Re: [Openstack] Is there any way to migrate the Instance between the projects/tenants?
Anyone had success automating this process? Is there a blueprint for this class of problem? Thank you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)
I appreciate that it often isn't appropriate, but in this case it might have been beneficial to include python-keystoneclient version 0.2.4 where this is first resolved. Thank you, Lloyd On Thu, May 23, 2013 at 1:52 PM, Jeremy Stanley jer...@openstack.org wrote: OpenStack Security Advisory: 2013-013 CVE: CVE-2013-2013 Date: May 23, 2013 Title: Keystone client local information disclosure Reporter: Jake Dahn (Nebula) Products: python-keystoneclient Affects: All versions Description: Jake Dahn from Nebula reported a vulnerability that the keystone client only allows passwords to be updated in a clear text command-line argument, which may enable other local users to obtain sensitive information by listing the process and potentially leaves a record of the password within the shell command history. Fix: https://review.openstack.org/28702 Notes: A fix has already been merged to the python-keystoneclient master branch on 2013-05-21 (commit f2e0818) which adds an interactive password prompt, and will appear in the next release of python-keystoneclient. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013 https://bugs.launchpad.net/python-keystoneclient/+bug/938315 -- Jeremy Stanley (fungi) OpenStack Vulnerability Management Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQJ8BAEBCgBmBQJRnoF7XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5N0FFNDk2RkMwMkRFQzlGQzM1M0IyRTc0 OEY5OTYxMTQzNDk1ODI5AAoJEEj5lhFDSVgp0egP/1ulEpWpQ+PGB3wnu3mFHJqU yx9hV1vgQok7+bo9IpYJg5fKbiG+xfK5F3DOAaeuLFH5qidLPTPeSLozRtJAyMfa lU7uuNA5e1oVDWDjEKaeeoC05cj9gaCx6GF1cdX6HIbMWVtZhBOiBZWEGU3l0lKV 9dpb0RbJ0xNa7m5NN7N7D7Qg42QGglTalolTAyzOyR7/EnM+iQNKlxIIdhKm3Lrb 512NnEsPpn2gB3zDU/IKxE6Pvy65dbBDzEos9anE4H7BuSm3QyP4RwWk21QPp+H8 BQenDw3gahj3YBw14e5qaZgG5V4wdRkru7OOrIuzfPDcsydSD/9xGKmEs6MXXtBh rCpQ9iUApd1QBtrFWfnmsGrr6H3gGfHzFvBCOg2oWX4t1/cbP01EMTPswO0lpL4B HobIqng1eg0rKUIfLc4TQRpNBungfatjsBt5lb4ee2ywE3ABOQ47drN/fhVopKT7 6OojreEuOdaY0t3u68jwTYafdyqzlvUEirewJE4BYVuDl8ML9UyLhwQOrhUxhk+l q6aZ6oyMHlL6HLmQoukFzWt5J922QnxYJNq8izfDKHTte5BAyIdOHoV/nMgkyXTN nOt+tO+lByflI+Jy0K4ppWaaCuBCakWW8GTa7QLi6drxGIjA+vtIROLYsIk1rIDS byjR9eRNCwVNvv94gXZi =eJME -END PGP SIGNATURE- ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)
Thanks Jeremy, I agree with you. I prefer a follow up after the fact. Interestingly, the OSSA 2013-014 notice did include python-keystoneclient fix (will be included in upcoming 0.2.4 release). Thank you, Lloyd On Mon, Jun 3, 2013 at 10:37 AM, Jeremy Stanley fu...@yuggoth.org wrote: On 2013-06-03 10:01:03 -0700 (-0700), Lloyd Dewolf wrote: I appreciate that it often isn't appropriate, but in this case it might have been beneficial to include python-keystoneclient version 0.2.4 where this is first resolved. What's the better way to do that, do you think? Delay the announcement until a new release is tagged, guess what the release will be numbered (possibly doable with the assistance of the developers as long as they don't change their minds), or follow up to the announcement after the fact? I opted for expediency and accuracy, indicating the date and commit hash stating will appear in the next release, but am happy to entertain alternative approaches there. I agree it's less than ideal for end users reading the announcement and trying to decide whether they're running a new enough version of the client to have access to that feature, though I guess the manpage or --help output is the first place I would look as a user if it came into question. Also, with many users running stable-distribution-packaged clients with fixes backported, upstream version numbers can be fairly irrelevant to those users in the short term as they may have the fix in a client reporting to be running an older version. -- Jeremy Stanley ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Grizzly on Laptop running Ubuntu 12.04 Desktop 64-bit and having 2 NICs (one Ethernet and other Wireless)
On Mon, May 13, 2013 at 7:34 AM, Devendra Gupta dev29...@gmail.com wrote: Hi, I am setting up Grizzly in single node on my laptop running Ubuntu 12.04 Desktop 64-bit for POC, I am using a doc which say 2 NICs are required (please see https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst doc). I have two NICs in my laptop one is Ethernet and other is Wireless so is it fine to setup the environment on it ? Another thing, what if I am disconnected from any of the network because then I don't have IP in that specific NIC ? Skimming through those instructions it looks like the requirement for 2 nics is specific to making your OpenStack install available on the Internet in a secure-ish manner. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack in OpenStack Without a 'VT-x' CPU
On Tue, Apr 30, 2013 at 2:14 PM, Dugger, Donald D donald.d.dug...@intel.com wrote: I don’t claim to be an expert on OpenStack on OpenStack but I don’t believe you need VTx at all. IPMI, yes you need that, but not VTx. How would (physical) IPMI come in to this equation? If I understand here we are talking about using virtualization on a single server to gain experience with configuring and operating OpenStack clusters. On Tue, Apr 30, 2013 at 1:12 PM, Chris Bartels ch...@christopherbartels.com wrote: tl;dr- 1. Does the nested KVM running inside the OpenStack that runs inside another OpenStack get to take advantage of the VT-x of the host CPU? AFAIR, there has been nested guest support in kvm_amd for a while, and more recently kvm_intel also has support... These blog posts from a year ago seem relevant: http://kashyapc.wordpress.com/2012/01/14/nested-virtualization-with-kvm-intel/ http://kashyapc.wordpress.com/2012/01/18/nested-virtualization-with-kvm-and-amd/ 2. Does OpenStack on OpenStack running KVM in each need VT-x on the host CPU at all to run properly? Sort of, hardware support is required to truly use KVM, but when we say KVM we're lumping in QEMU. KVM fails back to QEMU. AFAIK, other virtualization technologies like vmware and virtualbox require VT-x/amd-v for 64-bit guest virtualization, and I think some Windows guests require tech like Extended Page Table (EPT). I've previously played with https://github.com/lorin/openstack-ansible If it was me, I would be concerned that without hardware virtualization the performance would be so poor that OpenStack on OpenStack would be too frustrating to use -- though you might find some interesting bugs related to race conditions and timeouts :p Hope that helps, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Savanna] 0.1 Release!
