Fedora Security Team Report - 2016-03-17
by David Kaufmann
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-03-17
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-03-17
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 475 | 40 | 435 |
| low | 182 | 13 | 169 |
| high | 66 | 29 | 37 |
| unspecified | 3 | 2 | 1 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 620 | 74 | 546 |
| ON_QA | 70 | 4 | 66 |
| ASSIGNED | 22 | 6 | 16 |
| MODIFIED | 14 | 0 | 14 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 475 | 40 | 435 |
| low | 182 | 13 | 169 |
| high | 69 | 31 | 38 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| qemu | 13 | 4 | 9 |
| xen | 13 | 0 | 13 |
| cacti | 13 | 0 | 13 |
| mingw-jasper | 12 | 0 | 12 |
| glib2 | 12 | 0 | 12 |
| jasper | 12 | 0 | 12 |
| bugzilla | 11 | 1 | 10 |
| kernel | 9 | 0 | 9 |
| mingw-libxml2 | 8 | 0 | 8 |
| libxml2 | 8 | 0 | 8 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 257 | 40 | 217 |
| 23 | 216 | 17 | 199 |
| 22 | 108 | 1 | 107 |
| el5 | 90 | 23 | 67 |
| epel7 | 48 | 3 | 45 |
| 24 | 3 | 0 | 3 |
| rawhide | 3 | 0 | 3 |
| 21 | 1 | 0 | 1 |
+----------------+---------+-------+---------+
7 years, 8 months
FAD Notes
by Zach Oglesby
Here are my notes from the FAD last Friday, sorry it took so long to get out.
# Security Updates workflow
## Issues
- Current process is to slow
- Nothing can be done until Embargoes are lifted
## Plan
- Create a private Bugzilla group to allow for work on embargoed tickets
- Create a private mailing list with support for GPG re-encryption to each member
- Work with Release Engineering to make changes to Bodi and Koji to support building of embargoed packages.
- Create a Security repo that contains recent security updates that is on a small number of server that are refreshing the repo more often than normal mirrors.
## Workflow
- Embargoed CVE notification comes in
- Red Hat security team creates a ticket in private group for Fedora (currently only happens after embargo is lifted)
- Security Response Team identifies individuals that need to know about the ticket and involves them.
- New package is built in private section of Koji
- Tested and Karma is given in Bodhi
- Wait for embargo to be lifted
- Make Bugzilla ticket public
- Release pre-tested package to security repo as well as normal mirrors
# Apprenticeship
Only level that we are defining at this point is the entry level. To meet that requirement the following is needed:
## Intro
- Name/FAS Info
- GPG Keys
- Interest/Why are you joining
-
## Team Engagement
* Join the mailing list
* Participate in meetings
## Required Reading
* Mission statement
* Goals
* Work flow
* Other training
## OJT
* Shadow mentor on through ticket process
* Take lead on a ticket with mentor as shadow
## Needed
In order to meet the above requirements new members need the following:
* Assign mentor
* Add to FAS Group
## Define: Mentor
* Full and active member of the team
* completed apprenticeship
* Active contributor
* Wants to mentor
7 years, 8 months
Re: [GSoC] Help with GSoC CommOps
by Corey Sheldon
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/15/2016 02:19 PM, Sachin Kamath wrote:
> Hi,
>
>
> I am Sachin S Kamath (IRC : skamath). As I had mentioned earlier, I am
interested in working with Fedora this year for GSoC and would really
appreciate if you can guide me with the same. I am interested in working
with CommOps. My skillset is as follows :
>
> *Programming : *C, C++, Python [In the order of fluency]
>
> *Web Testing : *OWTF, Burp, nikto (Security, aye)
>
> *DevOps/SysAdmin : *LAMP, Openshift. ( I have a fully managed VPS. I
have my blog hosted there. You can find it here
<https://blog.sachinwrites.xyz> )
>
> *Automation : *Bash <3
>
> *WebDev : *HTML5, CSS, Bootstrap. ( I built this
<http://amritamun.pe.hu/> a while ago)
>
>
> Apart from this, I am a cyber security enthusiast and love
participating in CTF's. I have also written tech-articles for my college
magazine. It'd be great if you can mentor me if I'm selected. I can
assure you that I'll do my best and will continue to work with the
community post-GSoC too.
>
> Hoping to hear from you soon.
