Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Thierry Carrez]

Thierry Carrez wrote:
> As announced previously[1][2], there were no PTL candidates within the
> election deadline for a number of official OpenStack project teams:
> Astara, UX, OpenStackSalt and Security.
> 
> In the Astara case, the current team working on it would like to abandon
> the project (and let it be available for any new team who wishes to take
> it away). A change should be proposed really soon now to go in that
> direction.

The change was proposed, +1ed by past PTLs and approved by the TC
members at the last TC meeting:
https://review.openstack.org/#/c/376609/

> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
> explained his error and asked to be considered for the position for
> Ocata. The TC will officialize his nomination at the next meeting,
> together with the newly elected PTLs.

This was confirmed at the TC meeting:
http://eavesdrop.openstack.org/meetings/tc/2016/tc.2016-09-27-20.01.html

> That leaves us with OpenStackSalt and Security, where nobody reacted to
> the announcement that we are missing PTL candidates. [...]

Following the discussion on this thread and the engagements of the team,
the Security project team was kept as-is, with Rob Clark continuing as PTL:
http://eavesdrop.openstack.org/meetings/tc/2016/tc.2016-09-27-20.01.html

As hinted toward on this thread, the Salt team was removed, while the
team members there reassess their priorities. The team did not produce
any deliverable within the Newton cycle. The removal was proposed, +1ed
by the current Salt team PTL and approved by TC members:
https://review.openstack.org/#/c/377906/

-- 
Thierry Carrez (ttx)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Davanum Srinivas]

Sorry for the top post - fyi, i've submitted a review for OpenStackSalt
https://review.openstack.org/#/c/377906/

-- Dims

On Mon, Sep 26, 2016 at 2:58 AM, Flavio Percoco  wrote:
> On 22/09/16 17:15 -0400, Anita Kuno wrote:
>>
>> On 16-09-21 01:11 PM, Doug Hellmann wrote:
>>>
>>> Excerpts from Clint Byrum's message of 2016-09-21 08:56:24 -0700:

 I think it might also be useful if we could make the meeting bot remind
 teams of any pending actions they need to take such as elections upon
 #startmeeting.
>>>
>>> I could see that being useful, yes.
>>>
>> I am not convinced this situation arose due to lack of available
>> information.
>
>
> You may be right here but I don't think having other means to spread this
> information is a bad thing, if there's a way to automate this, of course.
>
> Flavio
>
> --
> @flaper87
> Flavio Percoco
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Flavio Percoco]

On 22/09/16 17:15 -0400, Anita Kuno wrote:

On 16-09-21 01:11 PM, Doug Hellmann wrote:

Excerpts from Clint Byrum's message of 2016-09-21 08:56:24 -0700:

I think it might also be useful if we could make the meeting bot remind
teams of any pending actions they need to take such as elections upon
#startmeeting.

I could see that being useful, yes.

I am not convinced this situation arose due to lack of available 
information.


You may be right here but I don't think having other means to spread this
information is a bad thing, if there's a way to automate this, of course.

Flavio

--
@flaper87
Flavio Percoco


signature.asc
Description: PGP signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Hugh Blemings]

Hiya,

On 24/09/2016 03:46, Mike Perez wrote:

On 11:03 Sep 21, Doug Hellmann wrote:



A separate mailing list just for “important announcements” would
need someone to decide what is “important”. It would also need
everyone to be subscribed, or we would have to cross-post to the
existing list. That’s why we use topic tags on the mailing list, so
that it is possible to filter messages based on what is important
to the reader, rather than the sender.


This has came up in the past and I have suggested that people who
can't spend that much time on the lists to refer to the Dev Digest at
blog.openstack.org which mentioned the PTL elections being open.


Fwiw, I'd endorse Mike's comments about the Dev digest - it's an easily
digestible (sorry!) and concise summary of what's happening on
openstack-dev - I refer to it regularly myself.

Two other sources that come to mind for less detailed but topical
summaries of traffic are Jason Baker's summary on opensource.com [0] and
Lwood [1] which I put together each week.  Both flag upcoming Election
related topics pretty reliably and might suit some folk.

For what my $0.20 is worth I don't think splitting out into further
logistics or announcement oriented lists would be beneficial in the long
term.

Cheers,
Hugh


[0] https://opensource.com/business/16/9/openstack-news-september-26
[1] http://hugh.blemings.id.au/openstack/lwood/


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Steven Dake (stdake)]

+1!  The security project adds tremendous value to OpenStack.

Regards
-steve


From: Doug Hellmann 
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 

Date: Friday, September 23, 2016 at 10:35 AM
To: openstack-dev 
Subject: Re: [openstack-dev] [security] [salt] Removal of Security and 
OpenStackSalt project teams from the Big Tent

Excerpts from Rob C's message of 2016-09-23 17:46:46 +0100:
I wanted to provide a quick update from Security.
We had our weekly IRC meeting yesterday, dhellman was kind enough to attend
to help broker some of the discussion. In advance of the meeting I prepared
a blog post where I tried to articulate my position and where I think
things need to go next [1]. This was discussed at length during the IRC
meeting [2]. We discussed the option of becoming a WG or staying in the big
tent, this resulted in a vote, where the team all indicated their desire to
stay within the big tent.
My proposal for the future is outlined in some depth with [1] but the
summary is that we've identified the areas that we need to improve on in
order to be better members of the community, we want to stay within the
big-tent and for me to maintain leadership through this transformational
process with a view to having multiple candidates stand in the next
election.
Cheers
-Rob

Thanks, Rob. Based on the discussions yesterday I think the team has a
better understanding of the communication issues and I'm convinced that
everyone is committed to improving. I support keeping the team in the
tent.

Doug

[1]
https://openstack-security.github.io/organization/2016/09/22/maturing-the-security-project.html
[2]
http://eavesdrop.openstack.org/meetings/security/2016/security.2016-09-22-17.00.log.html
On Fri, Sep 23, 2016 at 4:23 AM, Davanum Srinivas 
> wrote:
> Steven,
>
> Fair point.
>
> Thanks,
> Dims
>
> On Thu, Sep 22, 2016 at 11:04 PM, Steven Dake (stdake) 
> >
> wrote:
> > Dims,
> >
> > This isn’t any of my particular business except it could affect emerging
> technology projects (which I find important to OpenStack’s future)
> negatively – so I thought I’d chime in.
> >
> > A lack of activity in a specs repo doesn’t mean much to me.  For
> example, as Kolla was an emerging project we didn’t use any specs process
> at all (or very rarely).  There is a reason behind this. Now that Kolla is
> stable and reliable and we feel we are not an emerging project, we plan to
> make use of a specs repo starting in Ocata.
> >
> > I have no particular concerns with the other commentary – but please
> don’t judge a project by activity or lack of activity in one repo of its
> deliverables.  Judge it holistically (You are judging holistically.  I
> believe a lack of one repo’s activity shouldn’t be part of that judgement).
> >
> > Regards
> > -steve
> >
> >
> > On 9/21/16, 2:08 PM, "Davanum Srinivas" 
> > > wrote:
> >
> > Jakub,
> >
> > Please see below.
> >
> > On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik <
> jakub.pav...@tcpcloud.eu> wrote:
> > > Hello all,
> > >
> > > it took us 2 years of hard working to get these official.
> OpenStack-Salt is
> > > now used by around 40 production deployments and it is focused
> very on
> > > operation and popularity is growing. You are removing the project
> week after
> > > one of top contributor announced that they will use that as part of
> > > solution. We made a mistakes, however I do not think that is
> reason to
> > > remove us. I do no think that quality of the project is measured
> like this.
> > > Our PTL got ill and did not do properly his job for last 3 weeks,
> but this
> > > can happen anybody.
> > >
> > >  It is up to you. If you think that we are useless for community,
> then
> > > remove us and we will have to continue outside of this community.
> However
> > > growing successful use cases will not be under official openstack
> community,
> > > which makes my feeling bad.
> >
> > Data points so far are:
> > 1. No response during Barcelona planning for rooms
> > 2. Lack of candidates for PTL election
> > 3. No activity in the releases/ repository hence no entries in
> > https://releases.openstack.org/
> > 4. Meetings are not so regular?
> > http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> (supposed
> > to be weekly)
> > 5. Is the specs repo really active?
> > http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> > work being done elsewhere?
> > 6. Is there an effort to add stuff to the CI jobs running on
> openstack
> > infrastructure? (can't seem to find much
> > 
> > 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Mike Perez]

On 11:03 Sep 21, Doug Hellmann wrote:
> 
> > On Sep 21, 2016, at 8:58 AM, Filip Pytloun  
> > wrote:
> > 
> > Hello,
> > 
> > it's definately our bad that we missed elections in OpenStackSalt
> > project. Reason is similar to Rob's - we are active on different
> > channels (mostly IRC as we keep regular meetings) and don't used to
> > reading mailing lists with lots of generic topics (it would be good to
> > have separate mailing list for such calls and critical topics or
> > individual mails to project's core members).
> 
> With 59 separate teams, even emailing the PTLs directly is becoming
> impractical. I can’t imagine trying to email all of the core members
> directly.
> 
> A separate mailing list just for “important announcements” would need someone
> to decide what is “important”. It would also need everyone to be subscribed,
> or we would have to cross-post to the existing list. That’s why we use topic
> tags on the mailing list, so that it is possible to filter messages based on
> what is important to the reader, rather than the sender.

This has came up in the past and I have suggested that people who can't spend
that much time on the lists to refer to the Dev Digest at blog.openstack.org
which mentioned the PTL elections being open.

-- 
Mike Perez

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Rob C's message of 2016-09-23 17:46:46 +0100:
> I wanted to provide a quick update from Security.
> 
> We had our weekly IRC meeting yesterday, dhellman was kind enough to attend
> to help broker some of the discussion. In advance of the meeting I prepared
> a blog post where I tried to articulate my position and where I think
> things need to go next [1]. This was discussed at length during the IRC
> meeting [2]. We discussed the option of becoming a WG or staying in the big
> tent, this resulted in a vote, where the team all indicated their desire to
> stay within the big tent.
> 
> My proposal for the future is outlined in some depth with [1] but the
> summary is that we've identified the areas that we need to improve on in
> order to be better members of the community, we want to stay within the
> big-tent and for me to maintain leadership through this transformational
> process with a view to having multiple candidates stand in the next
> election.
> 
> Cheers
> -Rob

Thanks, Rob. Based on the discussions yesterday I think the team has a
better understanding of the communication issues and I'm convinced that
everyone is committed to improving. I support keeping the team in the
tent.

Doug

> 
> [1]
> https://openstack-security.github.io/organization/2016/09/22/maturing-the-security-project.html
> [2]
> http://eavesdrop.openstack.org/meetings/security/2016/security.2016-09-22-17.00.log.html
> 
> On Fri, Sep 23, 2016 at 4:23 AM, Davanum Srinivas  wrote:
> 
> > Steven,
> >
> > Fair point.
> >
> > Thanks,
> > Dims
> >
> > On Thu, Sep 22, 2016 at 11:04 PM, Steven Dake (stdake) 
> > wrote:
> > > Dims,
> > >
> > > This isn’t any of my particular business except it could affect emerging
> > technology projects (which I find important to OpenStack’s future)
> > negatively – so I thought I’d chime in.
> > >
> > > A lack of activity in a specs repo doesn’t mean much to me.  For
> > example, as Kolla was an emerging project we didn’t use any specs process
> > at all (or very rarely).  There is a reason behind this. Now that Kolla is
> > stable and reliable and we feel we are not an emerging project, we plan to
> > make use of a specs repo starting in Ocata.
> > >
> > > I have no particular concerns with the other commentary – but please
> > don’t judge a project by activity or lack of activity in one repo of its
> > deliverables.  Judge it holistically (You are judging holistically.  I
> > believe a lack of one repo’s activity shouldn’t be part of that judgement).
> > >
> > > Regards
> > > -steve
> > >
> > >
> > > On 9/21/16, 2:08 PM, "Davanum Srinivas"  wrote:
> > >
> > > Jakub,
> > >
> > > Please see below.
> > >
> > > On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik <
> > jakub.pav...@tcpcloud.eu> wrote:
> > > > Hello all,
> > > >
> > > > it took us 2 years of hard working to get these official.
> > OpenStack-Salt is
> > > > now used by around 40 production deployments and it is focused
> > very on
> > > > operation and popularity is growing. You are removing the project
> > week after
> > > > one of top contributor announced that they will use that as part of
> > > > solution. We made a mistakes, however I do not think that is
> > reason to
> > > > remove us. I do no think that quality of the project is measured
> > like this.
> > > > Our PTL got ill and did not do properly his job for last 3 weeks,
> > but this
> > > > can happen anybody.
> > > >
> > > >  It is up to you. If you think that we are useless for community,
> > then
> > > > remove us and we will have to continue outside of this community.
> > However
> > > > growing successful use cases will not be under official openstack
> > community,
> > > > which makes my feeling bad.
> > >
> > > Data points so far are:
> > > 1. No response during Barcelona planning for rooms
> > > 2. Lack of candidates for PTL election
> > > 3. No activity in the releases/ repository hence no entries in
> > > https://releases.openstack.org/
> > > 4. Meetings are not so regular?
> > > http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> > (supposed
> > > to be weekly)
> > > 5. Is the specs repo really active?
> > > http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> > > work being done elsewhere?
> > > 6. Is there an effort to add stuff to the CI jobs running on
> > openstack
> > > infrastructure? (can't seem to find much
> > > http://codesearch.openstack.org/?q=salt=nope=zuul%
> > 2Flayout.yaml=project-config)
> > >
> > > I'll stop here and switch to #openstack-salt channel to help work you
> > > all through if there is a consensus/willingness from the
> > > openstack-salt team that there's significant work to be done. If you
> > > think you are better off not on the governance, that would be your
> > > call as well.
> > >
> > > 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Mike Perez]

On 13:17 Sep 21, Rob C wrote:
> For my part, I missed the elections, that's my bad. I normally put a
> calendar item in for that issue. I don't think that my missing the election
> date should result in the group being treated in this way. Members of the
> TC have contacted me about unrelated things recently, I have always been
> available however my schedule has made it hard for me to sift through -dev
> recently and I missed the volley of nomination emails. This is certainly a
> failing on my part.
> 
> It's certainly true that the security team, and our cores tend not to pay
> as much attention to the -dev mailing list as we should. The list is pretty
> noisy and  traditionally we always had a separate list that we used for
> security and since moving away from that we tend to focus on IRC or direct
> emails. Though as can be seen with our core announcements etc, we do try to
> do things the "openstack way"

Yes the list can be a bit much. I write a digest of some important threads from
the list. For example the elections being open:

http://www.openstack.org/blog/2016/09/openstack-developer-mailing-list-digest-20160916/

-- 
Mike Perez

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Rob C]

I wanted to provide a quick update from Security.

We had our weekly IRC meeting yesterday, dhellman was kind enough to attend
to help broker some of the discussion. In advance of the meeting I prepared
a blog post where I tried to articulate my position and where I think
things need to go next [1]. This was discussed at length during the IRC
meeting [2]. We discussed the option of becoming a WG or staying in the big
tent, this resulted in a vote, where the team all indicated their desire to
stay within the big tent.

My proposal for the future is outlined in some depth with [1] but the
summary is that we've identified the areas that we need to improve on in
order to be better members of the community, we want to stay within the
big-tent and for me to maintain leadership through this transformational
process with a view to having multiple candidates stand in the next
election.