On Wed, Apr 10, 2013 at 3:45 PM, Robert Collins robe...@robertcollins.net wrote: On 11 April 2013 08:30, Sergey Lukjanov slukja...@mirantis.com wrote: Hi everybody, we finished Phase 1 of our roadmap and released the first project release! Currently Savanna has the REST API for Hadoop cluster provisioning using pre-installed images and we started working on pluggable mechanism for custom cluster provisioning tools. Also I'd like to note that custom pages for OpenStack Dashbord have been published too. You can find more info on Savanna site: Savanna seems to fit into the same space as Heat (going off your diagram on http://savanna.mirantis.com/) - can you explain how it is different? My understanding of Savanna is it's complete focus on Hadoop. Monty also recently asked about the opportunity for Savanna to use Heat in a thread titled Re: [openstack-dev] [EHO] Project name change [Savanna] http://markmail.org/message/2vre6r4kgwqhvhav Hope that helps, Lloyd -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openStack] instance status
On Fri, Apr 5, 2013 at 4:18 AM, Deepak A.P swift007.dee...@gmail.comwrote: Hi , i have a list of instances created using the below command nova boot myInstance --image 0e2f43a8-e614-48ff-92bd-be0c68da19f4 --flavor 2 --key_name openstack i ran the below command to check the status of instances nova list all the instances show status as *BUILD* , how to se the status of the image to ACTIVE , i tried rebooting the instance am getting the below error Once the instance finishes building then it will be in the active state. Depending on the image, flavor and configuration starting an instance can take a long time. I would suggest first trying with a small image like Cirrus and using a tiny flavor. http://docs.openstack.org/trunk/openstack-compute/admin/content/starting-images.html Hope that helps, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack] Images need to be stored in Glance or SWIFT?
On Thu, Mar 14, 2013 at 1:40 AM, Razique Mahroua razique.mahr...@gmail.comwrote: Hi, it depends basically on what you are looking for - you can store the images in both, but Swift is more of an project aimed to propose and high-available and high-tolerant object store. Not saying that Glance doesn't do that - but Glance is more of a repository actually Right, the essential service of Glance is the cataloging of vm images, public and project ownership of the images, and making them available to nova. Remote images is an elegant feature that reinforces this magic. Balu, remember that Glance manages all instance snapshots, so the object store configuration is often a great choice. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Help with VMs
On Tue, Feb 5, 2013 at 10:19 AM, Harvey West harvey.w...@btinternet.comwrote: Not used openstack or this email forum before. Have installed openstack on unbuntu 12.4.1 LTS. Seems to work with the default unbuntu VM image. How do I create a new image. I would to create a FreeBSS VM instance. Is this possible? Hi Harvey, I have not created any BSD images, but as is no surprise it is fully supported by KVM, http://www.linux-kvm.org/page/Guest_Support_Status My searching for bsd guest kvm returns a lot of encouraging results, and the content should generally be applicable. http://cssoss.wordpress.com/2011/11/28/bundling-freebsd-image-for-openstack/still looks good, though you'll want to use the native image API (glance client) for uploading the image. Hope that helps, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Wikipedia page
On Wed, Jan 9, 2013 at 3:24 PM, Stefano Maffulli stef...@openstack.orgwrote: On 01/07/2013 12:28 PM, Stefano Maffulli wrote: I can lead this task. Please join me on IRC #openstack-community (I'm reed) to coordinate efforts. I gave a first pass at improving the page. It looks better, it now has links, references and is more up to date. Please have a look at it and keep improving it: https://en.wikipedia.org/wiki/**OpenStackhttps://en.wikipedia.org/wiki/OpenStack Also, please keep updating also the pages in other languages. In the opening paragraphs: companies currently links directly to http://www.openstack.org/foundation/companies/ , I think the encyclopedic norm would be for that link to be in a ref on more than 150 companies. portable software could link to http://en.wikipedia.org/wiki/Software_portability SUSE Linux should likely just be SUSE and link to http://en.wikipedia.org/wiki/SUSE The strength of the article is also very dependent on the quality of https://en.wikipedia.org/wiki/Cloud_computing and specifically https://en.wikipedia.org/wiki/IaaS#Infrastructure_as_a_service_.28IaaS.29 which are not particularly strong, and likely contain original research. Possibly, we could rally to improve these as well. Hope that helps, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Windows 2012 Server
On Tue, Dec 18, 2012 at 10:41 AM, Joe Warren-Meeks joe.warren.me...@gmail.com wrote: Hi guys, I've created a windows 2012 image and uploaded it ok. Pretty much following this example: http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-windows-image.html When I go to launch an instance, it works ok and nova list and nova show look healthy. If I VNC to it as soon as it starts to boot, I get to see the BIOS and then the new Windows logo, but then the screen goes black and nothing seems to happen. Sending ctrl-alt-del elicits no response and it doesn't look like the network has DHCP'ed either. Has anyone else seen this and if so, any idea what I can do to fix it? We haven't had a customer ask for help with Windows 2012, but have had good success with Windows 2008 created using KVM. https://airframeaid.pistoncloud.com/entries/21838261-creating-windows-images -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Upcoming wiki migration to Mediawiki
On Thu, Dec 13, 2012 at 11:31 AM, Ryan Lane rl...@wikimedia.org wrote: There aren't any code examples in the wiki that I know of. If you have examples we can certainly find a way to indicate Apache 2.0 for code, I don't find this problematic. Yeah, we can wrap a source lang=python/source block in a template that also adds in license text for any code. Should be easy enough. Excellent, best to address this now as this will come up later. -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Upcoming wiki migration to Mediawiki
On Fri, Dec 7, 2012 at 12:15 PM, Anne Gentle a...@openstack.org wrote: tl;dr: Migration of wiki.openstack.org from MoinMoin to Mediawiki commences 12/17. Yeah for the standard of wikis and wiki markup ... I think :p ... gives us licensed CC-By wiki content. What's this last part mean? To this end, we have talked with the OpenStack Foundation board about licensing all content CC-By, including the wiki, and they are amenable.] We may want to go with people agreeing to make any code samples available under Apache 2.0 license. The equivalent project code license was my experience working on Mozilla projects, and still looks to be the case today, http://www.mozilla.org/en-US/about/legal.html Cheers, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Openstack Folsom - 3 Installation
Installing the milestone release likely doesn't make as much sense as getting the latest using devstack at this point. Have you had difficulties installing http://devstack.org/ ? Best regards, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack Foundation] Individual Member Elections
On Sat, Jul 28, 2012 at 11:18 PM, Jonathan Bryce jonat...@openstack.org wrote: We've learned that someone may have violated the basic principles that hold this community together by trying to affect the nominations for the Individual Member elections. For clarity, my understanding as it played out publicly, of the accusation is someone was inappropriately discouraging another person from running for nomination to the board. Best regards, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] User Friendly Development -was- Fwd: [nova] [cinder] Nova-volume vs. Cinder in Folsom
On Fri, Jul 27, 2012 at 1:48 AM, Thierry Carrez thie...@openstack.org wrote: Lloyd Dewolf wrote: In my fantasies for the Grizzly release it would start something like: A. Grizzly Summit B. From the summit the Tech Committee PTL have community consensus on the overarching goal for the release and the projects' goals. Articulated online in user friendly manner. C. Webinar / OpenStack User Groups get a presentation on the release goals, and channels for input and participation. D. About the half way point in release schedule, development adjusts the online communication to reflect reality, presents an update, and again channels for input and participation. How do things work today? I haven't found much in the wiki. Currently we publicly track and adjust release goals through the series blueprints in Launchpad (for example: https://blueprints.launchpad.net/quantum/folsom for Quantum). You can see a combined view for all Folsom at: http://wiki.openstack.org/releasestatus/ . The plan is initially seeded by the PTLs after the design summit, then continuously adjusted to reflect reality (with a status update every week at the Project Release status meeting). These public plans can then be used by anyone who wants to present them in webinars or user group meetups, and anyone is free to comment on them and provide input. -- Thierry Carrez (ttx) Release Manager, OpenStack Very cool. I'll sync up with the crew right after the Grizzly design summit to see if we can make this accessibly through communication to the user base. Anyone else interested in collaborating on driving this experiment? Thank you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] [cinder] Nova-volume vs. Cinder in Folsom
