======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:05:20 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-03-24/fedora_securi...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:05:26)
* Participants are reminded to make liberal use of #info #link #help
in order to make the minutes "more better" (Sparks, 14:10:54)
* Follow up on last week's tasks (Sparks, 14:11:09)
* ACTION: pjp to give a status update on security policy in the wiki
(carried over) (Sparks, 14:11:40)
* ACTION: Sparks to figure out how FST members can get access to
Fedora security bugs (carried over) (Sparks, 14:11:49)
* ACTION: pjp and d-caf to work on the feature requests for Koji and
Bodhi for private builds for embargoed vulnerabilities. (Sparks,
14:12:08)
* ACTION: zoglesby to take the Apprenticeship discussion to the list
for further development (Sparks, 14:13:31)
* Apprenticeship (Sparks, 14:13:38)
* LINK:
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
(Sparks, 14:14:13)
* Handling embargoed vulnerabilities (Sparks, 14:16:45)
* The management in Red Hat Product Security is investigating our
ability to work closer with them. (Sparks, 14:18:02)
* Outstanding BZ Tickets (Sparks, 14:23:24)
* Thursday's numbers: Critical 0 (0), Important 67 (+13), Moderate 485
(+11), Low 169 (-18), Total 721 (Sparks, 14:23:32)
* ACTION: Sparks to contact gd to see if he is working on a patch for
Fedora. (Sparks, 14:29:21)
* Open floor discussion/questions/comments (Sparks, 14:30:33)
Meeting ended at 14:33:47 UTC.
Action Items
------------
* pjp to give a status update on security policy in the wiki (carried
over)
* Sparks to figure out how FST members can get access to Fedora security
bugs (carried over)
* pjp and d-caf to work on the feature requests for Koji and Bodhi for
private builds for embargoed vulnerabilities.
* zoglesby to take the Apprenticeship discussion to the list for further
development
* Sparks to contact gd to see if he is working on a patch for Fedora.
Action Items, by person
-----------------------
* Sparks
* Sparks to figure out how FST members can get access to Fedora
security bugs (carried over)
* Sparks to contact gd to see if he is working on a patch for Fedora.
* zoglesby
* zoglesby to take the Apprenticeship discussion to the list for
further development
* **UNASSIGNED**
* pjp to give a status update on security policy in the wiki (carried
over)
* pjp and d-caf to work on the feature requests for Koji and Bodhi for
private builds for embargoed vulnerabilities.
People Present (lines said)
---------------------------
* Sparks (63)
* zoglesby (18)
* linuxmodder (16)
* zodbot (7)
* Southern_Gentlem (1)
14:05:20 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:05:20 <zodbot> Meeting started Thu Mar 24 14:05:20 2016 UTC. The
chair is Sparks. Information about MeetBot at
http://wiki.debian.org/MeetBot.
14:05:20 <zodbot> Useful Commands: #action #agreed #halp #info #idea
#link #topic.
14:05:20 <zodbot> The meeting name has been set to
'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:05:21 <zoglesby> tick tock
14:05:23 <Sparks> #meetingname Fedora Security Team
14:05:23 <zodbot> The meeting name has been set to 'fedora_security_team'
14:05:26 <Sparks> #topic Roll Call
14:05:37 * Sparks
14:05:46 * zoglesby
14:06:39 * Sparks puts the final touches on the agenda for today
14:10:07 <Sparks> Okay, this promises to be a short meeting...
14:10:08 * linuxmodder
14:10:15 <zoglesby> not anymore
14:10:25 <linuxmodder> huh
14:10:43 <Sparks> Okay, lets get going
14:10:50 <linuxmodder> why not zoglesby
14:10:54 <Sparks> #info Participants are reminded to make liberal use of
#info #link #help in order to make the minutes "more better"
14:11:01 <Sparks> linuxmodder: Cause you're here
14:11:09 <Sparks> #topic Follow up on last week's tasks
14:11:12 <linuxmodder> what did dI do
14:11:23 * Sparks notes pjp is not here today and will just continue his
actions
14:11:40 <Sparks> #action pjp to give a status update on security policy
in the wiki (carried over)
14:11:49 <Sparks> #action Sparks to figure out how FST members can get
access to Fedora security bugs (carried over)
14:12:08 <Sparks> #action pjp and d-caf to work on the feature requests
for Koji and Bodhi for private builds for embargoed vulnerabilities.
14:12:24 <Sparks> zoglesby: Did you ever bring up the Apprenticeship on
the list?
14:13:09 <zoglesby> nope, forgot until your ping, please move that to
this week as well
14:13:31 <Sparks> #action zoglesby to take the Apprenticeship discussion
to the list for further development
14:13:38 <Sparks> #topic Apprenticeship
14:14:00 <Sparks> There are a few more links that need to be populated
on the Apprenticeship page
14:14:13 <Sparks> #link
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:15:13 <Sparks> Anyone have any thing to discuss for this topic?
14:16:26 <zoglesby> nope, only that it needs done
14:16:32 <Sparks> Okay, moving on
14:16:45 <Sparks> #topic Handling embargoed vulnerabilities
14:18:02 <Sparks> #info The management in Red Hat Product Security is
investigating our ability to work closer with them.
