By David Jardin on 2019-04-30 08:22 in Security Strike Team

Time: Monday, 29th of April 2019, 7pm UTC
Attendees: David, Tobias, Harald, Beat, Benjamin, Joel, Michael (joined after topic no 1)


Elections
David’s and Tobias’ terms as Team Lead and Co Team Lead have ended, a new election has been held during the meeting.
Motions
Making Tobias the assistant team lead: 5 yes, 1 abstain
Making David the team lead: 4 yes, 1 no, 1 abstain

Currently open issues / 3.9
- Redacted Content -

GPG Key Rotation
As Phil Taylor was one of our GPG key holders and has left the team, we had to rotate our GPG key. The old key has been revoked, a new keypair has been generated and signed with the revoked key. They new public key is published: https://developer.joomla.org/security/gpg-keys.html

Budget 2019/2020
The process for the next budget has started, JSST requested funds for:
A team sprint, primarily focused on prepared statements (6000 USD)
Funds to start a bug bounty program (20000 USD)

RIPS for JED
David has reached out to the JED team and suggest to utilize RIPS as part of JED checker to tackle the problem of insecure extensions. JED requested a budget for this.

- Redacted Topic -

2fa Enforcement in Github
David suggests to enforce 2fa in the Joomla Github organization. David is going to escalate the question to the next department lead meeting.