#fedora-meeting log

14:00:06 <mhayden> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:06 <zodbot> Meeting started Thu Oct 15 14:00:06 2015 UTC.  The chair is mhayden. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:06 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:12 <mhayden> #meetingname Fedora Security Team
14:00:12 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:17 <mhayden> #topic Roll Call
14:00:22 * mhayden o/
14:00:22 * d-caf 
14:00:36 * Sparks 
14:01:26 <mhayden> i'll give it a few more minutes just in case
14:01:58 * Astradeus 
14:03:45 <mhayden> alrighty, i'll try to do my best sparks impression here ;)
14:03:51 <mhayden> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:04:00 <mhayden> #topic Follow up on last week's tasks
14:04:22 <mhayden> FabioOlive was going to make us a appear.in room -- which i think i saw an email about
14:05:06 * Sparks still can't get appear.in to work.
14:05:15 <mhayden> https://lists.fedoraproject.org/pipermail/security-team/2015-October/000379.html
14:05:44 <fenrus02> what's the room name for it?
14:05:50 <mhayden> https://appear.in/fedora-security-team
14:06:14 <mhayden> i hopped in and it seems to work in Chrome on F22
14:06:39 <fenrus02> requires flash, has a lot of ads loading.
14:06:43 <mhayden> ah here's the right link
14:06:45 <fenrus02> ad-blocker might prevent it from loading
14:06:50 <mhayden> #link https://lists.fedoraproject.org/pipermail/security-team/2015-October/000378.html
14:07:03 * mhayden wonders if we could get a static google hangouts room
14:07:16 <mhayden> i have a google apps account, so i could make a permanent room
14:07:28 <mhayden> not sure if that pleases the group more than appear.in ;)
14:07:49 <Sparks> mhayden: Google != foss
14:07:49 <fenrus02> no flash and/or no ads would be preferable
14:08:00 <fenrus02> Sparks, moot point, the url above isnt foss either.
14:08:01 <mhayden> hmm, isn't there a webrtc-ish thing we could use?
14:08:14 <Sparks> fenrus02: I thought it was... or at least I was told
14:08:21 <Sparks> google--
14:08:29 <fenrus02> Sparks, perhaps, but i dont see any source available anywhere.
14:08:45 <d-caf> appear.in doesn't work on my workstation, but that doesn't suprise me.
14:09:10 * mhayden is looking at https://fedrtc.org/ right quick
14:09:47 <mhayden> okay, this might be somthing to take to the ML to discuss
14:10:08 <Sparks> d-caf: I'm on a box that has Flash and it is now working for me.
14:10:17 <fenrus02> there are 8 different ad-trackers on the .in site, with at least two source for flash.  flash is fairly horrible wrt foss.
14:10:32 <Sparks> fenrus02: Agreed.
14:10:34 <Sparks> flash--
14:10:35 <Sparks> :)
14:11:18 <mhayden> who wants to kick off the irc thread on that
14:11:18 <fenrus02> given that both goog and appear are at -1, i'd use the non-flash one from google instead.
14:11:21 <d-caf> Sparks: mine has flash, but it's not even triggering a load request, just a question delete user...
14:11:26 <mhayden> err, ML thread
14:11:44 <d-caf> but I'm behind heavy firewalls here, so likely being blocked if it isn't strick http(s)
14:11:57 <Sparks> fenrus02: https://github.com/appearin  <-- I haven't actually looked at what's there.
14:12:09 <fenrus02> d-caf, at least 2 of those ad sites are questionable content .. your fw likely blocks them
14:12:55 <Sparks> d-caf: I'm blocking ads...  :)  appear.in does *not* work on my work laptop so...
14:13:02 <fenrus02> Sparks, thanks, but those appear to be client side api / sdk toolkits
14:13:06 <mhayden> #action mhayden to kick off a ML thread about finding a foss A/V conferencing solution of some sort
14:13:32 <mhayden> the next action we had was for Sparks or i to figure out a new stats script :P
14:13:43 * Sparks hasn't done so.
14:13:44 * mhayden hasn't gotten anywhere on that
14:14:05 <mhayden> i guess we could push the action to next week?
