14:00:24 #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:00:24 Meeting started Thu Jun 4 14:00:24 2015 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:24 Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:27 #meetingname Fedora Security Team 14:00:27 The meeting name has been set to 'fedora_security_team' 14:00:29 #topic Roll Call 14:00:31 * Sparks 14:00:34 * d-caf 14:00:45 .himynameis pjp 14:00:46 pjp: pjp 'Slim Shady' 14:00:55 wow 14:01:02 What is Slim Shady ? 14:01:02 :) 14:01:41 not sure if eminem fan or slim guy 14:02:41 pjp: https://www.youtube.com/watch?v=sNPnbI1arSE 14:03:27 * pjp clicks 14:06:10 jsmith: You here? 14:06:25 Okay, lets get started 14:06:35 #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:06:42 #topic Follow up on last week's tasks 14:07:17 #action jsmith to push the fix for rubygem-activesupport (BZ 905374) 14:08:01 #info Sparks blogged about the 90-Day Challenge being 2/3 the way through 14:08:10 Sparks: I think he did that during last meeting, 14:08:25 pjp: I'm still showing the bug to be On_QA. 14:08:52 Yep, 14:08:58 Fabio seems to be MIA here and at work. Oh, it's a holiday. 14:09:24 #action FabioOlive will propose automated non-responsive maintainer process on the FST list 14:09:47 #info Sparks followed up with nirik regarding security-private@l.fp.o 14:09:55 Okay, lets dive right in. 14:10:23 * Sparks notes the action items were not updated on the agenda but the rest of the agenda was updated 14:10:29 * Sparks will try to do better next time 14:10:35 #topic 90-Day Challenge 14:10:41 #link https://ethercalc.org/90-day-challenge 14:10:47 #info 90-Day Challenge has a goal to close all 2014 and prior Important CVEs in Fedora 14:10:56 #info As of 2015-06-04, of the 38 target bugs 14 have been closed, 1 is On_QA, and 23 are Open 14:11:02 #action Sparks to remove FST_Owner from 90-day Challenge bugs where there doesn't appear to be any interaction 14:11:17 There were no changes in the bug statuses since last week. 14:11:49 Does anyone have anything? 14:12:25 Not much, been working a few this morning... or trying too... 14:12:54 actuallly 14:13:12 :) 14:13:22 so, with Fedora 20 end-of-life comming up, how do we handle 90day challenge items that are going to elipse at that point? 14:13:31 but after the 90day challenge mark 14:13:51 Example: https://bugzilla.redhat.com/show_bug.cgi?id=1142546 14:14:51 * pjp has been updating bugs to convey that if the package is not affected in F21,22,rawhide, then close the bug as cantfix/wontfix or EOL 14:15:00 d-caf: Sounds like a gimme! 14:15:25 If the bug truly only affects F20 (and I suspect a minority of them do) then we can let them sunset. 14:15:54 pjp: In this case I have doubts the maintainer will ever update this ticket... 14:18:41 * Sparks will try to work on more bugs that will be going EOL to make sure they only affect F20 14:19:24 Anything else? 14:19:45 Sparks: not much from me, 14:20:14 In another news, they are going to assign couple of CVEs to kernel issue, reported to FST last week 14:20:19 not much from me, just I need to update wiki/fedora user for fst_owner etc 14:20:29 #topic Outstanding BZ Tickets 14:20:38 #info Thursday's numbers: Critical 0 (-1), Important 45 (+4), Moderate 374 (-2), Low 164 (+1), Total 587, Trend +2 14:20:44 #info Current tickets owned: 108 (~19%) 14:20:51 #info Tickets closed: 320 (+2) 14:21:10 * Sparks suspects a bug in my script since we still have the rubygem-activesupport bug open. 14:21:35 Anyone have anything? 14:22:02 I believe the link is only checking for Status: New, ASSIGNED, not on qa or modified 14:22:43 Yeah, I thought I had fixed it to include those other two. 14:22:47 * Sparks will check 14:24:33 Nothing else from me 14:24:40 #topic New Meeting Time 14:24:49 #link http://whenisgood.net/98rtz7p/results/eyz7qkh 14:24:56 #info Excluding those that only entered a few times per week, it appears our best meeting time is 8:00PM UTC on Monday and Thursday. 14:26:04 Nope, that would be 01:30 am IST 14:26:15 4pm EDT? 14:26:23 d-caf: Correct 14:26:27 Not even on my list of times 14:26:36 pjp: You provided four hours per week so... 14:27:38 pjp: perhaps you could provide more possible times. 14:27:45 Sparks: Yes, 14:27:56 That goes for everyone. It's not helpful to get a response that shows only one hour a day. 14:28:38 Unfortunately I have limited times at work and evening, just the way it goes.. :-( 14:29:49 4pm will likely be much more difficult to attend, but if that fits the majority, so be it. 14:30:49 d-caf: So you only have four hours a week you could possibly meet? 14:31:27 I mean, I'm pretty busy but was able to put down 39 hours of possibilities. 14:32:00 Yes, at least for a regular scheduled meeting time. As is there are meetings at work I have to miss and evenings are a mess with family obligations. 14:32:27 * Sparks shrugs 14:32:28 I might be able to add some late evening times, just have to schedule them around local evening meetings 14:32:42 yeah, it's my problem, don't expect to bend the group to fit me. 14:33:17 Sparks: Sent new suitable times 14:33:33 We'll give it another week in hopes more people can provide more options. 14:33:36 #topic Open floor discussion/questions/comments 14:33:42 Anyone have anything else? 14:33:47 Nope, 14:33:52 nope 14:35:27 Okay, lets get back to work, then. :) 14:35:34 Have a good day, all 14:35:39 #endmeeting