Hi everybody,
The CLT met today as usual. We only had a few topics under discussion:
* the User + Dev relaunch went off well! We’d like reliable recordings and have found Jitsi to be somewhat glitchy; Laura will communicate about workarounds for that while we work on a longer-term solution (self-hosting Jitsi has a better reputation and is a possibility). We also discussed a GitHub repo for hosting presentation files, and organizing them on the website.

* CVE handling. As noted elsewhere on the mailing list, CVE-2023-43040 (a privilege escalation impacting RGW) was disclosed elsewhere, and we do not have coordinated releases for it. This was not deemed important enough on the security list for that effort, but we do want to be more prepared for it than we were — our CVE handling process has broken down a bit since some of the CVE work is now being handled by IBM instead of Red Hat. Tech leads and IBM employees will be working on refining that so we have better disclosures.
Also, if you were previously on the security mailing list and a did not see these emails, please reach out to the team — some subscribers were lost and not recovered in the lab disaster end of last year. (For obvious reasons this is a closed list — if you do not work for a Linux distribution or at a large deployer with established relationships in Ceph and security communities, it’s hard for us to put you there.)