meeting logs: Added sec-meeting-2018-02-18-log

Signed-off-by: Christopher Diaz Riveros <chrisadr@gentoo.org>

1 files changed, 231 insertions, 0 deletions

diff --git a/sec-meeting-2018-02-18-log b/sec-meeting-2018-02-18-log
new file mode 100644
index 0000000..1fd2dc6
--- /dev/null
+++ b/sec-meeting-2018-02-18-log
@@ -0,0 +1,231 @@
+2018-02-18 14:01:52	@K_F	Roll call
+2018-02-18 14:01:54	 *	K_F here
+2018-02-18 14:01:57	 *	ChrisADR here
+2018-02-18 14:02:05	@ackle	here
+2018-02-18 14:02:39	ChrisADR	hi ackle nice to meet you :)
+2018-02-18 14:02:45	 *	Pinkbyte here
+2018-02-18 14:03:16	@ackle	Hi Chris, welcome aboard
+2018-02-18 14:03:27	ChrisADR	nice to meet you too Pinkbyte :)
+2018-02-18 14:03:32	ChrisADR	thanks :) glad to be here
+2018-02-18 14:04:11	@K_F	hmm, don't think I have whissi's phone # around to send SMS..
+2018-02-18 14:04:31	@K_F	so lets just start, and if he shows up he can read backlog anyways
+2018-02-18 14:04:50	@Pinkbyte	ChrisADR, we are all always welcome fresh blood, so - nice to see you amongst us
+2018-02-18 14:04:58	@Pinkbyte	s/fresh/for fresh/
+2018-02-18 14:05:22	@K_F	the four regular agenda items I've noted for today are (in short); (i) GLEP14 updates (ChrisADR can tell a bit about the changes he has done and what he wants help on forwards, and discusion if there is anything)
+2018-02-18 14:05:44	@K_F	(ii) glsamaker (iii) kernel sec and (iv) operator / access list in here (although mostly deferred until after a lead is in place)
+2018-02-18 14:06:30	@K_F	are there anything else we should discuss today? as a pro-forma I listed open bugs as well, in particular #624262, but that is more to remember than to discuss today
+2018-02-18 14:07:06	@blueknight	Sorry was watching a show.. here
+2018-02-18 14:07:39	@Pinkbyte	K_F, it would be nice if something about #624262 would be done. I remember those days when confidential mails from bugzilla were... confidential :-)
+2018-02-18 14:08:13	@K_F	Pinkbyte: right, which is why we have a bug, I just don't see anything from us being done about it today.. that said it is listed as a GSoC project this year as well
+2018-02-18 14:08:58	@K_F	so, ChrisADR you've been the one most active with trying to refurbish glep 14 c.f bug 637328
+2018-02-18 14:09:00	willikins	K_F: https://bugs.gentoo.org/637328 "GLEP 14 needs to be updated"; Documentation, GLEP Changes; CONF; mgorny:security
+2018-02-18 14:09:19	@K_F	what is the status of the update and what is needed from us on it before we can pass it around for approval?
+2018-02-18 14:09:39	@K_F	I take it everyone here has access to the updated files in git.gentoo.org/proj/security/private.git:/documentation/glep-0014.rst ?
+2018-02-18 14:09:44	@K_F	or should I make a copy of it somewhere public?
