2018-06-24 13:59:47 @ChrisADR_mobile !proj security 2018-06-24 13:59:49 willikins ChrisADR_mobile: (security@gentoo.org) a3li, ackle, blueknight, bman, chrisadr, creffett, k_f, pinkbyte, whissi, zlogene, zx2c4 2018-06-24 13:59:53 @ChrisADR_mobile Meeting time 2018-06-24 14:00:02 * K_F is here 2018-06-24 14:00:06 * domhnall here 2018-06-24 14:00:06 * MyNt1a is here 2018-06-24 14:00:09 * ChrisADR_mobile here too 2018-06-24 14:00:11 * Irishluck83 here 2018-06-24 14:01:50 @ChrisADR_mobile Whissi b-man? 2018-06-24 14:01:55 * b-man here 2018-06-24 14:02:27 @ChrisADR_mobile b-man: are you in your laptop? 2018-06-24 14:02:38 @b-man Nope. Should I be? 2018-06-24 14:03:05 @ChrisADR_mobile Can you? K_F and I are in mobiles, maybe would be faster if you can lead 2018-06-24 14:03:13 @ChrisADR_mobile Or you Whissi 2018-06-24 14:04:01 @b-man Ok, on laptop 2018-06-24 14:04:28 @K_F thanks.. I wont be on laptop for another 15 min or so :) 2018-06-24 14:04:33 @ChrisADR_mobile Awesome, thanks, please first topic, I can't see it in the cellphone while writing here 2018-06-24 14:04:40 @b-man Security Project Structure GLEP review: 2018-06-24 14:04:56 @b-man Want to hold that one until K_F is on laptop? 2018-06-24 14:05:09 @ChrisADR_mobile K_F: should we? 2018-06-24 14:05:32 @K_F no.. I havent gotten around to preparing much on that anyways. thankfully slowing down a bit this week 2018-06-24 14:06:06 @K_F good news is there was a new Norwegian record in CSWC yesterday combined with 20year anniversary party :) 2018-06-24 14:06:23 @ChrisADR_mobile Ok, so, you have the updates in the repo, I added some stuff about motivaron and stable dropping 2018-06-24 14:07:25 @ChrisADR_mobile If there are no objections or feedback about those paragraphs, should we move on? 2018-06-24 14:07:48 Irishluck83 where are they located in glep? 2018-06-24 14:07:49 @K_F yeah.. will follow up by email during week 2018-06-24 14:08:02 @K_F Irishluck83: in a private git repo of ours 2018-06-24 14:08:04 @ChrisADR_mobile b-man:? 2018-06-24 14:08:11 Irishluck83 ok 2018-06-24 14:08:13 @b-man No objections from me 2018-06-24 14:08:19 @ChrisADR_mobile Ok fine 2018-06-24 14:08:24 @ChrisADR_mobile Next topic? 2018-06-24 14:08:36 @b-man GLSAMaker use cases doc 2018-06-24 14:09:03 @b-man "I've finished a first draft of the user stories, now with a clearer idea of what 2018-06-24 14:09:03 @b-man does every access level do and what the functionalities are, we may take a look 2018-06-24 14:09:03 @b-man at the padawan relation with CVETool." 2018-06-24 14:09:09 @ChrisADR_mobile Oh right, I updated some use cases, now it's fully mapped, at least what we currently have 2018-06-24 14:09:42 @b-man In this, I would ask if there are any objections to granting access to padawans for the CVETool prior to becoming a full GLSA coordinator. 2018-06-24 14:09:57 @ChrisADR_mobile +1 2018-06-24 14:10:08 @b-man It seems properly using the permissions as ChrisADR_mobile has mapped for us restricts this access. 2018-06-24 14:10:22 @ChrisADR_mobile Most likely a minor permission change in the code, but still necessary I think 2018-06-24 14:10:24 @b-man It would be good for the padawan to be exposed to the tool early on 2018-06-24 14:10:30 @K_F do we have any granularity in access restrictions on cvetool? e.g if adding embargoed CVEs 2018-06-24 14:10:57 @b-man K_F: I don't think the CVE will show up in the list as it pulls from the public CVE releases. 