Fedora Security Team Report - 2016-09-29
by Major Hayden
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-09-29 08:49:48.954425
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-09-29
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 619 | 31 | 588 |
| low | 224 | 11 | 213 |
| high | 108 | 19 | 89 |
| unspecified | 1 | 0 | 1 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 839 | 54 | 785 |
| ON_QA | 70 | 3 | 67 |
| ASSIGNED | 28 | 3 | 25 |
| MODIFIED | 15 | 1 | 14 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 619 | 31 | 588 |
| low | 224 | 11 | 213 |
| high | 109 | 19 | 90 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| qemu | 25 | 4 | 21 |
| ImageMagick | 17 | 0 | 17 |
| mingw-libxml2 | 17 | 0 | 17 |
| bugzilla | 13 | 1 | 12 |
| imlib2 | 12 | 0 | 12 |
| mingw-jasper | 12 | 0 | 12 |
| mingw-libtiff | 11 | 0 | 11 |
| libdwarf | 10 | 0 | 10 |
| libarchive | 10 | 0 | 10 |
| mingw-openssl | 10 | 0 | 10 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 307 | 29 | 278 |
| 23 | 237 | 12 | 225 |
| 24 | 191 | 0 | 191 |
| el5 | 111 | 17 | 94 |
| epel7 | 99 | 3 | 96 |
| rawhide | 4 | 0 | 4 |
| 25 | 3 | 0 | 3 |
+----------------+---------+-------+---------+
--
Major Hayden
7 years, 2 months
Security Team Meeting minutes for 2016-09-15
by Eric Christensen
======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:02:13 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-09-15/fedora_securi...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:02:25)
* New Meeting Time (Sparks, 14:07:49)
* LINK: http://whenisgood.net/p7r9kte/results/fnpcg8k (Sparks,
14:09:49)
* AGREED: 18:00 UTC will be floated as the recommended time for the
FST meeting (Sparks, 14:18:28)
* ACTION: Sparks to send a message to the FST list and, if no one
screams, update FedCal (Sparks, 14:20:13)
* What's Next (Sparks, 14:20:46)
* LINK:
https://fedoraproject.org/wiki/Category:Security_Team?rd=Security_Team
(Sparks, 14:21:53)
* ACTION: Sparks to follow up with sherr_ regarding Krakken (Sparks,
14:36:52)
* Open Floor (Sparks, 14:37:54)
Meeting ended at 14:42:10 UTC.
Action Items
------------
* Sparks to send a message to the FST list and, if no one screams,
update FedCal
* Sparks to follow up with sherr_ regarding Krakken
Action Items, by person
-----------------------
* sherr_
* Sparks to follow up with sherr_ regarding Krakken
* Sparks
* Sparks to send a message to the FST list and, if no one screams,
update FedCal
* Sparks to follow up with sherr_ regarding Krakken
People Present (lines said)
---------------------------
* Sparks (64)
* mhayden (24)
* sherr_ (11)
* zodbot (10)
* Astranox (8)
* athos (3)
* jflory7 (2)
* Southern_Gentlem (1)
* chinosoliard (1)
14:02:13 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:02:14 <zodbot> Meeting started Thu Sep 15 14:02:13 2016 UTC. The
chair is Sparks. Information about MeetBot at
http://wiki.debian.org/MeetBot.
14:02:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea
#link #topic.
14:02:14 <zodbot> The meeting name has been set to
'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_t...'
14:02:17 <Sparks> #meetingname Fedora Security Team
14:02:17 <zodbot> The meeting name has been set to 'fedora_security_team'
14:02:25 <Sparks> #topic Roll Call
14:02:27 * Sparks
14:03:28 <athos> .hello
14:03:28 <zodbot> athos: (�hello <an alias, 1 argument>�) -- Alias for
"hellomynameis $1".
14:03:35 <athos> .hello ribeiro
14:03:36 <zodbot> athos: ribeiro 'Athos Ribeiro' <athoscribeiro(a)gmail.com>
14:04:34 * athos is here to see how these meetings go if that's ok :)
14:05:18 * chinosoliard too
14:05:47 <Sparks> That's fine although I don't think we'll actually have
a meeting today since there doesn't appear to be many in attendance.
14:06:00 <Sparks> And I honestly don't have anything to talk about.
