►
From YouTube: ROS 2 Security Working Group (2020-05-12)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
A
B
Doesn't
carry
over
for
a
long
time,
so
so
the
main
question
there
was
that
the
only
part
of
us
here
that
is
actually
retiring,
the
filesystem
is
the
security
gates,
and
so,
when
requests
from
my
cross
friends
were
to
move
that
out
of
us
here
and
so
I
wanted
to
revisit
that.
After
all
the
shuffling
around
of
the
security
stuff
to
see
what
could
make
sense
and
so
right
now
now
that
the
security
is
done
at
the
participant
level.
B
B
Actually,
a
great
solution
to
that,
but
so
we
could
look
in
that
direction.
So
I'm
not
sure
exactly
how
we
could
do
this.
It
may
actually
be
easier
to
provide
some
kind
of
Frank
define
to
say
combined
with
security
or
don't
comply
with
security,
rather
than
which
was
like.
The
original
request
was
to
be
able
to
compile
or
cross
compile
without
having
five
system
functions,
and
it
may
actually
be
easier
to
do
that
than
to
try
to
move
that
into
package.
D
D
E
B
B
E
Do
you
think
we
could
like
it
may
be
exposed
it
or
just
shuffling
bytes
like
there's
an
optional
bit
border
like
above
our
she'll,
where
it's
it's
finding
the
paths,
loading,
the
byte
streams
from
the
files
and
then
passing
that
to
our
CL?
And
so
then
our
CL
is
like
totally
agnostic
of
environment
variables
or
file
systems,
because.
F
B
B
Well,
I
I
think
like,
but
what
could
work
with
ruffians
IDs
like?
Basically,
all
this
is
done
at
a
higher
level,
and
so
you,
basically
just
pacify
sure
you
have
already
read
the
files
kind
of
and
make
your
passing
that
along,
but
it
kind
of
like
basically
all
else
here
does
right
now
is
making
sure
that
the
directory,
where
our
MW
is
all
going
to
be
looking
for
files
brow
exists,
that's
basically
what
it
does
and
our
MW
is
taking
care
of
like
hey.
B
B
It
would
be
easy
and
TPM
or
something
you
can
actually
load
material
from,
and
so
at
that
point,
maybe
by
its
content,
would
not
be
what
you're
looking
for
either
well
I.
Think
it's
a
it's
a
good
proof
that
we
need
to
think
and
so
yeah
I'm
more
than
happy
to
like
this
case
that
I,
synchronously
or
like
do
and
then
schedule
another
meeting
to
make
a
find
out
the
scene.
If
you
want
to
yeah.
B
A
So
yeah
folks
here
could
could
take
a
read
on
that
that
issue
is
Lincoln
and
then
and
then
maybe
maybe
comment
on
it
or
if
we
need
to
have
a
one-off
meeting
weekend,
because
it
was
always,
let's
say
two
minutes
and
it's
already
been
eight
so
clearly,
there's
a
lot
of
stuff
involved
in
that
one
Kyle.
You
are
up
next
with
an
update
on
foxy
security
yeah.
A
D
Is
I
put
this
on
here
and
put
my
name
on
there
because
I'm,
the
one
who
put
her
down
there,
but
in
reality
I
was
I
was
hoping.
MacaƩ
would
be
here.
D
B
B
B
F
B
B
So
I
would
love
to
have
someone
contact
with
them
to
like
test
things
and
and
yeah.
So
I
have
a
better
for
requests.
Everything
is
in
that
issue.
I
just
need
people
to
like
be
able
to
tell
them
and
to
have
access
to
machines
to
actually
debug
the
issues,
because
I
don't
have
a
Mac
machine.
I
don't
have
it
so.
B
Basically
yeah,
as
you
said,
there
is
initial
releases
out
we
made
like
bidipi
those
three
days
and
when
we
saw
something
was
broken,
so
we
actually
made
a
securities
and
this
one
is
working
on
Linux
and
now
we'll
just
like
struggling
to
get
user
lands
in
and
on
the
cyclin
side.
It
keeps
second
DTS
side
we're
just
waiting
for
them
to
make
radius
with
the
security.
B
B
Yeah
I'm
not
sure
it's
a
full-time
een
like
I,
just
like
that's
the
same,
it's
failing
on
Mac
OS
and
the
console
output
is
jobs
that
stand
out
with
like
no
console
output,
so
I
have
no
idea
what
staying
in
there
and
it
seems
to
be
pressing
on
Windows,
so
I
think
they
mostly
fixed
it
but
I.
Basically,
our
main
issue
is
that
the
open,
robotic,
CI
machines
are
way
outdated
and
so
now
that
it's
time
to
bring
everything
up
to
speed
a
few
weeks
before
it
is
it's
a
bit
like
Titan,
okay,.
D
A
F
Well,
frankly,
we
had
a
much
planned.