2018-06-24 14:11:07 @K_F not if we add it ourselves 2018-06-24 14:11:15 @b-man If the CVE is embargoed all that should show is the boilerplate text. 2018-06-24 14:11:26 @b-man hmmm 2018-06-24 14:11:31 @b-man I don't follow then K_F 2018-06-24 14:11:34 @ChrisADR_mobile Not really, if we add it the content is reserved until a public announce is made 2018-06-24 14:11:55 @ChrisADR_mobile I mean "*RESERVED * stuff stuff....." 2018-06-24 14:12:05 @K_F not if we add it to the tracker manually.. but indeed we normally just use boilerplate text but it discloses that there is an issue in specific packages even so 2018-06-24 14:12:15 @b-man K_F: You mean we manually add the CVE with the privately released text? 2018-06-24 14:12:36 @K_F doesnt even need to be privileged text.. you'll disclose the applications having issues 2018-06-24 14:12:51 @ChrisADR_mobile I think he means the 'cvetool new CVE-NUM 2018-06-24 14:13:06 @K_F right 2018-06-24 14:13:07 @b-man K_F: How would they see the tracker? 2018-06-24 14:13:21 @b-man that command puts boilerplate text in it 2018-06-24 14:13:23 @K_F if they have access to cvetool? 2018-06-24 14:13:44 @ChrisADR_mobile Yes, they shouldn't theoretically 2018-06-24 14:13:57 @b-man I don't see a way to view a bug with CVETool's permissions. 2018-06-24 14:14:03 @K_F they would see the assignment while preparing the GLSA 2018-06-24 14:14:13 @ChrisADR_mobile They should see the boilerplate text, both in command line and web interface 2018-06-24 14:14:33 @K_F right, but that still leaks the application 2018-06-24 14:14:45 @ChrisADR_mobile No they don't, if the GLSA is marked as private, they can't see anything 2018-06-24 14:14:49 @b-man I am still not following how this would expose anything, sorry. 2018-06-24 14:15:04 @K_F they would see the bug assigned for the CVE in cvetool 2018-06-24 14:15:06 @b-man As ChrisADR_mobile just said the GLSA would be marked private. 2018-06-24 14:15:19 @b-man Right, but that text will be boilerplate as many texts are. 2018-06-24 14:15:22 @ChrisADR_mobile Without private permission no 2018-06-24 14:15:45 @ChrisADR_mobile I tested that with yury 2018-06-24 14:16:02 @ChrisADR_mobile That only see public stuff, both in web and cli 2018-06-24 14:16:10 @K_F but might not be much of an issue ultimately 2018-06-24 14:16:25 @ChrisADR_mobile The thing is that we have to mark it as private while working on it 2018-06-24 14:16:59 @b-man So, given that are you comfortable K_F/ 2018-06-24 14:17:03 @b-man ? 2018-06-24 14:17:13 @ChrisADR_mobile Besides, right now, the only member who would have that priv is Irishluck83 2018-06-24 14:17:37 @K_F we can always try it out for a bit anyways.. and get some more experience with it 2018-06-24 14:17:38 * sokan here 2018-06-24 14:17:40 @ChrisADR_mobile We can make him sign the disclosure agreement earlier, and test with him both interfaces 2018-06-24 14:17:52 @b-man Perfect. 2018-06-24 14:17:58 @ChrisADR_mobile Right, sounds good to me 2018-06-24 14:18:11 @b-man I will request his permissions following the meeting. 2018-06-24 14:18:33 @K_F that we set ourselves 2018-06-24 14:18:42 @ChrisADR_mobile Ok so, just to make it official, please vote in the permission change 2018-06-24 14:18:52 @b-man This will also allow us to tweak any permission models during testing 2018-06-24 14:19:04 * ChrisADR_mobile yes 2018-06-24 14:19:08 * b-man yes 2018-06-24 14:19:09 * K_F yes 2018-06-24 14:19:14 @ChrisADR_mobile Ok perfect 2018-06-24 14:19:33 @ChrisADR_mobile I'll work on that change in the next weeks, hopefully it's not that complicated 2018-06-24 14:19:56 @b-man I have already started looking at it and I don't believe it will be 2018-06-24 14:19:57 @ChrisADR_mobile Ok, moving on to next topic... 