On Mon, Jul 16, 2012 at 9:08 AM, Thierry Carrez thie...@openstack.org wrote: Using the user committee setup, you don't really need to take authority away from the PTL. You increase the influence of the users on technical decisions. You just provide a clear and official mechanism to represent the interests of the users as a whole. Once you have that, if the PTL or technical committee decides to ignore it, it's a rather strong decision that better has to be well justified. Its better than having some arbitrary percentage of users in a single committee and then have most decisions won by the most largely represented party. If the user committee is an active and respected group, it provides nice checks and balances against developers living in developer bubbles. Most issues we have right now with deployer-friendliness are linked to the fact that the users don't have a clear or official voice. The trick is, of course, to manage to set up such a committee in a way that represents all the users and deployers. It will be all the more influential if it is seen as representing all the users, rather than just a loosely-tied pre-determined subset of large users. I generally agree with your thoughts around a user committee. For my benefit, I'd love to get a feel for what we're doing to make development user friendly? In my fantasies for the Grizzly release it would start something like: A. Grizzly Summit B. From the summit the Tech Committee PTL have community consensus on the overarching goal for the release and the projects' goals. Articulated online in user friendly manner. C. Webinar / OpenStack User Groups get a presentation on the release goals, and channels for input and participation. D. About the half way point in release schedule, development adjusts the online communication to reflect reality, presents an update, and again channels for input and participation. How do things work today? I haven't found much in the wiki. Thanks, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack Foundation] Individual Nominations for Foundation Board of Directors
On Thu, Jul 26, 2012 at 12:08 PM, Jonathan Bryce jbr...@rackspace.com wrote: We have been trying to be open, posting nominations to the page as they come in, sending out emails and tweets to encourage people to nominate, and notifying nominees as they are nominated. If anyone wants to make their nomination public in addition to notifying the secretary they're welcome to do so, ... Thank you everyone for the continued fantastic job! Who receives email sent to secret...@openstack.org? Sorry, I missed who is the acting secretary. It might be nice to include the person's name on the page: http://www.openstack.org/community/openstack-foundation-board-2012-election-candidates/ . Is there currently a draft application being used? Until the actual application is developed: 4.2 (d) (iii) the nominee must have completed an application for a director with information determined by the Board of Directors Although not currently required by the bylaws after the board is established I'd love to revisit public nominations, as typically political nominations are public record. Unnecessary, but consistency is elegance. I'd be very interested to hear arguments against. Thanks, Lloyd -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Thoughts on client library releasing
On Fri, Jun 22, 2012 at 6:00 AM, Thierry Carrez thie...@openstack.org wrote: Mark McLoughlin wrote: That actually goes to something I'm not aware of us - the project - having spent much time discussing. We do twice yearly releases of our collection of software, but there are public cloud providers which want to essentially do continuous deployment from our development branch. To what extent is that a reasonable thing for the project to support? If we had a shorter release cycle, would the cloud providers switch their deployments from continuous to the releases? If not, can the project and cloud providers better co-ordinate somehow? That's a discussion we had before the Essex release, when we were looking into releasing more often (every 5-8 weeks) instead of every 6 months. What makes a release ?. After all, you will never prevent people from using milestones or random snapshots, and we should strive to make master always installable and working. So why do releases ? And what should be the cadence ? To me, releases are synchronization points. We have to have a cycle with a timeframe where development slows down at one point to let QA, documentation, integration testing and translation catch-up. A release is a point in time where the stars are all aligned. The release cycle is there to help us achieve that regularly. Those synchronization points also serve to maintain stable branches and coordinate with distros (it's no mystery that we are cadenced in a way that makes us friendly with time-based distros). Currently we can only achieve that star-aligning process every 6 months, but I hope that we'll be able to do releases more often in the future. That said, us releasing every 6 months doesn't mean we should prevent users from being able to pick a version and run with it. In particular, I think our client library release scheme shouldn't actively go against that by synchronizing too much with the core release schedule. Well said, as have all the contributions to the discussion. Right now Piston Cloud maintains our own clients based on the full packages of Diablo with fixes from newer releases -- like being able to installing all of glance using pip to get to the client libraries. I can't wait for the releases of the glance and swift client libraries. https://github.com/openstack/python-swiftclient https://github.com/openstack/python-glanceclient If not their own projects within launchpad for client library will severe issues and lengthening resolved bug lists have the visibility for a natural release management? What tools will support the client libraries having good cadence? On the other hand separation is artificial when it's the same technical owners and the client libraries evolve hand-in-hand with the servers. My recommendation -- although being their own Launchpad projects makes many of the answers for release management more obvious and far easier -- would be to get a baseline of quality client libraries, and leave them fully embedded in the servers' projects, versioned the same as the servers, until demonstrated that isn't working, and re-evaluation on a bug backlog by bug backlog basis. Thank you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Stable Branch, alt title: What happens to Diablo
On Tue, Apr 10, 2012 at 8:57 AM, Mark McLoughlin mar...@redhat.com wrote: Hi, On Fri, 2012-04-06 at 09:13 -0700, Lloyd Dewolf wrote: I've updated http://wiki.openstack.org/StableBranch to put Diablo in the past, and Essex as the current stable release. I'm delighted to see that Mark McLoughlin already has Stable Branch on the agenda for the Summit, http://summit.openstack.org/sessions/view/29 Before the summit I hope to get clarification on The stable branch will only be maintained until the next release is out. This period may be extended if there are volunteers to maintain it beyond this point. I suspect we can generally agree that Diablo and future each stable - 1 should still be supported for some overlap with the current stable release, and beyond that would be dependent on... well the organizations dependent on that release. How long will https://launchpad.net/~openstack-stable-maint continue to maintain Diablo? Based on that we can determine if there is a group interested in continuing to own maintenance for an additional period. It's a good question, and one that we still need to figure out an answer to. Judging by the level of interest so far in helping to maintain the branch, I think this would work: - Core projects in a given release have a stable branch for that release maintained by openstack-stable-maint - A stable branch is actively maintained (read - the branch maintainers actively monitor master for patches to backport and release new versions from the branch) until the next release comes out - A stable branch is then passively maintained (read - the branch maintainers will backport security fixes and accept patches for high impact issues, but will not do new releases) until the next release after that comes out Giving a current state of stable-maint actively maintaining stable/essex and passively maintaining stable/diablo. We will EOL stable/diablo when Folsom comes out. Of course, we can always re-evaluate the policy if interest increases. Looking forward to discussing further at the summit ... Thanks Mark. This seems sane, and gives me confidence. See you next week, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Stable Branch, alt title: What happens to Diablo
I've updated http://wiki.openstack.org/StableBranch to put Diablo in the past, and Essex as the current stable release. I'm delighted to see that Mark McLoughlin already has Stable Branch on the agenda for the Summit, http://summit.openstack.org/sessions/view/29 Before the summit I hope to get clarification on The stable branch will only be maintained until the next release is out. This period may be extended if there are volunteers to maintain it beyond this point. I suspect we can generally agree that Diablo and future each stable - 1 should still be supported for some overlap with the current stable release, and beyond that would be dependent on... well the organizations dependent on that release. How long will https://launchpad.net/~openstack-stable-maint continue to maintain Diablo? Based on that we can determine if there is a group interested in continuing to own maintenance for an additional period. I also think we should have messaging at www. https://wiki.ubuntu.com/Releases is inspirational, though a bit of a shame that is not on the main ubuntu www. Thanks, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack 2012.1 (Essex) is RELEASED !
