logo_kerberos.gif

Release Meeting Minutes/2007-12-10

From K5Wiki
Jump to: navigation, search


Attendees:

  • Steve Buckley
  • Sam Hartman
  • Justin Anderson
  • Tom Yu
  • Kevin Koch - today's minute taker
  • Will Fiveash
  • Asanka Herath
  • Ken Raeburn
  • Alexis Ellwood


Will start sending meeting minutes.


3 agenda items from Sam: k5wiki, alleged security vulnerabilities, release status

No other agenda items put forward.


Proposed wiki

SH: No positive votes offline or online; looking for a positive vote now.

KK: Yes,

SB: No.

SB: looks at it as a collaboration tool. Features not available or harder to do in mediawiki.

EG: access control, passwords. Early access to consortium members only. Doesn't want two wikis or some other tool used; one is better.

SH: Other comments have been positive. This is intended to be a development management tool. ~15 minutes to set up. Dangerous to attach ancillary requirements to a project.

KK clarifies: you're talking about Steve's requirements? Yes. How to proceed?

SB: Sizeable budget. Give more thought to finding tools.

KK clarifies: 15 minutes meant low overhead. OK to use specialized tools for specialized jobs.

SH: Strong statement, somewhat agree.

SB/TY: static pages for protected content.

KK asks if there are wikis with password protection?

SH: Yes, but mediawiki has features he wanted. KK: So mediawiki has features you deemed more important?

SH: Yes.

SB: What is decision process?

SH: Not yet decided.

SB: Table?

SH: No, not more rounds.

KK: nothing wrong with specialized tools.

SB: Need a way to deliver to consortium members.

SH: proposes OK except blocking objection from SB.


Gentoo security bugs reported from China

TY: alleged FTP vulnerability; TY asked for details. Yes bug, but irrelevant. Only triggered by modified code. Uninited variable accessible only if AUTH_TYPE string not KERBEROS_V4 or GSSAPI.

SH: Other issues?

TY: Minor bugs. Kdb library - only triggered by fclose failure. Only run by administrator; if fclose failure, you have much bigger problems. Another failure can only happen if malloc failure at exactly the right time. Another with highly unlikely scenario.

TY asked why bugs not reported to Kerberos team first?

Reply was that we didn't respond, then they posted to Gentoo.

SH: need to respond.

TY: We don't consider them worthy of an advisory.


Release status

SH: Accounts for Sun on Daptiv PPM? SB: anything else for them to look at yet?

SH: status? KR, JA need to put in subtasks.

SH to WF: where are we on key<???> Project?

WF: basically nothing; fighting fires, .

SH: waiting on MIT?

WF: No.


Ended at 4:03.