14:00:01 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:00:02 <zodbot> Meeting started Thu May 12 14:00:01 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:02 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:00:05 <Sparks> #meetingname Fedora Security Team 14:00:05 <zodbot> The meeting name has been set to 'fedora_security_team' 14:00:07 <Sparks> #topic Roll Call 14:00:08 * Sparks 14:01:46 <Astradeus> .fasinfo astra 14:01:47 <zodbot> Astradeus: User: astra, Name: David Kaufmann, email: astra@ionic.at, Creation: 2013-11-27, IRC Nick: Astradeus, Timezone: Europe/Vienna, Locale: en, GPG key ID: 5CBED71B23D2450E, Status: active 14:01:50 <zodbot> Astradeus: Approved Groups: fedorabugs security-team cla_fpca cla_done 14:04:17 <linuxmodder> .fasinfo linuxmodder 14:04:52 <linuxmodder> .fas linuxmodder 14:05:18 * zoglesby is here 14:05:24 <zodbot> linuxmodder: User: linuxmodder, Name: Corey W Sheldon, email: sheldon.corey@openmailbox.org, Creation: 2016-04-24, IRC Nick: linuxmodder, Timezone: US/Eastern, Locale: en, GPG key ID: 8C5079D6C62BC78F 8B4E89435A88E539 59276298D2264944, Status: active 14:05:28 <zodbot> linuxmodder: Approved Groups: freemedia docs fedora-join security-team magazine commops marketing ambassadors fedorabugs qa fi-apprentice cla_done cla_fpca 14:05:31 <zodbot> linuxmodder: linuxmodder 'Corey W Sheldon' <sheldon.corey@openmailbox.org> 14:06:14 * Sparks updates the agenda for today 14:06:20 <linuxmodder> damn zodbot is laggy today :( 14:07:35 * Sparks waves at zodbot 14:07:38 * Sparks waves at zoglesby 14:07:54 <Sparks> zoglesby: Welcome, nice that you could join us today. :) 14:08:17 <zoglesby> I was in jury duty last week. Judge tends to not like people on phone 14:08:37 <linuxmodder> damn judge :) 14:08:47 <Sparks> zoglesby: That's why you bring a laptop 14:10:25 <linuxmodder> or tell the judge I can't do things for this 1 hr block cool? 14:10:26 <linuxmodder> :) 14:10:44 <Sparks> Okay, lets get started 14:10:53 <Sparks> #chair zoglesby linuxmodder Astradeus 14:10:53 <zodbot> Current chairs: Astradeus Sparks linuxmodder zoglesby 14:11:01 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:11:06 <Sparks> #topic Follow up on last week's tasks 14:11:16 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over) 14:11:26 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs (carried over) 14:11:36 <Sparks> #action zoglesby to update the reading list for the Apprenticeship (carried over) 14:11:43 <zoglesby> I did that! 14:11:46 <Sparks> Woot 14:11:51 <zoglesby> https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training 14:11:51 <Sparks> #undo 14:11:51 <zodbot> Removing item from minutes: <MeetBot.items.Link object at 0x7f34a6feba90> 14:12:15 <Sparks> #info zoglesby completed his update to the reading list for the Apprenticeship 14:12:26 <linuxmodder> still need to do the securityguide rewrite myself :( 14:12:30 <Sparks> #action Sparks to garden the Koji wiki pages to standardize the pages and add a category or two. (carried over) 14:12:41 <Sparks> #action d-caf to continue working on private builds in koji, bodhi, and distgit. (carried over) 14:12:53 <Sparks> #action Sparks to follow up on the shipping of non-Linux binaries of the USB ISO tool. 14:12:57 <Sparks> #info In Progress 14:13:11 <Sparks> #action Sparks to get stats on the number of vulns that were embargoed that affected Fedora/EPEL. (carried over) 14:13:19 <Sparks> Okay, I think that's all from last week. 14:13:38 <Sparks> #topic Apprenticeship 14:13:43 <Sparks> zoglesby: You have the floor 14:14:14 <zoglesby> Um, please check the link I posted above, and make sure I did not miss anything. 14:14:39 <zoglesby> That is all that I have on that topic for today 14:14:54 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training 14:15:00 <Sparks> Well, that was anti-climatic. 14:15:28 <zoglesby> I try 14:15:43 <Sparks> heh 14:15:55 <Sparks> #topic Windows/OS X Tools in F25 14:16:03 <Sparks> #link https://fedorahosted.org/fedora-security-team/ticket/1 14:16:11 <Sparks> mattdm: You around? 