fedora_security_team
14.00
November 05, 2015
fedora-meeting
#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
Meeting started by Sparks at 14:00:21 UTC
(full logs ).
Meeting summary
Roll Call (Sparks , 14:00:26)
https://lists.fedoraproject.org/pipermail/security-team/2015-November/000401.html
(mhayden ,
14:05:21)
Participants are reminded to make liberal use
of #info #link #help in order to make the minutes "more
better" (Sparks ,
14:14:32)
Follow up on last week's tasks (Sparks , 14:15:03)
ACTION : Sparks to
talk with mattdm regarding private security tickets in BZ.
(Sparks ,
14:15:26)
This was started but hasn't really moved
forward. (Sparks ,
14:15:42)
ACTION : Sparks to
discuss using Bluejeans for an online GPG key signing event
(Sparks ,
14:15:50)
This isn't mandatory so if you don't feel
comfortable participating or don't feel comfortable with not holding
an ID in your hands then you don't have to participate. (Sparks ,
14:18:05)
ACTION : mhayden to
get Astradeus' changes to the stats script into the
fedora-security-team git repo (Sparks ,
14:22:29)
ACTION : pjp to give a
status update on security policy in the wiki (carried over)
(Sparks ,
14:23:37)
Education and Training (Sparks , 14:23:42)
https://fedoraproject.org/wiki/Information_Security_Training
(Sparks ,
14:23:49)
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm
- should it be there? (fenrus02 ,
14:25:27)
https://wiki.mozilla.org/Security/Server_Side_TLS
.. and ..
https://mozilla.github.io/server-side-tls/ssl-config-generator/ ?
or too much detail ? (fenrus02 ,
14:27:53)
Astradeus' changes for the script are now
merged ;) (mhayden ,
14:27:59)
Outstanding BZ Tickets (Sparks , 14:31:29)
Thursday's numbers: Critical 1 (0), Important
40 (0), Moderate 457 (+11), Low 170 (+8), Total 668 (Sparks ,
14:31:36)
Current tickets owned: 85 (Sparks ,
14:31:42)
IDEA : FST gets copied
on critical and important CVEs that come to Fedora/EPEL.
(Sparks ,
14:34:49)
ACTION : Sparks to
work with PST to get our mailling list included on BZ tickets for
critical and important CVEs. (Sparks ,
14:39:03)
Apparently FST members can't look at security
bugs. This is likely a problem if we're supposed to be fixing such
things. (Sparks ,
14:40:32)
ACTION : Sparks to
figure out how FST members can get access to Fedora security
bugs (Sparks ,
14:40:47)
Anyone finding a security bug in Fedora that
doesn't have a CVE should let PST know so we can get a CVE issued.
secalert@redhat.com (Sparks ,
14:41:32)
Open floor discussion/questions/comments (Sparks , 14:43:34)
Meeting ended at 14:46:52 UTC
(full logs ).
Action items
Sparks to talk with mattdm regarding private security tickets in BZ.
Sparks to discuss using Bluejeans for an online GPG key signing event
mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
pjp to give a status update on security policy in the wiki (carried over)
Sparks to work with PST to get our mailling list included on BZ tickets for critical and important CVEs.
Sparks to figure out how FST members can get access to Fedora security bugs
Action items, by person
Astradeus
mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
mattdm
Sparks to talk with mattdm regarding private security tickets in BZ.
mhayden
mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
Sparks
Sparks to talk with mattdm regarding private security tickets in BZ.
Sparks to discuss using Bluejeans for an online GPG key signing event
Sparks to work with PST to get our mailling list included on BZ tickets for critical and important CVEs.
Sparks to figure out how FST members can get access to Fedora security bugs
People present (lines said)
Sparks (72)
mhayden (17)
fenrus02 (6)
Astradeus (6)
zodbot (4)
mattdm (3)
rishi (2)
jsmith (1)
Generated by MeetBot 0.1.4.