====================================================================================================== #fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings ====================================================================================================== Meeting started by mhayden at 14:00:42 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2015-07-02/fedora_security_team.2015-07-02-14.00.log.html . Meeting summary --------------- * Roll Call (mhayden, 14:01:02) * Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (mhayden, 14:05:08) * 90-Day Challenge (mhayden, 14:05:19) * LINK: https://ethercalc.org/90-day-challenge (mhayden, 14:05:33) * 90-Day Challenge has a goal to close all 2014 and prior Important CVEs in Fedora (mhayden, 14:05:39) * Outstanding BZ Tickets (mhayden, 14:08:18) * LINK: https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-June/011898.html (mhayden, 14:11:18) * LINK: https://fedoraproject.org/wiki/LXC_Template_Security_Improvements (mhayden, 14:14:20) * Open floor discussion/questions/comments (mhayden, 14:22:51) * LINK: http://meetbot.fedoraproject.org/fedora-meeting/2015-06-11/fedora_security_team.2015-06-11-14.00.log.html (d-caf, 14:23:22) * For non-responsive maintainers at redhat.com email addresses, reach out to scorneli (mhayden, 14:24:28) * ACTION: Check in with Fabio0live about the non-responsive maintainer process automation (mhayden, 14:24:51) * Biggest barrier to closing security bugs is non-responsive maintainers (mhayden, 14:25:12) * IDEA: Possibly use provenpackers in FST to tackle high priority security bugs on non-responsive maintainer packages -- needs more discussion (mhayden, 14:29:36) * Provenpackager access has been used in the past for critical bugs (thanks d-caf) (mhayden, 14:30:20) * LINK: https://www.youtube.com/watch?v=a9lE9Urr6AQ (mhayden, 14:32:49) * LINK: Super Privileged Containers- > https://www.youtube.com/watch?v=dM2Fc53Dtd4 (mhayden, 14:33:21) Meeting ended at 14:35:34 UTC. Action Items ------------ * Check in with Fabio0live about the non-responsive maintainer process automation Action Items, by person ----------------------- * **UNASSIGNED** * Check in with Fabio0live about the non-responsive maintainer process automation People Present (lines said) --------------------------- * mhayden (85) * d-caf (37) * scorneli (6) * revskills (4) * zodbot (3) * jrusnack (2) * striker (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot