#fedora-meeting log

14:00:33 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:33 <zodbot> Meeting started Thu Apr  9 14:00:33 2015 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:33 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:36 <Sparks> #meetingname Fedora Security Team
14:00:36 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:46 <Sparks> #topic Roll Call
14:00:48 * Sparks 
14:00:50 <pjp> .hellomynameis pjp
14:00:51 <zodbot> pjp: pjp 'None' <pj.pandit@yahoo.co.in>
14:01:09 <bvincent> .fas bvincent
14:01:09 <zodbot> bvincent: bvincent 'Brandon Vincent' <Brandon.Vincent@asu.edu>
14:03:32 * Sparks updates the agenda... again.
14:04:45 <Sparks> jsmith: You will be called upon
14:06:30 <Sparks> Okay, let's get started.
14:07:03 <Sparks> #topic Follow up on last week's tasks
14:07:17 <Sparks> #action jsmith to patch rubygem-activesupport as provenpackager (BZ 905374)
14:07:25 * Sparks thinks jsmith isn't around this morning
14:07:53 <Sparks> #info jsmith was having problems with this package since it's ruby.  He may have found some assistance with it, however.
14:08:01 <pjp> I think jsmith did patch it, IIRC
14:08:18 <Sparks> pjp: He did and it failed.
14:08:24 <Sparks> pjp: start non-responsive maintainer against rubygem-activesupport in EPEL6
14:08:38 <Sparks> Did you do this?
14:08:44 <pjp> Sparks: done, I'have filed a bug, no reply so far
14:09:11 <Sparks> pjp: Okay, how long are you supposed to wait?
14:09:12 <pjp> -> https://bugzilla.redhat.com/show_bug.cgi?id=1209124
14:09:36 <pjp> Sparks: For two weeks we need to ping on this bug for any response,
14:09:44 <Sparks> #info pjp started the non-responsive maintainer procedure on rubygem-active support
14:09:53 <Sparks> #link https://bugzilla.redhat.com/show_bug.cgi?id=1209124
14:10:20 <Sparks> pjp: Okay, I'm assuming you're handling this.  I'll put an action item in the minutes for next week.
14:10:28 <pjp> Sparks: in the third week we send an email to the -devel list about potentially orphaning the said package or retiring it from the branch
14:10:35 <pjp> Sparks: Yes,
14:10:51 <Sparks> #action pjp to continue monitoring the non-responsive maintainer for rubygem-activesupport.  Follow up in one week.
14:11:18 * pjp also planning to run the script to ping on old long-standing security bugs
14:11:23 <Sparks> #info Sparks did discuss the 90-day challenge with the Security Team (more on that later)
14:11:30 <Sparks> pjp: +1
14:11:52 <Sparks> pjp: I actually did that, myself, on Monday and it seemed to have kicked a few into gear.
14:12:05 <pjp> Sparks: Oh, cool! :)
14:12:24 <Sparks> #info Sparks closed all retired-package CVE tickets for EPEL
14:12:41 <Sparks> Anything else on old tasks?
14:13:58 <pjp> Nope,
14:14:20 <Sparks> Sorry, I'm still working on some numbers....
14:14:32 <Sparks> I'm going to go out of order for a moment
14:14:37 <Sparks> #topic Outstanding BZ Tickets
14:14:46 <Sparks> #info Thursday's numbers: Critical 1, Important 41 (-7), Moderate 350 (-29), Low 163 (-7), Total 556, Trend -43
14:14:53 <Sparks> #info Current tickets owned: 147 (~26%)
14:14:59 <Sparks> #info Tickets closed: 271 (+22)
14:15:20 <Sparks> Looks like we've got some motion.  43 tickets closed in a week is good!
14:16:07 <pjp> Wow! :)
14:16:18 <jtaylor90> nice
14:18:23 <Sparks> Sorry, I'm still working on challege numbers
14:18:33 <Sparks> Does anyone have anything to discuss around this topic?
14:20:11 <pjp> Challenge numbers?
14:20:59 <Sparks> #topic 90-Day Challenge
14:21:07 <Sparks> #info 90-Day Challenge has a goal to close all 2014 and prior Important CVEs in Fedora
14:21:43 <Sparks> #info of the 38 Important CVEs, 1 has been closed, 8 are On_QA
14:21:56 <Sparks> So after a week we're starting to see some movement.
14:22:20 <Sparks> #info Many of these tickets haven't been followed up on in recent times and should be.
14:22:44 <Sparks> #info Sparks will unassign tickets from fst_owners if they don't follow up within a week.
14:23:33 <Sparks> I'm still working on challenge prizes but I do have a budget.
14:23:39 <Sparks> Questions?  Comments?
14:24:20 <jtaylor90> none from me
14:24:43 <Sparks> #action Sparks to blog about the challenge
14:24:53 <Sparks> #topic Open floor discussion/questions/comments
14:24:59 <Sparks> Okay, anyone have anything?
14:25:13 <pjp> Nope,
14:25:34 <pjp> Sparks: What are options for prizes?
14:26:27 <Sparks> pjp: Not sure.  I was looking for something in the Red Hat Cool Stuff Store since it would be easy to obtain and ship.  I've also been contemplating t-shirts for the team.
14:26:35 * Sparks is open to ideas.
14:29:34 <Sparks> Okay, if no one has anything else we'll close for the day.
14:30:55 <randomuser> Sparks++
14:31:20 <randomuser> free prizes :)
14:31:51 <Sparks> randomuser: Yep, all you have to do is close more Important CVEs that me!  :)
14:32:22 <randomuser> does WONTFIX count?
14:32:24 * randomuser ducks
14:32:52 <Sparks> randomuser: Only if you get the package retired.
14:33:36 <pjp> :)
14:34:16 <pjp> Sparks: may be Caps could be an option too,
14:35:17 <randomuser> uniform shirts, with Fedora Security Team badges
14:35:46 <Sparks> pjp: Sure
14:36:04 <Sparks> randomuser: yeah, the idea has been in progress although we'd need a logo.
14:36:16 <Sparks> And no one wants any logo I'd design.
14:36:35 <pjp> :)
14:36:46 <Sparks> Okay, we can move this discussion to #fedora-security-team.
14:36:51 <Sparks> Everyone have a good day!
14:36:54 <Sparks> #endmeeting