14:09:23 <Astranox> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:09:23 <zodbot> Meeting started Thu Feb 18 14:09:23 2021 UTC.
14:09:23 <zodbot> This meeting is logged and archived in a public location.
14:09:23 <zodbot> The chair is Astranox. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:09:23 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:09:23 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:09:38 <Astranox> #topic Roll Call
14:09:45 <copperi> .hello2
14:09:46 <zodbot> copperi: copperi 'Jan Kuparinen' <copper_fin@hotmail.com>
14:09:48 <Astranox> yes, just have to look it up everytime
14:09:51 <Astranox> .hello2
14:09:52 <zodbot> Astranox: Sorry, but you don't exist
14:09:57 <Astranox> .fas astra
14:09:58 <zodbot> Astranox: astral '' <fas@lab.astral.rocks> - xubuntenor 'john lastra' <xubuntenor@gmail.com> - paulrm280 'Paul Mastrantonio' <paulrm280@yahoo.com> - sabroso 'Luis Alberto Pelaez' <charolastra@outlook.com> - ghostflower 'eric anthony sharrar' <astral_destination@yahoo.com> - thomastran 'Thomas Tran' <tho.tran@gmail.com> - oliviastrandberg 'Olivia Strandberg' <1156654@g.chelanschools.org> - katjastrauss72 'Katja Strauss'  (4 more messages)
14:10:04 <Astranox> .hello2 astra
14:10:05 <zodbot> Astranox: Sorry, but you don't exist
14:10:21 <Astranox> .hello astra
14:10:22 <copperi> try
14:10:22 <zodbot> Astranox: astra 'David Kaufmann' <astra@ionic.at>
14:10:39 <copperi> as you did
14:11:45 <copperi> is this meeting bot using your fedora-meeting-report ?
14:12:17 <Astranox> no, that I usually do manually
14:12:34 <Astranox> but in the last meeting we discussed if the numbers are even relevant
14:12:38 <Astranox> (or correct)
14:14:20 <Astranox> these are the numbers, but I didn't calculate the differences yet: https://ionic.at/share/fst.txt
14:15:30 <Astranox> do we have any open topics? (I'm so not prepared for this meeting -.-)
14:17:13 <copperi> There were lots of interest and requests for sponsorship
14:18:09 <Astranox> #topic requests for sponsorship
14:18:15 <copperi> I probably did not even write a letter, waited for this meeting
14:19:19 <Astranox> currently we can't add people, as the two people able to do that are not currently active, but I think I'll request permissions for that this week
14:19:27 <copperi> Does the group have any sponsors ?
14:19:43 <copperi> you answered my question
14:20:10 <Astranox> yes, sparks and nb, but haven't heard of them in a long time (nb should definitely be active elsewhere though)
14:20:29 <copperi> nb is around
14:20:47 <Astranox> as we're in some kind of a rebuilding process - what would you like to do as FST?
14:20:48 <copperi> did answer to some of my request a while back
14:21:16 * nb sees his name and looks
14:21:33 <Astranox> uh, nice, summoned nb :)
14:21:48 <copperi> nick highligting does that
14:22:00 <Astranox> thats not a guarantee :)
14:22:02 <nb> Oh nice, people are trying to reactivate security team
14:22:14 <Astranox> yes, and you are admin, together with sparks
14:23:03 <nb> Yeah,  I think he made me an admin a while back.  I am glad to add some more admins
14:23:11 <kk4ewt> well thats a nick from the past
14:23:52 <Astranox> i think that would be great, we've got a few membership requests in the past weeks
14:23:59 <nb> there is also security-team@lists.fedoraproject.org
14:24:06 <nb> and I can add some more people as owners of it
14:24:13 <copperi> nb: we have been using it
14:24:25 <nb> oh ok
14:24:27 <copperi> nb: that would be good
14:24:32 <nb> looks like huzaifas@redhat.com is the owner of the list
14:24:33 <Astranox> yes, I don't know why we have two lists, but occasionally both get used
14:24:52 <Astranox> ah, he's definitely active, he was at the last meeting
14:24:57 <nb> sparks is owner of security@lists.fedoraproject.org
14:24:58 <copperi> should maybe consolidate
14:25:53 * nb is interested in becoming involved again - I wasn't aware that this was being restarted
14:26:03 <nb> Who should be admins of the FAS group and list?
14:26:06 <copperi> nb: great
14:26:50 <copperi> astranox and me ?
14:26:54 <Astranox> that would be great too!
14:27:03 <nb> are your FAS usernames the same as IRC?
