* Security working group meeting 2020-01-22 @ 2020-01-22 21:23 Joseph Reynolds 2020-01-24 17:19 ` bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] Alexander Tereschenko 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds 0 siblings, 2 replies; 14+ messages in thread From: Joseph Reynolds @ 2020-01-22 21:23 UTC (permalink / raw) To: openbmc Notes from the security working group meeting 2020-01-22: Highlights below; details in https://github.com/openbmc/openbmc/wiki/Security-working-group 1. Discuss BMCWeb’s site identity certificate handling, specifically intermediate certificates. See https://github.com/openbmc/bmcweb/#configuration Other web servers have directives to concatenate the intermediate certificates (excluding the root CA certificates) and send that. What does BMCWeb do? - What is BMCWeb's default default? - Need better docs, for example: How can a BMC admin replace theBMCWeb site cert? Is it okay to concatenate intermediate certs? Can we document this for BMCWeb? 2. Design discussions about aggregation broached the security topic : https://lists.ozlabs.org/pipermail/openbmc/2020-January/020142.html We are not sure what security help is needed. at this point. 3. Revisit "Daemons should not run as root" - https://github.com/openbmc/openbmc/issues/3383 There is definite interest. Who can work on this? Possible initial goal: convert bmcweb so it runs as a non-root user. BMCWeb is selected because it is higher risk because implements a network interface. 4. Merged BMCWeb commit to allow slower image uploads: https://github.com/openbmc/bmcweb/commit/2b5e08e2915d886655a78aaabff40745dca6b517 See also commit: 0e1cf26b1cd98e0ec069e6187434fcabf1e9c200 “Make the max http request body size configurable”. Minimal discussion. 5. Merged BMCWeb commit that added new messages for security events: https://github.com/openbmc/bmcweb/commit/8988dda41319950476ebb146df06c2e7b3fbf44d Minimal discussion. 6. How do we bring security assurance work into the OpenBMC project? Is there interest in considering Protection Profiles that apply to OpenBMC? We can use these as a systematic way review security topics. For example, the Operating System Protection Profile (OSPP) talks about cryptographic functions, audit logging, network security, secure boot, etc. The Virtualization Protection Profile (VPP) considers the BMC to be part of the platform management system. There was agreement that these security schemes are good starting points to use as a guide. DONE: Joseph added new “Security Assurance Workflow” section to guide future work in this area - https://github.com/openbmc/openbmc/wiki/Security-working-group#security-assurance-workflow . - Joseph ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] 2020-01-22 21:23 Security working group meeting 2020-01-22 Joseph Reynolds @ 2020-01-24 17:19 ` Alexander Tereschenko 2020-01-27 16:03 ` Joseph Reynolds 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds 1 sibling, 1 reply; 14+ messages in thread From: Alexander Tereschenko @ 2020-01-24 17:19 UTC (permalink / raw) To: openbmc On 22-Jan-20 22:23, Joseph Reynolds wrote: > Notes from the security working group meeting 2020-01-22: > Highlights below; details in > https://github.com/openbmc/openbmc/wiki/Security-working-group > > > 1. Discuss BMCWeb’s site identity certificate handling, specifically > intermediate certificates. See > https://github.com/openbmc/bmcweb/#configuration > > Other web servers have directives to concatenate the intermediate > certificates (excluding the root CA certificates) and send that. What > does BMCWeb do? > - What is BMCWeb's default default? > - Need better docs, for example: How can a BMC admin replace > theBMCWeb site cert? Is it okay to concatenate intermediate certs? > Can we document this for BMCWeb? As discussed during the meeting, I've looked into that and looks like bmcweb doesn't support sending the cert chain at all right now. When loading it expects the server's cert file to have just a private key and certificate in a single file [1], just as we've discussed during the meeting, and server's init code only loads those [2]. There's an API in Boost.Asio that could allow loading a chain [3], but it's not used anywhere, so