fedora_security_team
LOGS
14:00:03 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:03 <zodbot> Meeting started Thu Jul  9 14:00:03 2015 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:06 <Sparks> #meetingname Fedora Security Team
14:00:06 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:10 <Sparks> #topic Roll Call
14:00:13 * Sparks 
14:00:15 * mhayden is here
14:02:42 * scorneli is not sure if he's supposed to say anything right now
14:02:48 * Sparks thinks this is going to be a short meeting.
14:03:01 <Sparks> scorneli: You can say anything you like any time you like!  :)
14:05:06 <Sparks> Okay, lets get started.
14:05:12 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:05:19 <Sparks> #topic 90-Day Challenge
14:05:25 <Sparks> #info 90-Day Challenge has a goal to close all 2014 and prior Important CVEs in Fedora
14:05:30 <Sparks> #info It's all done!
14:05:36 <Sparks> #info As of 2015-07-09, of the 38 target bugs 16 have been closed, 4 is On_QA, and 18 are Open
14:06:38 <Sparks> So, congratulations to everyone who helped knock these old bugs out.  When the On_QA bugs get closed we'll have closed over half of the targetted bugs.
14:06:50 <mhayden> python-virtualenv and python-pip got bumped to newer versions
14:07:07 <Sparks> nice
14:07:21 <Sparks> Anyone have anything else to say about the challenge?
14:07:40 <mhayden> lxc template improvement is stalled :|
14:07:48 <Sparks> :(
14:08:53 <mhayden> it'd be easier to tell people to stop using them and do something else, honestly ;)
14:09:01 <Sparks> heh
14:09:12 <Sparks> mhayden: I'll let you do that.
14:09:19 <mhayden> for example, the ubuntu-cloud image downloads a .raw file and then uses cloud-init on first boot
14:09:35 <mhayden> Sparks: not sure if i have enough street cred to pull that one off :)
14:09:50 <mhayden> so far, i've also found that people are receptive if you ask to be a co-maintainer
14:10:09 <mhayden> so if you're having trouble getting a package bumped, ask if you can help maintain it (if it's something you're comfortable with)
14:10:12 <Sparks> mhayden: That requires knowledge of the package.  :)
14:10:18 <mhayden> true
14:10:59 <Sparks> #topic Outstanding BZ Tickets
14:11:06 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 51 (+8), Moderate 355 (-20), Low 151 (-12), Total 517, Trend -68
14:11:10 <Sparks> #info Current tickets owned: 89 (~17%)
14:11:16 <Sparks> #info Tickets closed: 348 (+20)
14:11:51 <Sparks> Good number drops of moderate and lows.  I suspect that's from the EOL of Fedora 20
14:12:32 <mhayden> hooray (i think)
14:12:37 <scorneli> ssshh, don't ruin the good numbers with your explanation :P
14:12:53 <Sparks> #chair mhayden
14:12:53 <zodbot> Current chairs: Sparks mhayden
14:12:59 <Sparks> mhayden: Can you take over for a moment?
14:15:42 * Sparks returns
14:16:07 <Sparks> scorneli: Heh, yeah well... I don't really care about moderate and lows so...  :)
14:16:25 <mhayden> Sparks: sure -- but i think i missed it :)
14:16:26 <pjp> Hi,
14:16:31 <Sparks> pjp: Welcome!
14:16:52 * mhayden is answering questions at $dayjob about the openssl cve
14:16:54 <pjp> Sparks: Thank you. Sorry for a late entry :P
14:17:07 <Sparks> mhayden: Pffft...  Just refer them to the KB article.
14:17:17 <Sparks> pjp: Anything in regards to bugs?
14:18:01 <pjp> Sparks: Yes,  3 out of 4 rubygems bugs have been closed errata
14:18:17 <pjp> Sparks: 1 rubygems-activesupport I think will take little more time
14:18:30 <Sparks> cool
14:19:01 <pjp> I'm following up about python-virtualenv and python-pip ones
14:19:36 <Sparks> pjp: I think mhayden mentioned earlier that those packages just got a new version.
14:19:37 <pjp> Maybe I'll just push latest builds to EPEL, noone seem to have objections on epel-devel list,
14:19:44 <pjp> Sparks: Oh cool!
14:19:56 <mhayden> yeah, got both maintainers to bump the versions
14:20:07 <mhayden> i got co-maintainer status on virtualenv now so i can help out
14:20:12 <pjp> mhayden: Excellent!
14:20:17 <mhayden> kudos to smilner at RHT ;)
14:20:27 <pjp> :)
14:20:47 <mhayden> i assume someone is working on this somewhere in the fedora world -> https://bugzilla.redhat.com/show_bug.cgi?id=1241544
14:21:10 * pjp clicks
14:21:24 <Sparks> mhayden++
14:21:27 <zodbot> Sparks: Karma for mhayden changed to 1:  https://badges.fedoraproject.org/tags/cookie/any
14:21:43 <Sparks> how is that possible?  mhayden only at a karma level of 1?!?
