Security Team Meeting minutes for 2016-01-28
by Eric Christensen
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:01:16 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2016-01-28/fedora_securit...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:01:20)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 14:07:21)
* Follow up on last week's tasks (Sparks, 14:07:30)
* ACTION: pjp to give a status update on security policy in the wiki
(carried over) (Sparks, 14:07:47)
* ACTION: Sparks to figure out how FST members can get access to
Fedora security bugs (Sparks, 14:07:56)
* ACTION: Sparks to follow up on meeting locations to verify their
availability. (Sparks, 14:08:03)
* Fedora Security Team FAD (Sparks, 14:09:37)
* I'm going to press ahead with the 4 March date and use the 11 March
date as a backup for the FAD. (Sparks, 14:10:28)
* Outstanding BZ Tickets (Sparks, 14:20:38)
* Thursday's numbers: Critical 0 (0), Important 54 (+9), Moderate 474
(+20), Low 185 (+4), Total 713 (Sparks, 14:22:09)
* Open floor discussion/questions/comments (Sparks, 14:25:53)
* Sparks will be on leave all next month (February) and may or may not
be available to meet. (Sparks, 14:26:32)
Meeting ended at 14:30:27 UTC.
Action Items
------------
* pjp to give a status update on security policy in the wiki (carried
over)
* Sparks to figure out how FST members can get access to Fedora security
bugs
* Sparks to follow up on meeting locations to verify their availability.
Action Items, by person
-----------------------
* Sparks
* Sparks to figure out how FST members can get access to Fedora
security bugs
* Sparks to follow up on meeting locations to verify their
availability.
* **UNASSIGNED**
* pjp to give a status update on security policy in the wiki (carried
over)
People Present (lines said)
---------------------------
* Sparks (41)
* zodbot (7)
* Astradeus (5)
* mhayden (4)
* fale (1)
14:01:16 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:01:16 <zodbot> Meeting started Thu Jan 28 14:01:16 2016 UTC. The chair is
Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:16 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link
#topic.
14:01:16 <zodbot> The meeting name has been set to 'security_team_meeting_-
_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:01:19 <Sparks> #meetingname Fedora Security Team
14:01:19 <zodbot> The meeting name has been set to 'fedora_security_team'
14:01:20 <Sparks> #topic Roll Call
14:01:21 * Sparks
14:02:03 <mhayden> .hello mhayden
14:02:04 <zodbot> mhayden: mhayden 'Major Hayden' <major(a)mhtx.net>
14:03:39 <fale> .hello fale
14:03:40 <zodbot> fale: fale 'Fabio Alessandro Locati' <fabio(a)locati.cc>
14:03:54 <Astradeus> .hello astra
14:03:55 <zodbot> Astradeus: astra 'David Kaufmann' <astra(a)ionic.at>
14:06:19 <Sparks> Okay, lets get started.
14:07:21 <Sparks> #info Participants are reminded to make liberal use of #info
#link #help in order to make the minutes "more better"
14:07:28 * mhayden runs the script
14:07:30 <Sparks> #topic Follow up on last week's tasks
14:07:47 <Sparks> #action pjp to give a status update on security policy in
the wiki (carried over)
14:07:56 <Sparks> #action Sparks to figure out how FST members can get access
to Fedora security bugs
14:08:03 <Sparks> #action Sparks to follow up on meeting locations to verify
their availability.
14:08:29 * Sparks needs to be working on a few of these itesm.
14:08:35 <Sparks> s/itesm/items
14:09:04 * Sparks looks for zoglesby on IM
14:09:31 <Sparks> Hmmm, not there either.
14:09:37 <Sparks> #topic Fedora Security Team FAD
14:10:28 <Sparks> #info I'm going to press ahead with the 4 March date and use
the 11 March date as a backup for the FAD.
14:10:58 <Sparks> We still need to get a list of goals together for the event.
14:12:17 <Sparks> Anyone have any ideas?
14:12:53 <Astradeus> fix the fedora-report-thingy and make it show comparison
numbers to the week before
14:14:54 <mhayden> i'd like to see if we could get some level of automation
around bugs
14:14:55 <Sparks> Astradeus: +1
14:20:02 <Sparks> Okay, moving on.
14:20:38 <Sparks> #topic Outstanding BZ Tickets
14:22:09 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 54 (+9),
Moderate 474 (+20), Low 185 (+4), Total 713
14:22:24 <Sparks> +Tickets by Severity-+-------+---------+
14:22:24 <Sparks> | Severity | Tickets | Owned | Unowned |
14:22:24 <Sparks> +----------+---------+-------+---------+
14:22:24 <Sparks> | medium | 474 | 39 | 435 |
14:22:24 <Sparks> | low | 185 | 13 | 172 |
14:22:26 <Sparks> | high | 54 | 21 | 33 |
14:22:29 <Sparks> +----------+---------+-------+---------+
14:22:53 <Sparks> There has been a significant uptick in security bugs over the
passt week.
14:23:04 <Sparks> 9 new important CVEs?
14:24:59 <Sparks> Anyone have anything regarding bugs?
14:25:53 <Sparks> #topic Open floor discussion/questions/comments
14:25:59 <Sparks> I have something...
14:26:15 * mhayden needs to scoot -- sorry!
14:26:32 <Sparks> #info Sparks will be on leave all next month (February) and
may or may not be available to meet.
14:26:39 <Sparks> mhayden: Have a good day.
14:27:53 <Astradeus> Sparks: happy holisays :)
14:28:01 <Sparks> :)
14:28:09 <Sparks> Anyone have anything else?
14:29:39 <Astradeus> no :)
14:29:53 <Sparks> Okay, well we'll go ahead and close for the day.
14:30:00 <Sparks> Everyone have a good one!
14:30:25 <Astradeus> you too
14:30:27 <Sparks> #endmeeting
7 years, 7 months
Fedora Security Team Report - 2016-01-28
by Major Hayden
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-01-28 08:07:38.152225
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-01-28
- -------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 474 | 39 | 435 |
| low | 185 | 13 | 172 |
| high | 51 | 21 | 30 |
| unspecified | 3 | 0 | 3 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 607 | 64 | 543 |
| ON_QA | 73 | 5 | 68 |
| ASSIGNED | 20 | 4 | 16 |
| MODIFIED | 13 | 0 | 13 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 474 | 39 | 435 |
| low | 185 | 13 | 172 |
| high | 54 | 21 | 33 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| mingw-pcre | 32 | 0 | 32 |
| mingw-libxml2 | 17 | 0 | 17 |
| xen | 15 | 0 | 15 |
| glib2 | 13 | 0 | 13 |
| moodle | 11 | 1 | 10 |
| bugzilla | 11 | 1 | 10 |
| cacti | 11 | 0 | 11 |
| kernel | 10 | 0 | 10 |
| qemu | 10 | 4 | 6 |
| owncloud | 8 | 0 | 8 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 245 | 37 | 208 |
| 23 | 192 | 11 | 181 |
| 22 | 123 | 1 | 122 |
| el5 | 79 | 21 | 58 |
| epel7 | 68 | 3 | 65 |
| rawhide | 6 | 0 | 6 |
+----------------+---------+-------+---------+
- --
Major Hayden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWqiDWAAoJEHNwUeDBAR+xn40P/0tsFT6KsWK2kJjSNmuBDEaF
Ge43qTh5BvBxT+3h02e+EZoYn06YZLvOsWUHqdxY4dsfaLWNVMRPwIxIHqboVvAY
fLekjGF3TCUVDL43/fubrF4fJlFe6hWjqEWPVc2z985OdkwHug2DUnjiWPBVOodS
axTylTSbk7nuizusRaiUjJq88Rnl29h5DZ0k8lt+Jx0gglsevUJzRmHPoeVU9lIw
kAv3b7jsTZdMQu2QYB/esZ0a7UTVeYJpDaQTRsxLnOW5gKbS4kgsbzL2d+lPUm7A
/Pa02GWzQUFVQewNzHRJ9fXO79k3ubLSjr7MgyJBX+l/DMThwMuFZDB7miUjfKIl
+eIXapPkHMXgJVejnW8+W3naSQoOues9AdpB9vgmqYCTki5714ImQtaOYh6++Duh
MIhxUYlO4NAs4RX4TqGtIKaFLzka9TUZa4kDAh/QQxOKSxybf7VDFmO5x/AYJ4zp
onogi8/ycIX1SH8VK9/kJ4do04u/bdJnPp/7Wb9Bg14cLCJBKJLrP3hL8lFuvTfl
3zCnXYQY5dqGid8n3FDjdbdFCadT2yIRB07XigbaOisz3ops7PgwNrca3BIXc3v4
gfdqDQimDIAn1bzUgkAb5emAkrUJApN811deZrQsvCv3Q3lVtw5hRehMjNm2Jimt
J4s3U5E2GXMC7bEQKWro
=FZuZ
-----END PGP SIGNATURE-----
7 years, 7 months
openssl update tomorrow
by Matthew Miller
You all are probably already highly aware of this, but just to be sure:
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html
There's a pre-announcement of something bad:
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.0.2f, 1.0.1r.
These releases will be made available on 28th January between
approx. 1pm and 5pm (UTC). They will fix two security defects, one
of "high" severity affecting 1.0.2 releases, and one "low" severity
affecting all releases.
Please see the following page for further details of severity levels:
(Thanks sgallagh for alerting me!)
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
7 years, 8 months
Fedora Security Team Report - 2016-01-21
by Major Hayden
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-01-21 07:46:50.438047
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-01-21
- -------------------------------------------------------------------------------
+Tickets by Priority-+-------+---------+
| Priority | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 454 | 39 | 415 |
| low | 181 | 13 | 168 |
| high | 45 | 21 | 24 |
+----------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 586 | 64 | 522 |
| ON_QA | 53 | 5 | 48 |
| MODIFIED | 23 | 0 | 23 |
| ASSIGNED | 18 | 4 | 14 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 454 | 39 | 415 |
| low | 181 | 13 | 168 |
| high | 45 | 21 | 24 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| mingw-pcre | 32 | 0 | 32 |
| xen | 15 | 0 | 15 |
| mingw-libxml2 | 15 | 0 | 15 |
| qemu | 15 | 4 | 11 |
| glib2 | 13 | 0 | 13 |
| moodle | 11 | 1 | 10 |
| cacti | 11 | 0 | 11 |
| bugzilla | 11 | 1 | 10 |
| kernel | 10 | 0 | 10 |
| owncloud | 8 | 0 | 8 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 240 | 37 | 203 |
| 23 | 173 | 11 | 162 |
| 22 | 124 | 1 | 123 |
| el5 | 77 | 21 | 56 |
| epel7 | 60 | 3 | 57 |
| rawhide | 6 | 0 | 6 |
+----------------+---------+-------+---------+
- --
Major Hayden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWoOHyAAoJEHNwUeDBAR+xxrkP/RP0/tHiK8IMYTPgSbHbZXnV
YelsZuIuPz/JG2yV/JO1dDRUU9s84tjcfWlgSPmPphrw95h5iB5N8q0RA7ngO7CH
3oefmbjIt2TJzYDDf9ogXqzmTeFia0EcaGDI0guxKoNhVQbdGdei/CCCOeytfNHt
hU3r8IzkIsw+paEIUFhflCzNGt7rj9HY2YuyENAODf+HsYNN2190XytCoVhC1mTW
lMyV3UgWvq8d/DMgyuwz/Iuz6DG4zKlnkDR46v9ZScv99vTcpdkma+Z+wSULhaQR
zFpNTxOg4W26zqQCfwxaYA31x0GZ8WRodW2ZmFp4cdWkFwjmw5kLqsmVG+m2py3s
MOutT5KbLGQdZHKerk6J3xWvxlXSqDQ/FtzRAZ3uNb6zF2OZkEignkgj01rCGH6X
TeEcJ9cv7NJyncPCKMkadljEU3aMmWbAVby87AbeI088riNlCdLPM5TYJLnUT4Pr
Bk1XLDLgVaOfJ1ky6z1xxWMR98Y1+mZmq89813514ZnZuWaQr6IatYbnCmWLjFMJ
8UaVMh06tPcXxhGaqwfAfMoiDDFIXvUIoSG0REsF9vqDuWbMZjJv3G6qfQWtrApB
22SFtE+1TdvD+7jGvoqNHcUxBrvNLcyWAzKt+jHpY2/7NZW4Xq8MfiaMk4JC0pl9
7HAfGSIIRRkNtnSV/OkF
=PBHa
-----END PGP SIGNATURE-----
7 years, 8 months
Security Team meeting minutes for 2016-01-14
by Eric Christensen
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:03:49 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2016-01-14/fedora_securit...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:04:01)
* Follow up on last week's tasks (Sparks, 14:12:29)
* ACTION: pjp to give a status update on security policy in the wiki
(carried over) (Sparks, 14:12:46)
* ACTION: Sparks to figure out how FST members can get access to
Fedora security bugs (Sparks, 14:12:57)
* Fedora Security Team FAD (Sparks, 14:13:07)
* LINK: http://whenisgood.net/8fshcdf/results/9czp49s (Sparks,
14:13:35)
* ACTION: Sparks to follow up on meeting locations to verify their
availability. (Sparks, 14:14:21)
* ACTION: Sparks to bring up the agenda topic on the list (Sparks,
14:18:26)
* Apprenticeship (Sparks, 14:18:35)
* LINK: https://fedoraproject.org/wiki/Security_Team_Apprenticeship
(Sparks, 14:18:44)
* Outstanding BZ Tickets (Sparks, 14:20:42)
