19:00:25 #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 19:00:25 Meeting started Wed Oct 1 19:00:25 2014 UTC. The chair is Sparks_too. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:25 Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:00:28 #meetingname Fedora Security Team 19:00:28 The meeting name has been set to 'fedora_security_team' 19:00:32 #topic Roll Call 19:00:34 * Sparks_too 19:00:37 .fas bvincent 19:00:38 bvincent: bvincent 'Brandon Vincent' 19:01:00 here 19:04:17 Okay, small crowd... 19:04:29 * Sparks_too did update the agenda just for today. 19:04:36 #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 19:04:44 #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 19:04:52 #topic Follow up on last week's action items 19:05:04 Umm... I don't think we had anything from last week. 19:05:05 :) 19:05:12 #topic bash vulnerability 19:05:24 There were some action items 19:05:31 #undo 19:05:31 Removing item from minutes: 19:05:43 d-caf: Yes, but I suck at running meetings so... :) 19:06:21 Well, there was the possible new meeting time survey, and I forgot to ping you about how to handle orphans and documentation 19:06:50 So no action on the action items from last week, roll to this week? 19:06:50 Okay, I've pulled up last week's notes 19:06:57 #link http://meetbot.fedoraproject.org/fedora-meeting-1/2014-09-24/fedora_security_team.2014-09-24-19.00.txt 19:07:30 #action Sparks_too to actually send out the meeting minutes 19:07:36 * jsmith shows up late for another meeting 19:07:48 (Silly time zones when you're halfway around the world) 19:07:48 Okay, I didn't comment on the releng ticket to support a security repo. I'll do so today. 19:07:56 o/ thoger 19:08:09 #action Sparks_too to comment on the releng ticket in support of a security repo. 19:08:13 jsmith: Welcome! 19:08:18 Sparks +1 19:08:24 +1 from me 19:08:39 Officially, that was the only action item. Yes, we do need to discuss meeting times. 19:09:00 #topic Bash vulnerability 19:09:18 Okay, so apparently there was a Bash vulnerability last week (maybe you heard something about it). 19:09:27 Are there any questions regarding the vulnerability? 19:09:38 Fully patched - not much to say. 19:09:57 pretty much 19:10:03 How was the Fedora response time in comparison to other distributions? 19:10:23 Our beloved Florian wrote the fix. Send him flowers and candy if you appreciate his work. 19:10:56 I tend to use zsh... lol 19:11:05 bvincent: I've not heard, exactly. There were different fixes that other distros were using. 19:11:24 I know upstream was partially responsible for the early incomplete fix. 19:11:31 bvincent: The slowness of our repos made it take a lot longer than it should to get the fix out to people. 19:11:42 Once again, a good reason to support a security repo. 19:12:10 yes 19:12:39 bvincent: FWIW, we beat the socks off of Apple. 19:12:55 * Sparks_too notes their patch was delivered on Monday. 19:12:59 Sparks_too: I saw the US-CERT announcement. 19:13:16 Sparks_too: I'm sure half the versions of OS X people use are still unpatched. 19:13:31 releng has discussed an 'urgent updates' repo... Please help add comments/ideas/process to https://fedoraproject.org/wiki/Urgent_updates_policy so we can figure out things. 19:13:34 Apparently US-CERT and NIST linked to RH's security blog... My Thursday was interesting. 19:13:44 +1 to Red Hat 19:13:48 nirik: +1 19:14:11 nirik: Is there anything you'd like to say, specifically? 19:14:28 RH's blog had a nice writeup 19:14:43 Sparks_too: just asking for feedback... not sure what specifics you had in mind? 19:14:44 It went through twitter a fair amount as well 19:14:45 d-caf: Yeah, we had ~400k hits over three days. 19:14:58 nirik: That works. I'm sure we'll hammer it a bit. 19:15:52 Okay, moving on 19:15:58 #topic Outstanding BZ Tickets 19:16:05 #info Wednesday's numbers: Critical 2, Important 50, Moderate 344, Low 125, Total 537, Trend -16 19:16:10 #info Current tickets owned: 173 (~32%) 19:16:15 #info Tickets closed: 107 19:17:01 In spite of the low attendance numbers in the meetings, we are owning more tickets and closing more cases every week. Goes to show that this meeting isn't really necessary. :) 19:17:08 Or, bvincent is doing all the work. 19:17:33 Thank you to everyone (whoever you are) for doing the work. It is appreciated. 19:17:59 #topic APAC Meeting 19:18:00 I tend to find the packages that have been patched but not had their status updated in BZ. 19:18:12 #info Only two people took the survey to establish a new meeting. 19:18:31 #idea Redo the whenisgood for this meeting. 19:18:54 Perhaps we should redo the *entire* whenisgood and try for a global meeting time. 19:19:36 I'm fine with that 19:20:14 I may regret it in the end, but so be it 19:22:03 Okay, I'll set that up today. 19:22:18 #action Sparks_too to redo the whenisgood for a global meeting time. 19:22:23 #topic Open floor discussion 19:22:27 Anyone have anything? 19:25:40 * Sparks_too hears nothing 19:27:36 Okay, thanks for coming. 19:27:38 #endmeeting