for bmcweb to support that, a patch must be created. HTH, Alexander [1] https://github.com/openbmc/bmcweb/blob/master/http/http_server.h#L159 [2] https://github.com/openbmc/bmcweb/blob/master/http/app.h#L158-L159 [3] https://www.boost.org/doc/libs/1_71_0/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] 2020-01-24 17:19 ` bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] Alexander Tereschenko @ 2020-01-27 16:03 ` Joseph Reynolds 2020-01-28 18:24 ` Alexander Tereschenko 0 siblings, 1 reply; 14+ messages in thread From: Joseph Reynolds @ 2020-01-27 16:03 UTC (permalink / raw) To: Alexander Tereschenko, openbmc On 1/24/20 11:19 AM, Alexander Tereschenko wrote: > On 22-Jan-20 22:23, Joseph Reynolds wrote: >> Notes from the security working group meeting 2020-01-22: >> Highlights below; details in >> https://github.com/openbmc/openbmc/wiki/Security-working-group >> >> >> 1. Discuss BMCWeb’s site identity certificate handling, specifically >> intermediate certificates. See >> https://github.com/openbmc/bmcweb/#configuration >> >> Other web servers have directives to concatenate the intermediate >> certificates (excluding the root CA certificates) and send that. What >> does BMCWeb do? >> - What is BMCWeb's default default? >> - Need better docs, for example: How can a BMC admin replace >> theBMCWeb site cert? Is it okay to concatenate intermediate certs? >> Can we document this for BMCWeb? > > As discussed during the meeting, I've looked into that and looks like > bmcweb doesn't support sending the cert chain at all right now. When > loading it expects the server's cert file to have just a private key > and certificate in a single file [1], just as we've discussed during > the meeting, and server's init code only loads those [2]. There's an > API in Boost.Asio that could allow loading a chain [3], but it's not > used anywhere, so for bmcweb to support that, a patch must be created. Thank you for finding that. I think we want to add a function to BMCWeb to be able to handle certificate chains. Would we need to enhance the REST APIs [4] to upload server certificates as part of this work? [4]: https://github.com/openbmc/phosphor-dbus-interfaces/tree/master/xyz/openbmc_project/Certs - Joseph > HTH, > Alexander > > [1] https://github.com/openbmc/bmcweb/blob/master/http/http_server.h#L159 > [2] https://github.com/openbmc/bmcweb/blob/master/http/app.h#L158-L159 > [3] > https://www.boost.org/doc/libs/1_71_0/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] 2020-01-27 16:03 ` Joseph Reynolds @ 2020-01-28 18:24 ` Alexander Tereschenko 0 siblings, 0 replies; 14+ messages in thread From: Alexander Tereschenko @ 2020-01-28 18:24 UTC (permalink / raw) To: openbmc On 27-Jan-20 17:03, Joseph Reynolds wrote: > Thank you for finding that. I think we want to add a function to > BMCWeb to be able to handle certificate chains. Would we need to > enhance the REST APIs [4] to upload server certificates as part of > this work? > > [4]: > https://github.com/openbmc/phosphor-dbus-interfaces/tree/master/xyz/openbmc_project/Certs > Yes, I think that'd be required, otherwise the only way the BMC admin could provide that cert chain file would be via SSH, which of course will not work for everyone. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Security workgroup meeting times 2020-01-22 21:23 Security working group meeting 2020-01-22 Joseph Reynolds 2020-01-24 17:19 ` bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] Alexander Tereschenko @ 2020-01-27 17:42 ` Joseph Reynolds 2020-01-28 0:24 ` Michael Richardson ` (2 more replies) 1 sibling, 3 replies; 14+ messages in thread From: Joseph Reynolds @ 2020-01-27 17:42 UTC (permalink / raw) To: openbmc Team, Let's try again to establish another OpenBMC Security Workgroup meeting time. The current meeting time (every other week 10am Pacific Daylight Time) is working for some, but not for others. To be clear, we would use the same workgroup, just have alternate meeting times. First, let's find a time that works for Australia, Asia, and Europe. I've seen participation and continued interest from folks in those time zones. Because the current meeting time is bad for them, let's establish alternate times. Second, I