►
From YouTube: ROS 2 Security Working Group (2020-09-22)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
B
Right
so
the
first
thing
that
was
on
the
agenda
for
today
was
just
an
update
on
the
cis
benchmark.
Just
want
to
let
everybody
know
we
had
we've
had
a
couple
of
meetings
really
haven't
gone
over
too
much.
B
There
have
been
a
few
comments,
kyle
put
a
few
comments
and
if
anybody
has
any
comments
on
the
benchmark,
please
go
ahead
and
add
that
in
but
we're
going
to
go
ahead
and
put
the
benchmark
out,
publish
version
1.0
in
the
hopes
that
we
get
some
more
community
involvement
on
that,
and
hopefully
we
get
some
feedback
and
just
go
ahead
and
quickly
release
a
version
1.1
of
that.
B
So
if
anybody
has
any
comments
on
it,
I
know
doesn't
seem
like
a
lot
of
notifications
are
going
out
on
that.
But
just
let
me
know
if
you
have
any
questions,
so
I
don't
know
that
there's
much
else
to
add.
Unless
anybody
has
any
questions
about.
What's
going
on,
there.
C
I
actually
do
have
something
to
add
sid,
if
you
don't
mind
please
so
so
I
a
couple
days
ago,
I
added
a
new.
C
I
rather
I
propose
a
new
recommendation
in
the
in
the
initial
setup
section
to
to
set
ross's
name
to
localhost
and
the
the
idea
behind
that
was
to
have
a
more
secure
default
configuration
where
you
know
ross.
Ross
master
listens
on
all
interfaces
by
default,
which
I
think
is
is
an
unfortunate
default
behavior.
C
C
A
Okay,
so
you
can
see
here
then
the
issue
that
the
herald
created
he's
saying.
C
Hold
on
just
just
a
second,
I
mean
we
are
just
so.
Everyone
is
following
along
here
we're
hopping
to
the
third
agenda
item
about
compressing
the
permissions
document
where
we've
hit
sort
of
where
we've
hit
some
size
limits
in
parameter
sizes
for
dds,
go
ahead.
Homie.
A
So
let
us
read
the.
C
C
A
But
I
didn't
I
didn't
understand,
I
wouldn't
say
you
have
to
do
nothing
at
all,
probably
because
well
you
just
provide
the
file,
and
that
is
implementation
is
going
to
compress
that
for
you,
I
don't
think.
Oh.
C
A
C
E
C
So
I
think
I
I
think
that
closed
out
the
the
cis
agenda
item
as
well.
Unless
anyone
wanted
to
continue
talking
about
that,
I
can
move
to
the
sros
api
bit
all
righty,
so
we
as
part
of
the
secure
launch
work
we're
doing
we're
integrating
with
the
srs2
utilities
in
a
way
that
makes
it
more
of
a
library
where
it
never
really
was,
and
it's
and
it's
nice
to
see
it
becoming
that,
but
we
as
part
of
work
in
foxy
we
were.
C
We
tried
to
rip
out
all
the
api
that
hey
roger.
We
tried
to
rip
out
all
the
api
that
was
accidentally
public
and
actually
curate
that
and
and
really
the
point.
We
got
that
to
was
making
none
of
the
api
public
because
we
had
no
users
now
we
finally
do,
and
so
we
have
a
driver
behind
some
of
the
functionality
that
we
have
in
sros
2
and
wanting
to
make
that
public.
C
So
I
did
propose
a
pull
request
that
I
have
linked
in
the
agenda
that
we
we
could
use
some
reviews
on
in
order
to
enable
the
secure
launch
stuff-
and
that's
really
all
I
wanted
to
to
raise.
D
Yeah,
I'm
very
happy
to
see
srs2api
being
used
outside
of
estrus
2
and
I
didn't
get
a
chance
to
review
this.
Yet
I'm
planning
on
looking
at
it
in
the
next
couple
of
days,
but
I
really
appreciate
the
initiative
and
I'll
go
over
both
the
proquest
and
the
changes
to
the
api
documents.
I
don't
know
if
they're
exactly
the
same
or
not,
they.
C
They
are,
but
the
I
will
point
out
the
pull
request,
I'm
really
just
trying
to
enable
ted
the
like
the
secure
launch
stuff,
I'm
not
trying
to
do
everything
in
the
document.
