====================================================================================================== #fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings ======================================================================================================
Meeting started by Sparks at 14:00:03 UTC. The full logs are available at https://meetbot.fedoraproject.org/fedora-meeting/2016-03-31/fedora_security_... .
Meeting summary --------------- * Roll Call (Sparks, 14:00:09) * Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (Sparks, 14:08:12)
* Follow up on last week's tasks (Sparks, 14:08:38) * ACTION: pjp to give a status update on security policy in the wiki (carried over) (Sparks, 14:09:01) * ACTION: Sparks to figure out how FST members can get access to Fedora security bugs (carried over) (Sparks, 14:09:11) * ACTION: pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (Sparks, 14:10:05) * ACTION: Sparks to contact gd to see if he is working on a patch for samba in Fedora. (Sparks, 14:10:14)
* Apprenticeship (Sparks, 14:10:38) * zoglesby sent a message to the list regarding Apprenticeship training (Sparks, 14:10:58) * LINK: https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproj... (Sparks, 14:11:05) * Tummala Dhanvi UTC+5:30, CommOps,Docs,Security,* (c0mrad3, 14:12:55) * ACTION: everyone read the security docs (zoglesby, 14:14:11)
* Outstanding BZ Tickets (Sparks, 14:17:27) * Thursday's numbers: Critical 0 (0), Important 67 (0), Moderate 485 (0), Low 171 (+2), Total 723 (Sparks, 14:17:34)
* Open floor discussion/questions/comments (Sparks, 14:26:06) * d-caf will mentor c0mrad3 (Sparks, 14:30:34) * zoglesby will mentor Astradeus (Sparks, 14:31:08)
Meeting ended at 14:34:08 UTC.
Action Items ------------ * pjp to give a status update on security policy in the wiki (carried over) * Sparks to figure out how FST members can get access to Fedora security bugs (carried over) * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * Sparks to contact gd to see if he is working on a patch for samba in Fedora. * everyone read the security docs
Action Items, by person ----------------------- * d-caf * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * Sparks * Sparks to figure out how FST members can get access to Fedora security bugs (carried over) * Sparks to contact gd to see if he is working on a patch for samba in Fedora. * **UNASSIGNED** * pjp to give a status update on security policy in the wiki (carried over) * everyone read the security docs
People Present (lines said) --------------------------- * Sparks (60) * d-caf (19) * c0mrad3 (16) * zoglesby (13) * zodbot (6) * Astradeus (4) * mhayden (3)
14:00:03 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:00:03 <zodbot> Meeting started Thu Mar 31 14:00:03 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:03 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:00:06 <Sparks> #meetingname Fedora Security Team 14:00:06 <zodbot> The meeting name has been set to 'fedora_security_team' 14:00:09 <Sparks> #topic Roll Call 14:00:10 * Sparks 14:00:20 * d-caf 14:01:10 * mhayden woots 14:03:06 <Sparks> zoglesby jsmith: Good morning! 14:03:42 <zoglesby> yeah, yeah. I am here 14:06:08 * Sparks gives everyone a few more minutes to arrive 14:06:13 <Astradeus> hi :) 14:06:43 <d-caf> Astradeus: HI!! 14:07:58 <Sparks> Astradeus: Welcome 14:08:06 <Sparks> Okay, lets get started 14:08:12 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:08:29 <Sparks> #chair d-caf mhayden zoglesby Astradeus 14:08:29 <zodbot> Current chairs: Astradeus Sparks d-caf mhayden zoglesby 14:08:38 <Sparks> #topic Follow up on last week's tasks 14:08:50 * Sparks notes pjp isn't here today 14:09:01 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over) 14:09:11 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs (carried over) 14:09:28 <Sparks> d-caf: Did you work on the Koji and Bodhi private builds topic? 14:09:47 <d-caf> Sparks: No was out traveling all last week, so getting ramped back up this week, sorry 14:09:56 <Sparks> no problem 14:10:05 <Sparks> #action pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. 14:10:14 <Sparks> #action Sparks to contact gd to see if he is working on a patch for samba in Fedora. 14:10:33 <Sparks> Okay, that's all from last week... I think we got one things marked off. 14:10:38 <Sparks> #topic Apprenticeship 14:10:58 <Sparks> #info zoglesby sent a message to the list regarding Apprenticeship training 14:11:05 <Sparks> #link https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproj... 14:11:06 <zoglesby> I did that! 14:11:14 <Sparks> zoglesby: Would you like to lead this discussion? 