2022-07-07 Meeting notes
Date
Attendees
Name | Present |
---|---|
Y | |
Y | |
Y | |
Y | |
N | |
Y | |
Y | |
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
FOLIO-3500 | Is "apk upgrade" a workaround that should be removed from Dockerfiles, or is it best practice that should be mentioned on https://dev.folio.org/guides/best-practices-dockerfiles/ ?
| ||
EDGCOMMON-47. | Mitigations are known and until edge modules are fixed a message should be posted A backport to Kiwi is not needed because of easy to implement mitigation options:
Today: Announced in #sys-ops and https://ole-lists.openlibraryfoundation.org/sysops-sig/threads/2022/7/ | ||
mod-configuration - should it be deprecated or not? | mod-configuration has been discussed on the development channel recently. Developers like it because they can simply drop variables to the /configurations/entries API. Simply use the "configuration.*" permission shared by all modules and you are done. No need to add schema validation, no need to add dedicated permissions, no need to add a dedicated API.
Team decided we want to have this as a RFC. Target should be to have this implemented within Nolana. Could discuss in your meetings while the RFC process moves on.
Today:
| ||
Official security support policy on releases | Security team needs
Today:
| ||
5 min | edge-lti-courses | Team | edge-lti-courses has been unmaintained since July 2021. Open Jiras:
Last updates:
Today:
|
Kafka security | Team | The topic of Kafka security was raised as part of a conversation at the TC yesterday. The Security Team should be aware of this and probably should weigh in on the topic, or even generate proposals if we have ideas for how to solve the problem.
| |
* | Review the Kanban board. | Team |
|
Action items
- Julian Ladisch to update the docker best practices documentation on the FOLIO dev site