Actually
this
is
more
of
an
open
question
to
all
of
us,
meaning
last
year
we
had
this
nice
workshop,
I,
think
I,
think
Michael
and
Ruffing.
You
guys
took
the
lead
right
last
year,
so
it
was
more
of
of
can
we
expect
you
guys
to
do
the
same
this
year,
please
yeah
and
if
not,
if
someone
else
would
volunteer
so
I,
don't
think
we
will
have
the
bandwidth
to
coordinate
as
well.
F
But
frankly,
what
happened
last
year
was
pretty
cool,
so
something
aligned
would
be
quite
nice
and
also
to
kind
of
like
see
whether
there's
enough
interest
from
all
of
us
to
do
at
least
each
one
of
us
to
to
commit
one
speech.
We
we
ourselves
don't
have
lots
of
bandwidth
lately,
but
we
can
definitely
commit
to
give
an
update
of
less
things.
We've
been
working
related
to
Ross
and
was
too
so
yeah
I
was.
It
was
more
of
that.
What
do
you
guys
think.
E
Well,
if
the
organizers
are
interested,
we
could
certainly
do
it,
but
I
feel
like
they
would
say,
maybe
pass
if
it
was
just
the
same
thing.
I
think
they're,
looking
probably
for
a
little
diversity
and
they
types
of
workshops.
If
we
had
some
like
new
ideas
or
something
else,
there's
there's
a
bit
of
an
update
and,
like
you
know,
with
the
whole
deal
of
enclaves
and
context,
but
but.
B
I
agree
with
that,
like
I
mean
basically
the
last
couple
of
like
workshops
between
like
rasca
and
like
between
IRAs
Madrid's,
Ruskin,
France
and
Ruskin
Macau,
like
the
Compton
was
pretty
similar
and
so
like
old
feedbag.
Just
to
like
offer
a
short
update,
then,
if
there
is
like
I,
mean
I'm
not
committing
much
like
New
Worlds
these
days,
but
I
know
like
you,
guys
are
working
on
very
stuff.
B
A
We
can
do
a
birds
of
a
feather
session
or
something
that's
just
sort
of
informal
in
like
30
minutes,
but
not
a
I
wouldn't
want
to
take
a
bunch
of
time
if
it's
gonna
be
similar
to
last
year,
I
mean
otherwise.
Imagine
a
lot
of
people
missed
call
would
have
individual
presentations.
They
might
want
to
do
as
well
and
submit
to
that.
Thank.
E
E
A
Awesome
thanks
for
bringing
it
up
Syd,
but
really
this
closure
policy
update
yeah.
C
C
C
The
email
address
was,
you
know
we
originally.
Originally
we
put
in
an
opening,
robotics
email.
We
shifted
that
over
to
a
Ross,
Don
or
Gmail,
but
they
actually
don't
have
access
to
any
email,
like
there's
no
email
setup
on
that
right
now
that
they
guard
at
least
so.
So
we
shifted
that
back
to
open
robotics,
org
security
at
up
and
robotics.
Don't
work
for
reporting.
All
this
is
was
just
the
draft
Google
Doc.
That's
now
been
turned
into
a
rep,
it's
rep
2006
and
they
actually
won't
link
to
I
put.
C
All
right
so
yeah
so
feel
free
to
review
that.
Also,
if
you
want
any
history
of
you
know,
our
discussions,
I've
got
the
still
got
the
comments
in
the
Google
Doc.
If
you
need
to
review
anything,
but
otherwise
it
looks
like
that's
moving
along
and
it
will
end
up
being
a
rep
and
once
that's
out
I
think
we
have
a
little
bit
of
extra
work
to
do.
There
are
some
open
issues
about
how
we're
going
to
handle
it.
F
D
B
I
think
it
is
but
I
don't
I,
don't
know
if
you
had
a
discussion
about
that
with
Chris.
But
for
me
it
seems
like
a
fluke
all
the
reps
aren't
of
the
big
domain
and
for
some
reason
when
was
a
recent
trip
by
copying
tape,
one
and
not
the
copyright,
of
course
of
EPs,
which
opens
up
a
big
domain.
Some
reps
now
have
this
extra
motion,
but
I
think
it's
not
well.
B
D
F
B
It
took
trade
route
wheel
to
be
as
well
as
she
starting
my
review
on
the
PR
and
as
one
of
the
comments
I
went
down
so
I
also
like
reporting
it
and
yeah
I
would
be
interested
in
like
seeing
either
a
history
or
artistic.
Some
of
the
discussions
will
happen
with
regard
to
yeah,
who
is
gonna
process
it
and
like
in
some
places.
C
Also,
this
that's
a
link
to
the
Google
Doc.
That
has
the
comments
in
it
and
you
know
so.