w00t! On Thu, Apr 5, 2012 at 8:02 AM, Duncan McGreggor dun...@dreamhost.com wrote: Nicely done! Congratulations, everyone!!! d On Thu, Apr 5, 2012 at 10:52 AM, Thierry Carrez thie...@openstack.org wrote: Hello everyone, I'm very happy to announce the immediate release of OpenStack 2012.1 (code-named Essex). This coordinated release contains 5 components: OpenStack Compute (Nova) 2012.1: https://launchpad.net/nova/essex/2012.1 OpenStack Object Storage (Swift) 1.4.8: https://launchpad.net/swift/essex/1.4.8 OpenStack Image Service (Glance) 2012.1: https://launchpad.net/glance/essex/2012.1 OpenStack Identity (Keystone) 2012.1: https://launchpad.net/keystone/essex/2012.1 OpenStack Dashboard (Horizon) 2012.1: https://launchpad.net/horizon/essex/2012.1 You can find tarballs for download, as well as comprehensive lists of features and bugfixes, at the URLs above. You are strongly encouraged to read the Release Notes at: http://wiki.openstack.org/ReleaseNotes/Essex Enjoy! -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack Foundation] Foundation Structure: An Alternative
Having more than 5 companies pony up big dollars *is* a great problem to have. I didn't mean to suggest the solution stays the same. We need to plan for this scenario as there is a real chance of more participants than what has been negotiated in the back rooms. Of course, everyone wants the greatest up-front value for their investment. Capital is actually the least strategic type of investment a big company can make. The biggest companies are the biggest companies because they put their best people on strategic investments. Having been at IBM in a group, DB2, dependent on the success of Linux during many of the pivotal years of Linux's commercial rise (2000-2004), IBM truly made that strategic investment. There were no guarantees. Although the Linux Foundation is an exceptional organization there is no model for what OpenStack has achieved with the leadership of Rackspace and others in the areas of strategic, business development, marketing, and events in hand with the technical leadership and achievements of the the community. If we agree that this investment is essential to our success, and the budget that it requires, then let's retire the possibly insulting argument that a meritocratic board is anything but a requirement, that there is something extortive about this, or that everyone else should be content jockeying for part of the board, or that technical contribution is the only full domain of participation for everyone. Rackspace reserving long term influence for themselves and selling it to a BIG four will forever shadow the OpenStack project. Thank you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Google Summer of Code-2012
On Thu, Feb 9, 2012 at 5:05 PM, Ewan Mellor ewan.mel...@eu.citrix.com wrote: The most important thing is that you recognize that this is a real time investment. It's not just a case of exchanging a few emails with the student -- you're going to need to dedicate time to helping them through their ideas, plans, and coding. Well said! It's a very significant commitment. It's the real meaning of Google's 20% time ;-) I organized and coordinated WordPress's participation for the 1st two years (2007,2008). The projects that are success *always* have dedicated, persistent mentors -- I'd also recommend each project having a backup mentor. To get started we, as a community, would identify detailed ideas for projects. Then raise our hands if we were interesting in mentoring any of the possible projects -- sometimes a mentor will materialize for the right project. Students will also propose their own projects, but in my experience those projects are not often of the right scope and duration, and so seldom get mentors. May the source be with you... and you... and you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Proposal for new devstack (v2?)
On Tue, Jan 17, 2012 at 10:20 AM, Joshua Harlow harlo...@yahoo-inc.com wrote: Please check it out @ https://github.com/yahoo/Openstack-Devstack2 To stave off confusion it might be a good idea to rename this from 2 to alt or similar, or even as forks tend to in the WordPress world ultimate or all in one ;-) It should be labeled version 2 by consensus. Very cool work, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Proposal for new devstack (v2?)
I +3.14159265 that! On Wed, Jan 18, 2012 at 11:55 AM, Jesse Andrews anotherje...@gmail.com wrote: devstack-pi (play on version numbers and python) On Wed, Jan 18, 2012 at 11:22 AM, Joshua Harlow harlo...@yahoo-inc.com wrote: Sure, this was just a name I picked. It can be renamed to anything, works for me. I just needed a name for a github project (and it seemed to make sense at the time, haha). -Josh On 1/18/12 9:10 AM, Lloyd Dewolf lloydost...@gmail.com wrote: On Tue, Jan 17, 2012 at 10:20 AM, Joshua Harlow harlo...@yahoo-inc.com wrote: Please check it out @ https://github.com/yahoo/Openstack-Devstack2 To stave off confusion it might be a good idea to rename this from 2 to alt or similar, or even as forks tend to in the WordPress world ultimate or all in one ;-) It should be labeled version 2 by consensus. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack Foundation] OpenStack Mission Goals
Having played a very minor role in this process for WordPress, and been an onlooking numerous times, it is always a long and involved process. Ever try telling the IRS that you don't want to pay taxes? I appreciate the passion of this discussion, but some of it feels ad hominem and non-constructive. As the process continues to proceeds, who is currently blocked by what, so we can rally around the pragmatic causes? I can't grow without light, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Do we really need a CLA? [was Re: Using Gerrit to verify the CLA]
On Tue, Jan 3, 2012 at 7:02 AM, Rick Clark r...@openstack.org wrote: As far as changing anything about the way the CLA works, until we have a foundation, the discussion of which seems to have stalled, we, as a group, have no real authority to change anything. Good to know. We have a bigger hole in the Corporate CLA, IMHO. I have been told that since it is necessary for a corporate signer to explicitly name their individual contributers, and we have no way of updating the document, openstack is potentially left open to a lawsuit, if an employee unspecified in the CLA, contributes something they consider IP. I seriously hate all this legal stuff. Fun, fun, fun. I seem to recall jQuery having some growing pains where they had to after-the-fact start doing CLA. Might be worth talking to them, if there gets to be some momentum behind reconsidering CLAs. Oregon State University Open Source Lab has a lot of knowledge around CLA options, and they have the http://www.harmonyagreements.org project. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Inspired Meetings!