14:15:21 <mhayden> #action sparks and mhayden to figure out a stats script going forward
14:15:36 <mhayden> next up was pjp writin a security policy on the wiki for discussion
14:15:40 <mhayden> s/writin/writing/
14:16:21 <mhayden> sounds like pjp sent his regrets for the meeting today, so we might need to push this and check in with him
14:16:50 <mhayden> #action pjp to give a status update on security policy in the wiki
14:17:26 <mhayden> i think the last item is: sparks to talk with mattdm about private security tickets in BZ
14:17:33 <mhayden> Sparks: any news there?
14:18:25 <Sparks> mhayden: I haven't been able wrangle him yet.
14:19:02 <mhayden> #action sparks to (gently) wrangle mattdm about private security-related tickets in BZ
14:19:13 <mhayden> i think that wraps up the actions unless i missed one
14:19:31 <mhayden> #topic Outstanding BZ Tickets
14:19:46 <mhayden> this week's stats are here:
14:19:48 <mhayden> #link https://lists.fedoraproject.org/pipermail/security-team/2015-October/000381.html
14:20:17 <mhayden> cacti and nagios still fighting to be on top :)
14:20:41 <mhayden> about 10% of medium and low tickets are owned, and over 50% of high tickets are owned
14:21:13 <mhayden> EPEL 6 still leads the pack in tickets
14:21:15 <d-caf> A lot of those Nagios tickets are in QA at this point
14:21:33 <mhayden> right -- fedmsg has poked me a bunch lately with swilkerson's updates
14:21:45 <mhayden> anything else to chat about on the bugzilla topic?
14:22:12 <d-caf> I finally had some time this last week to poke tickets, but still swamped till end of this month
14:22:34 <mhayden> i've been a little slow on the BZ side :|
14:23:15 <mhayden> #topic Open floor discussion/questions/comments
14:23:43 <mhayden> i've been working a bit on security in openstack/ubuntu land: http://docs.openstack.org/developer/openstack-ansible-security/
14:23:56 <mhayden> not my favorite task, but hey, it's work that needs to be done :)
14:24:01 <Astradeus> mhayden: seems like you're using an old version of the stats script - is there some bug?
14:24:15 <mhayden> ah, i think i forgot to 'git pull'
14:24:34 <d-caf> So I should be able to start picking up on the tickets again by end of this month, been heavy in prep for the Security BSidesDC conference as one of the organizers.
14:24:54 <mhayden> #chair sparks d-caf Astradeus
14:24:54 <zodbot> Current chairs: Astradeus d-caf mhayden sparks
14:25:13 <mhayden> Sparks: i'm getting pulled away from my desk -- could you help wrap?
14:25:45 <Sparks> mhayden: ACK!  Yeah, I can do so
14:25:53 <mhayden> sorry -- y'all have a good one
14:26:09 <d-caf> mhayden: thanks, till next.
14:26:12 <Sparks> Okay, anyone have anything?
14:26:44 <d-caf> Nope, just got to get through this weekend then spare time returns some
14:27:12 <Sparks> d-caf: I'm not sure I'll ever have spare time
14:27:13 <Sparks> again
14:27:14 <Sparks> ever
14:28:03 <Sparks> Well, if there is nothing else I'll just go ahead and close the net.
14:28:07 <Sparks> s/net/meeting
14:28:08 <d-caf> Well, spare time as in not directly family/work.  It's not really spare as It's quickly filled with other stuff (BZ tickets, Conference Prep, Personal IT ifrastructure work...)
14:28:23 <Sparks> d-caf: understood.
14:29:17 <Astradeus> take spare time! everyone! (helps boosting overall health too!)
14:30:22 <Astradeus> yeah, i think for today we're done, most of the task already have been moved to next week's meeting
14:32:05 <Sparks> Okay, thanks, everyone, for coming out today.
14:32:11 <Sparks> Until next time...
14:32:19 <Sparks> #endmeeting
14:32:46 <Sparks> #endmeeting
14:32:48 <Sparks> :(
14:32:55 <d-caf> #endmeeting