[all][security-sig][meta-sig] Forum summary: Expose SIGs and WGs
Adam Spiers
aspiers at suse.com
Wed Dec 12 15:10:21 UTC 2018
Josephine Seifert <josephine.seifert at secustack.com> wrote:
>Am 12.12.18 um 14:20 schrieb Adam Spiers:
>
>> Matt Riedemann <mriedemos at gmail.com> wrote:
>>> On 12/3/2018 11:42 AM, Rico Lin wrote:
>>>> We also have some real story (Luzi's story) for people to get a
>>>> better understanding of why current workflow can look like for
>>>> someone who tries to help.
>>>
>>> I looked over the note on this in the etherpad.
>>
>> Me too - in case anyone missed the link to this initiative around
>> image encryption, it's near the bottom of:
>> https://etherpad.openstack.org/p/expose-sigs-and-wgs
>>
>> And BTW it sounds like a really cool initiative to me! In fact I
>> think it could nicely complement the work I am doing on adding AMD SEV
>> support to nova:
>> https://review.openstack.org/#/c/609779/
>>
>Thank you, it's nice to hear that there are people who would like to
>have image encryption in OpenStack.
:-)
>> A couple of other things struck me about this initiative:
>> - They were requested to propose separate specs for each involved
>> project (Nova, Cinder and Glance in this case). This resulted in
>> quite a bit of duplication between the specs, but maybe that was
>> unavoidable.
>>
>We were told, they need those specs for documentation purposes. So I can
>understand why we have to do this. The downside is of course, that it
>not only takes longer to write / update the specs (as we really like to
>update all at the same time - so they are consistent), but mainly the
>project teams would only review the spec within their project (with a
>few exceptions).
>
>> - The question where to put the shared encryption and decryption code
>> remained unresolved, even though of the three options proposed, only
>> the oslo option had no cons listed:
>>
>>
>> https://etherpad.openstack.org/p/library-for-image-encryption-and-decryption
>>
>> oslo seems like a natural place to put it, so maybe the solution is
>> to submit this spec to oslo?
>>
>Actually we already talked to the Security SIG, which are basically the
>same people as in Barbican, at the Summit. And we agreed that a new
>library in oslo would be a good option.
Got it - thanks to you and Jeremy for the extra context here.
>So we proposed a spec for a new oslo-library:
>https://review.openstack.org/#/c/618754/
Ah, nice - thanks!
What do you think about my suggestion of tracking this whole
initiative as a story in StoryBoard? IMHO that would be a convenient
way of tracking all the specs and any other related activity together
from one place.
More information about the openstack-discuss
mailing list