2018-06-24 14:20:05 @ChrisADR_mobile Great!! 2018-06-24 14:20:27 @b-man Welcome to the new scouts: 2018-06-24 14:20:50 domhnall o/ 2018-06-24 14:21:03 @ChrisADR_mobile Ahhhhh right :) 2018-06-24 14:21:04 Irishluck83 yep welcome scouts 2018-06-24 14:21:20 @ChrisADR_mobile Welcome fresh meat \o/ 2018-06-24 14:21:49 @b-man For all the new scouts: if you PM K_F your mailing address he will send you free cigars 2018-06-24 14:21:58 @ChrisADR_mobile Since sokan and MyNt1a are here already, and they requested formally to join the team a while back 2018-06-24 14:22:14 @b-man :-P 2018-06-24 14:22:26 MyNt1a o/ 2018-06-24 14:22:26 @ChrisADR_mobile I was thinking I'd time to assign them their mentors 2018-06-24 14:23:48 @ChrisADR_mobile So K_F, you and Whissi are the closest devs around them... How are your schedules? 2018-06-24 14:23:59 sokan \ο 2018-06-24 14:24:10 @K_F hectic 2018-06-24 14:24:12 @ChrisADR_mobile Well... Busy as always, but any chance to add one more task? 2018-06-24 14:24:16 @ChrisADR_mobile Hehe 2018-06-24 14:24:29 domhnall ChrisADR_mobile: mentors are assigned now? 2018-06-24 14:24:45 @b-man domhnall: We are just checking availability. 2018-06-24 14:24:52 domhnall oh 2018-06-24 14:24:55 @ChrisADR_mobile Well, they have requested and being working for a while 2018-06-24 14:25:10 @b-man MyNt1a: domhnall, where are you located? 2018-06-24 14:25:12 @ChrisADR_mobile So, meetings are a good time to see availability 2018-06-24 14:25:13 @b-man !time MyNt1a 2018-06-24 14:25:13 willikins b-man: I don't know where MyNt1a is, (s)he should use !time set / to let me know 2018-06-24 14:25:15 MyNt1a germany 2018-06-24 14:25:16 @b-man !time domhnall 2018-06-24 14:25:16 willikins b-man: I don't know where domhnall is, (s)he should use !time set / to let me know 2018-06-24 14:25:36 @ChrisADR_mobile MyNt1a: is Germany, domhnall USA right? 2018-06-24 14:25:37 domhnall !time America/New_York 2018-06-24 14:25:37 willikins domhnall: America - New York - Sun Jun 24 15:25 EDT 2018-06-24 14:25:57 @b-man I can mentor domhnall if he would like 2018-06-24 14:26:20 @ChrisADR_mobile domhnall: thoughts? 2018-06-24 14:26:22 @K_F sounds good.. I can mentor MyNt1a 2018-06-24 14:26:35 @ChrisADR_mobile MyNt1a: thoughts? 2018-06-24 14:26:44 MyNt1a would be great :D 2018-06-24 14:27:20 @ChrisADR_mobile Well then, sokan would be between me and Whissi, and our last scout for the other one 2018-06-24 14:27:23 domhnall b-man: honored and i accept. 2018-06-24 14:27:44 @b-man Well, that settles that. I will update the wiki following the meeting 2018-06-24 14:27:57 sokan ChrisADR_mobile: sure thing, and thanks :) 2018-06-24 14:28:00 @ChrisADR_mobile Thanks b-man 2018-06-24 14:28:33 @ChrisADR_mobile Yes, let's wait Whissi to see that and according to that we'll add all scouts and mentors :) 2018-06-24 14:28:44 @b-man ChrisADR_mobile: ? 