So
it's
a
it's
a
subset
of
it
like
none
of
the
policy
work
is
done.
It's
just
really
the
key
store
stuff.
A
B
Yeah,
so
the
only
thing
I
had
left
over
was
there
were
a
couple
of
old
action
items,
we're
still
working
on
the
size
of
the
permission
files.
C
D
Oh
so
we
we
didn't
submit
any
like
pro
requests
to
change
the
state
of
things.
I'm
going
back.
Sorry,
I'm
screwing
in
the
document.
So
oh
there
is
no
link
to
the
issue.
I
have
a
full
request
somewhere
when
we
were
working
on
the.
D
But
long
story
short
like
we
explored
several
ways
to
make
these
fights
smaller.
Some
of
them
are
along
the
lines
of
the
things
that
were
mentioned
on
this
course
about
like
permissions
that
are
necessary,
but
should
not
be
necessary
so
trying
to
focus
on
the
ros
2
side
of
things
where,
like
the
behavior
of
our
cncp
or
rcl,
is
not
necessarily
the
one
we
would
want
to,
or
at
least
it's
requesting
more
permission
that
it
should
need
and
then
and
I'm
trying
to
find
the
link.
A
C
D
Now,
all
right,
so
I
have
some
comments
here.
How
do
I
drop
that
into
chat
here?
No,
you
know
what
I
drop
it
in
document
on
the
action
item.
This
way
it's
gonna
survive.
D
It's
gonna
outlive
this
meeting
yeah.
So
what
I
looked
into
is
so
several
ways
of
lowering
the
size.
D
One
of
them
was
to
allow
basically
say
that
a
given
participant,
if
it
has
any
topics
in
its
private
namespace
it
most
likely,
should
be
allowed
to
publish
to
those
because
they're
kind
of
like
dedicated
to
their
participants,
so
that
first
approach
allowed
us
on
this
total
of
three
demo
to
go
from
96k
to
91k,
which
is
an
improvement,
but
not
that
big
of
a
difference
and-
and
so
I
also
put
in
the
comments
like
in
the
foldable
sections,
like
the
changes
I
actually
made
to
the
code
to
make
that
happen
and
yeah.
D
So
then
the
other
things
we
did.
Oh
yeah,
so
that's
it!
Sorry,
the
first
one
was
please
like.
Basically,
if
you
have
any
actions
like
cross
actions,
you
just
allow
participants
to
give
them
permission
to
publish
to
all
the
topics
and
services
related
to
these
actions.
Instead
of
like
having
to
call
out
one
yeah.
D
Of
permissions
for
the
given
system,
and
so
for
this
one
we
actually
went
from
like
91k
to
33k,
so
we
kind
of
divided
by
three.
So
this
was
pretty
good.
We
are
considering
we
we
didn't
discuss
on
this
side
like
if
we
wanted
to
push
those
changes
upstream,
it
was
more
for
experimental
purposes,
sure
another
one
that
saved
us.
A
couple
k's,
I
don't
have
the
exact
number
was
to
make
it.
D
I
guess
we
should
make
a
utility
called
ugly
xml,
which
basically
removed
all
the
carriage
returns,
all
the
spaces
that
just
made
one
big,
excellent
string,
yeah
and-
and
this
actually
saved
box
of
space,
because.
C
D
For
sure,
and
so
so
yeah
this
saves
another
couple
cases.
I
think
the
outlook
of
that
is
if
we
decide
to
to
say
that
a
node
everything
under
node's
namespace
bracket
namespace,
should
be
allowed
for
that
node
in
both
publish
and
subscribe.
D
It
would
solve
most
problems
as
far
as
like
permission,
size
is
concerned
for
distance
systems.
D
D
So
I
guess
that's
something
we
could
discuss
that
and
like
if
we
agree
that
it's
an
okay
assumption,
we
could
then
open
it
up
to
the
community
and
the
main
roster
developers
to
see
if
that's
something
that
would
be
okay
with
as
well.
C
D
D
So
right
now
it
would
take
care
of
yeah
all
the
parameter
stuff
for
the
lifecycle
nodes.
