This is an important evolution for the security group / project / SIG!
Congratulations everyone on taking things this far and to Luke for your
excellent stewardship.
-Rob
On Thu, Dec 14, 2017 at 5:30 PM, Luke Hinds wrote:
> Hi All,
>
> Following on from the mailing list discussion [0], we now
+1
Luke has been an excellent contributor to the Security project and would be
an excellent PTL to take the project forward.
On Tue, Aug 1, 2017 at 8:30 AM, Luke Hinds wrote:
> Hello All,
>
> I would like to announce my candidacy for Security Project PTL for
> Queens.
>
> I have been a member
Just a reminder for all that we'll be having a security meeting today at
the usual time.
Meeting agenda: https://etherpad.openstack.org/p/security-agenda
Cheers
-Rob
__
OpenStack Development Mailing List (not for usage questi
I've been out on vacation but as a circle back to normal (working!) life
I've found this thread very interesting.
I share the concerns raised about the level of resource required to back
this. I don't speak for the VMT but I agree with Jeremy that it should be
possible to provide VMT support to Ko
Hi All,
I won't be able to make today's meeting as I'm travelling.
I've not found a chair to cover the meeting, please decide if you have a
quorum and either proceed or go back to "real life" as you see fit.
Cheers
-Rob
__
O
#startmeeting in the wrong channel
#startmeeting in the right channel but at the wrong time
#startmeeting in the right channel and at the right time but someone else
already started it
I'm basically a pro at meetings.
On Thu, Feb 9, 2017 at 1:14 AM, Lana Brindley
wrote:
> On 09/02/17 06:36, K
You've done the right thing by posting here with the [Security] tag.
Ian has provided advice on how you might become security managed, which
is a good aspiration for any team to have.
However, if you have a serious security issue that you need help mitigating
the security project can help. We can
Just a quick note on Castellan, at the moment it's not a particularly
strong abstraction for key management in general, just the openstack
key management interface.
The reason this is important is because if I recall correctly, Castellan
requires a keystone token for auth. It should be no suprise
>
>
> The last I checked, Rob, they also support DogTag IPA which is purely
> a Software based HSM. Hopefully the Barbican team can confirm this.
> --
> Ian Cordasco
>
Yup, that's my understanding too. However, that requires Barbican _and_
Dogtag, an even bigger overhead. Especially as at least hi
Thanks for raising this on the mailing list Ian, I too share some of
your consternation regarding this issue.
I think the main point has already been hit on, developers don't want to
require that Barbican be deployed in order for their service to be
used.
The resulting spread of badly audited sec
Hi All,
As per our IRC meeting today[1] we've decided to try shortening the
Security IRC meetings to 30 minutes per week. The other option was to have
meetings every two weeks but we all agreed that would lead to missed
meetings, confusion around holidays etc.
The main reason for shortening our m
[Resending without the PTLs in CC because it got my mail stuck in the spam
filters]
I'm struggling to find good info on when the adjusted PTL nomination cycle
starts.
I've checked here: https://releases.openstack.org/ocata/schedule.
html#pike-ptls-self-nomination but it looks like the 'elections'
I'm struggling to find good info on when the adjusted PTL nomination cycle
starts.
I've checked here:
https://releases.openstack.org/ocata/schedule.html#pike-ptls-self-nomination
but it looks like the 'elections' section was supposed to be added to the
table and wasn't.
I know from the updates to
All,
I should have sent the notification out earlier however today's weekly IRC
meeting is cancelled as most of our group are american and on vacation
today.
Have a great day.
-Rob
__
OpenStack Development Mailing List (not f
Congratulations Arun, you've put a lot of work in!
On Mon, Nov 7, 2016 at 10:05 PM, Fernando J Diaz wrote:
> +1 Congrats Arun, welcome to Barbican Core.
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
Good question, I know issues around this have arisen before.
I think the main points have been covered well already, for my part I will
always lean toward the better supported or actively developed project.
I understand the desire to look for FIPS 140-2 compliance, however I'd
caution about this
Hi Brian.
I dont know Erno but trust your judgement.
Im sure Ian will be a great coresec.
+1
Rob
On 19 Oct 2016 04:32, "Hemanth Makkapati"
wrote:
> +1 to both Erno and Ian.
> Both have made solid contributions to Glance over the past few cycles and
> are very thorough in their approach.
> I
The Ops Meetup, organized by the User Committee's Ops Meetups Team, is a
track comprised of collaborative, working sessions for people who are
operating OpenStack clouds (and contributors who want to hear from them).
