Meeting Agenda for 16 Aug
Antitrust Disclaimer
Attendance
Attendance is taken purely upon #info in Zoom Chat
| Attendee | Company/Org |
|---|---|
| IBM | |
Agenda Items | Presented By | Presos/Notes/Links/ | |||
|---|---|---|---|---|---|
Welcome | |||||
| Review previous meeting notes Issue 126 and Issue 127 | |||||
| Review Issue 103 | https://github.com/open-horizon/examples/releases/download/v2.30.0-947/openhorizon-tested-versions.txt | Discuss versioning for Exchange APInew security vulnerability scanning | Ben Courliss | ||
| Q/A and Wrap up | Anyone |
Meeting Notes
...
- Should we create Github Issues for Mend-scan reported vulnerabilities?
- Good discussion on recording.
Open Action Items
- Build process discussion for OpenHorizon Artifacts. Need holistic view of process documented and issues created in order to make progress.
- Ben Courliss Investigate Anax changelog script - https://github.com/open-horizon/horizon
...
Meeting Notes from 6/20
...
- -deb-packager/blob/master/Makefile#L56
- Ben Courliss Create some issues around implementing VERSIONING and CHANGELOGS
- Ben Courliss Create issues for release notesLook into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
...
- Define plan on how to address security vulnerabilities.
- Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
- Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
- Speak with Kendall who may have started to create this list via groups.io
- Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
- TESTING.md to address testing policy for new functionality (required unit tests, etc)
...
Open Action Items
- Build process discussion for OpenHorizon Artifacts. Need holistic view of process documented and issues created in order to make progress.
- Ben Courliss Investigate Anax changelog script - https://github.com/open-horizon/horizon-deb-packager/blob/master/Makefile#L56 Ben Courliss Create some issues around implementing versioning and changelogs
Recording Link
...
Topic: Open Horizon DevOps WG biweekly meeting
Start Time: Aug 16, 2022 06:57 AM
...