14:02:13 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:02:14 <zodbot> Meeting started Thu Sep 15 14:02:13 2016 UTC.  The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:02:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:02:14 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:02:17 <Sparks> #meetingname Fedora Security Team
14:02:17 <zodbot> The meeting name has been set to 'fedora_security_team'
14:02:25 <Sparks> #topic Roll Call
14:02:27 * Sparks 
14:03:28 <athos> .hello
14:03:28 <zodbot> athos: (hello <an alias, 1 argument>) -- Alias for "hellomynameis $1".
14:03:35 <athos> .hello ribeiro
14:03:36 <zodbot> athos: ribeiro 'Athos Ribeiro' <athoscribeiro@gmail.com>
14:04:34 * athos is here to see how these meetings go if that's ok :)
14:05:18 * chinosoliard too
14:05:47 <Sparks> That's fine although I don't think we'll actually have a meeting today since there doesn't appear to be many in attendance.
14:06:00 <Sparks> And I honestly don't have anything to talk about.
14:06:10 <Sparks> But we can hold it open for questions and the like.
14:06:23 <Astranox> .fas astra
14:06:24 <zodbot> Astranox: rajamastrajabg '' <rajamastrajabg@yahoo.co.in> - netman 'Andrey Krasukov' <netman@astratel.ru> - rustomafs 'Rustom Irani' <rustom@acefastrack.com> - sabroso 'Luis Alberto Pelaez' <charolastra@outlook.com> - ghostflower 'eric anthony sharrar' <astral_destination@yahoo.com> - thomastran 'Thomas Tran' <tho.tran@gmail.com> - katjastrauss72 'Katja Strauss' <katjastrauss72@gmx.com> - jose2 'José Lastra' (4 more messages)
14:06:35 <mhayden> .hello mhayden
14:06:36 <zodbot> mhayden: mhayden 'Major Hayden' <major@mhtx.net>
14:07:10 <Astranox> i'm one of the '4 more messages' :/
14:07:19 <Astranox> hi all :)
14:07:20 <Sparks> ha!
14:07:41 <Sparks> Okay, lets get started (kinda)
14:07:49 <Sparks> #topic New Meeting Time
14:08:07 <jflory7> Astranox: I think if you do .hello, it will work for a specific FAS username - .fas is kind of like a search engine for FAS names :)
14:08:28 <Southern_Gentlem> .hello jbwillia
14:08:29 <zodbot> Southern_Gentlem: jbwillia 'Ben Williams' <vaioof@yahoo.com>
14:08:40 <Sparks> A while back I sent out a survey to determine a better time to meet.
14:08:47 <Sparks> five people responded
14:08:52 <Sparks> There is no good time
14:09:22 <Sparks> Best time appears to be 2PM ET or 9AM ET (Mo, Th, or Fr)
14:09:49 <Sparks> #link http://whenisgood.net/p7r9kte/results/fnpcg8k
14:10:20 <Astranox> jflory7: yes, i know that one is 'search' the other one 'search exact', i just confuse them all the time :/
14:10:25 * mhayden digs in his calendar
14:10:34 <Astranox> Sparks: which timezone is ET?
14:10:40 <Sparks> -4
14:10:43 <jflory7> Astranox: Ahh, gotcha. No worries :)
14:12:05 <mhayden> 2PM ET works a little better with me since i have a bunch of meetings in the early morning hours CDT
14:12:13 <mhayden> lots of US/UK sync-ups
14:13:06 <Sparks> Okay.  I'll float 18:00 UTC, then.
14:13:24 <Sparks> mhayden: Will DST mess you up or can we do this UTC?
14:13:37 <mhayden> UTC should be okay
14:13:45 <Sparks> okay
14:13:57 <Sparks> Anyone have any comments on this?
14:13:58 <mhayden> it will be better when we go off DST, honestly ;)
14:14:53 <Astranox> for me all the dates are the same
14:17:31 <Sparks> #agreed FST meeting will now be held at 18:00 UTC on Thursdays
14:17:39 <Sparks> #undo
14:17:39 <zodbot> Removing item from minutes: AGREED by Sparks at 14:17:31 : FST meeting will now be held at 18:00 UTC on Thursdays
14:18:21 <Astranox> so this will be current_meeting_time + 2 hours?
14:18:28 <Sparks> #agreed 18:00 UTC will be floated as the recommended time for the FST meeting
14:18:33 <mhayden> should i send a google calendar invitation to the list?
14:18:42 <mhayden> or send out an ics file?
14:18:45 <Sparks> Astranox: Current time plus 4 hours
14:19:01 <Astranox> ah, forgot my +2 hours^^
14:19:05 <Sparks> mhayden: Well, first, never send anything Google-related to *my* list.  ;)
14:19:10 <mhayden> teehee
14:19:35 <Sparks> mhayden: I can adjust the meeting information on the Fedora calendar and send out the ICS from there I think.
