fedora_security_team
LOGS 
14:00:01 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:02 <zodbot> Meeting started Thu May 12 14:00:01 2016 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:02 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:00:05 <Sparks> #meetingname Fedora Security Team
14:00:05 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:07 <Sparks> #topic Roll Call
14:00:08 * Sparks 
14:01:46 <Astradeus> .fasinfo astra
14:01:47 <zodbot> Astradeus: User: astra, Name: David Kaufmann, email: astra@ionic.at, Creation: 2013-11-27, IRC Nick: Astradeus, Timezone: Europe/Vienna, Locale: en, GPG key ID: 5CBED71B23D2450E, Status: active
14:01:50 <zodbot> Astradeus: Approved Groups: fedorabugs security-team cla_fpca cla_done
14:04:17 <linuxmodder> .fasinfo linuxmodder
14:04:52 <linuxmodder> .fas linuxmodder
14:05:18 * zoglesby is here
14:05:24 <zodbot> linuxmodder: User: linuxmodder, Name: Corey W Sheldon, email: sheldon.corey@openmailbox.org, Creation: 2016-04-24, IRC Nick: linuxmodder, Timezone: US/Eastern, Locale: en, GPG key ID: 8C5079D6C62BC78F 8B4E89435A88E539 59276298D2264944, Status: active
14:05:28 <zodbot> linuxmodder: Approved Groups: freemedia docs fedora-join security-team magazine commops marketing ambassadors fedorabugs qa fi-apprentice cla_done cla_fpca
14:05:31 <zodbot> linuxmodder: linuxmodder 'Corey W Sheldon' <sheldon.corey@openmailbox.org>
14:06:14 * Sparks updates the agenda for today
14:06:20 <linuxmodder> damn zodbot is  laggy today :(
14:07:35 * Sparks waves at zodbot
14:07:38 * Sparks waves at zoglesby
14:07:54 <Sparks> zoglesby: Welcome, nice that you could join us today.  :)
14:08:17 <zoglesby> I was in jury duty last week. Judge tends to not like people on phone
14:08:37 <linuxmodder> damn judge :)
14:08:47 <Sparks> zoglesby: That's why you bring a laptop
14:10:25 <linuxmodder> or tell the judge  I can't do things for this  1  hr  block cool?
14:10:26 <linuxmodder> :)
14:10:44 <Sparks> Okay, lets get started
14:10:53 <Sparks> #chair zoglesby linuxmodder Astradeus
14:10:53 <zodbot> Current chairs: Astradeus Sparks linuxmodder zoglesby
14:11:01 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:11:06 <Sparks> #topic Follow up on last week's tasks
14:11:16 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over)
14:11:26 <Sparks> #action  Sparks to figure out how FST members can get access to Fedora security bugs (carried over)
14:11:36 <Sparks> #action  zoglesby to update the reading list for the Apprenticeship (carried over)
14:11:43 <zoglesby> I did that!
14:11:46 <Sparks> Woot
14:11:51 <zoglesby> https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training
14:11:51 <Sparks> #undo
14:11:51 <zodbot> Removing item from minutes: <MeetBot.items.Link object at 0x7f34a6feba90>
14:12:15 <Sparks> #info zoglesby completed his update to the reading list for the Apprenticeship
14:12:26 <linuxmodder> still need to  do the securityguide  rewrite myself :(
14:12:30 <Sparks> #action Sparks to garden the Koji wiki pages to standardize the pages and add a category or two. (carried over)
14:12:41 <Sparks> #action d-caf to continue working on private builds in koji, bodhi, and distgit. (carried over)
14:12:53 <Sparks> #action Sparks to follow up on the shipping of non-Linux binaries of the USB ISO tool.
14:12:57 <Sparks> #info In Progress
14:13:11 <Sparks> #action Sparks to get stats on the number of vulns that were embargoed that affected Fedora/EPEL. (carried over)
14:13:19 <Sparks> Okay, I think that's all from last week.
14:13:38 <Sparks> #topic Apprenticeship
14:13:43 <Sparks> zoglesby: You have the floor
14:14:14 <zoglesby> Um, please check the link I posted above, and make sure I did not miss anything.
14:14:39 <zoglesby> That is all that I have on that topic for today
14:14:54 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training
14:15:00 <Sparks> Well, that was anti-climatic.
14:15:28 <zoglesby> I try
14:15:43 <Sparks> heh
14:15:55 <Sparks> #topic Windows/OS X Tools in F25
14:16:03 <Sparks> #link https://fedorahosted.org/fedora-security-team/ticket/1
14:16:11 <Sparks> mattdm: You around?