>
>
> Regards,
>
> Sachin S Kamath
Sachin,
Glad to see the interest and large skillset. I am merely one of several
mentors feel free to cc or reply to: summer-coding@ devel@ like I have
for this email. also due to the security interest I have cc'd the
security-team, feel free to join us in #fedora-{security,security-team}
some time.
Regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJW6HD4AAoJEB0LXkn/MuDuvzsQAKRcSsg8w09gBMYyvqVoq9zz
VSVuMvYA+Pq20e165UjSFg9/dNgdZpdxuQ/4mn0LC7IGIpRPgw6NTuzQGXi3uAao
6RUG5WZ+eN7G/5Q3bh+hlR+C0x3c/lV6xtqioh9tL6+f/SqB/zKP+3dQ+CrEUz6g
g+qNlUpsdfH84EsqpWk55aaSk3cApMcTdICoidrctgV5wXiVZoMp9XQrxAAFSb2/
RP4eZ6azFiLRkpFdH0Mr45tgdNk8uiyeHoYqYh5ra85LdTbP2zS/92Ffr98f3DmX
+Gqu7sPhJbD8RCrRPIwLaLzK40XFycNLH71PaNJb8T2J/MI6W4hfue1zZzn8CvCE
pRL3qs8b0Rr0WDmWucIbdkYK31Q9N7/3m7DfHmRpkPWtn4J9P2oXoaRFk1+Jtdxy
mPkSWAw+POYnAO8QzJJ8w+ym8bljuVolRjdWfP0Jt7Euwm3uNx5ZXdPIeEcFdzrA
8II7kDVeSXAEbXbiS+v61ArAMUVfoMj5Wote6aRhcUQm3LaQRp6BVrEhkzVClh5f
9tDJOdlK9RpcSkJEHIEhHAUPGTauYBY8fyImHgVKojLTvgcYQebRQUKe/b32nR+H
YOHni3z0fXWpQDC44Jvz8b1xZp915HbKlPur+V3/VQuN6dYAF0RN19x2t696jKdE
xghwRAG7B3veFjab15/m
=dXqi
-----END PGP SIGNATURE-----
7 years, 8 months
Re: NEW gpg keys
by Corey Sheldon
On 03/14/2016 03:07 AM, Corey Sheldon wrote:
>
> Security team,
>
>
> I have uploaded all uploaded my 3 new keys (personal, FAS, Startup) to
> pgp.mit.edu, keys.fedoraproject.org and have included below the new
> KeyIDs and fingerprints. This email is signed with my FAS gpg key and
> ALL new KeyIDs are in my signature.
>
>
> NEW Personal: 0x02AABD91
> Key fingerprint = A851 E146 F896 B8EA 5DDE 8C2E 5A67 C46F 02AA BD91
>
> NEW FAS: rsa4096/0xFF32E0EE
> Key fingerprint = 4184 0CD0 66D4 3E2B 3CD5 441E 1D0B 5E49 FF32 E0EE
>
> NEW Startup: rsa4096/0x2584CBE4
> Key fingerprint = 6AC0 C11D C899 3D38 7EF9 3B5D 68A7 2A78 2584 CBE4
>
> Regards,
>
> ----
> Corey W. Sheldon
> Freelance IT Tutor
> Security Researcher | Fedora Ambassador, North America
> sheldon.corey(a)gmail.com | csheldon(a)ameridea.net |
> corey84(a)fedoraproject.org
> ph: (11)+1.310.909.7672 skype: cwwsheldon
> PGP: 0x02AABD91 | 0xxFF32E0EE | 0x2584CBE4
> Tox: corey84(a)toxme.io
> 9357bc6a5944a08afc7d1effd61f6a73b9eabf8b2fb84acf1dac9a1a4d0a4705ffccd0e5499b
> Linphone: linuxmodder
> ricochet:qxcgel5jqoqcb3q2
> btc:15cn1BvAFEREHk8UekJ6i9Dxi9Wbw6vzDD
>
> "Have no way as way, no limitation as limitation." -- Bruce lee
> "One must never underestimate the power of boredom...from which
> creativity and laziness are borne, which can spark great works of chaos
> and genius." -- Unknown
>
> This document, including attachments, is intended for the person(s) or
> company(ies) named herewithin and contains confidential and/or legally
> privileged information, and may occasionally include Intellectual
> Property / Embargoed Content.
