/
2023-07-17 Meeting notes

2023-07-17 Meeting notes

Owned by Craig McNally
Last updated: Jul 17, 2023

Date

Attendees

NamePresent

Craig McNally 

Y
Julian Ladisch 
Y

Axel Dörrer 

Y
Ryan Berger 

Chris Rutledge 


Jakub Skoczen 


John Coburn 

Skott Klebe 

Y


Discussion items

TimeItemWhoNotes
*Disclosure/notification of embargoed security vulnerabilitiesTeam

What types of notifications are required?

  1. Prior notice to system operators giving advanced notice that a critical vulnerability has been identified and a fix is being worked on.  It's advised that the issue is patched ASAP once the release has been made available (with some expected release date).
    1. No details of the vulnerability should be included in this notification!
  2. A notice to system operators stating that a release is available and should be applied ASAP
    1. Includes information about the release and the associated risk, but not the vulnerability or how to exploit it
  3. To be continued due to lack of time.

Who gets the initial notice #1 above?

  • SysOps SIG mailing list?
  • #SysOps slack channel?

TODO:  

  • Craig McNally will check in with Oleksii P. to see if we can nail down a date for release
  • Craig McNally (or whoever gets to it first) to pull together a rough draft of the message w/ placeholder for release availablility.

Action items

  •  


Related content