14:17:29 <Sparks> I've not had a chance to dive into this topic as much as I wanted to...
14:18:25 <Sparks> Basically, there is a desire to ship a Windows and a OS X binary.  The question is what security rules need to apply to such a binary.
14:19:02 <Sparks> I think at a minimum the binaries should be built in a trusted environment (e.g. Koji) and be signed.
14:19:05 <Sparks> Anyone else?
14:20:31 <linuxmodder> windows will need 2  singing keys one from M$ and ours
14:21:01 <linuxmodder> or we will need users to use  'test mode'
14:22:08 <Sparks> Right, and I don't think that's a good thing to do
14:23:22 <linuxmodder> same
14:23:56 <linuxmodder> how was  the  current  liveUSBcreator  legal then don't remember it  needing  'testmode'
14:24:08 <Sparks> Is it compiled for Windows?
14:25:26 * Sparks dodm
14:25:28 <Sparks> grrr
14:25:32 * Sparks didn't think it was
14:26:24 <Sparks> Okay, lets move on.  I encourage everyone interested in this to follow the ticket.
14:26:39 <Sparks> #topic Outstanding BZ Tickets
14:26:48 <Sparks> #info No new numbers for this week.
14:27:02 <Sparks> Does anyone have anything regarding tickets to discuss this week?
14:29:04 <zoglesby> no
14:29:50 <Sparks> #topic Open floor discussion/questions/comments
14:29:59 <Sparks> Okay, anyone have anything they want to discuss?
14:30:03 <zoglesby> yes
14:30:25 <zoglesby> please don't spend much time on the security guide << linuxmodder
14:30:49 <Sparks> heh
14:30:56 <Sparks> zoglesby: And your reasoning is???
14:30:59 <zoglesby> The whole book needs to be redone, we are going to move docs to asciidoc, and moving to a topical based format as well
14:31:30 <linuxmodder> mostly  doing stuff for  24  release stuff I remember all that
14:32:34 <Sparks> I think there's a tool to take DocBookXML and turn it into asciidoc.
14:33:37 <zoglesby> Sparks: yes, but we are not going to be doing things in the big read from front to back style any more.
14:33:43 <linuxmodder> zoglesby,   re: trainign wiki attach or  sign with ?
14:34:05 <Sparks> zoglesby: Got some information you can point us to?
14:34:18 <zoglesby> linuxmodder: don't know what you are asking
14:34:27 <zoglesby> Sparks: should be on the community blog today
14:34:37 <Sparks> okay
14:34:43 <linuxmodder> zoglesby,  in intro here: https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training
14:34:46 <mattdm> Sparks: sorry missed ping earlier (In another meeting)
14:34:54 <linuxmodder> attach gpg to email or  sign email with said  gpg key
14:35:16 <linuxmodder> I ask as I sign all but  rarely  attach a copy
14:35:57 <Sparks> mattdm: Just talking about the binaries for Windows and OS X
14:36:09 <zoglesby> We are only talking about the Training section, that other stuff was old, but the point was telling people what your GPG key is. I don't care how you go about it
14:36:19 <linuxmodder> and what was needed for  legalities
14:37:06 <mattdm> Sparks: yeah. Have you heard a plan from the team working on that? They'd like to do something more lightweight than getting full support set up in koji
14:37:33 <linuxmodder> I'd say  we  change that to say:    upload gpg to  FAS profile /  gpg keyserver(s) of  choice, keys.fedoraproject.org  preferred, and sign emails within team
14:37:37 <Sparks> mattdm: I've not heard anything.  Perhaps someone could update https://fedorahosted.org/fedora-security-team/ticket/1?
14:37:59 <mattdm> Sparks: I'll check in with them
14:38:27 <Sparks> mattdm: I'd prefer to have a specific question asked.
14:38:59 <mattdm> Sparks: yep that's fair. I don't think we're expecting *you* to devise a plan
14:39:06 <Sparks> Right
14:39:37 <Sparks> FWIW, I added some information regarding signing.
14:40:54 <Sparks> Okay, anything else?
14:41:39 <Astradeus> nothing meeting specific
14:43:48 <Sparks> Okay, I guess we can adjourn here and move back to #fedora-security-team for some light refreshments.
14:43:55 <Sparks> Thank, all, for coming out and joining us today!
14:43:58 <Sparks> #endmeeting
Meetbot Logs © 2021-2022 Fedora Websites and Apps Team (Sources)