> Unauthorized disclosure, copying or use of this information may be
> unlawful and is prohibited, including unsolicited Cc/Bcc. If you are not
> the intended recipient, please disregard and destroy this message and
> notify the sender (only if you know the intended reciepient), and a
> return email indicating a improper recipient IS requested so that I may
> remove you from any lists, conversations such error may have created /
> allowed.
> Use of OpenGPG keys are highly encouraged || hkp://pgp.mit.edu &
> hkp://keys.fedoraproject.org
> >
--
Corey W. Sheldon
Freelance IT Tutor
Security Researcher | Fedora Ambassador, North America
sheldon.corey(a)gmail.com | csheldon(a)ameridea.net | corey84(a)fedoraproject.org
ph: (11)+1.310.909.7672 skype: cwwsheldon
PGP: 0x02AABD91 | 0xxFF32E0EE | 0x2584CBE4
Tox: corey84(a)toxme.io
9357bc6a5944a08afc7d1effd61f6a73b9eabf8b2fb84acf1dac9a1a4d0a4705ffccd0e5499b
Linphone: linuxmodder
ricochet:qxcgel5jqoqcb3q2
btc:15cn1BvAFEREHk8UekJ6i9Dxi9Wbw6vzDD
"Have no way as way, no limitation as limitation." -- Bruce lee
"One must never underestimate the power of boredom...from which
creativity and laziness are borne, which can spark great works of chaos
and genius." -- Unknown
This document, including attachments, is intended for the person(s) or
company(ies) named herewithin and contains confidential and/or legally
privileged information, and may occasionally include Intellectual
Property / Embargoed Content.
Unauthorized disclosure, copying or use of this information may be
unlawful and is prohibited, including unsolicited Cc/Bcc. If you are not
the intended recipient, please disregard and destroy this message and
notify the sender (only if you know the intended reciepient), and a
return email indicating a improper recipient IS requested so that I may
remove you from any lists, conversations such error may have created /
allowed.
Use of OpenGPG keys are highly encouraged || hkp://pgp.mit.edu &
hkp://keys.fedoraproject.org
7 years, 8 months
Security Team Meeting Minutes for 2016-03-10
by Eric Christensen
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:00:53 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-03-10/fedora_securi...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:00:57)
* Fedora Security Team FAD (Sparks, 14:08:56)
* LINK: https://fedoraproject.org/wiki/Security_Team_FAD_2016
(Sparks, 14:09:05)
* It appears that we have five people coming to the FAD, physically,
and a few more remotely. (Sparks, 14:09:44)
* LINK: http://paste.fedoraproject.org/336715/45761897/raw/
(mhayden, 14:09:52)
* We'll be monitoring #fedora-security-team in Freenode IRC for backup
communications and notes. (Sparks, 14:17:26)
* Missing CVE bugs (Sparks, 14:25:17)
* Outstanding BZ Tickets (Sparks, 14:38:31)
* Thursday's numbers: Critical 0, Important 69, Moderate 468, Low 178
(Sparks, 14:39:23)
* Open floor discussion/questions/comments (Sparks, 14:41:19)
Meeting ended at 14:48:56 UTC.
Action Items
------------
Action Items, by person
-----------------------
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* Sparks (59)
* linuxmodder (20)
* d-caf (7)
* zodbot (6)
* zoglesby (5)
* jsmith (5)
* mhayden (4)
* Astradeus (2)
14:00:53 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:00:53 <zodbot> Meeting started Thu Mar 10 14:00:53 2016 UTC. The
chair is Sparks. Information about MeetBot at
http://wiki.debian.org/MeetBot.
14:00:53 <zodbot> Useful Commands: #action #agreed #halp #info #idea
#link #topic.
14:00:53 <zodbot> The meeting name has been set to
'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_t...'
14:00:56 <Sparks> #meetingname Fedora Security Team
14:00:56 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:57 <Sparks> #topic Roll Call
14:00:58 * Sparks
14:01:04 * d-caf
14:02:31 * d-caf could have sworn had just seen linuxmodder in this
window...
