====================================================================================================== #fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings ======================================================================================================
Meeting started by Sparks at 14:05:58 UTC. The full logs are available at https://meetbot.fedoraproject.org/fedora-meeting/2016-03-17/fedora_security_... .
Meeting summary --------------- * Roll Call (Sparks, 14:06:06) * Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (Sparks, 14:10:17)
* Fedora Security Team FAD (Sparks, 14:10:23) * Sparks wrote up zoglesby's notes on the FAD (Sparks, 14:10:44) * LINK:
https://sparkslinux.wordpress.com/2016/03/16/security-team-post-fad-notes/ (Sparks, 14:10:49) * We'd like private builds in Koji and private staging in Bodhi (Sparks, 14:16:31) * Sparks would like to see some fail-safe in Bodhi that wouldn't allow the package to be shipped before the embargo has expired. (Sparks, 14:17:02) * dgilmore notes that the feature requests are possible but it'll take human resources that currently haven't stepped up. (Sparks, 14:19:51) * ACTION: pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (Sparks, 14:30:33)
* Outstanding BZ Tickets (Sparks, 14:31:48)
* Apprenticeship (Sparks, 14:41:04) * LINK: https://fedoraproject.org/wiki/Security_Team_Apprenticeship (Sparks, 14:41:24) * There are documentation opportunities if someone wants to do something (Sparks, 14:42:41) * ACTION: zoglesby to take the Apprenticeship discussion to the list for further development (Sparks, 14:45:46)
* Open floor discussion/questions/comments (Sparks, 14:46:12)
Meeting ended at 14:48:56 UTC.
Action Items ------------ * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * zoglesby to take the Apprenticeship discussion to the list for further development
Action Items, by person ----------------------- * d-caf * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * pjp * pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. * zoglesby * zoglesby to take the Apprenticeship discussion to the list for further development * **UNASSIGNED** * (none)
People Present (lines said) --------------------------- * Sparks (69) * Astradeus (14) * d-caf (13) * zodbot (10) * dgilmore (10) * pjp (7) * zoglesby (6)
14:05:58 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:05:58 <zodbot> Meeting started Thu Mar 17 14:05:58 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:58 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:05:58 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:06:01 <Sparks> #meetingname Fedora Security Team 14:06:01 <zodbot> The meeting name has been set to 'fedora_security_team' 14:06:06 <Sparks> #topic Roll Call 14:06:09 * Sparks 14:06:10 * d-caf 14:06:18 * zoglesby 14:06:57 <pjp> .hellomynameis pjp 14:06:59 <zodbot> pjp: pjp 'None' pj.pandit@yahoo.co.in 14:07:15 * Astradeus 14:10:07 <Sparks> Okay, lets get started 14:10:17 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:10:23 <Sparks> #topic Fedora Security Team FAD 14:10:44 <Sparks> #info Sparks wrote up zoglesby's notes on the FAD 14:10:49 <Sparks> #link https://sparkslinux.wordpress.com/2016/03/16/security-team-post-fad-notes/ 14:11:03 <Sparks> Feel free to comment as necessary. 14:11:03 <pjp> Sparks: Thanks much for a nice write-up! 14:11:15 <d-caf> thanks, haven't had a chance to read it just got the email 14:11:28 <d-caf> zoglesby: thanks for the notes! 14:13:49 <Astradeus> nice writeup 14:14:02 <Sparks> I was the photographer of the lovely board pictures. 14:14:04 <Sparks> *sigh* 14:14:15 * Sparks didn't notice the glare when he was taking the photos 14:14:45 <d-caf> Sparks: I took a few pictures, I can send them your way if you want to compare 14:14:51 <Sparks> Sure 14:15:05 <d-caf> be later today 14:15:34 <Sparks> That's fine 14:16:09 <Sparks> From the notes, I think we need someone to work with Rel Eng to see what's possible. 14:16:31 <Sparks> #info We'd like private builds in Koji and private staging in Bodhi 14:17:02 <Sparks> #info Sparks would like to see some fail-safe in Bodhi that wouldn't allow the package to be shipped before the embargo has expired. 14:17:22 <dgilmore> Sparks: supporting embargo builds? 14:17:34 <Sparks> dgilmore: Yes, we'd like to 14:17:46 <dgilmore> Sparks: we need ways to hide the build in koji and bodhi, we need to be able to hide the commits to git 14:18:01 <dgilmore> Sparks: its a lot of work on tools with almost no resources 14:18:11 <Sparks> dgilmore: Yes and I hadn't considered the git portion. 14:18:27 <dgilmore> So in order to do it people will need to step up and work on things 14:18:29 <Sparks> dgilmore: Do you need person resources? 14:18:35 <Sparks> okay 14:18:38 <dgilmore> a request for the feature will not be sufficient 14:18:54 <Sparks> dgilmore: Are these feature requests possible? 