Skip to content

Latest commit

 

History

History
78 lines (57 loc) · 3.12 KB

cpansec-minutes-2024-06-19.md

File metadata and controls

78 lines (57 loc) · 3.12 KB
Raw
layout toc meeting_time title
page
true
June 19th, 2024 16:00 UTC
Minutes 2024-06-19

Minutes

2024-06-19 16:00 UTC @ TPRF Slack #cpan-security channel

Attendees

  1. @sjn
  2. @stigtsp
  3. @timlegge
  4. @book
  5. @leont

Regrets

  1. @Tux
  2. @garu

Not attending

CPANminus

  1. @stigtsp - hoping to get cpanm with https by default into the official perl docker images. There are pull requests for this in cpanminus . @garu is planning to do the PR for docker images.
  2. Cleanest way is a build

OpenSSF

  1. @sjn: Solicited feedback from OpenSSF's SBOM Everywhere SIG. A recording from the meeting is online.
  2. @sjn shared his documentation with the SIG. Will have a meeting with Josh Bressers so the document can be more useful for wider commumity - work continues

CNA process is initiated with Mitre

  1. @timlegge: Sent in another request via cve.mitre.org and then asked them for an update - copied mailing list.

TLS/HTTPS in core

  1. @leont has started writing something - not alot of time
  2. Needs to make a little more sense before sharing
  3. @book will reach out next week

German Sovereign Tech fund is open for applications

  1. @sjn: New criteria found here
  2. New policies for the picking
  3. Reduced the minimum amount to make the applications for - 50K instead of 150K
  4. Should we push TPRF to find projects to sponsor.
  5. TPRF may be able to assist in the money management

Secure by Default

  1. Create a list of modules/dists that should be considered for CPAN to be "Secure by Default". stigo to creat a list as a start

Eclipse ORC WG

  1. @sjn: WG is slowly starting. Links to WG resources added to the reading list page.
  2. @sjn: Planning on writing an "intro to CRA page" based on his PTS talk
  3. Goal to ensure the right questions are asked
  4. Reach out if you have time and are interested in helping

CycloneDX 1.7 Sustainability fields

  1. @sjn: Work expected to begin in June. @sjn intends to be active there.
  2. Opensource project sustainability fields to show that a project needs help for its future (help or funding, etc.)
  3. Check out and comment on the issue if you are interested

POSIX::2008 vulnerabilities

  1. May need to register some CVE's for two new vulns that was added to CPAN::Audit
  2. Need to start up the CVE request for old vulnerabilities again

Upcoming Events

  1. Open Source event in Vienna in September?
  2. London Perl Workshop - October? - possible talk opportunities

CPAN Meta Requirments and PURLs

  1. What is the point of PURLs? - @sjn has started putting together a blog post on the why.

Next meeting

  1. July 03, 2024 1700 UTC