From Fedora Project Wiki

Fedora Project Board Meeting :: Tuesday 2008-08-26

Roll Call

  • Attendees: John Poelstra, Paul Frields, Jesse Keating, Matt Domsch, Jef Spaleta, Bill Nottingham, Chris Tyler, Karsten Wade, Spot Callaway, Seth Vidal
  • Regrets: Harald Hoyer

Discussion About Incident Handling

  • Could other groups have been brought into knowledge of the incident earlier?
  • Could the Fedora Board have been notified or kept in the loop better?
    • Would probably require signed NDAs which most are not in favor of
  • Event was complicated by co-announcement made by Red Hat
  • Ongoing tension between Fedora being able to act independently and Red Hat being liable for Fedora's actions
  • Could Community Architecture Group be involved earlier to help facilitate communication?
  • Don't want to get into a situation where every Fedora decision or announcement has to be vetted through Red Hat executive levels
  • Create a predefined flow-chart or decision tree that explains steps that we will take in similar situations
    • one potential flow through could be Red Hat Legal
    • get advanced agreement from all parties involved
    • include time limits where appropriate to speed up the response time and make the decision work flow more efficient.
    • standardize types of messages that should be published and how often
    • one path might be the necessity of shutting down the entire infrastructure--would need to enable the ability to efficiently do that if not already present
    • Cross-link to established industry security standards
    • one condition of agreeing to process flow is that actions could be initiated without requiring constant sign-off which is the intention behind advanced agreement
  • FESCo to discuss proposal from release engineering about updating package signing keys on Wednesday (2008-08-27) at 18:00 UTC: http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001614.html
    • board members should be aware of and attend as appropriate

Next Meetings

  • No board meeting on September 2, 2008--follows holiday weekend and some people are away
  • Move IRC and Board Q&A meeting to September 9, 2008
  • Next regular board meeting September 16, 2008