14:00:53 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:00:53 <zodbot> Meeting started Thu Mar 10 14:00:53 2016 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:53 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:53 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:00:56 <Sparks> #meetingname Fedora Security Team
14:00:56 <zodbot> The meeting name has been set to 'fedora_security_team'
14:00:57 <Sparks> #topic Roll Call
14:00:58 * Sparks 
14:01:04 * d-caf 
14:02:31 * d-caf could have sworn had just seen linuxmodder in this window...
14:02:35 * jsmith is here
14:02:55 <linuxmodder> .hello corey84
14:02:56 <zodbot> linuxmodder: corey84 'Corey Sheldon' <sheldon.corey@gmail.com>
14:03:02 <linuxmodder> I was  lol d-caf
14:03:51 <linuxmodder> will brb   drink refill
14:05:58 * linuxmodder back
14:06:06 <mhayden> .hello mhayden
14:06:07 <zodbot> mhayden: mhayden 'Major Hayden' <major@mhtx.net>
14:08:03 * Sparks was hoping zoglesby would be here today
14:08:09 <Sparks> Okay, lets get startee
14:08:10 <Sparks> Okay, lets get started
14:08:19 * mhayden is generating this week's report
14:08:56 <Sparks> #topic Fedora Security Team FAD
14:09:05 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_FAD_2016
14:09:31 <d-caf> Tomorrow
14:09:44 <Sparks> #info It appears that we have five people coming to the FAD, physically, and a few more remotely.
14:09:52 <mhayden> #link http://paste.fedoraproject.org/336715/45761897/raw/
14:10:24 <Sparks> d-caf: Yes, tomorrow!  :)
14:10:37 <linuxmodder> I'll be  there maybe a bit delayed (9-930)
14:10:39 * Sparks needs to figure out which trains to take to get to where I'm headed.
14:11:10 <d-caf> Yes, I'll be metroing in as well
14:11:47 * Astradeus remotely (sorry for being late)
14:12:27 <Sparks> I'll send out an email with contact information for myself and Zach as well as instructions for the keysigning event.
14:12:38 <linuxmodder> so  at least  3/5 will be  metroing
14:14:32 <Sparks> I still haven't received word back on funding so we may just be going Dutch
14:15:32 <jsmith> Worse comes to worse, I can probably cover lunch
14:15:33 <Sparks> I also have heard back from zoglesby regarding the video conferencing setup at his office so standby for changes.
14:15:48 <jsmith> Want me to bring a couple of extra webcams?
14:16:13 <Sparks> Umm...  Well, there apparently is some sort of setup but we're not sure exactly what it supports.
14:16:38 <linuxmodder> I have a spare its only  720 p tho
14:16:48 <Sparks> I'll try to track down zoglesby today and get that figured out.  We can update the wiki as needed.
14:17:26 <Sparks> #info We'll be monitoring #fedora-security-team in Freenode IRC for backup communications and notes.
14:17:42 <Sparks> We can run zodbot in there to collect our notes
14:18:04 <Sparks> But that will be our backup path if the video conference changes.
14:19:45 <jsmith> OK.
14:19:54 <Sparks> Any additional questions?
14:21:14 <d-caf> Just looking forward to seeing everyone
14:21:29 <d-caf> Unfortunately I'm going to have to miss the rest of this irc meeting, need to head out.
14:21:39 <d-caf> See everyone tomorrow!
14:22:26 <linuxmodder> Sparks,  any special access concerns for the bldg itself
14:23:15 <Sparks> linuxmodder: Not that I'm aware of.
14:23:40 <linuxmodder> okay
14:23:58 <Sparks> zoglesby says to go to the front desk and say that you are here to see him (Zach Oglesby)
14:24:01 <linuxmodder> some of my dc tech stuff has them   so I ask
14:24:20 <linuxmodder> noted
14:25:11 <Sparks> Okay, moving along...
14:25:17 <Sparks> #topic Missing CVE bugs
14:26:38 <Sparks> Yesterday a maintainer received a new version of a program that fixed two CVEs.  Upon checking BZ there were no CVE tracker bugs for this CVE and MITRE didn't show anything either.
