This is a reminder of the OpenBMC Security Working Group meeting scheduled
for this Wednesday October 14 at 10:00am PDT.

We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
and anything else that comes up:

   1. (Joseph): Follow up from 2020-8-19: Gerrit code review: BMCWeb webUI
   login change: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35457
   Question: What are the security risks of using the proposed config flag
   BMCWEB_INSECURE_ENABLE_UNAUTHENTICATED_ASSETS=YES?
      1. Fingerprinting (leak information about the BMC’s manufacturer and
      version).
      2. Attackers have an easier time getting the code to find and exploit
      security bugs.
      3. May make DoS easier.
      4. More?
   2. (Joseph): Per
   https://lists.ozlabs.org/pipermail/openbmc/2020-October/023530.html do
   we agree on the approach?  What security categories seem most important?

Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group

Regards,
Parth