14:02:35 * jsmith is here
14:02:55 <linuxmodder> .hello corey84
14:02:56 <zodbot> linuxmodder: corey84 'Corey Sheldon'
<sheldon.corey(a)gmail.com>
14:03:02 <linuxmodder> I was lol d-caf
14:03:51 <linuxmodder> will brb drink refill
14:05:58 * linuxmodder back
14:06:06 <mhayden> .hello mhayden
14:06:07 <zodbot> mhayden: mhayden 'Major Hayden' <major(a)mhtx.net>
14:08:03 * Sparks was hoping zoglesby would be here today
14:08:09 <Sparks> Okay, lets get startee
14:08:10 <Sparks> Okay, lets get started
14:08:19 * mhayden is generating this week's report
14:08:56 <Sparks> #topic Fedora Security Team FAD
14:09:05 <Sparks> #link
https://fedoraproject.org/wiki/Security_Team_FAD_2016
14:09:31 <d-caf> Tomorrow
14:09:44 <Sparks> #info It appears that we have five people coming to
the FAD, physically, and a few more remotely.
14:09:52 <mhayden> #link http://paste.fedoraproject.org/336715/45761897/raw/
14:10:24 <Sparks> d-caf: Yes, tomorrow! :)
14:10:37 <linuxmodder> I'll be there maybe a bit delayed (9-930)
14:10:39 * Sparks needs to figure out which trains to take to get to
where I'm headed.
14:11:10 <d-caf> Yes, I'll be metroing in as well
14:11:47 * Astradeus remotely (sorry for being late)
14:12:27 <Sparks> I'll send out an email with contact information for
myself and Zach as well as instructions for the keysigning event.
14:12:38 <linuxmodder> so at least 3/5 will be metroing
14:14:32 <Sparks> I still haven't received word back on funding so we
may just be going Dutch
14:15:32 <jsmith> Worse comes to worse, I can probably cover lunch
14:15:33 <Sparks> I also have heard back from zoglesby regarding the
video conferencing setup at his office so standby for changes.
14:15:48 <jsmith> Want me to bring a couple of extra webcams?
14:16:13 <Sparks> Umm... Well, there apparently is some sort of setup
but we're not sure exactly what it supports.
14:16:38 <linuxmodder> I have a spare its only 720 p tho
14:16:48 <Sparks> I'll try to track down zoglesby today and get that
figured out. We can update the wiki as needed.
14:17:26 <Sparks> #info We'll be monitoring #fedora-security-team in
Freenode IRC for backup communications and notes.
14:17:42 <Sparks> We can run zodbot in there to collect our notes
14:18:04 <Sparks> But that will be our backup path if the video
conference changes.
14:19:45 <jsmith> OK.
14:19:54 <Sparks> Any additional questions?
14:21:14 <d-caf> Just looking forward to seeing everyone
14:21:29 <d-caf> Unfortunately I'm going to have to miss the rest of
this irc meeting, need to head out.
14:21:39 <d-caf> See everyone tomorrow!
14:22:26 <linuxmodder> Sparks, any special access concerns for the bldg
itself
14:23:15 <Sparks> linuxmodder: Not that I'm aware of.
14:23:40 <linuxmodder> okay
14:23:58 <Sparks> zoglesby says to go to the front desk and say that you
are here to see him (Zach Oglesby)
14:24:01 <linuxmodder> some of my dc tech stuff has them so I ask
14:24:20 <linuxmodder> noted
14:25:11 <Sparks> Okay, moving along...
14:25:17 <Sparks> #topic Missing CVE bugs
14:26:38 <Sparks> Yesterday a maintainer received a new version of a
program that fixed two CVEs. Upon checking BZ there were no CVE tracker
bugs for this CVE and MITRE didn't show anything either.
14:28:02 <Sparks> Turns out, the CVEs were still embargoed and thus
weren't showing up publically.
14:29:02 <linuxmodder> Sparks, when do those go un-enbargoed ?
14:29:06 <Sparks> Since upstream broke the embargo we opened up the bugs
as well. The update in Bodhi was properly attached to the new bug
tickets and all is well.
14:29:15 <linuxmodder> I remember seeing that exchange briefly yesterday
14:29:43 <Sparks> linuxmodder: Embargoes should have expiration dates
and times.
14:30:01 <Sparks> linuxmodder: Generally, this is worked out with
upstream so everyone is on the same page.
14:30:28 <Sparks> Why upstream released early I'm not sure.
