14:00:06 <mhayden> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:00:06 <zodbot> Meeting started Thu Oct 15 14:00:06 2015 UTC. The chair is mhayden. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:06 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:12 <mhayden> #meetingname Fedora Security Team 14:00:12 <zodbot> The meeting name has been set to 'fedora_security_team' 14:00:17 <mhayden> #topic Roll Call 14:00:22 * mhayden o/ 14:00:22 * d-caf 14:00:36 * Sparks 14:01:26 <mhayden> i'll give it a few more minutes just in case 14:01:58 * Astradeus 14:03:45 <mhayden> alrighty, i'll try to do my best sparks impression here ;) 14:03:51 <mhayden> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:04:00 <mhayden> #topic Follow up on last week's tasks 14:04:22 <mhayden> FabioOlive was going to make us a appear.in room -- which i think i saw an email about 14:05:06 * Sparks still can't get appear.in to work. 14:05:15 <mhayden> https://lists.fedoraproject.org/pipermail/security-team/2015-October/000379.html 14:05:44 <fenrus02> what's the room name for it? 14:05:50 <mhayden> https://appear.in/fedora-security-team 14:06:14 <mhayden> i hopped in and it seems to work in Chrome on F22 14:06:39 <fenrus02> requires flash, has a lot of ads loading. 14:06:43 <mhayden> ah here's the right link 14:06:45 <fenrus02> ad-blocker might prevent it from loading 14:06:50 <mhayden> #link https://lists.fedoraproject.org/pipermail/security-team/2015-October/000378.html 14:07:03 * mhayden wonders if we could get a static google hangouts room 14:07:16 <mhayden> i have a google apps account, so i could make a permanent room 14:07:28 <mhayden> not sure if that pleases the group more than appear.in ;) 14:07:49 <Sparks> mhayden: Google != foss 14:07:49 <fenrus02> no flash and/or no ads would be preferable 14:08:00 <fenrus02> Sparks, moot point, the url above isnt foss either. 14:08:01 <mhayden> hmm, isn't there a webrtc-ish thing we could use? 14:08:14 <Sparks> fenrus02: I thought it was... or at least I was told 14:08:21 <Sparks> google-- 14:08:29 <fenrus02> Sparks, perhaps, but i dont see any source available anywhere. 14:08:45 <d-caf> appear.in doesn't work on my workstation, but that doesn't suprise me. 14:09:10 * mhayden is looking at https://fedrtc.org/ right quick 14:09:47 <mhayden> okay, this might be somthing to take to the ML to discuss 14:10:08 <Sparks> d-caf: I'm on a box that has Flash and it is now working for me. 14:10:17 <fenrus02> there are 8 different ad-trackers on the .in site, with at least two source for flash. flash is fairly horrible wrt foss. 14:10:32 <Sparks> fenrus02: Agreed. 14:10:34 <Sparks> flash-- 14:10:35 <Sparks> :) 14:11:18 <mhayden> who wants to kick off the irc thread on that 14:11:18 <fenrus02> given that both goog and appear are at -1, i'd use the non-flash one from google instead. 14:11:21 <d-caf> Sparks: mine has flash, but it's not even triggering a load request, just a question delete user... 14:11:26 <mhayden> err, ML thread 14:11:44 <d-caf> but I'm behind heavy firewalls here, so likely being blocked if it isn't strick http(s) 14:11:57 <Sparks> fenrus02: https://github.com/appearin <-- I haven't actually looked at what's there. 