fedora_security_team
MINUTES
14:00:03 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:03 <zodbot> Meeting started Thu Mar 31 14:00:03 2016 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:03 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:00:06 <Sparks> #meetingname Fedora Security Team
14:00:06 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:09 <Sparks> #topic Roll Call
14:00:10 * Sparks 
14:00:20 * d-caf 
14:01:10 * mhayden woots
14:03:06 <Sparks> zoglesby jsmith: Good morning!
14:03:42 <zoglesby> yeah, yeah. I am here
14:06:08 * Sparks gives everyone a few more minutes to arrive
14:06:13 <Astradeus> hi :)
14:06:43 <d-caf> Astradeus: HI!!
14:07:58 <Sparks> Astradeus: Welcome
14:08:06 <Sparks> Okay, lets get started
14:08:12 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:08:29 <Sparks> #chair d-caf mhayden zoglesby Astradeus
14:08:29 <zodbot> Current chairs: Astradeus Sparks d-caf mhayden zoglesby
14:08:38 <Sparks> #topic Follow up on last week's tasks
14:08:50 * Sparks notes pjp isn't here today
14:09:01 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over)
14:09:11 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs (carried over)
14:09:28 <Sparks> d-caf: Did you work on the Koji and Bodhi private builds topic?
14:09:47 <d-caf> Sparks: No was out traveling all last week, so getting ramped back up this week, sorry
14:09:56 <Sparks> no problem
14:10:05 <Sparks> #action  pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities.
14:10:14 <Sparks> #action  Sparks to contact gd to see if he is working on a patch for samba in Fedora.
14:10:33 <Sparks> Okay, that's all from last week...  I think we got one things marked off.
14:10:38 <Sparks> #topic Apprenticeship
14:10:58 <Sparks> #info zoglesby sent a message to the list regarding Apprenticeship training
14:11:05 <Sparks> #link https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproject.org/thread/NCCG4ZFQ4IWA62OV4FVAIOMJQPE6Y7NR/
14:11:06 <zoglesby> I did that!
14:11:14 <Sparks> zoglesby: Would you like to lead this discussion?
14:11:38 <zoglesby> no, I think I said in the email we don't need to talk about it here :)
14:11:40 <d-caf> zoglesby: thanks, helped prod me to remember to add two more training links I found (adde this morning)
14:11:57 * c0mrad3 hi guys
14:12:01 <zoglesby> but really, please read the docs and reply to the list what you think are good for entry level security folks
14:12:53 <zoglesby> We don't want to make the list to large, so once we have a list of stuff we may need to make it shorter, but we need to start with something before we can do that
14:12:55 <c0mrad3> #info Tummala Dhanvi UTC+5:30, CommOps,Docs,Security,*
14:12:56 <d-caf> speaking of apprentiship, welcome c0mrad3 who mentioned wanting to join the apprentiship
14:13:12 <c0mrad3> yes :)
14:13:41 <zoglesby> Sparks: that is all I have for this topic
14:13:53 <Sparks> zoglesby: I actually had a dream that we finished doing this.
14:14:11 <zoglesby> #action everyone read the security docs
14:14:15 <mhayden> the list there in the wiki is quite comprehensive
14:14:24 <c0mrad3> what about the reading material for apprentiship
14:14:24 <Sparks> Okay, so I'll reply to the list and lets see if we can get this done before the next meeting
14:14:43 <c0mrad3> I think I have seen an email about the same
14:15:00 <zoglesby> mhayden: yep, that is the issue. We need a smaller list. We don't want to cause information overload
14:15:10 <Sparks> c0mrad3: Yeah, that's what we're talking about...  the email.  :)
14:15:17 <mhayden> perhaps we break it up into experience/maturity level?
