fedora_security_team
LOGS
14:01:36 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:01:37 <zodbot> Meeting started Thu Dec 11 14:01:36 2014 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:37 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:01:40 <Sparks> #meetingname Fedora Security Team
14:01:40 <zodbot> The meeting name has been set to 'fedora_security_team'
14:01:44 <Sparks> #topic Roll Call
14:01:45 * Sparks 
14:01:57 <bvincent> .fas bvincent
14:01:57 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent@asu.edu>
14:02:10 <jtaylor90> .fas jtaylor
14:02:11 <zodbot> jtaylor90: jtaylor0175 'Jeffrey Scott Taylor' <jst293@yahoo.com> - jraytay 'Jason Taylor' <jtaylor48@san.rr.com> - jtaylor 'Jason Taylor' <jason.taylor@secure-24.com>
14:02:34 <jtaylor90> well then
14:06:55 <mhayden> .fas mhayden
14:06:56 <zodbot> mhayden: mhayden 'Major Hayden' <major@mhtx.net>
14:07:16 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:07:23 <d-caf> here
14:07:23 <Sparks> #topic Outstanding BZ Tickets
14:07:32 <Sparks> #info Wednesday's numbers: Critical 1, Important 51, Moderate 378, Low 151, Total 581, Trend -46
14:07:37 <Sparks> #info Current tickets owned: 200 (~34%)
14:07:38 <Sparks> #info Tickets closed: 189
14:08:02 <Sparks> Anyone have anything they want to discuss ticket-wise?
14:08:25 <jtaylor90> I do, BZ #765664
14:09:09 <bvincent> #link https://bugzilla.redhat.com/show_bug.cgi?id=765664
14:09:20 <Sparks> Go ahead
14:09:22 <jtaylor90> I have emailed Erik of the MinGW SIG directly and emailed the MinGW distro about this back in October, pjp pinged about this too
14:09:27 <jtaylor90> and we have heard nothing back
14:09:51 <jtaylor90> it's seems odd to start a unresponsive maintainers on a whole SIG
14:09:54 <jtaylor90> so I am unsure how to proceed with this one
14:10:30 <Sparks> Is the vulnerable version actually in rawhide?  Seems like it might have been updated since F16.
14:11:02 <jtaylor90> From what I can tell they are building against the vulnerable source for the affected package
14:11:14 <jtaylor90> but it would be nice if they said one way or the other
14:11:22 <jtaylor90> they being someone from the SIG
14:11:32 <d-caf> I also have a mingw related bug for openssl that points to Eric
14:11:51 <d-caf> https://bugzilla.redhat.com/show_bug.cgi?id=1152851
14:11:58 * Sparks thinks this all sounds quite familiar.
14:12:23 <Sparks> jtaylor90: Have you sent any messages to the SIG mailing list?
14:12:27 <jtaylor90> I did
14:12:33 <Sparks> And nothing.
14:12:55 <bvincent> Sparks: rawhide is still vulnerable.
14:12:55 <jtaylor90> Oct. 23rd I sent it and correct, no response. at all. lol
14:13:17 <Sparks> jtaylor90: Maybe try devel@ ?
14:13:46 <jtaylor90> I can do that for sure
14:15:01 <Sparks> I guess you can do a non-responsive maintainer against the entire SIG.
14:15:21 <bvincent> Looks like JasPer isn't really maintained upstream.
14:15:36 <jtaylor90> bvincent: that was my impression as well
14:16:09 <bvincent> The vulnerable code is described quite well by US-CERT.
14:16:11 <bvincent> #link http://www.kb.cert.org/vuls/id/887409
14:18:03 <Sparks> Anything else?
14:18:08 <jtaylor90> that's it for me
14:18:18 <bvincent> jtaylor90: Have you looked at the Debian patch?
14:18:32 <jtaylor90> bvincent: I did not...I will though
14:18:49 <d-caf> jtaylor90: Let me know if you find anyeone responsive, would like to get the mginw-openssl poodle patched as well
14:19:00 <jtaylor90> d-caf: will do
14:22:08 <Sparks> #topic Open floor discussion/questions/comments
14:22:17 <Sparks> Does anyone have anything they'd like to discuss?
14:23:08 <d-caf> How do we treat Fedora 19 tickets now?
14:23:27 <d-caf> I know there is 1 month of official support left
14:23:31 <Sparks> d-caf: Those tickets will close when we officially stop supporting them.
14:23:45 <d-caf> So keep running them down as best as possible
14:25:53 <Sparks> d-caf: Sure, until we stop supporting them.
14:26:40 <d-caf> No problem, I wasn't sure if there was a priority change, most of mine are rapped up in fedora-all tickets anyways
14:27:17 <bvincent> Same here.
14:27:34 <Sparks> ya
14:28:14 <Sparks> Okay, anyone else?
14:29:35 <Sparks> If not, I guess we can get out of here a little early and get back to work.
14:33:33 <Sparks> Hearing no objections...  Everyone have a good day!
14:33:36 <Sparks> #endmeeting