Security Team Meeting Minutes - 2014-08-27
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
========================================================================================================
#fedora-meeting-1: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
========================================================================================================
Meeting started by Sparks at 19:21:20 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting-1/2014-08-27/fedora_secur...
.
Meeting summary
- ---------------
* Roll Call (Sparks, 19:21:24)
* Security-Team FAS Group and Editing BZ tickets (Sparks, 19:24:44)
* All FST members should apply to the security-team group in FAS.
(Sparks, 19:26:19)
* Members should use the email address used in FAS for their account
in BZ. (Sparks, 19:26:50)
* Outstanding BZ Tickets (Sparks, 19:28:01)
* Wednesday's numbers: Critical 2, Important 62, Moderate 398, Low
130, Total 592, Trend +17 (Sparks, 19:29:19)
* Current tickets owned: 155 (Sparks, 19:30:44)
* Closed tickets: 33 (Sparks, 19:31:14)
* LINK: https://fedorahosted.org/rel-eng/ticket/5966 (bvincent,
19:32:56)
* LINK: http://openstack.redhat.com (bvincent, 19:33:50)
* LINK:
https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers
(Sparks, 19:37:53)
* Open Floor (Sparks, 19:47:58)
* LINK: https://fedoraproject.org/wiki/Security_Team (Sparks,
19:49:45)
* LINK:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNE...
(Sparks, 19:50:40)
* LINK:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNE...
(Sparks, 19:50:49)
* LINK:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNE...
(Sparks, 19:50:59)
* LINK:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNE...
(Sparks, 19:51:06)
Meeting ended at 19:54:48 UTC.
Action Items
- ------------
Action Items, by person
- -----------------------
* **UNASSIGNED**
* (none)
People Present (lines said)
- ---------------------------
* Sparks (48)
* bvincent (11)
* jsmith (10)
* revskills (9)
* zodbot (5)
* misc (1)
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT/j3NAAoJEB/kgVGp2CYvwA8MAIewJRF2Cs9qtTdK3VS0iOfi
gA2vq3K+cFMo0CbKgS2MnmP82Sx2YwYk9K2L2gz2EtLTkyeR6GoBm5x//DjuTyCD
WK9lJdpL0+vGIgrkL3cWE2fWaTB6KmfYtBA34F/IA1LhDn3RbOV/UvYS1KxcNTOl
cWzy/M8zCC6OAPXeWMFIJWqhxf9vUfiyyamLCiWv/9BVMs7b0PNt9+f/Ci8ynflQ
E25lb5NIJJwqKS0XQNWvMN0T1y7OhDYAkUQDZc9Xu6xEjUYXBu6j+l1J5oXGYUlu
11En//JtOOaxv43Ds3/ewwi+wQmLwkNy49S9rLygXnDieO3YcdAguHKcVdKeQGV7
vkGXJs/KwAwHkn9/34GRWdlBGsaJ0QzQleFBX9B2qPmOxcI2lusZTGraKtdaPZGH
OJYcC28h682izDzCPz3e9hdGEmPm6LWYcCKsBUIGohcR5rJ3pwTMCmLBoT2SXjWR
JERnyxHemO1HL91pEkKr6CyUC6OTQ+uHRgRM2QhcmQ==
=htoz
-----END PGP SIGNATURE-----
9 years, 3 months
Re: security-team Digest, Vol 2, Issue 24
by Mohammed umar Sheriff
An online version of GNU PGP signature creation will be very helpful.My
laptop is not booting since i used GNU PGP.
On Tue, Aug 26, 2014 at 5:30 PM, <
security-team-request(a)lists.fedoraproject.org> wrote:
> Send security-team mailing list submissions to
> security-team(a)lists.fedoraproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.fedoraproject.org/mailman/listinfo/security-team
> or, via email, send a message with subject or body 'help' to
> security-team-request(a)lists.fedoraproject.org
>
> You can reach the person managing the list at
> security-team-owner(a)lists.fedoraproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of security-team digest..."
>
>
> Today's Topics:
>
> 1. Re: Duplicate bugs or? (Eric H. Christensen)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 25 Aug 2014 11:03:19 -0400
> From: "Eric H. Christensen" <sparks(a)fedoraproject.org>
> To: Fedora Security Team <security-team(a)lists.fedoraproject.org>
> Subject: Re: Duplicate bugs or?