Cheers
-Rob

[1]
https://openstack-security.github.io/organization/2016/09/22/maturing-the-security-project.html
[2]
http://eavesdrop.openstack.org/meetings/security/2016/security.2016-09-22-17.00.log.html

On Fri, Sep 23, 2016 at 4:23 AM, Davanum Srinivas  wrote:

> Steven,
>
> Fair point.
>
> Thanks,
> Dims
>
> On Thu, Sep 22, 2016 at 11:04 PM, Steven Dake (stdake) 
> wrote:
> > Dims,
> >
> > This isn’t any of my particular business except it could affect emerging
> technology projects (which I find important to OpenStack’s future)
> negatively – so I thought I’d chime in.
> >
> > A lack of activity in a specs repo doesn’t mean much to me.  For
> example, as Kolla was an emerging project we didn’t use any specs process
> at all (or very rarely).  There is a reason behind this. Now that Kolla is
> stable and reliable and we feel we are not an emerging project, we plan to
> make use of a specs repo starting in Ocata.
> >
> > I have no particular concerns with the other commentary – but please
> don’t judge a project by activity or lack of activity in one repo of its
> deliverables.  Judge it holistically (You are judging holistically.  I
> believe a lack of one repo’s activity shouldn’t be part of that judgement).
> >
> > Regards
> > -steve
> >
> >
> > On 9/21/16, 2:08 PM, "Davanum Srinivas"  wrote:
> >
> > Jakub,
> >
> > Please see below.
> >
> > On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik <
> jakub.pav...@tcpcloud.eu> wrote:
> > > Hello all,
> > >
> > > it took us 2 years of hard working to get these official.
> OpenStack-Salt is
> > > now used by around 40 production deployments and it is focused
> very on
> > > operation and popularity is growing. You are removing the project
> week after
> > > one of top contributor announced that they will use that as part of
> > > solution. We made a mistakes, however I do not think that is
> reason to
> > > remove us. I do no think that quality of the project is measured
> like this.
> > > Our PTL got ill and did not do properly his job for last 3 weeks,
> but this
> > > can happen anybody.
> > >
> > >  It is up to you. If you think that we are useless for community,
> then
> > > remove us and we will have to continue outside of this community.
> However
> > > growing successful use cases will not be under official openstack
> community,
> > > which makes my feeling bad.
> >
> > Data points so far are:
> > 1. No response during Barcelona planning for rooms
> > 2. Lack of candidates for PTL election
> > 3. No activity in the releases/ repository hence no entries in
> > https://releases.openstack.org/
> > 4. Meetings are not so regular?
> > http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> (supposed
> > to be weekly)
> > 5. Is the specs repo really active?
> > http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> > work being done elsewhere?
> > 6. Is there an effort to add stuff to the CI jobs running on
> openstack
> > infrastructure? (can't seem to find much
> > http://codesearch.openstack.org/?q=salt=nope=zuul%
> 2Flayout.yaml=project-config)
> >
> > I'll stop here and switch to #openstack-salt channel to help work you
> > all through if there is a consensus/willingness from the
> > openstack-salt team that there's significant work to be done. If you
> > think you are better off not on the governance, that would be your
> > call as well.
> >
> > Thanks,
> > Dims
> >
> > > Thanks,
> > >
> > > Jakub
> > >
> > >
> > > On 21.9.2016 21:03, Doug Hellmann wrote:
> > >>
> > >> Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42
> +0200:
> > >>>
> > >>> On 2016/09/21 13:23, Doug Hellmann wrote:
> > 
> >  The idea of splitting the contributor list comes up pretty
> regularly
> >  and we rehash the same suggestions each time.  Given that what
> we
> >  have now worked fine for 57 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Davanum Srinivas]

Steven,

Fair point.

Thanks,
Dims

On Thu, Sep 22, 2016 at 11:04 PM, Steven Dake (stdake)  wrote:
> Dims,
>
> This isn’t any of my particular business except it could affect emerging 
> technology projects (which I find important to OpenStack’s future) negatively 
> – so I thought I’d chime in.
>
> A lack of activity in a specs repo doesn’t mean much to me.  For example, as 
> Kolla was an emerging project we didn’t use any specs process at all (or very 
> rarely).  There is a reason behind this. Now that Kolla is stable and 
> reliable and we feel we are not an emerging project, we plan to make use of a 
> specs repo starting in Ocata.
>
> I have no particular concerns with the other commentary – but please don’t 
> judge a project by activity or lack of activity in one repo of its 
> deliverables.  Judge it holistically (You are judging holistically.  I 
> believe a lack of one repo’s activity shouldn’t be part of that judgement).
>
> Regards
> -steve
>
>
> On 9/21/16, 2:08 PM, "Davanum Srinivas"  wrote:
>
> Jakub,
>
> Please see below.
>
> On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik  
> wrote:
> > Hello all,
> >
> > it took us 2 years of hard working to get these official. 
> OpenStack-Salt is
> > now used by around 40 production deployments and it is focused very on
> > operation and popularity is growing. You are removing the project week 
> after
> > one of top contributor announced that they will use that as part of
> > solution. We made a mistakes, however I do not think that is reason to
> > remove us. I do no think that quality of the project is measured like 
> this.
> > Our PTL got ill and did not do properly his job for last 3 weeks, but 
> this
> > can happen anybody.
> >
> >  It is up to you. If you think that we are useless for community, then
> > remove us and we will have to continue outside of this community. 
> However
> > growing successful use cases will not be under official openstack 
> community,
> > which makes my feeling bad.
>
> Data points so far are:
> 1. No response during Barcelona planning for rooms
> 2. Lack of candidates for PTL election
> 3. No activity in the releases/ repository hence no entries in
> https://releases.openstack.org/
> 4. Meetings are not so regular?
> http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
> to be weekly)
> 5. Is the specs repo really active?
> http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> work being done elsewhere?
> 6. Is there an effort to add stuff to the CI jobs running on openstack
> infrastructure? (can't seem to find much
> 
> http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)
>
> I'll stop here and switch to #openstack-salt channel to help work you
> all through if there is a consensus/willingness from the
> openstack-salt team that there's significant work to be done. If you
> think you are better off not on the governance, that would be your
> call as well.
>
> Thanks,
> Dims
>
> > Thanks,
> >
> > Jakub
> >
> >
> > On 21.9.2016 21:03, Doug Hellmann wrote:
> >>
> >> Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:
> >>>
> >>> On 2016/09/21 13:23, Doug Hellmann wrote:
> 
>  The idea of splitting the contributor list comes up pretty regularly
>  and we rehash the same suggestions each time.  Given that what we
>  have now worked fine for 57 of the 59 offical teams (the Astara
>  team knew in advance it would not have a PTL running, and Piet had
>  some sort of technical issue submitting his candidacy for the UX
>  team), I'm not yet convinced that we need to make large-scale changes
>  to our community communication standard practices in support of the
>  2 remaining teams.
> 
>  That's not to say that the system we have now is perfect, but we
>  can't realistically support multiple systems at the same time.  We
>  need everyone to use the same system, otherwise we have (even more)
>  fragmented communication. So, we either need everyone to agree to
>  some new system and then have people step forward to implement it,
>  or we need to all agree to do our best to use the system we have
>  in place now.
> >>>
> >>> I think it may work as is (with proper mail filters), but as someone
> >>> already
> >>> mentioned in this thread it would be better to have someone more
> >>> experienced
> >>> in Openstack community projects as a core team member or PTL to catch 
> all
> >>> these things otherwise it may happen that inexperienced PTL/team just
> >>> miss
> >>> something like now.
> >>
> >> If the team needs help, 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Steven Dake (stdake)]

Dims,

This isn’t any of my particular business except it could affect emerging 
technology projects (which I find important to OpenStack’s future) negatively – 
so I thought I’d chime in.

A lack of activity in a specs repo doesn’t mean much to me.  For example, as 
Kolla was an emerging project we didn’t use any specs process at all (or very 
rarely).  There is a reason behind this. Now that Kolla is stable and reliable 
and we feel we are not an emerging project, we plan to make use of a specs repo 
starting in Ocata.

I have no particular concerns with the other commentary – but please don’t 
judge a project by activity or lack of activity in one repo of its 
deliverables.  Judge it holistically (You are judging holistically.  I believe 
a lack of one repo’s activity shouldn’t be part of that judgement).

Regards
-steve


On 9/21/16, 2:08 PM, "Davanum Srinivas"  wrote:

Jakub,

Please see below.

On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik  
wrote:
> Hello all,
>
> it took us 2 years of hard working to get these official. OpenStack-Salt 
is
> now used by around 40 production deployments and it is focused very on
> operation and popularity is growing. You are removing the project week 
after
> one of top contributor announced that they will use that as part of
> solution. We made a mistakes, however I do not think that is reason to
> remove us. I do no think that quality of the project is measured like 
this.
> Our PTL got ill and did not do properly his job for last 3 weeks, but this
> can happen anybody.
>
>  It is up to you. If you think that we are useless for community, then
> remove us and we will have to continue outside of this community. However
> growing successful use cases will not be under official openstack 
community,
> which makes my feeling bad.

Data points so far are:
1. No response during Barcelona planning for rooms
2. Lack of candidates for PTL election
3. No activity in the releases/ repository hence no entries in
https://releases.openstack.org/
4. Meetings are not so regular?
http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
to be weekly)
5. Is the specs repo really active?
http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
work being done elsewhere?
6. Is there an effort to add stuff to the CI jobs running on openstack
infrastructure? (can't seem to find much

http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)

I'll stop here and switch to #openstack-salt channel to help work you
all through if there is a consensus/willingness from the
openstack-salt team that there's significant work to be done. If you
think you are better off not on the governance, that would be your
call as well.

Thanks,
Dims

> Thanks,
>
> Jakub
>
>
> On 21.9.2016 21:03, Doug Hellmann wrote:
>>
>> Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:
>>>
>>> On 2016/09/21 13:23, Doug Hellmann wrote:

 The idea of splitting the contributor list comes up pretty regularly
 and we rehash the same suggestions each time.  Given that what we
 have now worked fine for 57 of the 59 offical teams (the Astara
 team knew in advance it would not have a PTL running, and Piet had
 some sort of technical issue submitting his candidacy for the UX
 team), I'm not yet convinced that we need to make large-scale changes
 to our community communication standard practices in support of the
 2 remaining teams.

 That's not to say that the system we have now is perfect, but we
 can't realistically support multiple systems at the same time.  We
 need everyone to use the same system, otherwise we have (even more)
 fragmented communication. So, we either need everyone to agree to
 some new system and then have people step forward to implement it,
 or we need to all agree to do our best to use the system we have
 in place now.
>>>
>>> I think it may work as is (with proper mail filters), but as someone
>>> already
>>> mentioned in this thread it would be better to have someone more
>>> experienced
>>> in Openstack community projects as a core team member or PTL to catch 
all
>>> these things otherwise it may happen that inexperienced PTL/team just
>>> miss
>>> something like now.
>>
>> If the team needs help, please ask for it. We should be able to find
>> someone to do a little mentoring and provide some guidance.
>>
>>> Still I don't think it's such a big issue to just fire project from Big
>>> Tent -
>>> who will benefit from that? Again someone already mentioned what will it
>>> mean

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Anita Kuno]

On 16-09-21 01:11 PM, Doug Hellmann wrote:

Excerpts from Clint Byrum's message of 2016-09-21 08:56:24 -0700:

Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:

Hello,

it's definately our bad that we missed elections in OpenStackSalt
project. Reason is similar to Rob's - we are active on different
channels (mostly IRC as we keep regular meetings) and don't used to
reading mailing lists with lots of generic topics (it would be good to
have separate mailing list for such calls and critical topics or
individual mails to project's core members).

Our project is very active [1], trying to do things the Openstack way
and I think it would be a pitty to remove it from Big Tent just because
we missed mail and therefore our first PTL election.

Of course I don't want to excuse our fault. In case it's not too late,
we will try to be more active in mailing lists like openstack-dev and
not miss such important events next time.

[1] http://stackalytics.com/?module=openstacksalt-group


Seems like we need a bit added to this process which makes sure big tent
projects have their primary IRC channel identified, and a list of core
reviewer and meeting chair IRC nicks to ping when something urgent comes
up. This isn't just useful for elections, but is probably something the
VMT would appreciate as well, and likely anyone else who has an urgent
need to make contact with a team.

IRC channels are listed on team pages on governance.o.o. For example:
http://governance.openstack.org/reference/projects/openstacksalt.html

Core reviewers are accessible through gerrit. For example,
https://review.openstack.org/#/admin/projects/openstack/openstack-salt,access
leads to https://review.openstack.org/#/admin/groups/1268,members

Meeting chair nicks are available on eavesdrop.o.o. For example,
http://eavesdrop.openstack.org/#OpenStack_Salt_Team_Meeting

It might make sense to automate pulling that information together into a
single page somewhere, maybe the team page on governance.o.o.

The larger point is that the community expects teams to be paying
attention to the cycle schedule and taking care of the actions expected
without being individually asked to do so.


I think it might also be useful if we could make the meeting bot remind
teams of any pending actions they need to take such as elections upon
#startmeeting.

I could see that being useful, yes.


Seems like all of that could be automated.


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


I am not convinced this situation arose due to lack of available 
information.


Thank you,
Anita.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Ian Cordasco]

 

-Original Message-
From: Filip Pytloun 
Reply: OpenStack Development Mailing List (not for usage questions) 

Date: September 22, 2016 at 10:34:00
To: OpenStack Development Mailing List (not for usage questions) 

Subject:  Re: [openstack-dev] [security] [salt] Removal of Security and 
OpenStackSalt project teams from the Big Tent

> Thank you for your feedback - this is first one since we joined Big Tent
> and very useful.
>  
> On 2016/09/21 17:08, Davanum Srinivas wrote:
> > Data points so far are:
> > 1. No response during Barcelona planning for rooms
> > 2. Lack of candidates for PTL election
> > 3. No activity in the releases/ repository hence no entries in
> > https://releases.openstack.org/
>  
> First releases were done during project move and it seems this was
> forgotten. Anyway there's new release planned to be done.
>  
> > 4. Meetings are not so regular?
> > http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
> > to be weekly)
>  
> There was decreased activity last few months mostly because one of
> members who was leading these meetings temporarily disconnected from the
> project and because there wasn't anything on agenda to discuss. Still
> these meetings were taken at least 1~2x a month which seemed to be
> sufficient.
>  
> > 5. Is the specs repo really active?
> > http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> > work being done elsewhere?
>  
> Very excessive documentation and other info is at separate developer
> pages: http://docs.openstack.org/developer/openstack-salt/
> There should be surely new record in specs after new release is made.
>  
> > 6. Is there an effort to add stuff to the CI jobs running on openstack
> > infrastructure? (can't seem to find much
> > http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)
> >   
>  
> There are tests already doing mostly linting (running states in
> dry-run). More complex tests are in progress but it takes some time
> mostly because used technology is a little bit controversial (there's no
> usable standard in saltstack community yet).
>  
> >
> > I'll stop here and switch to #openstack-salt channel to help work you
> > all through if there is a consensus/willingness from the
> > openstack-salt team that there's significant work to be done. If you
> > think you are better off not on the governance, that would be your
> > call as well.
>  
> I think we are going to fix things, to summarize:
>  
> - make new release for Newton + update specs
> - elect new PTL
> - be more active in openstack-dev mailing list (maybe also have
> separate ML just for our team?)

Some teams have had separate mailing lists but that's never worked to help them 
integrate better with the OpenStack community. You'd better serve yourself in 
this matter if you commit to just using openstack-dev.

> If there's more we can do, we are available at Freenode/#openstack-salt.

You might also be available elsewhere as Anita has pointed out. If you want to 
be part of the Big Tent, you have to make the effort to bridge the gaps.

--  
Ian Cordasco


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Anita Kuno]

On 16-09-22 11:32 AM, Filip Pytloun wrote:

If there's more we can do, we are available at Freenode/#openstack-salt.
I think this right here is your issue. Believing it is the 
responsibility of the tc or other leaders to find you. It isn't.


Be available on #openstack-dev at the very least.

Anita.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Filip Pytloun]

Thank you for your feedback - this is first one since we joined Big Tent
and very useful.

On 2016/09/21 17:08, Davanum Srinivas wrote:
> Data points so far are:
> 1. No response during Barcelona planning for rooms
> 2. Lack of candidates for PTL election
> 3. No activity in the releases/ repository hence no entries in
> https://releases.openstack.org/

First releases were done during project move and it seems this was
forgotten. Anyway there's new release planned to be done.

> 4. Meetings are not so regular?
> http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
> to be weekly)

There was decreased activity last few months mostly because one of
members who was leading these meetings temporarily disconnected from the
project and because there wasn't anything on agenda to discuss. Still
these meetings were taken at least 1~2x a month which seemed to be
sufficient.

> 5. Is the specs repo really active?
> http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
> work being done elsewhere?

Very excessive documentation and other info is at separate developer
pages: http://docs.openstack.org/developer/openstack-salt/
There should be surely new record in specs after new release is made.

> 6. Is there an effort to add stuff to the CI jobs running on openstack
> infrastructure? (can't seem to find much
> http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)

There are tests already doing mostly linting (running states in
dry-run). More complex tests are in progress but it takes some time
mostly because used technology is a little bit controversial (there's no
usable standard in saltstack community yet).

> 
> I'll stop here and switch to #openstack-salt channel to help work you
> all through if there is a consensus/willingness from the
> openstack-salt team that there's significant work to be done. If you
> think you are better off not on the governance, that would be your
> call as well.

I think we are going to fix things, to summarize:

 - make new release for Newton + update specs
 - elect new PTL
 - be more active in openstack-dev mailing list (maybe also have
   separate ML just for our team?)

If there's more we can do, we are available at Freenode/#openstack-salt.

-- 
Filip Pytloun
Cloud Architect
 
[tcp ◕ cloud]
 
tcp cloud a.s.
Thamova 16, 180 00  Prague 8
 
Mobile: +420 776 004 323
E-mail: filip.pytl...@tcpcloud.eu
GPG:3802 93B1 6CA8 C7A0 695B  8B28 6808 239B 9C72 E61B
Web:http://www.opentcpcloud.org/


signature.asc
Description: Digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Anita Kuno]

On 16-09-21 05:08 PM, Davanum Srinivas wrote:

Jakub,

Please see below.

On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik  wrote:

Hello all,

it took us 2 years of hard working to get these official. OpenStack-Salt is
now used by around 40 production deployments and it is focused very on
operation and popularity is growing. You are removing the project week after
one of top contributor announced that they will use that as part of
solution. We made a mistakes, however I do not think that is reason to
remove us. I do no think that quality of the project is measured like this.
Our PTL got ill and did not do properly his job for last 3 weeks, but this
can happen anybody.

  It is up to you. If you think that we are useless for community, then
remove us and we will have to continue outside of this community. However
growing successful use cases will not be under official openstack community,
which makes my feeling bad.

