layout |
---|
page |
Meeting was on Saturday January 20th 2024, at 12:00 UTC.
- Attendees
- @sjn, @oalders, @stigtsp, @ingy, @timlegge
- Absent
- @petek, @ingy
- Regrets
- @karjala, @jjatria
- @sjn; Charter to be simplified
- @sjn; PackageURL ready to move forward to spec
- @stigtsp; Transparancy logs work ongoing
- @stigtsp; Vulnerability index work ongoing. Sepratate conversation with @garu wanted
- @sjn; CPAN year of Secure by Default: Text in progress
- @stigtsp; Other work: Securing Mojolicious
- @stigtsp; Other work: Looking for insecure dependencies on CPAN, with CVEs
- @tux: CVE-2023-7101: Thank you to the new maintianer of Spreadsheet::ParseExcel
- @timlegge: CVE-2024-22368 & CVE-2024-23525 - Spreadsheet::ParseXLSX has now a permanent new maintainer.
- @timlegge: Timeline blogpost upcoming; we'll post on security.metacpan.org
- @sjn; PR minutes; Voted yes, unanimously
- @sjn; Try meeting in 3 weeks as a test. Voted yes, unanimously
- @sjn; Meeting participation needs signed pre-release disclosure agreement; Voted no – embargoed info not to be discussed on these meetings.
- @ingy; Move meetings to Saturdays 15:00 UTC; Voted yes, unanimously
- FOSDEM; @sjn got suggestion of someone to speak with regarding SBOM/CPAN/Other ecosystems
- PTS, TBD
- Soverign Tech fund deadline, TBD
- Saturday Feb 10th, 15:00 UTC; meeting chair @oalders, secretary @sjn