14:11:38 <zoglesby> no, I think I said in the email we don't need to talk about it here :) 14:11:40 <d-caf> zoglesby: thanks, helped prod me to remember to add two more training links I found (adde this morning) 14:11:57 * c0mrad3 hi guys 14:12:01 <zoglesby> but really, please read the docs and reply to the list what you think are good for entry level security folks 14:12:53 <zoglesby> We don't want to make the list to large, so once we have a list of stuff we may need to make it shorter, but we need to start with something before we can do that 14:12:55 <c0mrad3> #info Tummala Dhanvi UTC+5:30, CommOps,Docs,Security,* 14:12:56 <d-caf> speaking of apprentiship, welcome c0mrad3 who mentioned wanting to join the apprentiship 14:13:12 <c0mrad3> yes :) 14:13:41 <zoglesby> Sparks: that is all I have for this topic 14:13:53 <Sparks> zoglesby: I actually had a dream that we finished doing this. 14:14:11 <zoglesby> #action everyone read the security docs 14:14:15 <mhayden> the list there in the wiki is quite comprehensive 14:14:24 <c0mrad3> what about the reading material for apprentiship 14:14:24 <Sparks> Okay, so I'll reply to the list and lets see if we can get this done before the next meeting 14:14:43 <c0mrad3> I think I have seen an email about the same 14:15:00 <zoglesby> mhayden: yep, that is the issue. We need a smaller list. We don't want to cause information overload 14:15:10 <Sparks> c0mrad3: Yeah, that's what we're talking about... the email. :) 14:15:17 <mhayden> perhaps we break it up into experience/maturity level? 14:15:39 <zoglesby> that is the plan, but we wanted to start with lowest level first 14:15:40 <d-caf> c0mrad3: There is a page here #link 14:15:45 <Sparks> mhayden: Yeah, we need to pull from that list what we think would be important for an apprentise to know 14:15:52 <d-caf> c0mrad3: There is a page here #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Reading 14:16:17 <d-caf> that we are building for apprentiship, feel free to take a look and add any commentes to the email list on your take comming in fresh 14:16:30 <c0mrad3> sure d-caf 14:16:54 <Sparks> Okay, lets move on 14:16:59 <d-caf> but mostly we need to find some focused security training from this page that's good for new people in security (there is a lot there) #link https://fedoraproject.org/wiki/Information_Security_Training 14:17:20 * Sparks skips the discussion regarding handling embargoed vulnerabilities for now 14:17:27 <Sparks> #topic Outstanding BZ Tickets 14:17:34 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 67 (0), Moderate 485 (0), Low 171 (+2), Total 723 14:17:41 <Sparks> +Tickets by Severity-+-------+---------+ 14:17:41 <Sparks> | Severity | Tickets | Owned | Unowned | 14:17:42 <Sparks> +----------+---------+-------+---------+ 14:17:42 <Sparks> | medium | 485 | 40 | 445 | 14:17:42 <Sparks> | low | 171 | 13 | 158 | 14:17:43 <Sparks> | high | 67 | 30 | 37 | 14:17:46 <Sparks> +----------+---------+-------+---------+ 14:18:11 <Sparks> Would someone like to start poking through the highs and see if we can mark any of them an easy fix? 14:18:22 <Sparks> easy fix == upstream has already released a fix 14:18:41 <d-caf> I've been working a few tickets the last two weeks, finally have movement and resolution on git and latex2rtf 14:19:09 <Sparks> woot! 14:19:12 <Sparks> d-caf++ 14:19:13 <c0mrad3> I think git 1.8 have fixed a vuln 14:19:23 <Sparks> grr 14:19:46 <d-caf> d-caf vs dcafaro... I have to many handles... 14:20:20 <d-caf> Git is now 2.5.5 in fc23 14:20:21 <c0mrad3> dcafaro++ 14:20:21 <zodbot> c0mrad3: Karma for dcafaro changed to 2 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:20:33 <Sparks> Yeah, that one. 14:20:35 <d-caf> fc22 also got an update 14:20:46 <Sparks> d-caf: You should really put your IRC nick into FAS. :) 14:21:20 <c0mrad3> correction git 2.8! had fixed a vuln which is introduced in 2.7 14:21:20 <d-caf> Oh, yeah, that's probably a good idea :-) 14:21:45 <d-caf> v2.8 is FC24 and rawhide 14:22:00 <c0mrad3> or Sparks you can type his old handle like me :) 14:22:03 <d-caf> but patches are back ported to older versions for stability purposes when security 14:22:17 * c0mrad3 new to all these 14:25:27 <Sparks> Anything else regarding vulnerabilities? 14:26:06 <Sparks> #topic Open floor discussion/questions/comments 14:26:16 <Sparks> Anyone have anything? 14:27:01 <c0mrad3> ! 14:27:12 <Sparks> c0mrad3: Go 14:27:37 <c0mrad3> Can some one mentor me for the first few bugs so that I get used to the work cycle of the team ? 14:27:54 <Astradeus> same request here :) 14:28:31 <Sparks> zoglesby: I believe you were the one that figured out what a mentor is... 14:29:19 <d-caf> I am willing to help try and mentor through a but or to, hit me up on email. But i've got to head off to another meeting now 14:29:21 <Astradeus> i'd just like to follow the path one takes to close a bug - i think i can manage my own way from there 14:29:26 <d-caf> but/bug... 14:29:56 <Sparks> d-caf: Why don't you take c0mrad3 14:30:07 <Sparks> Astradeus: Either zoglesby or I will help you. 14:30:14 <Astradeus> thanks :) 14:30:24 <c0mrad3> cool 14:30:28 <d-caf> Sparks: sure c0mrad3 email me 14:30:34 <Sparks> #info d-caf will mentor c0mrad3 14:30:36 <zoglesby> sorry, was talking to someone else. 14:30:43 <zoglesby> That works for me 14:30:50 <Sparks> zoglesby: Do you want to mentor Astradeus? 14:31:04 <zoglesby> Sure, why not 14:31:08 <Sparks> #info zoglesby will mentor Astradeus 14:31:10 <Sparks> Great! 14:31:20 <Sparks> Okay, anyone have anything else? 14:31:46 <c0mrad3> zoglesby: I will ping you also if I am struck somewhere 14:32:34 <zoglesby> c0mrad3: talk to d-caf first. He is going to mentor you, but feel free to reach out to me, or anyone else if he can't help for any reason 14:33:05 <c0mrad3> sure zoglesby, I will make sure I will ping d-caf first 14:33:08 <Sparks> If no one has anything else they wish to discuss, we'll close for the day (and I'll have a few minutes to catch up before my next meeting) 14:34:05 <Sparks> Okay, thanks everyone for coming out today. 14:34:08 <Sparks> #endmeeting
security-team@lists.fedoraproject.org