Data points so far are:
1. No response during Barcelona planning for rooms
2. Lack of candidates for PTL election
3. No activity in the releases/ repository hence no entries in
https://releases.openstack.org/
4. Meetings are not so regular?
http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
to be weekly)
5. Is the specs repo really active?
http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
work being done elsewhere?
6. Is there an effort to add stuff to the CI jobs running on openstack
infrastructure? (can't seem to find much
http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)

I'll stop here and switch to #openstack-salt channel to help work you
all through if there is a consensus/willingness from the
openstack-salt team that there's significant work to be done. If you
think you are better off not on the governance, that would be your
call as well.

Thanks,
Dims


Thanks,

Jakub


On 21.9.2016 21:03, Doug Hellmann wrote:

Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:

On 2016/09/21 13:23, Doug Hellmann wrote:

The idea of splitting the contributor list comes up pretty regularly
and we rehash the same suggestions each time.  Given that what we
have now worked fine for 57 of the 59 offical teams (the Astara
team knew in advance it would not have a PTL running, and Piet had
some sort of technical issue submitting his candidacy for the UX
team), I'm not yet convinced that we need to make large-scale changes
to our community communication standard practices in support of the
2 remaining teams.

That's not to say that the system we have now is perfect, but we
can't realistically support multiple systems at the same time.  We
need everyone to use the same system, otherwise we have (even more)
fragmented communication. So, we either need everyone to agree to
some new system and then have people step forward to implement it,
or we need to all agree to do our best to use the system we have
in place now.

I think it may work as is (with proper mail filters), but as someone
already
mentioned in this thread it would be better to have someone more
experienced
in Openstack community projects as a core team member or PTL to catch all
these things otherwise it may happen that inexperienced PTL/team just
miss
something like now.

If the team needs help, please ask for it. We should be able to find
someone to do a little mentoring and provide some guidance.


Still I don't think it's such a big issue to just fire project from Big
Tent -
who will benefit from that? Again someone already mentioned what will it
mean
for such team (loss of potencial developers, etc.).
Moreover for teams who are actively working on project as it seems that
both
OpenStackSalt and Security teams do.

Signing up to be a part of the big tent is not free. Membership comes
with expectations and obligations. Failing to meet those may be an
indication that the team isn't ready, or that membership is not a good
fit.


And I thought that real work on a project is our primary goal.. this
situation
is like loosing job when I left dirty coffee cup at my workspace.

I hope you consider team leadership and community participation to
be more important than your analogy implies.

Doug


Did your release liaison follow the instructions to make that happen?
http://git.openstack.org/cgit/openstack/releases/tree/README.rst

That seems to be the reason. There was new release planned with support
for
containerized deployment which would follow that guide (as first releases
were
done during/shortly after openstack-salt move to Big Tent).
As mentioned above - more experienced PTL would be helpful here and we
are
currently talking with people who could fit that position.


I see no emails tagged with [salt] on the mailing list since March of
this year, aside from this thread. Are you using a different communication
channel for team coordination? You mention IRC, but how are new contributors
expected to find you?

Yes, we are using openstack-salt 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Travis McPeak]

"My answer would be -that- is the most ideal scenario. I care about
OpenStack and ensuring quality projects have adequate representation so I
checked to see which ones didn't have anyone defined for leadership and
picked one to step in and help, assuming no one was able to fill that role
for that specific cycle."

Ahh gotcha.  Thanks Adam.  We definitely welcome your advice and help
with socializing our activities and becoming more integrated with the
community.  I think Ian (sigmavirus) is similarly interested.  I look
forward to working with both of you.

-- 
-Travis
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Jeremy Stanley]

On 2016-09-21 22:53:10 +0100 (+0100), Dave Walker wrote:
> On 21 September 2016 at 22:41, Kyle Mestery  wrote:
> > On Wed, Sep 21, 2016 at 3:35 PM, Thierry Carrez  
> > wrote:
> > > I privately received information that explains why the PTL was
> > > not on top of things during election weeks. With ~60 teams
> > > around there will always be one or two that miss and that we
> > > must check on. It /always/ is symptomatic of /some/
> > > disconnect. But here I'm not sure it passes the bar of
> > > "non-alignment with the community" that would make the
> > > Security team unfit to be an official OpenStack team...
> > 
> > I agree, and in times like this, it's best to use common sense
> > rather than trying to have a rule to fit everything into. In
> > this case, Rob and the security team have put forth an
> > explanation of what happened, I fail to see how removing them
> > after this does anything other than foster bad will. I would
> > vote to keep the security team around at this point.
> 
> I feel bad quoting policy here... but we do have prior art for
> this... If we look at resolution, "2014-11-28 Process for
> Leaderless Programs"[0], we have policy for *exactly* this
> situation.. which should probably have been the first action
> rather than considering a new resolution.
> 
> For reference:
> 
>1. Programs without a minimum of one eligible candidate are
>identified to the Technical Committee by the Election
>Officials, as soon as possible after the nomination period has
>expired.
>2. The Technical Committee can appoint a leader to any programs
>in this situation, by mutual agreement of the Technical
>Committee and the proposed appointee.
[...]

I'm not certain what "new resolution" you're referring to in this
case, as it seemed to me the TC was attempting to follow the
guidelines you've quoted. Of the four teams which lacked PTLs, one
was made unofficial, one had a suitable PTL volunteer confirmed by
the TC, and two were deferred for further discussion due to
insufficient information about their situations.

Note it says "CAN appoint a leader" [emphasis mine]. The situation
was discussed by the TC in their meeting yesterday[*], and
what was asked was whether in these specific cases they SHOULD do
this, or resolve it by freeing the teams in question to operate
outside TC authority (by making them unofficial from a governance
perspective). Both are valid options for the TC as our governing
body, and each option is perhaps more applicable to some of the
teams in this situation than others. For the teams where the outcome
was not already certain, and no representative of the team was
present at the meeting for discussion about who should be appointed
PTL, the chair agreed to start an ML thread proposing returning
those teams to an unofficial state to gauge whether that was an
acceptable outcome from the perspective of our community.

As far as I know, the TC is allowed to remove official status from
any team at any time. Until "2014-11-28 Process for Leaderless
Programs" was passed, removal was basically their only accepted
option for dealing with teams that lacked a PTL. That resolution
gave them the _additional_ option of appointing a PTL volunteer.

[*] 
http://eavesdrop.openstack.org/meetings/tc/2016/tc.2016-09-20-20.01.log.html#l-342
-- 
Jeremy Stanley

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Dave Walker's message of 2016-09-21 22:53:10 +0100:
> On 21 September 2016 at 22:41, Kyle Mestery  wrote:
> 
> > On Wed, Sep 21, 2016 at 3:35 PM, Thierry Carrez 
> > wrote:
> > > Chivers, Doug wrote:
> > >> My concern is with the original wording “The suggested way forward
> > there would be to remove the "Security project team"”.
> > >>
> > >> This seems like a move to instantly reduce investment in OpenStack
> > security, because the majority of members of the Security Project are
> > corporately funded, which will be significantly impacted by the removal of
> > the security project. I have no knowledge over the difference between a
> > working group and a project, like everyone else on the project we are
> > simply here to contribute to OpenStack security, drive innovation in
> > security, deliver documentation like OSSNs, etc, rather than get involved
> > in the politics of OpenStack.
> > >>
> > >> In response to the various questions of why no-one from our project
> > noticed that we didn’t have a nomination for the PTL, we assumed that was
> > taken care of. Realistically maybe two or three people on the security
> > project have the availability to be PTL, one being our current PTL, for all
> > the rest of us its simply not a concern until we need to vote.
> > >>
> > >> On a personal note, reading –dev is unfortunately a lower priority than
> > designing architectures, responding to customers and sales teams, closing
> > tickets, writing decks and on the afternoon or so I can spend each week,
> > working on my upstream projects (this week it was:
> > https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team
> > for all their work). Possibly this is wrong, but I didn’t sign up as a
> > contributor to spend all my spare time reading mailing lists.
> > >
> > > So while I still think there is a slight disconnect (like, members of
> > > the security team are less often involved in other teams) that results
> > > in the Security team being more likely to miss the very few process
> > > deadlines that apply to them, I'm not convinced it justifies removing
> > > the "official" status of the team and make it a workgroup.
> > >
> > > I privately received information that explains why the PTL was not on
> > > top of things during election weeks. With ~60 teams around there will
> > > always be one or two that miss and that we must check on. It /always/ is
> > > symptomatic of /some/ disconnect. But here I'm not sure it passes the
> > > bar of "non-alignment with the community" that would make the Security
> > > team unfit to be an official OpenStack team...
> > >
> > I agree, and in times like this, it's best to use common sense rather
> > than trying to have a rule to fit everything into. In this case, Rob
> > and the security team have put forth an explanation of what happened,
> > I fail to see how removing them after this does anything other than
> > foster bad will. I would vote to keep the security team around at this
> > point.
> >
> >
> I feel bad quoting policy here... but we do have prior art for this... If
> we look at resolution, "2014-11-28 Process for Leaderless Programs"[0], we
> have policy for *exactly* this situation.. which should probably have been
> the first action rather than considering a new resolution.
> 
> For reference:
> 
>1. Programs without a minimum of one eligible candidate are identified
>to the Technical Committee by the Election Officials, as soon as possible
>after the nomination period has expired.
>2. The Technical Committee can appoint a leader to any programs in this
>situation, by mutual agreement of the Technical Committee and the proposed
>appointee.
>3. The appointed leader has all the same obligations and
>responsibilities as a self-nominated elected Program Technical Lead.
> 
> [0]
> http://governance.openstack.org/resolutions/20141128-elections-process-for-leaderless-programs.html
> 

That process is one possible outcome. It is meant for extreme
circumstances, but not as a failsafe to allow teams to bypass the
normal participation in elections.  It was started with the UX team,
where there was a clear candidate.  For the teams where no one
replied to queries before the TC meeting this week, we had no
candidates to appoint.  This and other threads on the topic have
produced candidates and, assuming they signal their intent to serve
clearly, we can move ahead.

Doug

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Dave Walker]

On 21 September 2016 at 22:41, Kyle Mestery  wrote:

> On Wed, Sep 21, 2016 at 3:35 PM, Thierry Carrez 
> wrote:
> > Chivers, Doug wrote:
> >> My concern is with the original wording “The suggested way forward
> there would be to remove the "Security project team"”.
> >>
> >> This seems like a move to instantly reduce investment in OpenStack
> security, because the majority of members of the Security Project are
> corporately funded, which will be significantly impacted by the removal of
> the security project. I have no knowledge over the difference between a
> working group and a project, like everyone else on the project we are
> simply here to contribute to OpenStack security, drive innovation in
> security, deliver documentation like OSSNs, etc, rather than get involved
> in the politics of OpenStack.
> >>
> >> In response to the various questions of why no-one from our project
> noticed that we didn’t have a nomination for the PTL, we assumed that was
> taken care of. Realistically maybe two or three people on the security
> project have the availability to be PTL, one being our current PTL, for all
> the rest of us its simply not a concern until we need to vote.
> >>
> >> On a personal note, reading –dev is unfortunately a lower priority than
> designing architectures, responding to customers and sales teams, closing
> tickets, writing decks and on the afternoon or so I can spend each week,
> working on my upstream projects (this week it was:
> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team
> for all their work). Possibly this is wrong, but I didn’t sign up as a
> contributor to spend all my spare time reading mailing lists.
> >
> > So while I still think there is a slight disconnect (like, members of
> > the security team are less often involved in other teams) that results
> > in the Security team being more likely to miss the very few process
> > deadlines that apply to them, I'm not convinced it justifies removing
> > the "official" status of the team and make it a workgroup.
> >
> > I privately received information that explains why the PTL was not on
> > top of things during election weeks. With ~60 teams around there will
> > always be one or two that miss and that we must check on. It /always/ is
> > symptomatic of /some/ disconnect. But here I'm not sure it passes the
> > bar of "non-alignment with the community" that would make the Security
> > team unfit to be an official OpenStack team...
> >
> I agree, and in times like this, it's best to use common sense rather
> than trying to have a rule to fit everything into. In this case, Rob
> and the security team have put forth an explanation of what happened,
> I fail to see how removing them after this does anything other than
> foster bad will. I would vote to keep the security team around at this
> point.
>
>
I feel bad quoting policy here... but we do have prior art for this... If
we look at resolution, "2014-11-28 Process for Leaderless Programs"[0], we
have policy for *exactly* this situation.. which should probably have been
the first action rather than considering a new resolution.

For reference:

   1. Programs without a minimum of one eligible candidate are identified
   to the Technical Committee by the Election Officials, as soon as possible
   after the nomination period has expired.
   2. The Technical Committee can appoint a leader to any programs in this
   situation, by mutual agreement of the Technical Committee and the proposed
   appointee.
   3. The appointed leader has all the same obligations and
   responsibilities as a self-nominated elected Program Technical Lead.

[0]
http://governance.openstack.org/resolutions/20141128-elections-process-for-leaderless-programs.html


--
Kind Regards,
Dave Walker
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Kyle Mestery]

On Wed, Sep 21, 2016 at 3:35 PM, Thierry Carrez  wrote:
> Chivers, Doug wrote:
>> My concern is with the original wording “The suggested way forward there 
>> would be to remove the "Security project team"”.
>>
>> This seems like a move to instantly reduce investment in OpenStack security, 
>> because the majority of members of the Security Project are corporately 
>> funded, which will be significantly impacted by the removal of the security 
>> project. I have no knowledge over the difference between a working group and 
>> a project, like everyone else on the project we are simply here to 
>> contribute to OpenStack security, drive innovation in security, deliver 
>> documentation like OSSNs, etc, rather than get involved in the politics of 
>> OpenStack.
>>
>> In response to the various questions of why no-one from our project noticed 
>> that we didn’t have a nomination for the PTL, we assumed that was taken care 
>> of. Realistically maybe two or three people on the security project have the 
>> availability to be PTL, one being our current PTL, for all the rest of us 
>> its simply not a concern until we need to vote.
>>
>> On a personal note, reading –dev is unfortunately a lower priority than 
>> designing architectures, responding to customers and sales teams, closing 
>> tickets, writing decks and on the afternoon or so I can spend each week, 
>> working on my upstream projects (this week it was: 
>> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team for 
>> all their work). Possibly this is wrong, but I didn’t sign up as a 
>> contributor to spend all my spare time reading mailing lists.
>
> So while I still think there is a slight disconnect (like, members of
> the security team are less often involved in other teams) that results
> in the Security team being more likely to miss the very few process
> deadlines that apply to them, I'm not convinced it justifies removing
> the "official" status of the team and make it a workgroup.
>
> I privately received information that explains why the PTL was not on
> top of things during election weeks. With ~60 teams around there will
> always be one or two that miss and that we must check on. It /always/ is
> symptomatic of /some/ disconnect. But here I'm not sure it passes the
> bar of "non-alignment with the community" that would make the Security
> team unfit to be an official OpenStack team...
>
I agree, and in times like this, it's best to use common sense rather
than trying to have a rule to fit everything into. In this case, Rob
and the security team have put forth an explanation of what happened,
I fail to see how removing them after this does anything other than
foster bad will. I would vote to keep the security team around at this
point.

> --
> Thierry Carrez (ttx)
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Jeremy Stanley]

On 2016-09-21 10:18:58 -0700 (-0700), Morgan Fainberg wrote:
[...]
> For what it is worth the VMT had some discussion about this and in the case
> the security team was/is dissolved/moved to a WG we will take some action
> and make some proposals to handle the situation so we have a nice place to
> continue within the community. One idea that was floated would be to become
> our own small (release team sized) team.

Well, just to be clear, if the current team providing a home to the
VMT became unofficial, I doubt the VMT itself would operate any
differently than today. It's a (necessarily) small group of people
with existing cross-project ties to other official teams in
OpenStack. The authority it has comes from involvement of its
members throughout the community the function they perform, not from
any sort of official mandate.

That said, I appreciate and applaud the efforts of the Security Team
and believe that the VMT's choice to align itself with them has
provided a beneficial relationship. The Security Team provides
valuable operations/deployment-specific insight into embargoed
issues where the VMT often struggles to appropriately gauge impact
severity and scope, they have been very helpfully documenting
reported shortcomings in OpenStack which require special care and
attention from downstream consumers, and they're working on ways to
evaluate OpenStack software to make it easier for the VMT to support
through both automated exploration and more conceptual risk
documentation.

> However, if security is continuing to exist, I am content to stay where we
> are (I cannot speak to the views of Fungi, Tristan, and Grant though).

Yes, I concur. When I saw that the Security Team lacked a PTL
nominee, I did not nominate myself primarily because I don't
regularly attend its weekly meetings nor participate in development
of any of its outputs beyond what intersects with VMT needs (though
also I'm not confident I could wear two PTL hats effectively, unlike
some superhumans in our community).
-- 
Jeremy Stanley


signature.asc
Description: Digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Davanum Srinivas]

Jakub,

Please see below.

