Now seems like a good time to review our security roadmap. I've updated the trello board[1] to have a separate security list and moved the relevant cards there. They include: - resurrect coverity ci at scan.coverity.com. This stopped sending out useful emails a while ago and the cron job has probably died; I'll try to get it going again. - coverity backlog: there is a big backlog of issues in coverity that should be addressed. Many of them are low priority (e.g., exceptions not caught in test code), but those issues obscure the real problems. - hybrid kerberos/cephx auth mode: We've discussed this recently during CDM, notes here: http://pad.ceph.com/p/kerberos - on the wire encryption: this is currently blocked by the msgr2 wire protocol revamp. - librbd: client-side encryption. The idea is to provide a key to librbd so that it encrypts all data before it is sent to rados. This has to happen in librbd and not qemu in order to support cloning of encrypted images. - ceph-disk: revamp boostrap process. This just came up on ceph-devel today. I think moving the bootstrap code into the monitor will simplify issues like this and be easier to maintain/use going forward... - rgw: encryption. This is work in progress to implement the S3 encryption APIs. Are there items we're missing that should go on this list? Perhaps we should dedicate some time during the next CDM to go over the security roadmap as a whole and any specific issues that are not well defined. Thanks! sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