It
will
also
add
all
the
lifecycle,
services
and
recycle
events
and,
like
that's
basically
it,
but
then
you
can
think
of
like
any
node
that
actually
has
stuff
on
a
private
namespace
like
this
would
apply
to
those
as
well,
and
I
guess
that's
where
it
would
be
more
specific
to
to
like
specific
nodes.
D
Maybe
a
node
want
to
say:
oh
if
my
node
functions
properly,
it
has
to
have
like
it
should
have
on
disease
private
topics
and
if
another
node
decides
to
say
hey
like
if
a
node
bar
say
hey,
I'm
publishing
to
slash
flow,
slash,
awesome
topic
you
should
listen
to
like.
Should
that
like?
Should
that
be
allowed
and
should
like
bar
actually
be
allowed
like
be
allowed
access
to
that
topic.
D
A
D
C
Yeah
I
mean
I,
I
think
we
probably
all
feel
similarly
in
that
we'd
rather
not
do
this,
but
but
it's
a
question
of
of
I
mean.
Obviously
the
compression
is
going
to
help
right
and-
and
this
is
all
sort
of
trying
to
give
us
more
headroom
here
compression
is-
is
one
way
to
get
more
headroom
trying
to
optimize
the
permissions
files
will
just
give
us
more
headroom.
C
C
D
Yeah,
that
is
true,
I
mean
like
we
explored
several
options
and
like
one
of
them,
could
be
to
like
just
reduce
the
size
in
other
ways,
one
of
them
could
be
to
say:
hey,
let's
wait
for
compression
to
be
there
and
see
what
size
of
system
would
be
impacted
if
we
just
like.
If
this
insight
system
could
still
like
live
with
that
or
if
they
actually
need
this
extra
optimization
right
inside
and
it's
currently
pretty
unclear,
like
the
total
number.
Two
move
is
just
one
such
application.
C
And
we
haven't-
and
we
haven't
heard
this
complaint
from
other
people
right-
we've
run
into
ourselves
on
this
project
in
particular.
Yes,
exactly
I
feel
like
the
I
mean.
The
thing
that
has
no
security
ramifications
is:
is
the
ugly
fire
right
and
actually
like
doing
this
sort
of
pseudo
compression
on
our
own.
D
Topics
and
services-
we
can
just
say:
okay,
every
action,
traffic
and
service
has
probably
subscribed
to
us
and
and
based
on
that,
we
can
still
save
some
space
without
having
to
be
like
fully
wildcarding
stuff.
C
D
Yeah
that
was
kind
of
my
opinion
as
well
that
sky,
I
I
hanged
onto
it
until
we
had
like
this
discussion
with
jaime
and
gerardo
and
to
see
like
what
are
the
actual
real
options
rather
than
this,
like
workaround
and
yeah
and
yeah.
So
I'm
I'm
happy
to
keep
holding
it
off
and
help
moving
forward
with
the
compression
and
potential
out
of
bands
like
out
of
handshake
yeah
approach.
E
D
Yeah
roughing,
I
don't
remember
the
exact
numbers.
Do
you
remember
how
much
we
saved
by
like
reducing
removing
all
white
spaces
and
like
new
lines.
E
Compression,
so
I
think
for
the
navigation
parallel
example:
it
it
brought
us
back
under
the
udp
limit
for
a
monolithic
context,.
D
So
maybe
I
I
do
really
like
your
idk
of
applying
that
only
only
like
when
signing
and
to
keep
the
actual
xml
file
readable.
So
maybe
we
could
explore
that.
I
don't
know
I
don't
know
who,
like
graphene,
if
you,
if
you're
interested
in
like
providing
code
for
that
or
if
one
of
us
should
like
dedicate
some
time
to
it.
But
I
think
that
would
be
interesting
to
like
just
rerun
that
on
the
turtle
but
demo
and
confirm
like
how
much
space
we
save
and
just
submit
a
pr
on
extras
to
that.
B
So,
just
looking
at
the
other
action
items,
then
I
think
we
could
have
a
way
forward
with
that
one.
There
was
an
old
item
out
to
issue
guides
for
vendors
on
the
world
disclosure
policy
that
was
in
my
court.
I
just
haven't
pushed
that
along.
I
don't
know
if
anybody's
seen
a
need
for
that,
yet
let's
continue
to
keep
that
one
open
the
results.
The
next
item
was
moving
the
security
file
system,
environment
utilities
outside
of
rcl.
