===================================== #fedora-meeting: Fedora Security Team ===================================== Meeting started by mhayden at 14:16:10 UTC. The full logs are available at https://meetbot.fedoraproject.org/fedora-meeting/2016-04-21/fedora_security_team.2016-04-21-14.16.log.html . Meeting summary --------------- * Use the RHEL 7 security guide as initial reading for now (mhayden, 14:16:52) * ACTION: Rewrite the Fedora Security Guide to be more of what we're looking for (mhayden, 14:17:27) * LINK: https://fedoraproject.org/wiki/Information_Security_Training (mhayden, 14:18:22) * Fedora Defensive Coding docs could be useful, but may need some updating (mhayden, 14:19:08) * LINK: https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html (mhayden, 14:19:12) * ACTION: Sparks to make it so on this CWE/CVE business (mhayden, 14:22:55) * LINK: https://access.redhat.com/security/updates/classification (Sparks, 14:24:58) * LINK: https://cve.mitre.org/about/faqs.html (mhayden, 14:25:57) * LINK: http://www.candlepinproject.org/presentations/pki-crash-course (Sparks, 14:26:14) * Understanding packaging is important (mhayden, 14:28:34) * LINK: https://fedoraproject.org/wiki/Join_the_package_collection_maintainers (mhayden, 14:29:03) * LINK: https://bettercrypto.org/static/applied-crypto-hardening.pdf (mhayden, 14:32:58) * this should be opinioned and about how "we" do things as opposed to just security work in general (mhayden, 14:34:50) * Everything sparks touches turns to gold :) (mhayden, 14:40:16) * Would be nice to find an example of a security packaging fix done by a non RHT person (mhayden, 14:42:12) * AGREED: Heartbleed was a very sad time all around (mhayden, 14:43:14) * AGREED: Heartbleed was a very sad time all around (mhayden, 14:44:20) * Xen security bugs could be an example -- XSA-108 was a good one (mhayden, 14:46:14) * LINK: https://access.redhat.com/sites/default/files/riskreportgraphics_branded_unbrandeedissues_final_v2.png (Sparks, 14:48:00) * ACTION: Apprentice wiki page will be updated soon (mhayden, 14:49:19) * ACTION: Sparks will ask if he can share some of his internal security apprentice information (mhayden, 14:50:58) Meeting ended at 14:54:29 UTC. Action Items ------------ * Rewrite the Fedora Security Guide to be more of what we're looking for * Sparks to make it so on this CWE/CVE business * Apprentice wiki page will be updated soon * Sparks will ask if he can share some of his internal security apprentice information Action Items, by person ----------------------- * Sparks * Sparks to make it so on this CWE/CVE business * Sparks will ask if he can share some of his internal security apprentice information * **UNASSIGNED** * Rewrite the Fedora Security Guide to be more of what we're looking for * Apprentice wiki page will be updated soon People Present (lines said) --------------------------- * mhayden (55) * zodbot (12) * Sparks (11) * skamath (7) * Astradeus (5) * linuxmodder (2) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot