Versions Compared

Old Version 8

changes.mady.by.user Maurizio Pillitu

Saved on

compared with

New Version 9

changes.mady.by.user Maurizio Pillitu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Time ItemWhoNotes from the Meeting
5 minsConvene & Roll CallBrian Ingenito (Deactivated)
15 minsWhiteSource integration for GitHub.comMaurizio Pillitu
  • Demo: Walk through cla-bot
    • how was it enabled
    • how was it configured (high level of config options)
    • how was it tested (see issue being raised)
  • Improvements from other bots (ie dependabot)
    • Configuration via PR gives project team visibility of whats going on
    • devDependencies excluded by default, leading to less noise
    • WhiteSource dashboard gives a super admin view to FINOS Staff across all repos
  • Show draft docs - [RFC] WhiteSource for GitHub.com
  • Discuss about responsible disclosure and how to manage notifications (see 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyINT-745
    )
  • Ask WhiteSource about issue 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-94
15 minsFOSSA SpikeMaurizio Pillitu
  • Working demo of a project scan with FOSSA (see
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-10
  • Next steps (see 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-10
    )
5 minsRetrospective on current sprintGroup
  • GitHub org consolidation
    • All repos under github.com/finos
    • All security alerts are addressed by team
    • Inactive repositories are reported to PMC for archival
    • Project READMEs use FINOS badges and language, especially around CLA

Next steps: mao and Jamie to share docs in FINOS Handbook and socialize (at PMC level first, then wider community)

10 minsPlanning next SprintGroup
10 minsBacklog scrubbingGroup
5AOB & adjourn

Group

Getting better at email reminders for ODP calls: should be sent at least 2 days before the meeting. Anyone volunteers? If using Confluence for minutes is an impediment, let's switch to GitHub Wiki from now on, and only for meeting minutes.

...

  •  GitHub consolidation docs on handbook - 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyINT-748
  •  Address WhiteSource devDependency issue - 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-94
  •  Responsible disclosure for WhiteSource CVEs - 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-96
  •  GitHub Actions spike for license scanning - 
    Jira Legacy
    serverSystem JIRA
    serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
    keyODP-10
     (see https://github.com/finos/odp-test/blob/master/.github/workflows/fossa-cli.yml)