1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
2018-06-24 13:59:47 @ChrisADR_mobile !proj security
2018-06-24 13:59:49 willikins ChrisADR_mobile: (security@gentoo.org) a3li, ackle, blueknight, bman, chrisadr, creffett, k_f, pinkbyte, whissi, zlogene, zx2c4
2018-06-24 13:59:53 @ChrisADR_mobile Meeting time
2018-06-24 14:00:02 * K_F is here
2018-06-24 14:00:06 * domhnall here
2018-06-24 14:00:06 * MyNt1a is here
2018-06-24 14:00:09 * ChrisADR_mobile here too
2018-06-24 14:00:11 * Irishluck83 here
2018-06-24 14:01:50 @ChrisADR_mobile Whissi b-man?
2018-06-24 14:01:55 * b-man here
2018-06-24 14:02:27 @ChrisADR_mobile b-man: are you in your laptop?
2018-06-24 14:02:38 @b-man Nope. Should I be?
2018-06-24 14:03:05 @ChrisADR_mobile Can you? K_F and I are in mobiles, maybe would be faster if you can lead
2018-06-24 14:03:13 @ChrisADR_mobile Or you Whissi
2018-06-24 14:04:01 @b-man Ok, on laptop
2018-06-24 14:04:28 @K_F thanks.. I wont be on laptop for another 15 min or so :)
2018-06-24 14:04:33 @ChrisADR_mobile Awesome, thanks, please first topic, I can't see it in the cellphone while writing here
2018-06-24 14:04:40 @b-man Security Project Structure GLEP review:
2018-06-24 14:04:56 @b-man Want to hold that one until K_F is on laptop?
2018-06-24 14:05:09 @ChrisADR_mobile K_F: should we?
2018-06-24 14:05:32 @K_F no.. I havent gotten around to preparing much on that anyways. thankfully slowing down a bit this week
2018-06-24 14:06:06 @K_F good news is there was a new Norwegian record in CSWC yesterday combined with 20year anniversary party :)
2018-06-24 14:06:23 @ChrisADR_mobile Ok, so, you have the updates in the repo, I added some stuff about motivaron and stable dropping
2018-06-24 14:07:25 @ChrisADR_mobile If there are no objections or feedback about those paragraphs, should we move on?
2018-06-24 14:07:48 Irishluck83 where are they located in glep?
2018-06-24 14:07:49 @K_F yeah.. will follow up by email during week
2018-06-24 14:08:02 @K_F Irishluck83: in a private git repo of ours
2018-06-24 14:08:04 @ChrisADR_mobile b-man:?
2018-06-24 14:08:11 Irishluck83 ok
2018-06-24 14:08:13 @b-man No objections from me
2018-06-24 14:08:19 @ChrisADR_mobile Ok fine
2018-06-24 14:08:24 @ChrisADR_mobile Next topic?
2018-06-24 14:08:36 @b-man GLSAMaker use cases doc
2018-06-24 14:09:03 @b-man "I've finished a first draft of the user stories, now with a clearer idea of what
2018-06-24 14:09:03 @b-man does every access level do and what the functionalities are, we may take a look
2018-06-24 14:09:03 @b-man at the padawan relation with CVETool."
2018-06-24 14:09:09 @ChrisADR_mobile Oh right, I updated some use cases, now it's fully mapped, at least what we currently have
2018-06-24 14:09:42 @b-man In this, I would ask if there are any objections to granting access to padawans for the CVETool prior to becoming a full GLSA coordinator.
2018-06-24 14:09:57 @ChrisADR_mobile +1
2018-06-24 14:10:08 @b-man It seems properly using the permissions as ChrisADR_mobile has mapped for us restricts this access.
2018-06-24 14:10:22 @ChrisADR_mobile Most likely a minor permission change in the code, but still necessary I think
2018-06-24 14:10:24 @b-man It would be good for the padawan to be exposed to the tool early on
2018-06-24 14:10:30 @K_F do we have any granularity in access restrictions on cvetool? e.g if adding embargoed CVEs
2018-06-24 14:10:57 @b-man K_F: I don't think the CVE will show up in the list as it pulls from the public CVE releases.
