Fedora Board Recap 2008-AUG-26

John Poelstra poelstra at redhat.com
Wed Sep 3 00:49:11 UTC 2008


https://fedoraproject.org/wiki/Board/Meetings/2008-08-26

== Roll Call ==

* Attendees: John Poelstra, Paul Frields, Jesse Keating, Matt Domsch, 
Jef Spaleta, Bill Nottingham, Chris Tyler, Karsten Wade, Spot Callaway, 
Seth Vidal
* Regrets: Harald Hoyer

== Discussion About Incident Handling ==
* Could other groups have been brought into knowledge of the incident 
earlier?
* Could the Fedora Board have been notified or kept in the loop better?
** Would probably require signed NDAs which most are not in favor of
* Event was complicated by co-announcement made by Red Hat
* Ongoing tension between Fedora being able to act independently and Red 
Hat being liable for Fedora's actions
* Could Community Architecture Group be involved earlier to help 
facilitate communication?
* Don't want to get into a situation where every Fedora decision or 
announcement has to be vetted through Red Hat executive levels
* Create a predefined flow-chart or decision tree that explains steps 
that we will take in similar situations
** one potential flow through could be Red Hat Legal
** get advanced agreement from all parties involved
** include time limits where appropriate to speed up the response time 
and make the decision  work flow more efficient.
** standardize types of messages that should be published and how often
** one path might be the necessity of shutting down the entire 
infrastructure--would need to enable the ability to efficiently do that 
if not already present
** Cross-link to established industry security standards
** one condition of agreeing to process flow is that actions could be 
initiated without requiring constant sign-off which is the intention 
behind advanced agreement
* FESCo to discuss proposal from release engineering about updating 
package signing keys on Wednesday (2008-08-27) at 18:00 UTC: 
http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001614.html
** board members should be aware of and attend as appropriate

== Next Meetings ==
* No board meeting on September 2, 2008--follows holiday weekend and 
some people are away
* Move IRC and Board Q&A meeting to September 9, 2008
* Next regular board meeting September 16, 2008




More information about the fedora-advisory-board mailing list