14:27:08 <Astranox> maybe huzaifas too, he wants to do a lot
14:27:12 <kk4ewt> nb you can add me as well
14:27:21 <Astranox> no, mine is "astra"
14:27:21 <copperi> mine is
14:27:38 <copperi> .fas astra
14:27:39 <zodbot> copperi: astral '' <fas@lab.astral.rocks> - xubuntenor 'john lastra' <xubuntenor@gmail.com> - paulrm280 'Paul Mastrantonio' <paulrm280@yahoo.com> - sabroso 'Luis Alberto Pelaez' <charolastra@outlook.com> - ghostflower 'eric anthony sharrar' <astral_destination@yahoo.com> - thomastran 'Thomas Tran' <tho.tran@gmail.com> - oliviastrandberg 'Olivia Strandberg' <1156654@g.chelanschools.org> - katjastrauss72 'Katja Strauss'  (4 more messages)
14:27:44 * kk4ewt nb definitely knows mine
14:28:42 <kk4ewt> .hello jbwillia
14:28:43 <zodbot> kk4ewt: jbwillia 'Ben Williams' <vaioof@gmail.com>
14:29:26 <nb> .members security-team
14:29:27 <zodbot> nb: Members of security-team: anemec @astra bojov +bressers bvincent @copperi dcafaro fab @huzaifas isnuryusuf @jbwillia jrusnack +jsmith jtaylor lmacken mrniranjan @nb pjp r3pek revskills scorneli siddharths @sparks tsantore ulissescastro zoglesby
14:29:31 <kk4ewt> for the people whom doesnt reconize this nick i am also Southern_Gentleman
14:30:05 <nb> so now astra, copperi, huzaifas, jbwillia, nb, sparks are admins
14:30:16 <nb> and looks like bressers and jsmith are sponsors from before
14:30:19 <Astranox> ah, I didn't, but that nick I do know
14:30:22 <Astranox> thanks!
14:30:46 <nb> Oh, I guess I need to update the mailing lists
14:30:53 <kk4ewt> .fasinfo jbwillia
14:30:54 <zodbot> kk4ewt: User: jbwillia, Name: Ben Williams, email: vaioof@gmail.com, Creation: 2006-04-17, IRC Nick: Southern_Gentlem, Timezone: US/Eastern, Locale: en, GPG key ID: 93576FA4, Status: active
14:30:58 <zodbot> kk4ewt: Approved Groups: @security-team cla_fedora cla_done hosted-content gitcourses irc-support-operators freemedia proventesters cla_fpca +ambassadors +campusambassadors @fedora-hams @respins-sig fedorabugs qa
14:33:10 <Astranox> is anyone here hcampbell ? (wanted to join too, wrote an email recently)
14:33:13 <copperi> Should we add those who requested sponsorship to the group as requlars (meeting topic) ?
14:33:56 <kk4ewt> first off check those people and see if they have their cla+1
14:34:32 <kk4ewt> patux does not
14:35:07 <nb> We also have a security-private mailing list which sparks was the owner of
14:35:17 <kk4ewt> so lets invite them to a meeting to see how really interested they are (if they have their cla+1 i see no issue adding)
14:35:41 <Astranox> oh, so we have three mailing-lists xD
14:35:54 <copperi> kk4ewt: yes
14:36:17 <nb> yes, security, security-private, security-team
14:36:30 <nb> My thought would be keep security, security-private, and delete security-team
14:37:12 <kk4ewt> fasinfo lacesz
14:37:22 <kk4ewt> .fasinfo lacesz
14:37:25 <zodbot> kk4ewt: User: lacesz, Name: None, email: lkardos@web.de, Creation: 2018-05-02, IRC Nick: None, Timezone: None, Locale: None, GPG key ID: None, Status: active
14:37:27 <zodbot> kk4ewt: Unapproved Groups: security-team
14:37:29 <copperi> nb: agree
14:37:30 <zodbot> kk4ewt: Approved Groups: cla_fpca cla_done cvsl10n l10n
14:37:51 <kk4ewt> i am approving lacesz
14:38:26 <kk4ewt> do you know why I am hesitate in approval of cla+1?
14:39:15 <kk4ewt> a lot of bot make accounts and then try to join lower # groups so they get wiki access
14:39:34 <Astranox> maybe make approval dependent on joining the meeting?
14:39:58 <kk4ewt> i would say maybe at least a couple of meetings
14:40:29 <kk4ewt> but is someone is already a contributor in other groups that should be waved
14:40:51 <nb> I think people should at least send an intro or something, or join a meeting
14:41:00 <nb> I would also recommend setting the FAS group to invite-only
14:41:05 <nb> most other FAS groups are
14:41:05 <kk4ewt> a couple of meeting if it their cla+1
14:41:14 <nb> otherwise you get a ton of random membership requests
14:41:30 <Astranox> yes, but still at least one meeting, even for established people
14:42:06 <copperi> couple would be good
14:42:06 <Astranox> but no we have 3 topics: mailing lists, approving open requests and setting it to invite only
14:42:11 <Astranox> *now
14:42:56 <Astranox> invite only seems the easiest now - is there anything why we shouldn't do that?
