fedora_security_team
LOGS
14:03:55 <Astranox> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:03:55 <zodbot> Meeting started Thu Mar 18 14:03:55 2021 UTC.
14:03:55 <zodbot> This meeting is logged and archived in a public location.
14:03:55 <zodbot> The chair is Astranox. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:55 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:03:55 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:04:00 <Astranox> #meetingname Fedora Security Team
14:04:00 <zodbot> The meeting name has been set to 'fedora_security_team'
14:04:09 <Astranox> #topic Roll Call
14:04:15 <Astranox> .hello astra
14:04:16 <zodbot> Astranox: astra 'David Kaufmann' <astra@ionic.at>
14:04:22 <jforbes> .hello2
14:04:23 <zodbot> jforbes: jforbes 'Justin M. Forbes' <jforbes@redhat.com>
14:04:55 <copperi> .hello2
14:04:56 <zodbot> copperi: copperi 'Jan Kuparinen' <copper_fin@hotmail.com>
14:07:19 <Astranox> so lets start
14:07:31 <Astranox> #topic Group Approvals
14:08:28 <Astranox> it seems no one new is around to approve. should we set a deadline for all the remaining open requests?
14:09:07 <jforbes> So, catching up on notes from previous meetings, I have a standing conflict.  I am guessing this is the FAS group approvals?
14:10:54 <Astranox> i do think so
14:11:24 <Astranox> we have a lot of open requests, i think a lot of them automated requests
14:12:16 <copperi> jforbes: what is your fas ?
14:12:23 <jforbes> copperi: jforbes
14:13:32 <Astranox> what's the conflict you're seeing?
14:14:16 <jforbes> Scheduling conflict, I have another meeting at this time as well
14:14:31 <jforbes> I can make it work depending on the agenda in that meeting
14:15:52 <Astranox> I'm quite flexible about the meeting, as long it is something reasonable to european timezones (so not something like 3am local time)
14:16:25 <Astranox> but lets finish this one first - what about open fas group requests?
14:16:31 <copperi> Should we move it forward one hour ?
14:16:49 <jforbes> We can cover that in open floor
14:18:43 <jforbes> So, it might be worth cleaning up older unapproved requests, a lot of people request random groups as they go through the list when new without understanding what they are asking for
14:19:43 <jforbes> So for older requests, you can decline with a note link to current activities and tell them to re-ask if they are interested
14:20:15 <Astranox> that sounds like a good idea
14:20:18 <jforbes> I know with some SIGs we also have a barrier to remain active, usually a low bar, attend 1 meeting per year, or 6 months, but it makes it easier to mangage
14:21:47 <Astranox> currently that would strip the group down to about five people, as we started to get activity back only recently
14:21:57 <Astranox> but in general that might be a good idea
14:22:46 <copperi> We should clean up all old requests.
14:22:46 <jforbes> Well, it has literally been years since there was any activity at all, so it makes sense to reset a bit
14:23:57 <jforbes> There was 0 mail to the list between 6/2019 and this year
14:24:45 <Astranox> jforbes: i've just seen that you requested approval, so i didn't think of checking the approval list, as i definitely know copperi is already on it
14:25:09 <Astranox> well, that sentence misses a bit
14:25:13 <jforbes> I think copperi just added me
14:25:25 <Astranox> i thought that you already were in the group, so i didn't check the list
14:25:38 <copperi> But can't find a place to approve you
14:26:06 <jforbes> I am not overly concerned. what is locked behind group access?
14:26:17 <Astranox> i've done that now
14:26:36 <Astranox> editbugs, but you've most likely already have that
14:26:55 <jforbes> Right
14:28:38 <Astranox> unless i'm mixing you up with the person i know from the security team in about 2015 and now have given a random person access ;)
14:29:16 <jforbes> No, that was me, I have been around for a good bit of time
14:29:33 <Astranox> copperi: you should have access to the moderation queue, it even should show it when logging in to fas2
14:29:47 <jforbes> But also proven packager and such, so already have most access
14:31:14 <copperi> I have the queue, but no approve button.
