2020-10-02 Meeting notes
Date
Attendees
Discussion items
Review Kanban board
Time | Item | Who | Notes |
---|---|---|---|
SNYK follow up | Julian will explore the CLA and send the message to the #developer channel. CLA has been approved and message sent to channel. Need to look at which projects we want to set watches on. If it runs from the web site, currently some false-positive reports for Java projects (when run from Maven it works OK). Still looking into how we can make it work properly. Julian will look at it but not super high priority. | ||
Review Security Issues | Team | Review Kanban board | |
Safe harbor, policies | Have sent Safe Harbor Statement/Acceptable Use Policy to Lawyer at Duke for review - after agreeing to review, they declined to comment due to possible conflict of interest (with Duke being a contributor, participant and user of FOLIO). What next? - Mike Gorrell to reach out to OLF lawyer again for a quote. | ||
Security Project/Jira cleanup | 1) No progress on this item
2) New Item: https://folio-org.atlassian.net/secure/ShowConstantsHelp.jspa?decorator=popup#SecurityLevels lists these Jira security levels:
In JIRA the security group "FOLIO Core Team" used the "External Developer" (which includes all developers in the project user group for its list of members. In other words, presently, there's only one list of developers that's actually being referenced in that security group - all developers in the project, even though it implies it's only "the Core Team". Do we need/want to have separate groups for all 3 core teams as well as the - No - make the JIRA security group reflect reality. Mike Gorrellto do this. | ||
List of Personal Data | Team | Per our slack discussion and the Reporting SIG's request for the maintenance of a list of Personal Data, we need to recommend next steps. Reference Articles 30 and 32 of GDPR Recommend that the project maintain a list and include it as team's definition of done. Whenever a new field is introduced or a field is changed, Product Owners should consider whether it may be used to store Personal Data and the list should be maintained. | |