am thinking we could establish alternating meeting times. We will not find a time that works for everyone. I try to accommodate folks who cannot attend by writing a summary of the topics and conclusions, and by pushing the work back out into this email list. But that is not the same as attending a meeting. I feel that the meetings foster better responses and more participation than using the email list alone. For that reason, I want to continue to meet. Hence, I am proposing alternating meeting times. Third, I have been running the meetings. I plan to continue to handle the Security workgroup meeting agenda, and can help set up the initial workgroup meetings at alternate times, I would not plan to run them. I hope you will solve all the security problems while I am sleeping. Fortunately, running meetings is easy: just go through the agenda, introduce each item, wait for people to talk, and summarize the outcome. We need a volunteer leader for that. Send me your ideas, - Joseph On 1/22/20 3:23 PM, Joseph Reynolds wrote: > Notes from the security working group meeting 2020-01-22: > Highlights below; details in > https://github.com/openbmc/openbmc/wiki/Security-working-group > > > 1. Discuss BMCWeb’s site identity certificate handling, specifically > intermediate certificates. See > https://github.com/openbmc/bmcweb/#configuration > > Other web servers have directives to concatenate the intermediate > certificates (excluding the root CA certificates) and send that. What > does BMCWeb do? > - What is BMCWeb's default default? > - Need better docs, for example: How can a BMC admin replace > theBMCWeb site cert? Is it okay to concatenate intermediate certs? > Can we document this for BMCWeb? > > > 2. Design discussions about aggregation broached the security topic : > https://lists.ozlabs.org/pipermail/openbmc/2020-January/020142.html > > We are not sure what security help is needed. at this point. > > > 3. Revisit "Daemons should not run as root" - > https://github.com/openbmc/openbmc/issues/3383 > > There is definite interest. Who can work on this? Possible initial > goal: convert bmcweb so it runs as a non-root user. BMCWeb is selected > because it is higher risk because implements a network interface. > > > 4. Merged BMCWeb commit to allow slower image uploads: > https://github.com/openbmc/bmcweb/commit/2b5e08e2915d886655a78aaabff40745dca6b517 > See also commit: 0e1cf26b1cd98e0ec069e6187434fcabf1e9c200 “Make the > max http request body size configurable”. > > Minimal discussion. > > > 5. Merged BMCWeb commit that added new messages for security events: > https://github.com/openbmc/bmcweb/commit/8988dda41319950476ebb146df06c2e7b3fbf44d > > Minimal discussion. > > > 6. How do we bring security assurance work into the OpenBMC project? > Is there interest in considering Protection Profiles that apply to > OpenBMC? We can use these as a systematic way review security > topics. For example, the Operating System Protection Profile (OSPP) > talks about cryptographic functions, audit logging, network security, > secure boot, etc. The Virtualization Protection Profile (VPP) > considers the BMC to be part of the platform management system. > > There was agreement that these security schemes are good starting > points to use as a guide. DONE: Joseph added new “Security Assurance > Workflow” section to guide future work in this area - > https://github.com/openbmc/openbmc/wiki/Security-working-group#security-assurance-workflow > . > > > - Joseph > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Security workgroup meeting times 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds @ 2020-01-28 0:24 ` Michael Richardson 2020-01-28 0:29 ` Andrew Jeffery 2020-05-13 18:31 ` Joseph Reynolds 2 siblings, 0 replies; 14+ messages in thread From: Michael Richardson @ 2020-01-28 0:24 UTC (permalink / raw) To: Joseph Reynolds; +Cc: openbmc Joseph Reynolds <jrey@linux.ibm.com> wrote: > Let's try again to establish another OpenBMC Security Workgroup meeting > time. The current meeting time (every other week 10am Pacific Daylight > Time) is working for some, but not for others. To be clear, we would > use the same workgroup, just have alternate meeting times. > First, let's