Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added links to all documents

...

TimeItemWhoNotes
5WelcomeIngolf
  • Welcome; Find a Note Taker
25Security AuditStephen Pampell

Update on Security Audit + discussion

Recap: selected NCC to do security audit of Edelweiss release. Audit conducted in February. Probed primarily Okapi and Authentication. Several issues found, but nothing critical or demanding instant attention. 

JIRA: 

Jira Legacy
serverSystem JiraJIRA
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyFOLIO-2524
 (Umbrella issue)

Running notes: FOLIO Weekly Updates -- Q2 2020

A number of issues are targeted for Goldenrod release.

Security team is being pulled together as subgroup of TC, will begin meeting May 8, a week from today. Main function is to triage any incoming security issues, determine severity and work with rest of community to take action as appropriate.

25Release ManagementMike Gorell

Update on Release Management + discussion

TC had meeting at WOLFcon, have followup.Sides: Tech Council -- Recommendation for Release Numbering 

Basic idea: There will be a LTS (long-term support release) train and a quarterly release train. At the beginning of the LTS, these are the same. Quarterly train continues on quarterly cadence. P1 (Priority 1) functional issues will trigger maintenance releases, first to be fixed in quarterly release and then maintenance release for LTS. P2 and lower functional issues will be fixed in quarterly releases, not trigger a maintenance releases. LTS will not get new functionality during its lifetime.

For security issues, P1 and P2 will trigger maintenance release for current LTS, P1 will also be back-ported to previous LTS only.

SysOps comfortable with the functional and security maintenance release concepts.

Some suggestions about numbering conventions, captured in slides.

5Topics for next meeting
Hotfix release

Fröhlichen 1. Mai !
Happy holiday!

...