2020-10-16 Meeting notes

Date

16 Oct 2020

Item	Who	Notes
Fix names of FOLIO Security Levels	Mike Gorrell	https://folio-org.atlassian.net/secure/ShowConstantsHelp.jspa?decorator=popup#SecurityLevels lists these Jira security levels: FOLIO Core Team FOLIO Security Group: People that are part of the FOLIO Security Group: https://folio-org.atlassian.net/wiki/display/SEC/Security+Home Sys Ops and Core Team The FOLIO Core Team is a misnomer - it's actually all FOLIO developers. The list should be changed to reflect reality Done
SNYK follow up	Julian Ladisch	Julian explored the CLA (and received approval from Harry Kaplanian) and sent a message to the #developer channel. Need to look at which projects we want to set watches on. If it runs from the web site, currently some false-positive reports for Java projects (when run from Maven it works OK). Still looking into how we can make it work properly. Julian will look at it but not super high priority.
Review Security Issues	Team	Review Kanban board (no new issues that haven't been reviewed)
Safe harbor, policies	Mike Gorrell	Have sent Safe Harbor Statement/Acceptable Use Policy to Lawyer at Duke for review - after agreeing to review, they declined to comment due to possible conflict of interest (with Duke being a contributor, participant and user of FOLIO). Mike Gorrell to reach out to OLF lawyer again for a quote. Quote is for $450-$900. Asked for approval to move forward.