* Thursday's numbers: Critical 0 (0), Important 43 (+7), Moderate 429
(+5), Low 173 (+27), Total 645 (Sparks, 14:20:50)
* Open floor discussion/questions/comments (Sparks, 14:22:52)
* LINK: https://twitter.com/phessler/status/687637446469771264
CVE-2016-0777 (Astradeus, 14:23:41)
* LINK:
http://docs.openstack.org/developer/openstack-ansible-security/
(mhayden, 14:29:51)
* LINK: https://github.com/ameridea (linuxmodder, 14:39:06)
Meeting ended at 14:46:42 UTC.
Action Items
------------
* pjp to give a status update on security policy in the wiki (carried
over)
* Sparks to figure out how FST members can get access to Fedora security
bugs
* Sparks to follow up on meeting locations to verify their availability.
* Sparks to bring up the agenda topic on the list
Action Items, by person
-----------------------
* Sparks
* Sparks to figure out how FST members can get access to Fedora
security bugs
* Sparks to follow up on meeting locations to verify their
availability.
* Sparks to bring up the agenda topic on the list
* **UNASSIGNED**
* pjp to give a status update on security policy in the wiki (carried
over)
People Present (lines said)
---------------------------
* Sparks (51)
* linuxmodder (26)
* mhayden (21)
* Astradeus (10)
* zodbot (9)
14:03:49 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:03:49 <zodbot> Meeting started Thu Jan 14 14:03:49 2016 UTC. The chair is
Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:49 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link
#topic.
14:03:49 <zodbot> The meeting name has been set to 'security_team_meeting_-
_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:03:52 <Sparks> #meetingname Fedora Security Team
14:03:52 <zodbot> The meeting name has been set to 'fedora_security_team'
14:03:55 <zodbot> Sparks: Error: Can't start another meeting, one is in
progress.
14:03:58 <Sparks> #meetingname Fedora Security Team
14:03:58 <zodbot> The meeting name has been set to 'fedora_security_team'
14:04:01 <Sparks> #topic Roll Call
14:04:02 * Sparks
14:05:48 * linuxmodder
14:06:20 <linuxmodder> .fas corey84
14:06:21 <zodbot> linuxmodder: corey84 'Corey Sheldon'
<sheldon.corey(a)gmail.com>
14:07:35 * Sparks gives everyone a few more minutes
14:09:39 <Astradeus> .fas astra
14:09:39 <zodbot> Astradeus: rustomafs 'Rustom Irani' <rustom(a)acefastrack.com>
- netman 'Andrey Krasukov' <netman(a)astratel.ru> - astralstorm 'Radosław
Szkodziński' <astralstorm(a)gmail.com> - astratik 'Alexandre Stratikopoulos'
<ale.stratik(a)gmail.com> - astra 'David Kaufmann' <astra(a)ionic.at> - astrawin
'Dick Chapman' <astrawin(a)rogers.com> - ambyte 'Sergey Gulyaev'
<astraway(a)gmail.com> - sabroso 'Luis Alberto Pelaez' �(3 more messages)�
14:09:54 <Astradeus> ah, no, that was the wrong one^^
14:10:03 <Astradeus> .hello astra
14:10:04 <zodbot> Astradeus: astra 'David Kaufmann' <astra(a)ionic.at>
14:11:16 <linuxmodder> scarce on folks today :(
14:11:45 <Sparks> Okay, lets get started
14:12:29 <Sparks> #topic Follow up on last week's tasks
14:12:37 * Sparks notes pjp isn't here
14:12:46 <Sparks> #action pjp to give a status update on security policy in
the wiki (carried over)
14:12:57 <Sparks> #action Sparks to figure out how FST members can get access
to Fedora security bugs
14:13:07 <Sparks> #topic Fedora Security Team FAD
14:13:35 <Sparks> #link http://whenisgood.net/8fshcdf/results/9czp49s
14:13:56 <Sparks> It appears we've narrowed down our available time to a
couple of Fridays in March.