find a time that works for Australia, Asia, and Europe. There aren't any such times :-) If you move to 7am PST, 10am Eastern, then it's 14:00 UTC, which is still within the working day in Germany, Helsinki and Tel-Aviv. In Beijing, that's 11pm. Seoul, 00:00, and Syndey, 2am. https://www.timeanddate.com/worldclock/meetingtime.html?iso=20200131&p1=188&p2=33&p3=235&p4=240&p5=37 Many left-coast types that I work with prefer 7am, as they can do the meeting while still at home, before traffic, before school-drop-off, etc. (And aren't they all supposed to be super-health-nuts who get up at 6am to do Yoga?) > Second, I am thinking we could establish alternating meeting times. We > will not find a time that works for everyone. I try to accommodate > folks who cannot attend by writing a summary of the topics and > conclusions, and by pushing the work back out into this email list. I've been on meetings that have simply alternated the AM/PM of the meeting. 7pm California 10pm NYC 4am Berlin/5am Helsinki 11am Beijing 12:00 Seoul 2pm Syndey -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Security workgroup meeting times 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds 2020-01-28 0:24 ` Michael Richardson @ 2020-01-28 0:29 ` Andrew Jeffery 2020-01-28 0:50 ` Bruce Mitchell 2020-05-13 18:31 ` Joseph Reynolds 2 siblings, 1 reply; 14+ messages in thread From: Andrew Jeffery @ 2020-01-28 0:29 UTC (permalink / raw) To: Joseph Reynolds, openbmc On Tue, 28 Jan 2020, at 04:12, Joseph Reynolds wrote: > Team, > > Let's try again to establish another OpenBMC Security Workgroup meeting > time. The current meeting time (every other week 10am Pacific Daylight > Time) is working for some, but not for others. To be clear, we would > use the same workgroup, just have alternate meeting times. > > First, let's find a time that works for Australia, Asia, and Europe. > I've seen participation and continued interest from folks in those time > zones. Because the current meeting time is bad for them, let's establish > alternate times. > > Second, I am thinking we could establish alternating meeting times. We > will not find a time that works for everyone. I try to accommodate > folks who cannot attend by writing a summary of the topics and > conclusions, and by pushing the work back out into this email list. But > that is not the same as attending a meeting. I feel that the meetings > foster better responses and more participation than using the email list > alone. For that reason, I want to continue to meet. Hence, I am > proposing alternating meeting times. What times specifically? I'm interested, and I'm in ACDT (UTC+10:30). Unless we have people in NZ, I suspect the best time is sometime in my afternoon for Asia and Europe. Thursday or Friday after 1430h ACDT would work best for me. Andrew ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Security workgroup meeting times 2020-01-28 0:29 ` Andrew Jeffery @ 2020-01-28 0:50 ` Bruce Mitchell 2020-01-28 10:41 ` Alexander Tereschenko 0 siblings, 1 reply; 14+ messages in thread From: Bruce Mitchell @ 2020-01-28 0:50 UTC (permalink / raw) To: Andrew Jeffery, Joseph Reynolds, openbmc If you want to include Silicon Valley it seem like 22:00, 23:00, 00:00, 01:00, and 02:00 UTC/GMT are the only real options. -----Original Message----- From: openbmc [mailto:openbmc-bounces+bruce_mitchell=phoenix.com@lists.ozlabs.org] On Behalf Of Andrew Jeffery Sent: Monday, January 27, 2020 16:29 To: Joseph Reynolds; openbmc Subject: Re: Security workgroup meeting times On Tue, 28 Jan 2020, at 04:12, Joseph Reynolds wrote: > Team, > > Let's try again to establish another OpenBMC Security Workgroup meeting > time. The current meeting time (every other week 10am Pacific Daylight > Time) is working for some, but not for others. To be clear, we would > use the same workgroup, just have alternate meeting times. > > First, let's find a time that works for Australia, Asia, and Europe. > I've seen participation and continued interest from folks in those time > zones. Because the current meeting time is bad for them, let's establish > alternate times. > > Second, I am thinking we could establish alternating meeting times. We > will not find a time