►
From YouTube: ROS 2 Security Working Group (2020-03-31)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
B
All
right,
that's
something
we've
been
done
see.
That
probably
thing
is
that
this
is
actually
like
impacted
by
the
refactor,
we're
doing
with
all
the
fear
and
moving
to
one
pops
event
per
context.
So
I
think
we
should
not
like
make
the
final
decision
on
this
right
now,
but
it's
just
like
have
it
on
our
mind.
B
The
idea
was
that
for
the
mostly
the
micros
people,
but
anyone
that
wants
to
work
unclutch
from
that
ministry
has
a
system
or
environment
right
now
we
added
a
lot
of
the
utilities
in
ocl,
and
so
the
request
was
to
move
all
that
out
of
a
CL
and
right
now
on
me.
Security
stuff
is
using
environment
variable
in
LCL,
and
so
the
idea
was
to
move
that
elsewhere.
B
So
the
proposal
is
proposing
to
putting
in
a
Fiat
it
because
that,
well
originally,
like
I,
mean
that's.
The
reason
that
I
created
associate
if
I
get
in
the
first
place
was
to
place
all
these
utilities
file
system
and
things
like
that,
I'm,
not
sure
exactly
how
much
it's
gonna
help
for
people
targeting
other
systems,
because
I'll
series
kind
of
like
the
lowest
dependency
we
can
have,
but
but
so
one
of
the
proposal
that
was
in
that
discussion
was
to
instead
of
pushing
everything
down
to
our
CTO.
B
If
there
is
anything
rough
specific
in
there
which
will
need
to
be
determined
on
the
side,
all
states
just
before
foxy
it
shouldn't
be
innovative,
because
there
is
no
Ross
concept
in
all
cities.
It's
supposed
to
be
a
see
utility
like
set
of
utilities
that
are
like
Ross
independence,
and
is
that
the
case
we
need
to
put
it
elsewhere.
C
C
A
E
D
With
it
it's
Roger
Strang,
the
Southwest
Research
representing
GBS,
see
I
actually
had
looked
at
this
issue
beforehand
and
I
mean
it
looks
like
part
of
the
reason
they're
wanting
to
move.
It
is
because
the
security
stuff
actually
specifically
go
down,
goes
down
and
talk
to
the
filesystem,
and
some
of
the
platforms
are
trying
to
get
our
CL
running
on
just
flat-out.
Don't
have
a
file
system
to
compile.
There's
nothing
there
to
support
that.
So
I
think.
B
C
C
B
Why
they
wanted
to
move
it
to
a
place
that
they
would
not
compile
again,
then,
how
they're
actually
like
scoping
out
a
few
T's
from
a
theory?
Another
question
I,
don't
know
they
must
have
a
marker
for
you
to,
for
whatever
they
do
so,
but
at
the
end
of
the
day,
I
think
that,
like
I
just
wanted
to
poke
it
fine
moving
that
into
another
package
and
I'll
fine
having
a
discussion
once
all
the
complex
that
has
landed
to
see
what
is
the
best
place
to
have.
C
C
B
One
of
the
differences
is
that
exists.
Options
came
up
from
the
various
render
view,
implementations,
which
is
basically
connects.
It
doesn't
matter
because
they
provide
their
own
set
of
pre-compiled
libraries
and
then
for
faculty
peers.
They
decided
to
add
an
option
in
they'll
seem
a
code
security
on
and
there
is
no
ross
package
actually
using
it.
The
only
reason
like
there
is
is
to
make
option
that
is
being
passed
is
to
compile
files
or
TBS,
and
now
cyclone
didi
has
came
up
with
a
function.
That
does
the
same
thing,
but
is
named
differently.
B
Yeah,
that's
actually
very
good,
so
in
the
end
we
could.
The
safety
have
assumed
a
corruption
in
the
ross
stack
itself,
and
we
should
just
see
how
it
will
fit
together,
because
I
see
that,
for
example,
associativity
has
another
approach
to
allow
people
to
compile
a
No
out
feature
and
I
would
like
to
see
what
the
status
on
that
is
because,
for
example,
they
have
an
option
to
like
not
compiling
parameters
like.