14:19:41 <mhayden> that'd be cool
14:20:13 <Sparks> #action Sparks to send a message to the FST list and, if no one screams, update FedCal
14:20:46 <Sparks> #topic What's Next
14:21:10 <Sparks> I'm not following the [obviously old] meeting agenda that's posted as I just haven't had time to update it.
14:21:17 * Sparks barely has time to be here now.  :(
14:21:39 <Sparks> That said, I'd like to point out that I've done a little bit of work on the FST wiki pages
14:21:53 <Sparks> #link https://fedoraproject.org/wiki/Category:Security_Team?rd=Security_Team
14:22:32 <Sparks> I moved the main page to the category page so that all FST-related pages will be listed at the bottom.
14:22:48 <mhayden> handy
14:22:51 <Sparks> There is work still to be done.
14:24:02 <Sparks> I'm hoping to document the process for handling vulnerabilities (we have something but it needs to be updated), and start to get a list together of topics that should be addressed when it comes to the topic of secure coding.
14:24:37 <Sparks> I am also continuing to work towards us being proactive with vulnerability patch management.
14:24:54 <Sparks> Anyone have any comments/questions?
14:26:29 <mhayden> wiki looks good
14:26:54 <mhayden> i'd like to try a crack at some automation or at least better stats gathering for bugzilla security tickets
14:27:05 <mhayden> i have some travel next week so i might get some time to look at it
14:27:33 <mhayden> and get it running in a cron ;)
14:27:36 <Sparks> mhayden: You know, inside RH Product Security we have a nice dashboard that scrapes BZ for information.  I wonder if we could leverage that.
14:27:48 <mhayden> oh really... ;)
14:28:07 <Sparks> Yeah, I'll ask the developer if he'd consider open sourcing it.
14:28:18 <mhayden> i was hoping i wouldn't get flogged for hitting the BZ API a little :)
14:28:37 <Sparks> Of course that might require someone higher in the food chain making a decision
14:29:43 * Sparks invites sherr to come and discuss Krakkin
14:29:52 <Sparks> sherr_: Welcome!
14:29:57 <sherr_> Sparks, hi :)
14:30:13 <mhayden> so glad you could sherr_ some time with us
14:30:14 <Sparks> sherr_: I figured I'd just drag you over here and throw you under the bus live and in front of everyone
14:30:21 <Sparks> mhayden: boooo
14:30:25 <sherr_> ;)
14:30:27 <mhayden> Sparks: dad jokes are my expertise
14:30:30 <sherr_> what else is new?
14:30:57 <Sparks> sherr_: The Fedora Security Team is interested in building up some sort of "dashboard" to track vulnerabilities and stuff we're working on.
14:31:27 <Sparks> sherr_: I know you've done work of this nature in PS.  Any chance of getting that code open sourced where we might be able to use it?
14:31:55 <Sparks> Obviously, we would have to change some things but Krakken is such an elegant solution.
14:32:10 <sherr_> it's something we could discuss, and i'm happy that you like it
14:32:31 <sherr_> it's not open source today primarily because it relies on internal tools / services to pull data from
14:32:51 <Sparks> Right.  I think we'd only really be interested in the parts that connect to BZ
14:32:58 <sherr_> so significant portions would have to be changed to make it relevant to open source /fedora usage
14:33:15 <Sparks> cool
14:33:27 <Sparks> shall I follow up with you about this later?
14:33:32 <sherr_> sure
14:33:40 <Sparks> TU
14:33:44 <sherr_> no problem
14:33:57 <Sparks> sherr_: Can I share a screen shot of my dashboard?
14:34:16 <sherr_> Sparks, as long as it doesn't contain any internal-only data :)
14:34:19 <mhayden> haha
14:34:25 <Sparks> sherr_: Okay
14:34:35 <Sparks> sherr_: I suspect my dashboard is usually sanitized.
14:35:05 <Sparks> sherr_++
14:35:08 <sherr_> i suspect that's probably true
14:35:33 <Sparks> sherr_: Okay, thanks for the info!
14:35:52 <sherr_> np
14:36:52 <Sparks> #action Sparks to follow up with sherr_ regarding Krakken
14:37:03 <mhayden> woot
14:37:06 <Sparks> Anyone else have anything?
14:37:07 <mhayden> thanks for that sherr_
14:37:29 <mhayden> Sparks: i'm out of topic (and dad jokes)
14:37:33 <mhayden> s/topic/topics/
14:37:49 <Sparks> well we're all relieved to hear that.
14:37:54 <Sparks> #topic Open Floor
14:37:59 <Sparks> Does anyone have anything?
14:40:21 <Sparks> If not I'll go ahead and close.
14:41:43 <Sparks> Okay, thanks everyone for coming out today!
14:42:10 <Sparks> #endmeeting