2018-06-24 14:11:07 @K_F not if we add it ourselves
2018-06-24 14:11:15 @b-man If the CVE is embargoed all that should show is the boilerplate text.
2018-06-24 14:11:26 @b-man hmmm
2018-06-24 14:11:31 @b-man I don't follow then K_F
2018-06-24 14:11:34 @ChrisADR_mobile Not really, if we add it the content is reserved until a public announce is made
2018-06-24 14:11:55 @ChrisADR_mobile I mean "*RESERVED * stuff stuff....."
2018-06-24 14:12:05 @K_F not if we add it to the tracker manually.. but indeed we normally just use boilerplate text but it discloses that there is an issue in specific packages even so
2018-06-24 14:12:15 @b-man K_F: You mean we manually add the CVE with the privately released text?
2018-06-24 14:12:36 @K_F doesnt even need to be privileged text.. you'll disclose the applications having issues
2018-06-24 14:12:51 @ChrisADR_mobile I think he means the 'cvetool new CVE-NUM
2018-06-24 14:13:06 @K_F right
2018-06-24 14:13:07 @b-man K_F: How would they see the tracker?
2018-06-24 14:13:21 @b-man that command puts boilerplate text in it
2018-06-24 14:13:23 @K_F if they have access to cvetool?
2018-06-24 14:13:44 @ChrisADR_mobile Yes, they shouldn't theoretically
2018-06-24 14:13:57 @b-man I don't see a way to view a bug with CVETool's permissions.
2018-06-24 14:14:03 @K_F they would see the assignment while preparing the GLSA
2018-06-24 14:14:13 @ChrisADR_mobile They should see the boilerplate text, both in command line and web interface
2018-06-24 14:14:33 @K_F right, but that still leaks the application
2018-06-24 14:14:45 @ChrisADR_mobile No they don't, if the GLSA is marked as private, they can't see anything
2018-06-24 14:14:49 @b-man I am still not following how this would expose anything, sorry.
2018-06-24 14:15:04 @K_F they would see the bug assigned for the CVE in cvetool
2018-06-24 14:15:06 @b-man As ChrisADR_mobile just said the GLSA would be marked private.
2018-06-24 14:15:19 @b-man Right, but that text will be boilerplate as many texts are.
2018-06-24 14:15:22 @ChrisADR_mobile Without private permission no
2018-06-24 14:15:45 @ChrisADR_mobile I tested that with yury
2018-06-24 14:16:02 @ChrisADR_mobile That only see public stuff, both in web and cli
2018-06-24 14:16:10 @K_F but might not be much of an issue ultimately
2018-06-24 14:16:25 @ChrisADR_mobile The thing is that we have to mark it as private while working on it
2018-06-24 14:16:59 @b-man So, given that are you comfortable K_F/
2018-06-24 14:17:03 @b-man ?
2018-06-24 14:17:13 @ChrisADR_mobile Besides, right now, the only member who would have that priv is Irishluck83
2018-06-24 14:17:37 @K_F we can always try it out for a bit anyways.. and get some more experience with it
2018-06-24 14:17:38 * sokan here
2018-06-24 14:17:40 @ChrisADR_mobile We can make him sign the disclosure agreement earlier, and test with him both interfaces
2018-06-24 14:17:52 @b-man Perfect.
2018-06-24 14:17:58 @ChrisADR_mobile Right, sounds good to me
2018-06-24 14:18:11 @b-man I will request his permissions following the meeting.
2018-06-24 14:18:33 @K_F that we set ourselves
2018-06-24 14:18:42 @ChrisADR_mobile Ok so, just to make it official, please vote in the permission change
2018-06-24 14:18:52 @b-man This will also allow us to tweak any permission models during testing
2018-06-24 14:19:04 * ChrisADR_mobile yes
2018-06-24 14:19:08 * b-man yes
2018-06-24 14:19:09 * K_F yes
2018-06-24 14:19:14 @ChrisADR_mobile Ok perfect
2018-06-24 14:19:33 @ChrisADR_mobile I'll work on that change in the next weeks, hopefully it's not that complicated
2018-06-24 14:19:56 @b-man I have already started looking at it and I don't believe it will be
2018-06-24 14:19:57 @ChrisADR_mobile Ok, moving on to next topic...
