Security Team meeting minutes for 2015-04-09

[Eric Christensen]

======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda: 
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================


Meeting started by Sparks at 14:00:33 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2015-04-09/fedora_security_team.2015-04-09-14.00.log.html
.



Meeting summary
---------------
* Roll Call  (Sparks, 14:00:46)

* Follow up on last week's tasks  (Sparks, 14:07:03)
  * ACTION: jsmith to patch rubygem-activesupport as provenpackager (BZ
    905374)  (Sparks, 14:07:17)
  * jsmith was having problems with this package since it's ruby.  He
    may have found some assistance with it, however.  (Sparks, 14:07:53)
  * pjp started the non-responsive maintainer procedure on
    rubygem-active support  (Sparks, 14:09:44)
  * LINK: https://bugzilla.redhat.com/show_bug.cgi?id=1209124   (Sparks,
    14:09:53)
  * ACTION: pjp to continue monitoring the non-responsive maintainer for
    rubygem-activesupport.  Follow up in one week.  (Sparks, 14:10:51)
  * Sparks did discuss the 90-day challenge with the Security Team (more
    on that later)  (Sparks, 14:11:23)
  * Sparks closed all retired-package CVE tickets for EPEL  (Sparks,
    14:12:24)

* Outstanding BZ Tickets  (Sparks, 14:14:37)
  * Thursday's numbers: Critical 1, Important 41 (-7), Moderate 350
    (-29), Low 163 (-7), Total 556, Trend -43  (Sparks, 14:14:46)
  * Current tickets owned: 147 (~26%)  (Sparks, 14:14:53)
  * Tickets closed: 271 (+22)  (Sparks, 14:14:59)

* 90-Day Challenge  (Sparks, 14:20:59)
  * 90-Day Challenge has a goal to close all 2014 and prior Important
    CVEs in Fedora  (Sparks, 14:21:07)
  * of the 38 Important CVEs, 1 has been closed, 8 are On_QA  (Sparks,
    14:21:43)
  * Many of these tickets haven't been followed up on in recent times
    and should be.  (Sparks, 14:22:20)
  * Sparks will unassign tickets from fst_owners if they don't follow up
    within a week.  (Sparks, 14:22:44)
  * ACTION: Sparks to blog about the challenge  (Sparks, 14:24:43)

* Open floor discussion/questions/comments  (Sparks, 14:24:53)

Meeting ended at 14:36:54 UTC.




Action Items
------------
* jsmith to patch rubygem-activesupport as provenpackager (BZ 905374)
* pjp to continue monitoring the non-responsive maintainer for
  rubygem-activesupport.  Follow up in one week.
* Sparks to blog about the challenge




Action Items, by person
-----------------------
* pjp
  * pjp to continue monitoring the non-responsive maintainer for
    rubygem-activesupport.  Follow up in one week.
* Sparks
  * Sparks to blog about the challenge
* **UNASSIGNED**
  * jsmith to patch rubygem-activesupport as provenpackager (BZ 905374)




People Present (lines said)
---------------------------
* Sparks (55)
* pjp (17)
* randomuser (5)
* zodbot (5)
* jtaylor90 (2)
* bvincent (1)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security-team/attachments/20150409/d0f2f03f/attachment.sig>