#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings

Meeting started by Sparks at 14:01:10 UTC (full logs).

Meeting summary

  1. Roll Call\ (Sparks, 14:01:16)
    1. Participants are reminded to make liberal use of #info #link #help in order to make the minutes "more better" (Sparks, 14:05:46)

  2. Follow up on last week's tasks (Sparks, 14:06:29)
    1. ACTION: pjp to give a status update on security policy in the wiki (carried over) (Sparks, 14:06:47)
    2. ACTION: Sparks to figure out how FST members can get access to Fedora security bugs (carried over) (Sparks, 14:06:59)
    3. ACTION: pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (carried over) (Sparks, 14:07:10)

  3. Apprenticeship (Sparks, 14:11:08)
    1. https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproject.org/thread/NCCG4ZFQ4IWA62OV4FVAIOMJQPE6Y7NR/ (Sparks, 14:11:17)
    2. AGREED: Next week's meeting will be held via video-teleconference to work through the Apprentice training (Sparks, 14:15:44)
    3. ACTION: mhayden to send an invitation for a VC meeting next week with detailed agenda for reviewing security docs in the wiki (mhayden, 14:17:57)
    4. HELP: -- review of post for personal / commblog http://fpaste.org/355375/ (linuxmodder, 14:18:26)

  4. Handling embargoed vulnerabilities (Sparks, 14:18:46)
    1. ACTION: Sparks to follow up with pjp and d-caf on this project. (Sparks, 14:19:15)
    2. pjp and d-caf were supposed to be working with Koji and Bodhi folks to figure out private builds (carried over) (Sparks, 14:19:26)

  5. Outstanding BZ Tickets (Sparks, 14:19:39)
    1. Thursday's numbers: Critical 0 (0), Important 72 (-1), Moderate 510 (+15), Low 169 (+2), Total 751 (+16) (Sparks, 14:19:45)

  6. Open floor discussion/questions/comments (Sparks, 14:21:40)
    1. http://fpaste.org/355375/ < proposed badlock post for planet (linuxmodder, 14:22:37)
    2. https://bodhi.fedoraproject.org/updates/FEDORA-2016-be53260726 (zoglesby, 14:23:55)
    3. gd got the patches out for Fedora fairly quickly for Samba (Sparks, 14:24:35)
    4. https://access.redhat.com/security/updates/classification/ (Sparks, 14:27:19)
    5. Critical Impact - This rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact. (Sparks, 14:27:35)
    6. mhayden wins the weekly prize of having sent the most mail to the list over the last 30 days. (Sparks, 14:32:12)


Meeting ended at 14:33:33 UTC (full logs).

Action items

  1. pjp to give a status update on security policy in the wiki (carried over)
  2. Sparks to figure out how FST members can get access to Fedora security bugs (carried over)
  3. pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (carried over)
  4. mhayden to send an invitation for a VC meeting next week with detailed agenda for reviewing security docs in the wiki
  5. Sparks to follow up with pjp and d-caf on this project.


Action items, by person

  1. mhayden
    1. mhayden to send an invitation for a VC meeting next week with detailed agenda for reviewing security docs in the wiki
  2. Sparks
    1. Sparks to figure out how FST members can get access to Fedora security bugs (carried over)
    2. Sparks to follow up with pjp and d-caf on this project.
  3. UNASSIGNED
    1. pjp to give a status update on security policy in the wiki (carried over)
    2. pjp and d-caf to work on the feature requests for Koji and Bodhi for private builds for embargoed vulnerabilities. (carried over)


People present (lines said)

  1. Sparks (59)
  2. linuxmodder (31)
  3. mhayden (22)
  4. zoglesby (12)
  5. zodbot (9)
  6. Southern_Gentlem (1)


Generated by MeetBot 0.1.4.