cti-tac.lists.linuxfoundation.org archive mirror
 help / color / mirror / Atom feed
* CTI TAC Meeting Notes 2024-04-24
@ 2024-04-24 15:49 Carlos O'Donell
  0 siblings, 0 replies; only message in thread
From: Carlos O'Donell @ 2024-04-24 15:49 UTC (permalink / raw)
  To: cti-tac

CTI TAC Meeting Notes 2024-04-24

Present:
 * Nick Clifton sends his regrets.
 * Carlos O'Donell
 * Konstantin Ryabitsev (LF IT)
 * Joseph Myers
 * David Edelsohn
 * Siddhesh Poyarekar
 * Bennett Pursell (OpenSSF)
     
Agenda:
 * Schedule going forward.
  * Done: 2024-03-28: Setup meeting with LF IT to start migration plan.
  * Done: 2024-04-04: April first week meeting with LF IT and draft plan.
   * In progress: LF IT put together statement of work.
  * In progress: 2024-04-08: Sharing early draft plan with the community.
 * Konstantin: Provided SOW to Carlos for early review.
 * The SOW is considered to contain confidential information.
 * Carlos: The migration plan, and a high level plan can be shared with the community that doesn't contain contractor confidential information.
 * Carlos: TAC needs to review the confidential SOW.
 * Next steps revised:
  * Review LF IT SOW with CTI TAC and finalize SOW.
   * Konstantin: Send email out with text?
   * Carlos: OK, I'll send the text out.
   * Konstantin: Scope of work can go to the public list?
   * Carlos: Yes, that works.
  * Early May 2024-05-03 - Share early draft plan with the glibc community.
  * Mid May 2024-05-17 - Agreed migration plan.
  * May - OpenSSF GC read out of the plan and SOW and costs.
  * August 15th - OpenSSF GB meeting
 * Outcome: Have a LF IT SOW that we the GB can approve.
  * August 1st - glibc 2.40 release (possible migration blocker or the point at which we switch infrastructure)
 * David: Do we have any concerns about xz-backdoor git hooks and the issues on sourceware?
  * Joseph: One of the specific things was systemd user sessions letting everything in the hook run synchronously. One thing we do get from the commit mails we get committer and author information. It is relevant to know the pusher and author. We are flexible to allow something to be done later. Certainly things like sending email doesn't need git server permissions.
  * Konstantin: Yes, you are specifically mentioning pre-commit, so it has to run on the git server.
  * Carlos: The only discussions I saw were about xz-backdoor issues in the containers and VMs that are part of the buildbots which are out of scope.
  * David: We should include the hooks functionality in the scope.
  * Carlos: Note the hooks https://github.com/AdaCore/git-hooks
  * Konstantin: Yes, gitolite already has much of this functionality. Like commit message formatting can be done distinctly as a hook. There are already some projects we've done that have commit requirements.
 * AI: LF IT to send public scope information for SOW to cti-tac list.
 * AI: CTI TAC to review by 2024-05-03 the SOW text to finalize.
 * Next CTI TAC meeting is May 29th.

-- 
Cheers,
Carlos.


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2024-04-24 15:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-24 15:49 CTI TAC Meeting Notes 2024-04-24 Carlos O'Donell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).