2018-06-24 14:20:05 @ChrisADR_mobile Great!!
2018-06-24 14:20:27 @b-man Welcome to the new scouts:
2018-06-24 14:20:50 domhnall o/
2018-06-24 14:21:03 @ChrisADR_mobile Ahhhhh right :)
2018-06-24 14:21:04 Irishluck83 yep welcome scouts
2018-06-24 14:21:20 @ChrisADR_mobile Welcome fresh meat \o/
2018-06-24 14:21:49 @b-man For all the new scouts: if you PM K_F your mailing address he will send you free cigars
2018-06-24 14:21:58 @ChrisADR_mobile Since sokan and MyNt1a are here already, and they requested formally to join the team a while back
2018-06-24 14:22:14 @b-man :-P
2018-06-24 14:22:26 MyNt1a o/
2018-06-24 14:22:26 @ChrisADR_mobile I was thinking I'd time to assign them their mentors
2018-06-24 14:23:48 @ChrisADR_mobile So K_F, you and Whissi are the closest devs around them... How are your schedules?
2018-06-24 14:23:59 sokan \ο
2018-06-24 14:24:10 @K_F hectic
2018-06-24 14:24:12 @ChrisADR_mobile Well... Busy as always, but any chance to add one more task?
2018-06-24 14:24:16 @ChrisADR_mobile Hehe
2018-06-24 14:24:29 domhnall ChrisADR_mobile: mentors are assigned now?
2018-06-24 14:24:45 @b-man domhnall: We are just checking availability.
2018-06-24 14:24:52 domhnall oh
2018-06-24 14:24:55 @ChrisADR_mobile Well, they have requested and being working for a while
2018-06-24 14:25:10 @b-man MyNt1a: domhnall, where are you located?
2018-06-24 14:25:12 @ChrisADR_mobile So, meetings are a good time to see availability
2018-06-24 14:25:13 @b-man !time MyNt1a
2018-06-24 14:25:13 willikins b-man: I don't know where MyNt1a is, (s)he should use !time set <Continent>/<City> to let me know
2018-06-24 14:25:15 MyNt1a germany
2018-06-24 14:25:16 @b-man !time domhnall
2018-06-24 14:25:16 willikins b-man: I don't know where domhnall is, (s)he should use !time set <Continent>/<City> to let me know
2018-06-24 14:25:36 @ChrisADR_mobile MyNt1a: is Germany, domhnall USA right?
2018-06-24 14:25:37 domhnall !time America/New_York
2018-06-24 14:25:37 willikins domhnall: America - New York - Sun Jun 24 15:25 EDT
2018-06-24 14:25:57 @b-man I can mentor domhnall if he would like
2018-06-24 14:26:20 @ChrisADR_mobile domhnall: thoughts?
2018-06-24 14:26:22 @K_F sounds good.. I can mentor MyNt1a
2018-06-24 14:26:35 @ChrisADR_mobile MyNt1a: thoughts?
2018-06-24 14:26:44 MyNt1a would be great :D
2018-06-24 14:27:20 @ChrisADR_mobile Well then, sokan would be between me and Whissi, and our last scout for the other one
2018-06-24 14:27:23 domhnall b-man: honored and i accept.
2018-06-24 14:27:44 @b-man Well, that settles that. I will update the wiki following the meeting
2018-06-24 14:27:57 sokan ChrisADR_mobile: sure thing, and thanks :)
2018-06-24 14:28:00 @ChrisADR_mobile Thanks b-man
2018-06-24 14:28:33 @ChrisADR_mobile Yes, let's wait Whissi to see that and according to that we'll add all scouts and mentors :)
2018-06-24 14:28:44 @b-man ChrisADR_mobile: ?
2018-06-24 14:28:55 * zlogene passes around
2018-06-24 14:28:57 @ChrisADR_mobile No no, that was for sokan
2018-06-24 14:29:02 @b-man ok
2018-06-24 14:29:02 @ChrisADR_mobile b-man:
2018-06-24 14:29:26 @ChrisADR_mobile Hi zlogene :) do you want a scout? :p
2018-06-24 14:29:38 domhnall b-man: should you be absent, who would i difer questions to?
