-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey folks,
Here are the notes from today's Fedora Security Team meeting:
Minutes:
http://meetbot.fedoraproject.org/fedora-meeting/2015-07-02/fedora_securit...
Minutes (text):
http://meetbot.fedoraproject.org/fedora-meeting/2015-07-02/fedora_securit...
Log:
http://meetbot.fedoraproject.org/fedora-meeting/2015-07-02/fedora_securit...
Meeting summary
- ---------------
* Roll Call (mhayden, 14:01:02)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (mhayden, 14:05:08)
* 90-Day Challenge (mhayden, 14:05:19)
* LINK:
https://ethercalc.org/90-day-challenge (mhayden, 14:05:33)
* 90-Day Challenge has a goal to close all 2014 and prior Important
CVEs in Fedora (mhayden, 14:05:39)
* Outstanding BZ Tickets (mhayden, 14:08:18)
* LINK:
https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-June/011898.html
(mhayden, 14:11:18)
* LINK:
https://fedoraproject.org/wiki/LXC_Template_Security_Improvements
(mhayden, 14:14:20)
* Open floor discussion/questions/comments (mhayden, 14:22:51)
* LINK:
http://meetbot.fedoraproject.org/fedora-meeting/2015-06-11/fedora_securit...
(d-caf, 14:23:22)
* For non-responsive maintainers at
redhat.com email addresses, reach
out to scorneli (mhayden, 14:24:28)
* ACTION: Check in with Fabio0live about the non-responsive maintainer
process automation (mhayden, 14:24:51)
* Biggest barrier to closing security bugs is non-responsive
maintainers (mhayden, 14:25:12)
* IDEA: Possibly use provenpackers in FST to tackle high priority
security bugs on non-responsive maintainer packages -- needs more
discussion (mhayden, 14:29:36)
* Provenpackager access has been used in the past for critical bugs
(thanks d-caf) (mhayden, 14:30:20)
* LINK:
https://www.youtube.com/watch?v=a9lE9Urr6AQ (mhayden,
14:32:49)
* LINK: Super Privileged Containers- >
https://www.youtube.com/watch?v=dM2Fc53Dtd4 (mhayden, 14:33:21)
Meeting ended at 14:35:34 UTC.
Action Items
- ------------
* Check in with Fabio0live about the non-responsive maintainer process
automation
Action Items, by person
- -----------------------
* **UNASSIGNED**
* Check in with Fabio0live about the non-responsive maintainer process
automation
People Present (lines said)
- ---------------------------
* mhayden (85)
* d-caf (37)
* scorneli (6)
* revskills (4)
* zodbot (3)
* jrusnack (2)
* striker (1)
- --
Major Hayden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVlU0NAAoJEHNwUeDBAR+xWegP/iYioJCEU2HxtWj8zMQdG0Wo
RKMwdbrn2MiyAJsy3HViJdv01906SOYBChPxR/M42Km/evxMezrrCu7R42R6eDjB
oInvmYmdmWip8uZa6I7IJyT2kmL0Rj/FE+4tFbuTOhqNSxRsyddCvAUMzaBC5u0L
lBS9AeCVksMNMtNh+hGxiqvBkoIxjGYGnauHQ2CsEHahaPgHfxmnX29HFAkYBhuD
7vAJ0DNH2vb6icpJ7B92lXXeXFaOzpzaV32tsXau7WNStS+jEqRYYLiMhYr1Vkqp
9qnXqlK1A5HlKvpRC6G2aDYVM8k0l23W2RptOcHGzVssjW0DIq73kzDhelJ8poBg
9C31ainVfT6MtLc6SMY4QRne3ODiRKOu1zQK3iro/U7kpBlcLr/3QXm5eJsJKCk6
GbJLRDKmGG19qmlwBdcuX4na9ZabNWI76rv0srBEy8QK4VQiB69TZuh2X6iVZcBx
ia+tSGJQs8SP4EIwMeQOljAPwrzF09ybNXhPRubKIt+e8tZD9LOLtqoRrgBrQSbO
lBJRalPJ+ZJjyWH/hTfVDcGHAcv2jN94QB3aKM051jRzrAwp7p3y+lM6Ah/ZNBgQ
ujO+tZLjLDG6dK0AOsPOj6wD0Xxt7DB3KyX+UgtUObHQiQI3NItkO7sKQJvlrg+l
1acLTnrSoQsQ5E8U2Hkr
=j35b
-----END PGP SIGNATURE-----