May 22, 2023 Meeting

• We need consensus if this is the right approach and if so, to start pushing folks to Github
• Ben will add standing agenda item, github slack bot and welcome message

• #15164: td-agent version pinning
• #15161 might take more time as the flows are generated during bazel (update from Devops team).

• Hackerone setup in progress
• If you want to be subscribed to the bugbounty mailing list, please let ben know

• Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

• Som proposed windowing scheme
• The Security WG discussed disclosure of security weakness in bounties for fixing them.

• hackerone in LF legal review
• Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.
• Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)
• Bounty amounts need to be defined
• Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

• Som to create a page in the LF wiki on the bounty program.

• Need draft Quickstart for anyone who wants to recommend a bug bounty program (process & timeline) - Jordan will start doc, Ben add in budget info.

• Action items and next steps are captured in document
•  Pick topics and date for next town hall

Review https://github.com/orgs/magma/projects/20/views/1 and discuss roadmap

• How are things accepted
  • Mentor assigned to items 

• First, Will post to slack for a TSC vote of formal acceptance of adopting mechanism for accepting bounty.
• Second, Will post to slack for a TSC vote of acceptance of security roadmap.
• Ben will create github vote for acceptance

Other:

• eBPF 

• reframe as docusaurus