#fedora-meeting: Fedora Security Team

Meeting started by mhayden at 14:16:10 UTC (full logs).

Meeting summary

    1. Use the RHEL 7 security guide as initial reading for now (mhayden, 14:16:52)
    2. ACTION: Rewrite the Fedora Security Guide to be more of what we're looking for (mhayden, 14:17:27)
    3. https://fedoraproject.org/wiki/Information_Security_Training (mhayden, 14:18:22)
    4. Fedora Defensive Coding docs could be useful, but may need some updating (mhayden, 14:19:08)
    5. https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html (mhayden, 14:19:12)
    6. ACTION: Sparks to make it so on this CWE/CVE business (mhayden, 14:22:55)
    7. https://access.redhat.com/security/updates/classification (Sparks, 14:24:58)
    8. https://cve.mitre.org/about/faqs.html (mhayden, 14:25:57)
    9. http://www.candlepinproject.org/presentations/pki-crash-course (Sparks, 14:26:14)
    10. Understanding packaging is important (mhayden, 14:28:34)
    11. https://fedoraproject.org/wiki/Join_the_package_collection_maintainers (mhayden, 14:29:03)
    12. https://bettercrypto.org/static/applied-crypto-hardening.pdf (mhayden, 14:32:58)
    13. this should be opinioned and about how "we" do things as opposed to just security work in general (mhayden, 14:34:50)
    14. Everything sparks touches turns to gold :) (mhayden, 14:40:16)
    15. Would be nice to find an example of a security packaging fix done by a non RHT person (mhayden, 14:42:12)
    16. AGREED: Heartbleed was a very sad time all around (mhayden, 14:43:14)
    17. AGREED: Heartbleed was a very sad time all around (mhayden, 14:44:20)
    18. Xen security bugs could be an example -- XSA-108 was a good one (mhayden, 14:46:14)
    19. https://access.redhat.com/sites/default/files/riskreportgraphics_branded_unbrandeedissues_final_v2.png (Sparks, 14:48:00)
    20. ACTION: Apprentice wiki page will be updated soon (mhayden, 14:49:19)
    21. ACTION: Sparks will ask if he can share some of his internal security apprentice information (mhayden, 14:50:58)


Meeting ended at 14:54:29 UTC (full logs).

Action items

  1. Rewrite the Fedora Security Guide to be more of what we're looking for
  2. Sparks to make it so on this CWE/CVE business
  3. Apprentice wiki page will be updated soon
  4. Sparks will ask if he can share some of his internal security apprentice information


Action items, by person

  1. Sparks
    1. Sparks to make it so on this CWE/CVE business
    2. Sparks will ask if he can share some of his internal security apprentice information
  2. UNASSIGNED
    1. Rewrite the Fedora Security Guide to be more of what we're looking for
    2. Apprentice wiki page will be updated soon


People present (lines said)

  1. mhayden (55)
  2. zodbot (12)
  3. Sparks (11)
  4. skamath (7)
  5. Astradeus (5)
  6. linuxmodder (2)


Generated by MeetBot 0.1.4.