From Fedora Project Wiki
Roll Call
- Board Members: Paul Frields, Seth Vidal, Chris Aillon, Chris Tyler, Jesse Keating, Matt Domsch, Bill Nottingham, Harald Hoyer, Dimitris Glezos, Spot Callaway
- Secretary: Paul Frields (filling in for John Poelstra, sadly missed)
Involvement of the Board in Future Security Incidents
- Topic proposed by Dimitris Glezos (2009-02-03)
- Should the board be notified in the instance of future events?
- Several noted that Mike McGrath is working on security policy as part of the CSI (Community Services Infrastructure) documentation, and security policy, including incident reporting, is part of that set of docs
- pfrields: Mike was unavailable because of prior conflicts but we can invite him to next available call
- glezos: response in this matter continues to affect our community image
- How do we deal with this next time? What needs to change? Answering these questions clearly is of key importance
- notting: As said, 'security policy, including incident reporting, is part of that set of docs' - "how we deal with this" is the goal of the document.
- glezos: The way we dealt with the incident affected and affects Fedora's image
- This is somewhat of a crisis management issue
- discuss with Mike:
- servers co-located with RH in PHX -- have policy in place that addresses them
- servers outside any RH-owned colo -- have Fedora (& Board) be most accountable
- strategy for increasing server location on which Fedora (& Board) can be most accountable
- notting: fundamental conflict with budget - we're unlikely to get tens of terabytes of storage in multiple GEOs randomly donated
- pfrields: timeline for community expectations
- glezos: basis to expand services to other places, i.e. move away from colo's?
- mdomsch: PHX and other colo's provide a high degree of service that are hard to get elsewhere
- skvidal: Because RHEL is downstream of Fedora, if we have reason to believe there's risk to Fedora, Red Hat is a natural stakeholder
- spot: No reason we couldn't give Red Hat a timeline for our announcements
- glezos: Can we at least ensure Board has a seat at the table in any decision making?
- spot: If we go beyond the borders of Fedora, the situation generally demands NDAs
NEXT ACTIONS:
- Invite Mike McGrath on list and at 2009-04-14 meeting, to discuss his thoughts, status of an incident reporting policy, and target completion date for written policy
- Once ready, have Mike present the policy to Board for discussion
Contributions from Embargoed Nations
- Topic proposed by Paul Frields
- Paul and Spot are consulting with Red Hat legal and discussions continue
- Long discussion about speculations on what exactly the law requires and how it ties our hands in many ways (all Board members contributed)
- Ongoing discussions on what is allowed to be used from upstream servers, and how Fedora cannot police upstream projects
- Translations a good example of universal, non-code bits
- Overall, Board continues to desire a fair policy for all potential contributors
NEXT ACTIONS:
- Spot and Paul to report back with more information as it becomes available.
What is Fedora
- Continuing discussion centered around the Four Foundations
- Are there values currently reflected in Fedora that are not captured by the Four Foundations?
- Request that the board offers feedback on the wiki pages by 2009-03-22
- Planned progression is:
- Mission Statement (done)
- Core Values (done)
- Vision Statements (in progress)
- Core values have been agreed upon in Foundations page
- mdomsch: comment on discussion page, edit in as appropriate
- pfrields: Next, take ideas from Objectives, combine and/or flesh them out as needed, to provide rationale for decision making by Board
- This will help community members in cases where the Board has to take a position of supporting certain initiatives
- mdomsch, pfrields: Basic rule: contributors should always be empowered to try new things, even if they don't fall under the Fedora umbrella
NEXT ACTIONS:
- Paul to start ball rolling with email that takes a bite-sized chunk of page, suggests changes, and sets deadline.
- Board members to respond with discussion.