14:21:59 <pjp> mhayden++
14:21:59 <zodbot> pjp: Karma for mhayden changed to 2:  https://badges.fedoraproject.org/tags/cookie/any
14:22:11 <mhayden> wait, what did i do?!
14:22:19 <mhayden> cookies?
14:22:22 <mhayden> i do like cookies...
14:22:26 <pjones> mhayden: oh ugh, I'm going to need to have a look at that as well :/
14:22:37 <mhayden> http://i.dailymail.co.uk/i/pix/2013/09/22/article-0-18297CEF00000578-775_634x426.jpg
14:22:46 <mhayden> pjones: if i can help test, please let me know
14:22:52 <Sparks> cookies!
14:22:53 * mhayden doesn't have a PoC for this CVE
14:23:18 <mhayden> fedbadges.badge.award -- mhayden has been awarded the "Macaron (Cookie I)" badge https://da.gd/GvDI
14:23:20 <pjones> (It'd be a different CVE for me, but sure.)
14:23:24 <mhayden> whee
14:23:49 <mhayden> pjones: are we talking about the openssl one that dropped today? that's what i'm referring to
14:23:57 <pjones> yeah.
14:24:32 <scorneli> the openssl issue should be in good hands, tmraz is usually quick when it comes to providing updated packages
14:25:37 <Sparks> #topic New Meeting Time
14:25:46 <Sparks> #link http://whenisgood.net/98rtz7p/results/eyz7qkh
14:26:00 <Sparks> Any thoughts?
14:27:41 <pjp> It's quite difficult to figure a suitable time for all in that page
14:28:02 <Sparks> Well, that pages shows that there isn't a perfect time
14:28:32 <Sparks> 0001 UTC seems to be the best time
14:28:53 <Sparks> But that is definitely bad for some
14:29:10 <Sparks> I wonder if we should flip-flop meeting times each week
14:29:21 <pjp> Well, if it's suitable for most, maybe we can give it a try
14:29:38 <pjp> it'll be 06:30am IST
14:30:17 <mhayden> Sparks++
14:30:17 <zodbot> mhayden: Karma for sparks changed to 2:  https://badges.fedoraproject.org/tags/cookie/any
14:30:20 * mhayden winks
14:30:33 <scorneli> do not pay attention to me when setting the times. I'm ok if I can't attend - it's more important that the majority is happy
14:32:08 <pjp> Sparks: is that 00:01 am or 1:00am ?
14:32:22 <pjp> UTC ?
14:33:26 <Sparks> 00:01 UTC
14:33:35 <Sparks> Midnight UTC
14:34:31 <pjp> Oh okay, that'll be 5:30 am IST,
14:34:42 <Sparks> ewww
14:34:50 <pjp> Okay, let's give it a try if it works for the better
14:35:40 <Sparks> Okay
14:35:57 <Sparks> #action Sparks to advertise new meeting time
14:37:20 <Sparks> #info New meeting time will be Wednesdays at 0001 UTC (Tuesday at 8PM US Eastern)
14:37:53 <Sparks> #topic Open floor discussion/questions/comments
14:37:57 <Sparks> Anyone have anything?
14:38:43 <pjp> Nope,
14:39:01 <Sparks> mhayden ?
14:39:22 <mhayden> not i
14:39:59 <pjp> Sparks: Isn't 8:00pm Thu better, it shows only 4 can't make it
14:40:13 <pjp> Wed it shows 5 can't make it
14:40:28 <pjp> I hope I'm reading it right
14:40:33 <Sparks> pjp: Opps...   I was reading the chart wrong
14:41:04 <Sparks> pjp: So...  Tuesday or Thu.
14:41:48 <Sparks> I think I'd go with Tuesday over Thursday.
14:42:00 <pjp> Sparks: Mon or Thu,
14:42:22 <Sparks> pjp: You looking at this in what TZ?
14:42:23 <pjp> I'm fine with Tue too,
14:42:50 <pjp> Sparks: US time
14:43:03 <Sparks> I'm seeing three dots next to 8PM on Monday and Thursday which woudl be Tuesday or Friday UTC (And I can't read or type)
14:43:52 <Sparks> Okay, Monday/Tuesday then
14:44:35 <Sparks> #info New meeting time will be Tuesdays at 0001 UTC (Monday at 8PM US Eastern)
14:44:48 <pjp> Okay
14:44:53 <Sparks> Whew!
14:44:57 <pjp> :)
14:44:59 * Sparks needs to go soak his brain.
14:45:03 <Sparks> Okay, anyone have anything else?
14:45:21 * mhayden needs to scurry across the building for a mtg
14:45:31 <pjp> Nope
14:45:49 <Sparks> Okay, everyone have a good day!
14:45:51 <Sparks> #endmeeting