14:05:58 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:05:58 <zodbot> Meeting started Thu Mar 17 14:05:58 2016 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:05:58 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:05:58 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:06:01 <Sparks> #meetingname Fedora Security Team
14:06:01 <zodbot> The meeting name has been set to 'fedora_security_team'
14:06:06 <Sparks> #topic Roll Call
14:06:09 * Sparks 
14:06:10 * d-caf 
14:06:18 * zoglesby 
14:06:57 <pjp> .hellomynameis pjp
14:06:59 <zodbot> pjp: pjp 'None' <pj.pandit@yahoo.co.in>
14:07:15 * Astradeus 
14:10:07 <Sparks> Okay, lets get started
14:10:17 <Sparks> #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better"
14:10:23 <Sparks> #topic Fedora Security Team FAD
14:10:44 <Sparks> #info Sparks wrote up zoglesby's notes on the FAD
14:10:49 <Sparks> #link https://sparkslinux.wordpress.com/2016/03/16/security-team-post-fad-notes/
14:11:03 <Sparks> Feel free to comment as necessary.
14:11:03 <pjp> Sparks: Thanks much for a nice write-up!
14:11:15 <d-caf> thanks, haven't had a chance to read it just got the email
14:11:28 <d-caf> zoglesby: thanks for the notes!
14:13:49 <Astradeus> nice writeup
14:14:02 <Sparks> I was the photographer of the lovely board pictures.
14:14:04 <Sparks> *sigh*
14:14:15 * Sparks didn't notice the glare when he was taking the photos
14:14:45 <d-caf> Sparks: I took a few pictures, I can send them your way if you want to compare
14:14:51 <Sparks> Sure
14:15:05 <d-caf> be later today
14:15:34 <Sparks> That's fine
14:16:09 <Sparks> From the notes, I think we need someone to work with Rel Eng to see what's possible.
14:16:31 <Sparks> #info We'd like private builds in Koji and private staging in Bodhi
14:17:02 <Sparks> #info Sparks would like to see some fail-safe in Bodhi that wouldn't allow the package to be shipped before the embargo has expired.
14:17:22 <dgilmore> Sparks: supporting embargo builds?
14:17:34 <Sparks> dgilmore: Yes, we'd like to
14:17:46 <dgilmore> Sparks: we need ways to hide the build in koji and bodhi, we need to be able to hide the commits to git
14:18:01 <dgilmore> Sparks: its a lot of work on tools with almost no resources
14:18:11 <Sparks> dgilmore: Yes and I hadn't considered the git portion.
14:18:27 <dgilmore> So in order to do it people will need to step up and work on things
14:18:29 <Sparks> dgilmore: Do you need person resources?
14:18:35 <Sparks> okay
14:18:38 <dgilmore> a request for the feature will not be sufficient
14:18:54 <Sparks> dgilmore: Are these feature requests possible?
14:19:13 <dgilmore> Sparks: they are possible. we have had tickets for some of them for years
14:19:18 <dgilmore> there is no one to work on them
14:19:23 <Sparks> okay
14:19:36 <dgilmore> so if you actually want it you will need to provide humans
14:19:51 <Sparks> #info dgilmore notes that the feature requests are possible but it'll take human resources that currently haven't stepped up.
14:20:42 <zoglesby> sorry I was afk, lots of work stuff going on...
14:21:06 <Sparks> zoglesby: Pfft... it's FST time, everything else can wait!
14:21:20 <Sparks> dgilmore: Do you happen to have bug numbers for the existing feature requests?
14:22:50 <dgilmore> Sparks: sorry I do not
14:23:04 <dgilmore> I have not looked at tehm in years
14:23:54 <Sparks> dgilmore: That's fine.
14:24:56 <Sparks> Does anyone want to take on documenting and recruiting for this project?
14:26:07 <Sparks> anyone?
14:26:16 * Sparks eyes d-caf
14:26:22 <pjp> Sparks: recruiting?
14:26:38 <Sparks> pjp: Yeah, trying to get the humans necessary to move this forwared
14:26:43 <d-caf> Sorry, work distraction
14:26:45 <d-caf> back
14:26:52 <Sparks> s/forwared/forward
14:26:58 <pjp> Sparks: I could look for someone,
14:27:37 <d-caf> pjp: Sparks: I can try and sure out these old tickets as well
14:27:44 <Sparks> pjp: Okay, can you document the feature request, as well?
