-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
========================================================================
==============================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
========================================================================
==============================
Meeting started by Sparks at 14:00:46 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-06-09/fedora_secur
ity_team.2016-06-09-14.00.log.html
.
Meeting summary
- ---------------
* Roll Call (Sparks, 14:00:51)
* Apprenticeship (Sparks, 14:10:28)
* ACTION: linuxmodder and jtaylor90 to test the Fedora Security
Apprenticeship training and report back next week (Sparks,
14:25:11)
* Windows/OS X Tools in F25 (Sparks, 14:31:28)
* LINK:
https://fedorahosted.org/fedora-security-team/ticket/1
(Sparks, 14:31:43)
* LINK:
https://github.com/lmacken/liveusb-creator (zoglesby,
14:39:59)
* LINK:
https://bugzilla.redhat.com/show_bug.cgi?id=1310542
(zoglesby, 14:41:09)
* Open floor discussion/questions/comments (Sparks, 14:47:10)
Meeting ended at 14:51:35 UTC.
Action Items
- ------------
* linuxmodder and jtaylor90 to test the Fedora Security Apprenticeship
training and report back next week
Action Items, by person
- -----------------------
* jtaylor90
* linuxmodder and jtaylor90 to test the Fedora Security Apprenticeship
training and report back next week
* linuxmodder
* linuxmodder and jtaylor90 to test the Fedora Security Apprenticeship
training and report back next week
* **UNASSIGNED**
* (none)
People Present (lines said)
- ---------------------------
* Sparks (51)
* zoglesby (36)
* linuxmodder (20)
* zodbot (10)
* nb (5)
* jtaylor90 (5)
* Astradeus (3)
* mhayden (3)
14:00:46 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:00:46 <zodbot> Meeting started Thu Jun 9 14:00:46 2016 UTC. The
chair is Sparks. Information about MeetBot at
http://wiki.debian.org/MeetBot.
14:00:46 <zodbot> Useful Commands: #action #agreed #halp #info #idea
#link #topic.
14:00:46 <zodbot> The meeting name has been set to
'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security
_team_meetings'
14:00:49 <Sparks> #meetingname Fedora Security Team
14:00:49 <zodbot> The meeting name has been set to 'fedora_security_team
'
14:00:51 <Sparks> #topic Roll Call
14:00:52 * Sparks
14:02:41 <linuxmodder> .fas linuxmodder
14:02:41 <zodbot> linuxmodder: linuxmodder 'Corey W Sheldon'
<sheldon.corey(a)openmailbox.org>
14:02:52 <linuxmodder> laggy connect today fyi
14:03:30 * zoglesby is here
14:03:57 <mhayden> .hello mhayden
14:03:58 <zodbot> mhayden: mhayden 'Major Hayden' <major(a)mhtx.net>
14:04:28 <jtaylor90> .fas jtaylor
14:04:29 <zodbot> jtaylor90: jraytay 'Jason Taylor'
<jtaylor48(a)san.rr.com> - jtaylor '' <jtfas90(a)gmail.com> - jtaylor0175
'Jeffrey Scott Taylor' <jst293(a)yahoo.com>
14:04:45 <jtaylor90> lol there is more than one of me
14:06:48 <Sparks> jtaylor90: That's just scary
14:06:53 <Sparks> zoglesby: You here today?
14:06:57 <Sparks> jsmith: ^^^
14:07:04 <zoglesby> yes, I even said so
14:07:09 <Sparks> Yes, yes you did.
14:07:18 <Sparks> #chair linuxmodder mhayden jtaylor90 zoglesby
14:07:18 <zodbot> Current chairs: Sparks jtaylor90 linuxmodder mhayden
zoglesby
14:07:24 <nb> I think I .hello nb
14:07:26 <nb> oops
14:07:29 <nb> .hello nb
14:07:30 <zodbot> nb: nb 'Nick Bebout' <nb(a)nb.zone>
14:07:36 <mhayden> howdy nb
14:07:41 * mhayden just sent out this week's stats
14:08:04 * linuxmodder looks in tb for email
14:09:19 <linuxmodder> that's alot of unowned NEW
14:10:22 <Sparks> Okay, I want to skip over all the meeting stuff and
go straight into the meat of the meeting.
