Skip to end of banner
Go to start of banner

2023-07-17 Meeting notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Date

Attendees

NamePresent

Craig McNally 

Y
Julian Ladisch 
Y

Axel Dörrer 

Y
Ryan Berger 

Chris Rutledge 


Jakub Skoczen 


John Coburn 

Skott Klebe 

Y


Discussion items

TimeItemWhoNotes
*Disclosure/notification of embargoed security vulnerabilitiesTeam

What types of notifications are required?

  1. Prior notice to system operators giving advanced notice that a critical vulnerability has been identified and a fix is being worked on.  It's advised that the issue is patched ASAP once the release has been made available (with some expected release date).
    1. No details of the vulnerability should be included in this notification!
  2. A notice to system operators stating that a release is available and should be applied ASAP
    1. Includes information about the release and the associated risk, but not the vulnerability or how to exploit it
  3. To be continued due to lack of time.

Who gets the initial notice #1 above?

  • SysOps SIG mailing list?
  • OLF members?
  • #SysOps slack channel?

Action items

  •  


  • No labels