CTI TAC Meeting Notes 2024-02-28

From: Carlos O'Donell <carlos@redhat.com>
To: cti-tac@lists.linuxfoundation.org
Subject: CTI TAC Meeting Notes 2024-02-28
Date: Wed, 28 Feb 2024 11:42:01 -0500	[thread overview]
Message-ID: <ea82c272-9bdf-4685-bc72-9fa6da83e6be@redhat.com> (raw)

CTI TAC Meeting Notes 2024-02-28

Present:
 * Carlos O'Donell
 * Adrianne Marcum (OpenSSF)
 * Bennett Pursell (OpenSSF)
 * David Edelsohn
 * Ian Kelling (FSF)
 * Joseph Myers
 * Nick Clifton
 * Siddhesh Poyarekar    
    
Regrets:
    
Agenda:
 * Schedule going forward.
  * Feb 12-16 writing.
  * End of February setup the website.
  * 2024-02-28 - Emailed Konstantin about process to turn on the webiste.
  * By 2024-03-08 can we have the website up for Paul Egger to review?
    * Add item for yearly audit including FOSS audit.
    * Add item for security and service separation.
  * March - Review with LF IT and prepare a migration plan.
   * Schedule TAC and LF IT meeting.
  * March - Review migration plan with community.
  * March 19th - Next CTI presentation to OpensSSF TAC.
  * March 27th - Next CTI TAC meeting.
  * April - Schedule for migration.
  * May - OpenSSF GB meeting.
  * August 1st - glibc 2.40 release (possible migration blocker or the point at which we switch infrastructure)
 * CTI Website Review
  * make html to get Sphinx html output.
  * FAQ items to still add.
  * Service enumeration still to add.
  * Process to follow for commits to the website?
  * Carlos will merge patches to the list.
 * Carlos: Is thte TAC able to review content by March 8th?
 * Joseph: What we have on the website is good, but we need more FAQ items.
  * Carlos: I will add the more complex FAQ items around service separation.
 * Nick: No worries (can review content).
 * Requests from glibc steward Paul Eggert (UCLA Prof)
  * Paul is asking for a checking mechanism to ensure we are using FOSS for the services.
  * One solution is for service provider to show their code that they are using.
  * Carlos: Ian how do you comply with such a request?
  * Ian: I'll have to think about it. We mostly handle our own services.
  * Publishing the code and documentation is something to be thinking about.
  * Carlos: Sid any thoughts on how you handle a FOSS audit?
  * Siddhesh: Yeah, an annual enumeration of the services and the FOSS software providing them.
  * Nick: Do we have a policy for what we do if the services is provided by non-FOSS?
  * Sid: As the TAC we've committed to not providing any services with non-FOSS?
  * Nick: The FOSS audit should be public.
  * Carlos: As Sid noted we should have a page updated yearly for the audit.
  * David: What requirements do we have? Is that sufficient for Paul or not?
  * Sid: Alex's wish is to meet A regarding SaaS, but I don't think we need to meet.
 * Making the CTI website live.
  * Next steps need to hear back from LF IT.
 * Ian: RO repository available for the website.
  * Sid: Yes, because people might want to participate in the editorial process and send patches.
  * Carlos: I'll ask LF IT for that, but before I send the email I'll verify you can't do an anonysmous clone.

-- 
Cheers,
Carlos.