14:12:09 <fenrus02> d-caf, at least 2 of those ad sites are questionable content .. your fw likely blocks them 14:12:55 <Sparks> d-caf: I'm blocking ads... :) appear.in does *not* work on my work laptop so... 14:13:02 <fenrus02> Sparks, thanks, but those appear to be client side api / sdk toolkits 14:13:06 <mhayden> #action mhayden to kick off a ML thread about finding a foss A/V conferencing solution of some sort 14:13:32 <mhayden> the next action we had was for Sparks or i to figure out a new stats script :P 14:13:43 * Sparks hasn't done so. 14:13:44 * mhayden hasn't gotten anywhere on that 14:14:05 <mhayden> i guess we could push the action to next week? 14:15:21 <mhayden> #action sparks and mhayden to figure out a stats script going forward 14:15:36 <mhayden> next up was pjp writin a security policy on the wiki for discussion 14:15:40 <mhayden> s/writin/writing/ 14:16:21 <mhayden> sounds like pjp sent his regrets for the meeting today, so we might need to push this and check in with him 14:16:50 <mhayden> #action pjp to give a status update on security policy in the wiki 14:17:26 <mhayden> i think the last item is: sparks to talk with mattdm about private security tickets in BZ 14:17:33 <mhayden> Sparks: any news there? 14:18:25 <Sparks> mhayden: I haven't been able wrangle him yet. 14:19:02 <mhayden> #action sparks to (gently) wrangle mattdm about private security-related tickets in BZ 14:19:13 <mhayden> i think that wraps up the actions unless i missed one 14:19:31 <mhayden> #topic Outstanding BZ Tickets 14:19:46 <mhayden> this week's stats are here: 14:19:48 <mhayden> #link https://lists.fedoraproject.org/pipermail/security-team/2015-October/000381.html 14:20:17 <mhayden> cacti and nagios still fighting to be on top :) 14:20:41 <mhayden> about 10% of medium and low tickets are owned, and over 50% of high tickets are owned 14:21:13 <mhayden> EPEL 6 still leads the pack in tickets 14:21:15 <d-caf> A lot of those Nagios tickets are in QA at this point 14:21:33 <mhayden> right -- fedmsg has poked me a bunch lately with swilkerson's updates 14:21:45 <mhayden> anything else to chat about on the bugzilla topic? 14:22:12 <d-caf> I finally had some time this last week to poke tickets, but still swamped till end of this month 14:22:34 <mhayden> i've been a little slow on the BZ side :| 14:23:15 <mhayden> #topic Open floor discussion/questions/comments 14:23:43 <mhayden> i've been working a bit on security in openstack/ubuntu land: http://docs.openstack.org/developer/openstack-ansible-security/ 14:23:56 <mhayden> not my favorite task, but hey, it's work that needs to be done :) 14:24:01 <Astradeus> mhayden: seems like you're using an old version of the stats script - is there some bug? 14:24:15 <mhayden> ah, i think i forgot to 'git pull' 14:24:34 <d-caf> So I should be able to start picking up on the tickets again by end of this month, been heavy in prep for the Security BSidesDC conference as one of the organizers. 14:24:54 <mhayden> #chair sparks d-caf Astradeus 14:24:54 <zodbot> Current chairs: Astradeus d-caf mhayden sparks 14:25:13 <mhayden> Sparks: i'm getting pulled away from my desk -- could you help wrap? 14:25:45 <Sparks> mhayden: ACK! Yeah, I can do so 14:25:53 <mhayden> sorry -- y'all have a good one 14:26:09 <d-caf> mhayden: thanks, till next. 14:26:12 <Sparks> Okay, anyone have anything? 14:26:44 <d-caf> Nope, just got to get through this weekend then spare time returns some 14:27:12 <Sparks> d-caf: I'm not sure I'll ever have spare time 14:27:13 <Sparks> again 14:27:14 <Sparks> ever 14:28:03 <Sparks> Well, if there is nothing else I'll just go ahead and close the net. 14:28:07 <Sparks> s/net/meeting 14:28:08 <d-caf> Well, spare time as in not directly family/work. It's not really spare as It's quickly filled with other stuff (BZ tickets, Conference Prep, Personal IT ifrastructure work...) 14:28:23 <Sparks> d-caf: understood. 14:29:17 <Astradeus> take spare time! everyone! (helps boosting overall health too!) 14:30:22 <Astradeus> yeah, i think for today we're done, most of the task already have been moved to next week's meeting 14:32:05 <Sparks> Okay, thanks, everyone, for coming out today. 14:32:11 <Sparks> Until next time... 14:32:19 <Sparks> #endmeeting 14:32:46 <Sparks> #endmeeting 14:32:48 <Sparks> :( 14:32:55 <d-caf> #endmeeting