14:31:33 <linuxmodder> I'm familar with the process was just curious
how /why the date was ignored (if known)
14:31:59 <Sparks> The takeaway to all this is we need to make sure that
patched CVEs get attached to BZ bugs so we can account for all of the fixes.
14:33:15 <zoglesby> Sparks: how many people can see the list of
embargoed tickets? (on fedora-security-team)
14:33:20 <zoglesby> is it just you?
14:34:04 <Sparks> If a CVE ticket does not exist then send a message to
secalert(a)redhat.com so RH Product Security can sort it all out.
14:34:50 <Sparks> zoglesby: It is likely just me since I'm on Product
Security. Embargoed CVEs that affect Fedora don't even have Fedora
tickets until they are unembargoed so there isn't anything to see.
14:35:42 <zoglesby> okay, hope this is a topic for tomorrow...
14:35:48 <Sparks> If you are so inclined, messages to
secalert(a)redhat.com can be encrypted using 9273 2337 E5AD 3417 5265 64AB
5E54 8083 650D 5882
14:36:07 <Sparks> zoglesby: It can/will be but there really isn't much
of a good answer, unfortunately.
14:36:37 <Sparks> Perhaps Fabio can join us tomorrow, remotely, for that
part of the discussion
14:36:59 <Sparks> Any other questions?
14:38:00 <zoglesby> No
14:38:31 <Sparks> #topic Outstanding BZ Tickets
14:38:37 <linuxmodder> imported that key for fture
14:39:23 <Sparks> #info Thursday's numbers: Critical 0, Important 69,
Moderate 468, Low 178
14:39:30 <Sparks> +Tickets by Severity-+-------+---------+
14:39:30 <Sparks> | Severity | Tickets | Owned | Unowned |
14:39:30 <Sparks> +----------+---------+-------+---------+
14:39:30 <Sparks> | medium | 468 | 40 | 428 |
14:39:31 <Sparks> | low | 178 | 13 | 165 |
14:39:32 <Sparks> | high | 69 | 20 | 49 |
14:39:34 <Sparks> +----------+---------+-------+---------+
14:39:43 <Sparks> Anyone have anything to talk about ticket-wise?
14:39:50 * jsmith doesn't
14:39:54 * mhayden hasn't had much time to follow up on security issues
lately :/
14:41:19 <Sparks> #topic Open floor discussion/questions/comments
14:41:20 <linuxmodder> not been active in the ticket list of late
hoping to look today
14:41:25 <Sparks> Okay, anyone have anything?
14:42:34 <linuxmodder> there was a hope in docs | blog to have a
revise of security docs for 23 ( seems some are back to 21)
14:42:59 <linuxmodder> can find the list link if needed but also was in
server list
14:43:00 <Astradeus> anything to review before tomorrow?
14:43:58 <Sparks> linuxmodder: We can talk about that tomrorow fi you wish
14:44:11 <linuxmodder> noted
14:45:51 <Sparks> Anything else?
14:47:44 <linuxmodder> nothing comes to mind but reserving right ot add
on ml if comes to mind :)
14:47:58 <Sparks> Okay, everyone have a good day and I'll be seeing you
all tomorrow!
14:48:07 <Sparks> right to add on ml?
14:48:16 <Sparks> Oh
14:48:24 <Sparks> I'm with you now. :)
14:48:29 <zoglesby> slow today?
