cti-tac.lists.linuxfoundation.org archive mirror
 help / color / mirror / Atom feed
* CTI TAC Meeting Notes 2023-08-30
@ 2023-08-30 15:51 Carlos O'Donell
  0 siblings, 0 replies; only message in thread
From: Carlos O'Donell @ 2023-08-30 15:51 UTC (permalink / raw)
  To: cti-tac

CTI TAC Meeting Notes 2023-08-30

Present TAC members:
    * Carlos O'Donell
    * David Edelsohn
    * Joseph Myers
    * Jose E. Marchesi
    * Bennett Pursell (OpenSSF)
    * Ian Kelling (FSF)
    * Siddhesh Poyarekar
    * Adrianne Marcum (OpenSSF)
    
Agenda:
    * Carlos: Seeking consensus among the glibc GNU Maintainers/Stewards for use of CTI services.
      * Carlos: I asked for decision to be made by the end of the month.
      * Carlos: Siddhesh, On the feedback do you think there was anything we needed to act on?
      * Siddhesh: Feedback about the usage of bunsen, buildbot, and snapshot.
      * Carlos: We haven't had direct feedback from developers regarding these services.
      * Siddhesh: Doesn't need to be part of the services.
      * David: Doesn't need to be part of the initial scope.
      * Joseph: Some of the services do not need to be migrated. Some do.
      * Joseph: Things like buildbot don't need to be considered first.
      * Joseph: We do need a more detailed plan of the migration.
    * David: We as the TAC should create an MVSR for the OpenSSF TAC
      * Mision Vision Strategy Roadmap - MVSR
      * OpenSSF MVSR https://docs.google.com/document/d/1p6hOlE4eH1xvQ9pP7swCH2tmIJJ-6G3vnYI8MDzSCQk/edit#heading=h.h9d3nj3ybue3
      * In general we can take a strategy approach.
      * David: OpenSSF and associated projects have been asked to produce an MVSR.
      * Help share and socialize the project and what it does.
    * Bennett: Going to meet with Konstantin (LF IT) this week to discuss timelines.
    * Siddhesh: Started the CVE CNA conversation.
     * Vet security issues coming in, and with that going through we'll probably need some infra.
     * Need a mailing list, and a place to put advisories.
     * This will require CTI services.
    * Jose: Would be great to have Siddhesh talk at Cauldron on this, it's a serious issue.
     * Siddesh: I'll talk at Cauldron, but more importantly setting policy SECURITY.md for projects.

Next steps:
     * AI: Carlos to review MVSR questions and send draft by 2023-09-01 to cti-tac list for review.
     * AI: Carlos is following up with glibc project leadership to decide on CTI services.

-- 
Cheers,
Carlos.


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2023-08-30 15:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-30 15:51 CTI TAC Meeting Notes 2023-08-30 Carlos O'Donell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).