We
I
actually
just
refer
to
our
older
meeting
minutes
when
the
topic
came
up
about
what
is
the
working
groups?
Responsibility
I
mainly
want
to
get
the
point
across
that
we
do
not
want
to
be
in
the
operational
loop
will
certainly
be
in
the
subject
matter:
expert
loop.
You
know
and
be
able
to
help
facilitate
things,
but
not
on
the
hooker
timeline.
D
B
That's
perfect
and
how
does
I
think
maybe
it's
in
the
comments
as
well.
All
that
would
be
that
would
be
interesting
between
maybe
Saturday
Mike
on
more
lines
behind
the
scenes
back
so
now,
it
seems
like
it's
targeting
all
the
rust
to
come
and
packages,
as
opposed
to
that
rose,
base
or
desktop,
or
something
when
we
were
like
going
back.
A
You
know
we
might
so.
To
that
end,
we
might
not
be
able
to
fix
everything
because
we're
not
gonna
always
be
the
ones
fixing
they
may
just
be,
alerting
and
coordinating,
and
and
and
educating
users
that
there's
this
vulnerability,
not
necessarily
fixing
everything.
So
it's
sort
of
that
balance.
You
know
with
the
people
with
the
responsible
parties
who
will
want
to
fix
and
participate.
A
We're
being,
you
know
helpful
as
the
that's
that's
a
security
working
group,
but
at
a
certain
point,
if
it's
a
popular
package
and
people
won't
fix
it,
we
may
you
know,
stop
the
source
we
may
go
in.
You
know
that
we
may
go
in
and
fix
it,
but
that's
not
what
we
really
want
to
put
on
our
shoulders,
because
otherwise,
that's
gonna
be
a
lot
of
work.
Doing
they
expected
to
you're
a
security
fence.
Yeah.
B
B
D
C
We
actually,
if
you
recall,
I,
went
to
take
a
look
at
cuz
ever
so
that
was
one
of
the
questions
that
came
up
as
they're
going
through.
If
you
recall
all
that
was
in
fluxes,
we
started
this,
so
they
all
kind
of
went
in
parallel.
I
think
it's
important
to
get
this
out
there,
and
then
we
can
cross
link
the
different
reps
if
it's
2004
think
2005
might
have
a
factor
in
it
like
and
get
them
all
on.
The
table.
Yeah.
C
C
B
For
sure,
like
I
guess
what
I
was
things
like?
Okay,
if
I'm
a
maintainer,
how
will
I
be
notified
like
as
a
maintainer
readings,
a
trap?
I
would
like
to
know
like
how
how
I
should
act
and
I
will
get
like?
Is
it
like
this
kind
of
like
logistical
details
like
as
a
maintainer?
What
should
I
do
and
how
I'm
gonna
be
impacted
by
this
yeah.
C
And
I
think
there's
III,
think
I
don't
have
an
answer
for
you
on
that
I
think
that's
part
of
our
next
steps
is
is
this:
is
a
public
facing
document
tells
people
how
to
report
something
that
have
no
association
with
Ross?
We
still
need
a
document
that
says
this
is
what
we
expect
people
to
expect
maintain
errs
to
do.
This
is
what
we
expect
maybe
or
to
do.
This
is
how
the
triage
felt.
C
D
C
F
All
right,
thank
you,
so
maybe
real
quick,
if
I
may
Joe
very
great
sure
so
connected
at
least
not
so
closely,
but
neither
too
far
one
thing
we
have
noticed
ourselves
internally,
which
helps
very
much
get
users
awareness
up
and
get
them
to
cooperate
with
us
when
we
work
on
any
disclosures
on
any
patches,
really
twofold
abilities
to
try
to
organize
with
the
end
user
week
or
a
day
of
box.
F
So
one
thing
to
consider
for
this
group,
maybe
is
to
consider
organizing,
maybe
a
couple
of
days
of
box
of
Ross,
two
or
a
week
might
be
too
too
much
of
resources.
For
some
of
us,
it's
kind
of
like
a
sprint
where
maybe
a
bunch
of
us
can
allocate
resources
and
together
try
to
push
forward
this
it
doesn't
it
to
be
now
can
be
in
the
future.
F
A
The
interesting
point
time
we
should
think
about:
okay,
next
up
Ted.
G
G
Currently
it
just
sets
up
encryption
between
nodes,
but
proof
of
concept,
and
it
should
give
us
something
to
work
on
with
regards
to
automatic
policy
generation
next,
so
here's
a
terminal
so
I'm
going
really
quick,
just
show
the
usage
of
it.
So
I've
created
a
new
launch
file
in
demo
nodes
cpp
that
one
just
launches
the
talker,
the
other
just
launches
the
listener.
