JSST Meeting Report (2020-04)

By Tobias Zulauf on 2020-11-20 23:37 in Security Strike Team

Time: Tuesday, 03th of November 2020, 5pm UTC - 6pm UTC Attendees: David Jardin, Tobias Zulauf MITRE / CNA We have been accepted as CNA by MITRE and prepared a Press Release that is currently pending and waiting for approval from MITRE. JSST / Webmasters Cooperation Process The JSST and the Webmasters now formally wrote down the Cooperation Process between the two teams. Nothing is changing in terms of what we do but it is now written down and documented. Now we are awaiting the Webmasters...

Read more: JSST Meeting Report (2020-04)

JSST Sprint report 2020 (10.2020)

By Tobias Zulauf on 2020-10-25 14:29 in Security Strike Team

Times: Saturday, 24th of October 2020, 10am (UTC +2) - 6pm UTC (UTC +2) Sunday, 25th of October 2020, 10am (UTC +1) - 4pm (UTC +1) Attendees: David Jardin, Benjamin Trenkle, Harald Leithner, Tobias ZulaufLocation: Google Meet CNA / CVE StatusWe discussed the current status of the CNA approval process as well as the process changes required after becoming an CNA. This includes the updates and feedback that was requested by the MITRE after our onboarding meeting at 20.10.2020. JSST...

Read more: JSST Sprint report 2020 (10.2020)

Third JSST Meeting report 2020 (2020-03)

By Tobias Zulauf on 2020-07-04 08:07 in Security Strike Team

Time: Tuesday, 30th of June 2020, 5pm UTC - 6pm UTCAttendees: David Jardin, Claire Mandville, Tobias Zulauf CMS Security Summit: The Update Framework (TUF)Kickoff-meeting for a cross-CMS signed-update initiative happened with Drupal and TYPO3 folks. Two code sprints (serverside- and clientside) for a PHP implementation of TUF are being scheduled. Default password policy for the CMS (internal RFC)Internal feedback has been good so far; The suggestion for a new default password policy for 4.x...

Read more: Third JSST Meeting report 2020 (2020-03)

Second JSST Meeting report 2020 (2020-02)

By Tobias Zulauf on 2020-06-21 08:48 in Security Strike Team

Time: Tuesday, 16th of June 2020, 5pm UTC - 6pm UTC Attendees: David Jardin, George Wilson, Tobias Zulauf   CMS Security Summit: The Update Framework (TUF) Following the last report there has now been an coordinated date for the initial PHP-TUF meeting an invite has been sent to the involved people.   Default password policy for the CMS (internal RFC) As documented in the public issue tracker (see joomla/joomla-cms#29476), we have either no default password policy at all or a...

Read more: Second JSST Meeting report 2020 (2020-02)

First informal JSST Meeting 2020 (2020-01)

By Tobias Zulauf on 2020-05-23 05:55 in Security Strike Team

Meeting Notes about the first informal JSST Meeting 2020 (2020-01) Time: Monday, 19th of May 2020, 5pm UTC - 6pm UTC Attendees: Benjamin Trenkle, Claire Mandville, George Wilson, Tobias Zulauf About this new meeting format for the JSST Meeting This meeting is intended to be an informal meeting only so the JSST leadership can update the team on ongoing things and current reports can be discussed. As well as the JSST Members can bring in topics they want to discuss with the team. This...

Read more: First informal JSST Meeting 2020 (2020-01)

Meeting Notes May 2019

By David Jardin on 2019-04-30 08:22 in Security Strike Team

Time: Monday, 29th of April 2019, 7pm UTCAttendees: David, Tobias, Harald, Beat, Benjamin, Joel, Michael (joined after topic no 1)ElectionsDavid’s and Tobias’ terms as Team Lead and Co Team Lead have ended, a new election has been held during the meeting. MotionsMaking Tobias the assistant team lead: 5 yes, 1 abstainMaking David the team lead: 4 yes, 1 no, 1 abstainCurrently open issues / 3.9- Redacted Content -GPG Key RotationAs Phil Taylor was one of our GPG key holders and has left the...

Read more: Meeting Notes May 2019

Team Sprint, May 2018

By David Jardin on 2018-05-22 14:44 in Security Strike Team

Joomla Security Team Sprint, Cologne, May 2018 Date: 14th - 16th May 2018 Location: Cologne (after JAB) Participants: David Jardin (TL), Tobias Zulauf (ATL), Benjamin Trenkle, Demis Palma, George Wilson, Harald Leithner, Junanto van der Veen, Yves Hoppe   The team had it’s very first in-person codesprint in Cologne, following the international J&Beyond conference. Besides some implicit team building that just naturally happened while spending time together, we also tackled 3...

Read more: Team Sprint, May 2018

Meeting Notes May 2017

By David Jardin on 2017-05-04 12:05 in Security Strike Team

Standard Operating Procedures: Action items from the last meeting have not been completed yet, moving to the next meeting. Assistant Team Lead: Tobias has been elected as the Assistant Team Lead of the JSST. Trimming the team to active contributors: As discussed during the last meeting, David asked a number of rather inactive team members how they see their current and future involvement and received three sorts of feedback: a) "I'm monitoring what's happening" b) "You are right, I'll...

Read more: Meeting Notes May 2017

Meeting Notes February 2017

By David Jardin on 2017-02-21 10:14 in Security Strike Team

Standard Operating Procedures: The current draft of the procedures is on a good way, but still some important sections are missing: Team scope (David) CVE process (David) Onboarding (Yves) Offboarding (Yves) GPG key gets compromised (Phil) Once we have those sections, we can improve and approve the document at the next meeting. Afterwards, we can discuss where to archive and version the document. Pro-active review of new 3.7 features: David will create a doc with a list of files from...

Read more: Meeting Notes February 2017

Team Lead Vote, Team Workflow Updates

By Private Profile 2acc0fde on 2016-11-17 21:12 in Security Strike Team

In accordance with the Transition Team's directive, the JSST voted to confirm its team lead in accordance with the new project structure voted in May 2015.  Of 18 active team members, 15 entered votes and Michael Babker was unanimously selected as the team lead.  Voting was conducted from November 5 to November 8.  Additional roles will be voted on and filled to satisfy all structure requirements at a later date. During the last month, the JSST has been reviewing its internal...

Read more: Team Lead Vote, Team Workflow Updates