2018-06-24 14:30:01 @zlogene ChrisADR_mobile: what do you mean I do not follow?:p
2018-06-24 14:30:09 @b-man domhnall: for you and all the scouts/padawans/ninjas always feel free to ask questions in the main channel. It will also ensure you get a timely answer.
2018-06-24 14:30:33 @ChrisADR_mobile We are assigning mentors :p would you like a mentee scout?
2018-06-24 14:30:58 @b-man domhnall: This is also why we try to ensure matches are done by timezones.
2018-06-24 14:31:15 @ChrisADR_mobile That leaves the floor open, any other stuff?
2018-06-24 14:31:22 @zlogene ChrisADR_mobile: no, I am pretty feed up with teaching people being the recruiter :p
2018-06-24 14:31:46 @ChrisADR_mobile Hahaha ohhhh :( well worth the effort :)
2018-06-24 14:31:46 @b-man ChrisADR_mobile: zlogene is a Gentoo recruiter as well
2018-06-24 14:32:46 @ChrisADR_mobile Ok then, for the first time... This was a nice and short meeting \o/
2018-06-24 14:32:57 * ChrisADR_mobile bangs the gavel
2018-06-24 14:32:57 sokan this it it? o.O
2018-06-24 14:33:00 @K_F :)
2018-06-24 14:33:04 @ChrisADR_mobile Thank you all!!
2018-06-24 14:33:11 @b-man damn
2018-06-24 14:33:15 @b-man I had a open floor thing
2018-06-24 14:33:20 sokan ...
2018-06-24 14:33:25 Irishluck83 nice. nice and quick. i still thing padawans should be ninjas. :)
2018-06-24 14:33:25 sokan that was fast :D
2018-06-24 14:33:28 @ChrisADR_mobile Oh, rewind then
2018-06-24 14:33:29 domhnall b-man: a dance move?
2018-06-24 14:33:36 @b-man domhnall: Only on Friday's
2018-06-24 14:33:41 sokan nooo. no ninjga. add sith lords :D
2018-06-24 14:33:42 Irishluck83 *think
2018-06-24 14:33:58 @ChrisADR_mobile Ok, no open floor stuff then?
2018-06-24 14:34:01 @b-man Yes,
2018-06-24 14:34:04 @b-man I am typing
2018-06-24 14:34:09 @ChrisADR_mobile Cool :)
2018-06-24 14:34:31 sokan so ChrisADR_mobile I can easily spam you questions now with no remorse eh? :P
2018-06-24 14:34:32 @b-man I wanted to begin the discussion of slacker marks or something similair to that for security team
2018-06-24 14:35:06 @ChrisADR_mobile That'd reduce significantly the team hehe
2018-06-24 14:35:13 @ChrisADR_mobile What do you propose?
2018-06-24 14:35:39 @b-man Nothing solid yet, but I wanted to begin the discussions. I will send a mail with some rough ideas.
2018-06-24 14:35:42 @K_F I'm not really a fan of that, if we're worried about activity we can always deal with that on case-by-case basis, but slacker mark doesn't sound useful
2018-06-24 14:36:15 @ChrisADR_mobile Well, prepare the email, and sure, we can begin discussion and see
2018-06-24 14:36:25 @b-man K_F: That could work too. I am not sold on the "slacker" marks piece. Just using it as an example to communicate what I am thinking.
2018-06-24 14:36:44 @b-man I see a lot of folks as sec members who don't do anything :)
2018-06-24 14:36:54 @ChrisADR_mobile Yea, it may be interesting topic to discuss
2018-06-24 14:37:18 @K_F yeah, the broader topic is more interesting to discuss
2018-06-24 14:37:25 @ChrisADR_mobile But that's for the next meeting if the mail is sent ;)
2018-06-24 14:37:44 * ChrisADR_mobile prepares the gavel again
2018-06-24 14:38:00 * b-man plugs his ears
2018-06-24 14:38:03 * ChrisADR_mobile waits a couple of secs
2018-06-24 14:38:15 * ChrisADR_mobile bangs again :)
|