May 30, 2023 Meeting

• #15164: td-agent version pinning
• #15161 might take more time as the flows are generated during bazel (update from Devops team).

• Hackerone setup in progress
• If you want to be subscribed to the bugbounty mailing list, please let ben know

• Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

• Som proposed windowing scheme
• The Security WG discussed disclosure of security weakness in bounties for fixing them.

• hackerone in LF legal review
• Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.
• Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)
• Bounty amounts need to be defined
• Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

• Som to create a page in the LF wiki on the bounty program.

• Need draft Quickstart for anyone who wants to recommend a bug bounty program (process & timeline) - Jordan will start doc, Ben add in budget info.

• Action items and next steps are captured in document
•  Pick topics and date for next town hall
• Bevy page is live. Can tweak description, presenters as needed.

Other:

• eBPF 

• reframe as docusaurus