From Fedora Project Wiki

 
(14 intermediate revisions by 8 users not shown)
Line 20: Line 20:
* [[User:Amitshah | Amit Shah]]
* [[User:Amitshah | Amit Shah]]
* [[User:NirupamaK | Nirupama Karandikar]]
* [[User:NirupamaK | Nirupama Karandikar]]
* [[User:Samxan | Samikshan Bairagya]]
* [[User:Anisha | Anisha Narang]]
* [[User:Kushal | Kushal Das]]
{{admon/note | Note | Feel free to add your name here}}
{{admon/note | Note | Feel free to add your name here}}


Line 25: Line 28:


* We will start with a basic introduction to [https://fedoraproject.org/wiki/Security_Team#Get_involved Fedora Security] by [[User:Pjp | P J P]] and then go on to the process we follow etc [Approx 30-40 mins]
* We will start with a basic introduction to [https://fedoraproject.org/wiki/Security_Team#Get_involved Fedora Security] by [[User:Pjp | P J P]] and then go on to the process we follow etc [Approx 30-40 mins]
* We will then look at the list of flaws which are open and then pick ones we want to pursue. -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords open issues]
* We will then look at the list of flaws which are open and then pick ones we want to pursue. -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security&keywords_type=allwords open issues]
* Rest of the day goes into actually working on them and figuring out if they can be fixed.
* Rest of the day goes into actually working on them and figuring out if they can be fixed.
* The owner of those flaws will continue pursing those flaws after the FAD and ensure they get a proper resolution.
* The owner of those flaws will continue pursing those flaws after the FAD and ensure they get a proper resolution.
* Follow progress on etherpad here http://piratepad.net/SecurityFADPune


==Useful links==
==Useful links==
Line 34: Line 38:
==Status==
==Status==


Proceedings from the Fedora Activity Day on Security:


https://fedoraproject.org/wiki/FAD_Pune_Security_1
Triaging bugs at
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security&keywords_type=allwords&list_id=2966595
Bugs without FST owners:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security&keywords_type=allwords&list_id=2966620&query_format=advanced&status_whiteboard=fst_owner&status_whiteboard_type=notregexp
Please ensure you put your FAS name in the whiteboard of the bugs you are modifying / looking at.  Format is "fst_owner=<fasname>" in the Whiteboard.
Siddhesh
    https://bugzilla.redhat.com/show_bug.cgi?id=721103
    https://bugzilla.redhat.com/show_bug.cgi?id=736321
    https://bugzilla.redhat.com/show_bug.cgi?id=751889
    https://bugzilla.redhat.com/show_bug.cgi?id=741267
    https://bugzilla.redhat.com/show_bug.cgi?id=741268
    https://bugzilla.redhat.com/show_bug.cgi?id=808305
    https://bugzilla.redhat.com/show_bug.cgi?id=891035
    https://bugzilla.redhat.com/show_bug.cgi?id=891034
Niranjan
    https://bugzilla.redhat.com/show_bug.cgi?id=1063672 [Set NeedInfo Flag]
    https://bugzilla.redhat.com/show_bug.cgi?id=1063673 [Set NeedInfo]
    https://bugzilla.redhat.com/show_bug.cgi?id=958642
    https://bugzilla.redhat.com/show_bug.cgi?id=958640
PraveenKumar
    https://bugzilla.redhat.com/show_bug.cgi?id=1139625
    https://bugzilla.redhat.com/show_bug.cgi?id=1141310
    https://bugzilla.redhat.com/show_bug.cgi?id=1141314
    https://bugzilla.redhat.com/show_bug.cgi?id=1026280
    https://bugzilla.redhat.com/show_bug.cgi?id=1026281
    https://bugzilla.redhat.com/show_bug.cgi?id=998783
    https://bugzilla.redhat.com/show_bug.cgi?id=1113529
    https://bugzilla.redhat.com/show_bug.cgi?id=1113528
Amit
    https://bugzilla.redhat.com/show_bug.cgi?id=889305
    https://bugzilla.redhat.com/show_bug.cgi?id=1086776
PJP
    https://bugzilla.redhat.com/show_bug.cgi?id=864897
    https://bugzilla.redhat.com/show_bug.cgi?id=782620
    https://bugzilla.redhat.com/show_bug.cgi?id=838162
    https://bugzilla.redhat.com/show_bug.cgi?id=851773
    https://bugzilla.redhat.com/show_bug.cgi?id=887451
Siddharth
    https://bugzilla.redhat.com/show_bug.cgi?id=1031501 [ CVE-2013-6800 / Closed fixed in f19 krb5-1.11.3 ]
    https://bugzilla.redhat.com/show_bug.cgi?id=1122813 [ CVE-2014-5044 / Needinfo / seems fixed in gcc-4.8.3-7.fc20 ]
    https://bugzilla.redhat.com/show_bug.cgi?id=1158524 [ CVE-2014-8355 / Shared Upstream Fix / ? needinfo ]
    https://bugzilla.redhat.com/show_bug.cgi?id=1158520 [ CVE-2014-8354 / Shared Upstream Fix / ? needinfo ]
    https://bugzilla.redhat.com/show_bug.cgi?id=1035578 [ CVE-2013-6404 / fixed in https://admin.fedoraproject.org/updates/FEDORA-2014-11549/quassel-0.11.0-1.fc20 ]
    https://bugzilla.redhat.com/show_bug.cgi?id=1156420 [ CVE-2014-8483 / upstream fix / ? needinfo ]
Kushal
* https://bugzilla.redhat.com/show_bug.cgi?id=1061148
Chandankumar
    https://bugzilla.redhat.com/show_bug.cgi?id=1115517
Samikshan
    https://bugzilla.redhat.com/show_bug.cgi?id=1128152