G
So
I'm
going
to
do
Russ
to
launch
demo
nodes,
cpp
I'm
gonna
do
talker
dot
launched
up
PI,
and
now
you
can
pass
the
secure
flag
and
the
keystore
flag
with
the
location
of
the
key
store
and
it
will
generate
the
keys,
generate
the
key
store
and
launch
the
node
all
at
once.
All
he
needed
was
the
no
DL
file
specifying
what
the
note
tied
to
the
given
executable
was,
and
so
now,
if
I
do
Ross
to
run
demo
nodes,
cpp
listener.
G
I'm,
just
gonna
give
it
a
different
names
that
I
can
launch
the
actual
listener
in
a
moment,
but
name
equals
you'll
see
the
listener
is
not
receiving
any
messages
since
the
talker
is
encrypted
at
the
moment,
but
if
I
do
actually
let
me
shrink
this.
So
it's
a
little
bit
easier
to
read
it
sorry,
but
I
do
Ross
too
much
better.
Thank
you.
Log
listener,
dot,
launch
dot,
pi.
G
And
I
pass
secure
and
I
pass
the
same
key
store
or
if
this
were
in
the
same
shell
or
an
inherited
shell,
where
it
would
be
able
to
search
the
environment
variables
for
the
keystore
director.
I
wouldn't
need
to
specify
the
key
store
here,
but
I'm
not
I'm
in
a
separate
shell.
So
I'll
just
specify
it
again,
but
you
can
see
are
detected.
The
key
star
already
existed
start
created
a
key
for
listener
and
was
able
to
pick
up
on
talker.
D
D
G
G
G
But
with
that
something
of
this
format
would
need
to
be
specified
for
most
packages.
We
need
to
have
a
small
bootstrapping
effort
to
get
it
off
the
ground,
but
this
provides
a
lot
of
information
for
introspection,
a
lot
of
information
for
just
static
analysis
to
see
if
two
nodes
or
if
a
node
is
compatible
with
existing
nodes.
On
the
network
once
being
launched,
we
can
get
called
the
remapping
information
from
Ross
launch
itself.
G
E
E
B
G
Plus
a
lot
of
our
introspection.
Well,
it
ends
up
going
to
the
same
end
sessions-
it's
Python
specific,
but
we
perceive
that
for
sure.
Composable
nodes
are
going
to
be
paying
point
and
we
may
have
to
do
some
special
consideration
for
lifecycle
nodes
as
well,
since
we
want
to
manage
the
keystore
as
part
of
the
lifecycle
of
a
given
node.
E
E
G
We
believe
we
just
have
the
name
on
the
craft,
so
I
think
what
we
need
is
the
executable
name
and
beyond
that
does
the
graph
it's
been
a
while,
since
I've
actually
dug
into
the
communications
side
of
things.
If
we
have
a
weird
remapping
that
doesn't
necessarily
place
it
underneath
the
node
name,
will
there
be
any
issue
with
figuring
out
the
connection
between
a
given?
You
know,
name
on
the
graph
and
its
parent
node,
for
instance,
I.
E
Think
at
least
in
DDS
you
get
a
PID
of
the
process
in
some
of
the
telemetry,
so
that's
maybe
something
if
the
telemetry
tool
is
running
on
the
same
host.
You
delivered
back
what
the
process
was
where
the
diviner
is,
and
then
you
could
figure
out
binaries
here.
What
part
of
the
package
is
this
binary
associated
so
might
be
back
trackable
if,
if
they're
co-located
on
the
same
machine,
which.
D
E
The
with
the
the
DDS
implementation,
at
least
now
with
connects
they
used
to
support
CA
chaining.
So
you
can
imagine
now
you
head
back
through
all
that
really
cool
logic
in
x.509
tickets,
about
I
will
sign
a
substrate
difficulty
that
can
only
delegate
authority,
one
signature
beyond
not
like
or
two
signatures
beyond.
So
then
you
can
imagine
where
you
have
like,
maybe
a
robot
bender
that
gives
us
such
3a
to
a
user.
Then
you
sit
across
the
robot
or
they
use.
They
can't
use
it
to
sign
something
another.
E
D
Get
a
doc
started
me
Kyle,
so
that
we
can
we
can
kind
of
start
contributing
to
that
idea.
I
I
think
that
I
think
that
these
ideas
are
good
in
theory,
but
I
question
their
their
practicality,
without
the
ability
to
revoke
like
that
that
whole
story
makes
them
only
really
make
sense.
If
you
could,
if
there's
a
revocation
list,
that
you're
checking
and
none
of
that's
really
supported.
A
B
A
B
D
Yeah
and
that's,
and
that's
kind
of
one
of
the
reasons
right,
if
you,
if
you
do
that
in
its
ephemeral,
then
you
are
in
essence
revoking
like
that's.
That's
really.
The
only
revocation
story
we
can
we
support
right
now
is,
if
you
don't
even
use
the
same
CA
for
the
second
run
right
I
mean
that's
true,
just
being
practical.