14:15:39 <zoglesby> that is the plan, but we wanted to start with lowest level first
14:15:40 <d-caf> c0mrad3: There is a page here #link
14:15:45 <Sparks> mhayden: Yeah, we need to pull from that list what we think would be important for an apprentise to know
14:15:52 <d-caf> c0mrad3: There is a page here #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Reading
14:16:17 <d-caf> that we are building for apprentiship, feel free to take a look and add any commentes to the email list on your take comming in fresh
14:16:30 <c0mrad3> sure d-caf
14:16:54 <Sparks> Okay, lets move on
14:16:59 <d-caf> but mostly we need to find some focused security training from this page that's good for new people in security (there is a lot there) #link https://fedoraproject.org/wiki/Information_Security_Training
14:17:20 * Sparks skips the discussion regarding handling embargoed vulnerabilities for now
14:17:27 <Sparks> #topic Outstanding BZ Tickets
14:17:34 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 67 (0), Moderate 485 (0), Low 171 (+2), Total 723
14:17:41 <Sparks> +Tickets by Severity-+-------+---------+
14:17:41 <Sparks> | Severity | Tickets | Owned | Unowned |
14:17:42 <Sparks> +----------+---------+-------+---------+
14:17:42 <Sparks> | medium   | 485     | 40    | 445     |
14:17:42 <Sparks> | low      | 171     | 13    | 158     |
14:17:43 <Sparks> | high     | 67      | 30    | 37      |
14:17:46 <Sparks> +----------+---------+-------+---------+
14:18:11 <Sparks> Would someone like to start poking through the highs and see if we can mark any of them an easy fix?
14:18:22 <Sparks> easy fix == upstream has already released a fix
14:18:41 <d-caf> I've been working a few tickets the last two weeks, finally have movement and resolution on git and latex2rtf
14:19:09 <Sparks> woot!
14:19:12 <Sparks> d-caf++
14:19:13 <c0mrad3> I think git 1.8 have fixed a vuln
14:19:23 <Sparks> grr
14:19:46 <d-caf> d-caf vs dcafaro... I have to many handles...
14:20:20 <d-caf> Git is now 2.5.5 in fc23
14:20:21 <c0mrad3> dcafaro++
14:20:21 <zodbot> c0mrad3: Karma for dcafaro changed to 2 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:20:33 <Sparks> Yeah, that one.
14:20:35 <d-caf> fc22 also got an update
14:20:46 <Sparks> d-caf: You should really put your IRC nick into FAS.  :)
14:21:20 <c0mrad3> correction git 2.8! had fixed a vuln which is introduced in 2.7
14:21:20 <d-caf> Oh, yeah, that's probably a good idea :-)
14:21:45 <d-caf> v2.8 is FC24 and rawhide
14:22:00 <c0mrad3> or Sparks you can type his old handle like me :)
14:22:03 <d-caf> but patches are back ported to older versions for stability purposes when security
14:22:17 * c0mrad3 new to all these
14:25:27 <Sparks> Anything else regarding vulnerabilities?
14:26:06 <Sparks> #topic Open floor discussion/questions/comments
14:26:16 <Sparks> Anyone have anything?
14:27:01 <c0mrad3> !
14:27:12 <Sparks> c0mrad3: Go
14:27:37 <c0mrad3> Can some one mentor me for the first few bugs so that I get used to the work cycle of the team ?
14:27:54 <Astradeus> same request here :)
14:28:31 <Sparks> zoglesby: I believe you were the one that figured out what a mentor is...
14:29:19 <d-caf> I am willing to help try and mentor through a but or to, hit me up on email.  But i've got to head off to another meeting now
14:29:21 <Astradeus> i'd just like to follow the path one takes to close a bug - i think i can manage my own way from there
14:29:26 <d-caf> but/bug...
14:29:56 <Sparks> d-caf: Why don't you take c0mrad3
14:30:07 <Sparks> Astradeus: Either zoglesby or I will help you.
14:30:14 <Astradeus> thanks :)
14:30:24 <c0mrad3> cool
14:30:28 <d-caf> Sparks: sure c0mrad3 email me
14:30:34 <Sparks> #info d-caf will mentor c0mrad3
14:30:36 <zoglesby> sorry, was talking to someone else.
14:30:43 <zoglesby> That works for me
14:30:50 <Sparks> zoglesby: Do you want to mentor Astradeus?
14:31:04 <zoglesby> Sure, why not
14:31:08 <Sparks> #info zoglesby will mentor Astradeus
14:31:10 <Sparks> Great!
14:31:20 <Sparks> Okay, anyone have anything else?
14:31:46 <c0mrad3> zoglesby: I will ping you also if I am struck somewhere
14:32:34 <zoglesby> c0mrad3: talk to d-caf first. He is going to mentor you, but feel free to reach out to me, or anyone else if he can't help for any reason
14:33:05 <c0mrad3> sure zoglesby, I will make sure I will ping d-caf first
14:33:08 <Sparks> If no one has anything else they wish to discuss, we'll close for the day (and I'll have a few minutes to catch up before my next meeting)
14:34:05 <Sparks> Okay, thanks everyone for coming out today.
14:34:08 <Sparks> #endmeeting