14:06:10 <Sparks> But we can hold it open for questions and the like.
14:06:23 <Astranox> .fas astra
14:06:24 <zodbot> Astranox: rajamastrajabg ''
<rajamastrajabg(a)yahoo.co.in> - netman 'Andrey Krasukov'
<netman(a)astratel.ru> - rustomafs 'Rustom Irani' <rustom(a)acefastrack.com>
- sabroso 'Luis Alberto Pelaez' <charolastra(a)outlook.com> - ghostflower
'eric anthony sharrar' <astral_destination(a)yahoo.com> - thomastran
'Thomas Tran' <tho.tran(a)gmail.com> - katjastrauss72 'Katja Strauss'
<katjastrauss72(a)gmx.com> - jose2 'José Lastra' �(4 more messages)�
14:06:35 <mhayden> .hello mhayden
14:06:36 <zodbot> mhayden: mhayden 'Major Hayden' <major(a)mhtx.net>
14:07:10 <Astranox> i'm one of the '4 more messages' :/
14:07:19 <Astranox> hi all :)
14:07:20 <Sparks> ha!
14:07:41 <Sparks> Okay, lets get started (kinda)
14:07:49 <Sparks> #topic New Meeting Time
14:08:07 <jflory7> Astranox: I think if you do .hello, it will work for
a specific FAS username - .fas is kind of like a search engine for FAS
names :)
14:08:28 <Southern_Gentlem> .hello jbwillia
14:08:29 <zodbot> Southern_Gentlem: jbwillia 'Ben Williams'
<vaioof(a)yahoo.com>
14:08:40 <Sparks> A while back I sent out a survey to determine a better
time to meet.
14:08:47 <Sparks> five people responded
14:08:52 <Sparks> There is no good time
14:09:22 <Sparks> Best time appears to be 2PM ET or 9AM ET (Mo, Th, or Fr)
14:09:49 <Sparks> #link http://whenisgood.net/p7r9kte/results/fnpcg8k
14:10:20 <Astranox> jflory7: yes, i know that one is 'search' the other
one 'search exact', i just confuse them all the time :/
14:10:25 * mhayden digs in his calendar
14:10:34 <Astranox> Sparks: which timezone is ET?
14:10:40 <Sparks> -4
14:10:43 <jflory7> Astranox: Ahh, gotcha. No worries :)
14:12:05 <mhayden> 2PM ET works a little better with me since i have a
bunch of meetings in the early morning hours CDT
14:12:13 <mhayden> lots of US/UK sync-ups
14:13:06 <Sparks> Okay. I'll float 18:00 UTC, then.
14:13:24 <Sparks> mhayden: Will DST mess you up or can we do this UTC?
14:13:37 <mhayden> UTC should be okay
14:13:45 <Sparks> okay
14:13:57 <Sparks> Anyone have any comments on this?
14:13:58 <mhayden> it will be better when we go off DST, honestly ;)
14:14:53 <Astranox> for me all the dates are the same
14:17:31 <Sparks> #agreed FST meeting will now be held at 18:00 UTC on
Thursdays
14:17:39 <Sparks> #undo
14:17:39 <zodbot> Removing item from minutes: AGREED by Sparks at
14:17:31 : FST meeting will now be held at 18:00 UTC on Thursdays
14:18:21 <Astranox> so this will be current_meeting_time + 2 hours?
14:18:28 <Sparks> #agreed 18:00 UTC will be floated as the recommended
time for the FST meeting
14:18:33 <mhayden> should i send a google calendar invitation to the list?
14:18:42 <mhayden> or send out an ics file?
14:18:45 <Sparks> Astranox: Current time plus 4 hours
14:19:01 <Astranox> ah, forgot my +2 hours^^
14:19:05 <Sparks> mhayden: Well, first, never send anything
Google-related to *my* list. ;)
14:19:10 <mhayden> teehee
14:19:35 <Sparks> mhayden: I can adjust the meeting information on the
Fedora calendar and send out the ICS from there I think.
14:19:41 <mhayden> that'd be cool
14:20:13 <Sparks> #action Sparks to send a message to the FST list and,
if no one screams, update FedCal
14:20:46 <Sparks> #topic What's Next
14:21:10 <Sparks> I'm not following the [obviously old] meeting agenda
that's posted as I just haven't had time to update it.