14:10:28 <Sparks> #topic Apprenticeship
14:10:35 <Sparks> zoglesby: Where are we on this?
14:11:15 <zoglesby> We have a plan, it needs but into action, and I
think we need to talk about how to do that.
14:11:30 <Sparks> Okay, lets talk
14:11:32 <zoglesby> It is my opinion that this has stalled because we
did not have a clear next step
14:12:41 <Sparks> zoglesby: What do you propose?
14:13:12 <zoglesby> I don't have a good answer, or I would have just
started to do it.
14:13:55 <zoglesby> maybe we need a ginnie pig
14:14:05 * Sparks eyes nb
14:14:13 <zoglesby> and by that I mean guinea pig
14:14:36 <jtaylor90> a guinea pig to test out the process?
14:14:41 <Sparks> yes
14:15:16 <nb> Sparks, hello
14:15:29 <nb> you were eying me?
14:15:38 <linuxmodder> missed that what we talking about atm?
14:15:52 <zoglesby> guinea pigs
14:16:07 <jtaylor90> I would be willing to be a guinea pig
14:16:07 <linuxmodder> GP for what exactly?
14:16:09 <zoglesby> they are cute, we want them. Not to eat
14:16:27 <zoglesby> For testing the Apprenticeship process out
14:16:33 <linuxmodder> c0mrad3, you around ?
14:16:37 <linuxmodder> skamath, same
14:16:47 <linuxmodder> I can be a GP then
14:17:46 <zoglesby> I am not saying no, but it would be best to have
someone who was not a part of the setup of the process doing it.
14:17:58 <Astradeus> hi, sorry for being late
14:19:43 <Sparks> zoglesby: Okay, looks like we have a few takers here.
14:20:37 <zoglesby> sorry, trying to find the wiki page
14:21:18 <zoglesby> Okay, if you want to be a guinea pig, please start
working on the items on
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:21:30 <zoglesby> At next weeks meeting we will talk about it.
14:21:41 <zoglesby> Can I now get a list of people who are going to do s
o?
14:22:10 <jtaylor90> zoglesby: me
14:22:43 <linuxmodder> !
14:22:50 <linuxmodder> zoglesby, I'm in
14:24:46 <Astradeus> i can look at it again, but it's not really
something i can solve as a task - i've already looked at most of the
linked documents
14:24:53 <Astradeus> but i'll do that until next meeting
14:25:11 <Sparks> #action linuxmodder and jtaylor90 to test the Fedora
Security Apprenticeship training and report back next week
14:25:18 <zoglesby> beat me to it
14:25:27 <Sparks> zoglesby: Sorry, I can undo it so you can do it.
14:25:32 <zoglesby> no
14:27:15 <Sparks> zoglesby: Okay, anything else on this topic?
14:27:29 <zoglesby> Nope, I think that is it.
14:27:42 <Sparks> Great, thanks.
14:27:46 <Sparks> zoglesby++
14:27:58 <Sparks> linuxmodder++
14:27:58 <zodbot> Sparks: Karma for linuxmodder changed to 15 (for the
f23 release cycle):
https://badges.fedoraproject.org/tags/cookie/any
14:28:00 <linuxmodder> any specific metrics or feedback Sparks
zoglesby on the Apprentice track?
14:28:05 <Sparks> jtaylor90++
14:28:21 <Sparks> linuxmodder: Yes, does it make you feel prepared.
14:28:22 <Sparks> :)
14:28:28 <linuxmodder> beyond the obvious this has dead link or
needs clarity
14:30:14 <Sparks> linuxmodder: Did you see my comment?
14:30:19 <linuxmodder> yes
14:30:29 <linuxmodder> about preparedness
14:31:22 <Sparks> Okay
14:31:25 <Sparks> Moving on
14:31:28 <Sparks> #topic Windows/OS X Tools in F25
14:31:40 <Sparks> #link
https://fedorahosted.org/fedora-security-team/ticket/1
14:31:43 <Sparks> #link
https://fedorahosted.org/fedora-security-team/ticket/1
14:31:48 <Sparks> I dropped the ball on this one...
14:31:59 <Sparks> I need some input from others on this.
14:34:23 <zoglesby> In the ticket?
14:35:18 <zoglesby> Not signing binaries for any platform is not
acceptable in my book.
