#fedora-meeting: Security Team Meeting - Agenda:
Meeting started by Sparks at 14:00:09 UTC. The full logs are available
* Roll Call (Sparks, 14:00:14)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 14:06:40)
* Follow up on last week's tasks (Sparks, 14:07:32)
* Outstanding BZ Tickets (Sparks, 14:09:33)
* Thursday's numbers: Critical 0 (0), Important 43 (+1), Moderate 408
(-1), Low 153 (+1), Total 604 (Sparks, 14:12:48)
* Open floor discussion/questions/comments (Sparks, 14:28:33)
* LINK: http://www.nhc.noaa.gov/#JOAQUIN
Meeting ended at 14:44:24 UTC.
Action Items, by person
People Present (lines said)
* Sparks (35)
* mhayden (28)
* pjp (15)
* Astradeus (6)
* zodbot (5)
* FabioOlive (2)
14:00:09 <Sparks> #startmeeting Security Team Meeting - Agenda:
14:00:09 <zodbot> Meeting started Thu Oct 1 14:00:09 2015 UTC. The chair is
Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot
14:00:09 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link
14:00:12 <Sparks> #meetingname Fedora Security Team
14:00:12 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:14 <Sparks> #topic Roll Call
14:00:16 * Sparks
14:00:55 <FabioOlive> .fas fleite
14:00:55 <zodbot> FabioOlive: fleite 'Fabio Olive Leite'
14:01:03 <Astradeus> .fas astra
14:01:04 <zodbot> Astradeus: astralstorm 'Radosław Szkodziński'
<astralstorm(a)gmail.com> - netman 'Andrey Krasukov'
rustomafs 'Rustom Irani' <rustom(a)acefastrack.com> - astrand 'Peter
<astrand(a)lysator.liu.se> - astra 'David Kaufmann' <astra(a)ionic.at> -
'Dick Chapman' <astrawin(a)rogers.com> - ambyte 'Sergey Gulyaev'
<astraway(a)gmail.com> - astratik 'Alexandre Stratikopoulos' (3 more
14:01:12 <Astradeus> o_O
14:01:24 <Sparks> Yeah, that doesn't work great
14:04:12 <pjp> Hi,
14:04:51 <Sparks> Ugh, I forgot my script is in fail mode for ticket status
14:05:15 <Sparks> mhayden: You here?
14:06:40 <Sparks> #info Participants are reminded to make liberal use of #info
#link #help in order to make the minutes "more better"
14:06:43 * mhayden stumbles in
14:06:51 <mhayden> sorry, had a 7-9AM meeting that ran over :/
14:07:14 <Sparks> mhayden: Well, you need to tell them that you have a hard
14:07:32 <Sparks> #topic Follow up on last week's tasks
14:07:58 <Sparks> Okay, I totally failed to update the agenda so I'll just
keep the tasks for next week.
14:09:33 <Sparks> #topic Outstanding BZ Tickets
14:10:06 <Sparks> mhayden: Could you provide the stats? I never fixed my
14:10:45 * mhayden digs
14:11:30 <mhayden> full report:
14:12:13 <mhayden> 608 total tickets, 82 owned
14:12:40 <mhayden> cacti is back to lead the security bug list again, but it's
a two way tie with bugzilla ;)
14:12:48 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 43 (+1),
Moderate 408 (-1), Low 153 (+1), Total 604
14:12:52 <Sparks> mhayden: Thank you
14:12:54 <mhayden> followed by nagios (which is being worked by swilkerson)
14:13:30 <Sparks> Anyone have anything ticket-related?
14:13:58 <mhayden> i still would like to write some kind of "verifier"
that checks to see if the issue in the ticket has been addressed
14:14:08 <mhayden> so maybe the packager fixed it but forgot to put the bug #
in their bodhi update
14:14:19 <mhayden> or they bumped a version not knowing that it closed some
14:14:40 <mhayden> that's gonna be insanely tricky :)
14:14:54 <mhayden> but we could check for packages which have any type of
update on a date *after* the bug ticket was opened
14:14:57 <mhayden> and investigate those
14:15:01 <mhayden> they could be low-hanging fruit
14:15:17 <FabioOlive> Sparks: sorry, need to leave the meeting now. I'll
catch up with you later.