14:21:17 * Sparks barely has time to be here now. :(
14:21:39 <Sparks> That said, I'd like to point out that I've done a
little bit of work on the FST wiki pages
14:21:53 <Sparks> #link
https://fedoraproject.org/wiki/Category:Security_Team?rd=Security_Team
14:22:32 <Sparks> I moved the main page to the category page so that all
FST-related pages will be listed at the bottom.
14:22:48 <mhayden> handy
14:22:51 <Sparks> There is work still to be done.
14:24:02 <Sparks> I'm hoping to document the process for handling
vulnerabilities (we have something but it needs to be updated), and
start to get a list together of topics that should be addressed when it
comes to the topic of secure coding.
14:24:37 <Sparks> I am also continuing to work towards us being
proactive with vulnerability patch management.
14:24:54 <Sparks> Anyone have any comments/questions?
14:26:29 <mhayden> wiki looks good
14:26:54 <mhayden> i'd like to try a crack at some automation or at
least better stats gathering for bugzilla security tickets
14:27:05 <mhayden> i have some travel next week so i might get some time
to look at it
14:27:33 <mhayden> and get it running in a cron ;)
14:27:36 <Sparks> mhayden: You know, inside RH Product Security we have
a nice dashboard that scrapes BZ for information. I wonder if we could
leverage that.
14:27:48 <mhayden> oh really... ;)
14:28:07 <Sparks> Yeah, I'll ask the developer if he'd consider open
sourcing it.
14:28:18 <mhayden> i was hoping i wouldn't get flogged for hitting the
BZ API a little :)
14:28:37 <Sparks> Of course that might require someone higher in the
food chain making a decision
14:29:43 * Sparks invites sherr to come and discuss Krakkin
14:29:52 <Sparks> sherr_: Welcome!
14:29:57 <sherr_> Sparks, hi :)
14:30:13 <mhayden> so glad you could sherr_ some time with us
14:30:14 <Sparks> sherr_: I figured I'd just drag you over here and
throw you under the bus live and in front of everyone
14:30:21 <Sparks> mhayden: boooo
14:30:25 <sherr_> ;)
14:30:27 <mhayden> Sparks: dad jokes are my expertise
14:30:30 <sherr_> what else is new?
14:30:57 <Sparks> sherr_: The Fedora Security Team is interested in
building up some sort of "dashboard" to track vulnerabilities and stuff
we're working on.
14:31:27 <Sparks> sherr_: I know you've done work of this nature in PS.
Any chance of getting that code open sourced where we might be able to
use it?
14:31:55 <Sparks> Obviously, we would have to change some things but
Krakken is such an elegant solution.
14:32:10 <sherr_> it's something we could discuss, and i'm happy that
you like it
14:32:31 <sherr_> it's not open source today primarily because it relies
on internal tools / services to pull data from
14:32:51 <Sparks> Right. I think we'd only really be interested in the
parts that connect to BZ
14:32:58 <sherr_> so significant portions would have to be changed to
make it relevant to open source /fedora usage
14:33:15 <Sparks> cool
14:33:27 <Sparks> shall I follow up with you about this later?
14:33:32 <sherr_> sure
14:33:40 <Sparks> TU
14:33:44 <sherr_> no problem
14:33:57 <Sparks> sherr_: Can I share a screen shot of my dashboard?
14:34:16 <sherr_> Sparks, as long as it doesn't contain any
internal-only data :)
14:34:19 <mhayden> haha
14:34:25 <Sparks> sherr_: Okay
14:34:35 <Sparks> sherr_: I suspect my dashboard is usually sanitized.
14:35:05 <Sparks> sherr_++
14:35:08 <sherr_> i suspect that's probably true
14:35:33 <Sparks> sherr_: Okay, thanks for the info!
14:35:52 <sherr_> np
14:36:52 <Sparks> #action Sparks to follow up with sherr_ regarding Krakken
14:37:03 <mhayden> woot
14:37:06 <Sparks> Anyone else have anything?
14:37:07 <mhayden> thanks for that sherr_
14:37:29 <mhayden> Sparks: i'm out of topic (and dad jokes)
14:37:33 <mhayden> s/topic/topics/
14:37:49 <Sparks> well we're all relieved to hear that.
14:37:54 <Sparks> #topic Open Floor
14:37:59 <Sparks> Does anyone have anything?