2018-06-24 14:28:55 * zlogene passes around 2018-06-24 14:28:57 @ChrisADR_mobile No no, that was for sokan 2018-06-24 14:29:02 @b-man ok 2018-06-24 14:29:02 @ChrisADR_mobile b-man: 2018-06-24 14:29:26 @ChrisADR_mobile Hi zlogene :) do you want a scout? :p 2018-06-24 14:29:38 domhnall b-man: should you be absent, who would i difer questions to? 2018-06-24 14:30:01 @zlogene ChrisADR_mobile: what do you mean I do not follow?:p 2018-06-24 14:30:09 @b-man domhnall: for you and all the scouts/padawans/ninjas always feel free to ask questions in the main channel. It will also ensure you get a timely answer. 2018-06-24 14:30:33 @ChrisADR_mobile We are assigning mentors :p would you like a mentee scout? 2018-06-24 14:30:58 @b-man domhnall: This is also why we try to ensure matches are done by timezones. 2018-06-24 14:31:15 @ChrisADR_mobile That leaves the floor open, any other stuff? 2018-06-24 14:31:22 @zlogene ChrisADR_mobile: no, I am pretty feed up with teaching people being the recruiter :p 2018-06-24 14:31:46 @ChrisADR_mobile Hahaha ohhhh :( well worth the effort :) 2018-06-24 14:31:46 @b-man ChrisADR_mobile: zlogene is a Gentoo recruiter as well 2018-06-24 14:32:46 @ChrisADR_mobile Ok then, for the first time... This was a nice and short meeting \o/ 2018-06-24 14:32:57 * ChrisADR_mobile bangs the gavel 2018-06-24 14:32:57 sokan this it it? o.O 2018-06-24 14:33:00 @K_F :) 2018-06-24 14:33:04 @ChrisADR_mobile Thank you all!! 2018-06-24 14:33:11 @b-man damn 2018-06-24 14:33:15 @b-man I had a open floor thing 2018-06-24 14:33:20 sokan ... 2018-06-24 14:33:25 Irishluck83 nice. nice and quick. i still thing padawans should be ninjas. :) 2018-06-24 14:33:25 sokan that was fast :D 2018-06-24 14:33:28 @ChrisADR_mobile Oh, rewind then 2018-06-24 14:33:29 domhnall b-man: a dance move? 2018-06-24 14:33:36 @b-man domhnall: Only on Friday's 2018-06-24 14:33:41 sokan nooo. no ninjga. add sith lords :D 2018-06-24 14:33:42 Irishluck83 *think 2018-06-24 14:33:58 @ChrisADR_mobile Ok, no open floor stuff then? 2018-06-24 14:34:01 @b-man Yes, 2018-06-24 14:34:04 @b-man I am typing 2018-06-24 14:34:09 @ChrisADR_mobile Cool :) 2018-06-24 14:34:31 sokan so ChrisADR_mobile I can easily spam you questions now with no remorse eh? :P 2018-06-24 14:34:32 @b-man I wanted to begin the discussion of slacker marks or something similair to that for security team 2018-06-24 14:35:06 @ChrisADR_mobile That'd reduce significantly the team hehe 2018-06-24 14:35:13 @ChrisADR_mobile What do you propose? 2018-06-24 14:35:39 @b-man Nothing solid yet, but I wanted to begin the discussions. I will send a mail with some rough ideas. 2018-06-24 14:35:42 @K_F I'm not really a fan of that, if we're worried about activity we can always deal with that on case-by-case basis, but slacker mark doesn't sound useful 2018-06-24 14:36:15 @ChrisADR_mobile Well, prepare the email, and sure, we can begin discussion and see 2018-06-24 14:36:25 @b-man K_F: That could work too. I am not sold on the "slacker" marks piece. Just using it as an example to communicate what I am thinking. 2018-06-24 14:36:44 @b-man I see a lot of folks as sec members who don't do anything :) 2018-06-24 14:36:54 @ChrisADR_mobile Yea, it may be interesting topic to discuss 2018-06-24 14:37:18 @K_F yeah, the broader topic is more interesting to discuss 2018-06-24 14:37:25 @ChrisADR_mobile But that's for the next meeting if the mail is sent ;) 2018-06-24 14:37:44 * ChrisADR_mobile prepares the gavel again 2018-06-24 14:38:00 * b-man plugs his ears 2018-06-24 14:38:03 * ChrisADR_mobile waits a couple of secs 2018-06-24 14:38:15 * ChrisADR_mobile bangs again :)