diff options
Diffstat (limited to 'meetings/logs/gentoo-security-meeting-2010-09-01-summary.txt')
1 files changed, 112 insertions, 0 deletions
diff --git a/meetings/logs/gentoo-security-meeting-2010-09-01-summary.txt b/meetings/logs/gentoo-security-meeting-2010-09-01-summary.txt
new file mode 100644
index 0000000..b148bdb
--- /dev/null
+++ b/meetings/logs/gentoo-security-meeting-2010-09-01-summary.txt
@@ -0,0 +1,112 @@
+Security Project Meeting 2010-09-01
+Roll call
+ here:
+ Alex Legler (a3li)
+ Tony Vroon (chainsaw), padawan
+ Stefan Behte (craig)
+ Raphaƫl Marichez (falco), joined later on during the meeting
+ Sune Kloppenborg Jeppesen (jaervosz)
+ Tobias Heinlein (keytoaster)
+ Pierre-Yves Rofes (py)
+ Robert Buchholz (rbu)
+ Robin H. Johnson (robbat2), infrastructure representative
+ Tim Sammut (underling), padawan
+ Matthias Geerdsen (vorlon)
+ missing:
+ Kurt Lieber (klieber)
+ Ned Ludd (solar)
+1. Project status
+The Gentoo Security team is functional, but running on low flame. There is a
+huge backlog (a huge amount of open bugs and GLSAs that still need to be sent)
+and due to a small amount of active members not all bugs are filed/handled in a
+timely manner and bigger packages (Firefox, Java, etc.) are not easy to draft
+GLSAs for for various reasons.
+Some members feel that drafting GLSAs with the old GLSAMaker is a huge PITA.
+Not all recruitment requests by both developers and non-developers have been
+handled as well as we want them to, due to limited time and resources.
+2. Lead election
+It has been decided that the Gentoo security team's leads are there to do
+administrative stuff (like distributing permissions e.g. on Bugzilla), to
+ensure progress, to cast deciding votes, and to act as the point of contact for
+encrypted mails.
+Robert, Matthias, and Stefan have either opted out of being nominated or not
+accepted their nomination due to time issues. Alex and Tobias have been
+The team has decided unanimously to continue having two leads, and that those be
+Alex and Tobias.
+3. Population of several mail aliases, bugzilla groups etc.
+The following groups/aliases had to be cleaned and updated in order to ensure
+that no outdated entries still exist.
+3.1 CERT mails
+It has been decided that all team members who attended the meeting will receive
+the CERT mails. Matthias will put a list together and send it to the security
+alias before informing CERT.
+3.2 vendor-sec alias
+Due to respect for the group, the team decided to have only a limited number of
+people subscribed. As such, everyone has been removed from the alias and only
+Alex, Tobias, and Stefan have been put on it. The team agreed to further
+evaluate subscribing active members at the next meeting.
+3.3 "securitymail" group on
+The team decided that only the new leads will be allowed to edit mail aliases.
+3.3 "security" mail alias and "security" group on Bugzilla
+The team agreed that every "full" team member should be on/in these. The leads
+will have the power to edit them.
+4. Handling of the current GLSA and bug queues and how to avoid such situations in the future
+The new GLSAMaker will ease the team's work in huge parts and its development is
+currently of utmost importance. Alex and Tobias have given a summary on the new
+GLSAMaker: It's in a near-usable state, the goal is to have our information
+integrated better, it will replace the old CVE tracker, it's way easier to
+draft minor issues, and permission groups allow for non-team members and new
+recruits to help with drafting.
+Alex and Tobias will see to getting a usable beta version of GLSAMaker2 deployed
+until Oct 1, 2010, while the rest of the team will try to get some GLSAs out
+with the old one.
+The team agreed to send "mini-GLSAs" for minor issues, that is a usual GLSA
+with shorter description and impact texts, like we did a few months ago.
+5. Any other topic
+In order to be more open to users, Matthias will draft an announcement
+explaining our current situation.
+Alex will arrange for a wiki to document todo lists and miscellaneous stuff.
+The team will hold meetings more frequently, every 2 or 3 months has been
+suggested. The next meeting will be around mid-October to vote on this and also
+to check the progress of GLSAMaker2.
+There is no further need for the position of the infrastructure liasion and it
+has been removed. Robin suggested to bug either him or Ned.
+Tobias will merge documentation files from devspaces into our project pages.