On Wed, Sep 21, 2016 at 3:46 PM, Jakub Pavlik  wrote:
> Hello all,
>
> it took us 2 years of hard working to get these official. OpenStack-Salt is
> now used by around 40 production deployments and it is focused very on
> operation and popularity is growing. You are removing the project week after
> one of top contributor announced that they will use that as part of
> solution. We made a mistakes, however I do not think that is reason to
> remove us. I do no think that quality of the project is measured like this.
> Our PTL got ill and did not do properly his job for last 3 weeks, but this
> can happen anybody.
>
>  It is up to you. If you think that we are useless for community, then
> remove us and we will have to continue outside of this community. However
> growing successful use cases will not be under official openstack community,
> which makes my feeling bad.

Data points so far are:
1. No response during Barcelona planning for rooms
2. Lack of candidates for PTL election
3. No activity in the releases/ repository hence no entries in
https://releases.openstack.org/
4. Meetings are not so regular?
http://eavesdrop.openstack.org/meetings/openstack_salt/2016/ (supposed
to be weekly)
5. Is the specs repo really active?
http://git.openstack.org/cgit/openstack/openstack-salt-specs/ is the
work being done elsewhere?
6. Is there an effort to add stuff to the CI jobs running on openstack
infrastructure? (can't seem to find much
http://codesearch.openstack.org/?q=salt=nope=zuul%2Flayout.yaml=project-config)

I'll stop here and switch to #openstack-salt channel to help work you
all through if there is a consensus/willingness from the
openstack-salt team that there's significant work to be done. If you
think you are better off not on the governance, that would be your
call as well.

Thanks,
Dims

> Thanks,
>
> Jakub
>
>
> On 21.9.2016 21:03, Doug Hellmann wrote:
>>
>> Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:
>>>
>>> On 2016/09/21 13:23, Doug Hellmann wrote:

 The idea of splitting the contributor list comes up pretty regularly
 and we rehash the same suggestions each time.  Given that what we
 have now worked fine for 57 of the 59 offical teams (the Astara
 team knew in advance it would not have a PTL running, and Piet had
 some sort of technical issue submitting his candidacy for the UX
 team), I'm not yet convinced that we need to make large-scale changes
 to our community communication standard practices in support of the
 2 remaining teams.

 That's not to say that the system we have now is perfect, but we
 can't realistically support multiple systems at the same time.  We
 need everyone to use the same system, otherwise we have (even more)
 fragmented communication. So, we either need everyone to agree to
 some new system and then have people step forward to implement it,
 or we need to all agree to do our best to use the system we have
 in place now.
>>>
>>> I think it may work as is (with proper mail filters), but as someone
>>> already
>>> mentioned in this thread it would be better to have someone more
>>> experienced
>>> in Openstack community projects as a core team member or PTL to catch all
>>> these things otherwise it may happen that inexperienced PTL/team just
>>> miss
>>> something like now.
>>
>> If the team needs help, please ask for it. We should be able to find
>> someone to do a little mentoring and provide some guidance.
>>
>>> Still I don't think it's such a big issue to just fire project from Big
>>> Tent -
>>> who will benefit from that? Again someone already mentioned what will it
>>> mean
>>> for such team (loss of potencial developers, etc.).
>>> Moreover for teams who are actively working on project as it seems that
>>> both
>>> OpenStackSalt and Security teams do.
>>
>> Signing up to be a part of the big tent is not free. Membership comes
>> with expectations and obligations. Failing to meet those may be an
>> indication that the team isn't ready, or that membership is not a good
>> fit.
>>
>>> And I thought that real work on a project is our primary goal.. this
>>> situation
>>> is like loosing job when I left dirty coffee cup at my workspace.
>>
>> I hope you consider team leadership and community participation to
>> be more important than your analogy implies.
>>
>> Doug
>>
 Did your release liaison follow the instructions to make that happen?
 http://git.openstack.org/cgit/openstack/releases/tree/README.rst
>>>
>>> That seems to be the reason. There was new release planned with support
>>> for
>>> containerized deployment which would follow that guide (as first releases
>>> were
>>> done during/shortly after openstack-salt move to Big Tent).
>>> As mentioned above - more experienced PTL would be helpful here and we
>>> are
>>> currently talking with people who could fit that position.
>>>
>> I see no emails tagged with 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Davanum Srinivas]

Please see below.

On Wed, Sep 21, 2016 at 4:35 PM, Thierry Carrez  wrote:
> Chivers, Doug wrote:
>> My concern is with the original wording “The suggested way forward there 
>> would be to remove the "Security project team"”.
>>
>> This seems like a move to instantly reduce investment in OpenStack security, 
>> because the majority of members of the Security Project are corporately 
>> funded, which will be significantly impacted by the removal of the security 
>> project. I have no knowledge over the difference between a working group and 
>> a project, like everyone else on the project we are simply here to 
>> contribute to OpenStack security, drive innovation in security, deliver 
>> documentation like OSSNs, etc, rather than get involved in the politics of 
>> OpenStack.
>>
>> In response to the various questions of why no-one from our project noticed 
>> that we didn’t have a nomination for the PTL, we assumed that was taken care 
>> of. Realistically maybe two or three people on the security project have the 
>> availability to be PTL, one being our current PTL, for all the rest of us 
>> its simply not a concern until we need to vote.
>>
>> On a personal note, reading –dev is unfortunately a lower priority than 
>> designing architectures, responding to customers and sales teams, closing 
>> tickets, writing decks and on the afternoon or so I can spend each week, 
>> working on my upstream projects (this week it was: 
>> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team for 
>> all their work). Possibly this is wrong, but I didn’t sign up as a 
>> contributor to spend all my spare time reading mailing lists.
>
> So while I still think there is a slight disconnect (like, members of
> the security team are less often involved in other teams) that results
> in the Security team being more likely to miss the very few process
> deadlines that apply to them, I'm not convinced it justifies removing
> the "official" status of the team and make it a workgroup.
>
> I privately received information that explains why the PTL was not on
> top of things during election weeks. With ~60 teams around there will
> always be one or two that miss and that we must check on. It /always/ is
> symptomatic of /some/ disconnect. But here I'm not sure it passes the
> bar of "non-alignment with the community" that would make the Security
> team unfit to be an official OpenStack team...

I agree with your assessment Thierry and will support keeping the
Security Team as an official OpenStack Team.

> --
> Thierry Carrez (ttx)
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Charles Neill]

Hello all,

We have our weekly OSSP IRC meeting tomorrow at 1700UTC (1200 Central) in
#openstack-meeting-alt. This thread has raised some important issues, and
we will devote a significant portion of our meeting to discussing them. My
IRC handle is "ccneill" on freenode if you'd like to get in touch with me
there. We are very interested in better integrating with the greater
OpenStack community, and are open to suggestions as to how we might
achieve that going forward.

Cheers,
Charles Neill



On 9/21/16, 15:35, "Thierry Carrez"  wrote:

>Chivers, Doug wrote:
>> My concern is with the original wording “The suggested way forward
>>there would be to remove the "Security project team"”.
>> 
>> This seems like a move to instantly reduce investment in OpenStack
>>security, because the majority of members of the Security Project are
>>corporately funded, which will be significantly impacted by the removal
>>of the security project. I have no knowledge over the difference between
>>a working group and a project, like everyone else on the project we are
>>simply here to contribute to OpenStack security, drive innovation in
>>security, deliver documentation like OSSNs, etc, rather than get
>>involved in the politics of OpenStack.
>> 
>> In response to the various questions of why no-one from our project
>>noticed that we didn’t have a nomination for the PTL, we assumed that
>>was taken care of. Realistically maybe two or three people on the
>>security project have the availability to be PTL, one being our current
>>PTL, for all the rest of us its simply not a concern until we need to
>>vote.
>> 
>> On a personal note, reading –dev is unfortunately a lower priority than
>>designing architectures, responding to customers and sales teams,
>>closing tickets, writing decks and on the afternoon or so I can spend
>>each week, working on my upstream projects (this week it was:
>>https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team
>>for all their work). Possibly this is wrong, but I didn’t sign up as a
>>contributor to spend all my spare time reading mailing lists.
>
>So while I still think there is a slight disconnect (like, members of
>the security team are less often involved in other teams) that results
>in the Security team being more likely to miss the very few process
>deadlines that apply to them, I'm not convinced it justifies removing
>the "official" status of the team and make it a workgroup.
>
>I privately received information that explains why the PTL was not on
>top of things during election weeks. With ~60 teams around there will
>always be one or two that miss and that we must check on. It /always/ is
>symptomatic of /some/ disconnect. But here I'm not sure it passes the
>bar of "non-alignment with the community" that would make the Security
>team unfit to be an official OpenStack team...
>
>-- 
>Thierry Carrez (ttx)
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Thierry Carrez]

Chivers, Doug wrote:
> My concern is with the original wording “The suggested way forward there 
> would be to remove the "Security project team"”. 
> 
> This seems like a move to instantly reduce investment in OpenStack security, 
> because the majority of members of the Security Project are corporately 
> funded, which will be significantly impacted by the removal of the security 
> project. I have no knowledge over the difference between a working group and 
> a project, like everyone else on the project we are simply here to contribute 
> to OpenStack security, drive innovation in security, deliver documentation 
> like OSSNs, etc, rather than get involved in the politics of OpenStack.
> 
> In response to the various questions of why no-one from our project noticed 
> that we didn’t have a nomination for the PTL, we assumed that was taken care 
> of. Realistically maybe two or three people on the security project have the 
> availability to be PTL, one being our current PTL, for all the rest of us its 
> simply not a concern until we need to vote.
> 
> On a personal note, reading –dev is unfortunately a lower priority than 
> designing architectures, responding to customers and sales teams, closing 
> tickets, writing decks and on the afternoon or so I can spend each week, 
> working on my upstream projects (this week it was: 
> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team for 
> all their work). Possibly this is wrong, but I didn’t sign up as a 
> contributor to spend all my spare time reading mailing lists.

So while I still think there is a slight disconnect (like, members of
the security team are less often involved in other teams) that results
in the Security team being more likely to miss the very few process
deadlines that apply to them, I'm not convinced it justifies removing
the "official" status of the team and make it a workgroup.

I privately received information that explains why the PTL was not on
top of things during election weeks. With ~60 teams around there will
always be one or two that miss and that we must check on. It /always/ is
symptomatic of /some/ disconnect. But here I'm not sure it passes the
bar of "non-alignment with the community" that would make the Security
team unfit to be an official OpenStack team...

-- 
Thierry Carrez (ttx)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Thierry Carrez]

Jakub Pavlik wrote:
> it took us 2 years of hard working to get these official. OpenStack-Salt
> is now used by around 40 production deployments and it is focused very
> on operation and popularity is growing. You are removing the project
> week after one of top contributor announced that they will use that as
> part of solution. We made a mistakes, however I do not think that is
> reason to remove us. I do no think that quality of the project is
> measured like this. Our PTL got ill and did not do properly his job for
> last 3 weeks, but this can happen anybody.
> 
>  It is up to you. If you think that we are useless for community, then
> remove us and we will have to continue outside of this community.
> However growing successful use cases will not be under official
> openstack community, which makes my feeling bad.

Note that being in the Big tent as an official project (vs. just being
under te openstack/* namespace as an unofficial ecosystem project) is
not a judgment of value (or usefulness) on the project. It is a judgment
in community alignment. Are you a project produced by the OpenStack
Community ? Are you aligned with the OpenStack mission, do you follow
our principles and processes ?

Missing the Ptl election is a sign of non-alignment with the rest of the
OpenStack community. So is missing the numerous emails I sent over the
last months to ask about Design Summit space. The question now is, are
those signs enough to justify removal the "official" stamp from the team
or not.

I tend to lean towards leniency, but I'm just one vote.

-- 
Thierry Carrez (ttx)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Adam Lawson]

Travis,

My answer would be -that- is the most ideal scenario. I care about
OpenStack and ensuring quality projects have adequate representation so I
checked to see which ones didn't have anyone defined for leadership and
picked one to step in and help, assuming no one was able to fill that role
for that specific cycle.

On Sep 21, 2016 12:06 PM, "Travis McPeak"  wrote:

> "So all this said, there are individuals interested in the PTL role to
> ensure project teams have someone handling the logistics and coordination.
> My issue however was that I was not yet eligible to be a candidate which
> I'll remedy moving forward.
>
> I'm still interested in serving as a PTL for a project that needs one. I
> personally believe that in the case of Security, there needs to be a
> dedicated team due to the nature and impact of security breaches that
> directly influence the perception of OpenStack as a viable cloud solution
> for enterprises looking (or re-looking) at it for the first time."
>
> @Adam we'd certainly appreciate your help staying on top of
>
> required activities, email, etc.  Surely a PTL should be
>
> somebody who has at least been involved in the project?
>
> --
> -Travis
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Jakub Pavlik]

Hello all,

it took us 2 years of hard working to get these official. OpenStack-Salt 
is now used by around 40 production deployments and it is focused very 
on operation and popularity is growing. You are removing the project 
week after one of top contributor announced that they will use that as 
part of solution. We made a mistakes, however I do not think that is 
reason to remove us. I do no think that quality of the project is 
measured like this. Our PTL got ill and did not do properly his job for 
last 3 weeks, but this can happen anybody.


 It is up to you. If you think that we are useless for community, then 
remove us and we will have to continue outside of this community. 
However growing successful use cases will not be under official 
openstack community, which makes my feeling bad.


Thanks,

Jakub

On 21.9.2016 21:03, Doug Hellmann wrote:

Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:

On 2016/09/21 13:23, Doug Hellmann wrote:

The idea of splitting the contributor list comes up pretty regularly
and we rehash the same suggestions each time.  Given that what we
have now worked fine for 57 of the 59 offical teams (the Astara
team knew in advance it would not have a PTL running, and Piet had
some sort of technical issue submitting his candidacy for the UX
team), I'm not yet convinced that we need to make large-scale changes
to our community communication standard practices in support of the
2 remaining teams.

That's not to say that the system we have now is perfect, but we
can't realistically support multiple systems at the same time.  We
need everyone to use the same system, otherwise we have (even more)
fragmented communication. So, we either need everyone to agree to
some new system and then have people step forward to implement it,
or we need to all agree to do our best to use the system we have
in place now.

I think it may work as is (with proper mail filters), but as someone already
mentioned in this thread it would be better to have someone more experienced
in Openstack community projects as a core team member or PTL to catch all
these things otherwise it may happen that inexperienced PTL/team just miss
something like now.

If the team needs help, please ask for it. We should be able to find
someone to do a little mentoring and provide some guidance.


Still I don't think it's such a big issue to just fire project from Big Tent -
who will benefit from that? Again someone already mentioned what will it mean
for such team (loss of potencial developers, etc.).
Moreover for teams who are actively working on project as it seems that both
OpenStackSalt and Security teams do.

Signing up to be a part of the big tent is not free. Membership comes
with expectations and obligations. Failing to meet those may be an
indication that the team isn't ready, or that membership is not a good
fit.


And I thought that real work on a project is our primary goal.. this situation
is like loosing job when I left dirty coffee cup at my workspace.

I hope you consider team leadership and community participation to
be more important than your analogy implies.

Doug


Did your release liaison follow the instructions to make that happen?
http://git.openstack.org/cgit/openstack/releases/tree/README.rst

That seems to be the reason. There was new release planned with support for
containerized deployment which would follow that guide (as first releases were
done during/shortly after openstack-salt move to Big Tent).
As mentioned above - more experienced PTL would be helpful here and we are
currently talking with people who could fit that position.


I see no emails tagged with [salt] on the mailing list since March of this 
year, aside from this thread. Are you using a different communication channel 
for team coordination? You mention IRC, but how are new contributors expected 
to find you?

Yes, we are using openstack-salt channel and openstack meetings over
IRC. This channel is mentioned eg. in readme here [1] and community
meetings page [2] which are on weekly basis (logs [3]).

We also had a couple of people comming to team IRC talking to us about project
so I believe they can find the way to contact us even without our heavy
activity at openstack-dev (which should be better as I admitted).

That works great for folks in your timezones. It's less useful for
anyone who isn't around at the same time as you, which is one reason
our community emphasizes using email communications. Email gives
you asynchronous discussions for timezone coverage, allows folks
who are traveling or off work for a period to catch up on and
participate in discussions later, etc.


[1] https://github.com/openstack/openstack-salt
[2] https://wiki.openstack.org/wiki/Meetings/openstack-salt
[3] http://eavesdrop.openstack.org/meetings/openstack_salt/2016/


Of course I don't want to excuse our fault. In case it's not too late,
we will try to be more active in mailing lists like openstack-dev and
not miss such important 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Filip Pytloun's message of 2016-09-21 20:36:42 +0200:
> On 2016/09/21 13:23, Doug Hellmann wrote:
> > The idea of splitting the contributor list comes up pretty regularly
> > and we rehash the same suggestions each time.  Given that what we
> > have now worked fine for 57 of the 59 offical teams (the Astara
> > team knew in advance it would not have a PTL running, and Piet had
> > some sort of technical issue submitting his candidacy for the UX
> > team), I'm not yet convinced that we need to make large-scale changes
> > to our community communication standard practices in support of the
> > 2 remaining teams.
> > 
> > That's not to say that the system we have now is perfect, but we
> > can't realistically support multiple systems at the same time.  We
> > need everyone to use the same system, otherwise we have (even more)
> > fragmented communication. So, we either need everyone to agree to
> > some new system and then have people step forward to implement it,
> > or we need to all agree to do our best to use the system we have
> > in place now.
> 
> I think it may work as is (with proper mail filters), but as someone already
> mentioned in this thread it would be better to have someone more experienced
> in Openstack community projects as a core team member or PTL to catch all
> these things otherwise it may happen that inexperienced PTL/team just miss
> something like now.