14:18:16 <Sparks> I don't really have anything more than that.
14:18:29 * Sparks is waiting for pjp and d-caf to start their parts
14:18:43 <zoglesby> As in pre us doing what we need to or after we do
FAD items?
14:18:43 <Sparks> Anyone have anything else?
14:19:59 <Sparks> No, overall
14:21:17 <Sparks> It's annoying as everyone seems to have a different
idea of what we should have.
14:21:51 <zoglesby> well, if they have ideas they need to share them with us
14:21:51 <linuxmodder> what is the general concensus then
14:22:01 <Sparks> linuxmodder: There is none
14:22:14 <Sparks> zoglesby: I'm trying to figure out what ideas they
might have...
14:22:19 <zoglesby> tell them
fedora-security-team(a)lists.fedoraproject.org, not sparks(a)redhat.com
14:22:34 <Sparks> zoglesby: +1
14:23:01 <linuxmodder> noted
14:23:08 <Sparks> Okay, moving along...
14:23:24 <Sparks> #topic Outstanding BZ Tickets
14:23:24 <linuxmodder> but they may think its gonna get sparked off
with the late r:)
14:23:32 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 67
(+13), Moderate 485 (+11), Low 169 (-18), Total 721
14:23:38 <Sparks> +Tickets by Severity-+-------+---------+
14:23:38 <Sparks> | Severity | Tickets | Owned | Unowned |
14:23:38 <Sparks> +----------+---------+-------+---------+
14:23:38 <Sparks> | medium | 485 | 40 | 445 |
14:23:38 <Sparks> | low | 169 | 13 | 156 |
14:23:40 <Sparks> | high | 67 | 30 | 37 |
14:23:43 <Sparks> +----------+---------+-------+---------+
14:23:51 <Sparks> We appear to be letting these highs get away from us,
again...
14:24:07 <linuxmodder> where is that new embargoed one expected to
drop into?
14:24:39 <Sparks> linuxmodder: The samba one?
14:25:04 <linuxmodder> think so the one we were talkign loosely about
yesterday / early this am
14:25:11 <zoglesby> by the website it is a crit
14:25:16 <linuxmodder> with the suspenseful teasers
14:25:23 <Sparks> Ummm.. I don't have it up at the moment. Sometime in
April.
14:25:41 <zoglesby> april 12th
14:25:44 <Sparks> The 12th I think (patch Tuesday)
14:25:44 <linuxmodder> ick we were doing so well on no crits
14:26:12 <Sparks> linuxmodder: This may be already getting fixed for
Fedora; I'll need to check.
14:26:14 <linuxmodder> anywhere I might be able to school up in in its
current embargoed state? or shadow someone
14:26:29 <linuxmodder> get the feet wet persay
14:26:30 <Sparks> But we'll have another race to the finish line when it
comes out.
14:26:59 <zoglesby> (I read it wrong, the website says it is a "crucial
security bug")
14:27:33 <Sparks> What's the CVE?
14:27:42 <Sparks> nevermind
14:27:49 <zoglesby> I don't remember
14:28:09 <zoglesby> CVE-2016-2118
14:28:14 <Sparks> It's rated as Important
14:28:21 <zoglesby> but I don't think its important for this meeting
14:28:41 <Sparks> .whoowns samba
14:28:41 <zodbot> Sparks: gd
14:28:50 <Sparks> .fasinfo gd
14:28:52 <zodbot> Sparks: User: gd, Name: Guenther Deschner, email:
gdeschner(a)redhat.com, Creation: 2007-05-03, IRC Nick: gd, Timezone:
Europe/Berlin, Locale: en, GPG key ID: 8EE11688, Status: active
14:28:55 <zodbot> Sparks: Approved Groups: fedorabugs cla_fedora
cla_done packager cla_redhat gitding-libs @gitgss-proxy
14:29:21 <Sparks> #action Sparks to contact gd to see if he is working
on a patch for Fedora.
14:29:45 <Sparks> Anything else?
14:30:02 <linuxmodder> nfm
14:30:24 <zoglesby> no
14:30:33 <Sparks> #topic Open floor discussion/questions/comments
14:30:44 <Sparks> Okay, anything from anyone about anything?
14:30:47 <zoglesby> I have nothing more for today
14:31:57 <Sparks> linuxmodder: ???
14:32:02 <Southern_Gentlem> Sparks study for your Extra at SELF
14:32:17 <Sparks> Southern_Gentlem: de WG3K
14:32:28 <linuxmodder> nothing from me
14:32:46 <zoglesby> Sparks: are you going to SELF?
14:32:48 * linuxmodder needs to study for that period :)
14:32:59 <Sparks> I hadn't really considered going... I could
14:33:05 <zoglesby> err, this is not meeting topic
14:33:32 <Sparks> Okay, let's move this discussion to #fedora-security-team
14:33:39 <Sparks> Southern_Gentlem: Please join us there!
14:33:43 <Sparks> Thanks all
14:33:47 <Sparks> #endmeeting