14:43:37 <copperi> Don't see any reason not to
14:44:10 <kk4ewt> .fasinfo gratuxri
14:44:11 <zodbot> kk4ewt: User: gratuxri, Name: None, email: fedora@jugra.de, Creation: 2017-06-15, IRC Nick: None, Timezone: None, Locale: None, GPG key ID: None, Status: active
14:44:14 <zodbot> kk4ewt: Unapproved Groups: gitfogmachine cvslibvirt cvsredhat-config-cluster distribution fedmsg-announce fedorainfracloudusers gitabout-fedora gitappstack gitauthhub gitbash-completion gitboard gitbtparser gitcanal gitcertmaster gitcobbler gitcura gitdockerfiles gitfedora-build-service git-fedora-electronic-lab gitfmci gitformulas gitgopher gitinstall-guide gitkernel gitkerneloops gitldaphelper gitliveusb-creator gitqemu-kvm- (1 more message)
14:44:16 <zodbot> kk4ewt: Approved Groups: gitcommunitywebcrawler cla_fpca cla_done
14:44:40 <Astranox> okay, I think that is agreed upon
14:44:45 <nb> someone will probably also have to go through and remove all of the pending requests
14:44:50 <nb> s/have to/want to/
14:45:19 <kk4ewt> lets send email to them and see whom shows up to a meeting or give an intro
14:45:26 <nb> kk4ewt good idea
14:45:33 <copperi> +1
14:45:37 <Astranox> I've set it to invite only
14:45:39 <Astranox> +1
14:45:46 <nb> Astranox you might put that as #agreed
14:45:53 <nb> like #agreed to make FAS group invite only
14:45:58 <nb> that way it shows up in minutes
14:46:03 <kk4ewt> they can stay open we just dont have to admit
14:46:04 <Astranox> #agreed to make FAS group invite only
14:46:18 <nb> #info nb made astra, copperi, jbwillia admins of FAS group and security, security-team mailing lists
14:46:45 <nb> #info we also have a security-private mailing list
14:47:08 <Astranox> is the "invite to the next meeting and see if they come" also agreed? (I can do the invitation, if noone else wants to)
14:47:27 <kk4ewt> Astranox, #info it
14:47:49 <kk4ewt> also make #task
14:48:20 <kk4ewt> Astranox, yes it is agreed
14:48:20 <Astranox> #task Astra will invite the people with pending requests to the next meeting
14:48:49 <Astranox> #topic mailing lists
14:49:15 <Astranox> nb proposed to remove security-team and keep security and security-private
14:49:27 <copperi> +1
14:49:57 <Astranox> I also do prefer those two names, but currently security-team is more active than security
14:50:24 <Astranox> I think this will fix itself when we update all references to it in the wiki
14:50:59 <Astranox> so, +1 from me too
14:51:10 <copperi> Is the wiki only place we currently have documentation ?
14:51:40 <Astranox> no, but I think this is the place people get the list address from
14:53:06 <copperi> Ok, it should be updated.
14:53:36 <Astranox> so I think this is agreed too.
14:54:10 <Astranox> ah, maybe we should send an announce mail first
14:56:01 <Astranox> #agreed to remove the security-team@ mailing list, and keep security@ and security-private@
14:56:06 <nb> +1
14:56:48 <Astranox> do we have any other open issues?
14:57:22 <copperi> Should we remove #fedora-security-team irc channel as well from wiki ?
14:57:47 <copperi> and leave #fedora-security
14:58:20 <Astranox> might be good, #fedora-security-team has 13 people in there and #fedora-security has 30
14:58:21 <kk4ewt> lets keep #fedora-security in my opinion and drop the other one
14:58:40 <copperi> ok, I can edit the wiki
14:59:01 <Astranox> copperi: thanks!
14:59:35 <Astranox> #agreed to removing the references to the #fedora-security-team irc channel from the wiki too
14:59:47 <Astranox> #action copperi to update the wiki info
15:01:03 <Astranox> I'm not sure if we have any additional topics, and I think there is another meeting here right now, so can we end the meeting?
15:02:34 <copperi> yes
15:02:51 <nb> I need to add people to the #fedora-security ops too
15:02:52 <Astranox> thanks all for attending the meeting, we've got a lot done today!
15:03:05 <nb> I'll add the same people as I did to the FAS and mailing lists
15:03:26 <nb> dgilmore and Bress are the only current ops
15:03:46 <Astranox> #action nb to update all the things! (thanks!)
15:03:57 <Astranox> #endmeeting