If the team needs help, please ask for it. We should be able to find
someone to do a little mentoring and provide some guidance.

> Still I don't think it's such a big issue to just fire project from Big Tent -
> who will benefit from that? Again someone already mentioned what will it mean
> for such team (loss of potencial developers, etc.).
> Moreover for teams who are actively working on project as it seems that both
> OpenStackSalt and Security teams do.

Signing up to be a part of the big tent is not free. Membership comes
with expectations and obligations. Failing to meet those may be an
indication that the team isn't ready, or that membership is not a good
fit.

> And I thought that real work on a project is our primary goal.. this situation
> is like loosing job when I left dirty coffee cup at my workspace.

I hope you consider team leadership and community participation to
be more important than your analogy implies.

Doug

> 
> > Did your release liaison follow the instructions to make that happen?
> > http://git.openstack.org/cgit/openstack/releases/tree/README.rst
> 
> That seems to be the reason. There was new release planned with support for
> containerized deployment which would follow that guide (as first releases were
> done during/shortly after openstack-salt move to Big Tent).
> As mentioned above - more experienced PTL would be helpful here and we are
> currently talking with people who could fit that position.
> 
> > 
> > > 
> > > > I see no emails tagged with [salt] on the mailing list since March of 
> > > > this year, aside from this thread. Are you using a different 
> > > > communication channel for team coordination? You mention IRC, but how 
> > > > are new contributors expected to find you?
> > > 
> > > Yes, we are using openstack-salt channel and openstack meetings over
> > > IRC. This channel is mentioned eg. in readme here [1] and community
> > > meetings page [2] which are on weekly basis (logs [3]).
> > > 
> > > We also had a couple of people comming to team IRC talking to us about 
> > > project
> > > so I believe they can find the way to contact us even without our heavy
> > > activity at openstack-dev (which should be better as I admitted).
> > 
> > That works great for folks in your timezones. It's less useful for
> > anyone who isn't around at the same time as you, which is one reason
> > our community emphasizes using email communications. Email gives
> > you asynchronous discussions for timezone coverage, allows folks
> > who are traveling or off work for a period to catch up on and
> > participate in discussions later, etc.
> > 
> > > 
> > > [1] https://github.com/openstack/openstack-salt
> > > [2] https://wiki.openstack.org/wiki/Meetings/openstack-salt
> > > [3] http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> > > 
> > > > > 
> > > > > Of course I don't want to excuse our fault. In case it's not too late,
> > > > > we will try to be more active in mailing lists like openstack-dev and
> > > > > not miss such important events next time.
> > > > > 
> > > > > [1] http://stackalytics.com/?module=openstacksalt-group
> > > > > 
> > > > > -Filip
> > > > > 
> > > > > On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
> > > > > 
> > > > > wrote:
> > > > > 
> > > > >> Hi everyone,
> > > > >> 
> > > > >> As announced previously[1][2], there were no PTL candidates within 
> > > > >> the
> > > > >> election deadline for a number of official OpenStack project teams:
> > > > >> Astara, UX, OpenStackSalt and Security.
> > > > >> 
> > > > >> In the Astara 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Travis McPeak]

"So all this said, there are individuals interested in the PTL role to
ensure project teams have someone handling the logistics and coordination.
My issue however was that I was not yet eligible to be a candidate which
I'll remedy moving forward.

I'm still interested in serving as a PTL for a project that needs one. I
personally believe that in the case of Security, there needs to be a
dedicated team due to the nature and impact of security breaches that
directly influence the perception of OpenStack as a viable cloud solution
for enterprises looking (or re-looking) at it for the first time."

@Adam we'd certainly appreciate your help staying on top of

required activities, email, etc.  Surely a PTL should be

somebody who has at least been involved in the project?

-- 
-Travis
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Chivers, Doug's message of 2016-09-21 18:20:35 +:
> My concern is with the original wording “The suggested way forward there 
> would be to remove the "Security project team"”. 
> 
> This seems like a move to instantly reduce investment in OpenStack security, 
> because the majority of members of the Security Project are corporately 
> funded, which will be significantly impacted by the removal of the security 
> project. I have no knowledge over the difference between a working group and 
> a project, like everyone else on the project we are simply here to contribute 
> to OpenStack security, drive innovation in security, deliver documentation 
> like OSSNs, etc, rather than get involved in the politics of OpenStack.

I'm not sure why you consider ensuring that the team is well integrated
with the rest of the community to be "political." "Social," maybe?

> In response to the various questions of why no-one from our project noticed 
> that we didn’t have a nomination for the PTL, we assumed that was taken care 
> of. Realistically maybe two or three people on the security project have the 
> availability to be PTL, one being our current PTL, for all the rest of us its 
> simply not a concern until we need to vote.

I think that's exactly the point being made. If the team is not
actively maintaining its leadership and liaisons, so that other
teams know who the main contact points are and so the team knows
it is receiving important communication from other groups and
participating in the cycle cadence, then the group isn't really
meeting the expectations of being an official team within the
community. And if the team's members aren't interested in those
things, why continue to try to maintain the team status?  The
expectations are lower for a working group, with the trade-off that
contributions do not directly confer ATC status (though working on
other projects might).

> On a personal note, reading –dev is unfortunately a lower priority than 
> designing architectures, responding to customers and sales teams, closing 
> tickets, writing decks and on the afternoon or so I can spend each week, 
> working on my upstream projects (this week it was: 
> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team for 
> all their work). Possibly this is wrong, but I didn’t sign up as a 
> contributor to spend all my spare time reading mailing lists.
> 
> Regards
> 
> Doug
> 
> _
> Doug Chivers
> Chief Security Architect, Helion OpenStack
>  
> 
> On 21/09/2016, 18:26, "Doug Hellmann"  wrote:
> 
> Excerpts from Travis Mcpeak's message of 2016-09-21 16:23:55 +:
> > Ouch.  I'd be among the first to admit I don't keep up with dev ML
> > as I should.  Missing the PTL elections is certainly embarrassing
> > for us and it shouldn't be the community's job to baby-sit us and
> > make sure we're meeting our OpenStack deadlines.
> > 
> > That being said, relegating us to a working group seems like a
> > knee-jerk and drastic consequence to levy against a project as
> > vibrant as ours.
> 
> Why is being a working group seen as less desirable? In what way do you
> consider working groups "less"?
> 
> > 
> > In a previous response Rob has highlighted many of our recent
> > accomplishments, so I won't revisit that here. 
> > 
> > What I do want to mention is the work Rob himself has done to
> > coordinate and secure funding for our fifth consecutive mid-cycle 
> > (and each prior to that).  He has worked consistently to build support 
> > for our initiatives, both within and outside of OpenStack. 
> > 
> > Since assuming the PTL role none of our active members have been
> > inclined to run against him.
> > 
> > So yes, he's dropped the ball on reading the ML (I have too).  If
> > allowed to keep our project status we'll ensure that these mistakes
> > don't happen in the future.
> > 
> > Taking away our project status because "we act like a working group"
> > is an unfair categorization and, in my opinion, a severe reaction to a
> > relatively minor infraction.
> > 
> > -Travis McPeak
> > 
> > 
> > 
> > From:   openstack-dev-requ...@lists.openstack.org
> > To: openstack-dev@lists.openstack.org
> > Date:   09/21/2016 05:04 AM
> > Subject:OpenStack-dev Digest, Vol 53, Issue 51
> > 
> > 
> > 
> > Send OpenStack-dev mailing list submissions to
> >  openstack-dev@lists.openstack.org
> > 
> > To subscribe or unsubscribe via the World Wide Web, visit
> >  
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > or, via email, send a message with subject or body 'help' to
> >  openstack-dev-requ...@lists.openstack.org
> > 
> > You can reach the person 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Dave Walker]

On 21 September 2016 at 19:20, Chivers, Doug  wrote:

> My concern is with the original wording “The suggested way forward there
> would be to remove the "Security project team"”.
>
> This seems like a move to instantly reduce investment in OpenStack
> security, because the majority of members of the Security Project are
> corporately funded, which will be significantly impacted by the removal of
> the security project. I have no knowledge over the difference between a
> working group and a project, like everyone else on the project we are
> simply here to contribute to OpenStack security, drive innovation in
> security, deliver documentation like OSSNs, etc, rather than get involved
> in the politics of OpenStack.
>
> In response to the various questions of why no-one from our project
> noticed that we didn’t have a nomination for the PTL, we assumed that was
> taken care of. Realistically maybe two or three people on the security
> project have the availability to be PTL, one being our current PTL, for all
> the rest of us its simply not a concern until we need to vote.
>
> On a personal note, reading –dev is unfortunately a lower priority than
> designing architectures, responding to customers and sales teams, closing
> tickets, writing decks and on the afternoon or so I can spend each week,
> working on my upstream projects (this week it was:
> https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team
> for all their work). Possibly this is wrong, but I didn’t sign up as a
> contributor to spend all my spare time reading mailing lists.
>
>


Honestly, I can only echo this.  I've been around the OSSP(G) since 2013,
but only really been active in the last 18 months or so.  It's been pretty
clear that when Security moved from a Group to a Project, investment
towards security grew dramatically.

The meetings are well run with real objectives achieved with members
focused on constant outreach to other projects.  For reference, the email
that started this thread was picked up and discussed by some members of the
OSSP within *minutes* of it being sent... and those people were pretty
outraged.

I'm sure it wasn't intended, but the original email could be read as quite
insulting.. "That points to a real disconnect between those teams and the
rest of the community".  I think this is an unfair statement based on
minimal observation of a point of order.

The OSSP spends a significant amount of its time on outreach, which is the
whole underlying principle of the project.  This can be seen with efforts
such as bandit gate coverage, Threat Analysis and OSSN's.

Further, reducing the summit timetable for Security and "have Security be
just a workgroup".. really sends the wrong message about Security being a
first class citizen in OpenStack.

OSSP ticks all the 4 opens, and stating that "The leadership is chosen by
the contributors to the project".. it is convention that a nomination email
is sent to -dev, but that shouldn't be assumed that the contributors have
not considered their leader.

I think people working on the OSSP assumed it would be Rob again, and were
happy with this.  It isn't because of lack of community engagement or
interest IMO.

So.. other than someone failing to nominate for PTL in the time-frame, what
else justifies the statement of "points[ing] to a real disconnect between
those teams and the rest of the community".. or shows that OSSG no longer
meets the 4 opens?

--
Kind Regards,
Dave Walker
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Filip Pytloun]

On 2016/09/21 13:23, Doug Hellmann wrote:
> The idea of splitting the contributor list comes up pretty regularly
> and we rehash the same suggestions each time.  Given that what we
> have now worked fine for 57 of the 59 offical teams (the Astara
> team knew in advance it would not have a PTL running, and Piet had
> some sort of technical issue submitting his candidacy for the UX
> team), I'm not yet convinced that we need to make large-scale changes
> to our community communication standard practices in support of the
> 2 remaining teams.
> 
> That's not to say that the system we have now is perfect, but we
> can't realistically support multiple systems at the same time.  We
> need everyone to use the same system, otherwise we have (even more)
> fragmented communication. So, we either need everyone to agree to
> some new system and then have people step forward to implement it,
> or we need to all agree to do our best to use the system we have
> in place now.

I think it may work as is (with proper mail filters), but as someone already
mentioned in this thread it would be better to have someone more experienced
in Openstack community projects as a core team member or PTL to catch all
these things otherwise it may happen that inexperienced PTL/team just miss
something like now.

Still I don't think it's such a big issue to just fire project from Big Tent -
who will benefit from that? Again someone already mentioned what will it mean
for such team (loss of potencial developers, etc.).
Moreover for teams who are actively working on project as it seems that both
OpenStackSalt and Security teams do.

And I thought that real work on a project is our primary goal.. this situation
is like loosing job when I left dirty coffee cup at my workspace.

> Did your release liaison follow the instructions to make that happen?
> http://git.openstack.org/cgit/openstack/releases/tree/README.rst

That seems to be the reason. There was new release planned with support for
containerized deployment which would follow that guide (as first releases were
done during/shortly after openstack-salt move to Big Tent).
As mentioned above - more experienced PTL would be helpful here and we are
currently talking with people who could fit that position.

> 
> > 
> > > I see no emails tagged with [salt] on the mailing list since March of 
> > > this year, aside from this thread. Are you using a different 
> > > communication channel for team coordination? You mention IRC, but how are 
> > > new contributors expected to find you?
> > 
> > Yes, we are using openstack-salt channel and openstack meetings over
> > IRC. This channel is mentioned eg. in readme here [1] and community
> > meetings page [2] which are on weekly basis (logs [3]).
> > 
> > We also had a couple of people comming to team IRC talking to us about 
> > project
> > so I believe they can find the way to contact us even without our heavy
> > activity at openstack-dev (which should be better as I admitted).
> 
> That works great for folks in your timezones. It's less useful for
> anyone who isn't around at the same time as you, which is one reason
> our community emphasizes using email communications. Email gives
> you asynchronous discussions for timezone coverage, allows folks
> who are traveling or off work for a period to catch up on and
> participate in discussions later, etc.
> 
> > 
> > [1] https://github.com/openstack/openstack-salt
> > [2] https://wiki.openstack.org/wiki/Meetings/openstack-salt
> > [3] http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> > 
> > > > 
> > > > Of course I don't want to excuse our fault. In case it's not too late,
> > > > we will try to be more active in mailing lists like openstack-dev and
> > > > not miss such important events next time.
> > > > 
> > > > [1] http://stackalytics.com/?module=openstacksalt-group
> > > > 
> > > > -Filip
> > > > 
> > > > On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
> > > > wrote:
> > > > 
> > > >> Hi everyone,
> > > >> 
> > > >> As announced previously[1][2], there were no PTL candidates within the
> > > >> election deadline for a number of official OpenStack project teams:
> > > >> Astara, UX, OpenStackSalt and Security.
> > > >> 
> > > >> In the Astara case, the current team working on it would like to 
> > > >> abandon
> > > >> the project (and let it be available for any new team who wishes to 
> > > >> take
> > > >> it away). A change should be proposed really soon now to go in that
> > > >> direction.
> > > >> 
> > > >> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
> > > >> explained his error and asked to be considered for the position for
> > > >> Ocata. The TC will officialize his nomination at the next meeting,
> > > >> together with the newly elected PTLs.
> > > >> 
> > > >> That leaves us with OpenStackSalt and Security, where nobody reacted to
> > > >> the announcement that we are missing PTL candidates. That points to a
> > > >> real 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Chivers, Doug]

My concern is with the original wording “The suggested way forward there would 
be to remove the "Security project team"”. 

This seems like a move to instantly reduce investment in OpenStack security, 
because the majority of members of the Security Project are corporately funded, 
which will be significantly impacted by the removal of the security project. I 
have no knowledge over the difference between a working group and a project, 
like everyone else on the project we are simply here to contribute to OpenStack 
security, drive innovation in security, deliver documentation like OSSNs, etc, 
rather than get involved in the politics of OpenStack.

In response to the various questions of why no-one from our project noticed 
that we didn’t have a nomination for the PTL, we assumed that was taken care 
of. Realistically maybe two or three people on the security project have the 
availability to be PTL, one being our current PTL, for all the rest of us its 
simply not a concern until we need to vote.

On a personal note, reading –dev is unfortunately a lower priority than 
designing architectures, responding to customers and sales teams, closing 
tickets, writing decks and on the afternoon or so I can spend each week, 
working on my upstream projects (this week it was: 
https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team for all 
their work). Possibly this is wrong, but I didn’t sign up as a contributor to 
spend all my spare time reading mailing lists.

Regards

Doug

_
Doug Chivers
Chief Security Architect, Helion OpenStack
 

On 21/09/2016, 18:26, "Doug Hellmann"  wrote:

Excerpts from Travis Mcpeak's message of 2016-09-21 16:23:55 +:
> Ouch.  I'd be among the first to admit I don't keep up with dev ML
> as I should.  Missing the PTL elections is certainly embarrassing
> for us and it shouldn't be the community's job to baby-sit us and
> make sure we're meeting our OpenStack deadlines.
> 
> That being said, relegating us to a working group seems like a
> knee-jerk and drastic consequence to levy against a project as
> vibrant as ours.

Why is being a working group seen as less desirable? In what way do you
consider working groups "less"?

> 
> In a previous response Rob has highlighted many of our recent
> accomplishments, so I won't revisit that here. 
> 
> What I do want to mention is the work Rob himself has done to
> coordinate and secure funding for our fifth consecutive mid-cycle 
> (and each prior to that).  He has worked consistently to build support 
> for our initiatives, both within and outside of OpenStack. 
> 
> Since assuming the PTL role none of our active members have been
> inclined to run against him.
> 
> So yes, he's dropped the ball on reading the ML (I have too).  If
> allowed to keep our project status we'll ensure that these mistakes
> don't happen in the future.
> 
> Taking away our project status because "we act like a working group"
> is an unfair categorization and, in my opinion, a severe reaction to a
> relatively minor infraction.
> 
> -Travis McPeak
> 
> 
> 
> From:   openstack-dev-requ...@lists.openstack.org
> To: openstack-dev@lists.openstack.org
> Date:   09/21/2016 05:04 AM
> Subject:OpenStack-dev Digest, Vol 53, Issue 51
> 
> 
> 
> Send OpenStack-dev mailing list submissions to
>  openstack-dev@lists.openstack.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>  
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> or, via email, send a message with subject or body 'help' to
>  openstack-dev-requ...@lists.openstack.org
> 
> You can reach the person managing the list at
>  openstack-dev-ow...@lists.openstack.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OpenStack-dev digest..."
> 
> 
> Today's Topics:
> 
>1. Re: [cinder][sahara] LVM vs BDD drivers performance tests
>   results (Micha? Dulko)
>2.  [manila] Enable IPv6 in Manila Ocata (jun zhong)
>3. [vitrage] Barcelona design sessions (Afek, Ifat (Nokia - IL))
>4.  [Kuryr] Kuryr IPVlan Code PoC (Daly, Louise M)
>5. Re: [Neutron] Adding ihrachys to the neutron-drivers team
>   (Rossella Sblendido)
>6. Re: [tripleo] Setting kernel args to overcloud nodes
>   (Saravanan KR)
>7. Re: [tripleo] [puppet] Preparing TripleO agenda for Barcelona
>   - action needed (Giulio Fidente)
>8. [security] [salt] Removal of Security and OpenStackSalt
>   project teams from the Big Tent (Thierry Carrez)
>9. Re: [tc]a chance to meet all TCs for 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Filip Pytloun's message of 2016-09-21 17:43:46 +0200:
> Hello,
> 
> > With 59 separate teams, even emailing the PTLs directly is becoming 
> > impractical. I can’t imagine trying to email all of the core members 
> > directly.
> > 
> > A separate mailing list just for “important announcements” would need 
> > someone to decide what is “important”. It would also need everyone to be 
> > subscribed, or we would have to cross-post to the existing list. That’s why 
> > we use topic tags on the mailing list, so that it is possible to filter 
> > messages based on what is important to the reader, rather than the sender.
> 
> So maybe call it openstack-organization or openstack-teams or something
> to focus on organizational topics.
> Using tags and filters is also a way but may not be suitable for
> everyone.

The idea of splitting the contributor list comes up pretty regularly
and we rehash the same suggestions each time.  Given that what we
have now worked fine for 57 of the 59 offical teams (the Astara
team knew in advance it would not have a PTL running, and Piet had
some sort of technical issue submitting his candidacy for the UX
team), I'm not yet convinced that we need to make large-scale changes
to our community communication standard practices in support of the
2 remaining teams.

That's not to say that the system we have now is perfect, but we
can't realistically support multiple systems at the same time.  We
need everyone to use the same system, otherwise we have (even more)
fragmented communication. So, we either need everyone to agree to
some new system and then have people step forward to implement it,
or we need to all agree to do our best to use the system we have
in place now.

> 
> > I don’t see any releases listed on 
> > https://releases.openstack.org/independent.html either. Are you tagging 
> > releases, yet?
> 
> Yes, we've done a few releases, see eg. openstack/salt-formula-nova
> releases here: https://github.com/openstack/salt-formula-nova/releases
> 
> I don't know why it's not listed on releases.openstack.org page.

Did your release liaison follow the instructions to make that happen?
http://git.openstack.org/cgit/openstack/releases/tree/README.rst

> 
> > I see no emails tagged with [salt] on the mailing list since March of this 
> > year, aside from this thread. Are you using a different communication 
> > channel for team coordination? You mention IRC, but how are new 
> > contributors expected to find you?
> 
> Yes, we are using openstack-salt channel and openstack meetings over
> IRC. This channel is mentioned eg. in readme here [1] and community
> meetings page [2] which are on weekly basis (logs [3]).
> 
> We also had a couple of people comming to team IRC talking to us about project
> so I believe they can find the way to contact us even without our heavy
> activity at openstack-dev (which should be better as I admitted).

That works great for folks in your timezones. It's less useful for
anyone who isn't around at the same time as you, which is one reason
our community emphasizes using email communications. Email gives
you asynchronous discussions for timezone coverage, allows folks
who are traveling or off work for a period to catch up on and
participate in discussions later, etc.

> 
> [1] https://github.com/openstack/openstack-salt
> [2] https://wiki.openstack.org/wiki/Meetings/openstack-salt
> [3] http://eavesdrop.openstack.org/meetings/openstack_salt/2016/
> 
> > > 
> > > Of course I don't want to excuse our fault. In case it's not too late,
> > > we will try to be more active in mailing lists like openstack-dev and
> > > not miss such important events next time.
> > > 
> > > [1] http://stackalytics.com/?module=openstacksalt-group
> > > 
> > > -Filip
> > > 
> > > On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
> > > wrote:
> > > 
> > >> Hi everyone,
> > >> 
> > >> As announced previously[1][2], there were no PTL candidates within the
> > >> election deadline for a number of official OpenStack project teams:
> > >> Astara, UX, OpenStackSalt and Security.
> > >> 
> > >> In the Astara case, the current team working on it would like to abandon
> > >> the project (and let it be available for any new team who wishes to take
> > >> it away). A change should be proposed really soon now to go in that
> > >> direction.
> > >> 
> > >> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
> > >> explained his error and asked to be considered for the position for
> > >> Ocata. The TC will officialize his nomination at the next meeting,
> > >> together with the newly elected PTLs.
> > >> 
> > >> That leaves us with OpenStackSalt and Security, where nobody reacted to
> > >> the announcement that we are missing PTL candidates. That points to a
> > >> real disconnect between those teams and the rest of the community. Even
> > >> if you didn't have the election schedule in mind, it was pretty hard to
> > >> miss all the PTL 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Morgan Fainberg]

On Sep 21, 2016 09:37, "Adam Lawson"  wrote:
>
> But something else struck me, the velocity and sheer NUMBER of emails
that must be filtered to find and extract these key announcements is tricky
so I don't fault anyone for missing the needle in the haystack. Important
needle no doubt but I wonder if there are more efficient ways to ensure
important info is highlighted.
>
> My knee jerk idea is a way for individuals to subscribe to certain topics
that come into their inbox. I don't have a good way within Gmail to
sub-filter these which has been a historical problem for me in terms of
awareness of following hot topics.
>
> //adam
>
>
> Adam Lawson
>
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW ext. 101
> International: +1 302-387-4660
> Direct: +1 916-246-2072
>
> On Wed, Sep 21, 2016 at 9:28 AM, Adam Lawson  wrote:
>>
>> You know something that struck me, I noticed there were several teams
last cycle that did not elect a PTL so this round I was watching to see if
any teams did not have a PTL elected and presumed it was because of many of
the reasons surfaced in previous emails in this thread including being
heads down, watching other channels and potentially insufficient numbers of
individuals interested in the PTL role.
>>
>> So I waited and noticed Astara, Security and a handful of other projects
did not have a PTL elected so I picked Astara because I am an OpenStack
architect who specializes in SDN, security and distributed storage and
applied. Of course I missed the deadline by about 2 hours but Security was
another project I was interested in.
>>
>> So all this said, there are individuals interested in the PTL role to
ensure project teams have someone handling the logistics and coordination.
My issue however was that I was not yet eligible to be a candidate which
I'll remedy moving forward.
>>
>> I'm still interested in serving as a PTL for a project that needs one. I
personally believe that in the case of Security, there needs to be a
dedicated team due to the nature and impact of security breaches that
directly influence the perception of OpenStack as a viable cloud solution
for enterprises looking (or re-looking) at it for the first time.
>>
>> I'm not a full-time developer but an architect so I am planning to open
a new discussion about how PTL candidates are currently being qualified.
Again, different thread.
>>
>> For this thread, if there is a concern about PTL interest - it's there
and I would be open to helping the team in this regard if it helps keep the
team activity in the OpenStack marquee.
>>
>> //adam
>>
>>
>> Adam Lawson
>>
>> AQORN, Inc.
>> 427 North Tatnall Street
>> Ste. 58461
>> Wilmington, Delaware 19801-2230
>> Toll-free: (844) 4-AQORN-NOW ext. 101
>> International: +1 302-387-4660
>> Direct: +1 916-246-2072
>>
>> On Wed, Sep 21, 2016 at 8:56 AM, Clint Byrum  wrote:
>>>
>>> Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:
>>> > Hello,
>>> >
>>> > it's definately our bad that we missed elections in OpenStackSalt
>>> > project. Reason is similar to Rob's - we are active on different
>>> > channels (mostly IRC as we keep regular meetings) and don't used to
>>> > reading mailing lists with lots of generic topics (it would be good to
>>> > have separate mailing list for such calls and critical topics or
>>> > individual mails to project's core members).
>>> >
>>> > Our project is very active [1], trying to do things the Openstack way
>>> > and I think it would be a pitty to remove it from Big Tent just
because
>>> > we missed mail and therefore our first PTL election.
>>> >
>>> > Of course I don't want to excuse our fault. In case it's not too late,
>>> > we will try to be more active in mailing lists like openstack-dev and
>>> > not miss such important events next time.
>>> >
>>> > [1] http://stackalytics.com/?module=openstacksalt-group
>>> >
>>>
>>> Seems like we need a bit added to this process which makes sure big tent
>>> projects have their primary IRC channel identified, and a list of core
>>> reviewer and meeting chair IRC nicks to ping when something urgent comes
>>> up. This isn't just useful for elections, but is probably something the
>>> VMT would appreciate as well, and likely anyone else who has an urgent
>>> need to make contact with a team.
>>>
>>> I think it might also be useful if we could make the meeting bot remind
>>> teams of any pending actions they need to take such as elections upon
>>> #startmeeting.
>>>
>>> Seems like all of that could be automated.
>>>
>>>
__
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Charles Neill]

Agreed entirely with Travis's points. I think it was a given to anyone within 
the OSSP that Rob would be our PTL going forward. I recognize that the 
community needs feedback to make these decisions, but I am in our IRC channel 5 
days a week, at least 8 hours a day, and I have never seen any attempt to reach 
out to us in that medium. I wouldn't call it babysitting to make some 
reasonable attempt to meet us where we are instead of moralizing on the mailing 
list when we don't respond to OTHER postings on the same mailing list.

I believe kicking OSSP out of the big tent will have these results:

  *   The 5 individuals we have working full-time on Syntribos 
(http://stackalytics.com/?module=syntribos / 
https://github.com/openstack/syntribos) as part of OSIC may not be able to 
continue our arrangement if this project is not in the big tent. I can't speak 
for OSIC leadership on this point, but it is certainly a risk
  *   The OSSP has been losing members recently for various reasons not related 
to OpenStack politics. Removing us from the big tent will only accelerate this
  *   Projects like Bandit, Syntribos, and Anchor will atrophy without 
dedicated developer attention, representing a HUGE waste of developer resources 
and potential positive operator impact
  *   It will take longer to wrap up OSSA/OSSN/Threat Analysis for OpenStack 
projects if only the 4 members of the VMT are involved/invested
 *   I want to be clear: the VMT does very important work, and they are 
incredibly responsive for such a small team. Nonetheless, the numbers don't 
lie. We have more people working on one tool (Syntribos) than the entire group 
responsible for vulnerability management throughout all of OpenStack. 
Thankfully, we don't ONLY work on Syntribos - we attended the midcycle where we 
helped on OSSNs and the threat analysis for Barbican.

I would understand this reaction if we were a completely barren group that 
hadn't made any contributions to OpenStack in months, but to the contrary, we 
have been very active on a number of projects. In fact, my team (Syntribos) is 
testing OpenStack projects for security vulnerabilities at this very moment, 
and we have reported several recently.

I think this speaks just as much to a disconnect by the OpenStack community 
from our project, and I would turn your accusation of inactivity back on you. 
If you're completely unaware of the work we're doing, and unwilling to join our 
very active IRC channel to get in touch with us, is it not a bit hypocritical 
to accuse us of negligence for not consuming the entire firehose of the 
OpenStack Dev list?

Sincerely,
Charles Neill

From: Travis Mcpeak >
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
>
Date: Wednesday, September 21, 2016 at 11:23
To: 
"openstack-dev@lists.openstack.org" 
>
Subject: Re: [openstack-dev] [security] [salt] Removal of Security and 
OpenStackSalt project teams from the Big Tent

Ouch.  I'd be among the first to admit I don't keep up with dev ML
as I should.  Missing the PTL elections is certainly embarrassing
for us and it shouldn't be the community's job to baby-sit us and
make sure we're meeting our OpenStack deadlines.

That being said, relegating us to a working group seems like a
knee-jerk and drastic consequence to levy against a project as
vibrant as ours.

In a previous response Rob has highlighted many of our recent
accomplishments, so I won't revisit that here.

What I do want to mention is the work Rob himself has done to
coordinate and secure funding for our fifth consecutive mid-cycle
(and each prior to that).  He has worked consistently to build support
for our initiatives, both within and outside of OpenStack.

Since assuming the PTL role none of our active members have been
inclined to run against him.

So yes, he's dropped the ball on reading the ML (I have too).  If
allowed to keep our project status we'll ensure that these mistakes
don't happen in the future.

Taking away our project status because "we act like a working group"
is an unfair categorization and, in my opinion, a severe reaction to a
relatively minor infraction.

-Travis McPeak



From:
openstack-dev-requ...@lists.openstack.org
To:
openstack-dev@lists.openstack.org
Date:09/21/2016 05:04 AM
Subject:OpenStack-dev Digest, Vol 53, Issue 51




Send OpenStack-dev mailing list submissions to

openstack-dev@lists.openstack.org

To subscribe or unsubscribe via the World Wide Web, visit

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Clint Byrum's message of 2016-09-21 08:56:24 -0700:
> Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:
> > Hello,
> > 
> > it's definately our bad that we missed elections in OpenStackSalt
> > project. Reason is similar to Rob's - we are active on different
> > channels (mostly IRC as we keep regular meetings) and don't used to
> > reading mailing lists with lots of generic topics (it would be good to
> > have separate mailing list for such calls and critical topics or
> > individual mails to project's core members).
> > 
> > Our project is very active [1], trying to do things the Openstack way
> > and I think it would be a pitty to remove it from Big Tent just because
> > we missed mail and therefore our first PTL election.
> > 
> > Of course I don't want to excuse our fault. In case it's not too late,
> > we will try to be more active in mailing lists like openstack-dev and
> > not miss such important events next time.
> > 
> > [1] http://stackalytics.com/?module=openstacksalt-group
> > 
> 
> Seems like we need a bit added to this process which makes sure big tent
> projects have their primary IRC channel identified, and a list of core
> reviewer and meeting chair IRC nicks to ping when something urgent comes
> up. This isn't just useful for elections, but is probably something the
> VMT would appreciate as well, and likely anyone else who has an urgent
> need to make contact with a team.

IRC channels are listed on team pages on governance.o.o. For example:
http://governance.openstack.org/reference/projects/openstacksalt.html

Core reviewers are accessible through gerrit. For example,
https://review.openstack.org/#/admin/projects/openstack/openstack-salt,access
leads to https://review.openstack.org/#/admin/groups/1268,members

Meeting chair nicks are available on eavesdrop.o.o. For example,
http://eavesdrop.openstack.org/#OpenStack_Salt_Team_Meeting

It might make sense to automate pulling that information together into a
single page somewhere, maybe the team page on governance.o.o.

The larger point is that the community expects teams to be paying
attention to the cycle schedule and taking care of the actions expected
without being individually asked to do so.

> I think it might also be useful if we could make the meeting bot remind
> teams of any pending actions they need to take such as elections upon
> #startmeeting.

I could see that being useful, yes.

> Seems like all of that could be automated.
> 

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Adam Lawson]

You know something that struck me, I noticed there were several teams last
cycle that did not elect a PTL so this round I was watching to see if any
teams did not have a PTL elected and presumed it was because of many of the
reasons surfaced in previous emails in this thread including being heads
down, watching other channels and potentially insufficient numbers of
individuals interested in the PTL role.

So I waited and noticed Astara, Security and a handful of other projects
did not have a PTL elected so I picked Astara because I am an OpenStack
architect who specializes in SDN, security and distributed storage and
applied. Of course I missed the deadline by about 2 hours but Security was
another project I was interested in.

So all this said, there are individuals interested in the PTL role to
ensure project teams have someone handling the logistics and coordination.
My issue however was that I was not yet eligible to be a candidate which
I'll remedy moving forward.

I'm still interested in serving as a PTL for a project that needs one. I
personally believe that in the case of Security, there needs to be a
dedicated team due to the nature and impact of security breaches that
directly influence the perception of OpenStack as a viable cloud solution
for enterprises looking (or re-looking) at it for the first time.

I'm not a full-time developer but an architect so I am planning to open a
new discussion about how PTL candidates are currently being qualified.
Again, different thread.

