Table of Contents
...
Time | Item | Who | Notes from the Meeting | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
5 mins | Convene & Roll Call | Brian Ingenito (Deactivated) | |||||||||
5 mins | Improving visibility to current identified security vulnerabilities in programs, especially those that produce a lot of code (e.g., Plexus, Symphony, Hadouken) | Maurizio Pillitu and Group |
| ||||||||
5 mins | WhiteSource update | Requirements consolidated into
| |||||||||
5 mins | Enforce dependabot across all FINOS repos | Maurizio Pillitu | https://dependabot.com/ - objections? roll-out plan & expectations. Program Liaison can share this across all programs. Due date August 15, after mao hols. Address repos with high security vulnerabilities (ie Plexus). | ||||||||
5 mins | GitHub Consolidation update | Maurizio Pillitu Jamie Jones | Demo/walkthrough
| ||||||||
5 mins | Minutes taking in GitHub (Wiki) | Maurizio Pillitu Tom Schady |
| ||||||||
5 mins | Ongoing license validation | Maurizio Pillitu | Updates after chatting with FOSSA | ||||||||
5 mins | Retrospective on current sprint | Group | |||||||||
10 mins | Planning next Sprint | Group | |||||||||
10 mins | Backlog scrubbing | Group | See ongoing license validation item | ||||||||
5 | AOB & adjourn | Group |
...
- Maurizio Pillitu - work on ODP-90 to run metadata-tool locally for Tom Schady
- Update documentation and team settings in order - for each repo - to notify PMC GitHub team for each security alert
- Jamie Jones - confirm that github security checks is a sub-set of dependabot
- Maurizio Pillitu - fix travis CI builds for transferred repos - Didn't do anything, but https://travis-ci.org/finos/cla-bot seems to work as expected
- Jamie Jones and Maurizio Pillitu - socialise gihub consolidations docs - agenda topic at next PMC call (3rd week of august)
...