==Blogs and Reports==
==Blogs and Reports==


 
* http://journal.siddhesh.in/posts/fedora-activity-day-at-pune-towards-a-more-secure-fedora.html
* http://kumar-pravin.blogspot.com/2014/11/fedora-activity-day-fad-on-security.html
* http://log.amitshah.net/2014/11/fedora-activity-day-security-i/
* http://kushaldas.in/posts/fedora-security-fad-on-1st-nov.html
* https://pjps.wordpress.com/2014/11/09/report-fad-1-nov-2014-theme-security/
* http://anishanarang.wordpress.com/2014/11/12/fedora-activity-day-security-pune/


==Photos==
==Photos==


 
[[File:Fad-photo-siddhesh.jpg|thumb|Hacking away at the bug list]]
[[File:Security-fad.jpg|thumb]]




[[Category:Events 2014]] [[Category:FAD]]
[[Category:Events 2014]] [[Category:FAD]]

Latest revision as of 15:10, 12 November 2014


When and Where

On Sat, 1st Nov 2014, 09:30 - 17:00 hrs in room "Sinhagad" on Level 1 at the Red Hat Pune office.

This Fedora Activity Day is aimed at collaborative triage and fixing of Fedora Security tracking bugs. It is meant for Existing Fedora contributors or folks who want to start contributing in a useful way (not just attend a FAD and then disappear). More details below.

Note:- maximum capacity for the day is about 25 participants.

Attendees

Note.png
Note
Feel free to add your name here

Activities

  • We will start with a basic introduction to Fedora Security by P J P and then go on to the process we follow etc [Approx 30-40 mins]
  • We will then look at the list of flaws which are open and then pick ones we want to pursue. -> open issues
  • Rest of the day goes into actually working on them and figuring out if they can be fixed.
  • The owner of those flaws will continue pursing those flaws after the FAD and ensure they get a proper resolution.
  • Follow progress on etherpad here http://piratepad.net/SecurityFADPune

Useful links

Status

Proceedings from the Fedora Activity Day on Security:

https://fedoraproject.org/wiki/FAD_Pune_Security_1

Triaging bugs at

https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security&keywords_type=allwords&list_id=2966595

Bugs without FST owners:

https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security&keywords_type=allwords&list_id=2966620&query_format=advanced&status_whiteboard=fst_owner&status_whiteboard_type=notregexp

Please ensure you put your FAS name in the whiteboard of the bugs you are modifying / looking at. Format is "fst_owner=<fasname>" in the Whiteboard.

