Meeting started at 2026-05-21 15:00:03 UTC

The Meeting name is 'Fedora Meeting 3'

The Meeting Name is now security-sig

!hi

Chris (py0xc3): Christopher Klooz (py0xc3) - he / him / his

!hi

Daniel Milnes: Daniel Milnes (thebeanogamer) - he / him / his

oops wrong date...

I might have an update about fedora-downstream-hardening soon and might seek some collaboration regarding package maintaining, but that is not yet mature for a discussion here.

Keep us in the loop of there's ways we can assist

two bugs identified, incl. one in systemd :D took some time to mitigate as it will take some time until that is fixed upstream

anything from you Daniel Milnes

Just the usual "help with the docs site please" to try and avoid the kerfuffle we had earlier in the week

And a desire to buy a beer for anyone involved in kernel maintaince

the "main page" is worth to be discussed, maybe along with re-discussing goals & targets for the SIG, but I think we might wait for a meeting with more people being here

+1 for that

I guess Justin will get a lot of free beer at Flock :)

Hah

at least, I hope so ^^

There are some reports that there are open code paths in our 204, but I guess that is already known? I didn't really follow the topic today/yesterday due to a lack of time :(

205 is building right now

I didn't verify, but just saw the posts today: https://discussion.fedoraproject.org/t/updates-to-fix-current-security-issues-of-the-linux-kernel-dirtyfrag-fragnesia-etc-regularly-updated-topic-follow-posts/190864/24 & https://discussion.fedoraproject.org/t/updates-to-fix-current-security-issues-of-the-linux-kernel-dirtyfrag-fragnesia-etc-regularly-updated-topic-follow-posts/190864/26

Cool, I'll update the topic then later

Has anyone read into https://forge.fedoraproject.org/security/tickets/issues/7 yet?

I have not had a chance to yet

No, but at a first skim, I am not sure if the summary of the ticket fits the blog. Also, I am wondering, if that is so serious and affecting all TPM2 (on our side?) and not just some implementations, this is not wider considered. Don't find much of this "filesystem confusion attack".

Might be worth a skim, but actually I am reluctant to assume this is super serious. I can prepare any cryptsetup in a way that it can be broken. It would be a problem if that would be the default though

Not the biggest fan of most tpm2 implementations anyway...

Is anything known of the background of the many patches in 7.0.10?

I first thought it might be a type of mass revert or so, to mitigate the impact of the current issues, but skimming rc1, this seems not the case

hey guys, I'm getting pulled into another meeting. can someone close out the meeting when you're all done.

It's just the \!\endmeeting I think? I can do, but might need to leave myself in ~10 minutes

yup just the ! and endmeeting

ok. I assume its not necessary to be done by the one who started (?)

nope the bot will take it from anyone.

I think we're done anyway.

But actually since no one else is talking, I'll just end it here.

we can continue in the sec channel

Does anyone have another point? Otherwise we can end it for today and shift everything to the channel

Yes, true

Shift it to channel