14:40:21 <Sparks> If not I'll go ahead and close.
14:41:43 <Sparks> Okay, thanks everyone for coming out today!
14:42:10 <Sparks> #endmeeting
7 years, 2 months
Fedora Security Team Report - 2016-09-15
by Major Hayden
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-09-15 08:45:25
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-09-15
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 627 | 31 | 596 |
| low | 213 | 11 | 202 |
| high | 100 | 19 | 81 |
| unspecified | 1 | 0 | 1 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 847 | 54 | 793 |
| ON_QA | 44 | 3 | 41 |
| ASSIGNED | 30 | 3 | 27 |
| MODIFIED | 20 | 1 | 19 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 627 | 31 | 596 |
| low | 213 | 11 | 202 |
| high | 101 | 19 | 82 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| qemu | 20 | 4 | 16 |
| mingw-libxml2 | 17 | 0 | 17 |
| ImageMagick | 16 | 0 | 16 |
| bugzilla | 13 | 1 | 12 |
| imlib2 | 12 | 0 | 12 |
| mingw-jasper | 12 | 0 | 12 |
| kernel | 11 | 0 | 11 |
| mingw-libtiff | 11 | 0 | 11 |
| libxml2 | 10 | 0 | 10 |
| glib2 | 10 | 0 | 10 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 309 | 29 | 280 |
| 23 | 244 | 12 | 232 |
| 24 | 174 | 0 | 174 |
| el5 | 109 | 17 | 92 |
| epel7 | 98 | 3 | 95 |
| rawhide | 5 | 0 | 5 |
| 25 | 2 | 0 | 2 |
+----------------+---------+-------+---------+
--
Major Hayden
7 years, 2 months
Fedora Security Team Report - 2016-09-08
by Major Hayden
__ _
/ _| ___ __| | ___ _ __ __ _
| |_ / _ \/ _` |/ _ \| '__/ _` | Fedora Security Team Report
| _| __/ (_| | (_) | | | (_| | Report date: 2016-09-08 08:50:03.602213
|_| \___|\__,_|\___/|_| \__,_| Data from: 2016-09-08
-------------------------------------------------------------------------------
+Tickets by Priority----+-------+---------+
| Priority | Tickets | Owned | Unowned |
+-------------+---------+-------+---------+
| medium | 607 | 31 | 576 |
| low | 212 | 11 | 201 |
| high | 91 | 19 | 72 |
| unspecified | 1 | 0 | 1 |
+-------------+---------+-------+---------+
+Tickets by Status---+-------+---------+
| Status | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| NEW | 838 | 54 | 784 |
| ON_QA | 34 | 3 | 31 |
| ASSIGNED | 26 | 3 | 23 |
| MODIFIED | 13 | 1 | 12 |
+----------+---------+-------+---------+
+Tickets by Severity-+-------+---------+
| Severity | Tickets | Owned | Unowned |
+----------+---------+-------+---------+
| medium | 607 | 31 | 576 |
| low | 212 | 11 | 201 |
| high | 92 | 19 | 73 |
+----------+---------+-------+---------+
+Tickets by Component-----+-------+---------+
| Component | Tickets | Owned | Unowned |
+---------------+---------+-------+---------+
| qemu | 19 | 4 | 15 |
| mingw-libxml2 | 17 | 0 | 17 |
| ImageMagick | 16 | 0 | 16 |
| bugzilla | 13 | 1 | 12 |
| imlib2 | 12 | 0 | 12 |
| mingw-jasper | 12 | 0 | 12 |
| kernel | 11 | 0 | 11 |
| mingw-libtiff | 11 | 0 | 11 |
| libxml2 | 10 | 0 | 10 |
| glib2 | 10 | 0 | 10 |
+---------------+---------+-------+---------+
+Tickets by Distro Version-+-------+---------+
| Distro Version | Tickets | Owned | Unowned |
+----------------+---------+-------+---------+
| el6 | 299 | 29 | 270 |
| 23 | 243 | 12 | 231 |
| 24 | 160 | 0 | 160 |
| el5 | 106 | 17 | 89 |
| epel7 | 97 | 3 | 94 |
| rawhide | 5 | 0 | 5 |
| 25 | 1 | 0 | 1 |
+----------------+---------+-------+---------+
--
Major Hayden
7 years, 2 months
