Meeting Agenda for 16 Aug 2022 

Antitrust Disclaimer

Attendance 

Attendance is taken purely upon #info in Zoom Chat 

Meeting Notes

• Try to login to security.lfx.dev
• Add additional architectures to tested version file
• Move the tested version file to .github (see https://github.com/open-horizon/.github)
• Look into how to integrate with SBOM, see Issue 117
• Exchange Versioning needs to be discussed with Bruce and moved into the open.

Meeting Notes from 6/20

• Look into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
• Need to address security vulnerabilities.
  • Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
    • https://github.com/lf-edge/edge-home-orchestration-go/blob/master/.github/SECURITY.md
  • Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
    • Speak with Kendall who may have started to create this list via groups.io
  • Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
    • https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
• TESTING.md to address testing policy for new functionality (required unit tests, etc)

Open Action Items

• Build process discussion for OpenHorizon Artifacts. Need holistic view of process documented and issues created in order to make progress.
  
• Ben Courliss Investigate Anax changelog script - https://github.com/open-horizon/horizon-deb-packager/blob/master/Makefile#L56
• Ben Courliss Create some issues around implementing versioning and changelogs
  

Recording Link

Topic: Open Horizon DevOps WG biweekly meeting
Start Time: Aug 16, 2022 06:57 AM

Meeting Recording:
https://zoom.us/rec/share/q3dF2X4x8CRXxoUUNsGeP4Mf7BqCEQjwbpK4PFPiKBFAZQfLSTxZTBxLw51tNYKf.HsRjr4d-EiLJmgql