+2018-02-18 14:09:52	ChrisADR	ok, short and simple :) I'm a bit concerned about the implementation
+2018-02-18 14:10:34	ChrisADR	quoting from the source code: " WARNING: this code is only tested by a few people and should NOT be used
+2018-02-18 14:10:34	ChrisADR	# on production systems
+2018-02-18 14:10:37	ChrisADR	"
+2018-02-18 14:11:04	@K_F	ChrisADR: heh, indeed, that is code you don't want seen relied on in production systems :)
+2018-02-18 14:11:18	@K_F	(or at least comment, presumably it actually _is_ well tested by now)
+2018-02-18 14:11:56	ChrisADR	yea :) ok, the thing is that we need either to remove that comment, ensuring that glsa-check is actually tested, to be able to mark the GLEP as implemented, or keep it as "work in progress"
+2018-02-18 14:12:49	@K_F	it has been used in production for a number of years, so unless it is a very specific corner case, we can likely remove the comment now
+2018-02-18 14:13:00	ChrisADR	but I see that most of the work was done till 2015, except a couple of patches in 2016 and 2017
+2018-02-18 14:13:26	ChrisADR	ok, sounds good to me, the rest of the GLEP is just an update to the current status
+2018-02-18 14:14:00	@Pinkbyte	K_F, true. I remember exactly one breakage(which happens in this year) of glsa-check since i use it(from 2009 at least, iirc)
+2018-02-18 14:14:02	@K_F	so, should we vote for an approval of it in this meeting, or do a final circulation on email for comment?
+2018-02-18 14:14:16	@K_F	(approval in this context means we submit it to council)
+2018-02-18 14:14:40	ChrisADR	I'd prefer a circulation, I'd appreciate a peer review and then decide if everything is ok to send to council
+2018-02-18 14:14:47	@K_F	ChrisADR: actually one thing I noticed, which is nitpick when reading it is most references to GPG should be OpenPGP
+2018-02-18 14:15:04	@K_F	unless it reference the specific implementation
+2018-02-18 14:15:29	@K_F	e.g "verifies its OpenPGP signature" instead of "GPG signature"
+2018-02-18 14:16:13	@K_F	but right, if you can send out a call for comment we can deal with it with a deadline of 1 week from you send it out?
+2018-02-18 14:16:23	ChrisADR	yea, actually afaik we don't verify signatures per se, we assume that because of the signed commits in the repo
+2018-02-18 14:17:09	@K_F	signed commits aren't relevant, would be the signed MetaManifest or the signature of the web download, there aren't any good ways to verify the git commit signatures, in particular in context of retired devs and revoked keyblocks
+2018-02-18 14:17:41	@K_F	but if the tool doesn't check the signature, we want to update the GLEP to reflect that
+2018-02-18 14:18:06	ChrisADR	There are still a couple of sections that I have not changed, I hoped to send a proposal to the mail and discuss those specific implementations since I don't have it totally clear
+2018-02-18 14:18:15	@K_F	and/or write that it expects the tree consistency to be in place due to verification done during portage / gemato sync (but keep in mind that won't help paladius or pkgcore users)
+2018-02-18 14:19:33	@K_F	but right, lets do that by email then, that works for me
+2018-02-18 14:19:40	ChrisADR	ok, great
+2018-02-18 14:19:41	@K_F	any other comments from anyone on the subject before we move on?
+2018-02-18 14:20:14	@blueknight	Nothing from the peanut gallery :)
+2018-02-18 14:21:21	@K_F	ChrisADR: you also brought up glsamaker, want to lead in with your thoughts?
+2018-02-18 14:22:23	@K_F	i.e are there specific concerns, or just a generic discussion on whom takes responsibility for maintenance etc?
+2018-02-18 14:23:35	ChrisADR	well I was thinking about the whole project implementation, I know whissi is the only one developing it right now, but it's hard for him because of ruby... at first I was thinking to prepare a new version of glsamaker, but now I'd like to propose a new idea
+2018-02-18 14:23:53	 *	K_F is all ears
+2018-02-18 14:24:45	@K_F	but yes, it being ruby is actually an issue on a few points, including maintenance since not too many use it, that is also a problem with a few other sites, including packages.g.o
+2018-02-18 14:24:47	ChrisADR	alice sent an email announcing that we are officialy part of the Google Summer of Code, I was thinking (maybe not this year, but next one, given the availability from our team) to propose a project there and be mentors from a student
+2018-02-18 14:25:26	@Whissi	_No_. :)
+2018-02-18 14:25:30	@K_F	I'm not a fan of that idea, too many projects historically that have been written and not properly implemented in practice, and if we want to rewrite, it is to make sure codebase is familiar to security team
+2018-02-18 14:25:46	@K_F	and having a student at gsoc is 3-5 times the work of just doing it yourself
+2018-02-18 14:25:51	@K_F	or more..
+2018-02-18 14:25:56	ChrisADR	I guess that if it's in Python (django at least) it may be easier for the whole developers here to have an idea of how it works?
+2018-02-18 14:26:04	@K_F	in particular when we're starting from scratch, it is easier for a specific feature in existing framework
+2018-02-18 14:26:23	@ackle	Not a fan either, tools from GSoC have seemed... unreliable to me in the past
+2018-02-18 14:26:25	@K_F	django suffers from a number of same issues as ruby does with upgrades and compatability
+2018-02-18 14:26:34	@K_F	so that also easily gets stuck, and is difficult to properly package
+2018-02-18 14:26:46	@blueknight	ackle: you have a working demo version is that correct?
+2018-02-18 14:26:52	ChrisADR	ok out of ideas :P
+2018-02-18 14:26:58	@Pinkbyte	Well, we should feel ourselves pretty lucky that it is Ruby and not Haskell for example :-D
+2018-02-18 14:27:05	@ackle	Yes, I have a working dev system for glsamaker
+2018-02-18 14:27:34	@K_F	ackle: to ensure we're talking of same thing, you have a dev system of the current implementation
+2018-02-18 14:27:54	@K_F	I'm personally in favor of throwing in some more resources on existing system rather than rewriting from scratch, as I know that will bring bugs on its own
+2018-02-18 14:27:59	@ackle	Also to point out: in the past we've always said that a major change to glsamaker should probably be in tandum with an overhaul of the GLSA format (to make it easier to automate announcements)
+2018-02-18 14:28:07	@K_F	unless we have specific features that we know needs a solid rewrite (e.g proper CVE handling)
+2018-02-18 14:28:28	@K_F	but if we want to write a new system we need to do a full RFP / spec of what is needed before starting out
+2018-02-18 14:28:32	@Whissi	Yes. We should first think about what we want before we think about how we reach the goal.
+2018-02-18 14:29:05	@K_F	not necessarily only GLSA format though, that is output format only, we have a lot of background work that never sees the public
+2018-02-18 14:29:20	@ackle	K_F: yes, I keep an updated and running copy on one of my VMs for when I've made changes to glsamaker.g.o
+2018-02-18 14:29:26	@blueknight	ackle: Can we replicate your dev build in to a location where others have access?
+2018-02-18 14:29:43	@K_F	ackle: nice, do you have any notes for setting it up etc if others wants to replicate?
+2018-02-18 14:29:47	@blueknight	or share the VM?
+2018-02-18 14:30:19	@K_F	instead of sharing the VM, might want to do a replication of the pushing at infra
+2018-02-18 14:30:33	@ackle	I'm sure I have notes on setting it up. If infra can provide a VM, we could get a shared test system out there
+2018-02-18 14:30:34	@K_F	and have a git repo we can commit changes to for testing, instead of full access on VM
+2018-02-18 14:31:07	@K_F	in my experience testing without audit is often difficult to replicate in production system due to lack of documentation
+2018-02-18 14:31:27	@K_F	of course that brings question of whether we want a test system along with a dev system
+2018-02-18 14:31:30	@Whissi	For me the problem is testing vs bugzilla
+2018-02-18 14:32:41	@Whissi	Like testing the "close bugs" think... it requires a open bug... hard to test if you don't have a testing bugzilla ;)
+2018-02-18 14:32:53	ChrisADR	and our own bugzilla for tests? 
+2018-02-18 14:33:17	@ackle	There are various caveats with testing, such as connecting it to a test Bugzilla instance (as Whissi is stating) and having actual information in the database for validation (something that bit me in the butt before)
+2018-02-18 14:33:36	@K_F	Whissi: iirc infra has a testing infrastructure for bugzilla, maybe we can get some resources on that?
+2018-02-18 14:34:06	@K_F	but indeed, there will be references to bug numbers not existing etc etc
+2018-02-18 14:34:24	@K_F	unless it is done in a testing envoronment that synchronize / copy daily or weekly or whatever
+2018-02-18 14:36:13	@K_F	(I believe this is the one I'm thinking of.. http://bugstest.gentoo.org )
+2018-02-18 14:38:33	@K_F	but right, I'm putting that down for another subject to continue discussing on email.. but before doing any big changes I strongly recommend we figure out if we need major new features, and if we do figure out what we need (including testing infrastructure etc) before starting a new project on it
+2018-02-18 14:39:52	@K_F	So; (iii) kernel sec team
+2018-02-18 14:40:06	@K_F	ChrisADR: again, you had some questions on this, want to start up discussion?
+2018-02-18 14:40:15	ChrisADR	ok, sure
+2018-02-18 14:40:52	ChrisADR	it may be a good idea to define a structure, like the vulnerability treatment policy
+2018-02-18 14:41:01	@blueknight	I have an idea ... I am thinking we might want to put together a Trello for our team so we can put down the requirements?
+2018-02-18 14:41:01	ChrisADR	I propoce 3 states right now
+2018-02-18 14:41:26	ChrisADR	that's a good idea
+2018-02-18 14:42:05	@K_F	what is Trello?
+2018-02-18 14:42:25	ChrisADR	so, [upstream] as always, [cve] as archived in our db, and a new [backported](just basic idea) which means if we have that specific fix available in our *-sources
+2018-02-18 14:42:28	@blueknight	Trello is a free on line Todo / Project management with multi edit capabilitles.
+2018-02-18 14:42:36	@K_F	is it free software?
+2018-02-18 14:42:43	@blueknight	Free on-line service
+2018-02-18 14:42:43	@Pinkbyte	K_F, proprietary online service for kanban-like tasking and stuff
+2018-02-18 14:42:56	@K_F	meh, lets stick to formats people can use
+2018-02-18 14:43:05	@Pinkbyte	K_F, agreed
+2018-02-18 14:43:21	@K_F	but for kernel issues, its a bit of a catch 22
+2018-02-18 14:43:50	@K_F	1) we don't have resources to track the vulnerabilities, and the upstream recommendation is just to always use latest point release of long term stable branch
+2018-02-18 14:44:02	@K_F	2) upstream doesn't properly flag vulnerabilities (see 1)
+2018-02-18 14:44:19	@K_F	3) we don't have tooling to check the running kernel on a given system and what patches are potentially applied
+2018-02-18 14:44:46	@Whissi	Regarding kernel: The kernel project will move to some kind of auto-stabilizing later this year. At least we plan something like that.
+2018-02-18 14:44:48	@K_F	which mostly result in , sure, we can track some, in particular for release coordination, but in general, kernel is on its own
+2018-02-18 14:44:59	@Whissi	So the meaining of stable kernel in Gentoo _will_ change.
+2018-02-18 14:45:13	@K_F	Whissi: iirc they are using the proposal from the stable wg ?
+2018-02-18 14:45:27	@K_F	I wouldn't agree it is changing stable status if so
+2018-02-18 14:45:44	@K_F	mainly due to upstream stability guarantee, and only point releases of an already stabilized LTS will be auto-stabled
+2018-02-18 14:45:50	@Pinkbyte	Whissi, if it would be sticking to latest possible LTS point releases - blame me, if i will be against it :-)
+2018-02-18 14:46:36	@Whissi	Currently, in Gentoo, stable kernels means something like a GA status. I.e. only mark a kernel stable if we know it works on most hardware or aren't aware of any criticial problems which may affect *some* setups.
+2018-02-18 14:47:16	@Whissi	That's the reason why 4.14.x is still not being stabilized in Gentoo... because we are aware of *some* problems... however, 4.14.x is now better and works for *most* users... but still not ready to be named *GA*.
+2018-02-18 14:47:38	@Whissi	But this is going to change.
+2018-02-18 14:47:47	@K_F	right, 4.14 is a mess on libdrm and kernel mode buffers
+2018-02-18 14:48:00	@K_F	kernel modeline*
+2018-02-18 14:48:05	@blueknight	So they are going to roll the dice with automated building
+2018-02-18 14:48:17	@K_F	not really
+2018-02-18 14:48:39	@K_F	if they only stable latest point release as policy, it is easy to do a package mask for newer kernel branches
+2018-02-18 14:48:48	@K_F	first thing I do on any system after installing is masking any higher branch
+2018-02-18 14:48:56	@K_F	and only switching once LTS is EOL
+2018-02-18 14:49:13	@Whissi	I.e. in future we hope to have a working CI which will start testing when upstream kernel reaches RC. Once released, we will add and mark stable within 24-48h. If we get aware of any problems we maybe decide to pause/skip this version... or add patches like before. But in general the idea is to follow upstream within 48h.
+2018-02-18 14:49:27	@Whissi	(_stable_ within 48h)
+2018-02-18 14:49:27	@Pinkbyte	K_F, i forced to do this on one of my HP servers. Which breaks badly on 4.12 and 4.14
+2018-02-18 14:49:52	@blueknight	Well in either case... I think we stick to what we have done before
+2018-02-18 14:49:55	@K_F	Pinkbyte: most server systems do it like that anyways
+2018-02-18 14:50:12	@K_F	blueknight: you're not talking for security project? in which case I agree
+2018-02-18 14:50:25	@K_F	we have the project more as a discussion point and placeholder, but we shouldn't give any security guarantee for actual tracking
+2018-02-18 14:50:40	@blueknight	Well isn't this what we are talking about?
+2018-02-18 14:50:44	@K_F	we don't have the resources for it, and the best recommendation is "use latest upstream point release"
+2018-02-18 14:51:01	@K_F	blueknight: _could_ be a reference to kernel team's stable policy
+2018-02-18 14:51:09	@K_F	just wanted to have the statement in proper context
+2018-02-18 14:52:43	@blueknight	The non politically correct version is "no one tracks what is in the Kernel, we take whatever is available upstream and go with it"
+2018-02-18 14:54:30	@K_F	so, unless there are further comments on that, the next one I have is the channel IRC modes
+2018-02-18 14:55:00	@K_F	as explained in email already, that is easy to fix, but easier to do cleanup after a lead is in place as he/she would be natural Founder of channel that can then fix the other modes
+2018-02-18 14:55:58	@K_F	so I propse we defer that point
+2018-02-18 14:56:05	@Whissi	Well, I guess ChrisADR wants that we will write down that we track usally only focus >=A2 vulns for kernels. I.e. write down, that we don't track anything else due to lacking man power.
+2018-02-18 14:56:22	@K_F	we don't officially track anything
+2018-02-18 14:56:42	@blueknight	We do not track Kernel, and I would not want to track anything in Kernel
+2018-02-18 14:56:54	@blueknight	If the Kernel team does not know what is fixed, how shoudl we
+2018-02-18 14:57:03	@K_F	we can help coordinate etc, but we don't _track_ anything
+2018-02-18 14:57:15	@Whissi	Well, I try to track anything >=A2 and especially anything I find in the media.
+2018-02-18 14:57:37	@Pinkbyte	K_F, about channel modes - did i miss something? blueknight is currently team lead and can ask for channel ownership in #gentoo-groupcontacts, no?
+2018-02-18 14:57:42	@K_F	right, but you do that out of the goodness of your heart and not policy :)
+2018-02-18 14:57:50	@Whissi	yeah
+2018-02-18 14:57:52	@blueknight	Pinkbyte: I resigned due to time constraints
+2018-02-18 14:57:54	@K_F	Pinkbyte: right, but if we need to switch that anyways
+2018-02-18 14:58:20	@K_F	Pinkbyte: its easier to just wait for new lead to be in place
+2018-02-18 14:58:21	@blueknight	I do not feel it is right by the team since I can not dedicate a lot of time.