that works for everyone. I try to accommodate > folks who cannot attend by writing a summary of the topics and > conclusions, and by pushing the work back out into this email list. But > that is not the same as attending a meeting. I feel that the meetings > foster better responses and more participation than using the email list > alone. For that reason, I want to continue to meet. Hence, I am > proposing alternating meeting times. What times specifically? I'm interested, and I'm in ACDT (UTC+10:30). Unless we have people in NZ, I suspect the best time is sometime in my afternoon for Asia and Europe. Thursday or Friday after 1430h ACDT would work best for me. Andrew ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Security workgroup meeting times 2020-01-28 0:50 ` Bruce Mitchell @ 2020-01-28 10:41 ` Alexander Tereschenko 2020-01-28 16:20 ` Bruce Mitchell 0 siblings, 1 reply; 14+ messages in thread From: Alexander Tereschenko @ 2020-01-28 10:41 UTC (permalink / raw) To: openbmc On 28-Jan-20 01:50, Bruce Mitchell wrote: > If you want to include Silicon Valley it seem like 22:00, 23:00, 00:00, 01:00, and 02:00 UTC/GMT are the only real options. Should we maybe try something like http://whenisgood.net/ to sort out a slot that works for everyone? Current time works for me BTW and I'm located in Europe :) ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Security workgroup meeting times 2020-01-28 10:41 ` Alexander Tereschenko @ 2020-01-28 16:20 ` Bruce Mitchell 0 siblings, 0 replies; 14+ messages in thread From: Bruce Mitchell @ 2020-01-28 16:20 UTC (permalink / raw) To: Alexander Tereschenko, openbmc I also find the present time of Wednesday at 10:00am PDT (noon CDT) works well. -----Original Message----- From: openbmc [mailto:openbmc-bounces+bruce_mitchell=phoenix.com@lists.ozlabs.org] On Behalf Of Alexander Tereschenko Sent: Tuesday, January 28, 2020 02:42 To: openbmc@lists.ozlabs.org Subject: Re: Security workgroup meeting times On 28-Jan-20 01:50, Bruce Mitchell wrote: > If you want to include Silicon Valley it seem like 22:00, 23:00, 00:00, 01:00, and 02:00 UTC/GMT are the only real options. Should we maybe try something like http://whenisgood.net/ to sort out a slot that works for everyone? Current time works for me BTW and I'm located in Europe :) ^ permalink raw reply [flat|nested] 14+ messages in thread
* Security workgroup meeting times 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds 2020-01-28 0:24 ` Michael Richardson 2020-01-28 0:29 ` Andrew Jeffery @ 2020-05-13 18:31 ` Joseph Reynolds 2020-05-13 18:43 ` Bruce Mitchell 2 siblings, 1 reply; 14+ messages in thread From: Joseph Reynolds @ 2020-05-13 18:31 UTC (permalink / raw) To: openbmc, Manojkiran Eda Re-sending this email to refresh this topic. Looking for a specific time and ideally someone to run the meeting. See the replies in the archive here: https://lists.ozlabs.org/pipermail/openbmc/2020-January - Joseph -------- Forwarded Message -------- Subject: Security workgroup meeting times Date: Mon, 27 Jan 2020 11:42:04 -0600 From: Joseph Reynolds <jrey@linux.ibm.com> To: openbmc <openbmc@lists.ozlabs.org> Team, Let's try again to establish another OpenBMC Security Workgroup meeting time. The current meeting time (every other week 10am Pacific Daylight Time) is working for some, but not for others. To be clear, we would use the same workgroup, just have alternate meeting times. First, let's find a time that works for Australia, Asia, and Europe. I've seen participation and continued interest from folks in those time zones. Because the current meeting time is bad for them, let's establish alternate times. Second, I am thinking we could establish alternating meeting times. We will not find a time that works for everyone. I try to accommodate folks who cannot attend by writing a summary of the topics and conclusions, and by pushing the work back out into this email list. But that is not the same as attending a meeting. I feel that the meetings foster better responses and more participation than using the email list alone. For that reason, I want to continue to meet. Hence, I am proposing alternating meeting times. Third, I have been running the meetings. I plan to continue to handle the Security workgroup meeting agenda, and can help set up the initial workgroup meetings at alternate times, I would not plan to run them. I hope you will solve all the security problems while I am sleeping. Fortunately, running meetings is easy: just go through the agenda, introduce each item, wait for people to talk, and summarize the outcome. We need a volunteer leader for that. Send me your ideas, - Joseph ...snip... ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Security workgroup meeting times 2020-05-13 18:31 ` Joseph Reynolds @ 2020-05-13 18:43 ` Bruce Mitchell 2020-05-13 21:50 ` Joseph Reynolds 0 siblings, 1 reply; 14+ messages in thread From: Bruce Mitchell @ 2020-05-13 18:43 UTC (permalink / raw) To: Joseph Reynolds, openbmc, Manojkiran Eda If you want to include Silicon Valley it seem like 22:00, 23:00, 00:00, 01:00, and 02:00 UTC/GMT are the only real options. > -----Original Message----- > From: openbmc [mailto:openbmc- > bounces+bruce_mitchell=phoenix.com@lists.ozlabs.org] On Behalf Of > Joseph Reynolds > Sent: Wednesday, May 13, 2020 11:31 > To: openbmc; Manojkiran Eda > Subject: Security workgroup meeting times > > Re-sending this email to refresh this topic. > > Looking for a specific time and ideally someone to run the meeting. > See the replies in the archive here: > https://lists.ozlabs.org/pipermail/openbmc/2020-January > > - Joseph > > -------- Forwarded Message -------- > Subject: Security workgroup meeting times > Date: Mon, 27 Jan 2020 11:42:04 -0600 > From: Joseph Reynolds <jrey@linux.ibm.com> > To: openbmc <openbmc@lists.ozlabs.org> > > > > Team, > > Let's try again to establish another OpenBMC Security Workgroup > meeting > time. The current meeting time (every other week 10am Pacific Daylight > Time) is working for some, but not for others. To be clear, we would use > the same workgroup, just have alternate meeting times. > > First, let's find a time that works for Australia, Asia, and Europe. > I've seen participation and continued interest from folks in those time > zones. Because the current meeting time is bad for them, let's establish > alternate times. > > Second, I am thinking we could establish alternating meeting times. We > will not find a time that works for everyone. I try to accommodate > folks who cannot attend by writing a summary of the topics and > conclusions, and by pushing the work back out into this email list. But > that is not the same as attending a meeting. I feel that the meetings > foster better responses and more participation than using the email list > alone. For that reason, I want to continue to meet. Hence, I am > proposing alternating meeting times. > > Third, I have been running the meetings. I plan to continue to handle > the Security workgroup meeting agenda, and can help set up the initial > workgroup meetings at alternate times, I would not plan to run them. I > hope you will solve all the security problems while I am sleeping. > Fortunately, running meetings is easy: just go through the agenda, > introduce each item, wait for people to talk, and summarize the > outcome. We need a volunteer leader for that. > > Send me your ideas, > - Joseph > > ...snip... ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Security workgroup meeting times 2020-05-13 18:43 ` Bruce Mitchell @ 2020-05-13 21:50 ` Joseph Reynolds 2020-05-14 15:58 ` Michael Richardson 0 siblings, 1 reply; 14+ messages in thread From: Joseph Reynolds @ 2020-05-13 21:50 UTC (permalink / raw) To: Bruce Mitchell, openbmc, Manojkiran Eda On 5/13/20 1:43 PM, Bruce Mitchell wrote: > If you want to include Silicon Valley it seem like 22:00, 23:00, 00:00, 01:00, and 02:00 UTC/GMT are the only real options. I think the current time (10:00am PDT) works for most Silicon Valley folks. I am looking for a second meeting time good for others not in the Americas. For example, we've has security collaborations from folks in Switzerland Poland Russia India China and Australia, and I want to find a time that work for those regions. - Joseph > >> -----Original Message----- >> From: openbmc [mailto:openbmc- >> bounces+bruce_mitchell=phoenix.com@lists.ozlabs.org] On Behalf Of >> Joseph Reynolds >> Sent: Wednesday, May 13, 2020 