14:14:21 <Sparks> #action Sparks to follow up on meeting locations to verify
their availability.
14:14:46 <Sparks> We also need to get a solid agenda together. We need a list
of things we want to accomplish.
14:15:41 <Sparks> Anyone?
14:15:48 <Astradeus> sounds good?
14:16:23 <Astradeus> don't have much fst experience, so i can't really
contribute to an agenda
14:18:26 <Sparks> #action Sparks to bring up the agenda topic on the list
14:18:35 <Sparks> #topic Apprenticeship
14:18:44 <Sparks> #link
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:19:03 <linuxmodder> Sounds good to me, any plans to do a intro session
at FAD ? or similar like a lab day
14:19:04 <linuxmodder> not necessarily a pen lab but a basics lab ( help
get everyone acquainted with each other | skills and best mentors in each
skill)
14:19:05 <Sparks> I think we're still working on this but this should be
something we work on at the FAD.
14:19:27 <Sparks> linuxmodder: Yes!
14:20:18 <linuxmodder> I am more than willing to help with the security for
dummies |noobs lab (like the 010 -0200 courses)
14:20:26 <Sparks> ack
14:20:27 <linuxmodder> firewalls |acls etc
14:20:35 <Sparks> Okay, we'll move on along...
14:20:42 <Sparks> #topic Outstanding BZ Tickets
14:20:50 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 43 (+7),
Moderate 429 (+5), Low 173 (+27), Total 645
14:20:57 <Sparks> +Tickets by Severity-+-------+---------+
14:20:57 <Sparks> | Severity | Tickets | Owned | Unowned |
14:20:57 <Sparks> +----------+---------+-------+---------+
14:20:57 <Sparks> | medium | 429 | 40 | 389 |
14:20:57 <Sparks> | low | 173 | 13 | 160 |
14:21:00 <Sparks> | high | 43 | 21 | 22 |
14:21:01 <linuxmodder> getting some lag here on my end apoligzes for any
odd relay delays
14:21:02 <Sparks> +----------+---------+-------+---------+
14:21:35 <linuxmodder> glad to see critical back at 0
14:21:44 <Sparks> much agreed.
14:21:54 <Sparks> Now if we could just get rid of the highs.
14:22:33 <linuxmodder> I'll take another look tonight or tomorrow at the
high list see if I can help squash a few
14:22:52 <Sparks> #topic Open floor discussion/questions/comments
14:22:57 <linuxmodder> everything under 20 would be a nice improvement
14:22:57 <Sparks> Okay, anyone have anything?
14:23:01 <Astradeus> maybe
14:23:13 <linuxmodder> Astradeus, shoot
14:23:27 <Astradeus> in the next two hours there seems to be an upcoming CVE
for ssh
14:23:41 <Astradeus> https://twitter.com/phessler/status/687637446469771264
CVE-2016-0777
14:24:03 <linuxmodder> Astradeus, link ? haven't seen that (albeit a bit
out of pocket this week helping a client)
14:24:15 <Astradeus> not sure if it's something, but just came in
14:24:39 <Astradeus> don't have more information, just saw it few minutes ago
14:25:01 <linuxmodder> added to list of followed tweets
14:25:58 <linuxmodder> Sparks, any current appliance or method for
recruiting | training say CS students at the local level for FST or just
the Apprenticeship
14:26:24 <Sparks> linuxmodder: Not yet but we should. We need to get our
training figured out first so we're ready.
14:28:08 <Sparks> Anyone have anything else?
14:28:49 <linuxmodder> Sparks, fully agree
14:28:56 * mhayden is here
14:29:12 <Sparks> mhayden: Oh good, right before we're planning on closing!
