13:02:24 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 13:02:24 <zodbot> Meeting started Thu Oct 23 13:02:24 2014 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:02:24 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:02:27 <Sparks> #meetingname Fedora Security Team 13:02:27 <zodbot> The meeting name has been set to 'fedora_security_team' 13:02:32 <Sparks> #topic Roll Cal 13:02:34 <jsmith> .hellomynameis jsmith 13:02:35 <zodbot> jsmith: jsmith 'Jared Smith' <jsmith.fedora@gmail.com> 13:02:35 <Sparks> #undo 13:02:36 <zodbot> Removing item from minutes: <MeetBot.items.Topic object at 0x31f6edd0> 13:02:36 <bvincent> .fas bvincent 13:02:39 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent@asu.edu> 13:02:40 <Sparks> #topic Roll Call 13:02:42 * Sparks 13:02:45 <d-caf> hello 13:02:47 <d-caf> here 13:02:52 <jsmith> Morning all 13:02:54 <jtaylor90> morning 13:10:43 <jsmith> Shall we continue? 13:11:25 <Sparks> jsmith: Sorry, I'm trying to catch up numbers... 13:11:37 <jsmith> Ah :-) 13:12:22 <Sparks> Sorry, it's been a morning here.... 13:12:28 <Sparks> #topic Outstanding BZ Tickets 13:12:45 <Sparks> #info Thursday's numbers: Critical 1, Important 50, Moderate 342, Low 122, Total 515, Trend -17 13:12:53 <Sparks> #info Current tickets owned: 166 (~32%) 13:13:00 <Sparks> #info Tickets closed: 128 13:13:13 <Sparks> Anyone have any ticket issues they'd like to talk about? 13:17:17 <Sparks> #topic Open floor discussion/questions/comments 13:17:27 <Sparks> Anyone have anything they want to talk about? 13:18:05 <jtaylor90> nothing on my side, just been working on contacting maintainers 13:18:28 <jtaylor90> which is a sort of adventure by itself 13:20:07 <bvincent> On the bright side, Fedora 19 support will be EOL soon. 13:20:39 <d-caf> jtaylor90: Yes, I like it when they say sorry busy right now could you take care of it... 13:21:29 <jtaylor90> d-caf: hah yeah that's a favorite 13:21:55 <jtaylor90> Sparks: did you or someone get all the orphaned package tickets already? 13:23:21 <jtaylor90> just curious if there will be a large ticket drop once the epel orphan package report items start being retired 13:24:17 <Sparks> jtaylor90: I picked up the orphaned tickets for EPEL a while back. I haven't checked for them recently. 13:24:30 <Sparks> jtaylor90: I suspect there will be. 13:25:00 <jtaylor90> gotcha 13:27:03 <jtaylor90> Is there any kind of framework or process we could leverage to get the tickets more visibility? 13:27:35 <jtaylor90> for instance, a BZ gets opened for a package, no response from the package maintainer in x time, sends the ticket to releng 13:27:44 <jsmith> (or provenpackagers) 13:28:08 <jtaylor90> yeah or that :) 13:31:35 <Sparks> jtaylor90: And I think jsmith is a proven packager. 13:31:36 <Sparks> :) 13:31:43 <Sparks> Okay, anyone have anything else? 13:31:48 <jtaylor90> so forward everything to jsmith? :) 13:31:53 <Sparks> jtaylor90: Yes 13:32:09 <jtaylor90> perfect 13:32:10 <jsmith> jtaylor90: Start by forwarding one or two things to me, and I'll see if I can keep up with the workload 13:32:13 <jsmith> :-) 13:32:23 <jsmith> But yes -- I'm willing to try to work on issues as I'm able 13:32:29 <jsmith> I already average one or two a week 13:33:14 <jtaylor90> nice 13:33:58 <jsmith> If there's anything in particular you want me to look at today, let me know, as today is a good day :-) 13:34:35 <jtaylor90> awesome, I will follow up with you after this 13:35:03 <jsmith> I'm also thinking of a weekly email to the -devel list letting people know of unhandled issues might be appropriate 13:35:37 <jsmith> ... hoping that more provenpackagers will *see* that there are issues that we need help with, even if they don't attend this meeting 13:36:01 <jtaylor90> seems like that would be frequent enough to be visible but not spamish 13:37:28 <Sparks> jsmith: +1 13:37:36 <Sparks> jsmith: It would be nice to automate that. 13:37:57 <jtaylor90> +1 from me if it matters lol 13:38:09 <jsmith> Sparks: We'll work on that :-) 13:38:51 <bvincent> Who had those rubygem BZ reports? 13:38:51 <Sparks> #action jsmith to figure out how to send an email to {fedora,epel}-devel regarding unhandled security bugs. 13:39:48 <jsmith> bvincent: I'm not sure :-( 13:39:59 <bvincent> It looks like new rubygems packages will be reaching EPEL soon. 13:40:43 <Sparks> bvincent: Oh, yes, they got moved this week. 13:41:06 <bvincent> I think that was the only active Critical bug. 13:46:39 <Sparks> bvincent: We grew a new one 13:50:23 <d-caf> Sparks: Which I only see that one in crit, or is it yet to be released 13:51:43 <Sparks> d-caf: No, that's the one 13:51:52 <Sparks> Okay, anyone have anything else? 13:52:00 * Sparks needs to get ready for his next meeting. 13:52:12 <d-caf> nothing else here 13:52:18 <jtaylor90> all set here 13:53:08 <bvincent> I think this is the longest a meeting has gone... 13:53:41 <Sparks> Okay, thanks for coming out! We'll see you around the Internetz. 13:53:44 <Sparks> #endmeeting