11:31 >> To: openbmc; Manojkiran Eda >> Subject: Security workgroup meeting times >> >> Re-sending this email to refresh this topic. >> >> Looking for a specific time and ideally someone to run the meeting. >> See the replies in the archive here: >> https://lists.ozlabs.org/pipermail/openbmc/2020-January >> >> - Joseph >> >> -------- Forwarded Message -------- >> Subject: Security workgroup meeting times >> Date: Mon, 27 Jan 2020 11:42:04 -0600 >> From: Joseph Reynolds <jrey@linux.ibm.com> >> To: openbmc <openbmc@lists.ozlabs.org> >> >> >> >> Team, >> >> Let's try again to establish another OpenBMC Security Workgroup >> meeting >> time. The current meeting time (every other week 10am Pacific Daylight >> Time) is working for some, but not for others. To be clear, we would use >> the same workgroup, just have alternate meeting times. >> >> First, let's find a time that works for Australia, Asia, and Europe. >> I've seen participation and continued interest from folks in those time >> zones. Because the current meeting time is bad for them, let's establish >> alternate times. >> >> Second, I am thinking we could establish alternating meeting times. We >> will not find a time that works for everyone. I try to accommodate >> folks who cannot attend by writing a summary of the topics and >> conclusions, and by pushing the work back out into this email list. But >> that is not the same as attending a meeting. I feel that the meetings >> foster better responses and more participation than using the email list >> alone. For that reason, I want to continue to meet. Hence, I am >> proposing alternating meeting times. >> >> Third, I have been running the meetings. I plan to continue to handle >> the Security workgroup meeting agenda, and can help set up the initial >> workgroup meetings at alternate times, I would not plan to run them. I >> hope you will solve all the security problems while I am sleeping. >> Fortunately, running meetings is easy: just go through the agenda, >> introduce each item, wait for people to talk, and summarize the >> outcome. We need a volunteer leader for that. >> >> Send me your ideas, >> - Joseph >> >> ...snip... ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Security workgroup meeting times 2020-05-13 21:50 ` Joseph Reynolds @ 2020-05-14 15:58 ` Michael Richardson 0 siblings, 0 replies; 14+ messages in thread From: Michael Richardson @ 2020-05-14 15:58 UTC (permalink / raw) To: Joseph Reynolds; +Cc: Bruce Mitchell, openbmc, Manojkiran Eda [-- Attachment #1: Type: text/plain, Size: 1141 bytes --] Joseph Reynolds <jrey@linux.ibm.com> wrote: > On 5/13/20 1:43 PM, Bruce Mitchell wrote: >> If you want to include Silicon Valley it seem like 22:00, 23:00, >> 00:00, 01:00, and 02:00 UTC/GMT are the only real options. > I think the current time (10:00am PDT) works for most Silicon Valley > folks. I am looking for a second meeting time good for others not in > the Americas. For example, we've has security collaborations from > folks in Switzerland Poland Russia India China and Australia, and I > want to find a time that work for those regions. Perhaps the right thing is to therefore run a doodle poll which is exclusive for those not in North America. Then afterwards, the rest of us can opine/whine. On days when it works, 10am PDT (1pm EDT for me) is indeed great, but last few weeks, I'm booked into higher priority things. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-05-14 15:58 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-01-22 21:23 Security working group meeting 2020-01-22 Joseph Reynolds 2020-01-24 17:19 ` bmcweb and certificate chains [WAS: Security working group meeting 2020-01-22] Alexander Tereschenko 2020-01-27 16:03 ` Joseph Reynolds 2020-01-28 18:24 ` Alexander Tereschenko 2020-01-27 17:42 ` Security workgroup meeting times Joseph Reynolds 2020-01-28 0:24 ` Michael Richardson 2020-01-28 0:29 ` Andrew Jeffery 2020-01-28 0:50 ` Bruce Mitchell 2020-01-28 10:41 ` Alexander Tereschenko 2020-01-28 16:20 ` Bruce Mitchell 2020-05-13 18:31 ` Joseph Reynolds 2020-05-13 18:43 ` Bruce Mitchell 2020-05-13 21:50 ` Joseph Reynolds 2020-05-14 15:58 ` Michael Richardson
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.