►
From YouTube: ROS 2 Security Working Group (15 Jun 2023)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
welcome
all
to
the
tune
security
working
group
meeting
and
today
let
me
share
the
agenda
on
the
chat
at
the
time.
Yeah
we're
going
to
start
with
the
adminas,
always
approving
the
meeting
minutes
from
last
meeting
on
May
9th.
A
All
right,
so,
if
no
objection,
we
consider
those
meetings
approved
and
we'll
merge
them
soon.
So
I
have
one
item
in
the
agenda
that
I
added,
which
is
project
proposals
for
projects
that
I
have
worked
on
to
be
supported
under
working
group
and
those
are
two
elements:
wrappers
for
linters
and
security
scanner
tools
to
be
integrated
with
ros2.
A
So
I
don't
know
if
you
guys
have
seen
them
before
I've
shared
them
in
previous
meetings,
I
mean,
but
at
the
moment
I
already
opened
the
pressure
proposal
issue.
This
is
the
process
for
the
working
group
and
in
that
issue
you
can
review
the
context
the
project
and
make
any
comments
on
that
and
yeah.
Usually,
we
vote
and
the
group
makes
a
decision
on
whether
to
support
those
products.
B
A
For
approaching
to
be
proposed
and
basically
I
added
a
description
on
the
issue
Proposal
with
the
link
to
the
repo.
So
if
you
want
to
give
it
a
test,
there
are
instructions
on
the
readme
of
the
repo.
A
A
Lint
package,
like
I,
meant
CPP
check,
which
basically
yeah
disrupts
the
tool
and
offers
some
of
the
command
line
options
the
the
basic
ones-
and
it
also
generates
X
unit
formatted
file
that
so
it's
commonly
used
for
people
using
these
linters
at
the
time
to
get
to
be
able
to
integrate
the
results
in
the
same
format.
A
A
Modeling
after
mncbb
check,
for
example,
Bandit,
which
is
yeah
very
widely,
used,
open
source,
python
scanner,
static
analysis,
scanner
and
simgrap
is
a
little
bit
more
versatile
and
you
can
really
use
it
for
a
number
of
languages
on
any
rules.
If
you
want
even
on
your
own
rules,.
A
So
yeah
that
is,
and
the
reason
I
wanted
to
propose
it
is,
you
know
it's
very
much
aligned
with
the
purpose
of
the
group
which
is
promoting
Security
in
the
Rose
community.
So
if
more
developers
have
the
chance
to
easily
integrate
these
linters,
then
there
should
be
a
good
thing
for
raw
Security
in
general.
A
It's
completely
free,
so
it's
open
source,
and
so
they
have
a
number
of
rule
sets
on
their
registry
that
you
can
use
out
of
the
box
like
if
you
want
a
rule
set
for
even
Bandits,
that
you
have
a
python
band,
that's
funded
rule
sets
that
has
the
same
functionality
almost
as
the
actual
Bandit
and
then
specific
kinds
of
vulnerabilities,
like
cross-eyed
scripting
vulnerabilities,
that
you
want
to
look
for
in
your
code
or
secret
stored
in
code
and
stuff
like
that,
and
then
rule
sets
for
specific
languages
like
CC,
Plus
or
python.
A
A
A
Yeah
sounds
good,
and
the
one
thing
about
some
crypto
is
that
currently
it's
packaged
only
via
bip,
and
so
it
cannot
really
be
added
to
US
during
the
future,
but
it
can
be,
but
with
some
grip
we
already
added
the
Rusted
key
anyway
to
Rusty's
true,
so
it
can
be.
You
can
make
use
of
Ross
tooling
to
install
but
yeah,
just
in
terms
of
future
developmental
future
Milestones
yeah.
That's
the
only
caveat
about
it.
A
Yep
and
then
so
in
terms
of
voting
I
guess
we
can
all
do
it
async
on
the
issues
themselves,.
A
Okay
Corinthians
says
we
had
two
previous
topics,
such
as
the
deprecation
of
open,
SSL
and
arms
in
the
python.
Crypto
live
yes
in
the
last
meeting
and
the
security
DS
compatibility
between
fastidious
and
Cyclone
DDS.
That
was
mentioned
in
the
Matrix
chats.
B
Yeah
but
I
think
there
won't
be
a
solution
in
the
near
future
because
fast
EDS
users,
basically
elliptic
curves
and
cyclone
RSA,
if
I
remember
it
correctly,
so
that
will
be
difficult.
That
one
will
support
the
other
I
think
fast.
Eds
also
supports
the
RSA
case,
okay,
but
there
was
one
one
thing
which
is
incompatible.
B
A
Basically,
it's
the
library
mismatch
issue
happening
on
Windows
right
now
that
was
picked
up
on
during
the
in
the
testing
party
has
to
do
with
the
new
version
of
open
SSL,
which
is
still
not
updated
for
Linux.
A
A
Yeah
the
metric
server
I
used
on
some
some
issues
too.
I
couldn't
go
there
a
few
days
ago,
so.
A
All
right
we
can
keep
discussing.
What's
going
on
with
that
openness
solution,
a
magic
thing.