For this thread, if there is a concern about PTL interest - it's there and
I would be open to helping the team in this regard if it helps keep the
team activity in the OpenStack marquee.

//adam


*Adam Lawson*

AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072

On Wed, Sep 21, 2016 at 8:56 AM, Clint Byrum  wrote:

> Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:
> > Hello,
> >
> > it's definately our bad that we missed elections in OpenStackSalt
> > project. Reason is similar to Rob's - we are active on different
> > channels (mostly IRC as we keep regular meetings) and don't used to
> > reading mailing lists with lots of generic topics (it would be good to
> > have separate mailing list for such calls and critical topics or
> > individual mails to project's core members).
> >
> > Our project is very active [1], trying to do things the Openstack way
> > and I think it would be a pitty to remove it from Big Tent just because
> > we missed mail and therefore our first PTL election.
> >
> > Of course I don't want to excuse our fault. In case it's not too late,
> > we will try to be more active in mailing lists like openstack-dev and
> > not miss such important events next time.
> >
> > [1] http://stackalytics.com/?module=openstacksalt-group
> >
>
> Seems like we need a bit added to this process which makes sure big tent
> projects have their primary IRC channel identified, and a list of core
> reviewer and meeting chair IRC nicks to ping when something urgent comes
> up. This isn't just useful for elections, but is probably something the
> VMT would appreciate as well, and likely anyone else who has an urgent
> need to make contact with a team.
>
> I think it might also be useful if we could make the meeting bot remind
> teams of any pending actions they need to take such as elections upon
> #startmeeting.
>
> Seems like all of that could be automated.
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Adam Lawson]

But something else struck me, the velocity and sheer NUMBER of emails that
must be filtered to find and extract these key announcements is tricky so I
don't fault anyone for missing the needle in the haystack. Important needle
no doubt but I wonder if there are more efficient ways to ensure important
info is highlighted.

My knee jerk idea is a way for individuals to subscribe to certain topics
that come into their inbox. I don't have a good way within Gmail to
sub-filter these which has been a historical problem for me in terms of
awareness of following hot topics.

//adam


*Adam Lawson*

AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072

On Wed, Sep 21, 2016 at 9:28 AM, Adam Lawson  wrote:

> You know something that struck me, I noticed there were several teams last
> cycle that did not elect a PTL so this round I was watching to see if any
> teams did not have a PTL elected and presumed it was because of many of the
> reasons surfaced in previous emails in this thread including being heads
> down, watching other channels and potentially insufficient numbers of
> individuals interested in the PTL role.
>
> So I waited and noticed Astara, Security and a handful of other projects
> did not have a PTL elected so I picked Astara because I am an OpenStack
> architect who specializes in SDN, security and distributed storage and
> applied. Of course I missed the deadline by about 2 hours but Security was
> another project I was interested in.
>
> So all this said, there are individuals interested in the PTL role to
> ensure project teams have someone handling the logistics and coordination.
> My issue however was that I was not yet eligible to be a candidate which
> I'll remedy moving forward.
>
> I'm still interested in serving as a PTL for a project that needs one. I
> personally believe that in the case of Security, there needs to be a
> dedicated team due to the nature and impact of security breaches that
> directly influence the perception of OpenStack as a viable cloud solution
> for enterprises looking (or re-looking) at it for the first time.
>
> I'm not a full-time developer but an architect so I am planning to open a
> new discussion about how PTL candidates are currently being qualified.
> Again, different thread.
>
> For this thread, if there is a concern about PTL interest - it's there and
> I would be open to helping the team in this regard if it helps keep the
> team activity in the OpenStack marquee.
>
> //adam
>
>
> *Adam Lawson*
>
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW ext. 101
> International: +1 302-387-4660
> Direct: +1 916-246-2072
>
> On Wed, Sep 21, 2016 at 8:56 AM, Clint Byrum  wrote:
>
>> Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:
>> > Hello,
>> >
>> > it's definately our bad that we missed elections in OpenStackSalt
>> > project. Reason is similar to Rob's - we are active on different
>> > channels (mostly IRC as we keep regular meetings) and don't used to
>> > reading mailing lists with lots of generic topics (it would be good to
>> > have separate mailing list for such calls and critical topics or
>> > individual mails to project's core members).
>> >
>> > Our project is very active [1], trying to do things the Openstack way
>> > and I think it would be a pitty to remove it from Big Tent just because
>> > we missed mail and therefore our first PTL election.
>> >
>> > Of course I don't want to excuse our fault. In case it's not too late,
>> > we will try to be more active in mailing lists like openstack-dev and
>> > not miss such important events next time.
>> >
>> > [1] http://stackalytics.com/?module=openstacksalt-group
>> >
>>
>> Seems like we need a bit added to this process which makes sure big tent
>> projects have their primary IRC channel identified, and a list of core
>> reviewer and meeting chair IRC nicks to ping when something urgent comes
>> up. This isn't just useful for elections, but is probably something the
>> VMT would appreciate as well, and likely anyone else who has an urgent
>> need to make contact with a team.
>>
>> I think it might also be useful if we could make the meeting bot remind
>> teams of any pending actions they need to take such as elections upon
>> #startmeeting.
>>
>> Seems like all of that could be automated.
>>
>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Travis Mcpeak]

Ouch.  I'd be among the first to admit I don't keep up with dev ML
as I should.  Missing the PTL elections is certainly embarrassing
for us and it shouldn't be the community's job to baby-sit us and
make sure we're meeting our OpenStack deadlines.

That being said, relegating us to a working group seems like a
knee-jerk and drastic consequence to levy against a project as
vibrant as ours.

In a previous response Rob has highlighted many of our recent
accomplishments, so I won't revisit that here. 

What I do want to mention is the work Rob himself has done to
coordinate and secure funding for our fifth consecutive mid-cycle 
(and each prior to that).  He has worked consistently to build support 
for our initiatives, both within and outside of OpenStack. 

Since assuming the PTL role none of our active members have been
inclined to run against him.

So yes, he's dropped the ball on reading the ML (I have too).  If
allowed to keep our project status we'll ensure that these mistakes
don't happen in the future.

Taking away our project status because "we act like a working group"
is an unfair categorization and, in my opinion, a severe reaction to a
relatively minor infraction.

-Travis McPeak



From:   openstack-dev-requ...@lists.openstack.org
To: openstack-dev@lists.openstack.org
Date:   09/21/2016 05:04 AM
Subject:OpenStack-dev Digest, Vol 53, Issue 51



Send OpenStack-dev mailing list submissions to
 openstack-dev@lists.openstack.org

To subscribe or unsubscribe via the World Wide Web, visit
 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
or, via email, send a message with subject or body 'help' to
 openstack-dev-requ...@lists.openstack.org

You can reach the person managing the list at
 openstack-dev-ow...@lists.openstack.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OpenStack-dev digest..."


Today's Topics:

   1. Re: [cinder][sahara] LVM vs BDD drivers performance tests
  results (Micha? Dulko)
   2.  [manila] Enable IPv6 in Manila Ocata (jun zhong)
   3. [vitrage] Barcelona design sessions (Afek, Ifat (Nokia - IL))
   4.  [Kuryr] Kuryr IPVlan Code PoC (Daly, Louise M)
   5. Re: [Neutron] Adding ihrachys to the neutron-drivers team
  (Rossella Sblendido)
   6. Re: [tripleo] Setting kernel args to overcloud nodes
  (Saravanan KR)
   7. Re: [tripleo] [puppet] Preparing TripleO agenda for Barcelona
  - action needed (Giulio Fidente)
   8. [security] [salt] Removal of Security and OpenStackSalt
  project teams from the Big Tent (Thierry Carrez)
   9. Re: [tc]a chance to meet all TCs for Tricircle big-tent
  application in Barcelona summit? (Mike Perez)
  10. Re: [stackalytics] [deb] [packaging] OpenStack contribution
  stats skewed by deb-* projects (Thierry Carrez)
  11. [ptl] code churn and questionable changes (Amrith Kumar)


--

Message: 1
Date: Wed, 21 Sep 2016 09:57:43 +0200
From: Micha? Dulko 
To: "OpenStack Development Mailing List (not for usage questions)"
 
Subject: Re: [openstack-dev] [cinder][sahara] LVM vs BDD drivers
 performance tests results
Message-ID: 
Content-Type: text/plain; charset=UTF-8

On 09/20/2016 05:48 PM, John Griffith wrote:
> On Tue, Sep 20, 2016 at 9:06 AM, Duncan Thomas
> > wrote:
>
> On 20 September 2016 at 16:24, Nikita Konovalov
> > wrote:
>
> Hi,
>
> From Sahara (and Hadoop workload in general) use-case the
> reason we used BDD was a complete absence of any overhead on
> compute resources utilization. 
>
> The results show that the LVM+Local target perform pretty
> close to BDD in synthetic tests. It's a good sign for LVM. It
> actually shows that most of the storage virtualization
> overhead is not caused by LVM partitions and drivers
> themselves but rather by the iSCSI daemons.
>
> So I would still like to have the ability to attach partitions
> locally bypassing the iSCSI to guarantee 2 things:
> * Make sure that lio processes do not compete for CPU and RAM
> with VMs running on the same host.
> * Make sure that CPU intensive VMs (or whatever else is
> running nearby) are not blocking the storage.
>
>
> So these are, unless we see the effects via benchmarks, completely
> meaningless requirements. Ivan's initial benchmarks suggest
> that LVM+LIO is pretty much close enough to BDD even with iSCSI
> involved. If you're aware of a case where it isn't, the first
> thing to do is to provide proof via a reproducible benchmark.
> 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Filip Pytloun]

Hello,

> With 59 separate teams, even emailing the PTLs directly is becoming 
> impractical. I can’t imagine trying to email all of the core members directly.
> 
> A separate mailing list just for “important announcements” would need someone 
> to decide what is “important”. It would also need everyone to be subscribed, 
> or we would have to cross-post to the existing list. That’s why we use topic 
> tags on the mailing list, so that it is possible to filter messages based on 
> what is important to the reader, rather than the sender.

So maybe call it openstack-organization or openstack-teams or something
to focus on organizational topics.
Using tags and filters is also a way but may not be suitable for
everyone.

> I don’t see any releases listed on 
> https://releases.openstack.org/independent.html either. Are you tagging 
> releases, yet?

Yes, we've done a few releases, see eg. openstack/salt-formula-nova
releases here: https://github.com/openstack/salt-formula-nova/releases

I don't know why it's not listed on releases.openstack.org page.

> I see no emails tagged with [salt] on the mailing list since March of this 
> year, aside from this thread. Are you using a different communication channel 
> for team coordination? You mention IRC, but how are new contributors expected 
> to find you?

Yes, we are using openstack-salt channel and openstack meetings over
IRC. This channel is mentioned eg. in readme here [1] and community
meetings page [2] which are on weekly basis (logs [3]).

We also had a couple of people comming to team IRC talking to us about project
so I believe they can find the way to contact us even without our heavy
activity at openstack-dev (which should be better as I admitted).

[1] https://github.com/openstack/openstack-salt
[2] https://wiki.openstack.org/wiki/Meetings/openstack-salt
[3] http://eavesdrop.openstack.org/meetings/openstack_salt/2016/

> > 
> > Of course I don't want to excuse our fault. In case it's not too late,
> > we will try to be more active in mailing lists like openstack-dev and
> > not miss such important events next time.
> > 
> > [1] http://stackalytics.com/?module=openstacksalt-group
> > 
> > -Filip
> > 
> > On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
> > wrote:
> > 
> >> Hi everyone,
> >> 
> >> As announced previously[1][2], there were no PTL candidates within the
> >> election deadline for a number of official OpenStack project teams:
> >> Astara, UX, OpenStackSalt and Security.
> >> 
> >> In the Astara case, the current team working on it would like to abandon
> >> the project (and let it be available for any new team who wishes to take
> >> it away). A change should be proposed really soon now to go in that
> >> direction.
> >> 
> >> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
> >> explained his error and asked to be considered for the position for
> >> Ocata. The TC will officialize his nomination at the next meeting,
> >> together with the newly elected PTLs.
> >> 
> >> That leaves us with OpenStackSalt and Security, where nobody reacted to
> >> the announcement that we are missing PTL candidates. That points to a
> >> real disconnect between those teams and the rest of the community. Even
> >> if you didn't have the election schedule in mind, it was pretty hard to
> >> miss all the PTL nominations in the email last week.
> >> 
> >> The majority of TC members present at the meeting yesterday suggested
> >> that those project teams should be removed from the Big Tent, with their
> >> design summit space allocation slightly reduced to match that (and make
> >> room for other not-yet-official teams).
> >> 
> >> In the case of OpenStackSalt, it's a relatively new addition, and if
> >> they get their act together they could probably be re-proposed in the
> >> future. In the case of Security, it points to a more significant
> >> disconnect (since it's not the first time the PTL misses the nomination
> >> call). We definitely still need to care about Security (and we also need
> >> a home for the Vulnerability Management team), but I think the "Security
> >> team" acts more like a workgroup than as an official project team, as
> >> evidenced by the fact that nobody in that team reacted to the lack of
> >> PTL nomination, or the announcement that the team missed the bus.
> >> 
> >> The suggested way forward there would be to remove the "Security project
> >> team", have the Vulnerability Management Team file to be its own
> >> official project team (in the same vein as the stable maintenance team),
> >> and have Security be just a workgroup rather than a project team.
> >> 
> >> Thoughts, comments ?
> >> 
> >> [1]
> >> http://lists.openstack.org/pipermail/openstack-dev/2016-
> >> September/103904.html
> >> [2]
> >> http://lists.openstack.org/pipermail/openstack-dev/2016-
> >> September/103939.html
> >> 
> >> --
> >> Thierry Carrez (ttx)
> >> 
> >> 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Clint Byrum]

Excerpts from Filip Pytloun's message of 2016-09-21 14:58:52 +0200:
> Hello,
> 
> it's definately our bad that we missed elections in OpenStackSalt
> project. Reason is similar to Rob's - we are active on different
> channels (mostly IRC as we keep regular meetings) and don't used to
> reading mailing lists with lots of generic topics (it would be good to
> have separate mailing list for such calls and critical topics or
> individual mails to project's core members).
> 
> Our project is very active [1], trying to do things the Openstack way
> and I think it would be a pitty to remove it from Big Tent just because
> we missed mail and therefore our first PTL election.
> 
> Of course I don't want to excuse our fault. In case it's not too late,
> we will try to be more active in mailing lists like openstack-dev and
> not miss such important events next time.
> 
> [1] http://stackalytics.com/?module=openstacksalt-group
> 

Seems like we need a bit added to this process which makes sure big tent
projects have their primary IRC channel identified, and a list of core
reviewer and meeting chair IRC nicks to ping when something urgent comes
up. This isn't just useful for elections, but is probably something the
VMT would appreciate as well, and likely anyone else who has an urgent
need to make contact with a team.

I think it might also be useful if we could make the meeting bot remind
teams of any pending actions they need to take such as elections upon
#startmeeting.

Seems like all of that could be automated.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Major Hayden]

On 09/21/2016 05:17 AM, Rob C wrote:
> Apart from missing elections, I think we do a huge amount for the community 
> and removing us from OpenStack would in no way be beneficial to either the 
> Security Project or OpenStack as a whole.

I definitely agree with Rob here and I support keeping the Security team in the 
big tent.

Although I'm not an active contributor there (but I want to be), I've joined 
some of their meetings and they've provided guidance on some of the work I've 
done with OpenStack-Ansible's (OSA) security hardening role.  The OSSN's they 
produce are helpful and the information contained within them is used when we 
improve OSA.  The Security Guide is also extremely useful for deployers who 
need advice on configuring OpenStack in a secure way.

--
Major Hayden



signature.asc
Description: OpenPGP digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

> On Sep 21, 2016, at 8:58 AM, Filip Pytloun  wrote:
> 
> Hello,
> 
> it's definately our bad that we missed elections in OpenStackSalt
> project. Reason is similar to Rob's - we are active on different
> channels (mostly IRC as we keep regular meetings) and don't used to
> reading mailing lists with lots of generic topics (it would be good to
> have separate mailing list for such calls and critical topics or
> individual mails to project's core members).

With 59 separate teams, even emailing the PTLs directly is becoming 
impractical. I can’t imagine trying to email all of the core members directly.

A separate mailing list just for “important announcements” would need someone 
to decide what is “important”. It would also need everyone to be subscribed, or 
we would have to cross-post to the existing list. That’s why we use topic tags 
on the mailing list, so that it is possible to filter messages based on what is 
important to the reader, rather than the sender.

> Our project is very active [1], trying to do things the Openstack way
> and I think it would be a pitty to remove it from Big Tent just because
> we missed mail and therefore our first PTL election.

I don’t see any releases listed on 
https://releases.openstack.org/independent.html either. Are you tagging 
releases, yet?

I see no emails tagged with [salt] on the mailing list since March of this 
year, aside from this thread. Are you using a different communication channel 
for team coordination? You mention IRC, but how are new contributors expected 
to find you?

