Attendees:

+ Lucas Gonze 



Agenda Item NotesOwnerActions / Next Steps
Updates on Release 1.9
  • #15164: td-agent version pinning
  • #15161 might take more time as the flows are generated during bazel (update from Devops team).
  • #15520: Cwag-CI taking huge disk-space
  • #15217: NMS yarn test (unit test) failing
  • #15222: Summarizing the current state of CI Issues.

Sikander-Wavelabs


Lucas reached out to yogesh, for C++ changes and new feature changes to look into security POV for 1.9, no longer blocked on CI/CD dashboard, next eng meeting need to review old prs and start cleaning up. 

  • sikander will update ticket with details
  • #15161 got addressed as part of #15214, #15219
  • Yogesh catch up with features group to pick release date: No discussion as the participation was very low.
  • Jordan → propose mid august for 1.9 release date, discuss when we have quorum of TSC members
  • Lucas - can we address ci/cd dashboard and not have wavelabs block.
  • Jordan - have technical meeting just for CI/CD dashboard issue that is blocking 1.9, yogesh please explain difficulties, 
    • Will use this weeks eng meeting for the above
  • Max - has not been a pr since 2nd may : Need to fix other CI issues (like CWAG, NMS)
  •  Another blocker for orchestrator got fixed : #15215
  • Jordan→ Ubuntu, need to plan upgrade, bring to features group
Bug Bounty Program
  • Hackerone agreement is signed!
  • Ben - discuss "pay for work" model 

  • Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

  • Som proposed windowing scheme
  • The Security WG discussed disclosure of security weakness in bounties for fixing them.


  • Hackerone customer service will be reaching out to onboard us.
  • Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.
  • Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)
  • Bounty amounts need to be defined
  • Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

  • Som to create a page in the LF wiki on the bounty program.

  • Need draft Quickstart for anyone who wants to recommend a bug bounty program (process & timeline) - Jordan will start doc, Ben add in budget info. Bounty Program Process
    [ NEED TO CLOSE THIS - TSC members please review/comment]
  • Ben - add paragraph on how payments will work
  • Folks will review and comment this week
Outreach Report
Som Sikdar 
  • Action items and next steps are captured in document
  •  Pick topics and date for next town hall
  • Bevy page is live. Can tweak description, presenters as needed.
  • Develop aggressive comms plan as part of town hall planning

Other:

  • eBPF 
General discussion on interest in eBPF project (migration from OVS)@Pravin Shelar
  • Shubham Tatvamasi , Suresh (Wavelabs), Som are interested
    @pbshelar@fb.com will start the document. Contact him over slack if you are interested in participating.
Branch protectionTo enable the CI dashboard fix to go into production ASAP, Max had to suspend branch protection rules in order to enable force merging. Let's discuss when and how to take this step in the future.
Lucas Gonze 
  • Jordan → we need to discuss in next meeting with Max and Lucas
  • Tapas → if branch protection not already turned back on... turn back on
  • Lucas → proposed process:
    • Process, TSC vote to enable Ben (ben has legal relationship with LF, known address etc) 
    • Seconded by Jordan (we need quorum to vote)
Review Latest Q&A In Github, Review Slack For Candidate Github Topics
Lucas Gonze 

Recording:

https://zoom.us/rec/share/C_o8IqsjR7c9-CmfKjBk1Ka3n-UCalDYceh-KFC253R15BDP_WdttdpN0vZ2NvBg.AGZHGjT_yZpY5a9H

  • No labels
Write a comment…