14:09:54 <d-caf> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:09:54 <zodbot> Meeting started Thu Jan  7 14:09:54 2016 UTC.  The chair is d-caf. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:09:54 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:09:54 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:10:24 <d-caf> #meetingname Fedora Security Team
14:10:24 <zodbot> The meeting name has been set to 'fedora_security_team'
14:10:35 <d-caf> #topic Roll Call
14:11:00 * d-caf who of course chose the miss named meeting start line to use...
14:11:41 <jtaylor90> heh
14:13:54 <d-caf> Anyone else? mhayden ?
14:14:40 <mhayden> yo!
14:14:47 <d-caf> :-)
14:15:06 <d-caf> Buehler? Buehler?
14:15:43 <d-caf> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:15:52 <d-caf> #topic Follow up on last week's tasks
14:16:21 <d-caf> So tasks from several weeks ago...
14:16:35 <d-caf> I did a little update to the security training/apprentice wiki pages
14:16:43 <d-caf> but nothing major
14:17:48 <d-caf> Not sure Sparks got all his PS Certification information up to the wiki yet either
14:18:08 <d-caf> Anyone else have tasks?
14:18:38 <mhayden> i haven't had a chance to dig into that page quite yet :/
14:18:39 <fenrus02> #link https://fedoraproject.org/wiki/Information_Security_Training
14:19:39 <jtaylor90> not me, I have been horribly out of touch as of late..
14:19:50 <d-caf> #link http://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:20:20 <mhayden> there's still talk of an in-person meetup, right?
14:20:21 <d-caf> Yeah, been busy last few weeks with end of year stuff as well.
14:20:57 <d-caf> #topic Security Team Fedora Activity Day
14:21:13 <d-caf> Yeah, that was next thing i was going to mention
14:21:32 <d-caf> #link http://whenisgood.net/8fshcdf/results/9czp49s
14:21:58 <d-caf> looks like we are narrowed down to March 4th or 11th now
14:22:22 <d-caf> based on those that have filled out "When is Good"
14:23:17 <d-caf> I try and ping Sparks via email to see if we can't choose a day this week, so if you haven't added availability to that, please do so soon
14:24:21 <d-caf> #action d-caf to email sparks about picking a date for the Security team in person in the DC Metro area
14:25:13 <d-caf> Sparks was also looking into video conference options, but no idea where that is
14:26:11 <d-caf> #topic Security Bugs Status
14:26:31 <d-caf> Sorry, I don't have the scripts for the bug status reports
14:26:35 * mhayden is running it now
14:26:47 <d-caf> Anyone have any questions/concerns?
14:27:17 <Astradeus> oh - uhm - meeting? anyone already sent out the weekly report?
14:27:28 <d-caf> There are still 14 unowned Important security bugs in the queue
14:27:36 <mhayden> http://paste.fedoraproject.org/308192/45217684/ <-- this week's report
14:28:10 <d-caf> #link http://paste.fedoraproject.org/308192/45217684/
14:28:51 <d-caf> Interesting that says 18 unowened, but going to the site shows only 14
14:29:05 <d-caf> #link https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&f1=priority&f2=bug_severity&j_top=OR&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=4282241&o1=substring&o2=substring&query_format=advanced&status_whiteboard=fst_owner%3D&status_whiteboard_type=notregexp&v1=high&v2=high
14:29:49 <d-caf> hmm, the webpage search assumed they have a status of new or assigned
14:33:13 <d-caf> Well other than needing to push on some bug fixes, and that Tomcat is finally seeing an update on EPEL, I don't have much to report.
14:33:17 <d-caf> Anyone else?
14:33:40 * d-caf mhayden thanks for running the report :-)
14:33:56 <Astradeus> my script somehow sees one urgent and one unspecified prio bug, which i can't verify via the web interface.. need to debug..
14:34:02 <mhayden> no problemo
14:34:20 <mhayden> Astradeus: i think i put in a fix for that a while back -- excluding some RHEL/CentOS stuff
14:34:48 <d-caf> Astradeus: may also be related to checking priority field vs severity field
14:35:18 <d-caf> Though, I think it more likely what mhayden said, looking at the report...
14:35:55 <Astradeus> looks like it. will check until next week
14:36:50 <d-caf> anything else bug related?
14:37:58 * mhayden yields
14:40:54 <d-caf> #topic Open floor discussion/questions/comments
14:41:47 <d-caf> I don't really have anything else, other than the general need to pick up on bug work
14:42:32 <mhayden> i'd still like to get automation and/or auto-nagging set up for security bugs that exist in bugzilla
14:45:36 <d-caf> Wasn't there someone else who had some scripts or work related to that?
14:45:42 <d-caf> as well
14:47:22 <mhayden> i'm not quite sure
14:47:28 <mhayden> but i'd be willing to build something
14:48:31 <d-caf> I'm all in favor of auto-nagging :-), but question, do we have to manually start the auto-nagging?
14:49:33 <d-caf> What I mean is that some tickets get labeled security and fix it, but if you do the review it might actually not be an issue or it's not a security issue
14:49:58 <d-caf> Would we want the auto-nagging starting before that review is complete?
14:50:00 <mhayden> i feel like that's the pkg maintainer's job, to be honest
14:51:00 <d-caf> I don't know, I've had package maintaners tell me it's not a security issue, and then when I go through the process of outlining how I would take advantage of the bug they changed there mind...
14:51:43 <mhayden> hmm, that may be something we can talk about in person perhaps
14:52:10 <d-caf> True, and doesn't change the needing of the script, just how that script starts it's work
14:54:09 <d-caf> mhayden: do you want to take an action to looking into coding up some form of auto-nag nanny?
14:54:20 <mhayden> can do
14:54:54 <d-caf> #action mhayden to look into coding up some form of auto-nagging system for security tickets in bugzilla
14:56:07 <d-caf> Almsot out of time, anything else?
14:56:18 <mhayden> nothin for me
14:56:35 <d-caf> I'd blame my typing on my new keyboard tray, but it happens all the time...
14:58:52 <d-caf> ok, that's it then, see you next week and on the list...
14:59:00 <d-caf> #endmeeting