14:17:29 <Sparks> I've not had a chance to dive into this topic as much as I wanted to... 14:18:25 <Sparks> Basically, there is a desire to ship a Windows and a OS X binary. The question is what security rules need to apply to such a binary. 14:19:02 <Sparks> I think at a minimum the binaries should be built in a trusted environment (e.g. Koji) and be signed. 14:19:05 <Sparks> Anyone else? 14:20:31 <linuxmodder> windows will need 2 singing keys one from M$ and ours 14:21:01 <linuxmodder> or we will need users to use 'test mode' 14:22:08 <Sparks> Right, and I don't think that's a good thing to do 14:23:22 <linuxmodder> same 14:23:56 <linuxmodder> how was the current liveUSBcreator legal then don't remember it needing 'testmode' 14:24:08 <Sparks> Is it compiled for Windows? 14:25:26 * Sparks dodm 14:25:28 <Sparks> grrr 14:25:32 * Sparks didn't think it was 14:26:24 <Sparks> Okay, lets move on. I encourage everyone interested in this to follow the ticket. 14:26:39 <Sparks> #topic Outstanding BZ Tickets 14:26:48 <Sparks> #info No new numbers for this week. 14:27:02 <Sparks> Does anyone have anything regarding tickets to discuss this week? 14:29:04 <zoglesby> no 14:29:50 <Sparks> #topic Open floor discussion/questions/comments 14:29:59 <Sparks> Okay, anyone have anything they want to discuss? 14:30:03 <zoglesby> yes 14:30:25 <zoglesby> please don't spend much time on the security guide << linuxmodder 14:30:49 <Sparks> heh 14:30:56 <Sparks> zoglesby: And your reasoning is??? 14:30:59 <zoglesby> The whole book needs to be redone, we are going to move docs to asciidoc, and moving to a topical based format as well 14:31:30 <linuxmodder> mostly doing stuff for 24 release stuff I remember all that 14:32:34 <Sparks> I think there's a tool to take DocBookXML and turn it into asciidoc. 14:33:37 <zoglesby> Sparks: yes, but we are not going to be doing things in the big read from front to back style any more. 14:33:43 <linuxmodder> zoglesby, re: trainign wiki attach or sign with ? 14:34:05 <Sparks> zoglesby: Got some information you can point us to? 14:34:18 <zoglesby> linuxmodder: don't know what you are asking 14:34:27 <zoglesby> Sparks: should be on the community blog today 14:34:37 <Sparks> okay 14:34:43 <linuxmodder> zoglesby, in intro here: https://fedoraproject.org/wiki/Security_Team_Apprenticeship#Training 14:34:46 <mattdm> Sparks: sorry missed ping earlier (In another meeting) 14:34:54 <linuxmodder> attach gpg to email or sign email with said gpg key 14:35:16 <linuxmodder> I ask as I sign all but rarely attach a copy 14:35:57 <Sparks> mattdm: Just talking about the binaries for Windows and OS X 14:36:09 <zoglesby> We are only talking about the Training section, that other stuff was old, but the point was telling people what your GPG key is. I don't care how you go about it 14:36:19 <linuxmodder> and what was needed for legalities 14:37:06 <mattdm> Sparks: yeah. Have you heard a plan from the team working on that? They'd like to do something more lightweight than getting full support set up in koji 14:37:33 <linuxmodder> I'd say we change that to say: upload gpg to FAS profile / gpg keyserver(s) of choice, keys.fedoraproject.org preferred, and sign emails within team 14:37:37 <Sparks> mattdm: I've not heard anything. Perhaps someone could update https://fedorahosted.org/fedora-security-team/ticket/1? 14:37:59 <mattdm> Sparks: I'll check in with them 14:38:27 <Sparks> mattdm: I'd prefer to have a specific question asked. 14:38:59 <mattdm> Sparks: yep that's fair. I don't think we're expecting *you* to devise a plan 14:39:06 <Sparks> Right 14:39:37 <Sparks> FWIW, I added some information regarding signing. 14:40:54 <Sparks> Okay, anything else? 14:41:39 <Astradeus> nothing meeting specific 14:43:48 <Sparks> Okay, I guess we can adjourn here and move back to #fedora-security-team for some light refreshments. 14:43:55 <Sparks> Thank, all, for coming out and joining us today! 14:43:58 <Sparks> #endmeeting