B
B
D
Yeah,
I
think
now
that
the
refactor,
like
rcl,
had
some
change
to
allow
the
participants
and
the
change
to
enclaves
and
everything
and
we
hold
it
off
waiting
for
that
to
land
and
be
stable
enough,
but
I
think
yeah.
We
should
take
an
action
at
the
item
to
like
have
looked
at
it
to
actually
discuss
it.
One
more
and
hopefully
last
time
at
the
next
meeting.
C
B
All
right,
so
I
will
I'll
actually
try
and
remember
to
send
something
out
in
matrix
a
few
days
beforehand,
so
that
we
can
actually
take
a
look
at
it
and
then
discuss
it
and
I'll
add
it
to
the
agenda
for
the
next
one
and
then
the
last
thing
was
we
had
prefet
off
and
on
touched
on
the
idea
of
security
use
cases.
I
haven't
seen
anything
move
on
that.
B
I'm
not
sure
that
this
this
I'm
almost
tempted
to
close
this
one
out,
because
I
think
it
was
a
very
general
issue
that,
were
you
know,
as
we're
coming
up
with
individual
use
cases
we're
just
kind
of
hitting
them
along
the
way.
I
don't
know
if
anybody
has
any
specifics
or
thoughts
on
where
to
go
with
that.
One.
E
Right
now,
I'm
trying
to
go
through
the
otherwear
stack
to
see
what
what's
feasible
and
like
enabling
ross
too.
So
I've
got
otherwire,
ported
to
or
compiling
on
foxy
and
I'm
working
on
the
getting
the
simulation
running.
But
then
the
next
step
is
the
auditing,
the
computation
graph
for
like
an
autonomous
vehicle
of
using
other
wear
and
what
that
would
entail
in
terms
of
are
there
any
performance
hits
or
do
we
run
into
more
issues
like
we
had
with
turtlebot
or
that
kind
of
stuff.
C
E
B
B
Yeah,
I
was
actually
going
to
say
the
same
thing
I
don't
know.
If
that's,
I
don't
want
to
call
it
an
action
item,
but
I
feel,
like
I
mean
everybody
probably
would
be
interested
in
any
updates
on
what
you
find
out
as
we
go
along,
I'm
just
going
to
want
to
carry
that
along.
It's
like
when
you
have
some
a
chance
to
update
us
on
what's
going
on
and
what
the
results
were.
B
E
Okay,
I'll
just
prime
in
on
the
matrix,
when
I
have
some
stuff
pushed.
D
I
guess
there's
one
item
that
I
mean
not
to
offload
any
work
to
anyone.
There
is
an
issue
that
I've
been
bending
for
a
couple
months.
I
mean
there
have
been
like
test
failing
on
the
security
for
apparently
months.
We
don't
know
how
long
I
still
didn't
get
a
chance
to
go
through
them.
I'm
hoping
as
well
that,
like
looking
into
it
from
separate
set
of
eyes,
would
help
people
like
get
more
familiar
with
the
security
itself.
D
C
D
Yeah,
that's.
I
really
hope
that
there
was
something
nicer
than
a
github
search
query
for
that,
but
I
I
looked
at
several
solutions
to
display
it
in
a
in
a
nicer
way
and,
like
I
saw
nothing
that
is
like
very
convenient
like
either.
We
need
to
have
access
to
all
the
reapers
or
attack
them
to
have
like
any
kind
of
like
project
or
something
to
track
those
and
the
github
user
would
won't.
Have
that,
I
think,
and
so
for
now
yeah.
D
The
github
search
query
is
like
the
only
way
I
found
to
visuals
and
and
yes
so,
but
yeah
like
I
think,
most
of
the
other
ones
assigned
to
the
working
group
have
been
addressed,
and
I
think
this
one
is
like.
There
are
two
issues
that
are
more
or
less
like
saying
the
same
thing.
C
Yeah
one's
an
asteroid
in
the
in
the
testing,
repo
right
yeah,
so.
D
B
Okay,
anybody
else
have
anything
all
right.
I
guess
we're
good
for
another
two
weeks
and
I'll
update
the
agenda
for
the
next
meeting
with
a
few
other
things
we
talked
about-
and
I
guess
we'll
see
in
two
weeks.