14:19:13 <dgilmore> Sparks: they are possible. we have had tickets for some of them for years 14:19:18 <dgilmore> there is no one to work on them 14:19:23 <Sparks> okay 14:19:36 <dgilmore> so if you actually want it you will need to provide humans 14:19:51 <Sparks> #info dgilmore notes that the feature requests are possible but it'll take human resources that currently haven't stepped up. 14:20:42 <zoglesby> sorry I was afk, lots of work stuff going on... 14:21:06 <Sparks> zoglesby: Pfft... it's FST time, everything else can wait! 14:21:20 <Sparks> dgilmore: Do you happen to have bug numbers for the existing feature requests? 14:22:50 <dgilmore> Sparks: sorry I do not 14:23:04 <dgilmore> I have not looked at tehm in years 14:23:54 <Sparks> dgilmore: That's fine. 14:24:56 <Sparks> Does anyone want to take on documenting and recruiting for this project? 14:26:07 <Sparks> anyone? 14:26:16 * Sparks eyes d-caf 14:26:22 <pjp> Sparks: recruiting? 14:26:38 <Sparks> pjp: Yeah, trying to get the humans necessary to move this forwared 14:26:43 <d-caf> Sorry, work distraction 14:26:45 <d-caf> back 14:26:52 <Sparks> s/forwared/forward 14:26:58 <pjp> Sparks: I could look for someone, 14:27:37 <d-caf> pjp: Sparks: I can try and sure out these old tickets as well 14:27:44 <Sparks> pjp: Okay, can you document the feature request, as well? 14:27:51 <d-caf> search/sure 14:27:53 <pjp> Sparks: Okay, 14:28:15 <Sparks> Okay, pjp and d-caf, both of you work together on this. 14:28:24 <Sparks> pjp++ d-caf++ 14:28:24 <zodbot> Sparks: Karma for pjp changed to 2 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:28:27 <pjp> Sparks: Okay 14:28:29 <Sparks> d-caf++ 14:28:46 <d-caf> I don't think I'm part of the karma system :-( 14:28:58 <Sparks> d-caf: What's your FAS ID? 14:29:07 <d-caf> dcafaro 14:29:12 <Sparks> dcafaro++ 14:29:13 <zodbot> Sparks: Karma for dcafaro changed to 1 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:29:20 <Sparks> There you go 14:29:32 <d-caf> Ah 14:29:45 <d-caf> I've got to go to a quick meeting be back in 15 14:30:33 <Sparks> #action pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. 14:30:44 <Sparks> Okay, anything else before we move on? 14:30:54 * pjp noted 14:31:48 <Sparks> #topic Outstanding BZ Tickets 14:31:58 <Sparks> mhayden: Did you run your magic script today? 14:35:35 <Sparks> Okay, well I don't have numbers for today so we'll move on. 14:35:47 <Sparks> #topic Apprenticeship 14:35:49 <Astradeus> i'd have numbers 14:36:00 <Sparks> #undo 14:36:00 <zodbot> Removing item from minutes: <MeetBot.items.Topic object at 0x2b612b90> 14:36:07 <Astradeus> +Tickets by Severity-+-------+---------+ 14:36:08 <Astradeus> | Severity | Tickets | Owned | Unowned | 14:36:08 <Astradeus> +----------+---------+-------+---------+ 14:36:08 <Astradeus> | medium | 475 | 40 | 435 | 14:36:08 <Astradeus> | low | 182 | 13 | 169 | 14:36:10 <Astradeus> | high | 69 | 31 | 38 | 14:36:13 <Astradeus> +----------+---------+-------+---------+ 14:36:22 <Sparks> Astradeus++ 14:36:22 <zodbot> Sparks: Karma for astra changed to 1 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:36:42 <zoglesby> cookies for everyone! 14:36:43 <Astradeus> shall i also email the whole output? 14:36:47 <Sparks> zoglesby++ 14:36:48 <zodbot> Sparks: Karma for zoglesby changed to 2 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:36:56 <Sparks> Astradeus: Yes please 14:37:09 <Sparks> Still no criticals... excellent. 14:37:17 <Sparks> Too many highs... not excellent 14:39:49 <Astradeus> anyone want's to take me through a sec-bug-squashing process? ;) 14:40:47 <Sparks> Astradeus: Sure, can we do that after the meeting in #fedora-security-team? 14:40:57 <Astradeus> Sparks: yey, sounds great :) 14:41:04 <Sparks> #topic Apprenticeship 14:41:24 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship 14:41:48 <Sparks> If you haven't looked at this page since Friday afternoon take a look at it now. 14:42:01 <Sparks> I removed everything that was there and started anew 14:42:41 <Sparks> #info There are documentation opportunities if someone wants to do something 14:42:49 <Sparks> (look for the red links) 14:43:28 <Sparks> We also need to go through the existing training resources and figure out what kind of training we should be suggesting 14:44:43 <zoglesby> that should be a topic for the list, as it will take time. 14:44:59 <Sparks> Agreed 14:45:05 <Sparks> zoglesby: Can you take it to the list? 14:45:11 <zoglesby> sure thing 14:45:25 <zoglesby> action me up! 14:45:46 <Sparks> #action zoglesby to take the Apprenticeship discussion to the list for further development 14:46:12 <Sparks> #topic Open floor discussion/questions/comments 14:46:14 <Sparks> Anyone have anything? 14:48:11 <Sparks> no? 14:48:35 <Astradeus> not me 14:48:38 <Sparks> Okay, well, thanks to all who came and participated! Special thanks to our guest dgilmore! 14:48:51 <Sparks> Everyone have a good day! 14:48:56 <Sparks> #endmeeting
security-team@lists.fedoraproject.org