19:01:06 <Sparks_too> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
19:01:07 <zodbot> Meeting started Wed Sep 10 19:01:06 2014 UTC.  The chair is Sparks_too. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:01:09 <Sparks_too> #meetingname Fedora Security Team
19:01:09 <zodbot> The meeting name has been set to 'fedora_security_team'
19:01:12 <Sparks_too> #topic Roll Call
19:01:16 * Sparks_too 
19:01:16 <bvincent> .fas bvincent
19:01:17 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent@asu.edu>
19:03:18 * Sparks_too notes that he has updated the agenda which is available at https://fedoraproject.org/wiki/Security_Team_meetings#Meeting_Agenda
19:03:59 <d-caf> Here
19:04:19 <d-caf> .fas dcafaro
19:04:20 <zodbot> d-caf: dcafaro '' <dac@cafaro.net>
19:05:57 <Sparks_too> Okay, lets get started.
19:07:06 <Sparks_too> #topic Outstanding BZ Tickets
19:07:14 <Sparks_too> #info Wednesday's numbers: Critical 2, Important 53, Moderate 365, Low 127, Total 547, Trend +7
19:07:20 <Sparks_too> #info Current tickets owned: 145 (~27%)
19:07:26 <Sparks_too> #info Tickets closed: 77
19:07:53 <Sparks_too> Comments or questions?
19:08:17 <d-caf> Just thanks again for getting editing privs sorted, very helpful
19:10:16 <Sparks_too> d-caf: Glad that fixed things
19:10:23 <Sparks_too> #topic APAC Meeting
19:10:58 <Sparks_too> Okay, a conversation was started on the list regarding the meeting time being bad for APAC contributors.
19:11:40 <Sparks_too> I agree that this is not a great time for APAC.  It's also nearly impossible to get everyone together at the same time.
19:12:18 <jrusnack> so, do we want two meetings, or alternate times every second week ?
19:12:31 <Sparks_too> So I'm going to try to do a second meeting at a better time for contributors in APAC.  I'll be starting a new WhenIsGood survey later today and we'll work on that.
19:13:01 <Sparks_too> jrusnack: The meetings are super important but I think it would be nice (and less confusing) to just hold two meetings a week.
19:13:28 <jrusnack> Sparks_too: work for me
19:13:32 <jrusnack> *works
19:13:32 <Sparks_too> Any kind of decision or planning will be done on the list so everyone can be involved.
19:13:51 <Sparks_too> The meetings will continue to be a Q&A and update for everyone.
19:13:52 <jrusnack> how many people from APAC timezone are interested ?
19:14:25 <Sparks_too> jrusnack: I'm not exactly sure but we'll figure it out in the survey.
19:14:49 <Sparks_too> jrusnack: From what I understand there are a few contributors over there that want to be involved.
19:15:08 <jrusnack> awesome
19:16:13 <Sparks_too> #topic Open floor discussion
19:16:55 <Sparks_too> Anyone have anything?
19:16:56 <jrusnack> FYI: https://fedoraproject.org/wiki/FAD_Pune_Security_1 not sure if everyone catched this
19:17:16 <jrusnack> possibly related to APAC meeting time discussion
19:19:12 <d-caf> Is that duplicate work to what the Security Team is doing?
19:19:17 <Sparks_too> #info Security FAD in Pune https://fedoraproject.org/wiki/FAD_Pune_Security_1
19:20:24 <Sparks_too> d-caf: It's not duplicate work, really.  Huzaifa is one of the RH folks and is contributing here in the FST.  He's APAC so he can't show up for these meetings very often.
19:20:25 <jrusnack> d-caf: certainly not. I expect some of them to get on board, once we have APAC friendly meeting time
19:21:00 <Sparks_too> jrusnack: Thanks for reminding me of the FAD.  I'd forgotten about it.
19:21:10 <jrusnack> Sparks_too: np
19:21:29 <d-caf> Ok, I just want to help avoid duplicate work, so if someone has somethin whiteboard tagged and working on cordinating a fix, that they don't duplicat it
19:21:51 <Sparks_too> #action Sparks to talk with Huzaifa about times for the FAD and the possibility of doing a video-teleconference with others not in Pune.
19:21:58 <bvincent> There are plenty of issues without a "fst_owner" tag.
19:22:05 <d-caf> very true
19:22:17 <Sparks_too> Yeah, we are currently working ~27% of all open cases right now.
19:22:39 <Sparks_too> I'm gonna try to push to get my bugs closed by then.
19:22:46 <Sparks_too> (much of mine are orphans in EPEL)
19:23:48 <Sparks_too> Okay, anyone have anything else?
19:24:21 <jrusnack> If I want to orphan package, do I open a ticket ?
19:24:41 <jrusnack> as in - package is not maintained but owner will not orphan
19:25:40 <Sparks_too> jrusnack: That's an unresponsive maintainer and should go through that process.
19:26:24 <jrusnack> Sparks_too: thank!
19:26:30 <jrusnack> *thanks!
19:26:45 * Sparks_too has one of those he needs to work on.
19:27:19 <Sparks_too> Anything else?
19:27:56 <d-caf> On upstream CLOSE WONTFIX, it if really does look like it would be a mess to backport
19:28:18 <d-caf> What is the procedure for tickets to start that route of closure
19:28:45 <Sparks_too> d-caf: What's the ticket?
19:30:41 <d-caf> bug 1039919 1039917
19:31:25 <d-caf> #link https://bugzilla.redhat.com/show_bug.cgi?id=1039917
19:32:02 <Sparks_too> d-caf: And Python is saying they won't fix it?
19:32:20 <bvincent> #link http://bugs.python.org/issue14621
19:33:28 <d-caf> They aren't packporting to before 3.4 and the fix is very involved
19:34:09 <Sparks_too> Well, it's unfortunate but I guess the vulnerability will be in Python 2.7 and <3.4
19:34:23 <bvincent> Per upstream as d-caf stated, "I think that's just WONTFIX at this point."
19:34:33 <jrusnack> https://bugzilla.redhat.com/show_bug.cgi?id=1039915#c4
19:34:57 <Sparks_too> Yeah, the CVE tracker has been closed.  The vulnerability was also downgraded to a moderate.
19:35:12 <Sparks_too> I guess we just close those tickets as WONTFIX and move on with life.
19:36:13 <d-caf> I can close them and state any work arounds mentioned and impact in each of the tickets (there are actually 3 linked to this CVE)
19:37:34 <Sparks_too> d-caf: +1
19:37:41 <Sparks_too> Okay, anything else?
19:40:33 <Sparks_too> Thanks everyone for coming today.  There will be more coming out on the mailing list soon.
19:40:55 <d-caf> Ok, thanks!
19:41:11 <Sparks_too> #endmeeting