14:29:13 <Sparks> :)
14:29:14 <linuxmodder> have anything for open floor mhayden
14:29:23 <mhayden> oof :P
14:29:44 <mhayden> i'm considering adapting openstack-ansible-security for
Fedora
14:29:51 <mhayden> http://docs.openstack.org/developer/openstack-ansible-security/
14:30:12 <Sparks> mhayden: Tell us more!
14:30:13 <mhayden> TL;DR - apply STIG hardening standards w/ansible so that
it's easy to roll into other playbooks/roles
14:30:35 <mhayden> right now it takes the RHEL 6 STIG and translates it to
Ubuntu 14.04 (which is not terribly fun) ;)
14:30:44 <mhayden> but another company is adapting it for Debian 7/8
14:30:53 <mhayden> and i plan to get it working on F23 soon if i can get some
tie
14:31:06 <mhayden> s/tie/time/
14:31:17 <Sparks> mhayden++
14:31:25 <linuxmodder> mhayden, I can throw some testing time toward that
starting later this month
14:31:26 <mhayden> yes, one could use SCAP for this, but SCAP is a little
heavy at times
14:31:34 <mhayden> linuxmodder: woot
14:31:46 <mhayden> also, it's not easy to roll in scap w/ansible if you're
deploying new systems
14:31:49 <linuxmodder> have a STIG system on on personal lappy even
14:31:56 <mhayden> haha, indeed! :)
14:32:12 <linuxmodder> using a slightly modded Centos secure stig ks
14:32:35 <mhayden> gotcha
14:32:47 <linuxmodder> likely same one you referenced think it was 6.4 based
14:33:02 <mhayden> yeah, any idea on when the RHEL 7 stig might get released?
14:33:16 <mhayden> IIRC, some RHT folks contribute to that
14:33:39 <Sparks> mhayden: I think it all comes from RH.
14:33:51 <Sparks> mhayden: Maybe talk to Shawn Wells?
14:33:54 <linuxmodder> not seen any dates but can probe
14:34:34 <mhayden> Sparks: ah, that name sounds quite familiar
14:34:42 <mhayden> i think i was in one of his summit talks once
14:37:06 <mhayden> Sparks: that was about it for me
14:38:28 <Sparks> Okay, anyone have anything else?
14:38:48 <linuxmodder> anyone with any youth or outreach ideas feel free to
hit me up have a startup venture with laptop meant to be STIG complaint in
all variants and oyuth workshops
14:39:01 <Sparks> mhayden: Perhaps you could start a topic on the list
regarding Ansible?
14:39:06 <linuxmodder> #link https://github.com/ameridea
14:39:26 <mhayden> Sparks: sure, in the context of the openstack-ansible-
security repository?
14:39:42 <linuxmodder> makes sense to go that route mhayden
14:39:57 * mhayden will do
14:40:15 <linuxmodder> feel free to use my github addy or corey84(a)fp.o ||
csheldon(a)ameridea.net
14:40:44 <Sparks> mhayden: Yes
14:44:35 <Sparks> Okay, anything else?
14:46:37 <Sparks> Okay, I'm hearing nothing else. Everyone have a good day!
