14:08:09 #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:08:09 Meeting started Thu Dec 17 14:08:09 2015 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:08:09 Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:08:09 The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:08:12 #meetingname Fedora Security Team 14:08:12 The meeting name has been set to 'fedora_security_team' 14:08:14 #topic Roll Call 14:08:16 * Sparks 14:08:20 * d-caf 14:08:47 mhayden jsmith zoglesby: We're starting 14:08:58 .hello mhayden 14:08:59 mhayden: mhayden 'Major Hayden' 14:09:41 * jsmith is in a ${DAYJOB} meeting, but will try to multitask 14:10:51 * Sparks notes that this meeting does not require himself and encourages others to take the reigns when necessary. 14:11:24 * d-caf Notes Sparks thoughts... 14:12:15 Okay, lets get started 14:12:29 #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:13:07 * Sparks is going to avoid previous weeks' tasks for today since he doesn't have any update on them 14:13:14 #topic Education and Training 14:13:21 #link https://fedoraproject.org/wiki/Information_Security_Training 14:14:29 I'm working on an internal-to-Red-Hat certification process for people in Product Security. I'm thinking about extending it into the Fedora realm if we're interested. 14:14:54 Is this trust certification or skill certification? 14:15:10 skill 14:15:17 How would this look like and how about costs for Fedora people? 14:15:51 Sparks: Definitely interested :-) 14:15:59 nice 14:16:02 rsc: This would be free. 14:16:17 rsc: Except, perhaps, for some of the resources used. 14:16:40 Sparks: sounds cool (just asked because Red Hat certifications/trainings are usually expensive) 14:16:43 rsc: I'm trying to make sure that all the resources that I pick are available from the public library system in the US. 14:17:02 Sparks: ahh...how does this work in EMEA/APAC then? 14:17:04 If we tie it inot the Apprenticeship program that would be helpful #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship 14:17:18 which I've been putting some stuff together, but haven't added to the wiki yet 14:17:47 rsc: The same, I just can't guarantee free access to books (see the above link). 14:18:12 d-caf: Yes, I'll try to copy over what I've been working on for PS to our wiki. 14:18:17 ...today 14:18:17 Sparks: so we talk about online library systems? That would be fine, too. 14:19:15 rsc: One of the texts I use is the "Hacking Exposed" book. Very good resource but I can't guarantee that it'll be available in all public libraries. 14:19:24 rsc: Applied Cryptography is another. 14:19:41 rsc: Perhaps there will be some personal copies that could be shared. 14:19:53 Sparks: rsc: Security Engineering is another good one 14:20:09 and free online pdf's as well (buy the book if you can to support the author..) 14:20:26 d-caf: Can you add that to the page? I've got so many resources I'm looking at I don't know if that one is on my list, yet. 14:20:33 yes 14:21:07 #link http://www.cl.cam.ac.uk/~rja14/book.html 14:21:21 Can't edit the wiki at the moment, but will add it later 14:21:30 #action Sparks to copy the PS Certification information over to the Fedora wiki for further review 14:21:35 d-caf: Thanks 14:21:45 Anyone have anything else training-related? 14:22:13 #topic Apprenticeship 14:22:21 #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship 14:22:34 This really folds into the previous discussion. 14:22:58 I'll try to populate this today and we'll come back to it next time. 14:23:23 #topic Security Team Fedora Activity Day 14:23:33 I'll try and merge my stuff in with yours 14:23:38 on previous topic 14:23:43 d-caf: Thanks 14:24:04 Last time we started talking about a FAD in the Washington DC area... 14:25:03 #link http://whenisgood.net/8fshcdf/results/9czp49s 14:25:04 have 4 people added tothe WhenIsGood 14:25:30 jsmith: I noticed you only added January dates. Are February and March completely out? 14:25:54 Sparks: Oooh, I didn't know you were looking at February/March 14:26:04 Sparks: I'm open all of February/March, as far as I know. 14:26:19 Sparks: (Unless I get to speak at Devconf in Brno) 14:26:22 jsmith: Okay, could you edit your response, please? 14:26:30 Sparks: If I can find the link... 14:26:59 * Sparks points up 14:27:33 Somewhat related to this is there anyone else going to ShmooCon, specially out of town folk, that would make it convienit to schedule a FAD around that time? 14:27:48 d-caf: Could. When is it again? 14:27:52 Sparks: Done... 14:27:53 * Sparks did not get tickets 14:28:05 Jan 15-17 14:28:09 * jsmith did not get tickets either 14:28:31 d-caf: Appears that we're not all available around then. 14:28:48 Well, there is the 18th 14:29:18 #info Sparks is looking into a videoteleconferencing option for the event to accomidate distance folks. 14:29:46 d-caf: True, although I'm wondering if we'd want to meet for a couple of days. Maybe not... 14:30:06 Sparks: yey :) 14:30:10 jsmith: Are Tuesdays out? Hard stop? 14:30:34 Sparks: No, but most of my ${DAYJOB} meetings are on Tuesdays, so I'd likely be distracted 14:30:38 Astradeus: We used BlueJeans for the Docs FAD we had a few years ago and that seemed to work well. 14:30:45 Sparks: Of course, if I change jobs, all bets are off... 14:30:50 I tend to have a lot of meetings Monday/Tuesday, but sometimes can get out of them 14:31:04 * jsmith will do his best to be flexible 14:31:10 jsmith: Ditto. I'd have to cancel a bunch of stuff to be available on a Tuesday 14:32:28 Okay, we'll continue to work on this and there will be discussion on the list. 14:32:47 #topic Open floor discussion/questions/comments 14:33:18 Next week's meeting falls on Christmas Eve. I suspect many of us will be off work or otherwise detained. Cancel? 14:34:41 guess so. i'll be around though if a meeting comes up :) 14:34:43 I will likely miss the meeting 14:36:20 +1 to cancel 14:36:46 #agreed Next week's meeting will be cancelled. 14:36:53 Does anyone have anything else? 14:37:18 not i 14:37:30 one thing 14:37:46 I may have access to a few Shmoocon tickets 14:38:03 d-caf: OK, please let us know if you do 14:38:03 Who would be interested if I get them? Would be at cost 14:38:15 d-caf: What's the cost? 14:38:28 Depends on the cost... 14:38:29 Shmoocon charges $150 per ticket 14:38:59 #link http://shmoocon.org/general-information/ 14:39:58 d-caf: I might be able to swing that. I can't be certain right now, though. 14:40:20 Yeah, I'm on the fence too... but let me know if you can get tickets, and I"ll make a quick decision 14:40:21 Not talking about a lot of tickets, at most 2 or 3 (not counting mine) 14:41:24 okay 14:41:58 so Sparks and jsmith are interested 14:44:07 d-caf: You might contact zoglesby as he might be interested as well 14:44:23 Okay, anyone have anything else? 14:44:37 Sparks: I'll reach out to him 14:44:44 him/her 14:44:51 whom 14:44:53 :-) 14:44:54 Him... Zach 14:46:37 Anyone have anything else? 14:49:10 Hearing none... We'll go ahead and close the meeting for today. 14:51:04 Thanks, everyone, for coming out today! 14:51:08 #endmeeting