Siddhesh

   https://bugzilla.redhat.com/show_bug.cgi?id=721103
   https://bugzilla.redhat.com/show_bug.cgi?id=736321
   https://bugzilla.redhat.com/show_bug.cgi?id=751889
   https://bugzilla.redhat.com/show_bug.cgi?id=741267
   https://bugzilla.redhat.com/show_bug.cgi?id=741268
   https://bugzilla.redhat.com/show_bug.cgi?id=808305
   https://bugzilla.redhat.com/show_bug.cgi?id=891035
   https://bugzilla.redhat.com/show_bug.cgi?id=891034

Niranjan

   https://bugzilla.redhat.com/show_bug.cgi?id=1063672 [Set NeedInfo Flag]
   https://bugzilla.redhat.com/show_bug.cgi?id=1063673 [Set NeedInfo]
   https://bugzilla.redhat.com/show_bug.cgi?id=958642
   https://bugzilla.redhat.com/show_bug.cgi?id=958640

PraveenKumar

   https://bugzilla.redhat.com/show_bug.cgi?id=1139625
   https://bugzilla.redhat.com/show_bug.cgi?id=1141310
   https://bugzilla.redhat.com/show_bug.cgi?id=1141314
   https://bugzilla.redhat.com/show_bug.cgi?id=1026280
   https://bugzilla.redhat.com/show_bug.cgi?id=1026281
   https://bugzilla.redhat.com/show_bug.cgi?id=998783
   https://bugzilla.redhat.com/show_bug.cgi?id=1113529
   https://bugzilla.redhat.com/show_bug.cgi?id=1113528

Amit

   https://bugzilla.redhat.com/show_bug.cgi?id=889305
   https://bugzilla.redhat.com/show_bug.cgi?id=1086776

PJP

   https://bugzilla.redhat.com/show_bug.cgi?id=864897
   https://bugzilla.redhat.com/show_bug.cgi?id=782620
   https://bugzilla.redhat.com/show_bug.cgi?id=838162
   https://bugzilla.redhat.com/show_bug.cgi?id=851773
   https://bugzilla.redhat.com/show_bug.cgi?id=887451

Siddharth

   https://bugzilla.redhat.com/show_bug.cgi?id=1031501 [ CVE-2013-6800 / Closed fixed in f19 krb5-1.11.3 ]
   https://bugzilla.redhat.com/show_bug.cgi?id=1122813 [ CVE-2014-5044 / Needinfo / seems fixed in gcc-4.8.3-7.fc20 ]
   https://bugzilla.redhat.com/show_bug.cgi?id=1158524 [ CVE-2014-8355 / Shared Upstream Fix / ? needinfo ]
   https://bugzilla.redhat.com/show_bug.cgi?id=1158520 [ CVE-2014-8354 / Shared Upstream Fix / ? needinfo ]
   https://bugzilla.redhat.com/show_bug.cgi?id=1035578 [ CVE-2013-6404 / fixed in https://admin.fedoraproject.org/updates/FEDORA-2014-11549/quassel-0.11.0-1.fc20 ]
   https://bugzilla.redhat.com/show_bug.cgi?id=1156420 [ CVE-2014-8483 / upstream fix / ? needinfo ]

Kushal

* https://bugzilla.redhat.com/show_bug.cgi?id=1061148

Chandankumar

   https://bugzilla.redhat.com/show_bug.cgi?id=1115517

Samikshan

   https://bugzilla.redhat.com/show_bug.cgi?id=1128152

Blogs and Reports

Photos

Hacking away at the bug list
Security-fad.jpg