14:46:42 <Sparks> #endmeeting
7 years, 8 months
Fedora Security Team Report - 2016-01-14
by Major Hayden
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-01-14 07:46:16.611335
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-01-14
- -------------------------------------------------------------------------------
+Tickets by Priority-+-------+---------+
| Priority | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 429 | 40 | 389 |
| low | 173 | 13 | 160 |
| high | 43 | 21 | 22 |
+----------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 559 | 65 | 494 |
| ON_QA | 53 | 5 | 48 |
| ASSIGNED | 19 | 4 | 15 |
| MODIFIED | 14 | 0 | 14 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 429 | 40 | 389 |
| low | 173 | 13 | 160 |
| high | 43 | 21 | 22 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| mingw-pcre | 32 | 0 | 32 |
| mingw-libxml2 | 15 | 0 | 15 |
| glib2 | 13 | 0 | 13 |
| qemu | 13 | 4 | 9 |
| xen | 11 | 0 | 11 |
| cacti | 11 | 0 | 11 |
| bugzilla | 11 | 1 | 10 |
| owncloud | 8 | 0 | 8 |
| salt | 7 | 0 | 7 |
| avr-binutils | 6 | 0 | 6 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 238 | 38 | 200 |
| 23 | 141 | 11 | 130 |
| 22 | 126 | 1 | 125 |
| el5 | 78 | 21 | 57 |
| epel7 | 56 | 3 | 53 |
| rawhide | 6 | 0 | 6 |
+----------------+---------+-------+---------+
- --
Major Hayden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWl6bnAAoJEHNwUeDBAR+xNnIP/R5lETEwduwGd0Gg+7hfTA6P
MXFJIZrKwckY9RVmPu2cXZjUFp7QzYwUtz9OIq1ZXaHXS5gdIYFCV8aP5BpE2291
yEhNOivYWJF6QRmXdtUhAjJI61sw87NaUa5b+2yTFRz6mtfSxGBQppl/dLNgQL5M
c1oBTJ1szs561/lSibJLH7S27vfJRMiCSjmDHizQZlSvIZkR9uvtLRet9dfVrPRH
3oIGwZdhuhSTo7fgOvjpCaBApvKODxehAM2szsRO1VGMjcJTAA0kXFOUKxjtmZXJ
jU/FjSim5zz5OQ+ZG7VrHFywq3Y57d03P0JfTwBhn74X1KI+O78xU/zHgcGQ2pgY
Abxrjiy7jOsSY7EAM2r1RdA6ZCykYLyce+8jzyweUMmcpjjfjlH1YCyZWz+0VdfB
BzibdUtcpA0O0Rex7yS3qzMdoXcJBmbgfKGx9VlbQKFX39ZsyU5L6x+R9bKHBI9l
Z+IsFjmiU7aYtrJp6gBXD29ncF1HBzTknGHqcNg1ifS0cq/BbLUulffg2UqWZ4GE
k3p5REYxHebSf4LRbiyUeUiafJut+WIz5lRteImXHCDsiVe3HfnO49DReVPAAkI9
JVmfnyT/YtC84DPMLMCNOjJS8VAdc/5YgPoTrQjGfCe2aQlapxi/P4in1+xAXpQj
KyEuOxJ5fJj4oa8XxVJC
=TX9y
-----END PGP SIGNATURE-----
7 years, 8 months
Security Team Meeting minutes for 2016-01-07
by David Cafaro
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by d-caf at 14:09:54 UTC. The full logs are available at
http://meetbot.fedoraproject.org/fedora-meeting/2016-01-07/fedora_securit...
.
Meeting summary
---------------
* Roll Call (d-caf, 14:10:35)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (d-caf, 14:15:43)
* Follow up on last week's tasks (d-caf, 14:15:52)
* LINK: https://fedoraproject.org/wiki/Information_Security_Training
(fenrus02, 14:18:39)
* LINK: http://fedoraproject.org/wiki/Security_Team_Apprenticeship
(d-caf, 14:19:50)
* Security Team Fedora Activity Day (d-caf, 14:20:57)
* LINK: http://whenisgood.net/8fshcdf/results/9czp49s (d-caf,
14:21:32)
* ACTION: d-caf to email sparks about picking a date for the Security
team in person in the DC Metro area (d-caf, 14:24:21)
* Security Bugs Status (d-caf, 14:26:11)
* LINK: http://paste.fedoraproject.org/308192/45217684/ <-- this
week's report (mhayden, 14:27:36)
* LINK: http://paste.fedoraproject.org/308192/45217684/ (d-caf,
14:28:10)
* LINK:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNE...
(d-caf, 14:29:05)
* Open floor discussion/questions/comments (d-caf, 14:40:54)
* ACTION: mhayden to look into coding up some form of auto-nagging
system for security tickets in bugzilla (d-caf, 14:54:54)
Meeting ended at 14:59:00 UTC.
Action Items
------------
* d-caf to email sparks about picking a date for the Security team in
person in the DC Metro area
* mhayden to look into coding up some form of auto-nagging system for
security tickets in bugzilla
Action Items, by person
-----------------------
* d-caf
* d-caf to email sparks about picking a date for the Security team in
person in the DC Metro area
* mhayden
* mhayden to look into coding up some form of auto-nagging system for
security tickets in bugzilla
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* d-caf (53)
* mhayden (15)
* zodbot (4)
* Astradeus (3)
* jtaylor90 (2)
* fenrus02 (1)
7 years, 8 months
