Meeting summary

Use the RHEL 7 security guide as initial reading for now (mhayden, 14:16:52) ACTION: Rewrite the Fedora Security Guide to be more of what we're looking for (mhayden, 14:17:27) https://fedoraproject.org/wiki/Information_Security_Training (mhayden, 14:18:22) Fedora Defensive Coding docs could be useful, but may need some updating (mhayden, 14:19:08)

https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_C... (mhayden, 14:19:12) ACTION: Sparks to make it so on this CWE/CVE business (mhayden, 14:22:55) https://access.redhat.com/security/updates/classification (Sparks, 14:24:58) https://cve.mitre.org/about/faqs.html (mhayden, 14:25:57)

http://www.candlepinproject.org/presentations/pki-crash-course (Sparks, 14:26:14) Understanding packaging is important (mhayden, 14:28:34)

https://fedoraproject.org/wiki/Join_the_package_collection_maintainers (mhayden, 14:29:03) https://bettercrypto.org/static/applied-crypto-hardening.pdf (mhayden, 14:32:58) this should be opinioned and about how "we" do things as opposed to just security work in general (mhayden, 14:34:50) Everything sparks touches turns to gold :) (mhayden, 14:40:16) Would be nice to find an example of a security packaging fix done by a non RHT person (mhayden, 14:42:12) AGREED: Heartbleed was a very sad time all around (mhayden, 14:43:14) AGREED: Heartbleed was a very sad time all around (mhayden, 14:44:20) Xen security bugs could be an example -- XSA-108 was a good one (mhayden, 14:46:14)

https://access.redhat.com/sites/default/files/riskreportgraphics_branded_unb... (Sparks, 14:48:00) ACTION: Apprentice wiki page will be updated soon (mhayden, 14:49:19) ACTION: Sparks will ask if he can share some of his internal security apprentice information (mhayden, 14:50:58)

Meeting ended at 14:54:29 UTC (full logs).

Action items

Rewrite the Fedora Security Guide to be more of what we're looking for Sparks to make it so on this CWE/CVE business Apprentice wiki page will be updated soon Sparks will ask if he can share some of his internal security apprentice information

Action items, by person

Sparks Sparks to make it so on this CWE/CVE business Sparks will ask if he can share some of his internal security apprentice information UNASSIGNED Rewrite the Fedora Security Guide to be more of what we're looking for Apprentice wiki page will be updated soon

People present (lines said)

mhayden (55) zodbot (12) Sparks (11) skamath (7) Astradeus (5) linuxmodder (2)

Full Log: https://meetbot.fedoraproject.org/fedora-meeting/2016-04-21/fedora_security_...