====================================================================================================== #fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings ====================================================================================================== Meeting started by Sparks at 14:05:20 UTC. The full logs are available at https://meetbot.fedoraproject.org/fedora-meeting/2016-03-24/fedora_securi... . Meeting summary --------------- * Roll Call (Sparks, 14:05:26) * Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (Sparks, 14:10:54) * Follow up on last week's tasks (Sparks, 14:11:09) * ACTION: pjp to give a status update on security policy in the wiki (carried over) (Sparks, 14:11:40) * ACTION: Sparks to figure out how FST members can get access to Fedora security bugs (carried over) (Sparks, 14:11:49) * ACTION: pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (Sparks, 14:12:08) * ACTION: zoglesby to take the Apprenticeship discussion to the list for further development (Sparks, 14:13:31) * Apprenticeship (Sparks, 14:13:38) * LINK: https://fedoraproject.org/wiki/Security_Team_Apprenticeship (Sparks, 14:14:13) * Handling embargoed vulnerabilities (Sparks, 14:16:45) * The management in Red Hat Product Security is investigating our ability to work closer with them. (Sparks, 14:18:02) * Outstanding BZ Tickets (Sparks, 14:23:24) * Thursday's numbers: Critical 0 (0), Important 67 (+13), Moderate 485 (+11), Low 169 (-18), Total 721 (Sparks, 14:23:32) * ACTION: Sparks to contact gd to see if he is working on a patch for Fedora. (Sparks, 14:29:21) * Open floor discussion/questions/comments (Sparks, 14:30:33) Meeting ended at 14:33:47 UTC. Action Items ------------ * pjp to give a status update on security policy in the wiki (carried over) * Sparks to figure out how FST members can get access to Fedora security bugs (carried over) * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * zoglesby to take the Apprenticeship discussion to the list for further development * Sparks to contact gd to see if he is working on a patch for Fedora. Action Items, by person ----------------------- * Sparks * Sparks to figure out how FST members can get access to Fedora security bugs (carried over) * Sparks to contact gd to see if he is working on a patch for Fedora. * zoglesby * zoglesby to take the Apprenticeship discussion to the list for further development * **UNASSIGNED** * pjp to give a status update on security policy in the wiki (carried over) * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. People Present (lines said) --------------------------- * Sparks (63) * zoglesby (18) * linuxmodder (16) * zodbot (7) * Southern_Gentlem (1) 14:05:20 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:05:20 <zodbot> Meeting started Thu Mar 24 14:05:20 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:20 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:05:20 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:05:21 <zoglesby> tick tock 14:05:23 <Sparks> #meetingname Fedora Security Team 14:05:23 <zodbot> The meeting name has been set to 'fedora_security_team' 14:05:26 <Sparks> #topic Roll Call 14:05:37 * Sparks 14:05:46 * zoglesby 14:06:39 * Sparks puts the final touches on the agenda for today 14:10:07 <Sparks> Okay, this promises to be a short meeting... 14:10:08 * linuxmodder 14:10:15 <zoglesby> not anymore 14:10:25 <linuxmodder> huh 14:10:43 <Sparks> Okay, lets get going 14:10:50 <linuxmodder> why not zoglesby 14:10:54 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:11:01 <Sparks> linuxmodder: Cause you're here 14:11:09 <Sparks> #topic Follow up on last week's tasks 14:11:12 <linuxmodder> what did dI do 14:11:23 * Sparks notes pjp is not here today and will just continue his actions 14:11:40 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over) 14:11:49 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs (carried over) 14:12:08 <Sparks> #action pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. 14:12:24 <Sparks> zoglesby: Did you ever bring up the Apprenticeship on the list? 14:13:09 <zoglesby> nope, forgot until your ping, please move that to this week as well 14:13:31 <Sparks> #action zoglesby to take the Apprenticeship discussion to the list for further development 14:13:38 <Sparks> #topic Apprenticeship 14:14:00 <Sparks> There are a few more links that need to be populated on the Apprenticeship page 14:14:13 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship 14:15:13 <Sparks> Anyone have any thing to discuss for this topic? 