======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================


Meeting started by Sparks at 14:01:10 UTC. The full logs are available
at
https://meetbot.fedoraproject.org/fedora-meeting/2016-04-14/fedora_security_team.2016-04-14-14.01.log.html
.



Meeting summary
---------------
* Roll Call\  (Sparks, 14:01:16)
  * Participants are reminded to make liberal use of #info #link #help
    in order to make the minutes "more better"  (Sparks, 14:05:46)

* Follow up on last week's tasks  (Sparks, 14:06:29)
  * ACTION: pjp to give a status update on security policy in the wiki
    (carried over)  (Sparks, 14:06:47)
  * ACTION: Sparks to figure out how FST members can get access to
    Fedora security bugs (carried over)  (Sparks, 14:06:59)
  * ACTION: pjp and d-caf to work on the feature requests for Koji and
    Bodhi for private builds for embargoed vulnerabilities. (carried
    over)  (Sparks, 14:07:10)

* Apprenticeship  (Sparks, 14:11:08)
  * LINK:
    https://lists.fedoraproject.org/archives/list/security-team@lists.fedoraproject.org/thread/NCCG4ZFQ4IWA62OV4FVAIOMJQPE6Y7NR/
    (Sparks, 14:11:17)
  * AGREED: Next week's meeting will be held via video-teleconference to
    work through the Apprentice training  (Sparks, 14:15:44)
  * ACTION: mhayden to send an invitation for a VC meeting next week
    with detailed agenda for reviewing security docs in the wiki
    (mhayden, 14:17:57)
  * HELP: -- review of  post  for  personal /  commblog
    http://fpaste.org/355375/  (linuxmodder, 14:18:26)

* Handling embargoed vulnerabilities  (Sparks, 14:18:46)
  * ACTION: Sparks to follow up with pjp and d-caf on this project.
    (Sparks, 14:19:15)
  * pjp and d-caf were supposed to be working with Koji and Bodhi folks
    to figure out private builds (carried over)  (Sparks, 14:19:26)

* Outstanding BZ Tickets  (Sparks, 14:19:39)
  * Thursday's numbers: Critical 0 (0), Important 72 (-1), Moderate 510
    (+15), Low 169 (+2), Total 751 (+16)  (Sparks, 14:19:45)

* Open floor discussion/questions/comments  (Sparks, 14:21:40)
  * LINK: http://fpaste.org/355375/ <  proposed badlock  post  for
    planet  (linuxmodder, 14:22:37)
  * LINK: https://bodhi.fedoraproject.org/updates/FEDORA-2016-be53260726
    (zoglesby, 14:23:55)
  * gd got the patches out for Fedora fairly quickly for Samba  (Sparks,
    14:24:35)
  * LINK: https://access.redhat.com/security/updates/classification/
    (Sparks, 14:27:19)
  * Critical Impact - This rating is given to flaws that could be easily
    exploited by a remote unauthenticated attacker and lead to system
    compromise (arbitrary code execution) without requiring user
    interaction. These are the types of vulnerabilities that can be
    exploited by worms. Flaws that require an authenticated remote user,
    a local user, or an unlikely configuration are not classed as
    Critical impact.  (Sparks, 14:27:35)
  * mhayden wins the weekly prize of having sent the most mail to the
    list over the last 30 days.  (Sparks, 14:32:12)

Meeting ended at 14:33:33 UTC.




Action Items
------------
* pjp to give a status update on security policy in the wiki (carried
  over)
* Sparks to figure out how FST members can get access to Fedora security
  bugs (carried over)
* pjp and d-caf to work on the feature requests for Koji and Bodhi for
  private builds for embargoed vulnerabilities. (carried over)
* mhayden to send an invitation for a VC meeting next week with detailed
  agenda for reviewing security docs in the wiki
* Sparks to follow up with pjp and d-caf on this project.




Action Items, by person
-----------------------
* mhayden
  * mhayden to send an invitation for a VC meeting next week with
    detailed agenda for reviewing security docs in the wiki
* Sparks
  * Sparks to figure out how FST members can get access to Fedora
    security bugs (carried over)
  * Sparks to follow up with pjp and d-caf on this project.
* **UNASSIGNED**
  * pjp to give a status update on security policy in the wiki (carried
    over)
  * pjp and d-caf to work on the feature requests for Koji and Bodhi for
    private builds for embargoed vulnerabilities. (carried over)




People Present (lines said)
---------------------------
* Sparks (59)
* linuxmodder (31)
* mhayden (22)
* zoglesby (12)
* zodbot (9)
* Southern_Gentlem (1)




Generated by `MeetBot`_ 0.1.4

.. _`MeetBot`: http://wiki.debian.org/MeetBot