14:35:52 <zoglesby> If it costs a little money, Red Hat makes a lot of
that. (and I am sure they have code signing keys already that could be
used)
14:36:03 <Sparks> zoglesby: Right, and what about building them
offsite (not in FP infrastructure)?
14:37:18 <zoglesby> I don't think doing it at someones desk is a good
idea, but I am sure we can find a way to deal with it.
14:37:35 <Sparks> mattdm: You around?
14:37:39 <zoglesby> The issue is that it can't be built on Linux for
windows correct?
14:37:46 <Sparks> I'm not sure.
14:38:53 <zoglesby> 14:35:26 <dgilmore> koji supports windows natively
and it may be possible for to use mingw to cross somplie if they
switch to c++
14:39:18 <Sparks> Well, that sounds like a rewrite of the software.
14:39:59 <zoglesby>
https://github.com/lmacken/liveusb-creator
14:40:16 <zoglesby> python and pyqt
14:41:03 <linuxmodder> is the old FedoraUSBCreator not still a go for
Windows?
14:41:04 <linuxmodder> what infra you thinking Sparks ?
14:41:06 <linuxmodder> for offsite build
14:41:09 <zoglesby>
https://bugzilla.redhat.com/show_bug.cgi?id=1310542
14:41:18 <Sparks> So I guess the overarching question for us is what
should we enforce. Everything should be signed and for things to be
signed it needs to be built in-house. That sound good?
14:41:33 <linuxmodder> cross compile is possible but security wise a
utter pita and mess
14:41:47 <zoglesby> Sparks: no
14:41:48 <linuxmodder> its presently in py yes?
14:41:55 <Sparks> I don't think we have the resources for a code review.
14:42:13 <zoglesby> I am okay with using a 3rd party build infra for
this item. I am not okay with using someones desktop pc for it
14:42:13 <Sparks> linuxmodder: I'm trying to think more generally than
this specific piece of software.
14:42:47 <Sparks> I'm not sure we can validate the binary if we don't
build it ourselves.
14:42:54 <Sparks> s/can/should
14:43:16 <zoglesby> As long as infra can have people checking in on
the build system (or us) I think it is okay to use something else for
this. Doing it on a PC at someones home/work means they are the
gatekeeper.
14:43:48 <zoglesby> I would like to find out what the actual build
process is.
14:44:10 <Sparks> zoglesby: Can you add these comments to the ticket?
14:44:39 <zoglesby> Its python and pyqt. I can't think you need to
build on windows for that. My reading is that koji has no support for it
.
14:45:07 <zoglesby> If that is the case I say they do it on a VM in
fedora infra.
14:45:14 <zoglesby> Sparks: sure
14:46:41 <zoglesby> done
14:47:09 <Sparks> Okay, we're running a bit late... Lets just skip to
the end.
14:47:10 <Sparks> #topic Open floor discussion/questions/comments
14:47:13 <Sparks> Anyone have anything?
14:48:13 <zoglesby> only that hour has gone by very slow
14:48:24 <Sparks> heh
14:49:25 <Sparks> Anyone else?
14:51:00 <Sparks> Okay, lets go ahead and secure the meeting, then.
Everyone have a good day!
14:51:35 <Sparks> #endmeeting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCgAGBQJXWYLZAAoJED4nr8JXHVrFqfkIAJh5NbrOLlgDXT+qjUpqRive
64BfOx4fMzgyx8Va/PWki9lSwB8zzLe89Bld6spaKbeuTJyCpI1t2X8wl3ZLgC8R
ohrXaPQpCnzRFCIuWZsjG0V6DMFy8ST/xdmyzZEe8DoIuZzlEIEQ1VFbAYUlKph9
y6LC6ALcm7cbk2Nrszxmpo58XQnUut9FeQAcXNVBnTL36drd6jURrV7D9CQu1TUu
P233gR0U7u9J/Y6MO+NaujsmQxs6fAlHUuxalLfgjTh5oBGVElt/H1sDhcrU6aCm
rJKvWVc0SdFgiuWToJrtC1Q0uWezO1kE7hkwkV+qO+iDxqNqL+xdRGdCK3OKAfg=
=YciJ
-----END PGP SIGNATURE-----