B
If
you
want
a
static
system,
you
should
not
have
any
parameter
related
things
either
at
runtime,
but
even
in
your
site,
like
in
your
compiled
libraries
and
so
maybe
see
how
they
do
it
and
try
to
align
with
that-
and
maybe
a
cynic
option
is
the
answer.
I
just
don't
know
how
they're
doing
it
right
now.
So.
F
F
C
F
F
A
Okay,
I
think
we've
concluded
that
discussion
point
Jeremy.
Can
you
talk
us
through
security
logging.
E
A
E
A
E
E
The
login
plugin
is
actually
one
of
the
security
plug-in
defined
by
the
DDS
specification,
but,
unlike
the
three
that
already
implemented,
this
one
is
optional.
That's
probably
why
it
hasn't
been
implemented
yet
so
we
are
tackling
this.
This
work,
first-in,
first-out
TPS,
and
what
soon
enough
in
the
other
DDS
implementations-
and
you
will
notice
in
the
document
that
this
work
is
threefold,
so
first
we
have
to
implement
the
actual
plug-in
in
the
in
the
DDS
implementation.
E
In
first
RTP
s,
then
we
have
to
bridge
it
with
with
to
interface
interface
it
with
Russ
and
that's
done
at
the
air
MW
faster
TBS
lemon.
And
finally,
we
are
also
using
the
use
of
the
enablement
of
security
logging,
with
the
S
words
to
creat
or
should
have
said.
Let
me
share
the
related
pull
request
as
well,
so
we
have
started
discussing
this.
E
E
C
C
E
E
B
So
I
guess
I
read
very
quickly
the
design
document.
One
question
we
had
back
a
while
back
when
you
accept
our
game
is
how
to
have
a
uniform
logging
format
to
be
able
to
process
it
in
debugging
from
various
implementations
and
I,
haven't
seen
anything
about
format
itself
in
the
document
and
I
just
wanted
to
know
like
how
does
that
compare
to
how
I'll
gie
connects
format,
locking
like
security
logging
event.
E
E
When
you
get,
you
know
the
stance,
the
participant,
ID
domain,
ID,
the
call
site
class
function
and
then
the
actual,
the
actual
the
actual
message
body
in
not
epi,
that's
fairly
similar
I.
Don't
think
they
are
logging,
the
domain
ID.
But
that's
pretty
that's
pretty
much
yeah,
that's
actually
something
we
should
discuss
at
the
working
group
level.
C
E
E
B
B
B
Because,
like
I
haven't
seen,
I
think
I've
seen
a
very,
very
early
draft
a
long
time
ago
of
1.2,
but
it
was
such
a
long
time
ago
that
I'm
pretty
sure
everything,
gentleness
and
and
like
the
guy
sitting
in
red
boards.
They
know
the
exact
statute
and
they
can
share
drafts
of
the
spec.
So
we
could
at
least
have
an
idea
of
if
the
logging
format
is
in
the
changes.
D
E
C
E
Yeah
from
our
original
idea
and
midterm
goal,
and
as
mentioned
in
the
design
dog,
what
we
are
planning
on
on
to
have
a
standardized
fashion.
Login
is
to
actually
have
a
third
party.
A
third
party
item
that
will
you
know,
listen
to
the
DDS
security
logging.
Pleading
topic
demand
all
that
and
the
bishop
to
see
snugly
and
that's
the
level
at
which
we
are
going
to
act
upon
the
the
Ravi
yeah.
A
E
Logging
is
gonna,
be
an
airport
through
a
simple
XML
file
that
will
be
present
in
the
route
security
directory.
If
the
XML
finally
exists,
then
logging
is
supposed
to
be
an
abort.
If
it
doesn't
exist,
then
it's
supposed
to
be
disabled
and
that
XML
file
is
fairly
simple.
