14:05:20 #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings 14:05:20 Meeting started Thu Mar 24 14:05:20 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:20 Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:05:20 The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings' 14:05:21 tick tock 14:05:23 #meetingname Fedora Security Team 14:05:23 The meeting name has been set to 'fedora_security_team' 14:05:26 #topic Roll Call 14:05:37 * Sparks 14:05:46 * zoglesby 14:06:39 * Sparks puts the final touches on the agenda for today 14:10:07 Okay, this promises to be a short meeting... 14:10:08 * linuxmodder 14:10:15 not anymore 14:10:25 huh 14:10:43 Okay, lets get going 14:10:50 why not zoglesby 14:10:54 #info Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" 14:11:01 linuxmodder: Cause you're here 14:11:09 #topic Follow up on last week's tasks 14:11:12 what did dI do 14:11:23 * Sparks notes pjp is not here today and will just continue his actions 14:11:40 #action pjp to give a status update on security policy in the wiki (carried over) 14:11:49 #action Sparks to figure out how FST members can get access to Fedora security bugs (carried over) 14:12:08 #action pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. 14:12:24 zoglesby: Did you ever bring up the Apprenticeship on the list? 14:13:09 nope, forgot until your ping, please move that to this week as well 14:13:31 #action zoglesby to take the Apprenticeship discussion to the list for further development 14:13:38 #topic Apprenticeship 14:14:00 There are a few more links that need to be populated on the Apprenticeship page 14:14:13 #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship 14:15:13 Anyone have any thing to discuss for this topic? 14:16:26 nope, only that it needs done 14:16:32 Okay, moving on 14:16:45 #topic Handling embargoed vulnerabilities 14:18:02 #info The management in Red Hat Product Security is investigating our ability to work closer with them. 14:18:16 I don't really have anything more than that. 14:18:29 * Sparks is waiting for pjp and d-caf to start their parts 14:18:43 As in pre us doing what we need to or after we do FAD items? 14:18:43 Anyone have anything else? 14:19:59 No, overall 14:21:17 It's annoying as everyone seems to have a different idea of what we should have. 14:21:51 well, if they have ideas they need to share them with us 14:21:51 what is the general concensus then 14:22:01 linuxmodder: There is none 14:22:14 zoglesby: I'm trying to figure out what ideas they might have... 14:22:19 tell them fedora-security-team@lists.fedoraproject.org, not sparks@redhat.com 14:22:34 zoglesby: +1 14:23:01 noted 14:23:08 Okay, moving along... 14:23:24 #topic Outstanding BZ Tickets 14:23:24 but they may think its gonna get sparked off with the late r:) 14:23:32 #info Thursday's numbers: Critical 0 (0), Important 67 (+13), Moderate 485 (+11), Low 169 (-18), Total 721 14:23:38 +Tickets by Severity-+-------+---------+ 14:23:38 | Severity | Tickets | Owned | Unowned | 14:23:38 +----------+---------+-------+---------+ 14:23:38 | medium | 485 | 40 | 445 | 14:23:38 | low | 169 | 13 | 156 | 14:23:40 | high | 67 | 30 | 37 | 14:23:43 +----------+---------+-------+---------+ 14:23:51 We appear to be letting these highs get away from us, again... 14:24:07 where is that new embargoed one expected to drop into? 14:24:39 linuxmodder: The samba one? 14:25:04 think so the one we were talkign loosely about yesterday / early this am 14:25:11 by the website it is a crit 14:25:16 with the suspenseful teasers 14:25:23 Ummm.. I don't have it up at the moment. Sometime in April. 14:25:41 april 12th 14:25:44 The 12th I think (patch Tuesday) 14:25:44 ick we were doing so well on no crits 14:26:12 linuxmodder: This may be already getting fixed for Fedora; I'll need to check. 14:26:14 anywhere I might be able to school up in in its current embargoed state? or shadow someone 14:26:29 get the feet wet persay 14:26:30 But we'll have another race to the finish line when it comes out. 14:26:59 (I read it wrong, the website says it is a "crucial security bug") 14:27:33 What's the CVE? 14:27:42 nevermind 14:27:49 I don't remember 14:28:09 CVE-2016-2118 14:28:14 It's rated as Important 14:28:21 but I don't think its important for this meeting 14:28:41 .whoowns samba 14:28:41 Sparks: gd 14:28:50 .fasinfo gd 14:28:52 Sparks: User: gd, Name: Guenther Deschner, email: gdeschner@redhat.com, Creation: 2007-05-03, IRC Nick: gd, Timezone: Europe/Berlin, Locale: en, GPG key ID: 8EE11688, Status: active 14:28:55 Sparks: Approved Groups: fedorabugs cla_fedora cla_done packager cla_redhat gitding-libs @gitgss-proxy 14:29:21 #action Sparks to contact gd to see if he is working on a patch for Fedora. 14:29:45 Anything else? 14:30:02 nfm 14:30:24 no 14:30:33 #topic Open floor discussion/questions/comments 14:30:44 Okay, anything from anyone about anything? 14:30:47 I have nothing more for today 14:31:57 linuxmodder: ??? 14:32:02 Sparks study for your Extra at SELF 14:32:17 Southern_Gentlem: de WG3K 14:32:28 nothing from me 14:32:46 Sparks: are you going to SELF? 14:32:48 * linuxmodder needs to study for that period :) 14:32:59 I hadn't really considered going... I could 14:33:05 err, this is not meeting topic 14:33:32 Okay, let's move this discussion to #fedora-security-team 14:33:39 Southern_Gentlem: Please join us there! 14:33:43 Thanks all 14:33:47 #endmeeting