14:31:56 <Astranox> it seems I can't just decline with a note
14:32:05 <Astranox> copperi: it's named "sponsor"
14:32:33 <jforbes> Astranox: FAS is being replaced in a week or 2 right? Perhaps it will be easier then, or even clear the queue for us
14:33:02 <Astranox> we have written an email to all the requests since a few months, and only one person has joined the irc meeting
14:33:18 <Astranox> so would it be ok to just decline without a note?
14:33:28 <copperi> I don't see my unapproved groups on the new system, so maybe they go away automatically
14:33:37 <jforbes> I think so
14:33:48 <Astranox> jforbes: haven't tried out the new system yet
14:34:05 <Astranox> ok, then lets wait for the new one
14:34:28 <Astranox> next item?
14:35:10 <jforbes> I did want to bring up Red Team
14:35:56 <jforbes> The old Fedora Red Team SIG that was mentioned in the meeting a couple of weeks ago is no longer a Fedora SIG
14:36:09 <Astranox> #topic Red Team
14:36:20 <jforbes> Basically the project moved from a Fedora SIG to a Linux Foundation Sponsored project a couple of years ago
14:36:24 <jforbes> https://redteamproject.org/
14:37:04 <copperi> ok, should I make a note on the wiki ?
14:37:22 <jforbes> Yes, that is probably a good idea
14:40:35 <Astranox> that sounds great! I've seen you already on the steering-committee page ;)
14:41:40 <Astranox> it seems it also grew quite a lot
14:41:51 <jforbes> Indeed, it really moved over in 2019, and has been making pretty steady progress.
14:43:42 <copperi> Looks nice, a link added to wiki
14:44:12 <Astranox> is there anything where we can help?
14:45:21 <jforbes> Astranox: there is quite a bit, depending on where your interests lie. https://github.com/redteam-project has a lot of areas
14:45:27 <Astranox> huzaifas might be interested also, was here a few meetings ago and also worked in this direction iirc
14:47:09 <Astranox> should we go to the next item?
14:47:25 <copperi> yes
14:47:40 <Astranox> #topic Follow up on last week's tasks
14:48:45 <Astranox> I've wrote with ben cotton about the open security tracking bugs, who told me to ask one of people opening those recently, so I've contacted gsuckevi and am in contact about the old unresolved security tracking bugs
14:48:56 <Astranox> didn't get to much more in the last week
14:49:14 <Astranox> anything else?
14:50:02 <copperi> open floor ?
14:50:10 <Astranox> #topic Choosing meeting date
14:50:27 <Astranox> we have that as defined agenda point already :)
14:51:04 <copperi> I think date is ok, should starting time be 15.00 UTC ?  (an hour later than now)
14:51:16 <Astranox> fine with me
14:51:28 <jforbes> An hour later would definitely be better for me
14:52:03 <jforbes> It is also a question of whether weekly are really needed, or if we go to every other week?
14:52:44 <Astranox> the server team currently has the problem that a lot of people forget, in which weeks the meeting is
14:53:24 <Astranox> i think weekly of something like "first $weekday every month" would be better
14:53:59 <jforbes> Well, if we send out meeting reminders to the mailing list, or similar, it wouldn't be an issue. But I am fine with weekly as well if there is agenda
14:55:32 <Astranox> #agreed We move the meeting to an hour later (15:00 UTC)
14:55:42 <Astranox> #action Astra to update the calendar entry
14:56:15 <Astranox> #topic Open floor discussion/questions/comments
14:58:30 <Astranox> anything for this topic? otherwise I'd end the meeting
14:59:21 <jforbes> Nothing here
14:59:55 <Astranox> in that case: Thanks for attending the meeting!
14:59:59 <Astranox> #endmeeting