> Message-ID: <20140825150319.GB4250(a)localhost.localdomain>
> Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Sat, Aug 23, 2014 at 10:03:59PM -0400, David Cafaro wrote:
> > Was looking over Torque bugs (I have one I'm working on), and noticed
> these two which are fst_owner=Sparks:
>
> Yeah, I had grabbed them as a result of them being EPEL orphans.
>
> > https://bugzilla.redhat.com/show_bug.cgi?id=1098583
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1098584
> >
> > They appear to be duplicates of each other. The both refer to the same
> CVE and say they cover EPEL-ALL (yet both list EL6 as version).
>
> Because of limited functionality in BZ, when a vulnerability affects all
> EPEL versions a single ticket is opened (EPEL-ALL) but the version is the
> latest version seen (in this case el6).
>
> >
> > Am I missing something or are they duplicates? Or should one cover EL5?
>
> These do appear to be duplicates. This could have been a script error.
> Since these tickets were opened back in May I suspect the problem has been
> remedied but I'll verify. Thanks for bringing this to my attention.
>
> - -- Eric
>
> - --------------------------------------------------
> Eric "Sparks" Christensen
> Fedora Project
>
> sparks(a)fedoraproject.org - sparks(a)redhat.com
> 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
> - --------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQGcBAEBCgAGBQJT+1A0AAoJEB/kgVGp2CYvB14MAJf4ooWRtyxwb0P1U998Qg1x
> 1g40wdWyxUTYUb6D+ypdRoOcpLMwNFxWCf0LB5pWCgT8MzISR0HpgMfgDCgPq382
> kwk7o2FOqc0a5RgnXAOdYSxb1bVjgepDOhGwolcqfo2kuTRCjP2/9/ehX43UKtQA
> 5qENZzqIt9oaIgsKa0yF8keUwFTEtOt9RhLhK/+QH/ZvBGIstPeV9AY76hYKmbZ/
> Wr1Ewcvr/gTZsmg90idp2KrNfdSF7s3AtCZc/uraQCn/zZHMzGdrwZcM7KkH7EJ1
> G/tMWneAgnFyADWhKp4IjPboPguOamRuAS3nlEsTCv2SGw8VZ+eEF/MQ2/6iPcv3
> PwGz6BQU1TjDUolbn5ep/CyO81utiYtGJBdTGXtlUgmdyV02CQca7Ur0hNFQE4GG
> fO//v4ZZhFWue2FBWozPoC+/LINgBgkusRX8Tz0lEtxeuuvlA9ZXuIO1loit8l5V
> wmrsg01RTouPxslFu7khnsoP/Zi1uPRL+bqNrbFPbA==
> =qmtJ
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> _______________________________________________
> security-team mailing list
> security-team(a)lists.fedoraproject.org
> https://lists.fedoraproject.org/mailman/listinfo/security-team
>
>
> End of security-team Digest, Vol 2, Issue 24
> ********************************************
>
9 years, 3 months
Editing BZ tickets
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Some people have complained that they weren't able to edit Bugzilla tickets. This will be remedied later today. Everyone in the security-team FAS group will automatically be added to fedorabugs group which allows editing of BZ tickets. I'll be adding people later this evening to allow time for migration to occur internally.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT9RPBAAoJEB/kgVGp2CYvJzwL/ROugZkj3DgUIfp6ta5T3+H9
Lvyn0387tdM30bM0BR7T84QGr+jjtxgS3ma0BdjDPBAkq3LrlQ5ta3IZ7EYQfUFs
Dbp86aAlwQPVU2GmYFhGETdCkFWV9p9hyHhLJc9s+qwuo6BugI898XsDjC63Bm0A
uTmuVkIPLOQbUdJn9UCNJOFayM6Zum+NB1xE7n9Oy1IVlXpyfVbA8+ieltClNLYF
W2XvaBG9cUlUA2fcZ71gLv+FymB9uxELB8hmLrzOhhUOPpILxBZzfPF08JT75zgO
aRp0VlZQdeiVyrI9MVfj+mUTEggMulDv6neI7xkkNGBKpagl7u8aJZfIozXMRWrI
hxWWxiNTU3aixhzgkdNAbkjBww7xMybA4q9nj1XfsECiBUAlIS84z4io+L+2PTIy
rw9NQbgNjPw09BnoYJ4q7iqkBo9b+gcKMrmmAkURa0qgYwSU7xEgf4nDOjTze8no
DbtVDYU6UX43yMhOrbagqjrz20lad1C/4bkosqGNJw==
=cUs3
-----END PGP SIGNATURE-----
9 years, 3 months
Security Team Meeting minutes - 2014-08-20
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
========================================================================================================
#fedora-meeting-1: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
========================================================================================================
Meeting started by Sparks at 19:00:34 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting-1/2014-08-20/fedora_secur...