Hi Stackers! Last week I sat in on a few of the OpenStack IRC meetings: CI, General meeting, and QA . The meetings left me pumped for this week! If like me, meetings generally turn you off, these are meetings of a different stripe. I'm inspired by the momentum, and wishing I had time to dive into other areas as well, and -- gasp! -- attend more meetings! Each meeting also includes open questions at the end. If you are only going to attend one meeting this week it will have to be tomorrow's General Meeting, Tuesdays at 2100 UTC. It might be better named the OpenStack Project Release Status meeting. ttx (Thierry) does a first class job chairing the meeting. ttx is a maestro coaxing and interpreting information from long lists of blue prints, bug reports, and most importantly thanks to the excellent communications of those in attendance. It's incredible that in an hour, thanks to ttx and the component leads sharing, I got a sense of where each of the major components are -- essex-2 e2 has been very productive, it's not done yet! and we're lining ourselves up for a monster of an e3 (as it should be) ;-) Add https://www.google.com/calendar/ical/bj05mroquq28jhud58esggq...@group.calendar.google.com/public/basic.ics to your calendar program and be sure to make it the meetings tomorrow that interest you. See you on #openstack-meeting on chat.freenode.net , http://wiki.openstack.org/Meetings Cheers, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Lloyd Learning Docs website content processes
On Wed, Nov 30, 2011 at 2:45 AM, Thierry Carrez thie...@openstack.org wrote: Lloyd Dewolf wrote: 2. Lloyd will log Thierry ttx Carrez's solid openstack.org/security content from http://etherpad.openstack.org/8hWNQwkWf9 to http://launchpad.net/openstack-manuals , if it is not already there. He will do a copyedit to the etherpad, and also upload his revision to openstack-manuals. We'll take it from there based on the process Anne is updating to the wiki. Note that the content was pushed to www.openstack.org webmaster for publication, without much result yet (the idea was to quickly replace nothing with something, and then improve incrementally). It would be great if we could have a more dynamic way to review/update the main website content (in the same way we control the docs site contents): it could prove useful in further revisions. Fantastic! We're of the same mind. And I'm so thankful for how hard you've pushed this forward over these past months. 1. I'm trying to motivate a revision in the same spirit as what you wrote to get online as soon as possible. From there we can look to come together to evolve the processes and communications 2. With a documented process with public visibility, we will now have a foundation where people can step forward as stakeholders, and we can quantify the time to publish. From here we can align with people's workloads, and negotiate the priority of our items. Thanks,Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] future-me -was- Re: Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 2:58 PM, Soren Hansen so...@linux2go.dk wrote: 2011/11/24 Lloyd Dewolf lloydost...@gmail.com: Future-me will be proud that we have a robust solution (which I feel like you guys are challenging me to brainstorm on) and that we've never had a premature disclosure. We're not quite a point yet where I'd consider that last point any sort of success. To me, it's kind of like celebrating that the shuttle hasn't exploded yet when the spaceship is still on the launch pad. I'm not inviting you to my happy place Soren! ;-) It's a popular communicate technique used to build consensus. I find it often worthwhile to present things in a number of ways as we all use different lens, and we don't want to limit our audience (particularly prematurely). Examples of variations of this technique are: * Amazon's working backwards http://www.shmula.com/start-with-the-customer-and-work-backwards/324/ http://www.allthingsdistributed.com/2006/11/working_backwards.html * Automattic often drafts the blog post and help pages before starting on design and implimentation. The very best to you, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Providing packages for stable releases of OpenStack
On Wed, Nov 30, 2011 at 4:07 AM, Soren Hansen so...@linux2go.dk wrote: To me, the PPA's have always been a QA tool. I wanted people willing to help test OpenStack to be able to do so with as little effort as possible. Building packages per-commit gave us that. +1 I don't have any insights on the implementation details, and agreethat it is hard to do well, but it is essential for quality. It's more than the level of effort for testing, we need to eliminatevariability, and everyone be able to point to the same thing and say,is good. But working on this today, would it introduce great variability verseswhat will be deployed to production? I hesitate to suggest this mightbe a problem for six months from now when everyone has had some timeto work out the details of their own flavors, and worked with thoseflavors with customers. Still without something how do we measure quality. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Lloyd Learning Docs website content processes
On Wed, Nov 30, 2011 at 6:18 AM, Lloyd Dewolf lloydost...@gmail.com wrote: On Wed, Nov 30, 2011 at 2:45 AM, Thierry Carrez thie...@openstack.org wrote: Lloyd Dewolf wrote: 2. Lloyd will log Thierry ttx Carrez's solid openstack.org/security content from http://etherpad.openstack.org/8hWNQwkWf9 to http://launchpad.net/openstack-manuals , if it is not already there. He will do a copyedit to the etherpad, and also upload his revision to openstack-manuals. We'll take it from there based on the process Anne is updating to the wiki. Note that the content was pushed to www.openstack.org webmaster for publication, without much result yet (the idea was to quickly replace nothing with something, and then improve incrementally). It would be great if we could have a more dynamic way to review/update the main website content (in the same way we control the docs site contents): it could prove useful in further revisions. Fantastic! We're of the same mind. And I'm so thankful for how hard you've pushed this forward over these past months. 1. I'm trying to motivate a revision in the same spirit as what you wrote to get online as soon as possible. From there we can look to come together to evolve the processes and communications 2. With a documented process with public visibility, we will now have a foundation where people can step forward as stakeholders, and we can quantify the time to publish. From here we can align with people's workloads, and negotiate the priority of our items. Thanks,Lloyd Ugg, sorry for the formatting again. I thought this was resolved in the latest Google Chrome Canary. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Lloyd Learning Docs website content processes
I had a good call with Anne Gentle a few hours ago, 08:00 PT, and got a first introduction to the fantastic documentation work, and infrastructure to support it. There is a lot for me to get up to speed on, and Anne has generously agreed to continue to mentor me. We'll have another one-on-one call tomorrow, 08:00 PT [1]. If there are up to a few people who would like to join this call, let Anne and I know off list -- note the call is primarily to get me, Lloyd, up to speed on documentation. Out of our first call, there were two items: 1. Anne went and confirmed that the process for updates and additions to the content of the website [ http://openstack.org/ ] is to file tasks, bugs, etc in http://launchpad.net/openstack-manuals. This assists with public visibility, and tracking of items. Anne will be updating the wiki with this information, and fleshing out the process. 2. Lloyd will log Thierry ttx Carrez's solid openstack.org/security content from http://etherpad.openstack.org/8hWNQwkWf9 to http://launchpad.net/openstack-manuals , if it is not already there. He will do a copyedit to the etherpad, and also upload his revision to openstack-manuals. We'll take it from there based on the process Anne is updating to the wiki. Thanks Anne! Best regards, Lloyd -- 1. http://www.timeanddate.com/worldclock/fixedtime.html?msg=Lloyd+Dewolf+%26+Anne+Gentle+Chatiso=2030T08p1=283ah=1 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Cloud Computing StackExchange site proposal
