MEETINGS_TC_2025.md

tags: Technical Committee

Technical Committee Meetings 2025

Quick links

• Logistics
• Agenda and Notes
  • 2025-02-06 Meeting
  • 2025-01-23 Meeting
  • 2025-01-09 Meeting

Logistics

• When: 13:00–14:00 CET, every even week on Thursdays
• Where: Microsoft Teams Meeting
• Meeting Agenda and Minutes: https://hackmd.io/sL9z7MGwSCOGSCXeY27mFg
• Community Repo: https://github.com/eiffel-community/community

Agenda and Notes

Please do not update the meeting agenda and notes directly on GitHub and instead use the document on HackMD.io in order to prevent notes getting out of sync.

Next

• Should we evaluate Eiffel against the OpenSSF Security Scorecard and/or the OpenSSF Best Practices?
• Should we enable Code scanning for all repos. See https://github.com/eiffel-community/eiffel-remrem-publish/security/code-scanning for an example.
  • Set via https://github.com/eiffel-community/eiffel-remrem-publish/settings/security_analysis
  • Workflow example: https://github.com/eiffel-community/eiffel-remrem-publish/blob/master/.github/workflows/codeql.yml
  • We need to understand how code scanning works before we enable it globally. Do we need a workflow similar to the codeql.yml above for things to work or is it enough to just click Enable in the repo (or global) settings?
    • (2024-02-21): You can set it up globaly - https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#eligible-repositories-for-codeql-default-setup
  • When/if decided: Enable all code scanning, Dependabot, secret scanning etc globally from the organization and send email to the mailing list about this change.
• OpenPubkey for public key distribution
• How do we document the process for adding external repos to the community?
  • What responsiblities does the Community /TC have for external repos?
  • Should the TC enforce maintainer rules on external repos?
• Should we take another look at eventcatalog, see also example
  • Was previously raised on TC 2023-01-26
• Gap analysis - CDEvents vs Eiffel. To help CDEvents reach 1.0 we should provide our input on the gap
• Community meeting Feb 27

February 6, 2025

Participants

• TC Attendees
  • Emil Bäckmark, present
  • Magnus Bäck, present
  • Mattias Linnér, present
• Other Attendees
  • Fredrik Fristedt

Agenda and Notes

• Rollcall (All)
  • We have quorum.
• Agenda Bashing (All)
• Elections
  • Fredrik's election plan was reviewed.
  • Action Magnus: Attempt to locate any previous script for extracting maintainers from GitHub and, if located, send to Fredrik.
• Action Item Review (All)
  • Follow up the TC GitHub project board
  • Follow up the Eiffel protocol project board
• Updates from OpenTelemetry CI/CD WG (Magnus)
  • PR for adding CI/CD metrics the semantic conventions merged: open-telemetry/semantic-conventions#1681
• PRs and issues

Action Items

• Magnus: Ask the security officers to try out the private vulnerability reporting feature.
• All: Evaluate key repositories according to the OpenSSF criteria.
• ?: Read up on static code analysis (see item in Next) and bring info to TC
• Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all.
• Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events.
• Mattias: Check in with Erik Sternersson.
  • 2025-01-09: Waiting for a response from Sabina.
• Mattias: Create issue(s) for security vulnerabilities.
• Magnus: Review GOVERNANCE.md to see if there are any plot holes when the number of people willing to be in the TC is very small.
• Magnus: Attempt to locate any previous script for extracting maintainers from GitHub and, if located, send to Fredrik.

January 23, 2025

Participants

• TC Attendees
  • Emil Bäckmark, present
  • Magnus Bäck, present
  • Mattias Linnér, present

Agenda and Notes

• Rollcall (All)
  • We have quorum.
• Agenda Bashing (All)
  • Approved.
• Action Item Review (All)
  • Follow up the TC GitHub project board
  • Follow up the Eiffel protocol project board
• Updates from OpenTelemetry CI/CD WG (Magnus)
• Election officer appointment
  • Fredrik Fristedt was appointed as election officer for a term starting February 1, 2025, and ending January 31, 2026.
  • Invite Fredrik to the next TC meeting (February 6) and ask him to prepare a schedule for the election process.
• For https://github.com/eiffel-community/eiffel/community (Community Standards) - should we enable "Repository admins accept content reports"?
  • Yes, enabled for the protocol repo and community repo. See the documentation for what it means.
• GitHub package access
  • For some reason the organization had disallowed making GitHub packages public. This has been opened up via the organization settings. It's unclear when that setting was introduced or changed. At some point it was possible to pull Docker images without authentication.
• PRs and issues

Action Items

• Magnus: Ask the security officers to try out the private vulnerability reporting feature.
• All: Evaluate key repositories according to the OpenSSF criteria.
• ?: Read up on static code analysis (see item in Next) and bring info to TC
• Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all.
• Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events.
• Mattias: Check in with Erik Sternersson.
  • 2025-01-09: Waiting for a response from Sabina.
• Mattias: Create issue(s) for security vulnerabilities.
• Magnus: Review GOVERNANCE.md to see if there are any plot holes when the number of people willing to be in the TC is very small.
• Mattias: Ask the Volvo folks if any of them are willing to sit in the TC.
• Mattias: Ask Fatih about election officer appointment.
• Magnus: Ask Fredrik about election officer appointment.

January 9, 2025

Participants

• TC Attendees
  • Emil Bäckmark, present
  • Magnus Bäck, present
  • Mattias Linnér, present

Agenda and Notes

• Rollcall (All)
  • We have quorum.
• Agenda Bashing (All)
  • Approved.
• Action Item Review (All)
  • Follow up the TC GitHub project board
  • Follow up the Eiffel protocol project board
• Updates from OpenTelemetry CI/CD WG (Magnus)
• Election officer appointment
  • We ask Fatih and Fredrik if they'd like to be appointed for another term.
• Security officer question regarding vulnerabilities
  • Matter resolved in mid-December email thread.
• Community meeting Jan 30
  • Mattias will check with Johan at Volvo if he's willing to share their use of Neo4j. As a backup we can talk about SBOMs and build attestations, or follow up any of the topics from the December meeting.
• PRs and issues

Action Items

• Magnus: Ask the security officers to try out the private vulnerability reporting feature.
• All: Evaluate key repositories according to the OpenSSF criteria.
• ?: Read up on static code analysis (see item in Next) and bring info to TC
• Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all.
• Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events.
• Mattias: Check in with Erik Sternersson.
  • 2025-01-09: Waiting for a response from Sabina.
• Mattias: Create issue(s) for security vulnerabilities.
• Magnus: Review GOVERNANCE.md to see if there are any plot holes when the number of people willing to be in the TC is very small.
• Mattias: Ask the Volvo folks if any of them are willing to sit in the TC.
• Mattias: Ask Fatih about election officer appointment.
• Magnus: Ask Fredrik about election officer appointment.