14:48:33 <Sparks> everyday
14:48:39 <Sparks> every day
14:48:56 <Sparks> #endmeeting
7 years, 8 months
Fedora Security Team Report - 2016-03-10
by Major Hayden
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-03-10 08:08:04.946225
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-03-10
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 468 | 40 | 428 |
| low | 178 | 13 | 165 |
| high | 66 | 20 | 46 |
| unspecified | 3 | 0 | 3 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 619 | 65 | 554 |
| ON_QA | 52 | 4 | 48 |
| ASSIGNED | 22 | 4 | 18 |
| MODIFIED | 22 | 0 | 22 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 468 | 40 | 428 |
| low | 178 | 13 | 165 |
| high | 69 | 20 | 49 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| qemu | 13 | 4 | 9 |
| xen | 13 | 0 | 13 |
| mingw-jasper | 12 | 0 | 12 |
| glib2 | 12 | 0 | 12 |
| jasper | 12 | 0 | 12 |
| cacti | 12 | 0 | 12 |
| bugzilla | 11 | 1 | 10 |
| php | 9 | 0 | 9 |
| mingw-libxml2 | 8 | 0 | 8 |
| libxml2 | 8 | 0 | 8 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 251 | 36 | 215 |
| 23 | 213 | 12 | 201 |
| 22 | 108 | 1 | 107 |
| el5 | 89 | 21 | 68 |
| epel7 | 47 | 3 | 44 |
| 24 | 3 | 0 | 3 |
| rawhide | 3 | 0 | 3 |
| 21 | 1 | 0 | 1 |
+----------------+---------+-------+---------+
--
Major Hayden
7 years, 8 months
Security Team Meeting minutes for 2016-03-03
by Eric Christensen
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:00:43 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-03-03/fedora_securi...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:00:49)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 14:06:05)
* Follow up on last week's tasks (Sparks, 14:06:17)
* ACTION: Sparks to figure out how FST members can get access to
Fedora security bugs (Sparks, 14:06:24)
* ACTION: Sparks to follow up on meeting locations to verify their
availability. (Sparks, 14:06:33)
* ACTION: pjp to give a status update on security policy in the wiki
(carried over) (Sparks, 14:06:48)
* Fedora Security Team FAD (Sparks, 14:06:53)
* Security Team FAD will be on March 11th from 9AM to 5PM ET (Sparks,
14:07:18)
* LINK: https://fedoraproject.org/wiki/Security_Team_FAD_2016
(Sparks, 14:07:31)
* If you are planning on attending you do need to RSVP using the wiki
page. (Sparks, 14:09:46)
* Outstanding BZ Tickets (Sparks, 14:13:16)
* Thursday numbers: Critical 0, Important 65, Moderate 450, Low 180
(Sparks, 14:14:19)
* Open floor discussion/questions/comments (Sparks, 14:16:19)
Meeting ended at 14:21:30 UTC.
Action Items
------------
* Sparks to figure out how FST members can get access to Fedora security
bugs
* Sparks to follow up on meeting locations to verify their availability.
* pjp to give a status update on security policy in the wiki (carried
over)
Action Items, by person
-----------------------
* Sparks
* Sparks to figure out how FST members can get access to Fedora
security bugs
* Sparks to follow up on meeting locations to verify their
availability.
* **UNASSIGNED**
* pjp to give a status update on security policy in the wiki (carried
over)
People Present (lines said)
---------------------------
* Sparks (39)
* linuxmodder (13)
* zodbot (7)
* d-caf (6)
* mhayden (2)
* Astradeus (1)
14:00:43 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:43 <zodbot> Meeting started Thu Mar 3 14:00:43 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:43 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:43 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_t...'
14:00:46 <Sparks> #meetingname Fedora Security Team
14:00:46 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:49 <Sparks> #topic Roll Call
14:00:50 * Sparks
14:00:57 <linuxmodder> .hello linuxmodder
14:00:58 <zodbot> linuxmodder: Sorry, but you don't exist
14:01:03 <linuxmodder> .hello corey84
14:01:05 <zodbot> linuxmodder: corey84 'Corey Sheldon' <sheldon.corey(a)gmail.com>
14:02:24 <Astradeus> hi
14:02:24 <Sparks> mhayden zoglesby jsmith: Will you be joining us this morning?
14:02:36 <mhayden> .hello mhayden
14:02:40 <zodbot> mhayden: mhayden 'Major Hayden' <major(a)mhtx.net>
14:03:19 <linuxmodder> mattdm, able to hang this morning?
14:04:47 <d-caf> Hello
14:05:12 <linuxmodder> d-caf, mornign
14:05:34 <d-caf> Major Hayden ticket report reminded me to show up... :-)
14:05:45 <Sparks> Okay, lets get started
14:06:05 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:06:17 <Sparks> #topic Follow up on last week's tasks
14:06:24 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs
14:06:33 <Sparks> #action Sparks to follow up on meeting locations to verify their availability.
14:06:48 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over)
14:06:53 <Sparks> #topic Fedora Security Team FAD
14:07:18 <Sparks> #info Security Team FAD will be on March 11th from 9AM to 5PM ET
14:07:31 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_FAD_2016
14:07:42 <Sparks> Any questions or comments on the FAD?
14:08:37 <linuxmodder> none here
14:08:43 <mhayden> i wish i could attend! :P
14:08:53 <Sparks> mhayden: Well, come on!
