Josephine Seifert <josephine.seifert@secustack.com> wrote:
Am 12.12.18 um 14:20 schrieb Adam Spiers:
Matt Riedemann <mriedemos@gmail.com> wrote:
On 12/3/2018 11:42 AM, Rico Lin wrote:
We also have some real story (Luzi's story) for people to get a better understanding of why current workflow can look like for someone who tries to help.
I looked over the note on this in the etherpad.
Me too - in case anyone missed the link to this initiative around image encryption, it's near the bottom of: https://etherpad.openstack.org/p/expose-sigs-and-wgs
And BTW it sounds like a really cool initiative to me! In fact I think it could nicely complement the work I am doing on adding AMD SEV support to nova: https://review.openstack.org/#/c/609779/
Thank you, it's nice to hear that there are people who would like to have image encryption in OpenStack.
:-)
A couple of other things struck me about this initiative: - They were requested to propose separate specs for each involved project (Nova, Cinder and Glance in this case). This resulted in quite a bit of duplication between the specs, but maybe that was unavoidable.
We were told, they need those specs for documentation purposes. So I can understand why we have to do this. The downside is of course, that it not only takes longer to write / update the specs (as we really like to update all at the same time - so they are consistent), but mainly the project teams would only review the spec within their project (with a few exceptions).
- The question where to put the shared encryption and decryption code remained unresolved, even though of the three options proposed, only the oslo option had no cons listed:
https://etherpad.openstack.org/p/library-for-image-encryption-and-decryption
oslo seems like a natural place to put it, so maybe the solution is to submit this spec to oslo?
Actually we already talked to the Security SIG, which are basically the same people as in Barbican, at the Summit. And we agreed that a new library in oslo would be a good option.
Got it - thanks to you and Jeremy for the extra context here.
So we proposed a spec for a new oslo-library: https://review.openstack.org/#/c/618754/
Ah, nice - thanks! What do you think about my suggestion of tracking this whole initiative as a story in StoryBoard? IMHO that would be a convenient way of tracking all the specs and any other related activity together from one place.