.
Meeting summary
- ---------------
* Roll call (Sparks, 19:00:42)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 19:05:40)
* Outstanding BZ Tickets (Sparks, 19:05:49)
* Wednesday's numbers: Critical 2, Important 60, Moderate 388, Low
130, Total 580, Trend +5 (Sparks, 19:06:58)
* Bugs being worked: 167 (Sparks, 19:08:17)
* Bugs closed: 29 (Sparks, 19:08:59)
* ACTION: Sparks to determine how to add BZ editing capabilities to
team members. (Sparks, 19:19:28)
* FAS Group (Sparks, 19:22:11)
* Open floor (Sparks, 19:24:26)
Meeting ended at 19:27:43 UTC.
Action Items
- ------------
* Sparks to determine how to add BZ editing capabilities to team
members.
Action Items, by person
- -----------------------
* Sparks
* Sparks to determine how to add BZ editing capabilities to team
members.
* **UNASSIGNED**
* (none)
People Present (lines said)
- ---------------------------
* Sparks (30)
* D-Caf (5)
* zodbot (5)
* scorneli (4)
* fabian_a (2)
* bvincent (2)
* rdieter (1)
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT9RUVAAoJEB/kgVGp2CYvXjgL/0PRnD0hJXHMtNNcRbMzg+rI
eEmfiwiZ9lo94r0/D3ABvy+524D27eTonfg72/4VMWubPkYBMnxGnwKZHMPr0cQ6
wOOAZE91jOBQAhC6eCb8mPN6/yyHlbMXdgP2BPQcuQ7jidYBvh7N97Pn+Z+BoZf/
zZQzcFqpb60ClbBVhodOnxqOx3jBtH3aHuxnO7As/MTtNRH2F1v6iJDY95q1KcMc
9rRaGSY/dK0F2Q66kZD5bFo7MHfmRqBk0u1Ar1ZJ1UkuIqISL2SFL+XK+ccH6kfh
TwBHvGZi7fFORWXa6R+vdZB09bTaSnz1SI9KC3otzyveTBzyCyRawb19Lbg+rABD
MlkxEDp+9Co8E2pILaBCivd1etrxlGxpQUGYTQrdNtpv6ZV9Wyd9pR34JcqFekzh
l+sf8ZXSz22puf1hxsT3c3OgQs3GGKq+P++ndboPitM6yS5/uYWbEZCmkRQ5tHv1
2sF8y2QYGX5d6vOdfjiNKRWYGNiQlVtLmaqPc2bYPA==
=ssHz
-----END PGP SIGNATURE-----
9 years, 3 months
CVE-2013-4440, CVE-2013-4442 pwgen vulnerabilities fix
by Jan Rusnacko
Hello James,
I am looking at old vulnerabilities and package you own, pwgen, currently has three of them: CVE-2013-4440, CVE-2013-4441 and CVE-2013-4442.
I contacted upstream author Theodore Ts`o, who acknowledged CVE-2013-4440 and CVE-2013-4442 are problems, but refused to merge fix proposed on the list (http://marc.info/?l=oss-security&m=137049241132104&w=4) for good reasons. I did analysis on CVE-2013-4441 and I believe it`s basically not fixable without breaking pwgen completely.
For the other two issues I wrote a patch and sent it upstream, but received no response. So, for the time being, could you please look at the patch and see if we can update pwgen in Fedora and EPEL to fix CVE-2013-4440 and CVE-2013-4442 ?
Thank you !
--
Jan Rusnacko, Fedora Security Team
9 years, 3 months
Meeting transcript from 2014-08-06
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Meetbot was under the weather last week but I was able to get the transcript.
19:00:49 <Sparks_too> #meetingname Fedora Security Team
19:00:49 <zodbot> The meeting name has been set to 'fedora_security_team'
19:00:55 <Sparks_too> #endmeeting
19:01:13 <Sparks_too> #endmeeting
19:01:22 <zodbot> Sparks_too: Error: Can't start another meeting, one is in progress.
