > Nick Allen > > > > >> >> > > > > > >> >> -- > > > > >> >> > > > > >> >> Jon > > > > >> > > > > > >> > -- > > > > >> > Nick Allen > > > > >> > > > > >> --- > > > > >> Thank you, > > > > >> > > > > >> James Sirota > > > > >> PPMC- Apache Metron (Incubating) > > > > >> jsirota AT apache DOT org > > > > >> > > > > >> -- > > > > >> > > > > >> Jon > > > > > -- > > > > > > > > > > Jon > > > > > > > > > > Sent from my mobile device > > > > > > > > --- > > > > Thank you, > > > > > > > > James Sirota > > > > PPMC- Apache Metron (Incubating) > > > > jsirota AT apache DOT org > > > > > > > -- > > > > > > Jon > > > > > > -- > > Jon > -- Regards, Nadir Hajiyani
Re: Secure code analysis
t; > >> >> > > > > > > >> >> > > Additionally, upon execution of this Agreement, the > parties > > > will > > > > >> use > > > > >> >> > > commercially reasonable efforts to issue mutually agreed > > upon > > > > joint > > > > >> >> press > > > > >> >> > > releases or other public communications announcing Your > > entry > > > > into > > > > >> this > > > > >> >> > > Agreement. > > > > >> >> > > > > > > >> >> > > At Our written request, You will furnish Us with (a) a > > > > >> certification > > > > >> >> > signed > > > > >> >> > > by an officer of Your company providing user or access > > > > information > > > > >> that > > > > >> >> > > identifies whether the Service and the Software is being > > used > > > in > > > > >> >> > accordance > > > > >> >> > > with the terms of this Agreement, and (b) log files from > any > > > > >> License > > > > >> >> > > Manager. Upon at least thirty (30) days prior written > > notice, > > > We > > > > >> may > > > > >> >> > > engage, at Our expense, an independent auditor to audit > Your > > > use > > > > >> of the > > > > >> >> > > Service and the Software to ensure that You are in > > compliance > > > > with > > > > >> the > > > > >> >> > > terms of this Agreement. ... You will provide the auditor > > with > > > > >> access > > > > >> >> to > > > > >> >> > > the relevant records and facilities. > > > > >> >> > > > > > > >> >> > > Jon > > > > >> >> > > > > > > >> >> > > On Fri, May 27, 2016 at 11:14 AM zeo...@gmail.com < > > > > >> zeo...@gmail.com> > > > > >> >> > > wrote: > > > > >> >> > > > > > > >> >> > > > There's nothing built-in with Travis, but we could > > install a > > > > >> tool to > > > > >> >> do > > > > >> >> > > > this as part of the installation of tools on the build > > box. > > > > I'm > > > > >> >> gonna > > > > >> >> > > > reach out to people in my local circle who specialize in > > > > secure > > > > >> code > > > > >> >> > > > analysis and see what all of the options are. > > > > >> >> > > > > > > > >> >> > > > Jon > > > > >> >> > > > > > > > >> >> > > > On Fri, May 27, 2016 at 9:50 AM Nick Allen < > > > > n...@nickallen.org> > > > > >> >> wrote: > > > > >> >> > > > > > > > >> >> > > >> I completely agree that we will need some focus on > this. > > > > >> >> > > >> > > > > >> >> > > >> What could Travis do for us? I wasn't aware that they > > > offered > > > > >> >> > security > > > > >> >> > > >> scanning. > > > > >> >> > > >> > > > > >> >> > > >> Are you aware of any security scan services that offer > > free > > > > >> support > > > > >> >> to > > > > >> >> > > >> open > > > > >> >> > > >> source projects? > > > > >> >> > > >> > > > > >> >> > > >> On Fri, May 27, 2016 at 9:42 AM, zeo...@gmail.com < > > > > >> zeo...