#fedora-meeting-1 log

19:00:25 <Sparks_too> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
19:00:25 <zodbot> Meeting started Wed Oct  1 19:00:25 2014 UTC.  The chair is Sparks_too. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:25 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:00:28 <Sparks_too> #meetingname Fedora Security Team
19:00:28 <zodbot> The meeting name has been set to 'fedora_security_team'
19:00:32 <Sparks_too> #topic Roll Call
19:00:34 * Sparks_too 
19:00:37 <bvincent> .fas bvincent
19:00:38 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent@asu.edu>
19:01:00 <d-caf> here
19:04:17 <Sparks_too> Okay, small crowd...
19:04:29 * Sparks_too did update the agenda just for today.
19:04:36 <Sparks_too> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
19:04:44 <Sparks_too> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
19:04:52 <Sparks_too> #topic Follow up on last week's action items
19:05:04 <Sparks_too> Umm... I don't think we had anything from last week.
19:05:05 <Sparks_too> :)
19:05:12 <Sparks_too> #topic bash vulnerability
19:05:24 <d-caf> There were some action items
19:05:31 <Sparks_too> #undo
19:05:31 <zodbot> Removing item from minutes: <MeetBot.items.Topic object at 0x2afa7b50>
19:05:43 <Sparks_too> d-caf: Yes, but I suck at running meetings so...  :)
19:06:21 <d-caf> Well, there was the possible new meeting time survey, and I forgot to ping you about how to handle orphans and documentation
19:06:50 <d-caf> So no action on the action items from last week, roll to this week?
19:06:50 <Sparks_too> Okay, I've pulled up last week's notes
19:06:57 <Sparks_too> #link http://meetbot.fedoraproject.org/fedora-meeting-1/2014-09-24/fedora_security_team.2014-09-24-19.00.txt
19:07:30 <Sparks_too> #action Sparks_too to actually send out the meeting minutes
19:07:36 * jsmith shows up late for another meeting
19:07:48 <jsmith> (Silly time zones when you're halfway around the world)
19:07:48 <Sparks_too> Okay, I didn't comment on the releng ticket to support a security repo.  I'll do so today.
19:07:56 <revskills> o/ thoger
19:08:09 <Sparks_too> #action Sparks_too to comment on the releng ticket in support of a security repo.
19:08:13 <Sparks_too> jsmith: Welcome!
19:08:18 <bvincent> Sparks +1
19:08:24 <jsmith> +1 from me
19:08:39 <Sparks_too> Officially, that was the only action item.  Yes, we do need to discuss meeting times.
19:09:00 <Sparks_too> #topic Bash vulnerability
19:09:18 <Sparks_too> Okay, so apparently there was a Bash vulnerability last week (maybe you heard something about it).
19:09:27 <Sparks_too> Are there any questions regarding the vulnerability?
19:09:38 <bvincent> Fully patched - not much to say.
19:09:57 <Sparks_too> pretty much
19:10:03 <bvincent> How was the Fedora response time in comparison to other distributions?
19:10:23 <Sparks_too> Our beloved Florian wrote the fix.  Send him flowers and candy if you appreciate his work.
19:10:56 <bvincent> I tend to use zsh... lol
19:11:05 <Sparks_too> bvincent: I've not heard, exactly.  There were different fixes that other distros were using.
19:11:24 <bvincent> I know upstream was partially responsible for the early incomplete fix.
19:11:31 <Sparks_too> bvincent: The slowness of our repos made it take a lot longer than it should to get the fix out to people.
19:11:42 <bvincent> Once again, a good reason to support a security repo.
19:12:10 <Sparks_too> yes
19:12:39 <Sparks_too> bvincent: FWIW, we beat the socks off of Apple.
19:12:55 * Sparks_too notes their patch was delivered on Monday.
19:12:59 <bvincent> Sparks_too: I saw the US-CERT announcement.
19:13:16 <bvincent> Sparks_too: I'm sure half the versions of OS X people use are still unpatched.
19:13:31 <nirik> releng has discussed an 'urgent updates' repo... Please help add comments/ideas/process to https://fedoraproject.org/wiki/Urgent_updates_policy so we can figure out things.
19:13:34 <Sparks_too> Apparently US-CERT and NIST linked to RH's security blog... My Thursday was interesting.
19:13:44 <bvincent> +1 to Red Hat
19:13:48 <Sparks_too> nirik: +1
19:14:11 <Sparks_too> nirik: Is there anything you'd like to say, specifically?
19:14:28 <d-caf> RH's blog had a nice writeup
19:14:43 <nirik> Sparks_too: just asking for feedback... not sure what specifics you had in mind?
19:14:44 <d-caf> It went through twitter a fair amount as well
19:14:45 <Sparks_too> d-caf: Yeah, we had ~400k hits over three days.
19:14:58 <Sparks_too> nirik: That works.  I'm sure we'll hammer it a bit.
19:15:52 <Sparks_too> Okay, moving on
19:15:58 <Sparks_too> #topic Outstanding BZ Tickets
19:16:05 <Sparks_too> #info Wednesday's numbers: Critical 2, Important 50, Moderate 344, Low 125, Total 537, Trend -16
19:16:10 <Sparks_too> #info Current tickets owned: 173 (~32%)
19:16:15 <Sparks_too> #info Tickets closed: 107
19:17:01 <Sparks_too> In spite of the low attendance numbers in the meetings, we are owning more tickets and closing more cases every week.  Goes to show that this meeting isn't really necessary.  :)
19:17:08 <Sparks_too> Or, bvincent is doing all the work.
19:17:33 <Sparks_too> Thank you to everyone (whoever you are) for doing the work.  It is appreciated.
19:17:59 <Sparks_too> #topic APAC Meeting
19:18:00 <bvincent> I tend to find the packages that have been patched but not had their status updated in BZ.
19:18:12 <Sparks_too> #info Only two people took the survey to establish a new meeting.
19:18:31 <Sparks_too> #idea Redo the whenisgood for this meeting.
19:18:54 <Sparks_too> Perhaps we should redo the *entire* whenisgood and try for a global meeting time.
19:19:36 <d-caf> I'm fine with that
19:20:14 <d-caf> I may regret it in the end, but so be it
19:22:03 <Sparks_too> Okay, I'll set that up today.
19:22:18 <Sparks_too> #action Sparks_too to redo the whenisgood for a global meeting time.
19:22:23 <Sparks_too> #topic Open floor discussion
19:22:27 <Sparks_too> Anyone have anything?
19:25:40 * Sparks_too hears nothing
19:27:36 <Sparks_too> Okay, thanks for coming.
19:27:38 <Sparks_too> #endmeeting