Thanks Vish. Now my failed search makes more sense. Awesome how they delete it -- invitation to resubmit every month, jokes. On Tue, Nov 29, 2011 at 11:35 AM, Vishvananda Ishaya vishvana...@gmail.com wrote: It was here: http://area51.stackexchange.com/proposals/31788 It was rejected on the grounds of being able to be covered on StackOverflow and ServerFault. Vish On Nov 29, 2011, at 10:10 AM, Lloyd Dewolf wrote: On Fri, Nov 18, 2011 at 10:38 AM, Anne Gentle a...@openstack.org wrote: We had put forward an OpenStack StackExchange proposal earlier this year which was rejected Hi Anne, Where do I find this previous discussion? Thank you, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Cloud Computing StackExchange site proposal
On Tue, Nov 29, 2011 at 11:16 AM, Stefano Maffulli stef...@openstack.org wrote: On Tue, 2011-11-29 at 10:10 -0800, Lloyd Dewolf wrote: Where do I find this previous discussion? around here: https://lists.launchpad.net/openstack/msg02169.html What do you think of the requirements we're gathering for the QA system? I'd like your opinion on that as we move on. Thanks Stefano. I really like everyone reframing the discussion to figure out what our needs are as opposed to ... shiny! I do think stackexchange (SE) is miles [1] ahead and the only system that will meet the majority of our requirements. If we can get our own Area51 then it's by far the best immediate solution. I spoke to a friend at Area51, and he suggested we might have different results if we tried again. So I feel like this is on the table if we want to pursue. Of course, having very active SE participants (high reputation) put the proposal forward and committing to it carries a lot of weight. My reputation [2] is weak today, but I'm sure myself and others could ramp up the levels quickly over the next few months. Cheers, Lloyd -- 1. See I'm getting used to United States customary units, http://en.wikipedia.org/wiki/Customary_units 2. http://stackexchange.com/users/25765?tab=accounts ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vulnerability Management concerns: negativity count
On Fri, Nov 25, 2011 at 12:03 AM, Thierry Carrez thie...@openstack.org wrote: Sending emails saying things are not done the way they should will not get you very far. I'm probably misreading that, but it read like you are discouraging a type of participation. I learn the most from people who think differently than I do, and approach things differently. Diversity is the canary in the coal mine for meritocracy., Eric Ries. [1] If you feel there is an opportunity for you to mentor me please do it off list. I'd welcome the chance! Thank you, Lloyd 1. http://www.startuplessonslearned.com/2010/02/why-diversity-matter-meritocracy.html ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Vulnerability Management concerns: negativity count
ttx's update on the SEO, information architecture, and technical documentation issue(s) described in my email OpenStack Security Group, 23 Nov 2011, https://lists.launchpad.net/openstack/msg05646.html has made my day. With the holiday today in the US, and knowing that our US peers would likely need to provide coverage for them, I didn't expect momentum on this until some time next week. Thank you Thierry! So with that ball excellerating thanks to Thierry's, and I'm sure other's hard work, I've turned my attention to explore this emotive topic further -- again, once the external optics and high level best practices look good to me, or more likely I understand the thinking behind the equally excellent OpenStack practices, I'll be trying to stay away from security -- I've already shortened my life too much from past experiences :-D So looking at the actual Vulnerability Management team document, http://wiki.openstack.org/VulnerabilityManagement , I see the result of thoughtful, fantastic collaboration! I do have a couple of serious concerns: A. As my former boss, as of this week, Matt Mullenweg [1] would so often remind us, don't be so negative -- he literally reminded my VIP Services sub-team of that last week -- it's natural when you are deep in the trenches. Instead use Words that Work. [2] Every sentence in the first paragraph is dripping with negativity - will not give prior notice to their employer - not about getting advance notice - reduce the disclosure of vulnerability in the early stages What I hear when I read that is that we have the most serious issues of professionalism among us -- crazy, embarrassing issues! That I've just jumped into a nest of vipers -- Josh and Chris didn't say anything about my impending death when they got me to join! Thankfully, I very much doubt this is the reality! -- it wasn't at the meetup I was at last night. So is there a non-negative way of articulating this? *once* A.2 If somehow this language reflects demonstrated reality, we need to get the relevant parties *physical* in a room this week, and deal with this! Let's also remember that the most likely original reporter is one of us relevant parties. B. Maximum of 3 people. This may have caused my heart to skip a beat. Is there a reference implementation of this? Who's successes are we emulating? Having spent 2 years on Mozilla's private security list in a former life, and five years being party to every WordPress security issue [3] only 3 people is madness. Mozilla private security list was (assume still is) open to membership to anyone that demonstrated value and professionalism. I consider Daniel Veditz's [1] Mozilla security team a model security citizen, and consistent and very successful for at least the eight years I've been been paying attention. [5] B.2 But let's assume that there is some real reason to hard code the membership count. Five years working with Automattic's Technical Operations Lead Barry Abrahamson [5] -- the best in the business -- has impressed upon me through his leadership and actions It some cases it can only take a few hours of lack of communication to turn a grey hat [6] into a bad actor. So let's assume all three members are available at the time the report comes in, one person owns communication and collaboration with the reporter, and we hope that both of the other two [7] have the expertise in the vector area to rapidly assess the impact and pervasiveness, and now you've lost another person, who works on IMing, email and phoning the area exports; one is the loneliest number. I don't want to give anyone my nightmares, but it is seasonal, let's not forget that a sophisticated black hat is most likely to launch an attack during a holiday, or when he knows another crisis is being dealt with. You think only having three people gives favorable odds that they are going to be available to respond to the first vender who is investigating this with their panicked business-on--the-line customer? Even ignoring that, do three people alone have the stamina to investigate and deal with *all* the false reports. ;-) Sorry, if I'm a little worked up here. Too many exclamation marks, right? I'm just so excited to be working with you guys and gals, and want us all to really shine. Once again, I'm very impressed with the Vulnerability Management document, and once these issues are addressed, we'll be crushing it! If I should be discussing this elsewhere please let me know, or want additional context or thoughts please let me know. Hope that helps, Lloyd -- 1. http://en.wikipedia.org/wiki/Matt_Mullenweg 2. The best training material ;-) on this as recommend by Matt, and which I thoroughly aggree with is is Frank I. Luntz, Words That Work: It's Not What You Say, It's What People Hear 3. WordPress security issues are popular with the press ;-) 4. You may know Daniel Veditz as dveditz 5. http://barry.wordpress.com/about/ 6. People just want to be taken seriously ;-) 7. It takes
[Openstack] After each meeting -was- Re: [QA] Team IRC meeting moved back one hour