14:28:02 <Sparks> Turns out, the CVEs were still embargoed and thus weren't showing up publically.
14:29:02 <linuxmodder> Sparks,  when do those  go un-enbargoed ?
14:29:06 <Sparks> Since upstream broke the embargo we opened up the bugs as well.  The update in Bodhi was properly attached to the new bug tickets and all is well.
14:29:15 <linuxmodder> I remember seeing that exchange briefly  yesterday
14:29:43 <Sparks> linuxmodder: Embargoes should have expiration dates and times.
14:30:01 <Sparks> linuxmodder: Generally, this is worked out with upstream so everyone is on the same page.
14:30:28 <Sparks> Why upstream released early I'm not sure.
14:31:33 <linuxmodder> I'm familar with the  process was just curious how /why the date was ignored (if known)
14:31:59 <Sparks> The takeaway to all this is we need to make sure that patched CVEs get attached to BZ bugs so we can account for all of the fixes.
14:33:15 <zoglesby> Sparks: how many people can see the list of embargoed tickets? (on fedora-security-team)
14:33:20 <zoglesby> is it just you?
14:34:04 <Sparks> If a CVE ticket does not exist then send a message to secalert@redhat.com so RH Product Security can sort it all out.
14:34:50 <Sparks> zoglesby: It is likely just me since I'm on Product Security.  Embargoed CVEs that affect Fedora don't even have Fedora tickets until they are unembargoed so there isn't anything to see.
14:35:42 <zoglesby> okay, hope this is a topic for tomorrow...
14:35:48 <Sparks> If you are so inclined, messages to secalert@redhat.com can be encrypted using 9273 2337 E5AD 3417 5265 64AB 5E54 8083 650D 5882
14:36:07 <Sparks> zoglesby: It can/will be but there really isn't much of a good answer, unfortunately.
14:36:37 <Sparks> Perhaps Fabio can join us tomorrow, remotely, for that part of the discussion
14:36:59 <Sparks> Any other questions?
14:38:00 <zoglesby> No
14:38:31 <Sparks> #topic Outstanding BZ Tickets
14:38:37 <linuxmodder> imported that key for  fture
14:39:23 <Sparks> #info Thursday's numbers: Critical 0, Important 69, Moderate 468, Low 178
14:39:30 <Sparks> +Tickets by Severity-+-------+---------+
14:39:30 <Sparks> | Severity | Tickets | Owned | Unowned |
14:39:30 <Sparks> +----------+---------+-------+---------+
14:39:30 <Sparks> | medium   | 468     | 40    | 428     |
14:39:31 <Sparks> | low      | 178     | 13    | 165     |
14:39:32 <Sparks> | high     | 69      | 20    | 49      |
14:39:34 <Sparks> +----------+---------+-------+---------+
14:39:43 <Sparks> Anyone have anything to talk about ticket-wise?
14:39:50 * jsmith doesn't
14:39:54 * mhayden hasn't had much time to follow up on security issues lately :/
14:41:19 <Sparks> #topic Open floor discussion/questions/comments
14:41:20 <linuxmodder> not been active in the ticket list  of late  hoping to  look today
14:41:25 <Sparks> Okay, anyone have anything?
14:42:34 <linuxmodder> there was a hope in docs | blog  to  have a revise of  security  docs for 23 ( seems some are  back to 21)
14:42:59 <linuxmodder> can find the list link if needed but also was in server list
14:43:00 <Astradeus> anything to review before tomorrow?
14:43:58 <Sparks> linuxmodder: We can talk about that tomrorow fi you wish
14:44:11 <linuxmodder> noted
14:45:51 <Sparks> Anything else?
14:47:44 <linuxmodder> nothing comes to mind but reserving  right ot add on ml if  comes to mind :)
14:47:58 <Sparks> Okay, everyone have a good day and I'll be seeing you all tomorrow!
14:48:07 <Sparks> right to add on ml?
14:48:16 <Sparks> Oh
14:48:24 <Sparks> I'm with you now.  :)
14:48:29 <zoglesby> slow today?
14:48:33 <Sparks> everyday
14:48:39 <Sparks> every day
14:48:56 <Sparks> #endmeeting