fedora_security_team
LOGS 
14:00:09 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:09 <zodbot> Meeting started Thu Oct  1 14:00:09 2015 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:09 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:12 <Sparks> #meetingname Fedora Security Team
14:00:12 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:14 <Sparks> #topic Roll Call
14:00:16 * Sparks 
14:00:55 <FabioOlive> .fas fleite
14:00:55 <zodbot> FabioOlive: fleite 'Fabio Olive Leite' <fabio.olive@gmail.com>
14:01:03 <Astradeus> .fas astra
14:01:04 <zodbot> Astradeus: astralstorm 'Radosław Szkodziński' <astralstorm@gmail.com> - netman 'Andrey Krasukov' <netman@astratel.ru> - rustomafs 'Rustom Irani' <rustom@acefastrack.com> - astrand 'Peter Åstrand' <astrand@lysator.liu.se> - astra 'David Kaufmann' <astra@ionic.at> - astrawin 'Dick Chapman' <astrawin@rogers.com> - ambyte 'Sergey Gulyaev' <astraway@gmail.com> - astratik 'Alexandre Stratikopoulos' (3 more messages)
14:01:12 <Astradeus> o_O
14:01:24 <Sparks> Yeah, that doesn't work great
14:04:12 <pjp> Hi,
14:04:51 <Sparks> Ugh, I forgot my script is in fail mode for ticket status
14:05:15 <Sparks> mhayden: You here?
14:06:40 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:06:43 * mhayden stumbles in
14:06:51 <mhayden> sorry, had a 7-9AM meeting that ran over :/
14:07:14 <Sparks> mhayden: Well, you need to tell them that you have a hard stop!  :)
14:07:32 <Sparks> #topic Follow up on last week's tasks
14:07:58 <Sparks> Okay, I totally failed to update the agenda so I'll just keep the tasks for next week.
14:09:33 <Sparks> #topic Outstanding BZ Tickets
14:10:06 <Sparks> mhayden: Could you provide the stats?  I never fixed my script.
14:10:45 * mhayden digs
14:11:30 <mhayden> full report: https://lists.fedoraproject.org/pipermail/security-team/2015-October/000371.html
14:12:13 <mhayden> 608 total tickets, 82 owned
14:12:40 <mhayden> cacti is back to lead the security bug list again, but it's a two way tie with bugzilla ;)
14:12:48 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 43 (+1), Moderate 408 (-1), Low 153 (+1), Total 604
14:12:52 <Sparks> mhayden: Thank you
14:12:54 <mhayden> followed by nagios (which is being worked by swilkerson)
14:13:30 <Sparks> Anyone have anything ticket-related?
14:13:58 <mhayden> i still would like to write some kind of "verifier" script that checks to see if the issue in the ticket has been addressed
14:14:08 <mhayden> so maybe the packager fixed it but forgot to put the bug # in their bodhi update
14:14:19 <mhayden> or they bumped a version not knowing that it closed some bugs
14:14:40 <mhayden> that's gonna be insanely tricky :)
14:14:54 <mhayden> but we could check for packages which have any type of update on a date *after* the bug ticket was opened
14:14:57 <mhayden> and investigate those
14:15:01 <mhayden> they could be low-hanging fruit
14:15:17 <FabioOlive> Sparks: sorry, need to leave the meeting now.  I'll catch up with you later.
14:15:18 <mhayden> thoughts?
14:15:52 <Sparks> mhayden: I think it would be useful but I think we'd have to talk to releng to implement something like that.
14:16:21 <mhayden> Sparks: couldn't i pull data from bugzilla and then query bodhi?
14:16:26 <mhayden> or are you worried about overloading bodhi
14:16:50 <pjp> mhayden: How will we know what the update fixed?
14:17:16 <pjp> mhayden: RPM changeLog ?
14:17:22 <Sparks> mhayden: I'm not worried about anything.  :)
14:17:42 <Sparks> mhayden: You could do that, I was talking about integrating it into bodhi during the build.
14:18:07 <mhayden> pjp: that might take some manual investigation :/
14:18:12 <mhayden> until we figure out some way to correlate
14:18:19 <mhayden> but it would be a much shorter list to review :)
14:18:32 <pjp> mhayden: Yes, packagers don't always include the bugid in the changeLog
14:20:46 <Sparks> Some outright refuse to do so
14:21:19 <pjp> Sparks: Refuse ?
14:21:46 <pjp> Sparks: saying what? why woudln't they include a bug-id ?
14:22:03 <Sparks> pjp: Saying that it's too much of a hassle to do and they won't do it.
14:23:02 <Sparks> pjp: I think it's more of a "you're telling me how to do something and I don't like that".
14:23:12 <pjp> Yeah,
14:23:18 <pjp> That's more of it,
14:25:01 <mhayden> hah
14:25:24 <mhayden> i prefer to consider the best intentions until proven otherwise ;)
14:25:29 <mhayden> "Trust but verify" :)
14:25:45 <Sparks> heh
14:26:00 <mhayden> (that seems to get harder to do the longer you work in infosec)
14:27:14 <Sparks> Okay, anything else ticket-related?
14:28:33 <Sparks> #topic Open floor discussion/questions/comments
14:28:48 * Sparks has some additional hurricane prep things to do...
14:30:18 <mhayden> Sparks: i wish you luck there
14:31:05 <pjp> hurricane prep, not for a real hurricane, is it?
14:31:36 <mhayden> pjp: http://www.wunderground.com/hurricane/atlantic/2015/hurricane-Joaquin
14:31:51 * pjp checks
14:32:15 <pjp> Oh boy,
14:32:20 <Astradeus> just seen that on a weathermap a colleague had open half an hour ago^^
14:32:28 <Astradeus> and i'm in europe..
14:32:32 <Astradeus> small world^^
14:32:40 <Astradeus> best wishes from me too
14:32:53 <Sparks> pjp: I think I've got a front-row seat for this show
14:33:19 <Sparks> http://www.nhc.noaa.gov/#JOAQUIN
14:33:35 <pjp> Sparks: Yep, all the best.
14:35:15 <Sparks> I'm guessing that I'll lose power and Internet and cellular service and will have time to catch up on my reading and maybe enjoy a nice star party with all the lights off.
14:35:38 * Sparks is from Eastern North Carolina where we get jittery if we don't have at least one major hurricane a year.
14:35:53 <pjp> Heh, sounds like a silver lining, :)
14:36:07 <mhayden> could use some of that rain here in TX :)
14:38:08 <Sparks> mhayden: We got ~6 inches of rain the other night.
14:41:47 <Sparks> Okay, anyone have anything else?
14:41:58 <mhayden> nothing for me
14:42:48 <pjp> nope, not this week, hope to do some catch-up by next one
14:43:02 <Sparks> Okay, then I'm going to go ahead and close up shop, here.
14:43:57 <pjp> Yep, thank you all.
14:44:22 <Sparks> Thanks all!
14:44:24 <Sparks> #endmeeting
Meetbot Logs © 2021-2022 Fedora Websites and Apps Team (Sources)