It would be dope if after each meeting there was a post to the list with only the highlights (bait!), and a link to the fully summary, and the log. On Wed, Nov 23, 2011 at 8:44 AM, Jay Pipes jaypi...@gmail.com wrote: Thank you, Thierry :) On Wed, Nov 23, 2011 at 10:10 AM, Thierry Carrez thie...@openstack.org wrote: Jay Pipes wrote: Hi QAers! So, to make West Coast US folks a little happier, we are moving the regular Wednesday IRC meeting for the QA team back one hour: 9am PST 12pm EST 5pm UTC Updated the gCal and http://wiki.openstack.org/Meetings -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 8:03 AM, Soren Hansen so...@linux2go.dk wrote: 2011/11/24 Lloyd Dewolf lloydost...@gmail.com: A. As my former boss, as of this week, Matt Mullenweg [1] would so often remind us, don't be so negative -- he literally reminded my VIP Services sub-team of that last week -- it's natural when you are deep in the trenches. Instead use Words that Work. [2] This is not marketing material. It's not meant to sell anything or convince anyone of anything. It's supposed to accurately convey what this team is and what it isn't. If you want to rephrase it, knock yourself out, but being unambiguous trumps sounding good. You don't see legislation being rephrased to make it sound better either :) Hi Soren, I may be misreading, but both your response and part of ttx's reads to me as a straw man argument -- you give back a single unrelated phrase as opposed to demonstrating the value of all three phrases. I'm frustrating by your mention of marketing material and ttx's posslbe fallback of technical page. What is the context of that? If I were to guess where you are coming from, which I hate doing, my response would good communication is accessible to many audiences, encourages participation (is positive!), translates well (hard!), and still meets the needs of us pendantic fools. As I said I'm very sensitive to all communications around security, and always have been. Second, unambiguous? That doesn't ring true to me. One sentence, the first sentence, is about what the list is, followed by a whole paragraph on what it isn't? Maybe, let's start with fleshing out that first paragraph. Three times a lady? [1] I think there is an opportunity to be concise, eliminate the seeding of fear of immaturity and unprofessionalism, (translate better), and get on with focusing that OpenStack has dedicated, profession participants. Future-me will be proud that we have a robust solution (which I feel like you guys are challenging me to brainstorm on) and that we've never had a premature disclosure. How can we get your fantastic expertises humoring me by exploring solutions rather than throwing down spike strips. Nothing is worse than the new guy also offering solutions [3] when the relevant issues have already been well considered, often multiple times, and where the participants likely already have some other solutions that might be voted up by the context of additional considerations. Sure though I've thought on this and will make a proposal... another email to follow shortly. Thank you,Lloyd 1. I need a list archive that is up to date!2. The opportunity to be absurd was too tempting. I need to get some sleep. 3. I will always try to articulate a problem first and not provide solutions much to your possible frustration. Once we have a solution in our head, we often find the problem to match the solution. By separating out the possible solutions we will write a stronger report, create space for alternate solution proposals by other people, and hopefully reduce the subconscious repulsion experienced by the people who worked so hard on the current solutions. For my favorite presentation of this read Chapter 9 “Problems and Solutions” in The Myths of Innovation by Scott Berkun. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 7:30 AM, Thierry Carrez thie...@openstack.org wrote: I want to turn the question around: why do *you* want more ? I don't think you are implying it, but just to snuff out any though. I'm completely comfortable speaking for Piston Cloud that if by some craziness adjusting this policy to better serve the project required that Piston Cloud *never* was a member of the vulnerabiliity group I'm certain I can get sign off on that. I feel like you might have accidently skipped in your quoting at least one of my question. What is the successful three person, email-based, implimentation this is based on? Actually really though that question was only for my own interest, and doesn't matter. The argument ends at three humans do not *physically* have the coverage to *insure* timely *initial* response, particularly from a sophisticated bad actor. There might not be as many reports as I think, but the issues will have the potential of being magnitudes more complex than Firefox issues. And it will only takes one, the first disaster to set back OpenStack, and potentially kill off a member organizations ability to participate in OpenStack -- I hadn't considered that previously, it is dramatic, but thinking in it, we are not taking little leagues here, and I imagine a lot of people have put themselves on the line to get behind OpenStack. So assuming we want to focus on it being hard coded at a number, what would the number be, and what would the list look like if the requirement is: three -- the magic number -- members usually covering each hour including weekends. The process to come up with this list might look like: 1. Revisit who are the top candidate volunteers2. Put their usual work day on a calendar including *weekends*. No healthy person works the same 8hrs seven days a week, so no one better claim they do ;-) 2.a Only allow each candidate volunteer to identify 8hrs per day. Come up with the minimum list with density of at least three at each hour. Thank you,Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vulnerability Management concerns: negativity count
Sorry, I don't know why Chrome Canary is losing the vertical spacing between paragraphs. He's been a bad birdy lately, seen http://code.google.com/p/chromium/issues/detail?id=104771 ? That's my favorite bug report since https://github.com/MrMEEE/bumblebee/issues/123 . ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 8:57 AM, Lloyd Dewolf lloydost...@gmail.com wrote: 1. I need a list archive that is up to date! Has someone submitted a bug with lists.launchpad about https://lists.launchpad.net/openstack/ being delayed? This will drive me batty before long. I haven't submitted a bug related to launchpad since... 2006, https://bugs.launchpad.net/launchpad/+bug/42644 , and it's been about as long since I last really got to enjoy Canonical's Infrastructure. I confirmed it's not my connection, computer or browser: https://skitch.com/lloydbudd/gmgtt/confirmation-lists.launchpad.net-openstack-stale . Is this a feature of lists.launchpad then? ;-) Someone must already have a read-only archive -- make it public please? ;-) Any advice on reporting this issue? Anyone know from experience how long the delay is? Thanks, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] openstack.org/security copyedit review -was- Re: Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 7:30 AM, Thierry Carrez thie...@openstack.org wrote: Lloyd Dewolf wrote: [...] I do have a couple of serious concerns: [...] Every sentence in the first paragraph is dripping with negativity - will not give prior notice to their employer - not about getting advance notice - reduce the disclosure of vulnerability in the early stages This page is work in progress policy for the vulnerability management team. The more public-oriented contents of the proposed openstack.org/security page, as brainstormed by all people that have shown interest in security at the last design summit, is here: http://etherpad.openstack.org/8hWNQwkWf9 I really like what you have there! There is a little copy editing to be done. Did the doc team have a chance to review this yet? I'd assume it is a priority for them, and something they will get to soon? Either way I'm happy to provide my limited editorial skills, once we explore possibly changes to the Vulnerability Management team. Hit me up then if you like, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vulnerability Management concerns: negativity count
