|
| 1 | +# Jupyter Security Bi-weekly Meeting |
| 2 | + |
| 3 | +## June 6, 2023 |
| 4 | + |
| 5 | +| Name | affiliation | username | |
| 6 | +| -------------------| ---------------|------------------| |
| 7 | +| Matthias Bussonnier| Quansight | @carreau | |
| 8 | +| Rick Wagner | UCSD | @rpwagner | |
| 9 | +| Jason Weill | @AWS | @JasonWeill | |
| 10 | +| Joe Lucas | NVIDIA | @josephtlucas | |
| 11 | +| Rollin Thomas | NERSC | @rcthomas | |
| 12 | +| Cory Sherman | U of Wisconsin |. | |
| 13 | + |
| 14 | +* Thoughts from JupyterCon (10 minutes) |
| 15 | + * Security tutorial |
| 16 | + * Joe's excellent demo talk on security |
| 17 | + * - Have helpers do a time check |
| 18 | + - 30 -> 15 -> 10 decrease Attendees. |
| 19 | + - Notebook trust |
| 20 | + - OAuth OIDC with pyiodide. |
| 21 | + - Stack of the interpreter persistence state timeline ? |
| 22 | +* Asset inventory and documenting privileged accounts (30 minutes) |
| 23 | + * Related topics: |
| 24 | + * [Domain name management](https://github.com/jupyter/security/issues/64) for both `mybinder.org` and [`jupyter.org` subdomains](https://github.com/jupyter/enhancement-proposals/blob/master/jupyter-subdomain-for-schemas/proposal.md) (and ipython.org cf cve for mail?) |
| 25 | + * [PyPI org](https://github.com/jupyter/security/issues/61#issuecomment-1526251886) |
| 26 | + * Matthias: Multiple small issues with orgs that might need to likely eb resolved first. |
| 27 | + * Suggested process (Rick): |
| 28 | + * Draft asset table in private repo |
| 29 | + * Host a series of short office hours and invite various subprojects, asset owners and managers to contribute |
| 30 | + * Define who should have 1Password accounts to help be a known resource, designees from the Security Subproject, designees from the SSC or EC? |
| 31 | + * Another world tour to share encourage participation? |
| 32 | +* Jupyter Security Community Meeting, **Oct 24-26** (10 minutes) |
| 33 | + * [2023 NSF Cybersecurity Summit CFP](https://www.trustedci.org/2023-cfp) is out |
| 34 | + * Email from Jim Marsteller: |
| 35 | + * The deadline for submitting proposals is **Friday June 16, 2023.** |
| 36 | + * We hope to have the Jupyter project participating at the summit this year. |
| 37 | + * I believe a full day of training was discussed earlier with a possible collaboration with Zeek on interoperability between the two projects. |
| 38 | + * I just sent a similar email to the Zeek folks to make them aware. |
| 39 | + * Possibly straightforward to get a day |
| 40 | + * Current schedule unclear (will it be Monday, Friday?) |
| 41 | + * Hoping for a not Monday or Friday |
| 42 | + * Proposal: |
| 43 | + * Security workshop proposal from Rick independently |
| 44 | + * For the summit itself or Jupyter workshop |
| 45 | + * Who'd be at the summit anyway to draw in Jupyter folks? |
| 46 | + * NSF encourages hybrid workshops |
| 47 | + * "Workshop and training organizers may choose to offer either in-person or a hybrid model to include attendees joining remotely via Zoom. Workshop/training organizers are encouraged to offer hybrid sessions to maximize participation. This includes running the Zoom (e.g., monitoring the chat, unmuting remote participants, etc.). " |
| 48 | + |
| 49 | +* ipython.org SPF vulnerability |
| 50 | + - name.com point to DNS on cloudflare. I modified ~all to -all waiting for DNS propagating. |
| 51 | + - DNS has propagated for me. |
| 52 | + |
| 53 | +* Other topics (10 minutes) |
| 54 | + * Draft a security FAQ based on recent emails? |
| 55 | + * Intigriti Bug Bounty: project descriptions need to be updated |
| 56 | + * Follow up with Charlotte |
0 commit comments