19:01:27 <Sparks_too> *sigh*
19:01:44 <bvincent> .mynameis bvincent
19:02:29 <Sparks_too> Okay, lets see if someone in admin can fix zodbot real quick.
19:02:54 <revskills> ok, don't worry
19:03:43 <Sparks_too> #endmeeting
19:04:24 <Sparks_too> Okay, I'm just going to pretend that zodbot is awake and doing what it should be doing in the off chance this can be saved.
19:04:33 <zodbot> Sparks_too: Error: Can't start another meeting, one is in progress.
19:04:36 <Sparks_too> #meetingname Fedora Security Team
19:04:36 <zodbot> The meeting name has been set to 'fedora_security_team'
19:04:39 <Sparks_too> #topic Roll Call
19:04:41 * Sparks_too
19:04:56 * jtaylor90 is here
19:05:02 <bojov> present
19:05:14 <jrusnack> here
19:05:18 <bvincent> here
19:05:32 <D-Caf> here (David)
19:05:45 <bvincent> .hellomynameis bvincent
19:05:46 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent(a)asu.edu>
19:05:48 <danofsatx-dt> I am present as an interested party. I am an IT security professional and curious about the Fedora Security Team.
19:07:15 <revskills> hi danofsatx-dt :)
19:07:18 <Sparks_too> Okay, good group. Lets get started.
19:07:25 <Sparks_too> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
19:07:31 <Sparks_too> #topic Follow up on last week's action items (10 minutes)
19:07:57 <Sparks_too> Okay, we're going to skip last week's actions items since I failed to fix the agenda. :/
19:08:08 <Sparks_too> That will give us more time to discuss other things.
19:08:22 <Sparks_too> #topic Roster
19:08:54 <Sparks_too> #link https://fedoraproject.org/wiki/Security_Team_Roster
19:09:23 <Sparks_too> Looks like several people have added their info to the Security Team roster. I'll encourage everyone to go there and update their information.
19:10:12 <Sparks_too> #topic Rewards
19:10:14 * marcdeop is sorry he is late
19:10:35 <Sparks_too> I haven't had a chance to look at this stuff yet but I'll make it a priority for this week and we'll talk about it more next week.
19:10:41 <Sparks_too> #topic Outstanding BZ Tickets
19:10:58 <Sparks_too> Okay, here is what I really wanted to get to since this is the fun part.
19:11:07 <Sparks_too> #info Monday's numbers: Critical 2, Important 70, Moderate 372, Low 131, Total 575, Trend +9
19:11:11 <Sparks_too> #info Current tickets owned: 119
19:12:03 <Sparks_too> So right now it looks like we are currently working ~20% of all the open vulnerabilities in Fedora and EPEL. That's awesome.
19:12:26 <Sparks_too> Is anyone coming up with any problems they'd like to discuss?
19:12:37 <jrusnack> yup, pwgen and rubygems
19:12:53 <Sparks_too> #info We've already closed 8 tickets
19:13:00 <Sparks_too> jrusnack: The floor is yours
19:13:19 <jrusnack> #info sent patches to pwgen upstream that fix 2 CVEs, no response. Should I go ahead and push them just to fedora ?
19:14:06 <Sparks_too> jrusnack: Are we sure they fix the problems?
19:14:36 <revskills> Sparks_too, jrusnack is a good idea to discuss fixes in fedora mailing list
19:14:47 <revskills> second pair of eyes allways are wellcome
19:14:47 <jrusnack> I can send them to you and you can see yourself. Also, I assume I would work with packager
19:14:54 <jrusnack> yup
19:14:55 <Sparks_too> jrusnack: fedora-devel..
19:15:04 <jrusnack> OK, so I`ll discuss on the list
19:15:52 <jrusnack> #info rubygems vulns - so there are these two guys, Michael Stahnke and Jeroen va Meeuwen, who own rails in EPEL and have ~25 unfixed vulnerabilities
19:16:00 <Sparks_too> jrusnack: plus the packager. Depending on how fluent they are with the code... :)
19:16:24 <Sparks_too> jrusnack: So, yeah, I'd say we should submit the patches to the packager for review and see where that goes.
19:16:25 <jrusnack> #info jsmith advised I should start unresponsive packagers policy - maybe would be useful for others to know it exists
19:16:44 <Sparks_too> Yeah, we have one of those.
19:17:02 <revskills> jrusnack: can you share/link this info wiki/mailing?
