May 15, 2023 Meeting

Owned by Ben Sternthal
Last updated: May 15, 2023
2 min read

Attendees:

 

Agenda:

Agenda Item

 Notes

Owner

Actions / Next Steps

Agenda Item

 Notes

Owner

Actions / Next Steps

Updates on Release 1.9

  • #15164: td-agent version pinning

  • #15161 might take more time as the flows are generated during bazel (update from Devops team).

@Yogesh Pandey 

 

Introductory talk for community.cncf.io 4/27 at 6 PM PT.

Townhall for Thu, May 11, at 6:00 pm PT.

CNCF talk was held on Thu, May 11, at 6:00 pm PT.

 

@Ben Sternthal & Raul 

  •  Let's pick topics and a date for the next one  - Ben

Bug Bounty Program

  • Hackerone setup in progress

  • If you want to be subscribed to the bugbounty mailing list, please let ben know

  • Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

  • Som proposed windowing scheme

  • The Security WG discussed disclosure of security weakness in bounties for fixing them.

 

  • Ben is working on signing hackerone documents

  • Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.

  • Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)

  • Bounty amounts need to be defined

  • Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

  • Som to create a page in the LF wiki on the bounty program.

PR Triage Time

Discussed in last TSC:

  • Consensus on the value of the meeting

  • Consensus on Wednesdays at 8 AM

  • First meeting 9 days from now, on May 18

  • Weekly at first (for two weeks) in order to clear the backlog, then switch to biweekly. 

 

 

@Ben Sternthal 

 

  •  Meeting scheduled, please add/remove folks from meeting as needed - Ben

Security Scorecard Followup

Review https://github.com/orgs/magma/projects/20/views/1 and discuss roadmap

  • How are things accepted

    • Mentor assigned to items 

@Lucas Gonze 

  • First, Will post to slack for a TSC vote of formal acceptance of adopting mechanism for accepting bounty.

  • Second, Will post to slack for a TSC vote of acceptance.

Other:

  • eBPF 

General discussion on interest in eBPF project (migration from OVS)

Pravin Shelar

  • @Shubham Tatvamasi , Suresh (Wavelabs), Som are interested


Github Discussions For Q&A

TSC decision on using Github Discussions for Q&A, please see document for background

@Ben Sternthal 

  • Ben will bring up via slack

Features-Group meeting frequency

Reducing the frequency of Features-Group meeting as the turnout is less. Plan is to make it once in 2 weeks.

@Yogesh Pandey 

  • ben will adjust.

Outreach Report

@Som Sikdar 

  • Action items and next steps are captured in document

Recording:

https://zoom.us/rec/share/Z7Y8F34I51Nh87U3tFTDtC48xy-WaVJy6FvHCn17yVWwrd8ueX_qEge5vJvwXmwH.T8jlt1rUWf3P8eVU