By Tobias Zulauf on 2020-07-04 08:07 in Security Strike Team

Time: Tuesday, 30th of June 2020, 5pm UTC - 6pm UTC
Attendees: David Jardin, Claire Mandville, Tobias Zulauf

CMS Security Summit: The Update Framework (TUF)
Kickoff-meeting for a cross-CMS signed-update initiative happened with Drupal and TYPO3 folks. Two code sprints (serverside- and clientside) for a PHP implementation of TUF are being scheduled.

Default password policy for the CMS (internal RFC)
Internal feedback has been good so far; The suggestion for a new default password policy for 4.x is to be enforced in installer for super admin password and used as a default in com_users: min 12 characters, no complexity rules. An PR against 4.0 has been provided by the JSST in the public tracker.

- Redacted Topics -