Meeting Agenda for 2024-07-26

dfh · July 12, 2024, 10:10pm

Here’s the Agenda for 2024-07-26T19:00:00Z's meeting (most topics repurposed from 2024-07-12 meeting due to low participation:

Additional agenda items
@dfh: Update emails project, next steps
Via @aidalgol Should Aux Security be capable of handling embargo updates? What are the concequences of that decision?
@dfh Short recap of thoughts around OpenSSH vuln
@dfh Update on secrets project
Any other business

Unfinished discussions points from past calls

Brainstorming: Auxolotls security story Brainstorming: Auxolotls security story
Wording the “Mission” section in the COMSEC wiki - https://wiki.auxolotl.org/en/contributing/sigs-and-committees/security/aux-security-team

Call will be at the same place as always
Here is the link for the agenda/minutes

dfh · July 16, 2024, 2:20pm

Should we add/ enforce commit signing for auxolotl/security e.g. #1 - Add meeting notes location - auxolotl/security - Auxolotl Forge?

jakehamilton · July 17, 2024, 3:28am

I generally recommend commit signing, but one thing to remember when requiring it is that CI may need to commit as well which requires additional key management. Some processes may run into trouble with that.

dfh · July 19, 2024, 7:17pm

What’s the “problem” or risk that you address by using signing?

The reason I’m asking that I personally believe we should not use security features for the sake of security, but for the sake of actually solving problems.
Wording the problem IMO also helps with the question if that’s the best solution

dfh · July 19, 2024, 7:20pm

I’m re-purposing the agenda for the 26th of July since no-one showed.

@committee_security Please speak up if the new times don’t work for you.
I would love to make regular team meetings work as well as SIGDOCS…