14:09:03 <linuxmodder> I cross posted on my WP / G+ / twitter /linked /fb
14:09:05 <Sparks> mhayden: We will have remote access available
14:09:35 <linuxmodder> still blue jeans or hangouts saw something on ml about a chromecast room
14:09:46 <Sparks> #info If you are planning on attending you do need to RSVP using the wiki page.
14:10:15 <Sparks> linuxmodder: I've got Blue Jeans setup but we need to confirm that it will work in the room.
14:10:25 <linuxmodder> ah
14:10:46 <Sparks> We'll update the wiki page as we go along.
14:11:03 <linuxmodder> Sparks,++
14:11:36 <Sparks> Okay, anyone have anything else regarding the FAD?
14:11:56 <linuxmodder> sorry grouping issue
14:13:16 <Sparks> #topic Outstanding BZ Tickets
14:14:19 <Sparks> #info Thursday numbers: Critical 0, Important 65, Moderate 450, Low 180
14:14:26 <Sparks> +Tickets by Severity-+-------+---------+
14:14:26 <Sparks> | Severity | Tickets | Owned | Unowned |
14:14:26 <Sparks> +----------+---------+-------+---------+
14:14:26 <Sparks> | medium | 450 | 40 | 410 |
14:14:26 <Sparks> | low | 180 | 13 | 167 |
14:14:28 <Sparks> | high | 65 | 20 | 45 |
14:14:31 <Sparks> +----------+---------+-------+---------+
14:14:43 <Sparks> Anyone have anything to discuss regarding tickets?
14:15:08 <linuxmodder> not critical is a nice change of report
14:15:47 <Sparks> ya
14:16:19 <Sparks> #topic Open floor discussion/questions/comments
14:16:28 <Sparks> Okay, anyone have anything they want to discuss?
14:17:22 <d-caf> Sorry, didn't get to say this in previous topic but.
14:17:50 <linuxmodder> I'll be at CarolinaCon this weekend any tools or parts anyone would like showcased (it is a blackhat leaning con)
14:17:51 <d-caf> It seems we aren't really getting on tickets as well as we used to (I know I've very guilty of this)
14:18:25 <linuxmodder> been looking at some of the mediums but lacking too here
14:18:42 <Sparks> d-caf: True. I'm hoping we can come up with a plan of attack at the FAD.
14:19:02 <d-caf> I know I've been slammed at work which is eating into my evening/weekend ours, and changes at work make it near impossible to work on tickets in my beather breaks
14:19:37 <d-caf> Sparks: good idea, we need to get some more tracktion there
14:20:26 <Sparks> Yep
14:20:29 <Sparks> Okay, anyone else?
14:21:25 <Sparks> Okay, we'll move this to the list, then. Catch you all next week!
14:21:30 <Sparks> #endmeeting
7 years, 9 months
Fedora Security Team Report 2016-03-03
by Major Hayden
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-03-03 07:57:35.081150
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-03-03
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 450 | 40 | 410 |
| low | 180 | 13 | 167 |
| high | 62 | 20 | 42 |
| unspecified | 3 | 0 | 3 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 609 | 65 | 544 |
| ON_QA | 53 | 4 | 49 |
| ASSIGNED | 22 | 4 | 18 |
| MODIFIED | 11 | 0 | 11 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 450 | 40 | 410 |
| low | 180 | 13 | 167 |
| high | 65 | 20 | 45 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| xen | 15 | 0 | 15 |
| qemu | 12 | 4 | 8 |
| glib2 | 12 | 0 | 12 |
| cacti | 12 | 0 | 12 |
| bugzilla | 11 | 1 | 10 |
| kernel | 8 | 0 | 8 |
| mingw-libxml2 | 8 | 0 | 8 |
| mingw-jasper | 8 | 0 | 8 |
| libxml2 | 8 | 0 | 8 |
| jasper | 8 | 0 | 8 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 252 | 36 | 216 |
| 23 | 197 | 12 | 185 |
| 22 | 108 | 1 | 107 |
| el5 | 86 | 21 | 65 |
| epel7 | 46 | 3 | 43 |
| 24 | 3 | 0 | 3 |
| rawhide | 3 | 0 | 3 |
+----------------+---------+-------+---------+
--
Major Hayden
7 years, 9 months
