#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings

Meeting summary

1. Roll Call (Sparks, 14:00:26)
   1. https://lists.fedoraproject.org/pipermail/security-team/2015-November/000401.html (mhayden, 14:05:21)
   2. Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (Sparks, 14:14:32)
   
   
2. Follow up on last week's tasks (Sparks, 14:15:03)
   1. ACTION: Sparks to talk with mattdm regarding private security tickets in BZ. (Sparks, 14:15:26)
   2. This was started but hasn't really moved forward. (Sparks, 14:15:42)
   3. ACTION: Sparks to discuss using Bluejeans for an online GPG key signing event (Sparks, 14:15:50)
   4. This isn't mandatory so if you don't feel comfortable participating or don't feel comfortable with not holding an ID in your hands then you don't have to participate. (Sparks, 14:18:05)
   5. ACTION: mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo (Sparks, 14:22:29)
   6. ACTION: pjp to give a status update on security policy in the wiki (carried over) (Sparks, 14:23:37)
   
   
3. Education and Training (Sparks, 14:23:42)
   1. https://fedoraproject.org/wiki/Information_Security_Training (Sparks, 14:23:49)
   2. https://benchmarks.cisecurity.org/downloads/multiform/index.cfm - should it be there? (fenrus02, 14:25:27)
   3. https://wiki.mozilla.org/Security/Server_Side_TLS .. and .. https://mozilla.github.io/server-side-tls/ssl-config-generator/ ? or too much detail ? (fenrus02, 14:27:53)
   4. Astradeus' changes for the script are now merged ;) (mhayden, 14:27:59)
   
   
4. Outstanding BZ Tickets (Sparks, 14:31:29)
   1. Thursday's numbers: Critical 1 (0), Important 40 (0), Moderate 457 (+11), Low 170 (+8), Total 668 (Sparks, 14:31:36)
   2. Current tickets owned: 85 (Sparks, 14:31:42)
   3. IDEA: FST gets copied on critical and important CVEs that come to Fedora/EPEL. (Sparks, 14:34:49)
   4. ACTION: Sparks to work with PST to get our mailling list included on BZ tickets for critical and important CVEs. (Sparks, 14:39:03)
   5. Apparently FST members can't look at security bugs. This is likely a problem if we're supposed to be fixing such things. (Sparks, 14:40:32)
   6. ACTION: Sparks to figure out how FST members can get access to Fedora security bugs (Sparks, 14:40:47)
   7. Anyone finding a security bug in Fedora that doesn't have a CVE should let PST know so we can get a CVE issued. secalert@redhat.com (Sparks, 14:41:32)
   
   
5. Open floor discussion/questions/comments (Sparks, 14:43:34)

Action items

1. Sparks to talk with mattdm regarding private security tickets in BZ.
2. Sparks to discuss using Bluejeans for an online GPG key signing event
3. mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
4. pjp to give a status update on security policy in the wiki (carried over)
5. Sparks to work with PST to get our mailling list included on BZ tickets for critical and important CVEs.
6. Sparks to figure out how FST members can get access to Fedora security bugs

Action items, by person

1. Astradeus
   1. mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
2. mattdm
   1. Sparks to talk with mattdm regarding private security tickets in BZ.
3. mhayden
   1. mhayden to get Astradeus' changes to the stats script into the fedora-security-team git repo
4. Sparks
   1. Sparks to talk with mattdm regarding private security tickets in BZ.
   2. Sparks to discuss using Bluejeans for an online GPG key signing event
   3. Sparks to work with PST to get our mailling list included on BZ tickets for critical and important CVEs.
   4. Sparks to figure out how FST members can get access to Fedora security bugs

People present (lines said)

1. Sparks (72)
2. mhayden (17)
3. fenrus02 (6)
4. Astradeus (6)
5. zodbot (4)
6. mattdm (3)
7. rishi (2)
8. jsmith (1)