May 8, 2023 Meeting

• Action items and next steps are captured in document

• #15187: Integration failures. Analysis in progress.
• #15164: td-agent version pinning
• #15161 might take more time as the flows are generated during bazel (update from Devops team).

Introductory talk for community.cncf.io 4/27 at 6 PM PT.

Townhall for Thu, May 11, at 6:00 pm PT.

CNCF talk is on for Thu, May 11, at 6:00 pm PT.

Let's pick topics and a date for the next one  - Ben

• Raul- will publish bevy event and share link
• Jordan to discuss big picture
• Jordan to take over demo from Shubham
• Lucas to cover community building and security

• Hackerone setup in progress
• If you want to be subscribed to the bugbounty mailing list, please let ben know

• Lucas proposed "refactor reviewdog-workflow.yml for security" https://github.com/magma/security/issues/147

• Som proposed windowing scheme
• The Security WG discussed disclosure of security weakness in bounties for fixing them.

• Ben setting up account with hackerone (still waiting as of2023-5-04)
• Arrived on policy for disclosing security issues: ok to disclose if trivial, otherwise we will reserve bug bounties for trusted contributors.
• Refactoring reviewdog-workflow.yml approved. Lucas to move the issue from the security repo to the public repo. (https://github.com/magma/magma/issues/15192)
• Bounty amounts need to be defined
• Shubham to document two bounty proposals: upgrade Kubernetes; create CI job to scan Docker images for vulnerabilities using trivy

• Som to create a page in the LF wiki on the bounty program.

Very few responses to meeting poll in slack, let's pick a time in the TSC meeting.

• Suggest wed 8am PT recurring.
• Will need someone to drive discussion.

This has turned out to be a larger project than expected. Lucas to follow up.

Other:

• eBPF