14:16:26 <zoglesby> nope, only that it needs done 14:16:32 <Sparks> Okay, moving on 14:16:45 <Sparks> #topic Handling embargoed vulnerabilities 14:18:02 <Sparks> #info The management in Red Hat Product Security is investigating our ability to work closer with them. 14:18:16 <Sparks> I don't really have anything more than that. 14:18:29 * Sparks is waiting for pjp and d-caf to start their parts 14:18:43 <zoglesby> As in pre us doing what we need to or after we do FAD items? 14:18:43 <Sparks> Anyone have anything else? 14:19:59 <Sparks> No, overall 14:21:17 <Sparks> It's annoying as everyone seems to have a different idea of what we should have. 14:21:51 <zoglesby> well, if they have ideas they need to share them with us 14:21:51 <linuxmodder> what is the general concensus then 14:22:01 <Sparks> linuxmodder: There is none 14:22:14 <Sparks> zoglesby: I'm trying to figure out what ideas they might have... 14:22:19 <zoglesby> tell them fedora-security-team(a)lists.fedoraproject.org, not sparks(a)redhat.com 14:22:34 <Sparks> zoglesby: +1 14:23:01 <linuxmodder> noted 14:23:08 <Sparks> Okay, moving along... 14:23:24 <Sparks> #topic Outstanding BZ Tickets 14:23:24 <linuxmodder> but they may think its gonna get sparked off with the late r:) 14:23:32 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 67 (+13), Moderate 485 (+11), Low 169 (-18), Total 721 14:23:38 <Sparks> +Tickets by Severity-+-------+---------+ 14:23:38 <Sparks> | Severity | Tickets | Owned | Unowned | 14:23:38 <Sparks> +----------+---------+-------+---------+ 14:23:38 <Sparks> | medium | 485 | 40 | 445 | 14:23:38 <Sparks> | low | 169 | 13 | 156 | 14:23:40 <Sparks> | high | 67 | 30 | 37 | 14:23:43 <Sparks> +----------+---------+-------+---------+ 14:23:51 <Sparks> We appear to be letting these highs get away from us, again... 14:24:07 <linuxmodder> where is that new embargoed one expected to drop into? 14:24:39 <Sparks> linuxmodder: The samba one? 14:25:04 <linuxmodder> think so the one we were talkign loosely about yesterday / early this am 14:25:11 <zoglesby> by the website it is a crit 14:25:16 <linuxmodder> with the suspenseful teasers 14:25:23 <Sparks> Ummm.. I don't have it up at the moment. Sometime in April. 14:25:41 <zoglesby> april 12th 14:25:44 <Sparks> The 12th I think (patch Tuesday) 14:25:44 <linuxmodder> ick we were doing so well on no crits 14:26:12 <Sparks> linuxmodder: This may be already getting fixed for Fedora; I'll need to check. 14:26:14 <linuxmodder> anywhere I might be able to school up in in its current embargoed state? or shadow someone 14:26:29 <linuxmodder> get the feet wet persay 14:26:30 <Sparks> But we'll have another race to the finish line when it comes out. 14:26:59 <zoglesby> (I read it wrong, the website says it is a "crucial security bug") 14:27:33 <Sparks> What's the CVE? 14:27:42 <Sparks> nevermind 14:27:49 <zoglesby> I don't remember 14:28:09 <zoglesby> CVE-2016-2118 14:28:14 <Sparks> It's rated as Important 14:28:21 <zoglesby> but I don't think its important for this meeting 14:28:41 <Sparks> .whoowns samba 14:28:41 <zodbot> Sparks: gd 14:28:50 <Sparks> .fasinfo gd 14:28:52 <zodbot> Sparks: User: gd, Name: Guenther Deschner, email: gdeschner(a)redhat.com, Creation: 2007-05-03, IRC Nick: gd, Timezone: Europe/Berlin, Locale: en, GPG key ID: 8EE11688, Status: active 14:28:55 <zodbot> Sparks: Approved Groups: fedorabugs cla_fedora cla_done packager cla_redhat gitding-libs @gitgss-proxy 14:29:21 <Sparks> #action Sparks to contact gd to see if he is working on a patch for Fedora. 14:29:45 <Sparks> Anything else? 14:30:02 <linuxmodder> nfm 14:30:24 <zoglesby> no 14:30:33 <Sparks> #topic Open floor discussion/questions/comments 14:30:44 <Sparks> Okay, anything from anyone about anything? 14:30:47 <zoglesby> I have nothing more for today 14:31:57 <Sparks> linuxmodder: ??? 14:32:02 <Southern_Gentlem> Sparks study for your Extra at SELF 14:32:17 <Sparks> Southern_Gentlem: de WG3K 14:32:28 <linuxmodder> nothing from me 14:32:46 <zoglesby> Sparks: are you going to SELF? 14:32:48 * linuxmodder needs to study for that period :) 14:32:59 <Sparks> I hadn't really considered going... I could 14:33:05 <zoglesby> err, this is not meeting topic 14:33:32 <Sparks> Okay, let's move this discussion to #fedora-security-team 14:33:39 <Sparks> Southern_Gentlem: Please join us there! 14:33:43 <Sparks> Thanks all 14:33:47 <Sparks> #endmeeting