From: Carlos O'Donell <carlos@redhat.com>
To: cti-tac@lists.linuxfoundation.org
Subject: CTI TAC Meeting Notes 2024-04-24
Date: Wed, 24 Apr 2024 11:49:43 -0400 [thread overview]
Message-ID: <4dc7d706-f6fc-4494-b24c-b1a38fc98810@redhat.com> (raw)
CTI TAC Meeting Notes 2024-04-24
Present:
* Nick Clifton sends his regrets.
* Carlos O'Donell
* Konstantin Ryabitsev (LF IT)
* Joseph Myers
* David Edelsohn
* Siddhesh Poyarekar
* Bennett Pursell (OpenSSF)
Agenda:
* Schedule going forward.
* Done: 2024-03-28: Setup meeting with LF IT to start migration plan.
* Done: 2024-04-04: April first week meeting with LF IT and draft plan.
* In progress: LF IT put together statement of work.
* In progress: 2024-04-08: Sharing early draft plan with the community.
* Konstantin: Provided SOW to Carlos for early review.
* The SOW is considered to contain confidential information.
* Carlos: The migration plan, and a high level plan can be shared with the community that doesn't contain contractor confidential information.
* Carlos: TAC needs to review the confidential SOW.
* Next steps revised:
* Review LF IT SOW with CTI TAC and finalize SOW.
* Konstantin: Send email out with text?
* Carlos: OK, I'll send the text out.
* Konstantin: Scope of work can go to the public list?
* Carlos: Yes, that works.
* Early May 2024-05-03 - Share early draft plan with the glibc community.
* Mid May 2024-05-17 - Agreed migration plan.
* May - OpenSSF GC read out of the plan and SOW and costs.
* August 15th - OpenSSF GB meeting
* Outcome: Have a LF IT SOW that we the GB can approve.
* August 1st - glibc 2.40 release (possible migration blocker or the point at which we switch infrastructure)
* David: Do we have any concerns about xz-backdoor git hooks and the issues on sourceware?
* Joseph: One of the specific things was systemd user sessions letting everything in the hook run synchronously. One thing we do get from the commit mails we get committer and author information. It is relevant to know the pusher and author. We are flexible to allow something to be done later. Certainly things like sending email doesn't need git server permissions.
* Konstantin: Yes, you are specifically mentioning pre-commit, so it has to run on the git server.
* Carlos: The only discussions I saw were about xz-backdoor issues in the containers and VMs that are part of the buildbots which are out of scope.
* David: We should include the hooks functionality in the scope.
* Carlos: Note the hooks https://github.com/AdaCore/git-hooks
* Konstantin: Yes, gitolite already has much of this functionality. Like commit message formatting can be done distinctly as a hook. There are already some projects we've done that have commit requirements.
* AI: LF IT to send public scope information for SOW to cti-tac list.
* AI: CTI TAC to review by 2024-05-03 the SOW text to finalize.
* Next CTI TAC meeting is May 29th.
--
Cheers,
Carlos.
reply other threads:[~2024-04-24 15:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4dc7d706-f6fc-4494-b24c-b1a38fc98810@redhat.com \
--to=carlos@redhat.com \
--cc=cti-tac@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).