You
have
an
example
in
the
design
document
were
at
the
moment
it
defines
essentially
three
variables
one
that
is
the
absolute
path
to
the
log.
D
D
B
C
I
think
that
so
that,
if
you
don't
specify
a
quality
of
service
for
logging
that
now
I'm
falling
back
to
RTI
here,
because
this
is
what
I
developed
this
with
the
the
arm
W
side
of
it
anyway-
they,
if
you
don't
specify
quality
of
service,
they
fall
back
to
whatever
the
default
is
for
the
participant,
that's
being
used.
And
so
my
understanding
is
that
by
specifying
this
XML
file,
you're
changing.
C
Essentially
you
can
change
the
default
for
the
participant,
in
which
case,
if
you
don't
specify
one
in
this
logging
file,
then
you
might
end
up
changing
that
as
well.
But
then,
if
you
specify
on
his
logging
file,
since
it
twiddles
the
properties
directly,
that
seemed
it
seems
to
make
sense
that
that
would
override.
E
D
B
E
C
C
But
yeah
regarding
that,
though,
so
we
use
like
the
strings
right
now.
We
use
is
essentially
the
the
part
of
the
string
that
isn't
you
know,
arm
W
underscore
profile
underscore
whatever,
but
then,
if
you
specify
a
profile
and
then
specify
further
items
as
well,
then
what
it
does
is.
It
takes
the
profile
and
initializes
the
quality
of
service
using
the
profile
and
then
any
further
setting,
as
you
specify
overwrite,
that
particular
part
of
the
profile.
So
that
seems
to.
B
E
B
A
E
C
Which
right
I
mean
we
sort
of
talked
about
this
in
the
past
like
if
we
I
think
we
have
agreed
that
if
we
stick
to
Ross
concepts,
then
if
a
non
DDS
middleware
is
used
right,
then
then
this
should
map
just
the
same
way.
They
map
already.
As
long
as
we
don't
leak
in
DDS,
specific
things,
I
think
it
will
work,
I
mean
assuming
that
this
thing
supports
security.
Logging
and
I
mean
like
there's
a
lot
of
hand-wavy
Jeff
there,
but
but
at
least
the
terminology
used
there
should
apply
it
the
same
way.
B
C
E
C
C
E
E
A
E
E
You
pass
it
a
mandatory
at
East
or
sort
your
security
root
folder,
and
if
you
only
pass
the
the
key
store,
then
it's
gonna
enable
logging
for
all
of
the
identities
all
of
the
nodes
that
are
defined
in
there
under
store.
But
then
you
can
do
that
at
individual
indent
identities.
So
you
specify
a
particular
node
for
which
you
want
to
enable
logging,
and
you
can
further
configure
with
flags
absolute
path
to
the
log
file,
the
velocity
and
distribute,
switch
and
I.
Guess
that
pretty
much
wraps
the
ongoing
work
again.
E
G
Hey
there,
everyone
can,
you
hear
me
yeah
yeah,
all
right,
well,
real,
quick!
So
this
week
we
are
doing
an
exercise
of
week
of
you,
our
backs
Universal
robots
packs.
So
just
I
guess
it
was
just
it
sat
in
shouting
out
for
anyone
out
there
with
experience
with
this
particular
robot.
It's
widely
used
feel
free
to
contribute
in
some
box.
Will
we're
dedicating
engineering
resources
to
the
trying
this
week
for
that,
so
so
yeah?
Hopefully
something
interesting
will
come
out
of
it.
Be
Ross
side
of
it
is
not
so
involved.
B
G
Cool
yeah
we've
got
a
heist
history
with
with
with
you
are
things
are
getting
on
the
right
spot?
As
of
now,
we
hope
to
be
a
bit
more
pushy
with
some
other
vendors,
as
we
discussed
throughout
the
last
conference
is
an
event.
We've
participated
in
definitely,
vendors
need
to
kind
of
like
get
more
aware,
the
insecurities
they
have
so.
Hopefully
we
can
have
more
of
these
things
in
the
future.