@gmail.com > > > > >> >> > > > > > >> >> > > >> wrote: > > > > >> >> > > >> > > > > >> >> > > >> > So I've never done anything like this before in > Travis > > > but > > > > I > > > > >> have > > > > >> >> > done > > > > >> >> > > >> IDE > > > > >> >> > > >> > plugins and pre prod scans in the past at large > > companies > > > > >> which > > > > >> >> > worked > > > > >> >> > > >> > well. I floated the idea past a friend working at > > Travis > > > > and > > > > >> she > > > > >> >> > said > > > > >> >> > > >> if > > > > >> >> > > >> > we go that route she would assist. > > > > >> >> > > >> > > > > > >> >> > > >> > I just think that if this is integrated from the > > > beginning > > > > and > > > > >> >> fail > > > > >> >> > > >> builds > > > > >> >> > > >> > on critical issues (to start), this could be a big > > > > >> differentiator, > > > > >> >> > > >> > especially because we're talking about a security > > > platform > > > > >> that > > > > >> >> > > >> centralizes > > > > >> >> > > >> > tons of sensitive information, tries to parse almost > > > > anything > > > > >> >> that's > > > > >> >> > > >> thrown > > > > >> >> > > >> > at it (think of what's been happening to AV products > > > > >> recently), > > > > >> >> and > > > > >> >> > is > > > > >> >> > > >> open > > > > >> >> > > >> > source for bad guys to dig into much more easily. > > > > >> >> > > >> > > > > > >> >> > > >> > Jon > > > > >> >> > > >> > > > > > >> >> > > >> > On Fri, May 27, 2016, 09:34 Nick Allen < > > > n...@nickallen.org > > > > > > > > > >> >> wrote: > > > > >> >> > > >> > > > > > >> >> > > >> > > I am not aware of any discussions around this, Jon. > > > What > > > > are > > > > >> >> you > > > > >> >> > > >> > thinking? > > > > >> >> > > >> > > > > > > >> >> > > >> > > On Thu, May 26, 2016 at 4:35 PM, zeo...@gmail.com > < > > > > >> >> > zeo...@gmail.com > > > > >> >> > > > > > > > >> >> > > >> > > wrote: > > > > >> >> > > >> > > > > > > >> >> > > >> > > > I was just wondering if there is any sort of > static > > > (or > > > > >> even > > > > >> >> > > >> dynamic) > > > > >> >> > > >> > > code > > > > >> >> > > >> > > > analysis, or penetrating testing/vulnerability > > > > assessment, > > > > >> >> > > >> occurring at > > > > >> >> > > >> > > any > > > > >> >> > > >> > > > point on the metron code. Has there been any > > > > discussion of > > > > >> >> > > >> installing > > > > >> >> > > >> > > > something along those lines on the Travis build > > > server > > > > >> (if it > > > > >> >> > > isn't > > > > >> >> > > >> > there > > > > >> >> > > >> > > > already)? Thanks, > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > Jon > > > > >> >> > > >> > > > -- > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > Jon > > > > >> >> > > >> > > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > > > > > >> >> > > >> > > -- > > > > >> >> > > >> > > Nick Allen > > > > >> >> > > >> > > > > > > >> >> > > >> > -- > > > > >> >> > > >> > > > > > >> >> > > >> > Jon > > > > >> >> > > >> > > > > > >> >> > > >> > > > > >> >> > > >> > > > > >> >> > > >> > > > > >> >> > > >> -- > > > > >> >> > > >> Nick Allen > > > > >> >> > > >> > > > > >> >> > > > -- > > > > >> >> > > > > > > > >> >> > > > Jon > > > > >> >> > > > > > > > >> >> > > -- > > > > >> >> > > > > > > >> >> > > Jon > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > > >> >> > > > > > >> >> > -- > > > > >> >> > Nick Allen > > > > >> >> > > > > > >> >> -- > > > > >> >> > > > > >> >> Jon > > > > >> > > > > > >> > -- > > > > >> > Nick Allen > > > > >> > > > > >> --- > > > > >> Thank you, > > > > >> > > > > >> James Sirota > > > > >> PPMC- Apache Metron (Incubating) > > > > >> jsirota AT apache DOT org > > > > >> > > > > >> -- > > > > >> > > > > >> Jon > > > > > -- > > > > > > > > > > Jon > > > > > > > > > > Sent from my mobile device > > > > > > > > --- > > > > Thank you, > > > > > > > > James Sirota > > > > PPMC- Apache Metron (Incubating) > > > > jsirota AT apache DOT org > > > > > > > -- > > > > > > Jon > > > > > > -- > > Jon > -- Regards, Nadir Hajiyani