19:17:38 <jrusnack> #info http://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers
19:17:39 <jtaylor90> just fyi, on one of the lists or irc maybe Jeroen va Meeuwen aka kanarip is at flock. folks are reaching out to him about package maintenance
19:17:51 <revskills> +1 jrusnack ty!
19:18:28 <jrusnack> jtaylor90: yup, I asked on fedora devel, a good fellow might make him fix those for us :)
19:18:58 <jrusnack> that`s all, thanks !
19:19:25 <Sparks_too> cool
19:19:46 <Sparks_too> Okay, so I'll talk about my adventures with EPEL real quick.
19:20:15 <Sparks_too> Today, I asked that two orphaned packages be removed from EPEL-5... and they were. That closed nine tickets in BZ.
19:20:27 <jrusnack> eucalyptus ?
19:20:52 <Sparks_too> I have another ~28 eyed for the same outcome.
19:21:03 <Sparks_too> This will close ~59 tickets
19:21:24 <Sparks_too> jrusnack: Euca is in Fedora only
19:22:00 <Sparks_too> So I'll be working on these orphaned packages and we'll see if we can get those taken care of.
19:22:03 <jtaylor90> Sparks_too: moin can be added to that outcome as well, releng retired and untagged all builds for moin in epel5 (releng ticket #5956)
19:22:13 <Sparks_too> jtaylor90: +1
19:22:38 <Sparks_too> jtaylor90: If you haven't done so already, go ahead and close all moin el5 bugs in BZ as CLOSED, WONTFIX.
19:22:48 <Sparks_too> jtaylor90: And put your fst_owner tag on them.
19:23:04 <jrusnack> so, what is process for getting them orphaned ?
19:23:04 <jtaylor90> excellent, that answers that question about how to close
19:24:12 <Sparks_too> jtaylor90: Yeah, I went through that earlier today.
19:24:33 <Sparks_too> jrusnack: So these packages are already orphaned. We want them retired. You must go through releng to do that.
19:24:54 <Sparks_too> jrusnack: So, you just open a ticket in releng's trac instance on fhosted and magic happens.
19:25:02 <jrusnack> Sparks_too: oh right, got it, thnaks !
19:25:46 <Sparks_too> So, I sent the list of EPEL packages to epel-devel earlier today. I'll likely ask that those packages get retired tomorrow if no one speaks up about them.
19:26:58 <Sparks_too> WRT Eucalyptus, the package owner no longer wants to own this. I suspect most people using euca aren't using the Fedora package. We'll likely go through the retirement process with this package as well.
19:27:20 <Sparks_too> Does anyone have anything else they'd like to discuss ticket-wise?
19:27:36 <jtaylor90> yeah I have one
19:27:55 <Sparks_too> jtaylor90: go
19:28:13 <jtaylor90> well it's actually at least a couple tickets, it relates to the mingw32 packages in epel5 specifically mingw32-jasper and mingw32-openssl
19:28:25 <Sparks_too> okay
19:28:47 <jtaylor90> I emailed the original packager and then followed up with the minfw sig mailing list, the whole mingw32 package set has essentially been orphaned
19:28:57 <jtaylor90> I am waiting to hear a consense from the SIG on how they want to handle
19:29:16 <Sparks_too> handy
19:29:53 <jtaylor90> I haven't had a chance to see if there are other mingw32 package bz's out there so if anyone else comes across them, the issues with epel5 packages are being discussed
19:30:13 <jtaylor90> I will go through and see if there are any others related BZ's and grab them
19:30:26 <jtaylor90> that's it :)
19:31:40 <Sparks_too> jtaylor90: Yeah, just grab the tickets and you can figure it out as it goes on.
19:31:46 <Sparks_too> Anyone else?
19:33:01 <Sparks_too> #topic Open floor discussion
19:33:05 <danofsatx-dt> y'all were mentioned on the Linux Action Show: http://youtu.be/XKyeGe8EtOk?t=25m39s
19:33:19 <Sparks_too> danofsatx-dt: That's scary... I'll have to go watch.
19:34:41 <Sparks_too> danofsatx-dt: Even scarier... they used my email
19:34:58 <danofsatx-dt> uh oh....prepare for spam.
19:35:21 * danofsatx-dt missed that
19:35:22 <Sparks_too> danofsatx-dt: Too late... we were also featured on php today and some other geek news places.
19:35:34 <Sparks_too> Who'd a thought people would give a crap?
