Fedora Security Team APAC Meeting
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
In last week's meeting we discussed having a second meeting that would be held in a more convenient (I'm not promising convenient) time for our APAC members. If you are in the APAC area please complete the survey[0] to show when you would be available to meet.
[0] http://whenisgood.net/dk4ke3j
Thanks!
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJUGZrUAAoJEB/kgVGp2CYvf0oL/i4XFVIAJuRFdq4kUp01ymqw
C1gdZtUDTFP9qr+bcVFbIH4XjA/K1SdMNwscQA3Yw4jBYogTA/nvSSf/gXDyl7UM
2pUgP9U+Z7zdkllJFtqQfST1bPsRixpvHzuyH5s9E4jDtcmGyfhoxltXrA8s6bdo
5oxf/BnAYcvPIium9zAnhe9Hsyf096NVodUtf87D2EGjQIUMvs0u9iuDA9vFXg98
ymnFK3ODDwypmsv3HXeSiEJ2zNUxztlHk65K1YdycN+4SJ2XluFj2/mpX+FZwmZf
9oNg6WW/ihojXEahXTT9yqqeVSD3HSsRVhbXNOrBneGJuuLp2FasMGKCViNRoJAe
p3z3DBdY4oN5oFxuwWRWMSUgi16LUHLyKPxPdty+X3myAzsgLAArw9OuUx6NaYgY
NpmT0nnvTCclg/wjitK7mSXp16yN3IrNnoSd+/aLD6cz6cuX5T5YbQdJiKylvu3O
H4na2o7nPYl+SDKKETLH1le3GPTwX03PI0RHnVes3A==
=BYaM
-----END PGP SIGNATURE-----
9 years
FST process details
by P J P
Hello,
Please see -> https://fedoraproject.org/wiki/Security_Team
The wiki has been updated to add FST process details. Please have a look in case you spot anything amiss.
Earlier today, I was discussing with Huzaifa(https://fedoraproject.org/wiki/User:Huzaifas) who said, we need to define how we handle issues in packages wherein upstream is unresponsive or is dead. We need to close such issues and retire those packages.
If you know other such instances wherein users don't know what to do, let's please collate them together and define a course of action for them.
Your comments/inputs/suggestions are most welcome! :)
---
Regards
-Prasad
http://feedmug.com
9 years
Bugzilla Filtered Searches
by Brandon Vincent
All,
I've added links on the Wiki to filter the BZ searches for bugs that
do not have a "fst_owner" whiteboard tag assigned.
This seems like a useful addition.
Brandon Vincent
9 years
Meeting Minutes for 2014-09-10
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
========================================================================================================
#fedora-meeting-1: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
========================================================================================================
Meeting started by Sparks_too at 19:01:06 UTC. The full logs are
available at
http://meetbot.fedoraproject.org/fedora-meeting-1/2014-09-10/fedora_secur...
.
Meeting summary
- ---------------
* Roll Call (Sparks_too, 19:01:12)
* Outstanding BZ Tickets (Sparks_too, 19:07:06)
* Wednesday's numbers: Critical 2, Important 53, Moderate 365, Low
127, Total 547, Trend +7 (Sparks_too, 19:07:14)
* Current tickets owned: 145 (~27%) (Sparks_too, 19:07:20)
* APAC Meeting (Sparks_too, 19:10:23)
* Open floor discussion (Sparks_too, 19:16:13)
* Security FAD in Pune
https://fedoraproject.org/wiki/FAD_Pune_Security_1 (Sparks_too,
19:19:17)
* ACTION: Sparks to talk with Huzaifa about times for the FAD and the
possibility of doing a video-teleconference with others not in Pune.
(Sparks_too, 19:21:51)
* LINK: https://bugzilla.redhat.com/show_bug.cgi?id=1039917 (d-caf,
19:31:25)
* LINK: http://bugs.python.org/issue14621 (bvincent, 19:32:20)
* LINK: https://bugzilla.redhat.com/show_bug.cgi?id=1039915#c4
(jrusnack, 19:34:33)
Meeting ended at 19:41:11 UTC.
Action Items
- ------------
* Sparks to talk with Huzaifa about times for the FAD and the
possibility of doing a video-teleconference with others not in Pune.
Action Items, by person
- -----------------------
* Sparks to talk with Huzaifa about times for the FAD and the
possibility of doing a video-teleconference with others not in Pune.
People Present (lines said)
- ---------------------------
* Sparks_too (43)
* jrusnack (14)
* d-caf (13)
* zodbot (5)
* bvincent (4)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJUEKmSAAoJEB/kgVGp2CYv3o8L/i1x74ExLt2LqtDodIiDuDix
l/aL3EsfBc+VAU9Pf+OcwIYWe+w8snVJ/ARHhqefP+L8PCCgJciEf+qRrAo7eNM3
ppxhrB9Besmf5PU5hw+lS2z1volSdbbROaHSlztG2VcGZaISRO5yLxQ8vreIl2n8
N7BVJza4IZFNEwDXl9BVZS+wrWMdvftaIIAryzPLxFX7m/CRZbWIja+/tDCzgyz1
TfC63noiQEa/rh61MAj+E9qH+xh6y1y4iOUVOhXJllZAHLyKKVlUuHflhUS6DAaL
LHL/fIBwl+gdtJqKtGtaTvGeedBRKkcSAoo0g5J6bSRG9zIuU67g/cJOyiTQRpCA
qxIXSRSldwtSFZb40cu8/WwpLxznYrA+AcqSzy/bJNqwoMAOZagw36ZbztQzdJpk
6eQXUiX21pyfbAEubX74acg+D41u2S+kCoUVAPD1NLlSzb4o+fiZxcsp7gQmIj+/
TgSYUKQGzPUdvwJUkc3K4Fgu9ZGF6aheEpo4UDWrsw==
=9gv6
-----END PGP SIGNATURE-----
9 years
Fw: [Fedocal] Reminder meeting : Weekly Security Team meeting
by P J P
> On Wednesday, 10 September 2014 9:32 PM, P J P wrote:
> Hi,
>
>> On Wednesday, 10 September 2014 7:06 PM, Eric H. Christensen
>> I'll happily do another WhenIsGood survey but the meeting time listed
> ended
>> up being the best time for those that were interested. I have no problem
>> scheduling something earlier.
>
> Great! Thank you so much!! We start from today or next week??
>
> Thank you.
>
> ---
> Regards
> -P J P
> http://feedmug.com
>
9 years
How to handle CVE marked "WONTFIX"
by David Cafaro
So three python ticket I'm working have a CVE that is "CLOSED WONTFIX". Apparently the patch to fix the DoS issue is intrusive and will not be back ported to the 2.x or earlier 3.x releases by the upstream providers.
It may be possible to bump the python3 packages to python3-3.4 from python3-3.3 to get the patch, but 2.x versions are going to be a mess to fix, RHEL5/6 are not patching.
What is the policy? Do we still try and get the patch or follow upstream as a WONTFIX?
Thanks,
David
9 years
