[all][security-sig][meta-sig] Forum summary: Expose SIGs and WGs
Josephine Seifert
josephine.seifert at secustack.com
Wed Dec 12 13:57:31 UTC 2018
Am 12.12.18 um 14:20 schrieb Adam Spiers:
> Matt Riedemann <mriedemos at gmail.com> wrote:
>> On 12/3/2018 11:42 AM, Rico Lin wrote:
>>> We also have some real story (Luzi's story) for people to get a
>>> better understanding of why current workflow can look like for
>>> someone who tries to help.
>>
>> I looked over the note on this in the etherpad.
>
> Me too - in case anyone missed the link to this initiative around
> image encryption, it's near the bottom of:
> https://etherpad.openstack.org/p/expose-sigs-and-wgs
>
> And BTW it sounds like a really cool initiative to me! In fact I
> think it could nicely complement the work I am doing on adding AMD SEV
> support to nova:
> https://review.openstack.org/#/c/609779/
>
Thank you, it's nice to hear that there are people who would like to
have image encryption in OpenStack.
>
> A couple of other things struck me about this initiative:
> - They were requested to propose separate specs for each involved
> project (Nova, Cinder and Glance in this case). This resulted in
> quite a bit of duplication between the specs, but maybe that was
> unavoidable.
>
We were told, they need those specs for documentation purposes. So I can
understand why we have to do this. The downside is of course, that it
not only takes longer to write / update the specs (as we really like to
update all at the same time - so they are consistent), but mainly the
project teams would only review the spec within their project (with a
few exceptions).
> - The question where to put the shared encryption and decryption code
> remained unresolved, even though of the three options proposed, only
> the oslo option had no cons listed:
>
>
> https://etherpad.openstack.org/p/library-for-image-encryption-and-decryption
>
> oslo seems like a natural place to put it, so maybe the solution is
> to submit this spec to oslo?
>
Actually we already talked to the Security SIG, which are basically the
same people as in Barbican, at the Summit. And we agreed that a new
library in oslo would be a good option.
So we proposed a spec for a new oslo-library:
https://review.openstack.org/#/c/618754/
Sadly there aren't many people in the Security SIG / Barbican right now
and they also have their own features and projects (Barbican) to
maintain. A few people from the other involved project would maybe help.
I am currently talking to Ildiko about pop-up teams, which would be an
option to organize things.
regards,
Josephine (Luzi)
More information about the openstack-discuss
mailing list