19:35:56 <marcdeop> why wouldn't they? security got relevant since the heartbeat bug
19:35:59 <bvincent> Take a look at the security issues with other distributions.
19:36:12 <danofsatx-dt> well, considering the world I work in, a lot. I'm slowly but surely converting my office from Windows to Fedora/CentOS
19:36:14 <Sparks_too> marcdeop: True, but we don't have a cool URL or icon.
19:36:24 <bvincent> In comparison, Fedora is not as bad as some other distributions.
19:36:26 <marcdeop> we can always get that, right?
19:37:02 <Sparks_too> heh
19:37:59 <Sparks_too> Oh
19:38:30 <Sparks_too> When you are looking for a case to work on, please look at the oldest ticket not taken. I want to make sure we can get rid of as many of the old things as possible.
19:40:01 <marcdeop> I am sorry I cannot participate much yet, I recently switch countries and it has been extremely difficult to handle all the paperwork and new job :S
19:40:19 <Sparks_too> marcdeop: No worries, we'll likely have work for you to do when you get the time. :)
19:40:22 <jrusnack> so, another process related question: how to push CVE from ON_QA state further ? E.g. https://bugzilla.redhat.com/show_bug.cgi?id=1020950 is in ON_QA state for ~9 months now
19:41:33 <Sparks_too> jrusnack: I'd ask on the ticket for the package to be moved to stable
19:42:03 <jrusnack> stable is what ? sorry not fluent in fedora process yet
19:42:48 <Sparks_too> jrusnack: Well, it's in testing. The packager just needs to push the button in bodhi that says "push to stable".
19:43:52 <jrusnack> thanks. And maybe related question - do we want to monitor ON_QA packages too ?
19:44:11 <Sparks_too> Yes, anything that isn't closed
19:44:34 <revskills> we need to follow the entire process
19:44:55 <revskills> we do the same in the SRT/rh
19:45:25 <Sparks_too> revskills: +1
19:45:41 <jrusnack> Sparks_too: then we need more bugzilla searches on our awesome wiki
19:45:51 <jrusnack> thanks for exaplanations !
19:45:55 <Sparks_too> jrusnack: It's a wiki... be bold!
19:46:10 <jrusnack> Sparks_too: let`s do it ! :)
19:46:48 <jrusnack> #action jrusnack add more bugzilla searches to wiki to cover tickets in other states (we want to monitor entire process)
19:46:53 <Sparks_too> :)
19:46:58 <Sparks_too> Okay, anyone have anything else?
19:48:10 <D-Caf> No, just getting up to speed so I can eventually be helpful
19:48:13 <revskills> no, looks everything is going fine
19:48:30 <Sparks_too> Okay, I'm going to end the meeting and invite everyone back over to #fedora-security-team for refreshments.
19:48:37 <Sparks_too> Thanks for everyone coming and participating.
19:48:45 <revskills> +1 Sparks_too
19:49:03 <Sparks_too> D-Caf: Come over to #fedora-security-team for a better explaination.
19:49:09 <Sparks_too> #endmeeting
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT64FSAAoJEB/kgVGp2CYv9fgL+wWULOFx0KcpoTfsT03J8ogN
Yx1kIGumobHqohpwD/pth6qEUj1gjEMHj4eKKt2iMpTXwzK8Q7KfH4QRkI/biJVE
Lm44+RvfuS58b1pj8csgQ5gfJHxQ5Y2wLovzB+y/uLSkvt7EF0N01MRKXU0UQ8uu
yy4QeMxw51gZx6awu1220jYhrmSkNCCIMVWdNPHnIbOOM9yzMnnJ9WF+5J/2Ux7I
Zb4qpQt7fuRhp2MhmjJ5sUnxP/CASbqfXt2vm/lZldAQuM1F/dhaqQlt90YQp6U3
1TRRYWNhRpkveTheGYVwe0EEgbTfJd4GPTOKfupKw+RS6JEjJjuwgPKPW2iQvD0E
MvIgZNSbprv8U2V1tZQcgP0ALM1s7e5trtPCOwWT56aybef78gKJKzzLjATtyJAd
ciwHG1FzN80ETNL8xVVepbpiBsISlpLxfMskUUFEWziX4UghfJm9h19FM7+4mx6G
wp2+riluVOqNogLLX1LAhniQO8XE2ndsZ2oB/iPkoQ==
=eNWG
-----END PGP SIGNATURE-----
9 years, 3 months