Hi ttx, Very good points. The gating factor is triage, and this is what we first have to build our, OpenStack's, Vulnerability Management solution around. If the needed resources are not yet available let's fully understand that. If distros and other OpenStack builders are not able to provide direct, accessible, 24/7 contact for coordinated disclosure in, say, the emergence of a zero day attack, then we can't do much more for them than hope they are not compromised before they can respond to the public disclosure. Prepare for the worst, hope for the best. I think we will soon be surprised by how much resources we, OpenStack, have available, and who you will be able to access at any time of day [1] if the issue warrants it -- code forbid! Just think it has takes these last many months (and for many, some more months) for the most recent cohorts to explore the code, play with the experience, and start to investigate solutions. 2012 is going to be a huge year for OpenStack! Aside, I don't like your amateur vs professional angle for a couple of reasons. For starters, my skimming through the archives, wiki, and code trees, it was clear before I started that you are anything but an amateur. Further, passion is one of the tools that the amateur, the maker, has to bring more fully to bear than the profession -- I 3 passion! It sounds like from your experiences you are all too familiar that until someone (you!) puts something in place, there is much dragging of feet, and once it is place everyone is a critic ;-) Thanks for your patience with me, and thoughtful explanations. Thanks for taking so much of your day today to engage me on this issue -- I can't wait to some day not-to-far-away meet you. After this long weekend I'll see if I can't bend some of your PPB ears, and see us iterate to the next solution. I trust you will continue to be a passionate participant! Cheers, Lloyd 1. The sun is always shining on an international project! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 12:03 PM, Thierry Carrez thie...@openstack.org wrote: Lloyd Dewolf wrote: On Thu, Nov 24, 2011 at 8:57 AM, Lloyd Dewolf lloydost...@gmail.com wrote: 1. I need a list archive that is up to date! Has someone submitted a bug with lists.launchpad about https://lists.launchpad.net/openstack/ being delayed? This will drive me batty before long. [...] Someone must already have a read-only archive -- make it public please? ;-) Just use http://www.mail-archive.com/openstack@lists.launchpad.net/ Oh man mail-archive.com also has some delay, but not as bad. The message that I'm responding to from you, ttx, isn't there yet either, and I double checked that you didn't directly cc me. We can't win at this, the servers ate too much American Thanksgiving! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity count
On Thu, Nov 24, 2011 at 2:12 PM, Chmouel Boudjnah chmo...@openstack.org wrote: Hi Llyod, Oh man mail-archive.com also has some delay, but not as bad. The message that I'm responding to from you, ttx, isn't there yet either, and I double checked that you didn't directly cc me. We can't win at I am wondering, why do you need near instant mail archiving if they are coming to your mailbox? Good question. I think hours behind is pretty far from near instant, but I get your point. Cool URIs don't change [1] -- hopes reverted to a web developer geek, but I'm only have kicking. I want to be able to reference, log, and/or *share* the permalink. My need is being able to finish. Finish whatever, now, so I free my mind [2], and move on. I want to be able to check the status of a thread, or quickly look what is going on without having to log in to email, publicly. Aside, if it is working as expected, yuck, then it should display a message informing about the possible delay. And if I was choosy add some CSS styling of the header while they are at it. Thanks for asking, Lloyd 1. http://www.w3.org/Provider/Style/URI 2. http://www.youtube.com/watch?v=9tIYpvlQP_s Yes, I'm already sorry for doing that to you! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Contributor Introduction: Lloyd Dewolf
Hello stackers! This is an email to introduce myself. Summary: I'm looking forward to participating in the OpenStack movement! Hooah! You may know me as my stage name Lloyd Budd [1] from the still hit TV show WordPress, where I've participated these last 6 years, the last 5 working for Automattic as WordPress.com VIP Services Technical Lead (pointy haired non-programmer) mostly in support, quality assurance, and outreach (commenting on blogs, ha!). One of my favorite experiences in the WordPress community has been the success of my brainchild Happiness Bars support desk [2] at WordPress WordCamp conferences. Every year (4), I ran the Happiness Bar at WordCamp SF ( sf.wordcamp.org ) the biggest, and granddaddy of the WordCamps. I don't know if we are currently doing these at OpenStack related community events, but I'd be eager to participate. Later all get some info in the wiki, and start a separate thread. You may also know me from the cancelled show Flock, the Social Browser. Web 2.0 poster child that never did well in the ratings. I was an early team member there, but only stayed a year of it's 6 year existence. I did a short stint before that working on the un-Netscape, unopen Netscape 8 browser and 9 -- the team behind it was incredible, but AOL insisted on a monstrosity and so that is what we created [3]. I did some small Firefox participating along the way. My career started with 4 years with IBM on a special DB2 Multi-platform (Windows, Linux, Unix) High Availability and Down Systems team as a Advanced Support Analyst. My OSS participations at the time were confined to my local LUG -- I am reminded of one gem where I asked Debian Legal GPL , what does it mean? -- the name that is., http://comments.gmane.org/gmane.linux.debian.devel.legal/11173 . I'm hoping this is the gig where I break into film! This week I've started with Joshua McKenty and Christopher MacGown's Piston Cloud Computing. My primary role is Advanced Technical Support Lead. I'm relocating to San Francisco, BC, Canada from Victoria, BC, Canada. And will be traveling back and forth two weeks at a time until wife Julia and two incredible young children join me here in March. I still have lots to do before... I can get paid ;-) You can find out more about me with a web search on my names, or foolswisdom. Cheers, Lloyd -- 1. Legal name until I more recently reverted to my birth name. 2. Originally Genius Bar, that SM encumbered name not being my idea ;-) 3. Dual rendering engine with live switching -- cookies, history and all: Mozilla Gecko (Firefox) Microsoft Trident (IE). It almost made sense at the time in 2004, where many sites still only worked well on IE. It was before I came on board, but I'm told the team had to fight to get the Gecko engine included at all -- imagine what that would have been, a Netscape with zarro mozilla code. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack Security Group
Hello again, I'll be starting slowly with looking at documentation and the wiki. I always look at security first, and then try to stay away thereafter ;-) Problem: Currently a Google search for openstack security issue returns the wrong page: http://wiki.openstack.org/Governance/Proposed/OpenStack%20Security%20Group which is a draft and does not provide contact and reporting process information. Possibly Solutions: 1. This and other likely search terms should land on a page with the security issue reporting steps and current known vulnerabilities. ex. firefox security issue First two results are: http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/ 2. Identify the webpages that link to the security page(s), and develop the language for those links. If I should be discussing this elsewhere please let me know, or want additional context or thoughts please let me know. Hope that helps, Lloyd ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