14:27:51 <d-caf> search/sure
14:27:53 <pjp> Sparks: Okay,
14:28:15 <Sparks> Okay, pjp and d-caf, both of you work together on this.
14:28:24 <Sparks> pjp++ d-caf++
14:28:24 <zodbot> Sparks: Karma for pjp changed to 2 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:28:27 <pjp> Sparks: Okay
14:28:29 <Sparks> d-caf++
14:28:46 <d-caf> I don't think I'm part of the karma system :-(
14:28:58 <Sparks> d-caf: What's your FAS ID?
14:29:07 <d-caf> dcafaro
14:29:12 <Sparks> dcafaro++
14:29:13 <zodbot> Sparks: Karma for dcafaro changed to 1 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:29:20 <Sparks> There you go
14:29:32 <d-caf> Ah
14:29:45 <d-caf> I've got to go to a quick meeting be back in 15
14:30:33 <Sparks> #action pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities.
14:30:44 <Sparks> Okay, anything else before we move on?
14:30:54 * pjp noted
14:31:48 <Sparks> #topic Outstanding BZ Tickets
14:31:58 <Sparks> mhayden: Did you run your magic script today?
14:35:35 <Sparks> Okay, well I don't have numbers for today so we'll move on.
14:35:47 <Sparks> #topic Apprenticeship
14:35:49 <Astradeus> i'd have numbers
14:36:00 <Sparks> #undo
14:36:00 <zodbot> Removing item from minutes: <MeetBot.items.Topic object at 0x2b612b90>
14:36:07 <Astradeus> +Tickets by Severity-+-------+---------+
14:36:08 <Astradeus> | Severity | Tickets | Owned | Unowned |
14:36:08 <Astradeus> +----------+---------+-------+---------+
14:36:08 <Astradeus> | medium   | 475     | 40    | 435     |
14:36:08 <Astradeus> | low      | 182     | 13    | 169     |
14:36:10 <Astradeus> | high     | 69      | 31    | 38      |
14:36:13 <Astradeus> +----------+---------+-------+---------+
14:36:22 <Sparks> Astradeus++
14:36:22 <zodbot> Sparks: Karma for astra changed to 1 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:36:42 <zoglesby> cookies for everyone!
14:36:43 <Astradeus> shall i also email the whole output?
14:36:47 <Sparks> zoglesby++
14:36:48 <zodbot> Sparks: Karma for zoglesby changed to 2 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:36:56 <Sparks> Astradeus: Yes please
14:37:09 <Sparks> Still no criticals...  excellent.
14:37:17 <Sparks> Too many highs... not excellent
14:39:49 <Astradeus> anyone want's to take me through a sec-bug-squashing process? ;)
14:40:47 <Sparks> Astradeus: Sure, can we do that after the meeting in #fedora-security-team?
14:40:57 <Astradeus> Sparks: yey, sounds great :)
14:41:04 <Sparks> #topic Apprenticeship
14:41:24 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:41:48 <Sparks> If you haven't looked at this page since Friday afternoon take a look at it now.
14:42:01 <Sparks> I removed everything that was there and started anew
14:42:41 <Sparks> #info There are documentation opportunities if someone wants to do something
14:42:49 <Sparks> (look for the red links)
14:43:28 <Sparks> We also need to go through the existing training resources and figure out what kind of training we should be suggesting
14:44:43 <zoglesby> that should be a topic for the list, as it will take time.
14:44:59 <Sparks> Agreed
14:45:05 <Sparks> zoglesby: Can you take it to the list?
14:45:11 <zoglesby> sure thing
14:45:25 <zoglesby> action me up!
14:45:46 <Sparks> #action zoglesby to take the Apprenticeship discussion to the list for further development
14:46:12 <Sparks> #topic Open floor discussion/questions/comments
14:46:14 <Sparks> Anyone have anything?
14:48:11 <Sparks> no?
14:48:35 <Astradeus> not me
14:48:38 <Sparks> Okay, well, thanks to all who came and participated!  Special thanks to our guest dgilmore!
14:48:51 <Sparks> Everyone have a good day!
14:48:56 <Sparks> #endmeeting