Skip to end of banner
Go to start of banner

2020-10-02 Meeting notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Date

Attendees

Discussion items

Review Kanban board ​

TimeItemWhoNotes

SNYK follow up

Julian Ladisch

Julian will explore the CLA and send the message to the #developer channel.



 Review Security IssuesTeam Review Kanban board

Safe harbor, policies

Mike Gorrell

Have sent Safe Harbor Statement/Acceptable Use Policy to Lawyer at Duke for review - after agreeing to review, they declined to comment due to possible conflict of interest (with Duke being a contributor, participant and user of FOLIO). What next?

Security Project/Jira cleanup

Mike Gorrell

1) No progress on this item

  • Can the Security Project be setup so that new issues automatically set the Security Level to FOLIO Security Group PLUS the Creator (who might have additional context/etc)? 
    • Confirmed how to get this done - need to coordinate changes to permissions scheme and security scheme for the Security project with JIRA admin (some dependencies with other settings/projects).
    • Try to completely next meeting

2) New Item:

https://issues.folio.org/secure/ShowConstantsHelp.jspa?decorator=popup#SecurityLevels lists these Jira security levels:


FOLIO has 3 Core Teams: Platform, Functional and Concorde, see FOLIO Developer Directory
@mdg Two security level descriptions are missing, can you add them?

In JIRA the security group "FOLIO Core Team" used the "External Developer" (which includes all developers in the project user group for its list of members. In other words, presently, there's only one list of developers that's actually being referenced in that security group - all developers in the project, even though it implies it's only "the Core Team".

Do we need/want to have separate groups for al 3 core teams as well as the  


List of Personal DataTeam

Per our slack discussion and the Reporting SIG's request for the maintenance of a list of Personal Data, we need to recommend next steps.

Reference Articles 30 and 32 of GDPR





  • No labels