Meeting summary
Use the RHEL 7 security guide as initial reading for now
(mhayden, 14:16:52)
ACTION: Rewrite the Fedora Security Guide to be more of what
we're looking for (mhayden, 14:17:27)
https://fedoraproject.org/wiki/Information_Security_Training
(mhayden, 14:18:22)
Fedora Defensive Coding docs could be useful, but may need
some updating (mhayden, 14:19:08)
https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensiv...
(mhayden,
14:19:12)
ACTION: Sparks to make it so on this CWE/CVE business
(mhayden, 14:22:55)
https://access.redhat.com/security/updates/classification
(Sparks, 14:24:58)
https://cve.mitre.org/about/faqs.html (mhayden, 14:25:57)
http://www.candlepinproject.org/presentations/pki-crash-course
(Sparks, 14:26:14)
Understanding packaging is important (mhayden, 14:28:34)
https://fedoraproject.org/wiki/Join_the_package_collection_maintainers
(mhayden, 14:29:03)
https://bettercrypto.org/static/applied-crypto-hardening.pdf
(mhayden, 14:32:58)
this should be opinioned and about how "we" do things as
opposed to just security work in general (mhayden, 14:34:50)
Everything sparks touches turns to gold :) (mhayden, 14:40:16)
Would be nice to find an example of a security packaging fix
done by a non RHT person (mhayden, 14:42:12)
AGREED: Heartbleed was a very sad time all around (mhayden, 14:43:14)
AGREED: Heartbleed was a very sad time all around (mhayden, 14:44:20)
Xen security bugs could be an example -- XSA-108 was a good
one (mhayden, 14:46:14)
https://access.redhat.com/sites/default/files/riskreportgraphics_branded_...
(Sparks,
14:48:00)
ACTION: Apprentice wiki page will be updated soon (mhayden, 14:49:19)
ACTION: Sparks will ask if he can share some of his internal
security apprentice information (mhayden, 14:50:58)
Meeting ended at 14:54:29 UTC (full logs).
Action items
Rewrite the Fedora Security Guide to be more of what we're looking for
Sparks to make it so on this CWE/CVE business
Apprentice wiki page will be updated soon
Sparks will ask if he can share some of his internal security
apprentice information
Action items, by person
Sparks
Sparks to make it so on this CWE/CVE business
Sparks will ask if he can share some of his internal security
apprentice information
UNASSIGNED
Rewrite the Fedora Security Guide to be more of what we're looking for
Apprentice wiki page will be updated soon
People present (lines said)
mhayden (55)
zodbot (12)
Sparks (11)
skamath (7)
Astradeus (5)
linuxmodder (2)
Full Log:
https://meetbot.fedoraproject.org/fedora-meeting/2016-04-21/fedora_securi...