======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================


Meeting started by Sparks at 14:00:21 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2015-11-05/fedora_security_team.2015-11-05-14.00.log.html
.



Meeting summary
---------------
* Roll Call  (Sparks, 14:00:26)
  * LINK:
    https://lists.fedoraproject.org/pipermail/security-team/2015-November/000401.html
    (mhayden, 14:05:21)
  * Participants are reminded to make liberal use of #info #link #help
    in order to make the minutes "more better"  (Sparks, 14:14:32)

* Follow up on last week's tasks  (Sparks, 14:15:03)
  * ACTION: Sparks to talk with mattdm regarding private security
    tickets in BZ.  (Sparks, 14:15:26)
  * This was started but hasn't really moved forward.  (Sparks,
    14:15:42)
  * ACTION: Sparks to discuss using Bluejeans for an online GPG key
    signing event  (Sparks, 14:15:50)
  * This isn't mandatory so if you don't feel comfortable participating
    or don't feel comfortable with not holding an ID in your hands then
    you don't have to participate.  (Sparks, 14:18:05)
  * ACTION: mhayden to get Astradeus' changes to the stats script into
    the fedora-security-team git repo  (Sparks, 14:22:29)
  * ACTION: pjp to give a status update on security policy in the wiki
    (carried over)  (Sparks, 14:23:37)

* Education and Training  (Sparks, 14:23:42)
  * LINK: https://fedoraproject.org/wiki/Information_Security_Training
    (Sparks, 14:23:49)
  * LINK:
    https://benchmarks.cisecurity.org/downloads/multiform/index.cfm -
    should it be there?  (fenrus02, 14:25:27)
  * LINK: https://wiki.mozilla.org/Security/Server_Side_TLS .. and ..
    https://mozilla.github.io/server-side-tls/ssl-config-generator/ ?
    or too much detail ?  (fenrus02, 14:27:53)
  * Astradeus' changes for the script are now merged ;)  (mhayden,
    14:27:59)

* Outstanding BZ Tickets  (Sparks, 14:31:29)
  * Thursday's numbers: Critical 1 (0), Important 40 (0), Moderate 457
    (+11), Low 170 (+8), Total 668  (Sparks, 14:31:36)
  * Current tickets owned: 85  (Sparks, 14:31:42)
  * IDEA: FST gets copied on critical and important CVEs that come to
    Fedora/EPEL.  (Sparks, 14:34:49)
  * ACTION: Sparks to work with PST to get our mailling list included on
    BZ tickets for critical and important CVEs.  (Sparks, 14:39:03)
  * Apparently FST members can't look at security bugs.  This is likely
    a problem if we're supposed to be fixing such things.  (Sparks,
    14:40:32)
  * ACTION: Sparks to figure out how FST members can get access to
    Fedora security bugs  (Sparks, 14:40:47)
  * Anyone finding a security bug in Fedora that doesn't have a CVE
    should let PST know so we can get a CVE issued.  secalert@redhat.com
    (Sparks, 14:41:32)

* Open floor discussion/questions/comments  (Sparks, 14:43:34)

Meeting ended at 14:46:52 UTC.




Action Items
------------
* Sparks to talk with mattdm regarding private security tickets in BZ.
* Sparks to discuss using Bluejeans for an online GPG key signing event
* mhayden to get Astradeus' changes to the stats script into the
  fedora-security-team git repo
* pjp to give a status update on security policy in the wiki (carried
  over)
* Sparks to work with PST to get our mailling list included on BZ
  tickets for critical and important CVEs.
* Sparks to figure out how FST members can get access to Fedora security
  bugs




Action Items, by person
-----------------------
* Astradeus
  * mhayden to get Astradeus' changes to the stats script into the
    fedora-security-team git repo
* mattdm
  * Sparks to talk with mattdm regarding private security tickets in BZ.
* mhayden
  * mhayden to get Astradeus' changes to the stats script into the
    fedora-security-team git repo
* Sparks
  * Sparks to talk with mattdm regarding private security tickets in BZ.
  * Sparks to discuss using Bluejeans for an online GPG key signing
    event
  * Sparks to work with PST to get our mailling list included on BZ
    tickets for critical and important CVEs.
  * Sparks to figure out how FST members can get access to Fedora
    security bugs
* **UNASSIGNED**
  * pjp to give a status update on security policy in the wiki (carried
    over)




People Present (lines said)
---------------------------
* Sparks (72)
* mhayden (17)
* fenrus02 (6)
* Astradeus (6)
* zodbot (4)
* mattdm (3)
* rishi (2)
* jsmith (1)




Generated by `MeetBot`_ 0.1.4

.. _`MeetBot`: http://wiki.debian.org/MeetBot