2020-09-11 Meeting notes
Date
Attendees
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Review Open Actions | team | Secret Storage - Conveyed that the Auth refactoring is a higher priority than Secret Storage/Distributed Config... over to the Capacity Planning team for discussion next week. Uncertain when this will be able to be worked on due to competing priorities. SNYK - Note that it automatically creates PRs when you add repositories, Also - Julian added some Java modules and it seems like Github and SNYK aren't the same notifications - so might be useful to have both. Since we 'get it for free' we might as well use it. Make a statement to the Developers channel that the Security Group recommends to use this tool. Note that we have to have the SNYK Robot comply with the CLA (Contributor License Agreement) so that the PRs that it creates can be merged. Julian will explore the CLA and send the message to the #developer channel. | |
Review Security JIRA issues | Team | Review Kanban board - do we like this approach? We'll use the Kanban board. Discussion of how to keep track of the dependably and SNYK alerts and make sure they don't fall through he cracks. Homework - team reviews possibilities and makes suggestions at the next meeting. One thought - should we route mail to security@folio.org into JIRA? | |
House keeping issues | Security email setup - security@folio.org works! Have sent Safe Harbor Statement/Acceptable Use Policy to Lawyer for review Jira configuration actions:
| ||
Alisha | Where to give her credit? Let's create a list on the Security Wiki first to get going, and then raise the issue with others on how/where to list people more prominently. We will wait until the issue is resolved? No need to wait. |