+2018-02-18 14:58:33	@Pinkbyte	blueknight, ok then, missed that e-mail(or just forgot about reading it, i am such a dumbass these days)
+2018-02-18 14:58:46	ChrisADR	blueknight: can you try to set -O on my nick?
+2018-02-18 14:58:57	@K_F	+AO you mean :)
+2018-02-18 14:59:01	ChrisADR	capital o letter
+2018-02-18 14:59:04	@blueknight	Chris I do not have rights
+2018-02-18 14:59:17	ChrisADR	well that's what the discussion is about
+2018-02-18 14:59:25	@Pinkbyte	according to chanserv info - a3li and keytoaster are channel founders
+2018-02-18 14:59:28	ChrisADR	I thought for one sec that you had those rights
+2018-02-18 14:59:36	@Pinkbyte	so only them can fully manage channel
+2018-02-18 14:59:38	ChrisADR	sorry, missed the flow 
+2018-02-18 15:00:27	@blueknight	Both keytoaster and Alex can be contacted to make the rights accordingly moved... so not a big deal
+2018-02-18 15:00:43	@ackle	Is there anything else to discuss?
+2018-02-18 15:00:51	@K_F	blueknight: we don't even need that if a new lead is in place (or if you want to have them now)..
+2018-02-18 15:00:58	@K_F	but right.. any other agenda item?
+2018-02-18 15:01:14	@K_F	if not we've managed to stay at timeline outlined, which is good in itself :
+2018-02-18 15:01:17	@K_F	:)
+2018-02-18 15:01:32	@K_F	I generally believe a few short meetings like this more frequently is a good thing
+2018-02-18 15:01:41	 *	Pinkbyte remember 2-3 hours meetings of Qt team. That was a bit of a pain...
+2018-02-18 15:01:58	ChrisADR	maybe set a couple of goals till the next meet?
+2018-02-18 15:02:02	@blueknight	So since we are all here.... I have one
+2018-02-18 15:02:11	@K_F	blueknight: floor is yours
+2018-02-18 15:02:24	@blueknight	What has been decided is going to be done with picking the new lead.
+2018-02-18 15:02:35	@blueknight	lead or leads
+2018-02-18 15:03:10	@K_F	I haven't seen any conclusions on anything
+2018-02-18 15:03:27	@ackle	We should probably arrange for nominations and election
+2018-02-18 15:03:33	@K_F	so guess someone just needs to actually call for election and chose a format (email, heliosvoting, etc etc)
+2018-02-18 15:03:36	@Whissi	Well, we can start a new election already or wait the remaining 2-3 month....
+2018-02-18 15:04:08	@blueknight	K_F: I propose smoke signals as the means (joke)
+2018-02-18 15:04:21	@K_F	blueknight: I have my Padron 7000 currently, so I'm ready to blow smoke rings :)
+2018-02-18 15:06:11	@blueknight	Ok so do you guys want to wait, or do elections. Lets vote
+2018-02-18 15:06:17	@Pinkbyte	Whissi, quick note from other team's lead - e-mail voting can be 2 weeks long... But it's not the problem. Problem is when you win election, because no one else was nominated. I hope that would be not the case with security :-/
+2018-02-18 15:06:22	@K_F	blueknight: I'd say it is more up to you than anything else
+2018-02-18 15:06:36	@blueknight	I resigned, so it is up to the team
+2018-02-18 15:07:02	@K_F	blueknight: well, if you take the resignation as a point after regular election or if you want to be freed of responsibilities already
+2018-02-18 15:07:10	@blueknight	So lets vote .... who wants election, and who wants tow ait.
+2018-02-18 15:07:29	@Whissi	Pinkbyte: I would propose a different way this time: Everyone is nominated... and has _one_ week to accept. After the week we would start normal voting via mail.