The purpose is to share knowledge and best practices among cloud operators,
as wel
Hi Guys,
We've put together a session to go over TA and how we should apply what
we've built moving forward.
https://www.openstack.org/summit/barcelona-2016/summit-schedule/events/17017
-Rob
__
OpenStack Development Mailing
Thanks for the heads up, I'll do my best to attend and I'll encourage other
security folks to do likewise.
It looks like there's a good deal of security enforcing functionality in
these specs, I knew we've discussed getting Octa through threat analysis,
lets try to find a good time to schedule tha
I agree with pretty much everything John's written, especially with regards
to what's required of a host (and accepting that things will have to be
different at the PTG).
For security, although we have a pre-event etherpad to propose topics
nothing is decided until the first day, where we will hav
I wanted to provide a quick update from Security.
We had our weekly IRC meeting yesterday, dhellman was kind enough to attend
to help broker some of the discussion. In advance of the meeting I prepared
a blog post where I tried to articulate my position and where I think
things need to go next [1]
I agree that sometimes simply filtering for "security" can get a bit noisy
because only very occasionally is an email mentioning it or even using the
[security] tag actually trying to get the attention of the OSSP. Most of
the time (from my filters anyway) it's either a Neutron Security Groups
issu
I wrote a blog post based on the recent thread about the future of the
Security Project, it's published here:
https://openstack-security.github.io/organization/2016/09/22/maturing-the-security-project.html
Cheers
-Rob
__
Open
Jeremy hit all the major points there.
What we do is basically model things based on a best-practice use case, we
rely on the project to make good choices in this regard with a view to
configurations, protocols etc.
Then we conduct an asset-oriented threat review, during which we create
documenta
For my part, I missed the elections, that's my bad. I normally put a
calendar item in for that issue. I don't think that my missing the election
date should result in the group being treated in this way. Members of the
TC have contacted me about unrelated things recently, I have always been
availab
I'd like to nominate Doug for a CoreSec position as part of the Security
Project.
CoreSec team members support the VMT with extended consultation on
externally reported vulnerabilities.
Doug has been an active member of the Security project for several years.
He's done significant recent work on
All,
No IRC meeting this week as we're conducting the mid-cycle in Austin
Weds->Friday.
However, we'll be doing hangouts for those who can't make it onsite and
will be monitoring IRC so just ping us on there if you want to contribute.
Cheers
-Rob
_
I'd like to nominate Luke for a CoreSec position as part of the Security
Project.
CoreSec team members support the VMT with extended consultation on
externally reported vulnerabilities.
Luke has been an active member of the Security project for quite some time.
He's done significant recent work o
I have returned from #drownload and I'm super keen to get ontop of this, in
this email I'll just try to tie a few different threads together.
The etherpad we used at the summit, along with the Sequence Diagram texts
are online [1] are we happy to continue using web sequence diagrams? I
think the r
Doug Chivers might have some thoughts on this but I'm happy with your
proposal Steve, kind of you to do the leg-work.
-rob
On Fri, Jun 3, 2016 at 1:29 AM, Steven Dake (stdake)
wrote:
> Hi folks,
>
> I think we are nearly done with Item #5 [1] of the VMT. One question
> remains.
>
> We need to
As per today's session (Thursday) the Anchor Threat Analysis blog post now
has added sequence diagram goodness!
https://openstack-security.github.io/threatanalysis/2016/02/07/anchorTA.html
Cheers
-Rob
On Sat, Apr 16, 2016 at 1:19 PM, Steven Dake (stdake)
wrote:
> Hey Folks,
>
> I've scheduled
wrote:
> Can you please give a little more detail on what its about?
>
> Does this have any overlap with the instance user session:
> https://www.openstack.org/summit/austin-2016/summit-schedule/events/94
85
>
> Thanks, Kevin
>
> ----------
So that's one vote for option A and one vote for another vote :)
On 22 Apr 2016 4:25 p.m., "Nathan Reller" wrote:
> > Thoughts?
>
> Is anyone interested in the pull model or actually implementing it? I
> say if the answer to that is no then only discuss the push model.
>
> Note that I am having a
We have two BYOK sessions scheduled for the design summit, one on the
Barbican track and one on the Security track.
[1] Security: Wednesday 5:20pm-6:00pm Hilton Austin - MR 408
[2] Barbican: Thursday 3:10pm-3:50pm Hilton Austin - MR 406
I'd like to suggest two different approaches to getting the
35 matches
Mail list logo