14:15:18 <mhayden> thoughts?
14:15:52 <Sparks> mhayden: I think it would be useful but I think we'd have to
talk to releng to implement something like that.
14:16:21 <mhayden> Sparks: couldn't i pull data from bugzilla and then query
14:16:26 <mhayden> or are you worried about overloading bodhi
14:16:50 <pjp> mhayden: How will we know what the update fixed?
14:17:16 <pjp> mhayden: RPM changeLog ?
14:17:22 <Sparks> mhayden: I'm not worried about anything. :)
14:17:42 <Sparks> mhayden: You could do that, I was talking about integrating
it into bodhi during the build.
14:18:07 <mhayden> pjp: that might take some manual investigation :/
14:18:12 <mhayden> until we figure out some way to correlate
14:18:19 <mhayden> but it would be a much shorter list to review :)
14:18:32 <pjp> mhayden: Yes, packagers don't always include the bugid in the
14:20:46 <Sparks> Some outright refuse to do so
14:21:19 <pjp> Sparks: Refuse ?
14:21:46 <pjp> Sparks: saying what? why woudln't they include a bug-id ?
14:22:03 <Sparks> pjp: Saying that it's too much of a hassle to do and they
won't do it.
14:23:02 <Sparks> pjp: I think it's more of a "you're telling me how to
something and I don't like that".
14:23:12 <pjp> Yeah,
14:23:18 <pjp> That's more of it,
14:25:01 <mhayden> hah
14:25:24 <mhayden> i prefer to consider the best intentions until proven
14:25:29 <mhayden> "Trust but verify" :)
14:25:45 <Sparks> heh
14:26:00 <mhayden> (that seems to get harder to do the longer you work in
14:27:14 <Sparks> Okay, anything else ticket-related?
14:28:33 <Sparks> #topic Open floor discussion/questions/comments
14:28:48 * Sparks has some additional hurricane prep things to do...
14:30:18 <mhayden> Sparks: i wish you luck there
14:31:05 <pjp> hurricane prep, not for a real hurricane, is it?
14:31:36 <mhayden> pjp:
14:31:51 * pjp checks
14:32:15 <pjp> Oh boy,
14:32:20 <Astradeus> just seen that on a weathermap a colleague had open half
an hour ago^^
14:32:28 <Astradeus> and i'm in europe..
14:32:32 <Astradeus> small world^^
14:32:40 <Astradeus> best wishes from me too
14:32:53 <Sparks> pjp: I think I've got a front-row seat for this show
14:33:19 <Sparks> http://www.nhc.noaa.gov/#JOAQUIN
14:33:35 <pjp> Sparks: Yep, all the best.
14:35:15 <Sparks> I'm guessing that I'll lose power and Internet and
service and will have time to catch up on my reading and maybe enjoy a nice
star party with all the lights off.
14:35:38 * Sparks is from Eastern North Carolina where we get jittery if we
don't have at least one major hurricane a year.
14:35:53 <pjp> Heh, sounds like a silver lining, :)
14:36:07 <mhayden> could use some of that rain here in TX :)
14:38:08 <Sparks> mhayden: We got ~6 inches of rain the other night.
14:41:47 <Sparks> Okay, anyone have anything else?
14:41:58 <mhayden> nothing for me
14:42:48 <pjp> nope, not this week, hope to do some catch-up by next one
14:43:02 <Sparks> Okay, then I'm going to go ahead and close up shop, here.
14:43:57 <pjp> Yep, thank you all.
14:44:22 <Sparks> Thanks all!
14:44:24 <Sparks> #endmeeting