May 22, 2023 Meeting

Owned by Ben Sternthal
Last updated: May 22, 2023
2 min read

Attendees:

 

Agenda:

Agenda Item

 Notes

Owner

Actions / Next Steps

Agenda Item

 Notes

Owner

Actions / Next Steps

Github Discussions For Q&A

TSC decision on using Github Discussions for Q&A, please see document for background

@Ben Sternthal 

  • We need consensus if this is the right approach and if so, to start pushing folks to Github

  • Ben will add standing agenda item, github slack bot and welcome message

Updates on Release 1.9

  • #15164: td-agent version pinning

  • #15161 might take more time as the flows are generated during bazel (update from Devops team).

@Yogesh Pandey 

 

Bug Bounty Program

  • Hackerone setup in progress

  • If you want to be subscribed to the bugbounty mailing list, please let ben know

  • Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

  • Som proposed windowing scheme

  • The Security WG discussed disclosure of security weakness in bounties for fixing them.

 

  • hackerone in LF legal review

  • Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.

  • Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)

  • Bounty amounts need to be defined

  • Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

  • Som to create a page in the LF wiki on the bounty program.

  • Need draft Quickstart for anyone who wants to recommend a bug bounty program (process & timeline) - Jordan will start doc, Ben add in budget info.

Outreach Report

@Som Sikdar 

  • Action items and next steps are captured in document

  •  Pick topics and date for next town hall

Security Scorecard Followup

Review https://github.com/orgs/magma/projects/20/views/1 and discuss roadmap

  • How are things accepted

    • Mentor assigned to items 

@Lucas Gonze 

  • First, Will post to slack for a TSC vote of formal acceptance of adopting mechanism for accepting bounty.

  • Second, Will post to slack for a TSC vote of acceptance of security roadmap.

  • Ben will create github vote for acceptance

Other:

  • eBPF 

General discussion on interest in eBPF project (migration from OVS)

Pravin Shelar

  • @Shubham Tatvamasi , Suresh (Wavelabs), Som are interested


Community contribution: service conf script

Javier Aubert has created a script*
 for getting all services running. Let's discuss how to move it forward.

@Lucas Gonze 

  • reframe as docusaurus

Recording:

https://zoom.us/rec/play/o_YuQyOUwQXHTzKhrmecveeXpeljbQSW1n6IS1h03NepM2BOIOJXI-v4nqNYmYF_TD1Pb4XaeJBcTkjC.udFKSFPjM53zyGMp

 

LF Networking Press Release

https://www.linuxfoundation.org/press/linux-foundation-meta-launch-new-lf-connectivity-project-umbrella-to-improve-enhanced-access-to-networks