Skip to content

Latest commit

 

History

History
103 lines (76 loc) · 3.03 KB

cpansec-minutes-2024-07-18.md

File metadata and controls

103 lines (76 loc) · 3.03 KB
layout toc meeting_time title
page
true
July 18, 2024 17:00 UTC
Minutes 2024-07-18

Meeting time & place

Thu 2024-07-18 17:00 UTC @ #cpansec-discussion on matrix.org

Attendees

  1. @sjn
  2. @timlegge
  3. @Tux
  4. Stuart
  5. @leont

Regrets

  1. @stigtsp
  2. @book
  3. @garu

Absents

Topics

Introduction to Stuart

  1. What/Who are we
  2. What is out scope
  3. Working groups
  4. Work in progress

Use something else than Slack for meetings

  • Any issues continuing to use Element/[Matrix], which uses Jitsi.
  • This was the second meet on Element/[Matrix]/Jitsi, and it worked very well

CPANminus

No updates

CNA process is initiated with Mitre

  • @timlegge has written up an initial CNA disclosure but it needs more work - hopefully this week

TLS/HTTPS in core

  1. Options documented
  2. Currently only OpenSSL
  3. Should have more SSL back-ends
  4. licensing is a concern - may need someone familiar with licensing to discuss
  5. @sjn will reach out to some legal

German Sovereign Tech fund is open for applications

  1. A meeting occurred
  2. Spreadsheet setup as a WIP
  3. Olaf is looking at some things as well
  4. OpenSSF fund specific for internet infrastructure
  5. Level of funding and things to push it forward looking at a 500K ask
  6. Initial funding is an evaluation activity
  7. Stuart has drafted an application in the past for the Sovereign tech fund - needs to be specific to meeting their goals -
  8. About 2B$ available in Europe for open source
  9. CPAN admins are the worlds experts on this area
  10. @sjn needs some assistance on the importance of the tasks and the "boringness" of the items

Secure by Default

  1. No progress/updates

Eclipse ORC WG

  1. @sjn – Attended CRA Intro meeting. Will share video recording once it's published
  2. WG is focused on the impact of EU standards and processes on Open Source
  3. Currently Perl foundation is not a member

CycloneDX 1.7 Sustainability fields

  1. @sjn – No progress

CPAN Meta Requirements and PURLs

  1. @sjn – No progress

POSIX::2008 vulnerabilities

  1. No news

SBOM/Supply Chain

  1. @sjn – Added a simplified SC graph that includes a OSS Steward role. Worked also on simplifying and cleaning up errors
  2. Clean ups
  3. It needs some reading from the community - especially CPANSec
  4. Some role specific guidance would help as well as simplification of the documentation
  5. @garu also wants to work on modules to do SBOM
  6. @ovid's SBOM CycloneDX parser is still out there

Upcoming Events

Outreach is important and needs to continue

  1. PostgreSQL Lowlands 2024 NL - Fri 13 Sep 2024
  2. Open Source Summit Europe in Vienna, Austria - September 16-18 + 19-20 - Lots of people from OpenSSF + SBOM + Supply chain security communities
  3. London Perl Workshop - Saturday 26th October 2024 - possible talk opportunities

Other topics

Next meeting

  1. Aug 1, 2024 at 17:00 UTC, #cpansec-discussion on matrix.org