> 
> Of course I don't want to excuse our fault. In case it's not too late,
> we will try to be more active in mailing lists like openstack-dev and
> not miss such important events next time.
> 
> [1] http://stackalytics.com/?module=openstacksalt-group
> 
> -Filip
> 
> On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
> wrote:
> 
>> Hi everyone,
>> 
>> As announced previously[1][2], there were no PTL candidates within the
>> election deadline for a number of official OpenStack project teams:
>> Astara, UX, OpenStackSalt and Security.
>> 
>> In the Astara case, the current team working on it would like to abandon
>> the project (and let it be available for any new team who wishes to take
>> it away). A change should be proposed really soon now to go in that
>> direction.
>> 
>> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
>> explained his error and asked to be considered for the position for
>> Ocata. The TC will officialize his nomination at the next meeting,
>> together with the newly elected PTLs.
>> 
>> That leaves us with OpenStackSalt and Security, where nobody reacted to
>> the announcement that we are missing PTL candidates. That points to a
>> real disconnect between those teams and the rest of the community. Even
>> if you didn't have the election schedule in mind, it was pretty hard to
>> miss all the PTL nominations in the email last week.
>> 
>> The majority of TC members present at the meeting yesterday suggested
>> that those project teams should be removed from the Big Tent, with their
>> design summit space allocation slightly reduced to match that (and make
>> room for other not-yet-official teams).
>> 
>> In the case of OpenStackSalt, it's a relatively new addition, and if
>> they get their act together they could probably be re-proposed in the
>> future. In the case of Security, it points to a more significant
>> disconnect (since it's not the first time the PTL misses the nomination
>> call). We definitely still need to care about Security (and we also need
>> a home for the Vulnerability Management team), but I think the "Security
>> team" acts more like a workgroup than as an official project team, as
>> evidenced by the fact that nobody in that team reacted to the lack of
>> PTL nomination, or the announcement that the team missed the bus.
>> 
>> The suggested way forward there would be to remove the "Security project
>> team", have the Vulnerability Management Team file to be its own
>> official project team (in the same vein as the stable maintenance team),
>> and have Security be just a workgroup rather than a project team.
>> 
>> Thoughts, comments ?
>> 
>> [1]
>> http://lists.openstack.org/pipermail/openstack-dev/2016-
>> September/103904.html
>> [2]
>> http://lists.openstack.org/pipermail/openstack-dev/2016-
>> September/103939.html
>> 
>> --
>> Thierry Carrez (ttx)
>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> 
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Doug Hellmann]

Excerpts from Rob C's message of 2016-09-21 13:17:07 +0100:
> For my part, I missed the elections, that's my bad. I normally put a
> calendar item in for that issue. I don't think that my missing the election
> date should result in the group being treated in this way. Members of the
> TC have contacted me about unrelated things recently, I have always been
> available however my schedule has made it hard for me to sift through -dev
> recently and I missed the volley of nomination emails. This is certainly a
> failing on my part.
> 
> It's certainly true that the security team, and our cores tend not to pay
> as much attention to the -dev mailing list as we should. The list is pretty
> noisy and  traditionally we always had a separate list that we used for
> security and since moving away from that we tend to focus on IRC or direct
> emails. Though as can be seen with our core announcements etc, we do try to
> do things the "openstack way"
> 
> However, to say we're not active I think is a bit unfair. Theirry and
> others regularly mail me directly about things like rooms for the summit
> and I typically respond in good time, I think what's happened here is more
> an identification of the fact that we need to focus more on doing things
> "the openstack way" rather than being kicked out of the big tent.
> 
> We regularly work with the VMT on security issues, we issue large amounts
> of guidance on our own, we have been working hard on an asset based threat
> analysis process for OpenStack teams who are looking to be security
> managed, we've reviewed external TA documentation and recently in our
> midcycle (yes, we're dedicated enough to fly to Texas and meet up to work
> on such issues) we created the first real set of security documents for an
> OpenStack project,  we worked with Barbican to apply the asset based threat
> analysis that we'd like to engage other teams in [1], [2]
> 
> Here's a couple of the things that we've been doing in this cycle:
> * Issuing Security Notes for Glance, Nova, Horizon, Bandit, Neutron and
> Barbican[3]
> * Updating the security guide (the book we wrote on securing OpenStack)[4]
> * Hosting a midcycle and inducting new members
> * Supporting the VMT with several embargoed and complex vulnerabilities
> * Building up a security blog[5]
> * Making OpenStack the biggest open source project to ever receive the Core
> Infrastructure Initative Best Practices Badge[6][7]
> * Working on the OpenStack Security Whitepaper [8]
> * Developing CI security tooling such as Bandit [9]
> 
> We are a very active team, working extremely hard on trying to make one
> OpenStack secure. This is often a thankless task, we provide a lot of what
> customers are asking for from OpenStack but as we don't drive individual
> flagship features our contributions are often overlooked. However, above is
> just a selection of what we've been doing throughout the last cycle.
> 
> If it's too late for these comments to have an influence then sobeit but
> this is failure of appropriate levels of email filtering and perhaps a
> highlight of how we need to alter our culture somewhat to partipate more in
> -dev in general than it is any indication of a lack of dedication, time,
> effort or contribution on the part of the Security Project.  We have
> dedicate huge amounts of efforts to OpenStack and to relegate us to a
> working group would be massively detrimental for one reason above all
> others. We get corporate participation, time and effort in terms of
> employee hours and contributions because we're an official part of
> OpenStack, we've had to build this up over time. If you remove the Security
> Project from the big tent I believe that participation in Security for
> OpenStack will drop off significantly.
> 
> We are active, we are helping to make OpenStack secure and we (I) suck at
> keeping ontop of email. Don't kick us out for that. If needs be we can find
> another PTL or otherwise take special steps to ensure that missing
> elections doesn't happen.

While it's admirable of you to take responsibility, there's no
reason to think this is an individual team member's fault.  The
team is responsible as a group for ensuring that it is meeting its
responsibilities to the rest of the community. In this case, the
election officials and TC had no reason to assume that you would
or would not run again. Any contributor could have entered the race.
When no one at all did, that lack of engagement reflected on the
entire team, not only you.

> Apart from missing elections, I think we do a huge amount for the community
> and removing us from OpenStack would in no way be beneficial to either the
> Security Project or OpenStack as a whole.

Based on the list above, the team is doing far more than I was aware
of.  I'm glad to hear that, as it looks like there is a considerable
amount of work going into those contributions. I hope we can find
a way to increase the team's participation in community operations
outside of 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Ian Cordasco]

 

-Original Message-
From: Rob C 
Reply: OpenStack Development Mailing List (not for usage questions) 

Date: September 21, 2016 at 07:19:40
To: OpenStack Development Mailing List (not for usage questions) 

Subject:  Re: [openstack-dev] [security] [salt] Removal of Security and 
OpenStackSalt project teams from the Big Tent

> For my part, I missed the elections, that's my bad. I normally put a
> calendar item in for that issue. I don't think that my missing the election
> date should result in the group being treated in this way. Members of the
> TC have contacted me about unrelated things recently, I have always been
> available however my schedule has made it hard for me to sift through -dev
> recently and I missed the volley of nomination emails. This is certainly a
> failing on my part.
>  
> It's certainly true that the security team, and our cores tend not to pay
> as much attention to the -dev mailing list as we should. The list is pretty
> noisy and traditionally we always had a separate list that we used for
> security and since moving away from that we tend to focus on IRC or direct
> emails. Though as can be seen with our core announcements etc, we do try to
> do things the "openstack way"
>  
> However, to say we're not active I think is a bit unfair. Theirry and
> others regularly mail me directly about things like rooms for the summit
> and I typically respond in good time, I think what's happened here is more
> an identification of the fact that we need to focus more on doing things
> "the openstack way" rather than being kicked out of the big tent.
>  
> We regularly work with the VMT on security issues, we issue large amounts
> of guidance on our own, we have been working hard on an asset based threat
> analysis process for OpenStack teams who are looking to be security
> managed, we've reviewed external TA documentation and recently in our
> midcycle (yes, we're dedicated enough to fly to Texas and meet up to work
> on such issues) we created the first real set of security documents for an
> OpenStack project, we worked with Barbican to apply the asset based threat
> analysis that we'd like to engage other teams in [1], [2]
>  
> Here's a couple of the things that we've been doing in this cycle:
> * Issuing Security Notes for Glance, Nova, Horizon, Bandit, Neutron and
> Barbican[3]
> * Updating the security guide (the book we wrote on securing OpenStack)[4]
> * Hosting a midcycle and inducting new members
> * Supporting the VMT with several embargoed and complex vulnerabilities
> * Building up a security blog[5]
> * Making OpenStack the biggest open source project to ever receive the Core
> Infrastructure Initative Best Practices Badge[6][7]
> * Working on the OpenStack Security Whitepaper [8]
> * Developing CI security tooling such as Bandit [9]
>  
> We are a very active team, working extremely hard on trying to make one
> OpenStack secure. This is often a thankless task, we provide a lot of what
> customers are asking for from OpenStack but as we don't drive individual
> flagship features our contributions are often overlooked. However, above is
> just a selection of what we've been doing throughout the last cycle.
>  
> If it's too late for these comments to have an influence then sobeit but
> this is failure of appropriate levels of email filtering and perhaps a
> highlight of how we need to alter our culture somewhat to partipate more in
> -dev in general than it is any indication of a lack of dedication, time,
> effort or contribution on the part of the Security Project. We have
> dedicate huge amounts of efforts to OpenStack and to relegate us to a
> working group would be massively detrimental for one reason above all
> others. We get corporate participation, time and effort in terms of
> employee hours and contributions because we're an official part of
> OpenStack, we've had to build this up over time. If you remove the Security
> Project from the big tent I believe that participation in Security for
> OpenStack will drop off significantly.
>  
> We are active, we are helping to make OpenStack secure and we (I) suck at
> keeping ontop of email. Don't kick us out for that. If needs be we can find
> another PTL or otherwise take special steps to ensure that missing
> elections doesn't happen.
>  
> Apart from missing elections, I think we do a huge amount for the community
> and removing us from OpenStack would in no way be beneficial to either the
> Security Project or OpenStack as a whole.
>  
> -Rob
>  
> [1] https://review.openstack.org/#/c/357978/5
> [2] https://etherpad.openstack.org/p/barbican-threat-analysis
> [3] https://wiki.openstack.org/wiki/Security_Notes
> [4] http://docs.openstack.org/sec/
> [5] https://openstack-security.github.io/
> [6] https://bestpractices.coreinfrastructure.org/
> [7]
> 

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Filip Pytloun]

Hello,

it's definately our bad that we missed elections in OpenStackSalt
project. Reason is similar to Rob's - we are active on different
channels (mostly IRC as we keep regular meetings) and don't used to
reading mailing lists with lots of generic topics (it would be good to
have separate mailing list for such calls and critical topics or
individual mails to project's core members).

Our project is very active [1], trying to do things the Openstack way
and I think it would be a pitty to remove it from Big Tent just because
we missed mail and therefore our first PTL election.

Of course I don't want to excuse our fault. In case it's not too late,
we will try to be more active in mailing lists like openstack-dev and
not miss such important events next time.

[1] http://stackalytics.com/?module=openstacksalt-group

-Filip

On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
wrote:

> Hi everyone,
>
> As announced previously[1][2], there were no PTL candidates within the
> election deadline for a number of official OpenStack project teams:
> Astara, UX, OpenStackSalt and Security.
>
> In the Astara case, the current team working on it would like to abandon
> the project (and let it be available for any new team who wishes to take
> it away). A change should be proposed really soon now to go in that
> direction.
>
> In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
> explained his error and asked to be considered for the position for
> Ocata. The TC will officialize his nomination at the next meeting,
> together with the newly elected PTLs.
>
> That leaves us with OpenStackSalt and Security, where nobody reacted to
> the announcement that we are missing PTL candidates. That points to a
> real disconnect between those teams and the rest of the community. Even
> if you didn't have the election schedule in mind, it was pretty hard to
> miss all the PTL nominations in the email last week.
>
> The majority of TC members present at the meeting yesterday suggested
> that those project teams should be removed from the Big Tent, with their
> design summit space allocation slightly reduced to match that (and make
> room for other not-yet-official teams).
>
> In the case of OpenStackSalt, it's a relatively new addition, and if
> they get their act together they could probably be re-proposed in the
> future. In the case of Security, it points to a more significant
> disconnect (since it's not the first time the PTL misses the nomination
> call). We definitely still need to care about Security (and we also need
> a home for the Vulnerability Management team), but I think the "Security
> team" acts more like a workgroup than as an official project team, as
> evidenced by the fact that nobody in that team reacted to the lack of
> PTL nomination, or the announcement that the team missed the bus.
>
> The suggested way forward there would be to remove the "Security project
> team", have the Vulnerability Management Team file to be its own
> official project team (in the same vein as the stable maintenance team),
> and have Security be just a workgroup rather than a project team.
>
> Thoughts, comments ?
>
> [1]
> http://lists.openstack.org/pipermail/openstack-dev/2016-
> September/103904.html
> [2]
> http://lists.openstack.org/pipermail/openstack-dev/2016-
> September/103939.html
>
> --
> Thierry Carrez (ttx)
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>


signature.asc
Description: Digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

[Rob C]

For my part, I missed the elections, that's my bad. I normally put a
calendar item in for that issue. I don't think that my missing the election
date should result in the group being treated in this way. Members of the
TC have contacted me about unrelated things recently, I have always been
available however my schedule has made it hard for me to sift through -dev
recently and I missed the volley of nomination emails. This is certainly a
failing on my part.

It's certainly true that the security team, and our cores tend not to pay
as much attention to the -dev mailing list as we should. The list is pretty
noisy and  traditionally we always had a separate list that we used for
security and since moving away from that we tend to focus on IRC or direct
emails. Though as can be seen with our core announcements etc, we do try to
do things the "openstack way"

However, to say we're not active I think is a bit unfair. Theirry and
others regularly mail me directly about things like rooms for the summit
and I typically respond in good time, I think what's happened here is more
an identification of the fact that we need to focus more on doing things
"the openstack way" rather than being kicked out of the big tent.

We regularly work with the VMT on security issues, we issue large amounts
of guidance on our own, we have been working hard on an asset based threat
analysis process for OpenStack teams who are looking to be security
managed, we've reviewed external TA documentation and recently in our
midcycle (yes, we're dedicated enough to fly to Texas and meet up to work
on such issues) we created the first real set of security documents for an
OpenStack project,  we worked with Barbican to apply the asset based threat
analysis that we'd like to engage other teams in [1], [2]

Here's a couple of the things that we've been doing in this cycle:
* Issuing Security Notes for Glance, Nova, Horizon, Bandit, Neutron and
Barbican[3]
* Updating the security guide (the book we wrote on securing OpenStack)[4]
* Hosting a midcycle and inducting new members
* Supporting the VMT with several embargoed and complex vulnerabilities
* Building up a security blog[5]
* Making OpenStack the biggest open source project to ever receive the Core
Infrastructure Initative Best Practices Badge[6][7]
* Working on the OpenStack Security Whitepaper [8]
* Developing CI security tooling such as Bandit [9]

We are a very active team, working extremely hard on trying to make one
OpenStack secure. This is often a thankless task, we provide a lot of what
customers are asking for from OpenStack but as we don't drive individual
flagship features our contributions are often overlooked. However, above is
just a selection of what we've been doing throughout the last cycle.

If it's too late for these comments to have an influence then sobeit but
this is failure of appropriate levels of email filtering and perhaps a
highlight of how we need to alter our culture somewhat to partipate more in
-dev in general than it is any indication of a lack of dedication, time,
effort or contribution on the part of the Security Project.  We have
dedicate huge amounts of efforts to OpenStack and to relegate us to a
working group would be massively detrimental for one reason above all
others. We get corporate participation, time and effort in terms of
employee hours and contributions because we're an official part of
OpenStack, we've had to build this up over time. If you remove the Security
Project from the big tent I believe that participation in Security for
OpenStack will drop off significantly.

We are active, we are helping to make OpenStack secure and we (I) suck at
keeping ontop of email. Don't kick us out for that. If needs be we can find
another PTL or otherwise take special steps to ensure that missing
elections doesn't happen.

Apart from missing elections, I think we do a huge amount for the community
and removing us from OpenStack would in no way be beneficial to either the
Security Project or OpenStack as a whole.

-Rob

[1] https://review.openstack.org/#/c/357978/5
[2] https://etherpad.openstack.org/p/barbican-threat-analysis
[3] https://wiki.openstack.org/wiki/Security_Notes
[4] http://docs.openstack.org/sec/
[5] https://openstack-security.github.io/
[6] https://bestpractices.coreinfrastructure.org/
[7]
http://www.businesswire.com/news/home/20160725005133/en/OpenStack-Earns-Core-Infrastructure-Initiative-Practices-Badge
[8] https://www.openstack.org/software/security/
[9] https://wiki.openstack.org/wiki/Security/Projects/Bandit




On Wed, Sep 21, 2016 at 12:23 PM, Thierry Carrez 
wrote:

> Hi everyone,
>
> As announced previously[1][2], there were no PTL candidates within the
> election deadline for a number of official OpenStack project teams:
> Astara, UX, OpenStackSalt and Security.
>
> In the Astara case, the current team working on it would like to abandon
> the project (and let it be available for any new team who wishes to take