+2018-02-18 15:07:42	@Whissi	But this would be pre-announced
+2018-02-18 15:07:43	@K_F	blueknight: if you don't expect to be able to be around, I recommend just having election now
+2018-02-18 15:07:50	@Pinkbyte	I suppose that in that case we should roll election earlier. One week for nomination, two weeks of voting... Around a month will be only procedure going...
+2018-02-18 15:08:16	@Pinkbyte	Whissi, well, we are(not all of us, blame me) pretty active and responding team, so your proposal make sense
+2018-02-18 15:08:17	@Whissi	You really want 2 weeks voting?
+2018-02-18 15:08:47	@Whissi	7d should be enough, not?
+2018-02-18 15:09:03	@K_F	I generally would expect members to be able to respond in a week, in particular since it is pre-announced periode
+2018-02-18 15:09:15	@blueknight	7d does not account for anyone that has vacation (Holiday) or a business trip
+2018-02-18 15:09:18	@K_F	so 2 weeks since announcement ,if 1w acceptance periode)
+2018-02-18 15:09:23	@Pinkbyte	Whissi, i am not. I am just saying how it is in QA team. Last time there was no voting, because there are only me nominated
+2018-02-18 15:09:44	@K_F	blueknight: well, it is 2 weeks announcement since beginning of voting process
+2018-02-18 15:09:45	@blueknight	I recommend 2 weeks.
+2018-02-18 15:09:49	@K_F	s/voting/election/
+2018-02-18 15:10:06	@K_F	people should be in a position to read their email in that time
+2018-02-18 15:10:10	@blueknight	No but if I go on vacation or a business trip and do not have my GPG key to vote with me (because I forgot it or something),...
+2018-02-18 15:10:24	@ackle	Is there a reason why 2w is not reasonable? Or is it just impatience?
+2018-02-18 15:11:02	@Whissi	Well, with announcement we actual have >7d... but an actual voting period for >7d is a bit long, given that the "big" elections like council will happen in just 7d... not sure why security would need 14d...
+2018-02-18 15:11:04	@K_F	blueknight: right, but arguably that is more a question of whether we should require OpenPGP signatures, although I'm somewhat biased in that and mean everyone should have that pretty accessible in security project :)
+2018-02-18 15:11:46	@K_F	council voting is upen for 15 days
+2018-02-18 15:12:04	@K_F	after a 15 day nomination periode
+2018-02-18 15:12:09	@blueknight	But when I go on vacation I purposly disconnect for 7 days ... (usually on a cruise ship, where I do not buy internet)>
+2018-02-18 15:12:10	@Pinkbyte	Whissi, nobody denies shortening voting period IF all of team members are already voted or if clear winner is discovered
+2018-02-18 15:12:29	@Whissi	OK. I am not against 2 weeks. Just wondered :)
+2018-02-18 15:12:41	ChrisADR	council voting?
+2018-02-18 15:12:57	@ackle	I have to run... have fun painting that shed, folks ;)
+2018-02-18 15:13:03	@Whissi	I'll send my proposol for the election later tonight.
+2018-02-18 15:13:06	@K_F	ChrisADR: election
+2018-02-18 15:13:15	@K_F	ChrisADR: the voting part of the election process for council
+2018-02-18 15:13:21	ChrisADR	sorry, bad translation, ok got it
+2018-02-18 15:13:35	@K_F	Whissi: ok, putting you down to organize it then :)
+2018-02-18 15:13:43	@blueknight	OK.. with this meeting being done... Have a good day everyone.
+2018-02-18 15:13:57	@Whissi	No problem. Will be my 3rd Gentoo election I organized this year ;)
+2018-02-18 15:14:07	@K_F	sounds good, then I have 15 minutes until next meeting
+2018-02-18 15:14:08	@Pinkbyte	blueknight, you too. I should go to bed, though, it's 23:15 on my clock :-)
+2018-02-18 15:14:12	@K_F	have a nice evening everyone
+2018-02-18 15:14:15	 *	K_F bangs gavel